I am trying to build a guest vlan on my UDM Pro where my internal vlan is the WAN for a pfsense device looped back via it’s LAN port to the same physical UDM Pro switch infrastructure without getting STP too excited:
Am I crazy to expect this to work? I have tried once and it shut down the switch. What am I doing wrong?
I’m trying to understand your setup. If you already have the UDM pro as a firewall, why are you also trying to add pfsense in the mix?
To solve your problem you might need to create another VLAN on your UniFi switch for your guest network from your pfsense. Make sure it is an access port for your new VLAN ID.
What is happening is that pfsense is using VLAN1 and your pfsense LAN is also using VLAN1 even though they might be using different ip ranges.
This is a lab setup for testing firewall rules on the pfsense.
There are two vlans and the pfsense is on its own vlan and serves as its gateway and DHCP server. Maybe there is something I need to tell the pfsense LAN port about the vlan to which it is connecting?
In the example above, notice how I have the VLAN200 for the LAN side of pfSense. This is what you should do, but if you create extra VLAN’s on pfsense and want those VLAN’s to work on your switch then you MUST not create overlapping VLAN’s as this will cause a conflict because then you are sending tagged VLAN’s that are already configured from UDM pro.
In this way the switch doesn’t care what VLAN ID on the LAN side of pfsense is because you have an untagged VLAN of 200. Which you can then assign to other ports on your switch to allow access to your pfsense. But again, if you create another VLAN from pfsense and want to then pass that VLAN to your switch then it will be a tagged VLAN.
Hopefully that makes sense. 
It’s marinating. Thanks.
I do have it working now with the same vlan id on both the pfsense interfaces and the udm pro.
