How to connect WAP to pfSense?

I have a 6-port device for pfSense arriving at home shortly and will be configuring my network similar to below. I want to set up two SSIDs on my Unifi UAP-AC-PRO WAP, one for OFFICE device access and one for home LAN.

How should this be set up? Can I plug it into port 5 and configure it to be on LAN and OFFICE networks with VLANs somehow? I don’t want to buy a second WAP for OFFICE use if I don’t need to.

Have a look at How To Setup VLANs With pfsense & UniFI 2022 - YouTube

How To Setup VLANS With pfsense & UniFI. Also how to build for firewall rules for VLANS in pfsense - YouTube

1 Like

Personally I find only using vLANs gives me the most options. PfSense connects to a main switch over a LAGG, I leave the LAN on pfSense in case I need to plug into it in an emergency, everything else goes into the main switch. The AP is on a trunk port which has vlans aligned to SSiDs.

Perhaps if you have a PoE switch and PoE AP, you can get rid of the power cable. Doubt your pfSense box is poe. You can plug it into the pfSense and configure that as if it was just another interface.

P.S. you probably want to add a GUEST vlan that’s available via the AP.

1 Like

Thanks guys, but those videos assume the WAP will be plugged into a switch. I want to plug it directly into pfSense port 5, or should I plug it into one of the switches? If a switch, which one LAN or OFFICE?

Bear in mind that the LAN, OFFICE and SERVER networks are separate physical buildings. pfSense and the LAN switch are in the same building as LAN. The second switch is in the OFFICE building, and there is no switch for the SERVER (plugged directly in) as shown on diagram in OP.

I’m modelling this in a 6-port VM to get up to speed for when my new 6-port router arrives.

Interface assignments before creating any VLANs.

So I created two VLANs, one for LAN network and one for OFFICE network and made the parent port 5 (hn4)

What do I do now? Do I bridge those to the existing networks? Very confused!!

I don’t do this, but, it must be that if you plug in your AP directly into pfSense it is just another network, so you configure say, WIFI for wireless access.

What I don’t know is whether the AP software or pfSense, can then segment the wifi network for say a GUEST access without seeing the other traffic. Perhaps you just want WIFI access and configure the rules to do what you want.

Definitely think sticking everything onto vLANS, the AP on a Trunk port with separate SSiDs is the easiest thing, then just use the AP software to manage the wifi instead of pfSense.

1 Like

I think I might have figured it out. If I create HOME_WIFI and OFFICE_WIFI VLANs and put them on Port 5 on pfSense and plug in the Unifi WAP there, should solve the issue? I will try it out next week when hardware arrives.

1 Like

This is all working great now with a couple of minor changes.

  • I am using OPNsense rather than pfSense+ (because I’m not using netgate appliance anymore)
  • The HOME_WIFI interface is not on a VLAN
  • The OFFICE_WIFI interface is on a a VLAN on the HOME_WIFI physical interface

I think my setup is massive overkill, but it’s working great lol.