Hello, I just got a new SG-1100 and UniFi AP-LR (WAP) and am trying to set up everything in pfsense and the UniFi controller but can’t seem to get it to work. Specifically, I can’t get the WAP to show up in the controller software when connected to the OPT port. The WAP is powered PoE through the power brick that came with it. I’ve created the interfaces, tagged the switch ports, set appropriate DHCP ranges and firewall rules, all according to your videos. These 4 videos in particular are most relevant to my use case:
How To Setup VLANS With pfsense & UniFI. Also how to build for firewall rules for VLANS in pfsese
How to Have One UniFi AP-AC-LR & Two WiFi Networks with pfsense, VLANS, & No Managed Switch.
Access Points and Creating WiFi VLANs Explained Using UniFi Wireless
SG-1100 VLAN Switch Configuration
I’d like to have all WIFI traffic separate from LAN traffic, and the IOT traffic separate from all the Trusted WIFI traffic. My existing setup looks like this:
And what I’d like to have is something close to this:
Or something better, I’m open to suggestions.
I can’t take the network down completely until the new one is fully configured, so I have the SG-1100 WAN going to my NetGear LAN while I slowly migrate devices over to the new 192.168.3 network (LAN port of SG-1100).
Again, the WAP won’t show up in the controller software when connected to the OPT port.
The WAP glows blue for 4 seconds and then off for about a second and then repeats.
I must be doing something wrong with the OPT port, but can’t figure what.
Any Ideas?
Good question. How can I ping the controller (which is installed on a laptop connected to 192.168.3.100 LAN) from the AP? Wouldn’t I have to log into the AP to do that? I don’t even think the AP has an IP address. At least none that I can see from the list of DHCP Leases in pfsense.
The AP needs an IP address so it if does not have one then it must not be seeing the DHCP server. You can also SSH into the AP, test if it can ping the UniFi controller and adopt it from the command line.
Ok, I disconnected the AP from the SG-1100 OPT port and plugged it directly into the NetGear switch. The AP now has IP 192.168.3.108, which is expected, and I can see it in the controller. I can see the Advanced Adopt menu when I click on the AP. Does adoption matter that I am on the .3. network and not on the .20. network? Remember, the end goal is to have all wifi traffic (trusted and IOT) passing through the OPT port.
Ok, I adopted the AP, it provisioned itself and now it says “connected” in green. But now when I disconnect the AP from the Netgear switch and plug it back into OPT port on SG-1100, it isn’t showing up anywhere in pfsense.
The controller is on the same vlan as the AP at first. But after I create the WIFI and IOT vlans I then switch the AP to port OPT, at which point I can no longer access the AP. Does this mean I also need to install the controller on the WIFI vlan as well as the IOT vlan if I want to access the controller?
Make sure the ap has routing to reach the controller. What I am asking is can you ping the ap from the controller when the ap is on the opt port? This is the first question to be answered.
Once the answer is yes then the general routing should be good you need to then make sure all your vlans are assigned the way you want and carryover properly to the ap.
Thank you for your comments. I tried to implement your suggestions above but no joy. Trying to get a Netgate router, a NetGEAR switch, and a UniFi AP to play nicely with each other is probably straight forward if you understand the fundamentals, but I just couldn’t get it to work.
So last week I ordered a UniFi Switch 16 PoE Gen 2 to replace my current Netgear switch. It came in today, I hooked it up and was able to configure everything the way I wanted in one evening. Setting up the vlans was SOOOO MUCH EASIER and things make a lot more sense now.
To be fair, I am only using the LAN port on the SG-1100. Configuring the OPT port as I had originally intended is a project for next week. Should be pretty straight forward.
