Pfsense and Ubiquiti

I have 3 ssids, office, guest vlan 50 and student vlan 3.
The pvid for port 1 is set to 1, as per the pvid setting. Ports 2-4 have a pvid of 3 and ports 5-8 a pvid of 50. Ports 1 and 9-16 are not tagged and have a pvid of 1.

And need all 4 of the APs to push office, student and guest

We get what you want for your end result. You have to configure your switch properly in order for this to work and everything else as of right now looks right on pfsense and the controller.

So let’s just work with 1 AP for now.

You need to set port 2 to have the following
VLAN 1 untagged
VLAN 3 tagged
Vlan 50 tagged

Then plug the AP into port 2

Based on pvid settings it could be 3, 50 or 1

That looks right. Now when you plug in your AP into port 2 are you able to connect to any of the SSID’s?

I have access to all three ssids, only have internet access on Office Wifi, vlan 3 and 50 connects but there is no internet access. Can’t seem to get a .3 or .50 address.

My fault. I think you have to have the “tagged port” section on vlan 3 and 50 to have 1 and 2.

So this is what i have done


Same result though, only internet connection on office

Are you getting IP address from DHCP on the other SSID’s?

was able to get an ip address from Student, but none from guest. Office still works. DHCP yes.

Ok now we are getting somewhere. What does your rules look like for the student vlan under firewall—>rules—>student_vlan

I get a .50 address from Guest, but no access to the internet. Got a .3 from student and access to the internet. Yes finally getting somewhere :grinning:

This is the guest

Ok for guest rules you need to set a “any any” rule at the bottom and then set block rules from reaching other networks something like this

right now your guest network isn’t allowed to route out the internet.
Rules work from top to bottom so set your block rules on top of the allow rules.

I seem to have lost one of my ssids

But can now get out to the internet on the guest, student ssid has dropped

That middle allow rule is saying “allow guest to talk to any network except LAN” I would just take that rule out. If you need to block LAN from this network then do a block rule

Ok.

Dhcp is working on all three ssids. Ap is still connected to controller. Looking good thus far. When including the other three APs, same port configuration has to be done, where the ports are added along with port 1 and 2 for vlan, right.