Pfsense-Cisco-MikroTik-Ubiquiti lol

I think this question is perfect for this forum because it does involve Pfsense and Ubiquiti APs. There are some Cisco switches in the mix along with mikro tik. but the Mikrotik are basically simple ports passing all traffic. Basically all set up in strict mode (with all vlans declared in the vlans tab) and just an untagged port going to the wan of the pfsense sever… now i do have two other edge routers in this network (4 and 6p) I really just wanted to have the pfsense server for the heavy lifting and big state table for the crowd network. I created a subnet that has around 4k ip address. I normally never have a problem with this setup and edge routers. (as far as dhcp is concerned)

But yesterday we added some unifi ap lites (i dont typically use these i use more of the unifi mesh pros for events ) so on the port going to the access point i had it set up as a trunk in cisco ( sw mode trunk, and sw trunk native vlan 10 (the AP management network)) on the first day everyone connected to the network i had tagged for the network on the pfsense server. and the next day a bunch of people had problems connecting to this network. I first suspected it was the dhcp snooping set up on the switches. but even after i just added all the ports as trusted ports. the problem continued.
Some folks on the ubiquiti forums points to it possibily being the firmware on the ap lites. has anyone see this kind of behavior here with networks ran on pfsense or also have run into the same buggy firmware on the ap. the firmware i was recommended to go back to was 4.30.20. and the latest was the one giving me the problem.

Controller version - 5.14.23

Ap Firmware - 5.43.36.12724 (possibly the problematic firmware)

Any insight would be greatly appreciated.

I know im not on the latest controller but for an event this size i need an easier way to manage wlan groups on a per ap basis that does not mean added the same ssid to many times.

Ubiquiti has had multiple releases that have issues with non-Ubiquiti DHCP servers. For example, one of the latest releases has this as a change:

[UAP-MTK] Improve ability for clients to receive DHCP responses, especially with 3rd party servers.

UAP-MTK means APs that are based on a MediaTek chipset. There have been other releases with change notes indicating they fixed 3rd party DHCP on all APs, including Qualcomm (QCA).

You said “Unifi AP Lites” but I don’t know whether you mean UAP-Lite, UAP-AC-Lite, or U6-Lite. Some of those are QCA, some are MTK.

If you meant the U6-Lite, then definitely try 5.60.9: https://community.ui.com/releases/UAP-Firmware-5-60-9/a98a71d1-ce1e-4823-a1d2-4a5fa3d642b9

If you mean UAP-AC-Lite, then try 5.43.37 or 5.43.38, because of this note on 5.43.37:

[UAP-AC-Lite/LR/Pro/Mesh/IW] Fix connectivity issues when AP is under heavy load leading to clients not getting an IP address and requiring a periodic reboot to temporarily fix (TX OVERFLOW issue).

https://community.ui.com/releases/UAP-Firmware-5-43-37/ad42bbd9-cbf2-479c-b636-a4660b754393
https://community.ui.com/releases/UAP-Firmware-5-43-38/9ab43f55-9880-4165-a2a6-22654c86d21a

I upgraded recently to firmware 5.60 for UAP-nanoHD, UAP-FlexHD, and U6-Lite. However, no devices could connect either Apple or Android based. Had to rollback to 5.43 firmware. All fine again. Was a standard deploy with UCK-G2-Plus I.e. no customized settings.