I have a pfSense router, a netgear switch and Unifi AP’s in my setup. Im trying to experiment with VLANs. However in the Unifi controller, I see no option to assign VLAN ID’s to my Wireless Networks.
In a previous version of the controller software, you used to be able to attach a VLAN ID to a Wireless Network in its configuration page. This box now seems to be missing for me.
Newer version of Unifi controller - 6.5.55
I notice I can create a Network, select corporate and attach a VLAN ID there and then assign that network the my Wireless Network, but Im not able to connect out to the internet with this setup.
Yes, the VLANs are defined in the Netgate switch, where I’m sending (T)agged packets out to the Unifi AP’s (g17,g18,g19,g20) and am also Tagging the traffic coming in the LAN port (g24) from the pfSense router.
Sounds like you’re pretty close. As you mentioned, on the newer UniFi interface you assign VLAN IDs to a Network and then in turn assign a Wireless Network to a specific Network.
Your screenshots might be unrelated, but you seem to have different VLAN IDs in use between UniFi (10) and the Netgear (60).
Let me assume some things and go through things I’d check:
pfSense
Two NICs, say igb0 & igb1
WAN Interface
igb0
Public IP via DHCP/PPPoE/etc.
LAN Interface
Assigned to igb1
192.168.1.1/24
DHCP Server Enabled
Rules allowing traffic to Internet
VLAN_60 Interface
Assigned to tagged VLAN 60 on igb1
192.168.60.1/24
DHCP Server Enabled
Rules allowing traffic to Internet
Netgear Switch
VLAN 1 - PVID 1 - Untagged g1-26
VLAN 60 - Tagged g17-20,24
g24 - pfSense igb1
g17-20 - UniFi APs
gX - UniFi Controller
UniFi Controller
LAN Network
VLAN ID: none
DHCP Mode: none
Gateway IP/Subnet: 192.168.1.1/24
VLAN_60 Network
VLAN ID: 60
DHCP Mode: none
Gateway IP/Subnet: 192.168.60.1/24
SSID1 Wireless Network
Network: VLAN_60
Ok, so I assumed a bit. Obviously the permutations on this could be endless, depending on your existing and intended setups.
Also, be aware there are a few NIC/driver combos out there that don’t play well with certain VLAN configs on pfSense, such as mixing both Tagged and Untagged VLANs on the same NIC, or bonding disparate NIC types.
Thank you so much for taking time to work through this and providing such a detailed breakdown. I’ll be able to troubleshoot this on Monday and will report back.
So I’d like to reply to your post. Thank you again for your efforts and clear instructions.
You are correct in that there is no relation between the VLAN 10 from the older unifi controller to the VLAN 60 that I’m using now. The older one was just a picture I found online to show the differences in the UI and in the way VLANs are handled now on Unifi.
Secondly, my error in the setup was pure rookie stuff. I was getting a connection to the VLAN’d network but not getting an internet connection. This was solely down to the fact that in my pfSense Firewall rules for the VLAN 60 network, my ‘ALLOW ALL TRAFFIC’ rule at the end was for TCP traffic only. pfSense defaults to TCP traffic when creating a rule and it should have been set to ‘any’.