pfSense -> Netgear managed switch -> Unifi AP's

Hi folks,

I have a pfSense router, a netgear switch and Unifi AP’s in my setup. Im trying to experiment with VLANs. However in the Unifi controller, I see no option to assign VLAN ID’s to my Wireless Networks.
In a previous version of the controller software, you used to be able to attach a VLAN ID to a Wireless Network in its configuration page. This box now seems to be missing for me.

Older version of Unifi controller

Newer version of Unifi controller - 6.5.55
I notice I can create a Network, select corporate and attach a VLAN ID there and then assign that network the my Wireless Network, but Im not able to connect out to the internet with this setup.

Is it possible to use VLANs over a Netgear switch these days? and I anyone has any tips on where I may be missing a trick, I’d appreciate the help.

Many thanks.

It depends if Netgate requires the VLAN to be defined within the switch as well.

Yes, the VLANs are defined in the Netgate switch, where I’m sending (T)agged packets out to the Unifi AP’s (g17,g18,g19,g20) and am also Tagging the traffic coming in the LAN port (g24) from the pfSense router.

Sounds like you’re pretty close. As you mentioned, on the newer UniFi interface you assign VLAN IDs to a Network and then in turn assign a Wireless Network to a specific Network.

Your screenshots might be unrelated, but you seem to have different VLAN IDs in use between UniFi (10) and the Netgear (60).

Let me assume some things and go through things I’d check:

pfSense

  • Two NICs, say igb0 & igb1
  • WAN Interface
    • igb0
    • Public IP via DHCP/PPPoE/etc.
  • LAN Interface
    • Assigned to igb1
    • 192.168.1.1/24
    • DHCP Server Enabled
    • Rules allowing traffic to Internet
  • VLAN_60 Interface
    • Assigned to tagged VLAN 60 on igb1
    • 192.168.60.1/24
    • DHCP Server Enabled
    • Rules allowing traffic to Internet

Netgear Switch

  • VLAN 1 - PVID 1 - Untagged g1-26
  • VLAN 60 - Tagged g17-20,24
  • g24 - pfSense igb1
  • g17-20 - UniFi APs
  • gX - UniFi Controller

UniFi Controller

  • LAN Network
    • VLAN ID: none
    • DHCP Mode: none
    • Gateway IP/Subnet: 192.168.1.1/24
  • VLAN_60 Network
    • VLAN ID: 60
    • DHCP Mode: none
    • Gateway IP/Subnet: 192.168.60.1/24
  • SSID1 Wireless Network
    • Network: VLAN_60

Ok, so I assumed a bit. Obviously the permutations on this could be endless, depending on your existing and intended setups.

Also, be aware there are a few NIC/driver combos out there that don’t play well with certain VLAN configs on pfSense, such as mixing both Tagged and Untagged VLANs on the same NIC, or bonding disparate NIC types.

Thank you so much for taking time to work through this and providing such a detailed breakdown. I’ll be able to troubleshoot this on Monday and will report back.

So I’d like to reply to your post. Thank you again for your efforts and clear instructions.

You are correct in that there is no relation between the VLAN 10 from the older unifi controller to the VLAN 60 that I’m using now. The older one was just a picture I found online to show the differences in the UI and in the way VLANs are handled now on Unifi.

Secondly, my error in the setup was pure rookie stuff. I was getting a connection to the VLAN’d network but not getting an internet connection. This was solely down to the fact that in my pfSense Firewall rules for the VLAN 60 network, my ‘ALLOW ALL TRAFFIC’ rule at the end was for TCP traffic only. pfSense defaults to TCP traffic when creating a rule and it should have been set to ‘any’.

Thank you for your time in efforts.

No worries, well done for spotting that errant rule.
:+1: