Trouble with Proxmox - pfSense - Unifi

I am in the process of rebuilding my network and have changed the design. Previously I had the following topology: Proxmox Node -> Switch -> Switch -> Virtual pfSense. The first switch where Proxmox was connected to is where all the nodes were located with 2 interfaced bonded with LACP, there was also IPMI connections on that switch as well. The second switch took connections from the other various switches in the server room and in the house and then connected to the Proxmox node that housed pfSense which the 4 interfaces were bonded together and passed to pfSense via a bridge, I also had my Unifi AP connected to the same switch. Both switches I am referencing are managed and had the VLANs assigned in order to have Unifi have a second SSID that used a VLAN that went to pfSense to allow for a second DHCP server and firewall rules.

Now what I am trying to do is change it so that the main switch that all the switches and AP connect to is not needed. I setup a Proxmox node with multiple interfaces and created the required bonds and bridges and everything was working until I added the AP. I can get the SSID to work when there is no VLAN assigned but when I specify a VLAN that is configured in pfSense I get no IP address on my phone.

I have tried switching everything from Linux bridges and bond to OVS and the results were that nothing could communicate in or out of the pfSense even directly connecting to pfSense and specifying an IP I could not get to the web UI.

Ideally, I am trying to have the following setup:
Switch 1 is on VLAN 1 which is the default and uses the IP of, connected to that switch are 5 Proxmox nodes via 2 interfaces each which are bonded in Proxmox and also on the switch. The switch has these ports using an untagged VLAN of 20. There are also 4 IPMI connections that are on a native VLAN of 10.

Switch 2 is on VLAN1 as well and uses the IP of, connected to it are the same 5 Proxmox nodes with another 2 interfaces each that are bonded together as well on the untagged VLAN of 40 via the switch.

Switch 3 is on VLAN1 as well and uses the IP of, connected to it are 4 NAS devices (QNAP and FreeNAS) with 2 interfaces each that are bonded together as well on the untagged VLAN of 30 via the switch.

The last interface that the last Proxmox node is connected to the Unifi AP. This is where I want 4 SSIDs, Family (VLAN 50), Guest (VLAN 60), Security (VLAN 70), Printers (VLAN 80).

I am at a loss at this point as to why moving from Linux switches to OVS has made the pfSense not function and why I cannot get a VLAN tag from the Unifi AP to pfSense working.

Could this be the source of your issues ?

"Open vSwitch and Linux bonding and bridging or vlans MUST NOT be mixed. For instance, do not attempt to add a vlan to an OVS Bond, or add a Linux Bond to an OVSBridge or vice-versa. Open vSwitch is specifically tailored to function within virtualized environments, there is no reason to use the native linux functionality. "

From Proxmox

Let me that that back it should work … reading up on Open vswitch, quite interesting, I’m running Proxmox too .

So i decided the best way to unmake the mess was to remove all the bridges and bonds and start again, good thing I have ifupdown2 configured on the nodes.

I started simple and made a bridge each for the hypervisor and the VM traffic and then made the associated bonds. I then made the bridge that is basically my head managed switch all be it virtually. I then added the port my laptop connected to to that bridge along with the needed links to the other physical switches.

I can now from my laptop reach my pfSense again and all the physical switches, I even have internet haha.

Now for the unifi AP.

So an update:

after connecting the AP to the network I can see it in the controller but I am unable to still get an IP address when I set the SSID to use a VLAN tag.

I also noticed that I can connect to the devices connected to the phsyical switches that are on a VLAN once they were reconfigured in pfSense.

Another update:
This one makes me feel silly, I used another switch while testing the AP to allow me to reset it as well as having be able to see the controller once it was set to the right inform URL. Downside is I did not configure It for VLANs so as you can imagine my problem was human error. On the plus side OVS is nice and ill still with it over the traditional setup but it was probably not required.