VLAN with PfSense (2.5) -> dumb switch (Netgear) -> Unifi AP (6.5.54)

Hello everyone. I’m having some difficulty setting up a VLAN for my home network which is my test bed for works network. I have a PfSense with 2 NICs (one LAN and one WAN). It connects to a normal dumb switch (PoE) then to the Ubnt AP AC Pro. I’ve followed Toms video “DL4vMLgBrYI” but the system on there is outdated. So much has changed in the new UBNT controller software. I am able to follow along and make changes as needed for the PfSense, but when I get to adding the WiFi network on the ubnt controller, there is no option to tag the VLAN there. I did learn that you must do this under “Network” now, so followed along on another video “r4C2yu2wLI4” that shows tagging the VLAN there. However that video shows being able to set the Network as “VLAN Only”. That option is only if you have a USW which I do not. I’m not sure if I’m missing something or if it’s just not possible without a smart switch any longer. Any help is appreciated. Thanks, Scott.

What you are doing sounds like a good way to lose your day !

If you want vlans buy a switch, you can get them cheap.

If you want to use your dumb switch, stick everything on the LAN. Maybe your AP allows guest mode, which might work. Trying to fudge your network to do something that it’s not setup to do may or may not work.

Many non-managed / not VLAN aware switches do not pass VLAN tagged traffic.

Now that makes sense Tom. I’ve always thought a dumb switch passed all traffic, but if it’s blocking the tagging that would explain it. I’ll have to rework the home net to work around that. I can add second LAN port to the PfSense to plug the AP into so it can bypass the switch.
Thanks guys. :grin:

If you set up “guest isolation” on your guest network in Unifi and assign that network to your guest SSID, it’s almost like having a VLAN for that network. All the traffic will really be on your LAN (which your dumb switch will support) but when the Unifi IP gets a packet from a device trying to go to another internal device, it just drops the packet at the AP. It never sees the firewall.