How to integrate Unifi AP’s with a pfSense router with a VLAN for a guest network

  • Home
  • General
  • How to integrate Unifi AP’s with a pfSense router with a VLAN for a guest network

How to integrate Unifi AP’s with a pfSense router with a VLAN for a guest network

Well, in my last article where I discuss why I am trying out 2 new AP’s by Unifi, it was discovered that they are … I think perfect. I am going to let them soak for a while and see how iOS devices hand off when walking across the building. But for now, they are great to configure.

I had to do a little fiddling with the pfSense box and learn new stuff again, but it all seems to work. I think I love pfSense [UPDATE Fall 2015 – no I REALLY LOVE pfSense].

In short – how to get the Unifi boxes to work with the main and guest networks by using a VLAN and how to route that traffic. This is for a church where on Sundays – hundreds of people come – so we need lots of guest IP addresses. Here we go…

First, I am using 100% pfSense. So the person with this article got me going the most. I followed his tutorial ignoring all the Cisco stuff and concentrating on VLAN 10.

  • I configured a VLAN on my LAN port of my pfSense box and called assigned it an ID of 10 like the article said.
  • Then, I added a new interface that used that VLAN like the article said
    • 172.16.10.1 and used a /23 behind it (1022 addresses -see cheat sheet link below). Now what does that mean? Well, I know it has something to do with the Subnet Mask et. al and all I ever use is 255.255.255.0 networks – which i know to be 253 devices . So I needed this article to fill in the rest of my knowledge which led me to the cheat sheet that really gave me my answer. I know it was talking about class C stuff etc. but it really helped me understand things
    • THEN in pfSense – when you go to configure the DHCP (below) – it tells you the range you can pick from  – so why did I need the above? Because I learn from what I know – then the “hindsight” fills in – pfSense is awesome because you can ono a little and it will help fill in the rest often.
  • Then I configured DCHP which needs the above interface (VLAN10) to have a static ip address.
    • I have my users 172.16.10.20-172.16.11.254 which is about 490 addresses – good enough for the Sunday morning church rush
    • I configured their lease to expire in 3 hours – so if one had 2 services of church – this should only be 1 hour so the IP’s can be reused.
  • Then I configured the guest network in the Unifi AP to only
    • allowed subnets 172.16.10.0/23 network and
    • restricted subnets of 192.16.1.0/24 network
    • so that the two could never see each other and now we have a normal network and a guest network.

Beauty. I tested them to ensure they could not see each other and it worked. I have to test the roaming on iOS but my iPhone died before I could do that test. I bought the cheap charging cable so I don’t have one in my car. Bummer. I will have to come back.

Oh – and as a follow up – the controller MUST be working for the landing page right? So to get it working as a service in the background (not as a thing that needs a user to be logged in – on a mac, follow extra these steps. I followed the one where it was a .plist file.

[UPDATE Fall 2015] Frustrated in getting the service up and running and seeing the web page? THERE IS A BUG!!!! You have to install both the 64 and 32 bit versions of Java (no – really – this works!) See these guys’ article – SCROLL TO THE BOTTOM and work your way up. Don’t forget to do the setup, env. var paths for both versions. Then it will work. I only had 1 customer our of 3 where this was required.

ELB Solutions.com Inc.
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.