I am having an issue with getting my Unifi AP's working with tagged vlan's. I have a controller, in VLAN 10 and 2 APs in VLANs 20 and 30. 10 is my hardwired network, 20 is my "internal" wireless, and 30 is my IOT wireless. Going by what Ubiquiti recommends I set up the port to the AP as untagged and adopted it. After that I set up 2 new networks in the controller for VLAN id's 20 and 30 and assigned both to the APs. So far so good. I then go and add the APs port as tagged in both VLANs on the switch. I lose communication with the APs on VLAN 20 but things are working for VLAN 30 just fine. Sometimes I get an address on 20, sometimes not and I can no longer manage the APs from the controller. If I set the port to dual mode then I regain controller access to the APs but none of the clients can get IP addresses anymore.
Any ideas what I might be doing wrong? I am running opnsense as for DHCP, L3, and firewall rules. I have a rule to allow the known needed ports from the APs IP addresses to talk to the controller, all other communication is blocked from VLAN 20 to 10. I also have a DNS override to resolve "unifi" to the controller on VLAN 10. I am not doing a NAT port forward as such.
Any ideas what I might be doing wrong? I am running opnsense as for DHCP, L3, and firewall rules. I have a rule to allow the known needed ports from the APs IP addresses to talk to the controller, all other communication is blocked from VLAN 20 to 10. I also have a DNS override to resolve "unifi" to the controller on VLAN 10. I am not doing a NAT port forward as such.