Community discussions

MikroTik App
  4. RouterOS
  5. General

MikroTik and UniFi AP AC Lite - WiFi Internet Connection Issue

Post Reply
 
Crni025
just joined
Topic Author
Posts: 2
Joined: Mon Dec 18, 2023 12:17 pm

MikroTik and UniFi AP AC Lite - WiFi Internet Connection Issue

Fri Mar 08, 2024 11:04 am

I would like to express my admiration for the vast knowledge you share here.
Inspired by your passion, I have decided to join to expand my understanding. With that in mind,
I am seeking your help regarding issues with the operation of MikroTik 2011il routers and UniFi AP devices.
The problem is the following, I have 4 ap unifi devices connected to a mikrotik 2011il, clients that
connect to the wifi ap for some reason do not get dns but get an ip address from the dhcp server that
is advertised for each vlan that is made for different ssid,when I use the dynamic dns that I get from the isp provider
, the clients on wifi have internet, but after some time the dns and the connection to the internet are lost, when I set the public
dns, for example 8.8.8.8, the same thing happens. Everything that is in the lan network connected
by cable works perfectly. When I turn on the allow remote request option in the dns settings, the clients get
dns and access to the internet, and as far as I can see on the forum, this is not recommended. Here is the
configuration of the settings so that you can see, there are probably errors, so please tell me what to pay
attention to and whether the problem is in the mikrotik or in the unifi ap device.
Code: Select all
/interface bridge
add name=bridge2
/interface ethernet
set [ find default-name=ether1 ] name=ether1-WAN
set [ find default-name=ether2 ] name=ether2-LAN
set [ find default-name=ether3 ] name=ether3-unifi1
set [ find default-name=ether4 ] name=ether4-unifi2
set [ find default-name=ether5 ] name=ether5-unifi3-spolja
/interface pppoe-client
add add-default-route=yes dial-on-demand=yes disabled=no interface=ether1-WAN \
    name=pppoe-out1 password=xxxxxxxxxx use-peer-dns=yes user=\xxxxxxxxxx
/interface vlan
add interface=bridge2 name=vlan10Guest vlan-id=10
add interface=bridge2 name=vlan20Menagement vlan-id=20
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool10 ranges=192.168.1.20-192.168.1.254
add name=dhcp_pool12 ranges=10.51.30.2-10.51.30.254
add name=dhcp_pool13 ranges=10.51.35.2-10.51.35.254
/ip dhcp-server
add address-pool=dhcp_pool10 disabled=no interface=bridge2 name=dhcp1
add address-pool=dhcp_pool12 disabled=no interface=vlan10Guest name=dhcp3
add address-pool=dhcp_pool13 disabled=no interface=vlan20Menagement name=\
    dhcp4
/user group
set read policy="local,telnet,ssh,read,test,winbox,web,sniff,api,romon,tikapp,\
    !ftp,!reboot,!write,!policy,!password,!sensitive,!dude"
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
    sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge2 interface=ether3-unifi1
add bridge=bridge2 interface=ether4-unifi2
add bridge=bridge2 interface=ether5-unifi3-outdoor
add bridge=bridge2 interface=ether7
add bridge=bridge2 interface=ether2-LAN
add bridge=bridge2 interface=ether6

/interface list member
add interface=ether1-WAN list=WAN
add list=LAN

/ip address

add address=10.51.30.1/24 interface=vlan10Gosti network=10.51.30.0
add address=192.168.1.1/24 interface=bridge2 network=192.168.1.0
add address=10.51.35.1/24 interface=vlan20Menagement network=10.51.35.0
/ip dhcp-server network
add address=10.51.30.0/24 gateway=10.51.30.1
add address=10.51.35.0/24 gateway=10.51.35.1
add address=192.168.1.0/24 gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes
/ip firewall address-list
add address=192.168.30.0/23 list=Guest
add address=192.168.35.0/24 list=Menagement
/ip firewall filter
add action=drop chain=input dst-port=53 in-interface=pppoe-out1 protocol=udp
add action=drop chain=input dst-port=53 in-interface=pppoe-out1 protocol=tcp
add action=accept chain=forward comment=\
    "Allow frorward good connection state" connection-state=\
    established,related,new
add action=accept chain=input comment="Allow input good connection state" \
    connection-state=established,related,new
add action=drop chain=forward comment="Drop forward invalid connection state" \
    connection-state=invalid
add action=drop chain=input comment="Drop input invalid connection state" \
    connection-state=invalid
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1
add action=dst-nat chain=dstnat comment=garson-tcp dst-address=\
    xxx.xxx.xxx.xxx dst-port=xxxx protocol=tcp to-addresses=192.168.1.222 \
    to-ports=xxxx
add action=dst-nat chain=dstnat comment=garson-udp dst-address=\
    xxx.xxx.xxx.xxx dst-port=xxxx protocol=udp to-addresses=192.168.1.222 \
    to-ports=xxxx
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=192.168.1.0/24,10.51.35.0/24
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote

/system logging
add topics=info
add topics=dns
add topics=dhcp
add topics=interface
add topics=bridge
add topics=pppoe
/system package update
set channel=long-term
Top
 
RhoAius
newbie
Posts: 31
Joined: Fri Jul 12, 2019 10:47 pm

Re: MikroTik and UniFi AP AC Lite - WiFi Internet Connection Issue

Fri Mar 08, 2024 4:05 pm

You should specify dns server/s with your DHCP server.
Either the router itself or public servers (eg 8.8.8.8 )
Code: Select all
/ip dhcp-server network
add address=10.51.30.0/24 gateway=10.51.30.1 dns-server=10.51.30.1
add address=10.51.35.0/24 gateway=10.51.35.1 dns-server=10.51.35.1
add address=192.168.1.0/24 gateway=192.168.1.1 dns-server=192.168.1.1
I assume vlan10Gosti is a typo and not another vlan created in the router
Code: Select all
/interface vlan
add interface=bridge2 name=vlan10Guest vlan-id=10
/ip address
add address=10.51.30.1/24 interface=vlan10Gosti network=10.51.30.0
Lastly you would probably want to disable "dial-on-demand" on your pppoe-client.
Top
 
Crni025
just joined
Topic Author
Posts: 2
Joined: Mon Dec 18, 2023 12:17 pm

Re: MikroTik and UniFi AP AC Lite - WiFi Internet Connection Issue

Fri Mar 08, 2024 10:54 pm

that's right. the error is when typing, when I add public dns 8.8.8.8 phones do not retrieve dns when connected to a wifi network. on the ping tools application on the phone, I can see that the phone has pulled the IP address from the DHCP server and I can see the gateway but not the Internet access, they should also display the public static IP address that we leased from the ISP provider. but it says unavailable.
As in the picture here everything is as it should be since I am on another wifi network. but on unifi wifi doesn't show public ip address. the public ip address is shown only when I turn on allow remote request.of course I will try to turn off dial-on-demand" on pppoe-client and see how it behaves
You do not have the required permissions to view the files attached to this post.
Top
 
RhoAius
newbie
Posts: 31
Joined: Fri Jul 12, 2019 10:47 pm

Re: MikroTik and UniFi AP AC Lite - WiFi Internet Connection Issue

Sat Mar 09, 2024 1:29 pm

  • If DHCP is not assigning dns server then there is a misconfiguration.
  • "allow remote requests" option needs to be enabled only if you are using the router itself as a dns server.
    like in the example i mentioned
  • setting 8.8.8.8 in the DHCP Server -> Networks
    "DNS Servers" for your network and make sure not to have "no DNS" enabled should allow wifi clients receive DNS from DHCP
Top
Post Reply

Who is online

Users browsing this forum: Bing [Bot], jhbarrantes, kormenator and 25 guests
  4. RouterOS
  5. General