Inspired by your passion, I have decided to join to expand my understanding. With that in mind,
I am seeking your help regarding issues with the operation of MikroTik 2011il routers and UniFi AP devices.
The problem is the following, I have 4 ap unifi devices connected to a mikrotik 2011il, clients that
connect to the wifi ap for some reason do not get dns but get an ip address from the dhcp server that
is advertised for each vlan that is made for different ssid,when I use the dynamic dns that I get from the isp provider
, the clients on wifi have internet, but after some time the dns and the connection to the internet are lost, when I set the public
dns, for example 8.8.8.8, the same thing happens. Everything that is in the lan network connected
by cable works perfectly. When I turn on the allow remote request option in the dns settings, the clients get
dns and access to the internet, and as far as I can see on the forum, this is not recommended. Here is the
configuration of the settings so that you can see, there are probably errors, so please tell me what to pay
attention to and whether the problem is in the mikrotik or in the unifi ap device.
Code: Select all
/interface bridge
add name=bridge2
/interface ethernet
set [ find default-name=ether1 ] name=ether1-WAN
set [ find default-name=ether2 ] name=ether2-LAN
set [ find default-name=ether3 ] name=ether3-unifi1
set [ find default-name=ether4 ] name=ether4-unifi2
set [ find default-name=ether5 ] name=ether5-unifi3-spolja
/interface pppoe-client
add add-default-route=yes dial-on-demand=yes disabled=no interface=ether1-WAN \
name=pppoe-out1 password=xxxxxxxxxx use-peer-dns=yes user=\xxxxxxxxxx
/interface vlan
add interface=bridge2 name=vlan10Guest vlan-id=10
add interface=bridge2 name=vlan20Menagement vlan-id=20
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool10 ranges=192.168.1.20-192.168.1.254
add name=dhcp_pool12 ranges=10.51.30.2-10.51.30.254
add name=dhcp_pool13 ranges=10.51.35.2-10.51.35.254
/ip dhcp-server
add address-pool=dhcp_pool10 disabled=no interface=bridge2 name=dhcp1
add address-pool=dhcp_pool12 disabled=no interface=vlan10Guest name=dhcp3
add address-pool=dhcp_pool13 disabled=no interface=vlan20Menagement name=\
dhcp4
/user group
set read policy="local,telnet,ssh,read,test,winbox,web,sniff,api,romon,tikapp,\
!ftp,!reboot,!write,!policy,!password,!sensitive,!dude"
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge2 interface=ether3-unifi1
add bridge=bridge2 interface=ether4-unifi2
add bridge=bridge2 interface=ether5-unifi3-outdoor
add bridge=bridge2 interface=ether7
add bridge=bridge2 interface=ether2-LAN
add bridge=bridge2 interface=ether6
/interface list member
add interface=ether1-WAN list=WAN
add list=LAN
/ip address
add address=10.51.30.1/24 interface=vlan10Gosti network=10.51.30.0
add address=192.168.1.1/24 interface=bridge2 network=192.168.1.0
add address=10.51.35.1/24 interface=vlan20Menagement network=10.51.35.0
/ip dhcp-server network
add address=10.51.30.0/24 gateway=10.51.30.1
add address=10.51.35.0/24 gateway=10.51.35.1
add address=192.168.1.0/24 gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes
/ip firewall address-list
add address=192.168.30.0/23 list=Guest
add address=192.168.35.0/24 list=Menagement
/ip firewall filter
add action=drop chain=input dst-port=53 in-interface=pppoe-out1 protocol=udp
add action=drop chain=input dst-port=53 in-interface=pppoe-out1 protocol=tcp
add action=accept chain=forward comment=\
"Allow frorward good connection state" connection-state=\
established,related,new
add action=accept chain=input comment="Allow input good connection state" \
connection-state=established,related,new
add action=drop chain=forward comment="Drop forward invalid connection state" \
connection-state=invalid
add action=drop chain=input comment="Drop input invalid connection state" \
connection-state=invalid
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1
add action=dst-nat chain=dstnat comment=garson-tcp dst-address=\
xxx.xxx.xxx.xxx dst-port=xxxx protocol=tcp to-addresses=192.168.1.222 \
to-ports=xxxx
add action=dst-nat chain=dstnat comment=garson-udp dst-address=\
xxx.xxx.xxx.xxx dst-port=xxxx protocol=udp to-addresses=192.168.1.222 \
to-ports=xxxx
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=192.168.1.0/24,10.51.35.0/24
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/system logging
add topics=info
add topics=dns
add topics=dhcp
add topics=interface
add topics=bridge
add topics=pppoe
/system package update
set channel=long-term