Move from Unifi AP to Mikrotik AP

RouterOS Beginner Basics
1

Hello all, I looked at a few posts trying to find a guide that could help me understand the complexity of moving from a relatively simple, but flawed, GUI based Controller (Unifi) to RouterOS to manage the APs.

I have 13 APs distributed on a 3 acre site, the complexities I need to manage are basically 2:

  1. 60+ IoT and CCTV devices which are only 2.4GHz capable, need to be able to lock a device to a specific AP
  2. 10+ modern phones/tablets (802.11r capable) devices which require fast handoff, high throughput, (min Data) as the are has no cellular signal so relies on data calling

Centrally I have an older CCR 1016 running v7. Across the site all switches are dumb and of various makes (Netgear, TP-Link, etc).

Conceptually I think I will need:

3x Chateau PRO ax
10x wAP ax

Any advice would be gratefully received. Thank you.
AP location Feb 2025.png

2

You got any specific questions?

So far I can’t say anything about your plans other than the Chateau Pro AX only has 1G Ethernet.

I personally switched from Unifi AP ACs + OPNSense to Mikrotik AX.

3

Hello,

I was really wondering if there was a resource or guide that could help me learn how to make the transition from the GUI Controller to the RouterOS interface, I use Winbox but presumably they are all the same. All APs are currently connected with physical 1GBE, no meshing.

What I have found goes very fast into intricate detail of aspects that are simply beyond me. One thing I still need to find an answer to is if I can “lock” a device to a certain AP.

Cheers,

Andrew.

4

For configuration there are examples on the wifi help page:
https://help.mikrotik.com/docs/spaces/ROS/pages/224559120/WiFi

They might look overwhelming at first, but they’re not that complicated.
Most options you can set through winbox (“installation” only through cli currently for example) and APs you can adopt with “caps mode”.

Well that’s good since MT currently doesn’t offer WDS or what other vendors call “mesh”.



You will need to use an “Access List” entry.
https://help.mikrotik.com/docs/spaces/ROS/pages/224559120/WiFi#WiFi-AccessList

For example you can add 2 entries like this:
MAC XX:XX:XX:XX:XX:XX is allowed on interface wlan3
MAC XX:XX:XX:XX:XX:XX gets denied on all interfaces.

I think you can also use interface lists.

5

Thank you, will start reading and then move one AP to try out. Much obliged.

6
  1. There is no equivalent to UNIFI Controller in MT wifi.
  2. The closest thing is capsman, its an in-house controller that resides in MT RoS. Any device can act as the capsman controller doesnt have to be the WIFI router or WIFI AP, as its resident on RoS.
    I think, dont quote me, but the key is using the right capsman controller version that matches up with the type of WIFI device you are using. There are different variants of MT wifi and thats where it gets confusing.
  3. ALso, an MT AP or router used as wifi/switch is a smart device expecting ALL vlans coming in as tagged, via a trunk port, whereas unifi by default expects the management vlan untagged and all data vlans tagged.
7

Well, I have tried and it makes no sense to me, I can see the new AP in the Leases, have fixed its IP. Have looked at the instructions. From the Router side and also from the wAP ax side and neither work.

https://help.mikrotik.com/docs/spaces/UM/pages/279052378/wAP+ax#:~:text=Configuration%20should%20be%20made%20via,Click%20on%20the%20MAC%20address.

This suggests I should be able to connect to the AP via Winbox, but both using MAC or IP it does nothing.

When I try the basic setup on a command line I get “no such item”, for:

/interface/wifi
set wifi1 disabled=no configuration.country=Latvia configuration.ssid=MikroTik security.authentication-types=wpa2-psk,wpa3-psk security.passphrase=1345678

Apologies, but I’m completely lost.

8

This looks like a big project to start learning Mikrotik equipment on

9

Are you using the default config?
It might be setup as a “router” with ether1 being WAN and ether2 being LAN.

Not sure about default config on wap ax.

Also, maybe try this (this would take into account that the interface has been renamed):

10
  1. In the current line-up of wireless products MikroTik wireless is inferior to Unifi AP’s in every way shape and form ;
  2. For wired MikroTik is excellent - for wireless <> especially if you want happy clients stay with Ubiquiti
11

It is not clear on your diagram
a. which sites have an ISP modem/router
b. which sites have 120V power
c. which sites have ethernet poe capable cabling
d. which sites expect a wifi link for connectivity ( no cabling ).

I personally not being a wifi guru or wisp expert but generally speaking,
use 60ghz devices to connect gate and stables and garage/greenhouse to main location ( assuming not wired for ethernet )
https://mikrotik.com/product/wireless_wire_cube_pro

Then in terms of using local APs, I would not necessarily look only at MT,
unifi, grandstream, zyxel may be others that provide better performance, however you will get varied opinions.

12
13

I am trying to simplify my life, learn one interface rather than lots of them which is why I thought as I use RouterOS a bit anyway then why not. But the AP a nightmare to setup, 40min of searching later and nowhere can I find a simple “turn my unit into an dumb access point and let it be controlled by my router”

14

The hardware feels so much better and it reboots in a 1/10th of the time which in a rural area is important due to power cuts. Which is why I need to lock devices to APs, if not they go off an connect to a lower quality signal from an AP which powered up a bit faster. I’m going to write to Mikrotik as I am shocked at how bad this is.

Cheers.

15

Look up capsmanv2, plenty of YT videos and topics on this forum to help you

16

Honestly I have tried, even managed to get to a decent stage where at least the AP is reporting it cannot see any CAPsMAN on the network, but its just too hard. Most wikis forgot to define terms and acronyms so I spend 20min just trying to sort CAP instructions from CAPsMAN ones.

I’ve now given up. I will hire somebody to do the one test AP but likely I will stick to Unifi.

Thank you for your time, appreciate it.

17

Coming from Unifi AC devices (AC-Lite, AC-M, AC-Pro) the current Mikrotik lineup is quite a lot better :smiley:
And faster. And no more overheating.

But im sure(?) the newer ones are a lot better than that.

18

Have you got capsmanV2 enabled?

Is the caps not finding the capsman?

On the Caps - WAP AX

/interface bridge
add name=br

/interface bridge port
add bridge=br interface=ether1
add bridge=br interface=ether2

/interface wifi datapath
add bridge=br disabled=no name=datapath-slave

/interface wifi cap
set caps-man-addresses=“” certificate=request discovery-interfaces=br
enabled=yes lock-to-caps-man=yes slaves-datapath=datapath-slave
slaves-static=yes

/ip dhcp-client
add interface=br

/tool romon
set enabled=yes

/interface wifi
set [ find default-name=wifi1 ] configuration.manager=capsman .mode=ap
datapath=datapath-slave disabled=no
set [ find default-name=wifi2 ] configuration.manager=capsman .mode=ap
datapath=datapath-slave disabled=no

19

important comment about flynnos config:

you should have a “no default configuration” device.

Aka:
System → Reset Configuration and check “no default configuration” checkbox.

20

I have a CCR1016 running 7.18.1 so I’m assuming its V2 of CAPsMAN. There is no specific package I can see, currently I only have “routeros” and “wireless” as enabled packages.

Ran through the instructions but still no connection, by the way in DHCP Client the interface “br” is status searching. I had previously created “ether1” as the DHCP client and it is bound.

Thank you.