Need Mikrotik and Unifi Help

bk1 · September 12, 2014, 1:32pm

I want to setup a Mikrotik with a Unifi AP with one secured network, and one guest network.

My existing network is 10.10.0.x. My internet router is 10.10.0.254 and I’m using opendns for DNS: 208.67.222.222, 208.67.220.220

So, I would like:
SSID1 - VLAN10 = 10.10.1.x - Secured but can route traffic between my 10.10.1.x network. Running out of IP addresses on my 10.10.1.x network so I would like to use a new range.
SSID2 - VLAN20 = 10.10.2.x - Guest internet access. Can only communicate with the internet, not SSID1 computers or existing LAN

I know that Unifi also requires the management traffic NOT be on a VLAN so we will have to account for that.

I would like Mikrotik to be the DHCP server for SSID1 and SSID2.

Can someone post a config for this for me?

bk1 · September 24, 2014, 12:29pm

Anyone?

docmarius · September 25, 2014, 4:16am

I set up the Unify with no VLAN on my LAN for secured access (10.10.1.x in your case) and created a vlan interface with the needed VLAN ID for the guest traffic (10.10.2.x…).
The normal interface will do secured and administrative traffic, the VLAN interface the guest access.
Add 2 forward drop rules so that traffic is not allowed between those interfaces and you have it.

Assume LAN is on ether1 and guest vlan is 99:

/interface vlan add comment="AP Guests" interface=ether1 name=vlan-guest vlan-id=99
/ip firewall filter add action=drop chain=forward in-interface=ether1 out-interface=vlan-guest
/ip firewall filter add action=drop chain=forward in-interface=vlan-guest out-interface=ether1