One Unifi AP AC PRO / One Mikrotik / Two Routers

97emoreno · February 1, 2017, 11:04am

I have a little proyect to do in my company, and I wanted to know if it’s possible to do it, and if it`s possible how to do it.
mikrotik - unifi 1.png

I want to have 2 different SSID created on the Unifi. When I connect to one SSID I want the Mikrotik redirect me to the router i specify, and the other way round. For example SSID router1 redirect me to the router1 and SSID router2 redirect me to the router2

If that`s possible, which Mikrotik hardware should I buy, and which configurations do I need for the correct function. A short explanation whould be great.

pukkita · February 1, 2017, 11:12am

No need to redirect…

Create the two SSIDs, each will have an associated VLAN.

On the mikrotik, add two VLAN interfaces hanging from the ethernet port the Unifi is connected to with proper VLAN ids.

Create two bridges, BrRouter1 and BrRouter2.

Add SSID1 VLAN interface and Mikrotik ether interface connected to Router1 to BrRouter1
Add SSID2 VLAN interface and Mikrotik ether interface connected to Router2 to BrRouter2.

From this point, You can consider SSID1 as belonging to an AP directly connected to a switch where router1 is also connected; same goes for SSID2/Router2.

97emoreno · February 1, 2017, 11:17am

¿Which Mikrotik hardware is the best for this configuration? ¿The scheme of the image will work correctly, or do I need to change something?

pukkita · February 1, 2017, 11:59am

An Hex (https://routerboard.com/RB750Gr3) should be enough.

Scheme is absolutely fine.

97emoreno · February 21, 2017, 9:10am

and if i want to do that, but adding 2 more ubiquiti acess points? The configuration will be the same? Each ubiquiti with 2 SSID as i said before.

pukkita · February 21, 2017, 9:29am

Yes, no problem.

Maybe Hex POE will be a better fit for such scenario.

An even better solution: use mikrotik APs (wAP AC), and setup the Hex as CAPsMAN controller so that you don’t need to bother with each AP configuration/management… no need for dedicated controllers nor specific PC software to setup the APs.

97emoreno · March 14, 2017, 12:04pm

Well, the mikrotik just have arrived and im going to start configuring it. As I said on other replies, i have 2 routers each one to internet access. Router 1(192.168.2.1) and Router 2(10.98.10.1).

I entered the the mikrotik using winbox and i don’t know how do i have to configure it. Mode, IP…
Ethernet Quick Set.PNG

97emoreno · March 15, 2017, 10:57am

The mikrotik I bought has 5 ethernet ports and I need to configure 2 of them for the routers and the other 3 for the Ubiquiti’s. Regarding Internet ports there is only one, can I configure another port as Internet too? Otherwise I cant have internet on both routers.

pukkita · March 15, 2017, 7:05pm

Reset it to no defaults, you just need to do what I exposed previously:

On the mikrotik, add VLAN interfaces hanging from the ethernet ports the Unifi are connected to with proper VLAN ids for the SSIDs they’re broadcasting.

If you have 3 UniFis, connected to ether3,4,5, you’ll end up with:

ether3
||_ VlanSSID1_3
|__ VlanSSID2_3

ether4
||_ VlanSSID1_4
|__ VlanSSID2_4

ether5
||_ VlanSSID1_5
|__ VlanSSID2_5

Let’s suppose router1 is wired to ether1, and router2 to ether2.

1.- Create two bridges, BrRouter1 and BrRouter2.

2.- Add ether1 to BrRouter1, and ether2 to BrRouter2.

3.- Add VLAN interfaces VlanSSID1_3, VlanSSID1_4, VlanSSID1_5 to bridge BrRouter1

4.- Add VLAN interfaces VlanSSID2_3, VlanSSID2_4, VlanSSID2_5 to bridge BrRouter2

From this point, You can consider SSID1 as if it were being broadcasted by APs directly connected to a virtual switch where router1 is also connected; same goes for SSID2/Router2.

You can manage the mikrotik with no configuration or IP addresses set, by using winbox (http://www.mikrotik.com/download), you’ll see the router appear on the neighbors tab; double click on its mac address.

97emoreno · March 20, 2017, 10:30am

This is our squeme of our montage. ¿The ubiquiti`s which IP must have to be in the same network?

One of them it`s behind a firewall. Any suggestion will be apreciated!
Montaje Mikrotik.png

pukkita · March 20, 2017, 10:52am

They can be in the same network range, or use different ones for each (/30), it’s up to you.

Regarding the one behind a firewall, how is it so? Cannot you connect it directly to the mikrotik?

97emoreno · March 20, 2017, 10:58am

It`s to have more security in our company. The “Bisitak” one its for people that is not of the company who came to do meetings… And the other One “Wisy” is the one that gives us connection for all the workers of the company.

97emoreno · March 20, 2017, 11:02am

Behind the firewall it´s only our company router, not the ubiquitis. All the ubiquitis will be connected to the Mikrotik

pukkita · March 20, 2017, 11:07am

All APs can be placed behind the mikrotik, you may then isolate certain SSIDs on the mikrotik from accessing each others, or reaching company LANs.