Please Help Beginner With Mikrotik Config

RouterOS Beginner Basics
1

I am trying to configure a Mikrotik in my network and I have done very little with Mikrotik before. I am using a Unifi AP and want to have one secured network that will be able to share resources with our office network. I would also like a guest network that can only access the internet. Ideally, I would like to use the portal on the Unifi controller I have in my example below.

Could someone please help me by posting exactly how I need to configure my Mikrotik router in this setup:

My ISP Gateway is 192.168.0.1
My Unifi controller is 192.168.0.10
I am planning on making the guest wireless VLAN 20 and having a DHCP server on Mikrotik handing out IPs in the 192.168.20.x range. I would like to continue using my ISP gateway as the DHCP server for the secured 192.168.0.x network.

Do the ports on my managed switch that connect to Unifi APs AND the port that links to the Mikrotik have to be trunk ports? I am going to have 3 APs and the managed switch is a toughswitch which will provide POE for the Unifi APs.

Thank you for the help. Let me know if you need any more info.

2

Yes, set trunking on the APs and MT. Make sure to remove nat from ip firewall nat or don’t plug the switches into ether1.

interface vlan add vlan-id=20 name=vlan20 interface=ether2-master-local
ip address add address=192.168.20.1/24 interface=vlan20
ip pool add name=vlan20 ranges=192.168.20.100-192.168.20.199
ip dhcp-server network add address=192.168.20.0/24 gateway=192.168.20.1 dns-server=192.168.20.1
ip dhcp-server add name=vlan20 interface=vlan20 address-pool=vlan20 lease-time=8h
ip firewall filter add chain=forward action=accept dst-address=192.168.0.1 in-interface=vlan20
ip firewall filter add chain=forward action=drop dst-address=192.168.0.0/24 in-interface=vlan20
3

Thanks for the help.

Your comment about "or don’t plug the switches into ether1 confuses me.

Are you saying to plug my managed switch into ether2 and the unmanaged office switch into ether3?

4

Or, could you adapt these instructions for my setup:
http://blog.gowifi.co.nz/2013/04/ubiquiti-unifi-vlan-configuration.html

That example is one Unifi AP connected directly to the Mikrotik. Again, I am looking to connect 3 Unifi APs to the toughswitch (managed switch with POE) and then have the toughswitch connect to my Mikrotik.

Thanks.

5

Yes, plug the unmanaged switch and managed switches into ports 2 and 3. The example you’ve given is the same but the unifis are on bridged connections which is fine for them to reach your controller on vlan1. But vlan20 shouldn’t be on a bridged connection so that you can filter traffic from reaching your local devices on vlan1.