Hi.
My customer has an existing Ubiquity Unifi AP (that Needs to be reprogrammed because they wiped out the computer that had the controller on it),
anyway, I am installing a Mikrotik Routerboard AP for them, and what was mentioned somewhere else in this forum, is that I can keep the Unifi (in another part of the building), and configure it to basically be a dumb AP, that then forwards to the Routerboard AP.
The whole building is already wired with a standard network (using consumer grade Netgear ADSL Routers, etc, so nothing else that understands VLAN Tagging)
If I understand right :
Basically it will involve resetting the Unifi, then configuring it with the company SSID, no WPA key, and then setting it to bridge the LAN and Wireless ports (No Routing, No DHCP, etc),
Then setting it up with it's own VLAN (to isolate it's traffic from the rest of the network).
I then have to have the Mikrotik listen to the specific ethernet port, with a specific VLAN tag, and then handle it with the Builtin hotspot (I will not be using usermanager for now, just Trial Hotspot, and Users on the Hotspot page itself.
Basically
Wifi User --> Wireless (Ubiquity) Ethernet with VLAN 2 --> (Existing Network Switches) --> Ethernet 1 with VLAN 1 (Mikrotik)
Ethernet 1 with NO VLAN Tagging --> To Existing ADSL Router (Already Working)
Wireless for Admin Staff (Bridged with Ethernet 1, No Tagging (Already Working)
Wireless Hotspot for Customers (Already Working)Attached is my config where i figured out how to Bridged Ethernet1 and Wireless for Admin together (with no DHCP, the ADSL Router handles that.
I also Bridged Ethernet 4 with the Wifi Hotspot Interface, so that if a computer is plugged into Ethernet 4, it also goes through the hotspot.
The Bridge for the Hotspots is then assigned a DHCP address by the Mikrotik, and also masquerades to the existing adsl router.
So my main problems are
Figuring out how to configure the Ubiquity to be dumb, and also send traffic on the alternate VLAN to the Mikrotik
Figure out how to take the existing Ethernet1 of the Mikrotik, and split off a part of it, to be sort of a Seperate Interface that is only listening to the alternative VLAN.
Then I presume I can just bridge that subinterface with my Hotspot bridge, and it should work.
Any ideas or suggestions on how to do this.
The last time I used Mikrotik gear was about 12 years ago, when I worked for a local WISP.
Thanks
Peter
jun/21/2017 21:59:42 by RouterOS 6.34.2
software id = W17Q-5CBC
/interface bridge
add admin-mac=64:D1:54:42:2C:C4 auto-mac=no name=adminnetworkbridge
add name=publicwifibridge
/interface ethernet
set [ find default-name=ether2 ] name=ether2-master
set [ find default-name=ether3 ] master-port=ether2-master
set [ find default-name=ether4 ] comment="HotSpotted Eth4"
/ip neighbor discovery
set ether1 discover=no
set ether4 comment="HotSpotted Eth4"
/interface wireless security-profiles
add authentication-types=wpa-psk,wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name="company admin" supplicant-identity="" wpa-pre-shared-key=
companykey wpa2-pre-shared-key=companykey
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce disabled=no distance=indoors frequency=auto mode=ap-bridge name=adminwifi security-profile=
"company admin" ssid=Company wireless-protocol=802.11
add disabled=no keepalive-frames=disabled mac-address=66:D1:54:42:2C:C7 master-interface=adminwifi multicast-buffering=disabled name=publicwifi ssid="Company Name"
wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/ip hotspot profile
set [ find default=yes ] login-by=cookie,http-chap,trial
add dns-name=companyname hotspot-address=192.168.100.1 login-by=cookie,http-chap,trial name=hsprof1 rate-limit=16k/16k trial-uptime-limit=0s
/ip hotspot user profile
set [ find default=yes ] shared-users=100
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=hs-pool-7 ranges=192.168.100.2-192.168.100.254
/ip dhcp-server
add address-pool=hs-pool-7 disabled=no interface=publicwifibridge lease-time=1h name=dhcp1
/ip hotspot
add address-pool=hs-pool-7 disabled=no interface=publicwifibridge name=hotspot1 profile=hsprof1
/interface bridge port
add bridge=adminnetworkbridge interface=ether2-master
add bridge=adminnetworkbridge interface=adminwifi
add bridge=publicwifibridge interface=ether4
add bridge=publicwifibridge interface=publicwifi
add bridge=adminnetworkbridge interface=ether1
/ip address
add address=192.168.88.1/24 comment=defconf interface=adminnetworkbridge network=192.168.88.0
add address=192.168.100.1/24 comment="hotspot network" interface=publicwifibridge network=192.168.100.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.100.0/24 comment="hotspot network" dns-server=192.168.100.1 gateway=192.168.100.1
/ip dns
set allow-remote-requests=yes servers=192.168.100.1
/ip firewall filter
add chain=hs-input dst-address=192.168.100.0/24 dst-port=53 protocol=tcp
add chain=hs-input dst-address=192.168.100.0/24 dst-port=53 protocol=udp
add chain=hs-input dst-address=192.168.100.0/24 dst-port=80 protocol=tcp
add chain=hs-input dst-address=192.168.100.0/24 protocol=icmp
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add chain=input comment="defconf: accept ICMP" protocol=icmp
add chain=input comment="defconf: accept established,related" connection-state=established,related
add action=drop chain=input comment="defconf: drop all from WAN" in-interface=adminnetworkbridge
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add chain=forward comment="defconf: accept established,related" connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface=adminnetworkbridge
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
in/out-interface matcher not possible when interface (ether1) is slave - use master instead (adminnetworkbridge)
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=ether1
add action=masquerade chain=srcnat comment="masquerade hotspot network" src-address=192.168.100.0/24
/ip hotspot user
add disabled=yes name=peter password=HahaNotTellingYouMyPassword
/system clock
set time-zone-name=Africa/Johannesburg
/system routerboard settings
set cpu-frequency=650MHz protected-routerboot=disabled
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=adminnetworkbridge
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=adminnetworkbridge
[admin@MikroTik] >