VLAN with Mikrotik and Unifi

B3N5OR · August 19, 2016, 3:14am

I have been trying for the past couple of days to get VLANs and Unifi to work the way i want.

Some basic guides have worked in a lab environment, but are not suitable for some customers.

I am trying to achieve the following.

1 Unifi AP (plugs direct to Mikrotik)
2 x SSID’s, Admin and Guest
Guest has no access to anything but internet, admin has access to normal network and internet.
I don’t want to change anything with the existing LAN (admin) network, just make it accessible wireless.

Any help would be much appreciated.

yosarian · August 19, 2016, 1:54pm

Hi,
first in Mikrotik you have to creat the want you want to use, and then in Unifi controler select the desired wlan for desired ssid,

Yosarian

Feklar · August 19, 2016, 3:58pm

Create the two VLAN interfaces on the MikroTik for the interface that the UniFi AP is plugged into.
Assign the IP addresses, DHCP servers, etc. to the VLAN interfaces.
Create a firewall that blocks/allows the desired traffic on the MikroTik that reference the VLANs.
In the UniFi controller assign the specific VLANs desired to the SSID.

A VLAN in a MikroTik is a logical interface that can have any services applied to it like a physical interface.

B3N5OR · August 29, 2016, 12:54am

Thanks for the suggestions so far.

If i create a 2 VLANs 1 for Admin and 1 for Guest, that would mean that I would be modifying the original admin network which currently is not part of a VLAN.

Am i understanding that correctly?

Feklar · August 29, 2016, 3:14pm

Only if you wanted to. My suggestion was based on a new setup, and being directly connected to the MikroTik. If you already have an admin network with access to other devices on a LAN, you need not change the Admin wireless.

Instead just create the VLAN interface for the visitor wi-fi on the MikroTik, along with the needed IP address and DHCP server, firewall rules, etc.
Then add in another SSID to the wireless group of the UniFi server, and go to advanced for that specific SSID and add in a VLAN.

B3N5OR · September 1, 2016, 6:02am

Thanks for sticking with this one, i am still very much learning the Mikrotik’s but have been thrown in the deep end of a bunch of stuff.

I followed your suggestion of creating 2 VLAN’s in my case on Port 4 i have VLAN10 and VLAN20 with associated IP addressing, DHCP etc.
However I cant seem to get any data to flow in any direction on the wireless, and i am unable to communicate with the Unifi APs from the controller.
My setup looks like this

Port 1 - WAN
Port 2 - LAN (Master) Connected to switch with servers, PC’s and Unifi Controller
Port 3 - LAN
Port 4 - LAN (VLAN10, VLAN20) Single Unifi AP connected
Port 4 - Phones

All physically connected devices come off port 2 from an unmanaged switch and where I have the unifi controller.

Can you give me a rough config to have data flow like below

VLAN10 Can communicate with the standard LAN Private network.
VLAN20 can only communicate with Internet, no access to private network.

Thanks in advance.
Edit: I read your post again, scrap the VLAN10 as per your suggestion to keep the admin network untouched.

Feklar · September 6, 2016, 8:16pm

Just got back into the office after a network install, were you able to get it to work?

The way you describe it should work, but I would need to see part of your configuration export if it’s not to help much more.