Vlans with Unifi AP not working: help please

Dear experts,

I have Mikrotik router and 20 Unifi AP
hotspot server vlan1010= IP 10.10.10.1/24
Unifi AP Pro MGMT vlan2020 = IP 172.20.20.1/24
but when I connect with Unifi WifI I didn’t get DHCP IP.
I have unmanaged switch all unifi AP connected with unmanaged switch and switch connected with Mikrotik LAN port
I want separate MGMT vlan2020 to access Unifi AP and hotspot on vlan1010
I think something wrong with vlans
Help please

t/interface bridge
add ingress-filtering=yes name=bridge_LAN vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] name=ether1_WAN
/interface vlan
add interface=bridge_LAN name=Hotspot-vlan1010 vlan-id=2020
add interface=bridge_LAN name=Mgmt-vlan2020 vlan-id=1010
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
add dns-name=login.net hotspot-address=10.10.10.1 login-by=http-chap name=\
    hsprof1
/ip pool
add name=hs-pool-4 ranges=10.10.10.2-10.10.10.254
add name=dhcp_pool1 ranges=20.20.20.2-20.20.20.254
/ip dhcp-server
add address-pool=hs-pool-4 disabled=no interface=Mgmt-vlan2020 lease-time=1h \
    name=dhcp1
/ip hotspot
add address-pool=hs-pool-4 addresses-per-mac=1 disabled=no interface=\
    Mgmt-vlan2020 name=hotspot1 profile=hsprof1
/lora servers
add address=eu.mikrotik.thethings.industries down-port=1700 name=TTN-EU \
    up-port=1700
add address=us.mikrotik.thethings.industries down-port=1700 name=TTN-US \
    up-port=1700
add address=eu1.cloud.thethings.industries down-port=1700 name=\
    "TTS Cloud (eu1)" up-port=1700
add address=nam1.cloud.thethings.industries down-port=1700 name=\
    "TTS Cloud (nam1)" up-port=1700
add address=au1.cloud.thethings.industries down-port=1700 name=\
    "TTS Cloud (au1)" up-port=1700
add address=eu1.cloud.thethings.network down-port=1700 name="TTN V3 (eu1)" \
    up-port=1700
add address=nam1.cloud.thethings.network down-port=1700 name="TTN V3 (nam1)" \
    up-port=1700
add address=au1.cloud.thethings.network down-port=1700 name="TTN V3 (au1)" \
    up-port=1700
/tool user-manager customer
set admin access=\
    own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface bridge port
add bridge=bridge_LAN interface=ether2
/interface bridge vlan
add bridge=bridge_LAN tagged=ether2 vlan-ids=1010
add bridge=bridge_LAN tagged=ether2 vlan-ids=2020
/ip address
add address=10.10.10.1/24 interface=Hotspot-vlan1010 network=10.10.10.0
add address=172.20.20.1/24 interface=Mgmt-vlan2020 network=172.20.20.0
/ip cloud
set update-time=no
/ip dhcp-client
add disabled=no interface=ether1_WAN
/ip dhcp-server network
add address=10.10.10.0/24 comment="hotspot network" gateway=10.10.10.1
add address=20.20.20.0/24 dns-server=192.168.68.1,8.8.8.8 gateway=20.20.20.1
/ip dns
set servers=8.8.8.8,1.1.1.1
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat out-interface=ether1_WAN
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=10.10.10.0/24
/ip hotspot user
add name=admin
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set bridge_LAN disabled=yes display-time=5s
set ether1_WAN disabled=yes display-time=5s
set ether2 disabled=yes display-time=5s
set Mgmt-vlan2020 disabled=yes display-time=5s
set Hotspot-vlan1010 disabled=yes display-time=5s
/tool user-manager database
set db-path=user-manager
ype or paste code here

I don’t know if that’s intentional, but currently your VLAN IDs appear to be mixed up, excerpt from the export:

/interface vlan
add interface=bridge_LAN name=Hotspot-vlan1010 vlan-id=2020
add interface=bridge_LAN name=Mgmt-vlan2020 vlan-id=1010

And then, your hotspot server is currently assigned to the interface Mgmt-vlan2020 as you can see from the export:

/ip hotspot
add address-pool=hs-pool-4 addresses-per-mac=1 disabled=no interface=\
    Mgmt-vlan2020 name=hotspot1 profile=hsprof1

And then the Hotspot wizard also runs the DHCP server instance on Mgmt-vlan2020. Is all that really intended?

Also, are you running RouterOS 6? If yes, you’ll need to add bridge_LAN to the tagged list (together with the existing ether2) of the VLAN you want to use for hotspot (as you wrote, 1010) in the Bridge → VLANs table. The entry should become this:

/interface bridge vlan
add bridge=bridge_LAN tagged=bridge_LAN,ether2 vlan-ids=1010

You’ll also need to do the same if you really use VLAN 2020 to manage the router:

/interface bridge vlan
add bridge=bridge_LAN tagged=bridge_LAN,ether2 vlan-ids=2020

Unrelated to the issue, but you should remove the bogus IP Pool and DHCP Server Network entries associated with the network 20.20.20.0/24. They are unused and that address range belongs to Microsoft, and is not intended for private network uses at all.

Also, Unifi APs require hybrid port, so mgmt VLAN untagged and other VLANs tagged so this is something to be careful about. I don’t know if you already did that.

Yeah Inhabe correct this but didn’t working

How to make hybrid port in Unifi Software controlar, there is just network override option

Hybrid port is made on Mikrotik as this is your router. Your Unifi controller is only used for APs. Here on the forum you can find great topic regarding VLANs so I would start there.