Community discussions

 
vkisselyov
just joined
Topic Author
Posts: 8
Joined: Mon Nov 17, 2014 6:55 am

Mikrotik RB2011 UniFi 2 SSID and Local Network

Tue Nov 18, 2014 12:36 pm

Hello to everybody,
I'm beginner in RouterOS, I need help in configuration.
What is planing:
Image


For the moment I have this configuration but of course it's not working:
[admin@MikroTik] > export
# jan/01/1970 23:32:25 by RouterOS 6.22
# software id = 3EIP-EELV
#
/interface bridge
add admin-mac=4C:5E:0C:62:5B:99 auto-mac=no mtu=1500 name=bridge-UniFi
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway-guest
set [ find default-name=ether2 ] name=ether2-gateway-local
set [ find default-name=ether3 ] name=ether3-unifi1
set [ find default-name=ether4 ] name=ether4-unifi2
set [ find default-name=ether5 ] name=ether5-unifi3
set [ find default-name=sfp1 ] disabled=yes name=sfp1-gateway
/ip neighbor discovery
set ether1-gateway-guest discover=no
set sfp1-gateway discover=no
/interface vlan
add interface=bridge-UniFi l2mtu=1594 name=vlan1-guest vlan-id=200
add interface=bridge-UniFi l2mtu=1594 name=vlan2-local vlan-id=300
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool1 ranges=192.168.168.2-192.168.168.254
add name=dhcp_pool2 ranges=192.168.169.2-192.168.169.254
/ip dhcp-server
add address-pool=default-dhcp interface=bridge-UniFi name=default
add address-pool=dhcp_pool1 disabled=no interface=vlan2-local name=server1
add address-pool=dhcp_pool2 disabled=no interface=vlan1-guest lease-time=3d name=dhcp1
/port
set 0 name=serial0
/system logging action
set 2 remember=yes
set 3 src-address=0.0.0.0
/interface bridge port
add bridge=bridge-UniFi interface=ether3-unifi1
add bridge=bridge-UniFi interface=ether4-unifi2
add bridge=bridge-UniFi interface=ether5-unifi3
add bridge=bridge-UniFi interface=ether6
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=bridge-UniFi network=\
    192.168.88.0
add address=88.204.191.34/29 interface=ether1-gateway-guest network=88.204.191.32
add address=192.168.20.224/24 interface=ether2-gateway-local network=192.168.20.0
add address=192.168.168.1/24 interface=vlan2-local network=192.168.168.0
add address=192.168.169.1/24 interface=vlan1-guest network=192.168.169.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=no interface=\
    sfp1-gateway
add comment="default configuration" dhcp-options=hostname,clientid interface=\
    ether1-gateway-guest
/ip dhcp-server network
add address=192.168.88.0/24 comment="default configuration" dns-server=192.168.88.1 gateway=\
    192.168.88.1
add address=192.168.168.0/24 dns-server=192.168.168.1 gateway=192.168.168.1 netmask=24
add address=192.168.169.0/24 dns-server=192.168.169.1 gateway=192.168.169.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related in-interface=\
    ether2-gateway-local
add action=drop chain=input comment="default configuration" in-interface=ether1-gateway-guest
add chain=forward comment="default configuration" connection-state=established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" connection-state=invalid
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=\
    ether1-gateway-guest to-addresses=0.0.0.0
add action=masquerade chain=srcnat out-interface=ether2-gateway-local
/ip proxy
set cache-path=web-proxy1
/ip route
add distance=1 gateway=88.204.191.33
/ip route vrf
add interfaces=ether2-gateway-local,vlan2-local routing-mark=local
add interfaces=ether1-gateway-guest,vlan1-guest routing-mark=guest
/ip upnp
set allow-disable-external-interface=no
/snmp
set trap-community=public
/system clock
set time-zone-name=Etc/GMT+5
/system clock manual
set time-zone=+05:00
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-gateway-local
add interface=ether3-unifi1
add interface=ether4-unifi2
add interface=ether5-unifi3
add interface=ether6
add interface=ether7
add interface=ether8
add interface=ether9
add interface=ether10
add interface=bridge-UniFi
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-gateway-local
add interface=ether3-unifi1
add interface=ether4-unifi2
add interface=ether5-unifi3
add interface=ether6
add interface=ether7
add interface=ether8
add interface=ether9
add interface=ether10
add interface=bridge-UniFi
Please help
 
vkisselyov
just joined
Topic Author
Posts: 8
Joined: Mon Nov 17, 2014 6:55 am

Re: Mikrotik RB2011 UniFi 2 SSID and Local Network

Fri Nov 21, 2014 6:47 am

Please, guys! Just tell me how to orginize this correct?
 
lambert
Long time Member
Long time Member
Posts: 533
Joined: Fri Jul 23, 2010 1:09 am

Re: Mikrotik RB2011 UniFi 2 SSID and Local Network

Fri Nov 21, 2014 8:35 am

I think the mikrotik way is to create vlans 200 and 300 on each of the UniFi ethernet interfaces, then put each VLAN interface in into the appropriate bridge.
/interface vlan
  add interface=ether3 name=E03_V200 vlan-id=200
  add interface=ether3 name=E03_V300 vlan-id=300
  add interface=ether4 name=E04_V300 vlan-id=300
  add interface=ether4 name=E04_V200 vlan-id=200
  add interface=ether5 name=E05_V300 vlan-id=300
  add interface=ether5 name=E05_V200 vlan-id=200
/interface bridge
  add name=guest_bridge
  add name=local_bridge
/interface bridge port
  add bridge=guest_bridge interface=E03_V200
  add bridge=guest_bridge interface=E04_V200
  add bridge=guest_bridge interface=E05_V200
  add bridge=local_bridge interface=E03_V300
  add bridge=local_bridge interface=E04_V300
  add bridge=local_bridge interface=E05_V300
  add bridge=local_bridge interface=ether2
I think that is along the lines of what you need for your VLANs. I typed it up manually. So, there are likely many errors. I suspect you will want to lose the NAT rule for ether2. The DHCP server on the LAN can serve for the clients on VLAN300.
 
vkisselyov
just joined
Topic Author
Posts: 8
Joined: Mon Nov 17, 2014 6:55 am

Re: Mikrotik RB2011 UniFi 2 SSID and Local Network

Fri Nov 21, 2014 2:59 pm

Ok, got it.
I decide to change little bit design...
Inside bridge "Switch":
ether2-local-connected to my network
ether3 - unifi
ether4 - unifi
ether5 - unifi
SSID "local" -untagged
SSID "Guest" - taggged id=250
Now another problem:
For SSID "local" everything is ok (Connecting taking IP from 192.168.20.0/24)
For SSID "Guest" in Unifi Controller configured as Guest Network Hotspot using voucher Vlan-id=250 (Connecting taking IP in 192.168.88.0/24) and then redirecting to 192.168.20.61 think voucher portal - on this PC is Unifi controller is installed, but can't reach it from "Guest" network.
/interface bridge
add name=Switch
add name=vlan-250
/interface ethernet
set [ find default-name=ether1 ] name=ether1-guest-wan
set [ find default-name=ether2 ] name=ether2-local
set [ find default-name=sfp1 ] disabled=yes
/interface vlan
add interface=ether3 l2mtu=1594 name=ether3-vlan-250 vlan-id=250
add interface=ether4 l2mtu=1594 name=ether4-vlan-250 vlan-id=250
add interface=ether5 l2mtu=1594 name=ether5-vlan-250 vlan-id=250
/ip neighbor discovery
set ether3-vlan-250 discover=no
set ether4-vlan-250 discover=no
set ether5-vlan-250 discover=no
/ip pool
add name=dhcp_pool3 ranges=192.168.88.2-192.168.88.254
/ip dhcp-server
add address-pool=dhcp_pool3 disabled=no interface=vlan-250 lease-time=3d name=dhcp1
/port
set 0 name=serial0
/system logging action
set 2 remember=yes
/interface bridge port
add bridge=Switch interface=ether3
add bridge=Switch interface=ether4
add bridge=Switch interface=ether5
add bridge=Switch interface=ether6
add bridge=Switch interface=ether2-local
add bridge=vlan-250 interface=ether3-vlan-250
add bridge=vlan-250 interface=ether4-vlan-250
add bridge=vlan-250 interface=ether5-vlan-250
/ip address
add address=192.168.88.1/24 interface=vlan-250 network=192.168.88.0
add address=88.204.191.34/29 interface=ether1-guest-wan network=88.204.191.32
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no interface=\
    Switch
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.20.61 name=unifi
/ip route
add check-gateway=ping distance=1 gateway=88.204.191.33
/ip upnp
set allow-disable-external-interface=no
/snmp
set trap-community=public
 
CelticComms
Forum Guru
Forum Guru
Posts: 1766
Joined: Wed May 02, 2012 5:48 am

Re: Mikrotik RB2011 UniFi 2 SSID and Local Network

Sat Nov 22, 2014 1:34 pm

Have you looked at the switch chip functions on the RB2011? It looks as if some of those bridging operations could be carried out at wire speed using the switch.

http://wiki.mikrotik.com/wiki/Manual:Sw ... p_Features
Interlynx | Networking and Information Security Consultants & Trainers | Email: routerlynx@gmail.com
BGP | EIGRP | OSPF | MPLS | Firewall | VPN | IPsec | Multicast | QOS | IPv4/6 | STP | VLAN | PON | AE | M2M | and more!

 
vkisselyov
just joined
Topic Author
Posts: 8
Joined: Mon Nov 17, 2014 6:55 am

Re: Mikrotik RB2011 UniFi 2 SSID and Local Network

Mon Nov 24, 2014 6:12 am

Have you looked at the switch chip functions on the RB2011? It looks as if some of those bridging operations could be carried out at wire speed using the switch.

http://wiki.mikrotik.com/wiki/Manual:Sw ... p_Features
Now I need just to configure Firewall correct
 
Starxcn
just joined
Posts: 6
Joined: Thu Nov 20, 2014 3:28 am

Re: Mikrotik RB2011 UniFi 2 SSID and Local Network

Thu Nov 27, 2014 10:05 am

So did you managed to make your network work?

Who is online

Users browsing this forum: No registered users and 35 guests