Blog.gowifi

Blog.gowifi

logos (other)

Logos

Go Wireless NZ

Wednesday, October 16, 2013

Ubiquiti UniFi 2.4.5 VLAN Configuration - MikroTik


In this article we will show how to enable VLANs on the Ubiquiti UniFi Controller using a MikroTik RouterBOARD.

MikroTik RouterBOARD Configuration Example:
In this example we will create 3 networks each with their own subnet and dhcp-server. These networks are "lan3", "lan4" and "lan5". ether5 will be configured as an access port to the UniFi AP and needs to Untag vlan 3 (management vlan) and Tag vlan 4 and 5.

 
Step 1 - Configure the MikroTik:
# Start Configuration
/interface bridge
add l2mtu=1520 name=lan3
add l2mtu=1516 name=lan4
add l2mtu=1516 name=lan5
/ip neighbor discovery
set vl-lan4-ether5 discover=no
set vl-lan5-ether5 discover=no
/interface vlan
add interface=ether5 l2mtu=1516 name=vl-lan4-ether5 vlan-id=4
add interface=ether5 l2mtu=1516 name=vl-lan5-ether5 vlan-id=5
/ip dhcp-server option
add code=43 name=unifi value=0xC0A803FE
/ip pool
add name=dhcp_pool1 ranges=192.168.3.2-192.168.3.254
add name=dhcp_pool2 ranges=192.168.4.2-192.168.4.254
add name=dhcp_pool3 ranges=192.168.5.2-192.168.5.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=lan3 name=dhcp1
add address-pool=dhcp_pool2 disabled=no interface=lan4 name=dhcp2
add address-pool=dhcp_pool3 disabled=no interface=lan5 name=dhcp3
/interface bridge port
add bridge=lan4 interface=vl-lan4-ether5
add bridge=lan5 interface=vl-lan5-ether5
add bridge=lan3 interface=ether3
add bridge=lan3 interface=ether5
/ip address
add address=192.168.3.1/24 interface=lan3 network=192.168.3.0
add address=192.168.4.1/24 interface=lan4 network=192.168.4.0
add address=192.168.5.1/24 interface=lan5 network=192.168.5.0
/ip dhcp-server network
add address=192.168.3.0/24 dhcp-option=unifi dns-server=192.168.3.1 gateway=\
    192.168.3.1
add address=192.168.4.0/24 dhcp-option=unifi dns-server=192.168.4.1 gateway=\
    192.168.4.1
add address=192.168.5.0/24 dhcp-option=unifi dns-server=192.168.5.1 gateway=\
    192.168.5.1
/ip dns
set allow-remote-requests=yes
# End Configuration
 


Step 2 - Configure the UniFi Controller:
Plug your computer with the UniFi Controller into ether3 and it should receive an IP Address of 192.168.3.254 or alternatively configure the computer with a static IP Address if desired.
Create three SSID's (lan3, lan4 and lan5). lan3 (vlan3) is also the management vlan. As communication between the UniFi AP and the Controller uses Untagged traffic we need to ensure lan3 is Untagged (Do not use a VLAN ID). VLANs 4 and 5 however need to be Tagged. 



Testing:
When connecting to lan3, you should receive a 192.168.3.x IP Address.
When connecting to lan4, you should receive a 192.168.4.x IP Address.
When connecting to lan5, you should receive a 192.168.5.x IP Address.

16 comments:

  1. Hello! At first thank you for this short instruction! Could you please explain some moments:
    in the router config you assigned DHCP pool ranges for the management lan 192.168.3.2-192.168.3.254. But there are IP 192.168.3.254 for controller and 192.168.3.253 for UNIFI in the picture. So, how does it work (static IP?). And, why have you used dhcp option code=43? UNIFI and controller in the same network 192.168.3.0 both and can access each other.

    ReplyDelete
    Replies
    1. Thanks for checking out our Blog!
      1. This is based on a very basic setup for customers with little Networking knowledge. I have assumed the computer running the controller and access point are receiving DHCP addresses which is a typical installation with Unifi. You would be best to place the controller outside of this range on a static address or with this scenario reserve those addresses in the DHCP pool for those MAC addresses.
      2. Yes you are correct option 43 is not need on the 192.168.3.0 network sorry.

      Delete
  2. I am going to give this a try. Are you assuming I already have the router set up with dhcp with another address like 192.168.1.1? Also, is port 5 supposed to be a slave, or should it be a master port?

    ReplyDelete
  3. Hi, The MikroTik configuration above is to configure everything from scratch. If you were to remove the default MikroTik configuration and paste the commands above it should configure your whole router. Ethernet ports 3 and 5 are added to the bridge "lan3" which should be the same as configuring ether5's master port as ether3. I hope that answers you question?

    ReplyDelete
    Replies
    1. Do you actually have this up and working? I followed it exactly and cannot get an ip address assigned for anything except the local lan via wifi. I am on 3.1.3. Maybe that is the problem?

      Delete
    2. Hi, what version of Unifi and RouterOS are you running? i have just retested and config is still ok for unifi 2.4.5 and RouterOS v6.x. Ensure you have only enabled vlan tagging on lan4 and lan5 SSID's and that the vlan interfaces are assigned to the correct bridge interfaces on the mikrotik. I will try unifi 3.1.3 when i get a chance.

      Delete
    3. I have just tested with unifi 3.1.5 which has just been released and it appears to work ok. Have you tried copying the configuration above into notepad and then directly into the winbox terminal? Ensure that you check for any errors as this could be a likely cause.

      Delete
  4. Hello friend

    Thanks for the very interesting contribution, just a question

    Segui all settings to the letter but when a user wants to connect to wifi1 (lan4) or wifi2 (LAN5) assigns no IP, you could help me with this problem

    In advance thank you friend

    Best Regards

    ReplyDelete
  5. Hi, what version of Unifi and RouterOS are you running? i have just retested and config is still ok for unifi 2.4.5 and RouterOS v6.x. Ensure you have only enabled vlan tagging on lan4 and lan5 SSID's and that the vlan interfaces are assigned to the correct bridge interfaces on the mikrotik.

    ReplyDelete
    Replies
    1. he seguido las instrucciones al pie de la letra, pero los usuarios de la vlan 4 y vlan5 no logran obtener ninguna direccion ip..

      Delete
  6. Hello Guys,

    I know this thread is almost a year a ago, but now their is a new update to the Unifi Controller 3.2.1 and these settings no longer work. Im trying eveything all around to get the any devices to get a proper IP according to where the VLAN ID is assigned to. Anyone care to elaborate on this issus?

    Thanks You

    ReplyDelete
  7. hello guys plz i need some help
    how can i send mail from MIKROTIK when one of Ethernet is down
    plz i need answer as soon as possible thx

    ReplyDelete
    Replies
    1. It depends on what exactly you are monitoring - For just a straight ethernet up/down link monitor you could use a script and add the option to notify you via email when this change occurs. We use a netwatch script here at work to monitor our WAN interfaces, our script will notify us via email and change the default route for all traffic as we currently load balance traffic over two connections.

      Delete
  8. HI, Thanks Work Fine, I need Connect for the Ether1 my ISP, have DHCP Client, which script you are using?
    Thanks Again

    ReplyDelete