Connecting a Unifi AP into a Mikrotik router (VLAN)

Introduction

This article describes the setup necessary for a Mikrotik router (hAP ac2) and a UniFi AP (UAP-AC-LITE) to operate correctly and allow clients to connect to the correct VLAN. Both the Mikrotik and the UniFi have their radios enabled, allowing clients to initiate a Wi-Fi connection with either device. Connected Wi-Fi clients can transit from one device to the other. Before the UniFi AP, a Cisco Aironet 1600e AP was plugged into ether2. The Cisco's firmware was Autonomous AP IOS Software- 15.3.3-JF14i(ED).

This article doesn't go into setting up the Mikrotik. If you would like an explanation, ask, and I will try to create it.

The following VLANS were defined:

  • VLAN10      | Internal traffic                | HOMENET-AP SSID
  • VLAN20      | Guest traffic                   | HOMENET-GUEST SSID

The Mikrotik ports were setup as below:

  • ether1              |      WAN (all traffic, tagged)
  • ether2              |      Unifi AP (all traffic, tagged)
  • ether3, 4, 5      |      VLAN10 traffic only 

Tagging, sometimes referred to as Frame Tagging, is a method used to identify packets travelling through the trunk links. In this setup, ether3, 4 and 5 are untagged since only VLAN10 traffic is passing on them. Since the other ports had to handle traffic from both VLANs the packets had to be "marked" with the VLAN they belonged to.

Before modifying configurations on any device, take a backup. If things start going wrong, restoring the backup will take you to a position as everything stood when you started making changes.

With the Mikrotik I found that changes would not always go into effect. Power cycling the device (and verifying that the changes were implemented) always did the trick.


The Solution

The Mikrotik VLAN was configured as shown in the figure above.

I used UniFi's controller software to configure the AP. UniFi APs can run without the controller unless features like guest portal is enabled (not my case). The controller also allows one to automate backups and firmware updates. There are IOS and Android apps from UniFi that perform most of the tasks of the controller software but, I haven't used either.

The Unifi controller was set up in a container running on the VLAN10 network.

On the UniFi, the Wi-Fi and Network settings were defined as shown below.

The UniFi configuration was changed so that the Primary (Native) VLAN was VLAN10. If this is not done, the native VLAN defaults to 1 and, as will be explained below, will not work since the Mikrotik is not tracking this VLAN. Unifi should place this option under the Network section of their controller software rather than at this difficult-to-find page. Alternatively there should place a link to the Network section to this obscure location.


If UniFi's IP Settings => Network Override is not set

When the above was unset, the UniFi Controller would discover the AP but would fail to adopt it.

I was experiencing problems when the UniFi Controller attempted to take associate with the AP. It was be discovered, but I was unable to adopt it. Adoption is the process of connecting a device to the Unifi application that will manage it.

I tried untagging ether2 from VLAN10 as shown below. This resolved the issue of the UniFi Controller adopting and connecting to the AP but clients connecting to the VLAN10 network weren't getting an IP address. If the device got an IP address from the Mikrotik it would work on the UniFi (until the lease expired).



Follow This, That and (Maybe), the Other:

Comments

Post a Comment

Popular posts from this blog

20150628 Giarratana Circular

Statistics Date: Jun 28, 2015 4:34 pm Distance: 15.21 km Duration: 2h:35m:36s Avg Speed: 5.87 km/h Max Speed: 7.40 km/h Min Altitude: 489 m Max Altitude: 594 m Ascent: 249 m Descent: 261 m Route Open route in new window: https://www.google.com/maps/d/edit?mid=z6HKMq7G_wEk.keh2K8cXD6Cc&usp=sharing Photos (Geotagged) Open photos in new Windows: https://plus.google.com/photos/105470926677245165774/albums/6166646868710719889
Read more

HOWTO setup OpenVPN server and client configuration files using EasyRSA

Image
Introduction OpenVPN allows client computers to tunnel into a server over a single UDP or TCP port securely. This HOWTO article is a step-by-step guide that explains how to create the server and client OpenVPN configuration files that makes this possible. In the process this article explains how to create the public key infrastructure (PKI) so that a client can securely communicate with the server. OpenSSL is the foundation for the security functionality of OpenVPN. For this tutorial you will need the following software: OpenVPN. You can download the latest version of OpenVPN from https://openvpn.net/index.php/open-source/downloads.html EasyRSA is the tool people use to create the Public Key Infrastructure (PKI) for OpenVPN. Download the latest release of EasyRSA from https://github.com/OpenVPN/easy-rsa/releases . There is not installation required. Extract the contents of the archive into a folder. OpenVPN is available on various platforms. The generation of the
Read more

How To Reset the firmware, wifi on GoPro Hero 3, 3+ and sync it with latest version of GoPro Quik

Image
Like others, I fished out my old Go Pro HERO 3+ and found that I could not link to it via WiFi because I had forgotten the password. A quick search on the internet and it seems that there are still many users of this good, albeit old Action Cam. Some had purchased one off eBay or from a second-hand shop while others, like me, found it in a drawer and decided to repurpose it. If the GoPro has not been used for a while it might not be on the latest firmware. Note that these models are no longer supported. The common thread is that without the Wi-Fi SSID and password, it isn't possible to control the camera from the phone using GoPro's Quik software. I referenced these sites: 1.  HERO3/3+ Information And Troubleshooting : This is an official GoPro Site from where you can download the camera firmware and update the camera Wi-Fi for the HERO 3 and HERO 3+. 2.  Software Update and Reset for GoPro Hero 3, 3+ and 4 : This is another source for firmware (covers more models) and there is
Read more