2. Open settings => Wireless Networks => Create
3. Select Security: Open, tick Guest Policy checkbox,
tick Use VLAN ID and for example put 200 for VLAN ID, click Create
4. Now open WinBox for Mikrotik setup
for my simple setup i've created bridge bridge1 for LAN, with this parameters:
0 R name="bridge1" mtu=1500 l2mtu=1520 arp=enabled
mac-address=00:0C:42:A7:68:EC protocol-mode=none priority=0x8000
auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s
forward-delay=15s transmit-hold-count=6 ageing-time=5m
Ports 1-2 configured as WAN, 3-4 not connected, 5 connected with Unifi AP, 6-9 configured as LAN ports, 6-8 ports have 9 port as master port.
0 R ;;; WAN1
name="isp1" mtu=1500 l2mtu=1520 mac-address=00:0C:42:A7:68:E4 arp=enabled auto-negotiation=yes full-duplex=yes speed=100Mbps master-port=none bandwidth=unlimited/unlimited switch=switch1
1 R ;;; WAN2
name="isp2" mtu=1500 l2mtu=1520 mac-address=00:0C:42:A7:68:E5 arp=enabled auto-negotiation=yes full-duplex=yes speed=100Mbps master-port=none bandwidth=unlimited/unlimited switch=switch2
2 name="ether3" mtu=1500 l2mtu=1520 mac-address=00:0C:42:A7:68:E6 arp=enabled auto-negotiation=yes full-duplex=yes speed=1Gbps master-port=none bandwidth=unlimited/unlimited switch=switch2
3 name="ether4" mtu=1500 l2mtu=1520 mac-address=00:0C:42:A7:68:E7 arp=enabled auto-negotiation=yes full-duplex=yes speed=1Gbps master-port=none bandwidth=unlimited/unlimited switch=switch2
4 R ;;; Unifi AP
name="ether5" mtu=1500 l2mtu=1520 mac-address=00:0C:42:A7:68:E8 arp=enabled auto-negotiation=yes full-duplex=yes speed=1Gbps master-port=none bandwidth=unlimited/unlimited switch=switch2
5 RS ;;; homeserver
name="ether6" mtu=1500 l2mtu=1520 mac-address=00:0C:42:A7:68:E9 arp=enabled auto-negotiation=yes full-duplex=yes speed=1Gbps master-port=ether9 bandwidth=unlimited/unlimited switch=switch1
6 RS ;;; switch
name="ether7" mtu=1500 l2mtu=1520 mac-address=00:0C:42:A7:68:EA arp=enabled auto-negotiation=yes full-duplex=yes speed=1Gbps master-port=ether9 bandwidth=unlimited/unlimited switch=switch1
7 RS ;;; switch
name="ether8" mtu=1500 l2mtu=1520 mac-address=00:0C:42:A7:68:EB arp=enabled auto-negotiation=yes full-duplex=yes speed=1Gbps master-port=ether9 bandwidth=unlimited/unlimited switch=switch1
8 R ;;; switch
name="ether9" mtu=1500 l2mtu=1520 mac-address=00:0C:42:A7:68:EC arp=enabled auto-negotiation=yes full-duplex=yes speed=1Gbps master-port=none bandwidth=unlimited/unlimited switch=switch1
For Unifi AP Guest Network create VLAN with VLAN ID: 200
0 R ;;; Wifi Unifi Guest Network
name="vlan1" mtu=1500 l2mtu=1516 mac-address=00:0C:42:A7:68:EC arp=enabled
vlan-id=200 interface=bridge1 use-service-tag=no
Ports 5 (Unifi AP) and 9 (LAN Master-port) added to bridge1
# INTERFACE BRIDGE PRIORITY PATH-COST HORIZON
0 ether5 bridge1 0x80 10 none
ether9 bridge1 0x80 10 none
Create two DHCP Servers with two IP Pools, one for bridge1 and second for vlan1 interface.
DHCP Servers:
0 name="lan-dhcp" interface=bridge1 lease-time=1d address-pool=dhcp_pool1 bootp-support=static authoritative=after-2sec-delay
1 name="guest-dhcp" interface=vlan1 lease-time=3d address-pool=dhcp_guestpool1 bootp-support=static authoritative=after-2sec-delay
DHCP Pools:
0 name="dhcp_pool1" ranges=192.168.1.110-192.168.1.150
1 name="dhcp_guestpool1" ranges=192.168.2.110-192.168.2.150
Assign addresses for bridge1 and vlan1 interfaces.
0 address=192.168.1.1/24 network=192.168.1.0 interface=bridge1 actual-interface=bridge1
1 address=192.168.2.1/24 network=192.168.2.0 interface=vlan1 actual-interface=vlan1
And last thing setup WAN interface and masquarading. In Unifi Controller for Guest AP you can turn on simple authentification or hotspot, which can be customized:
Mac: /Applications/UniFi.app/Contents/Resources
Windows: "%userprofile%/Ubiquiti Unifi"
Linux: /usr/lib/unifi
No comments:
Post a Comment