Very nice video, i know a lot of people that have exactly the same setup, mikrotik router and ubiquiti AP so this is very useful for them. Me personally, im all in mikrotik guy haha, while ubiquiti produces great equipement im not a fan of having dedicated controler for my equipement at home...
@@TheseBytes Yea, especially because mikrotik still doesn't have dedicated ax ap, just two routers... But at work we have mikrotiks, and remote locations all have lte mikrotiks and wireguard in ROS7 is a bless to setup (Server side have Public IP)
Thanks for the video. I followed the steps and my computer gets assigned an IP address within the VLAN range. Unfortunately, I am not able to access the internet. Any quick advice on what might be wrong? DNS? Firewall rule? Mangle rule (I have three internet sources)? I also assumed I should tag both Ethernet ports that the two APs are connected two - plus the local bridge.
All the things you've mentioned above would be a good place to check. If it's dns you'll be able to ping a public IP but not a url. Also check that you're natting out the vlan subnet.
Hi Jason, I'd start by double checking the DHCP server settings, pool and "networks" settings. Check to see if your DHCP server is configured on the correct VLAN interface. If a DHCP discover message is reaching your DHCP server from the device trying to get a DHCP lease, you should also get an error on the mikrotik log if the server is failing to assign a lease to a specific device. Failing that, you're welcome to export your config and paste it into the comments below for me to take a look. Just make sure to remove any sensitive info.
So I've got few vlans like: home, smarthome, guests with DHCP servers and firewall rules configured. With that unifi I can connect it through lets say port 4(ether4) to mikrotik and create 3 wifi networks matching vlans, DHCP and firewall rules from mikrotik?
Thanks for the video. I have a question. In the Bridge under 'New Bridge VLAN' why are you choosing Ether3 and LAN Local? I'm trying to understand so I can use the right ones on our system. I'm trying to simply give Internet to guests. What is ether 3? your Internet connection? Thanks again.
Ether3 is in this case the port that the unifi plugs into. Because the unifi is tagging its own traffic the port that it plugs into has to be set to allow tagged VLAN 20 to pass through. You then also have to tag the bridge interface so that the traffic can reach the routers CPU for layer 3 stuff via the bridge.
@@TheseBytes thank you, my unify controller is not on any port but just connected to the Wi-Fi. Does that mean all I have to do is add the bridge? I'm assuming when you say the unify you mean the controller?
@@jlsdjd The unifi controller just has to be on the network, or reachable by the unifi AP. The unifi AP needs to be plugged into the Mikrotik. The port that it plugs into needs to be tagged VLANx.
you have been the one i have been looking for your explanations are very clear but I need more help. So I have a USW-PRO-24 ports-POE switch, Hikvision NVR, 22 IP cameras, Unifi Access points and a Mikrotik router. the NVR has 16 POE ports, so i connected the remaining cameras to the switch in a VLAN i created. I also want to configure HOTSPOT feature on the mikrotik router. How would i do this such that it won't affect remote viewing for the cameras?
Hi, thanks for the feedback ☺️ - as for your setup, without seeing an exact topology, I'd recommend setting up your cameras on their own interface/vlan. Once you've done that you can assign your hotspot to a Vlan or specific interface or bridge separate to your cameras unless you plan to bypass the cameras Mac/IP addresses. With the Hotspot you also have the ability to bypass IP addresses and Mac addresses on the server settings. This essentially means you can have hosts on the same interface or vlan that the hotspot is on without them going through the hotspot if that makes sense?
Hi I have a edge router X I am trying to use the basic wizard set up one LAN Internet connection on Vlan . How do I get the Internet just one one of my port with the Vlan?
Thanks for this nice and simple Mikrotik guide. Could you make one for setting up multiple VLANS for gusets, IOT and so on, with a Mikrotik router and managed switches from other vendors ?
Your video is very good, very well explained, but I can't get it to work, in my case. I have a mikrotik HAP Ax3 and a Unifi U7-pro, I have followed its configuration to the letter, All the Vlans give me IP perfectly, but they do not go to the Internet. Any advice.? Thanks in Advance
This is exactly why you should stay with only one system, if you go Unifi make all Unifi, if you go Omada make all Omada, unless you do this for a living or you are a Network hobbits don't go on the rabbit hole of logging in in 3 or 4 GUIs juts to create a VLAN or to make any kind of maintenance on yours network, the amount of time you will lose in tasks that should be just simple is not worthy, for 99% of the people staying with only ONE system regardless the brand will be always better.Again, I'm not talking for those who do this for a living or are Networking hobbyists, thank you for sharing the video.
Hey Dan! ( @TheseBytes ) Great video, but I cannot make this work (I don't receive IP address from the DHCP server). VLAN id are set in Unifi controller, and the related vlan network is connected to the specific WLAN SSID. I've got a MikroTik Chateau 5G ax with mainly default config (I've tried to attach it but somehow YT continuously deleting my comment because of that. If you drop me an email I would be very happy to share it with you!). I would really appreciate if you could help my by pointing out where I'd made any mistake! Thanks in advance!
Hey! Figured out since! It was one of my NG switch which was removing the VLAN ids/tags. (discovered by it was working on the other floor of the house :-) ) Since I've reconfigured the switch everything works perfectly! Thanks again for the video! Great stuff!!!
Thanks for demystifying this a bit, I have a MikroTik router and a couple of Ubiquiti APs, I'm excited to get things set up a bit better
Glad this was helpful!
thanks this way works great and easy to understand
Very good and iformative video. Thanks a lot!
at ethernet port 3 you connect the AP or the controller? The port that to the controler connect dhould be access or tagged port?
The AP. My controller is cloud hosted so it is external to my network.
Very nice video, i know a lot of people that have exactly the same setup, mikrotik router and ubiquiti AP so this is very useful for them. Me personally, im all in mikrotik guy haha, while ubiquiti produces great equipement im not a fan of having dedicated controler for my equipement at home...
Glad you found it helpful! Yep, Mikrotik all the way 😂 ubnt's wireless stuff is pretty great too.
@@TheseBytes Yea, especially because mikrotik still doesn't have dedicated ax ap, just two routers... But at work we have mikrotiks, and remote locations all have lte mikrotiks and wireguard in ROS7 is a bless to setup (Server side have Public IP)
@@kresimirpecar4925 That's cool. I also use wireguard to manage a few networks. It's very simple to set up.
Very clear, thank you!
I got this all work! - The only problem with mine is that the VLAN don't have internet access..
Thanks for the video. I followed the steps and my computer gets assigned an IP address within the VLAN range. Unfortunately, I am not able to access the internet. Any quick advice on what might be wrong? DNS? Firewall rule? Mangle rule (I have three internet sources)?
I also assumed I should tag both Ethernet ports that the two APs are connected two - plus the local bridge.
All the things you've mentioned above would be a good place to check. If it's dns you'll be able to ping a public IP but not a url. Also check that you're natting out the vlan subnet.
@@TheseBytes Thanks! After a while struggling, I turned off the firewall and the VLAN works, so I think I’ve narrowed down the area to investigate!
@@paulturner9444 in that case a simple forward chain > accept for the subnet/address list for the vlans should solve it.
@@TheseBytes I will try that. Thanks!
Great video Dan. I've followed the instructions to the letter and I'm not getting DHCP through to devices on the network. Anything I should try?
Hi Jason, I'd start by double checking the DHCP server settings, pool and "networks" settings. Check to see if your DHCP server is configured on the correct VLAN interface. If a DHCP discover message is reaching your DHCP server from the device trying to get a DHCP lease, you should also get an error on the mikrotik log if the server is failing to assign a lease to a specific device. Failing that, you're welcome to export your config and paste it into the comments below for me to take a look. Just make sure to remove any sensitive info.
So I've got few vlans like: home, smarthome, guests with DHCP servers and firewall rules configured. With that unifi I can connect it through lets say port 4(ether4) to mikrotik and create 3 wifi networks matching vlans, DHCP and firewall rules from mikrotik?
Yes that is correct. The Mikrotik handles all of the traffic, the access point is just a means of getting it to the router.
Thanks for this. I've got it "working," but I find that when I enable vlan filtering a default vlan 1 gets created by Mikrotik and I'm not sure why.
Vlan 1 is the default native Vlan that interfaces will use if you don't change the port to a different untagged Vlan.
Almost all devices do this. RouterOS shows it to you though, lot of others don't.
Thanks for the video. I have a question. In the Bridge under 'New Bridge VLAN' why are you choosing Ether3 and LAN Local? I'm trying to understand so I can use the right ones on our system. I'm trying to simply give Internet to guests. What is ether 3? your Internet connection? Thanks again.
Ether3 is in this case the port that the unifi plugs into. Because the unifi is tagging its own traffic the port that it plugs into has to be set to allow tagged VLAN 20 to pass through. You then also have to tag the bridge interface so that the traffic can reach the routers CPU for layer 3 stuff via the bridge.
@@TheseBytes thank you, my unify controller is not on any port but just connected to the Wi-Fi. Does that mean all I have to do is add the bridge? I'm assuming when you say the unify you mean the controller?
@@jlsdjd The unifi controller just has to be on the network, or reachable by the unifi AP. The unifi AP needs to be plugged into the Mikrotik. The port that it plugs into needs to be tagged VLANx.
you have been the one i have been looking for
your explanations are very clear but I need more help. So I have a USW-PRO-24 ports-POE switch, Hikvision NVR, 22 IP cameras, Unifi Access points and a Mikrotik router. the NVR has 16 POE ports, so i connected the remaining cameras to the switch in a VLAN i created. I also want to configure HOTSPOT feature on the mikrotik router. How would i do this such that it won't affect remote viewing for the cameras?
Hi, thanks for the feedback ☺️ - as for your setup, without seeing an exact topology, I'd recommend setting up your cameras on their own interface/vlan. Once you've done that you can assign your hotspot to a Vlan or specific interface or bridge separate to your cameras unless you plan to bypass the cameras Mac/IP addresses. With the Hotspot you also have the ability to bypass IP addresses and Mac addresses on the server settings. This essentially means you can have hosts on the same interface or vlan that the hotspot is on without them going through the hotspot if that makes sense?
Hi I have a edge router X I am trying to use the basic wizard set up one LAN Internet connection on Vlan . How do I get the Internet just one one of my port with the Vlan?
For some reason when I choose tagged vlan on Mikrotik and set vlan in my TP-Link Omada AP it does not give an IP. With a hybrid port it works.
What if we have a wireless network by default already.....can we apply vlan on existing network
What if your Unifi is plug into a cisco POE switch, how do you go about that?
Thanks for this nice and simple Mikrotik guide. Could you make one for setting up multiple VLANS for gusets, IOT and so on, with a Mikrotik router and managed switches from other vendors ?
Your video is very good, very well explained, but I can't get it to work, in my case. I have a mikrotik HAP Ax3 and a Unifi U7-pro, I have followed its configuration to the letter, All the Vlans give me IP perfectly, but they do not go to the Internet. Any advice.? Thanks in Advance
how to setup vlan bridge when we have multiple vlan in one port?
So close... I, like others, don't get DHCP addresses delivered - any hints?
Ignore that - I had the port my unifi was wired to attached to another bridge
This is exactly why you should stay with only one system, if you go Unifi make all Unifi, if you go Omada make all Omada, unless you do this for a living or you are a Network hobbits don't go on the rabbit hole of logging in in 3 or 4 GUIs juts to create a VLAN or to make any kind of maintenance on yours network, the amount of time you will lose in tasks that should be just simple is not worthy, for 99% of the people staying with only ONE system regardless the brand will be always better.Again, I'm not talking for those who do this for a living or are Networking hobbyists, thank you for sharing the video.
I was never able to enable Legacy interface - very annoying
Subnet:VLAN is 1:1?
Netwerks
Hey Dan! ( @TheseBytes )
Great video, but I cannot make this work (I don't receive IP address from the DHCP server).
VLAN id are set in Unifi controller, and the related vlan network is connected to the specific WLAN SSID.
I've got a MikroTik Chateau 5G ax with mainly default config (I've tried to attach it but somehow YT continuously deleting my comment because of that. If you drop me an email I would be very happy to share it with you!).
I would really appreciate if you could help my by pointing out where I'd made any mistake!
Thanks in advance!
Hey!
Figured out since!
It was one of my NG switch which was removing the VLAN ids/tags. (discovered by it was working on the other floor of the house :-) ) Since I've reconfigured the switch everything works perfectly!
Thanks again for the video! Great stuff!!!
Glad to hear you were able to successfully troubleshoot your issue!