Welcome Guest ( Log In | Register )

Bump Topic Add Reply RSS Feed

Outline · [ Standard ] · Linear+

 MikroTik RouterOS Unifi Setup Guide

views
     
TSsoonwai
post Jul 31 2022, 06:46 PM, updated 3y ago


********
All Stars
11,450 posts

Joined: Oct 2007
From: KL
New guide. Old one is here https://forum.lowyat.net/topic/4202122
I'm sure you all will let me know if got any mistakes. smile.gif

First post is only using terminal and command line.
Second post is using Quickset and a bit of command line.

I'm lazy to put screenshots. Maybe later.

Winbox
I suggest using Winbox to configure your Mikrotik router. Download from https://mikrotik.com/download
You can also SSH to the router or use the web configuration page which has a terminal.

Defaults
IP: 192.168.88.1
Username: admin
Password: blank

Ports
LAN port 1 (ether1) is your WAN port. (Connect modem here)
LAN Port 2-5 for your devices. Later we can use port 5 for UnifiTV.

Command Line Method

OK, let's go

Connect to the router using Winbox and open a New Terminal or use SSH. Change to your Unifi username and password first then copy and paste the commands below

CODE
/system package enable ipv6

/system reset-configuration


/interface vlan add interface=ether1 name=vlan500 vlan-id=500

/interface pppoe-client add add-default-route=yes use-peer-dns=yes disabled=no interface=vlan500 name=pppoe-out1 password=fmsSJQEMtvuTy user=myusername@unifi
/interface list member add interface=pppoe-out1 list=WAN

/ip upnp

set enabled=yes

/ip upnp interfaces

add interface=bridge type=internal

add interface=pppoe-out1 type=external

Done. That's all you need for a very basic setup. Internet should be working now.



Explain a bit

First ensure IPv6 package is enabled. This is just to get the IPv6 firewall rules configured in case we want to setup IPv6 in the future.
CODE

/system package enable ipv6


Reset to default configuration. Very important. Router will be reboot.
CODE

/system reset-configuration


When you reconnect, the router will ask you to change password.

Create VLAN 500.
CODE

/interface vlan add interface=ether1 name=vlan500 vlan-id=500


Create PPPoE Client
CODE


/interface pppoe-client add add-default-route=yes use-peer-dns=yes disabled=no interface=vlan500 name=pppoe-out1 password=fmsSJQEMtvuTy user=myusername@unifi


Add PPPoE client to the WAN interface list
CODE
/interface list member add interface=pppoe-out1 list=WAN


Enable UPNP. Not mandatory but many apps uses UPNP.
CODE

/ip upnp

set enabled=yes

/ip upnp interfaces

add interface=bridge type=internal

add interface=pppoe-out1 type=external


WiFi, UnifiTV & IPv6
Wait ya.

This post has been edited by soonwai: Jul 31 2022, 09:11 PM
TSsoonwai
post Jul 31 2022, 06:56 PM


********
All Stars
11,450 posts

Joined: Oct 2007
From: KL
Quickset Method (with a bit of command line)
Here we use Quickset plus a bit of command line.

For Quickset, we can use Winbox or Web configuration. Advantage of Quick Set is that you can easily set PPPoE, WiFi, VPN all on one screen. No need command line until the end.

Begin
Connect to router and choose "Quick Set" in Winbox.

For router only, choose "Ethernet" from the Quick Set dropdown menu.
For wifi router choose - actually I forgot what it's called exactly - Home AP or something like that.

Fill in the blanks
Everything is on one page.


Mode: Router

Address Acquisition: PPPoE

PPPoE User: username@unifi

PPPoE Password: fmsSJQEMtvuTy

DHCP Server: Checked

NAT: Checked

If it's a WiFi router, enter your preferred SSID and password.

Can also enable VPN if you like.

Command Line bit
Now finish up with a little bit of command line.

CODE

/interface vlan add interface=ether1 name=vlan500 vlan-id=500

/interface pppoe-client set 0 interface=vlan500

/ip upnp

set enabled=yes

/ip upnp interfaces

add interface=bridge type=internal

add interface=pppoe-out1 type=external

That's it. You should now have internet, WiFi and maybe even VPN.

Explanation
Create VLAN 500
CODE

/interface vlan add interface=ether1 name=vlan500 vlan-id=500


Set the PPPoE Client to VLAN 500
CODE

/interface pppoe-client set 0 interface=vlan500


Enable UPNP
CODE

/ip upnp

set enabled=yes

/ip upnp interfaces

add interface=bridge type=internal

add interface=pppoe-out1 type=external


This post has been edited by soonwai: Jul 31 2022, 08:29 PM
TSsoonwai
post Jul 31 2022, 07:16 PM


********
All Stars
11,450 posts

Joined: Oct 2007
From: KL
QUOTE(haturaya @ Jul 31 2022, 07:13 PM)
Thanks. Is it similar with RouterOS 7?
*
The vlan part is different. I’ll do one for ros7 also. Makan first.

Correction: The above will work with RouterOS 6 for a simple config. However if you have additional internal VLANs, it probably won't work. There's another way to do the vlans.

This post has been edited by soonwai: Jul 31 2022, 08:49 PM
TSsoonwai
post Aug 2 2022, 07:14 PM


********
All Stars
11,450 posts

Joined: Oct 2007
From: KL
QUOTE(stella_purple @ Aug 1 2022, 04:34 AM)
what is your mtu?

as I notice with mikrotik the mtu will be auto to 1480 even when I manually set it to 1492.
*
QUOTE(reevansxyz @ Aug 2 2022, 07:08 PM)
My PPPoE MTU automatically 1492

user posted image
*
Mine is automatically MTU 1480 & MRU 1492.

If I set MTU to 1492, also get the same thing.

This post has been edited by soonwai: Aug 2 2022, 07:18 PM
TSsoonwai
post Apr 14 2023, 02:43 PM


********
All Stars
11,450 posts

Joined: Oct 2007
From: KL
QUOTE(ry@ @ Apr 14 2023, 10:15 AM)
I see some guide mention in ROS7 we should only use a single bridge for all VLAN? otherwise the hardware offload for switch not working? As in ROS6 and previous, usually will just create a separate bridge for VLAN 600 IPTV, but now it seems like is no longer recommend to do so.
*
I think I read the same thing also but didn't really test what they said about hwoffload and vlans. Anyways this is how my vlans are set with a single bridge1 and all ether ports are running with hwoffload. This is on RB5009.
CODE
/interface vlan
add interface=bridge1 name=vlan500 vlan-id=500

/interface pppoe-client
add add-default-route=yes disabled=no interface=vlan500 max-mru=1500 max-mtu=1488 name=pppoe-out1 user=soonwai@unifi

/interface bridge
add arp=reply-only ingress-filtering=no name=bridge1 protocol-mode=none vlan-filtering=yes

/interface bridge port
add bridge=bridge1 interface=ether2-wan1
add bridge=bridge1 interface=ether3-trunk1
add bridge=bridge1 interface=ether4 pvid=50
add bridge=bridge1 interface=ether5 pvid=50
add bridge=bridge1 interface=ether6 pvid=50
add bridge=bridge1 interface=ether7 pvid=50
add bridge=bridge1 interface=ether8 pvid=50
add bridge=bridge1 interface=sfp-sfpplus1 pvid=50
add bridge=bridge1 interface=ether1 pvid=50

/interface bridge vlan
add bridge=bridge1 tagged=ether3-trunk1,bridge1 untagged=ether1,ether4,ether5,ether6,ether7,ether8,sfp-sfpplus1 vlan-ids=50
add bridge=bridge1 tagged=ether2-wan1,ether3-trunk1,bridge1 vlan-ids=600
add bridge=bridge1 tagged=ether2-wan1,bridge1 vlan-ids=500

- I use vlan50 for LAN traffic.
- My modem & router are upstairs. That's why my hypptv vlan600 is trunked to the Hypptv STB downstairs.

So for simpler setup, maybe something like this:
CODE
/interface bridge vlan
add bridge=bridge1 tagged=bridge1 untagged=ether1,ether3,ether4,ether5,ether6,ether7,sfp-sfpplus1 vlan-ids=50
add bridge=bridge1 tagged=ether8-unifitv,bridge1 vlan-ids=600
add bridge=bridge1 tagged=ether2-wan1,bridge1 vlan-ids=500

- where ether2 is wan port and ether8 is hypptv port.

btw, switch chip ethernet hwoffload for hAP ax3 not implemented yet. So, for now, you won't see the hwupload flag no matter what you do.
https://help.mikrotik.com/docs/display/ROS/...dwareOffloading
See footnote 6 for IPQ-PPE.
6. Currently, HW offloaded bridge support for the IPQ-PPE switch chip is still a work in progress. We recommend using, the default, non-HW offloaded bridge (enabled RSTP).

This post has been edited by soonwai: Apr 14 2023, 02:53 PM
TSsoonwai
post Apr 15 2023, 02:25 PM


********
All Stars
11,450 posts

Joined: Oct 2007
From: KL
QUOTE(Gaara92 @ Apr 15 2023, 02:13 PM)
MikroTik vlan setup with bridge interface has always confused me a lot. I don't know why, the configuration is a bit weird and I can't really fathom it no matter how much I try to study.
*
Me too. While the above works for me, I'm not 100% sure that it's correct way to do it.

So essentially, this guide is like blind leading the blind. sweat.gif

This post has been edited by soonwai: Apr 15 2023, 02:26 PM
TSsoonwai
post Apr 23 2023, 01:01 AM


********
All Stars
11,450 posts

Joined: Oct 2007
From: KL
QUOTE(Anime4000 @ Apr 23 2023, 12:38 AM)
can you try MTU 1500 on PPPoE?
mine always set back from 1500, 1492, 1480,

this particular PPPoE AC (Microsoft RRAS) dislike MTU 1500,
...
before under Juniper Network just work!
...
*
I use 1488 and 1500.
CODE
/interface pppoe-client
add add-default-route=yes disabled=no interface=vlan500 max-mru=1500 max-mtu=1488 name=pppoe-out1 user=

CODE
/interface/pppoe-client> monitor 0
              status: connected
              uptime: 7h27m19s
        active-links: 1
            encoding:
        service-name:
             ac-name: ibse01.bgi
              ac-mac: 00:00:5E:00:01:0D
                 mtu: 1488
                 mru: 1500
       local-address: 60.54.x.x
      remote-address: 60.54.x.x
  local-ipv6-address: fe80::e
 remote-ipv6-address: fe80::200:5eff:fe00:10d


Which vendor is 00:00:5E ? I do lookup, I got ICANN, IANA?

This post has been edited by soonwai: Apr 23 2023, 01:04 AM
TSsoonwai
post Apr 23 2023, 12:18 PM


********
All Stars
11,450 posts

Joined: Oct 2007
From: KL
QUOTE(go626201 @ Apr 23 2023, 11:37 AM)
Yours also can set 1488 max only? 1492 cant?
*
Ya lor, set 1492 will go back to 1480. Yours most is how much?

This post has been edited by soonwai: Apr 23 2023, 12:19 PM
« Next Oldest · Networks and Broadband · Next Newest »
 

Add ReplyOptions
 

Change to:
| Lo-Fi Version
 0.0197sec    0.33    6 queries    GZIP Disabled
Time is now: 25th November 2025 - 03:41 AM
All Rights Reserved © 2002- 2025 Vijandren Ramadass (~unite against racism~)
Removal Request
Powered by Invision Power Board © 2025  IPS, Inc.