Got my first RouterOS (RB951UI-2hnd) setup. I followed couple of You Tube videos to setup the router.
However, I got the router to work with Internet access using physical LAN (192.168.0.X) via cable connection only.

Here's the setup.... (see the attache config file)

Internet
|
RB951--->Ether 1- WAN - Static IP (199.9.x.x)
--->Ether 2 - LAN - Uni-Fi AP (DHCP on Ether 2 from 192.168.0.100 - 0.254)
--->Ether 3 - Office Desktop and Laptop (using DHCP from Ether 2)


I am using UniFi AP for the wireless so the RB951's router's built-in wireless radio is turned off.

The problem is that the devices connected via UniFi AP are not getting same IP range as the wired devices.
The devices are somehow picking up 192.254.1.x and can't access the internet. I also, don't have any managed switch in my network.

I would like to know what configuration on the router is causing this issue.

Please see the following export of configuration...

# jan/01/1970 18:55:27 by RouterOS 6.7
# software id =
#
/interface bridge
add l2mtu=1598 name=bridge1
/interface ethernet
set [ find default-name=ether1 ] comment=WAN
set [ find default-name=ether2 ] comment=\
"LAN - All ports are switched off Ether2"
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether4 ] master-port=ether2
set [ find default-name=ether5 ] master-port=ether2
/interface wireless
set [ find default-name=wlan1 ] ht-rxchains=0 ht-txchains=0 l2mtu=2290 ssid=\
MikroTik
/ip neighbor discovery
set ether1 comment=WAN
set ether2 comment="LAN - All ports are switched off Ether2"
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=dhcp_pool1 ranges=192.168.0.2-192.168.0.254
add name=dhcp_pool2 ranges=192.168.0.100-192.168.0.254
/ip dhcp-server
add address-pool=dhcp_pool2 disabled=no interface=ether2 name=dhcp1
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=wlan1
/ip address
add address=192.168.0.1/24 comment="LAN IP Subnet" interface=ether2 network=\
192.168.0.0
add address=199.9.60.xxx/24 interface=ether1 network=199.9.60.0
/ip dhcp-server network
add address=192.168.0.0/24 dns-server=192.168.0.1,4.2.2.2 gateway=192.168.0.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip firewall address-list
add address=192.168.0.0/24 list=OurLocalLAN
/ip firewall filter
add chain=input comment="Allow access to the router from the LAN using addres \
list - PROTECTING ROUTER" src-address-list=OurLocalLAN
add action=drop chain=forward comment="Drop invlaid cnnections" \
connection-state=invalid
add chain=forward comment="Allow Connections from LAN" connection-state=new \
in-interface=bridge1
add chain=forward comment="Allow Established Connection from LAN" \
connection-state=established
add chain=forward comment="Allow Related Connection" connection-state=related
add action=drop chain=forward comment=\
"Drop all other traffice throught the router"
add chain=input comment="Allow established connection to the router" \
connection-state=established
add chain=input comment="Allow related connection to the router" \
connection-state=related
add action=drop chain=input comment=\
"Drop All Other Traffice to Router - PROTECTING ROUTER"
/ip firewall nat
add action=masquerade chain=srcnat comment="PAT outside" dst-address=\
0.0.0.0/0 out-interface=ether1 src-address=192.168.0.0/24
/ip route
add comment="default route" distance=1 gateway=199.9.60.1
/ip service
set api disabled=yes
/system clock
set time-zone-name=America/Chicago
/system identity
set name=RB951ui
/system leds
set 0 interface=wlan1
/system ntp client
set enabled=yes mode=unicast primary-ntp=63.44.154.34 secondary-ntp=\
63.240.161.99

are you sure that the computers get 192.254.1.x? because that's not a private C class.
if they are 169.254.x.y then it seems Unifi Ap is blocking dhcp packets or you've run out of ip's to offer to clients

Ay advice:

• Since you operate only one DHCP Range, delete the second Range and modify the first to hand out 192.168.0.100-192.168.0.150
• The mentioned address range 169.254.x.y shows that DHCP is either not active or not working (ensure that it hands out addresses on the bridge1)
• Double-check that DHCP works (connect a laptop to ether2 and see if that gets an IP), this also states that possibly the UAP has connectivity issues (properly configured via the Ubiquiti Wireless Controller??)
• Is it possible to ping the RB when connected to the UAP with a fixed IP from the correct range?
• Assign the IP Adress 192.168.0.1 to the bridge1, NOT to ether2!

Fine tuning:

• Lower the DHCP token time to 1d, instead of default 8d

@deejayq
Yes, I am very sure that the devices connected via UniFi were getting IP 169.254.1.x. I specifically made a note.

@Wurstbaum
I will give it a try on your advice and fine tuning. Meantime here's my config. for the Unifi's.
The four Unifi's AP's connected (WIRED) has been up and running for a year. The controller PC is on the same network physically connected to router.

However, I noticed the Two DHCP servers in config. after my above post. So, I deleted one of them and applied the config. again to the Router Board and the new config. export shows up with two DHCP server again.

On the UniFi Controller Settings following is present in Restricted Subnets. However, there is nothing in the allowed subnets.

Restricted subnets:
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16


(Temporary, to resolve the issue I had to plug in my old router back to the network and everything is working OK with old router and no issue with DHCP or UniFi connected devices. )

@ deejayq
Yes, I confirmed the IP was 169.254.x.x on more than one devices.

@Wurstbaum

I will try out your suggestion and let you know.

Also, if you could let me know if this RB951 is adequate for a small hotel that would have round 30-35 people logged
into the router. Currently, they are using EnGenius ESR300H router.


Thanks! to all

I'd like to clarify a little bit: Your "Uni-Fi" is referring to Ubiquiti Access Points (I love their UAP LR, best thing imho), some people in the USA seem to have an ISP called UniFy or something like that, so there is slight potential of confusion.

On the UniFi Controller Settings following is present in Restricted Subnets. However, there is nothing in the allowed subnets.
Restricted subnets:
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16

These default subnets are the ones considered as being private IPs inside the UniFi Controller. Let's say you have a guest WiFi for the Hotel, people cannot access these subnets.

(Temporary, to resolve the issue I had to plug in my old router back to the network and everything is working OK with old router and no issue with DHCP or UniFi connected devices. )

This fact states that your RB config seems the problem. Let me set up an RB951 and send you the config which I think should be functional, I will be able to do this in ~5 hours.

Info: The 169.254.x.x indicates APIPA Operation, so the Windows Computers cannot reach any DHCP server, the second hint to take a closer look at the RB.

Regarding the question if the RB951 is suitable for ~50 people I am sure it is, at least in the basic config (no fancy QoS, etc). How much bandwith do have at WAN side?

When sizing a a router, effective measures are:

• How many people max at the same time (Number 1-100000)
• bandwidth demand (MBit 1-1000)
• VPN required? (yes/no, if yes, how many concurrent)
• Features like QoS? (yes/no, how many expected services/layers)

All those decisions boil down to how much WAN2LAN Throughput the device must be capable of pushing AND if the CPU and RAM must be powerful.

Taking a quick peek at the engenius device states 500MHz CPU and 64MB RAM which seems great. Since the RB951 has comparable specs you should be fine.
I like the Winbox usage instead of the WebFig since Winbox is faster but that's just a matter of taste.

I worked with the configuration yesterday.

After having the similar problem again I deleteed the DHCP entry (second time) from DHCP server and created new one.
(Thanks! @Wurstbaum)

After that I let the network run for overnight and renew all ip's via UniFi and they seems to work.

Yes, indeed I am using this for a hotel that is about 47 units. However, total # of clients on the UniFi are no more than around 30-35 at a time.
Not to mention the local office PC that are only wired to the router.

My download is 9mbps/1mbps upload.
Currently, I have not implemented QOS for bandwidth. I am using the UniFi group feature to downgrade speed when someone is using excessive bandwidth.

New question:
How would I go about separating the network between UniFi and for back office computers (wired only) on RB951 without additional hardware?

Thanks!

I'm basically running the same configuration. Setup multiple ssids and use vlans

Sent from my SCH-I545 using Tapatalk

Glad to hear it works out, where is the Hotel located? I need a vacation soon

Glad to hear it works out, where is the Hotel located? I need a vacation soon

Not a hotel. Running it in a few different corp environments.

@wurstuam

Sure, you welcome to visit anytime.

The hotel is in middle of nowhere (countryside). Location: Mayfield,KY USA

I have ordered a RB951g-2hnd gigabit ports router to replace the 100mpbs.

Anyone have an ideas how can I move the configuration from the existing (RB951UI-2hnd) to RB951g-2hnd?

Somewhere in the forum I saw that DO NOT use the backup / restore options.

Any suggestions are welcome.

Thanks!