How To Setup My UniFi Using Mikrotik RB751U-2HnD and Linksys WRT54GS v4 DD-WRT

Jan 22

wingloonTechnology 23 Comments

I wanted to share with you my TM UniFi setup at my house. You can refer to the simple diagram below on how my TM UniFi setup at my house. The fibre cable is installed on the top floor of my house. I replaced the D-Link DIR-615 provided by TM with Mikrotik RB751U-2HnD. To achieve watching TM HyppTV (IPTV) as well as wireless web browsing on the ground floor, I put a Linksys WRT54GS v4 DD-WRT on the ground floor by connecting it to Mikrotik RB751U-2HnD via TP-Link Homeplug Powerline Ethernet Adapter Starter Kit.

Lets start configuring the Mikrotik RB751U-2HnD as below.

/interface vlan
add arp=enabled disabled=no interface=ether1-gateway l2mtu=1596 mtu=1500 name=vlan.500 use-service-tag=no vlan-id=500
add arp=enabled disabled=no interface=ether1-gateway l2mtu=1596 mtu=1500 name=gwvlan.600 use-service-tag=no vlan-id=600
add arp=enabled disabled=no interface=ether5-slave-local l2mtu=1594 mtu=1500 name=vlan.592 use-service-tag=no vlan-id=592
add arp=enabled disabled=no interface=ether5-slave-local l2mtu=1594 mtu=1500 name=vlan.600 use-service-tag=no vlan-id=600

/interface bridge
add admin-mac=00:0C:42:E4:63:3D ageing-time=5m arp=enabled auto-mac=yes disabled=no forward-delay=15s l2mtu=1594 max-message-age=20s mtu=1500 name=bridge-local priority=0x8000 protocol-mode=none transmit-hold-count=6
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes disabled=no forward-delay=15s l2mtu=1594 max-message-age=20s mtu=1500 name=UniFi-IPTV priority=0x8000 protocol-mode=none transmit-hold-count=6

/interface bridge port
add bridge=bridge-local disabled=no edge=auto external-fdb=auto horizon=none interface=wlan1 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge-local disabled=no edge=auto external-fdb=auto horizon=none interface=ether2-master-local path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge-local disabled=no edge=auto external-fdb=auto horizon=none interface=vlan.592 path-cost=10 point-to-point=auto priority=0x80
add bridge=UniFi-IPTV disabled=no edge=auto external-fdb=auto horizon=none interface=vlan.600 path-cost=10 point-to-point=auto priority=0x80
add bridge=UniFi-IPTV disabled=no edge=auto external-fdb=auto horizon=none interface=gwvlan.600 path-cost=10 point-to-point=auto priority=0x80

/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=no

/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" disabled=no out-interface=UniFi-Internet

/ip firewall filter
add action=reject chain=input comment="default configuration" disabled=no in-interface=UniFi-Internet reject-with=icmp-network-unreachable

/ip pool
add name=default-dhcp ranges=192.168.88.51-192.168.88.60

/ip dhcp-server
add address-pool=default-dhcp authoritative=after-2sec-delay bootp-support=static disabled=no interface=bridge-local lease-time=3d name=default

/ip dhcp-server network
add address=192.168.88.0/24 comment="default configuration" dns-server=8.8.8.8,8.8.4.4 gateway=192.168.88.1

/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB max-udp-packet-size=512 servers=8.8.8.8,8.8.4.4

/interface pppoe-client
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=no interface=vlan.500 max-mru=1492 max-mtu=1492 mrru=disabled name=UniFi-Internet password=PASSWORD1234567890 profile=default service-name="" use-peer-dns=no user=username@unifi

Next, start configuring Linksys WRT54GS v4 to achieve VLAN tagging of using 3 digit VLAN number because it is understood that with the stock DD-WRT it only works with 802.11Q VLAN 0 to 15. I am using DD-WRT v24-sp2 (12/08/11) vpn-small – build 17990M VINT Eko. By changing the original switch-robo.o module with the new from DD-WRT forum post, VLAN number greater than 15 will work. I downloaded the pre-compiled switch-robo.o module from this Linksys WRT54GL VLAN tagging post. In DD-WRT, you need to enable JFFS. Goto Administration, Management, JFFS2 Support and JFFS2 enable. Reboot the Linksys router after successful modification.

Telnet to the Linksys router and run the commands below: -

# cd /jffs
# wget http://www.freqoflife.com/switch-robo.o
# chmod a+r switch-robo.o

Now you need to create a startup script. Goto Administration and Commands. Enter the following below and save startup. Reboot the Linksys router after successful modification.

rmmod switch-robo
insmod /jffs/switch-robo.o
sleep 10
vconfig add eth0 592
vconfig add eth0 600
ifconfig vlan592 up
ifconfig vlan600 up
brctl addif br0 vlan592
sleep 5
echo "1 2 3t 5t" > /proc/switch/eth0/vlan/592/ports
sleep 5
echo "0 3t 5t" > /proc/switch/eth0/vlan/600/ports

Finally, with all the configuration above I hope you are able to use and enjoy your UniFi. Thank you.

23 Comments (+add yours?)

  1. Jackie Ho
    Feb 10, 2012 @ 19:03:55

    Wondering why you need to do so? I can access my Wifi upstair from ground floor and still having my IPTV connected using HomePlug.

  2. wingloon
    Feb 10, 2012 @ 20:56:28

    With this I can replace the TM wireless router and use lesser electricity if I don’t switch on the IPTV and HomePlug :D

  3. kewl
    Feb 14, 2012 @ 17:57:50

    Can the JFFS method work for WRT610nv2 router for vlan tagging above 15? I plan to follow the same setup.

  4. wingloon
    Feb 14, 2012 @ 18:03:29

    kewl, i cant tell because i havent try on WRT610nv2

  5. kewl
    Mar 07, 2012 @ 10:09:45

    Anyway, is there any other configuration needed for JFFS after switch-robo.ko is installed?

    Btw, Unifi is using 500, could you explain why you are using 592 in the tagging?

  6. wingloon
    Mar 10, 2012 @ 22:02:56

    No other JFFS2 configuration. You need to make sure you are able to copy the switch-robo.ko file into the JFFS2 filesystem.

    Why VLAN 592? Because it is within the range of can be divided by 16 and VLAN 592 is my local address of 192.168.88.0/24.

  7. kewl
    Mar 12, 2012 @ 14:13:50

    Hi Wing Loon,

    I’m able to get the switch-robo.ko into the /jffs folder. How do I verify if i’m getting it right?

    If I understand correctly, VLAN 500 is only tag to WAN of your mikrotik, whereby you create VLAN 592 for LAN 1-4, and VLAN 592 & VLAN 600 for LAN 5.

    I’m trying to archive something similar to this (http://www.sendspace.com/file/jcjcdo), if you could shed some help, that would be great.

    Thanks.

  8. wingloon
    Mar 13, 2012 @ 10:06:21

    Hi kewl, you can verify it by perform this command below (before and after switch-robo.ko is loaded): -

    cat /proc/switch/eth0/vlan

    You will notice the number of VLAN number is different. Can you do the VLAN 592 & 600 for your TM RnD for LAN 2 port? Thank you.

  9. kewl
    Mar 13, 2012 @ 23:52:51

    Hi Wing Loon,
    Firstly, sorry, i’m new to this ddwrt + vlan thingy… might need your patience in this..

    1. i think the switch-robo.ko works – after it loads, it have vlan ports till 900
    2. I’m not able to figure out how the TM RnD to have VLAN 592 & 600. I’m basically trying to doing try & error at the moment.
    3. Do you have any idea how i can turn my WRT610nv2 to replace the TM RnD (at the moment) – to test if i’m getting the WRT610nv2 VLAN working right.
    Currently, i’m using this this script:-

    rmmod switch-robo
    insmod /jffs/switch-robo.ko
    sleep 10
    vconfig add eth0 500
    vconfig add eth0 600
    ifconfig vlan500 up
    ifconfig vlan600 up
    brctl addif br0 vlan500
    sleep 5
    echo “0t 1 2 3 8t” > /proc/switch/eth0/vlan/500/ports
    sleep 5
    echo “0t 4 8t” > /proc/switch/eth0/vlan/600/ports

    -Basic idea is to bring up PPPoE dialling and use port 1,2,3 & WiFi for Internet
    - Port 4 for IPTV.

    Thanks.

  10. kewl
    Mar 15, 2012 @ 07:26:28

    Btw, is that any method to verify if the VLAN ports being succesfussuflly load.
    Run with command “cat /proc/switch/eth0/vlan/500/ports” command with results empty
    Run with ” nvram show | grep port.vlans” results as follow:-
    size: 27859 bytes (4909 left)
    port5vlans=1 2 16
    port3vlans=1 18 19
    port1vlans=1 18 19
    port4vlans=1 18 19
    port2vlans=1 18 19
    port0vlans=2 18 19

    Am i doing it correctly?

  11. wingloon
    Mar 15, 2012 @ 13:43:43

    Hi kewl, I basically dont look at the nvram output for my config above.

    Here is my suggestion.

    1. Try follow this guide http://unifi.athena.my/ddwrt_guide.php
    2. Then follow by this below: -

    rmmod switch-robo
    insmod /jffs/switch-robo.ko
    sleep 10
    vconfig add eth0 600
    ifconfig vlan600 up
    sleep 5
    echo “0t 4 8t” > /proc/switch/eth0/vlan/600/ports

    Hopefully it works. Thank you.

  12. kewl
    Mar 15, 2012 @ 21:28:08

    Hi Wing Loon,

    Took your approach on the 1. It was smooth until the WAN assignment steps ; it will revert to original vlan once i reboot the router after i select vlan2.500 ( it return to original vlan2).

    It proceed with it despite failure, the PPPoE shows disconnect.
    Guess i’m stuck with it as well.

    Thanks for you help anyway.

  13. Steve
    Mar 30, 2012 @ 22:41:01

    Can the internet service works without VLAN 592? I cannot really understand why you create VLAN 592. Sorry for this noob question..

  14. YSLim
    Apr 05, 2012 @ 09:04:15

    Hi wingloon
    Thanks for the guide. I am thinking of change the firmware of my old router to DD-WRT. According to many sites and forum said that DD-WRT doesn’t able to support the IPTV access. Is it when they mean by “doesn’t support VLAN” is pointing to DIR-615?

  15. wingloon
    Apr 05, 2012 @ 14:25:19

    Steve, if you use only Mikrotik, you don’t need VLAN 592.

    YSLim, it is because DD-WRT don’t support 3 digit VLAN by default.

  16. Nat
    Apr 17, 2012 @ 09:28:42

    I have the same RB751U-2HnD.
    Using Asus N16 as AP.
    However I cant seem to get connected to internet using the built in Mikrotik AP.
    Mind sharing your setting for the Mikrotik Wlan?

  17. cOMMANDER
    Apr 23, 2012 @ 16:47:54

    Bro, I need to check with you something urgently.

    If were to replace my stock D-Link DIR-615 RG with a Unify compabatible router & use the D-Link router for the HyppTV WITHOUT the home plugs – possible ?

    Correct me if i’m wrong but your setup is somewhat like this :-

    btu > (port1) router A (port 5) > homeplug > (port 1) router B (port 4) > (port 1) hypptv

    I’m thinking of the following setup :-

    btu > (port1) router A (wireless) > (wireless) router B (port 4) > (port 1) hypptv

    Is this possible ?

    Thank you very much.

  18. wingloon
    Apr 24, 2012 @ 04:30:55

    Nat, below is my Mikrotik wireless setting: -

    [admin@MikroTik] > /interface wireless print
    Flags: X – disabled, R – running
    0 R name=”wlan1″ mtu=1500 mac-address=00:ZZ:YY:XX:XX:XX arp=enabled interface-type=Atheros 11N mode=ap-bridge ssid=”WiFi”
    frequency=2412 band=2ghz-b/g/n channel-width=20/40mhz-ht-above scan-list=default wireless-protocol=802.11
    antenna-mode=ant-b wds-mode=disabled wds-default-bridge=none wds-ignore-ssid=no bridge-mode=enabled
    default-authentication=yes default-forwarding=yes default-ap-tx-limit=0 default-client-tx-limit=0 hide-ssid=no
    security-profile=profile1 compression=no

    [admin@MikroTik] > /interface wireless security-profiles print

    name=”profile1″ mode=dynamic-keys authentication-types=wpa2-psk unicast-ciphers=aes-ccm group-ciphers=aes-ccm
    wpa-pre-shared-key=”" wpa2-pre-shared-key=”secretlala” supplicant-identity=”" tls-mode=no-certificates tls-certificate=none
    static-algo-0=none static-key-0=”" static-algo-1=none static-key-1=”" static-algo-2=none static-key-2=”" static-algo-3=none
    static-key-3=”" static-transmit-key=key-0 static-sta-private-algo=none static-sta-private-key=”" radius-mac-authentication=no
    radius-mac-accounting=no radius-eap-accounting=no interim-update=0s radius-mac-format=XX:XX:XX:XX:XX:XX
    radius-mac-mode=as-username radius-mac-caching=disabled group-key-update=5m management-protection=allowed
    management-protection-key=”"

    I am using ‘antenna-mode=ant-b’ because ant-b is the external antenna. If you don’t have external antenna, use ‘antenna-mode=ant-a’.

    cOMMANDER, your setup is possible if you are able to get VLAN tag/trunk in the wireless interfaces for both router A and B.

  19. ngambing
    May 07, 2012 @ 11:10:16

    Hi Wing Loon,
    I came across your blog after searching for guide to setup my unifi with RB751U. I have tried using the guide from the landasan website but could not connect with my unifi. F.Y.I I’m subscribing TM Unifi with fixed IP. Your guide is the nearest I could get to setting up the RB751U that I’ve just bought. Is there a possibility that you could show me how to do it with fixed IP.

    Thanks

  20. Fithrie
    May 08, 2012 @ 11:14:16

    hi,
    i just bought a wifi bridge Vonets. i want to use it for my STB Hypptv. The wifi bridge already configure but it seems cannot load the content of hypptv.

    what other configuration i need to do? i am using a standard device supplied by TM

    thanks for helping. if can u send your answer to my email

  21. wingloon
    May 08, 2012 @ 15:44:35

    ngambing, please tell me more about your setup with a network diagram and what are you trying to achieve.

    Fithrie, you can’t connect your Vonets to TM supplied WiFi router…it doesn’t work that way because its a different VLAN.

  22. Jay
    May 10, 2012 @ 11:37:49

    Dear Wingloon

    Thanks for sharing the information.

    I have limited wall socket, can i install the TP-Link Homeplug Powerline Ethernet Adapter on a extension cord?

    Regards
    Jay

  23. wingloon
    May 11, 2012 @ 17:20:24

    Jay, you may use with extension cord. Alternative you may get Aztech or TP-Link HomePlug with AC Pass Through.