Hello ,
Task
1 laptops appeared in the library. I want them to give all the settings from dhcp windows server 2012 via wifi, what I did in my internal network, plugged the first port of the mikrotik 951G-2HnD into the network, (reset the factory settings), set up eth1 + wlan1 in bridge, in ip-dhcp-client added to get the settings automatically, then set up wifi and everything is OK, everything works. 10 wifi laptops (wlan1) get all settings from the server 2012, Internet works
2. In the library for phones, I also need WIFI guest, I wanted to do it on the same mikrotik, made the second bridge called bridgewifi, also in wifi interfaces did wlan2 (the second access point for guests) connected bridgewifi + wlan2, made in mikrotik DHCP server and another network 192.168.88.0/24 and distributed to this bridgewifi

As a result, two access points 1 work as I want, second wifi point not works ----
The phone connect get IP, example 192.168.88.5 dns 192.168.88.1 gateway 192.168.88.1 no internet? I tried do this ip -firewall-nat-masquarade so that from the network 192.168.88.0.24 the same result

Your approach sounds OK, probably something small overlooked. Post the output of /export hide-sensitive here between code tags (the icon above the reply box).

[quote=tdw post_id=732915 time=1559033987 user_id=120643
model = 951G-2HnD

serial number = 96500953FAE3

/interface bridge
add name=bridge1
add name=bridgewifi
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-g/n disabled=no mode=ap-bridge ssid=Skaitykla
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys supplicant-identity=
MikroTik wpa2-pre-shared-key=Seda12345*
add authentication-types=wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=
profilewifimokiniai supplicant-identity="" wpa2-pre-shared-key=Mokykla1
/interface wireless
add disabled=no keepalive-frames=disabled mac-address=BA:69:F4:43:70:DC master-interface=wlan1
multicast-buffering=disabled name=wlan2 security-profile=profilewifimokiniai ssid=SkaityklaMokiniai
wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/ip pool
add name=dhcp_pool0 ranges=192.168.88.10-192.168.88.250
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=bridgewifi name=server1
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=wlan1
add bridge=bridgewifi interface=wlan2
/interface list member
add interface=wlan1 list=WAN
add interface=ether1 list=LAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
/ip address
add address=192.168.88.0/24 interface=bridgewifi network=192.168.88.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=bridge1
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=bridge1 src-address=192.168.88.1
/system clock
set time-zone-name=Europe/Vilnius
]
Your approach sounds OK, probably something small overlooked. Post the output of /export hide-sensitive here between code tags (the icon above the reply box).
[/quote]

A couple of errors - incorrect address and insufficent scope for NAT:

/ip address
add address=192.168.88.1/24 interface=bridgewifi network=192.168.88.0

/ip firewall nat
add action=masquerade chain=srcnat out-interface=bridge1 src-address=192.168.88.0/24

TDW, !!! super 7 days I was looking for an answer to this question !!! very big thanks for you, my mistake was in this place
/ip firewall nat
add action=masquerade chain=srcnat out-interface=bridge1 src-address=192.168.88.0/24 , i don know about 24 in this place

in adress also is mistake but i was changing before i export it configuration 192.168.88.1/24 to 192.168.88.0/24