Hello everyone,
I have an L009UiGS-2HaxD and made some changes to the default configuration.
My internet provider requires VLAN 300 on the WAN interface which i managed to add to the configuration with the following lines:

/interface vlan
add interface=ether1 name=vlan300 vlan-id=300
/ip dhcp-client
add interface=vlan300 add-default-route=yes disabled=no use-peer-dns=no use-peer-ntp=no
/ip firewall filter
add action=accept chain=input in-interface=vlan300 protocol=icmp
add action=accept chain=input connection-state=established,related
add action=drop chain=input in-interface=vlan300
/ip firewall nat
add action=masquerade chain=srcnat out-interface=vlan300

I can ping internet e.g: 8.8.4.4 but can’t visit any webpages.

Is there a way to fix my router config?

This is my config here below:

2025-07-31 17:36:07 by RouterOS 7.19.4

software id = [redacted]

model = L009UiGS-2HaxD

serial number = [redacted]

/interface bridge
add admin-mac=78:9A:18:B5:AE:32 auto-mac=no comment=defconf name=bridge
port-cost-mode=short
/interface wifi
set [ find default-name=wifi1 ] channel.band=2ghz-ax .skip-dfs-channels=
10min-cac .width=20/40mhz configuration.mode=station .ssid=Mikrotik
disabled=no security.authentication-types=wpa2-psk,wpa3-psk
/interface vlan
add comment=“Odido VLAN 300” interface=ether1 name=vlan300 vlan-id=300
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp interface=bridge lease-time=10m name=defconf
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge comment=defconf interface=ether2 internal-path-cost=10
path-cost=10
add bridge=bridge comment=defconf interface=ether3 internal-path-cost=10
path-cost=10
add bridge=bridge comment=defconf interface=ether4 internal-path-cost=10
path-cost=10
add bridge=bridge comment=defconf interface=ether5 internal-path-cost=10
path-cost=10
add bridge=bridge comment=defconf interface=ether6 internal-path-cost=10
path-cost=10
add bridge=bridge comment=defconf interface=ether7 internal-path-cost=10
path-cost=10
add bridge=bridge comment=defconf interface=ether8 internal-path-cost=10
path-cost=10
add bridge=bridge comment=defconf interface=sfp1 internal-path-cost=10
path-cost=10
add bridge=bridge comment=defconf interface=wifi1 internal-path-cost=10
path-cost=10
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=vlan300 list=WAN
/interface ovpn-server server
add mac-address=FE:FB:17:61:FB:34 name=ovpn-server1
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=
192.168.88.0
/ip dhcp-client
add comment=defconf default-route-tables=main interface=vlan300 use-peer-dns=
no use-peer-ntp=no
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=
192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan type=A
/ip firewall address-list
add address=192.168.88.0/24 list=MGMT-RANGES
/ip firewall filter
add action=accept chain=input comment=
“defconf: accept established,related,untracked” connection-state=
established,related,untracked
add action=drop chain=input comment=“defconf: drop invalid” connection-state=
invalid
add action=accept chain=input comment=“defconf: accept ICMP” protocol=icmp
add action=accept chain=input comment=
“defconf: accept to local loopback (for CAPsMAN)” dst-address=127.0.0.1
add action=drop chain=input comment=“defconf: drop all not coming from LAN”
in-interface-list=!LAN
add action=accept chain=forward comment=“defconf: accept in ipsec policy”
ipsec-policy=in,ipsec
add action=accept chain=forward comment=“defconf: accept out ipsec policy”
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment=“defconf: fasttrack”
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=
“defconf: accept established,related, untracked” connection-state=
established,related,untracked
add action=drop chain=forward comment=“defconf: drop invalid”
connection-state=invalid
add action=drop chain=forward comment=
“defconf: drop all from WAN not DSTNATed” connection-nat-state=!dstnat
connection-state=new in-interface-list=WAN
add action=accept chain=input in-interface=vlan300 protocol=icmp
add action=drop chain=input in-interface=vlan300
add action=accept chain=input connection-state=established,related
/ip firewall nat
add action=masquerade chain=srcnat comment=“defconf: masquerade”
ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat out-interface=vlan300
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip service
set telnet disabled=yes
set ssh port=2202
set api disabled=yes
set api-ssl disabled=yes
/ipv6 firewall address-list
add address=::/128 comment=“defconf: unspecified address” list=bad_ipv6
add address=::1/128 comment=“defconf: lo” list=bad_ipv6
add address=fec0::/10 comment=“defconf: site-local” list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment=“defconf: ipv4-mapped” list=bad_ipv6
add address=::/96 comment=“defconf: ipv4 compat” list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment=“defconf: documentation” list=bad_ipv6
add address=2001:10::/28 comment=“defconf: ORCHID” list=bad_ipv6
add address=3ffe::/16 comment=“defconf: 6bone” list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=
“defconf: accept established,related,untracked” connection-state=
established,related,untracked
add action=drop chain=input comment=“defconf: drop invalid” connection-state=
invalid
add action=accept chain=input comment=“defconf: accept ICMPv6” protocol=
icmpv6
add action=accept chain=input comment=“defconf: accept UDP traceroute” port=
33434-33534 protocol=udp
add action=accept chain=input comment=
“defconf: accept DHCPv6-Client prefix delegation.” dst-port=546 protocol=
udp src-address=fe80::/10
add action=accept chain=input comment=“defconf: accept IKE” dst-port=500,4500
protocol=udp
add action=accept chain=input comment=“defconf: accept ipsec AH” protocol=
ipsec-ah
add action=accept chain=input comment=“defconf: accept ipsec ESP” protocol=
ipsec-esp
add action=accept chain=input comment=
“defconf: accept all that matches ipsec policy” ipsec-policy=in,ipsec
add action=drop chain=input comment=
“defconf: drop everything else not coming from LAN” in-interface-list=
!LAN
add action=accept chain=forward comment=
“defconf: accept established,related,untracked” connection-state=
established,related,untracked
add action=drop chain=forward comment=“defconf: drop invalid”
connection-state=invalid
add action=drop chain=forward comment=
“defconf: drop packets with bad src ipv6” src-address-list=bad_ipv6
add action=drop chain=forward comment=
“defconf: drop packets with bad dst ipv6” dst-address-list=bad_ipv6
add action=drop chain=forward comment=“defconf: rfc4890 drop hop-limit=1”
hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment=“defconf: accept ICMPv6” protocol=
icmpv6
add action=accept chain=forward comment=“defconf: accept HIP” protocol=139
add action=accept chain=forward comment=“defconf: accept IKE” dst-port=
500,4500 protocol=udp
add action=accept chain=forward comment=“defconf: accept ipsec AH” protocol=
ipsec-ah
add action=accept chain=forward comment=“defconf: accept ipsec ESP” protocol=
ipsec-esp
add action=accept chain=forward comment=
“defconf: accept all that matches ipsec policy” ipsec-policy=in,ipsec
add action=drop chain=forward comment=
“defconf: drop everything else not coming from LAN” in-interface-list=
!LAN
/system routerboard settings
set enter-setup-on=delete-key
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

Hi and welcome.

Since you do not accept dns settings in your dhcp client and point to the address of your own router, nothing happens. You are running in circles.

Change dns settings to some external server like 8.8.8.8 or so.

As Holvoeth suggested, add a couple servers:

Then you can test if DNS is working:

/put [:resolve google.com] 

Also, you can remove the firewall filter rules that you added for VLAN300.

You added the vlan300 interface to interface list member as WAN, the default firewall will work just fine with that setting.

Setting dns worked!
Now i have to findout why wifi fails.

Why is it in station mode ?

If this is a device to be used as access point, set it as access point.

I can’t remember i put it in station mode, but changing it back to AP worked!
Thank you so much

Important remark for future here …
you made quite some changes to your config yet I see everywhere

comment="defconf:

which is not an issue on itself but especially on lines where we know that it’s not default it’s not smart to leave it.

If you change something, make it a habit to REMOVE that defconf remark.

Then you and everyone else will know immediately that you did something there.

You can also find this back as Rule #15 in a nice list jaclaz compiled: