So I only have an issue with windows pc’s/laptops connecting to the wifi im a beginner to mikrotik so I do not know how to fix this ( linux or others are not affected ) i tried disabling defender antivirus etc,
so in logs of mikrotik when it sends a lease it says that the device declined a lease, and when i connect to wire shark and try to connect it says icmp destination unreachable and it connects after like 30 leases are given windows a ccepts one of them and to get one accepted you have to wait like 20 minutes, is there a way to fix this?
# aug/02/2024 14:46:00 by RouterOS 6.49.15
# software id = GFJH-3Z26
#
# model = 951G-2HnD
# serial number = <edit>
/interface bridge
add admin-mac=B8:69:F4:30:D1:C8 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
set [ find default-name=ether2 ] name=ether2-master speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
/interface ethernet switch port
set 0 vlan-mode=fallback
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk management-protection=allowed mode=\
dynamic-keys name=profile1 supplicant-identity=MikroTik
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n channel-width=\
20/40mhz-Ce country=serbia disabled=no distance=indoors frequency=auto \
frequency-mode=manual-txpower mode=ap-bridge security-profile=profile1 \
ssid=MikroTik-30D1CC station-roaming=enabled wireless-protocol=802.11 \
wps-mode=push-button-virtual-only
/ip dhcp-server option
add code=58 name=Renewal-Time value=0x0000A8C0
add code=59 name=Rebinding-Time value=0x00012750
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool1 ranges=192.168.87.1,192.168.87.3-192.168.87.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge lease-time=18h name=defconf
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,passw\
ord,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=wlan1 list=discover
add interface=ether2-master list=discover
add interface=ether3 list=discover
add interface=ether4 list=discover
add interface=ether5 list=discover
add interface=bridge list=discover
add interface=bridge list=mactel
add interface=bridge list=mac-winbox
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2-master network=\
192.168.88.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server config
set store-leases-disk=never
/ip dhcp-server network
add address=192.168.86.0/24 gateway=192.168.88.1
add address=192.168.88.0/24 comment=defconf dhcp-option=\
Renewal-Time,Rebinding-Time gateway=192.168.88.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked disabled=yes
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid disabled=yes
add action=accept chain=input comment="defconf: accept ICMP" disabled=yes \
protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
disabled=yes in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
disabled=yes ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
disabled=yes ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related disabled=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked disabled=yes
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
invalid disabled=yes
add action=drop chain=forward icmp-options=3 protocol=icmp
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
out,none out-interface-list=WAN
add action=masquerade chain=srcnat out-interface=ether1
/ip route
add disabled=yes distance=1 gateway=192.168.1.1
/ip ssh
set forwarding-enabled=remote
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge type=internal
add interface=ether1 type=external
/system clock
set time-zone-name=Europe/Belgrade
/system logging
add topics=dhcp,debug
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox