WiFi not giving access to internet

RouterOS Wireless Networking
1

I have a Mikrotik RB2011UiAS-2HnD
I specifically use this as my primary router since my ISP router did not satisfy the needs of keeping a web server for office use.
This router is used for internet access as well both through wifi and lan
currently I am getting internet access on the lan devices but on the devices connected to wifi there is no internet access
It provides IP addresses to them and I am able to see the devices on IP Scan. Only one specific device connected through wifi is getting internet access.
I have multiple times set the wifi settings both manually and through the quick set option
I set everything through Winbox and also dont want to reset the router as the webserver is in use.

2

Can you post your configuration here ?

3 



# aug/28/2023 07:14:04 by RouterOS 6.42.6
# software id = F0DG-HDXR
#
# model = 2011UiAS-2HnD
# serial number = _serial number_
/interface bridge
add fast-forward=no name=bridge
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 \
    password=_password_ use-peer-dns=yes user=_user_
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk group-ciphers=\
    tkip,aes-ccm mode=dynamic-keys supplicant-identity=MikroTik \
    unicast-ciphers=tkip,aes-ccm wpa-pre-shared-key=gt46006w \
    wpa2-pre-shared-key=_password_
add authentication-types=wpa-psk,wpa2-psk group-ciphers=tkip,aes-ccm mode=\
    dynamic-keys name=q4profile supplicant-identity="" unicast-ciphers=\
    tkip,aes-ccm wpa-pre-shared-key=gt46006w wpa2-pre-shared-key=_password_
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=3 band=2ghz-b/g/n channel-width=\
    20/40mhz-Ce disabled=no frequency=2442 frequency-mode=regulatory-domain \
    mode=ap-bridge security-profile=q4profile ssid=Q4 wireless-protocol=\
    802.11
/ip pool
add name=dhcp ranges=192.168.1.2-192.168.1.255
add name=dhcp_pool2 ranges=192.168.1.2-192.168.1.254
/ip dhcp-server
add address-pool=dhcp interface=ether2 name=dhcp1
add address-pool=dhcp_pool2 disabled=no interface=bridge name=dhcp2
/interface bridge port
add bridge=bridge interface=wlan1
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=ether6
add bridge=bridge interface=ether7
add bridge=bridge interface=ether9
add bridge=bridge interface=ether2
/interface list member
add list=LAN
add interface=pppoe-out1 list=WAN
add interface=bridge list=LAN
/ip address
add address=192.168.1.1/24 interface=bridge network=192.168.1.0
add address=192.168.1.2 disabled=yes interface=ether2 network=192.168.1.0
add address=192.168.1.2/24 disabled=yes interface=ether2 network=192.168.1.0
/ip dhcp-server lease
add address=192.168.1.2 disabled=yes mac-address=_webserver_
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=8.8.8.8,196.201.62.141 gateway=\
    192.168.1.1 netmask=24
/ip firewall address-list
add address=192.168.1.0/24 list=LAN
add address=_staticwanaddress_ list=WAN
/ip firewall mangle
add action=mark-connection chain=prerouting dst-address-list=WAN \
    new-connection-mark=hairpinNAT passthrough=yes src-address-list=LAN
/ip firewall nat
add action=masquerade chain=srcnat comment=hairpin connection-mark=hairpinNAT
add action=masquerade chain=srcnat out-interface-list=WAN
add action=dst-nat chain=dstnat dst-address-type="" dst-port=5432 protocol=\
    tcp src-address-type="" to-addresses=192.168.1.2 to-ports=5432
add action=dst-nat chain=dstnat comment=ssh dst-port=22 protocol=tcp \
    to-addresses=192.168.1.2 to-ports=22
add action=dst-nat chain=dstnat dst-port=443 protocol=tcp to-addresses=\
    192.168.1.2 to-ports=443
/ip upnp
set enabled=yes
/lcd
set backlight-timeout=never default-screen=informative-slideshow
/lcd interface pages
set 0 interfaces=wlan1
/system clock
set time-zone-name=Africa/Accra
/system identity
set name=_name_
/system routerboard settings
set silent-boot=no

I have censored some personal info like the wan ip since its a static ip, I hope this helps
also do note some address additions are disabled, these were added during configuration for testing purposes.

4

RouterOS 6.42.6

Mmm…might be time to do an upgrade…

authentication-types=wpa-psk,wpa2-psk

Please don’t use wpa-psk, only use (at least) wpa2-psk aes.

/ip dhcp-server
add address-pool=dhcp interface=ether2 name=dhcp1
add address-pool=dhcp_pool2 disabled=no interface=bridge name=dhcp2
/interface bridge port
add bridge=bridge interface=wlan1
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=ether6
add bridge=bridge interface=ether7
add bridge=bridge interface=ether9
add bridge=bridge interface=ether2

Only use a single DHCP server and bind that to the bridge.
Remove the marked line.

/ip address
add address=192.168.1.1/24 interface=bridge network=192.168.1.0
add address=192.168.1.2 disabled=yes interface=ether2 network=192.168.1.0
add address=192.168.1.2/24 disabled=yes interface=ether2 network=192.168.1.0

Remove the marked lines

/ip upnp
set enabled=yes

No…please no!

5

Hi thank you for the reply, I have done all the things you have notified and then updated the router as well, here is the updated config file

# aug/28/2023 11:17:27 by RouterOS 6.49.10
# software id = F0DG-HDXR
#
# model = 2011UiAS-2HnD
# serial number = ******
/interface bridge
add fast-forward=no name=bridge
/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
set [ find default-name=ether2 ] speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether6 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether7 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether8 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether9 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether10 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 \
    password=****** use-peer-dns=yes user=******
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
    supplicant-identity=MikroTik wpa-pre-shared-key=****** \
    wpa2-pre-shared-key=******
add authentication-types=wpa2-psk mode=dynamic-keys name=q4profile \
    supplicant-identity="" wpa-pre-shared-key=****** wpa2-pre-shared-key=\
    ******
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=3 band=2ghz-b/g/n channel-width=\
    20/40mhz-Ce country=no_country_set disabled=no frequency=2442 mode=\
    ap-bridge security-profile=q4profile ssid=Q4 station-roaming=enabled \
    wireless-protocol=802.11
/ip pool
add name=dhcp ranges=192.168.1.2-192.168.1.255
add name=dhcp_pool2 ranges=192.168.1.2-192.168.1.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=dhcp2
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
    sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge interface=wlan1
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=ether6
add bridge=bridge interface=ether7
add bridge=bridge interface=ether9
add bridge=bridge interface=ether2
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface list member
add list=LAN
add interface=pppoe-out1 list=WAN
add interface=bridge list=LAN
/ip address
add address=192.168.1.1/24 interface=bridge network=192.168.1.0
/ip dhcp-server lease
add address=192.168.1.2 disabled=yes mac-address=# aug/28/2023 11:17:27 by RouterOS 6.49.10
# software id = F0DG-HDXR
#
# model = 2011UiAS-2HnD
# serial number = ******
/interface bridge
add fast-forward=no name=bridge
/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
set [ find default-name=ether2 ] speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether6 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether7 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether8 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether9 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether10 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 \
    password=****** use-peer-dns=yes user=******
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
    supplicant-identity=MikroTik wpa-pre-shared-key=****** \
    wpa2-pre-shared-key=******
add authentication-types=wpa2-psk mode=dynamic-keys name=q4profile \
    supplicant-identity="" wpa-pre-shared-key=****** wpa2-pre-shared-key=\
    ******
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=3 band=2ghz-b/g/n channel-width=\
    20/40mhz-Ce country=no_country_set disabled=no frequency=2442 mode=\
    ap-bridge security-profile=q4profile ssid=Q4 station-roaming=enabled \
    wireless-protocol=802.11
/ip pool
add name=dhcp ranges=192.168.1.2-192.168.1.255
add name=dhcp_pool2 ranges=192.168.1.2-192.168.1.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=dhcp2
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
    sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge interface=wlan1
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=ether6
add bridge=bridge interface=ether7
add bridge=bridge interface=ether9
add bridge=bridge interface=ether2
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface list member
add list=LAN
add interface=pppoe-out1 list=WAN
add interface=bridge list=LAN
/ip address
add address=192.168.1.1/24 interface=bridge network=192.168.1.0
/ip dhcp-server lease
add address=192.168.1.2 disabled=yes mac-address=34:17:EB:ED:81:43
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=8.8.8.8,196.201.62.141 gateway=\
    192.168.1.1 netmask=24
/ip firewall address-list
add address=192.168.1.0/24 list=LAN
add address=****** list=WAN
/ip firewall mangle
add action=mark-connection chain=prerouting dst-address-list=WAN \
    new-connection-mark=hairpinNAT passthrough=yes src-address-list=LAN
/ip firewall nat
add action=masquerade chain=srcnat comment=hairpin connection-mark=hairpinNAT
add action=masquerade chain=srcnat out-interface-list=WAN
add action=dst-nat chain=dstnat dst-address-type="" dst-port=5432 protocol=\
    tcp src-address-type="" to-addresses=192.168.1.2 to-ports=5432
add action=dst-nat chain=dstnat comment=ssh dst-port=22 protocol=tcp \
    to-addresses=192.168.1.2 to-ports=22
add action=dst-nat chain=dstnat dst-port=443 protocol=tcp to-addresses=\
    192.168.1.2 to-ports=443
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/ipv6 nd
set [ find default=yes ] advertise-dns=no
/lcd
set backlight-timeout=never default-screen=informative-slideshow
/lcd interface pages
set 0 interfaces=wlan1
/system clock
set time-zone-name=Africa/Accra
/system identity
set name=Q4

/ip dhcp-server network
add address=192.168.1.0/24 dns-server=8.8.8.8,196.201.62.141 gateway=\
    192.168.1.1 netmask=24
/ip firewall address-list
add address=192.168.1.0/24 list=LAN
add address=****** list=WAN
/ip firewall mangle
add action=mark-connection chain=prerouting dst-address-list=WAN \
    new-connection-mark=hairpinNAT passthrough=yes src-address-list=LAN
/ip firewall nat
add action=masquerade chain=srcnat comment=hairpin connection-mark=hairpinNAT
add action=masquerade chain=srcnat out-interface-list=WAN
add action=dst-nat chain=dstnat dst-address-type="" dst-port=5432 protocol=\
    tcp src-address-type="" to-addresses=192.168.1.2 to-ports=5432
add action=dst-nat chain=dstnat comment=ssh dst-port=22 protocol=tcp \
    to-addresses=192.168.1.2 to-ports=22
add action=dst-nat chain=dstnat dst-port=443 protocol=tcp to-addresses=\
    192.168.1.2 to-ports=443
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/ipv6 nd
set [ find default=yes ] advertise-dns=no
/lcd
set backlight-timeout=never default-screen=informative-slideshow
/lcd interface pages
set 0 interfaces=wlan1
/system clock
set time-zone-name=Africa/Accra
/system identity
set name=Q4
6

The problem has been solved now, Apparently there was no internet connection to the LAN devices as well hence I made a new post and it has been resolved.

Post link: http://forum.mikrotik.com/t/unable-to-access-internet-but-able-to-ping-websites/169489/1