Hi to all,
Please help on WiFi connection.
Mobile or Laptop devices connected to WIFI its showing Connected, No internet. But, can able to access internet or youtube, facebook anything you can able surf internet, but you can see in the Mobile/Laptop WIFI settings, showing no internet. I didn't change anything this year, just started this issue 1 week ago I think, so I decided to seek some help here.
Any suggestion, solution or advice to check its much appreciated.
Here are my devices below:
I have a MikroTik RouterOS (main), Mikrotik RouterOS (repeater) and 5 EAP235-Wall(EU) v1.0.
I'm using OMADA Controller for 5 EAP235-Wall(EU) v1.0.
2 EAP235-Wall(EU) v1.0. - connected via cable and DHCP of main LAN.
3 EAP235-Wall(EU) v1.0. - connected via cable and DHCP of port 5 configured with other Subnet.
Code: Select all
Mikrotik remove sensitive information and can be share:
#RouterOS 6.49.6
#
# model = 951Ui-2HnD
/interface bridge
add admin-mac=x:x:x:x:x:x auto-mac=no fast-forward=no mtu=1500 name=\
bridge-local
/interface ethernet
set [ find default-name=ether1 ] mac-address=x:x:x:x:x:x name=\
ether1-gateway
set [ find default-name=ether2 ] mac-address=x:x:x:x:x:x name=\
ether2-master-local
set [ find default-name=ether3 ] mac-address=x:x:x:x:x:x name=\
ether3-slave-local
set [ find default-name=ether4 ] mac-address=x:x:x:x:x:x name=\
ether4-slave-local
set [ find default-name=ether5 ] mac-address=x:x:x:x:x:x name=\
ether5-slave-local poe-out=off
/interface l2tp-client
add connect-to=1.2.3.4 disabled=no name=New_AngolaL2tp user=\
user
add connect-to=1.2.3.4 name=l2tp-out1 user=user
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n channel-width=\
20/40mhz-eC country=no_country_set frequency=2457 frequency-mode=\
manual-txpower mode=ap-bridge ssid=Rmci_Angola2 tx-power=20 \
tx-power-mode=all-rates-fixed
/interface pptp-client
add connect-to=1.2.3.4 disabled=no name=New_Angola_PPTP114 user=\
user
add connect-to=1.2.3.4 disabled=no name=New_Angola_PPTP_Temp user=\
user
add connect-to=1.2.3.4 disabled=no name=pptp-out1 user=user
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
dynamic-keys supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys name=\
ICC-Guest supplicant-identity=""
/interface wireless
add mac-address=x:x:x:x:x:x master-interface=wlan1 name=ap-guest \
security-profile=ICC-Guest ssid=ICC-Guest wds-cost-range=0 \
wds-default-cost=0
/ip dhcp-server
add authoritative=after-2sec-delay interface=ether1-gateway lease-time=3d \
name=dhcp1
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add comment="Main Local DHCP" name=default-dhcp ranges=\
192.168.0.26-192.168.0.254
add comment=Local-DHCP-Jotun name=Pool-Jotun ranges=\
192.168.99.20-192.168.99.250
/ip dhcp-server
add address-pool=default-dhcp authoritative=after-2sec-delay disabled=no \
interface=bridge-local lease-time=3d name=default
add address-pool=Pool-Jotun authoritative=after-2sec-delay interface=ap-guest \
name=dhcp2
add address-pool=Pool-Jotun disabled=no interface=ether5-slave-local \
lease-time=3d name=server-ether5-jotun
/interface sstp-client
add connect-to=1.2.3.4 disabled=no name=New_Office_sstp profile=\
default-encryption user=user \
verify-server-address-from-certificate=no
add connect-to=1.2.3.4 disabled=no name=sstp-out1 profile=\
default-encryption user=user
/queue type
add kind=pcq name="MaximumDownloadSpeed " pcq-classifier=src-address \
pcq-rate=500k
add kind=pcq name="MaximumUploadSpeed " pcq-classifier=dst-address pcq-rate=\
500k
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface list member
add interface=ether1-gateway list=discover
add interface=ether2-master-local list=discover
add interface=ether3-slave-local list=discover
add interface=ether4-slave-local list=discover
add interface=ether5-slave-local list=discover
add interface=bridge-local list=discover
add interface=l2tp-out1 list=discover
add interface=pptp-out1 list=discover
add interface=sstp-out1 list=discover
add interface=wlan1 list=discover
add interface=ap-guest list=discover
add interface=ether2-master-local list=mactel
add interface=ether3-slave-local list=mactel
add interface=ether2-master-local list=mac-winbox
add interface=ether4-slave-local list=mactel
add interface=ether3-slave-local list=mac-winbox
add interface=ether5-slave-local list=mactel
add interface=ether4-slave-local list=mac-winbox
add interface=bridge-local list=mactel
add interface=ether5-slave-local list=mac-winbox
add interface=wlan1 list=mactel
add interface=bridge-local list=mac-winbox
add interface=wlan1 list=mac-winbox
/ip accounting
set account-local-traffic=yes enabled=yes
/ip accounting web-access
set accessible-via-web=yes address=192.168.0.99/32
/ip address
add address=192.168.0.1/24 comment="default configuration" interface=\
bridge-local network=192.168.0.0
add address=192.168.0.1/24 comment="default configuration" interface=wlan1 \
network=192.168.0.0
add address=192.168.22.10/24 interface=ether3-slave-local network=\
192.168.22.0
add address=1.2.3.4/56 disabled=yes interface=ether4-slave-local \
network=1.2.3.4
add address=1.2.3.4/56 interface=ether4-slave-local network=\
1.2.3.4/
add address=10.0.0.17 disabled=yes interface=l2tp-out1 network=10.0.0.16
add address=192.168.8.1/24 disabled=yes interface=ether3-slave-local network=\
192.168.8.0
add address=1.2.3.4/56 interface=ether1-gateway network=1.2.3.0
add address=11.11.11.1/24 interface=ap-guest network=11.11.11.0
add address=192.168.99.1/24 comment=Jotun-Port5 interface=ether5-slave-local \
network=192.168.99.0
add address=192.168.99.1/24 comment=Jotun-Bridge disabled=yes interface=\
bridge-local network=192.168.99.0
/ip dhcp-client
add add-default-route=no comment="default configuration" interface=\
ether1-gateway
add default-route-distance=5 interface=ether3-slave-local
add interface=wlan1
/ip dhcp-server network
add address=11.11.11.0/24 comment="ICC-Guest WiFi" gateway=11.11.11.1
add address=192.168.0.0/24 comment="default configuration" dns-server=\
192.168.9.1,8.8.8.8 gateway=192.168.0.1 netmask=24
add address=192.168.99.0/24 comment=ether5-Jotun dns-server=\
192.168.99.1,8.8.8.8 gateway=192.168.99.1
/ip dns
set allow-remote-requests=yes servers=\
1.2.3.4,1.2.3.4,8.8.8.8,1.2.3.4
/ip dns static
add address=192.168.88.1 name=router
/ip firewall address-list
add address=216.58.211.110 list=Youtube
add address=172.217.168.234 list=Youtube
add address=173.194.69.101 list=Youtube
add address=172.217.19.206 list=Youtube
add address=172.217.20.78 list=Youtube
add address=172.217.168.206 list=Youtube
add address=172.217.20.74 list=Youtube
add address=172.217.168.238 list=Youtube
add address=216.58.208.110 list=Youtube
add address=192.168.9.9 disabled=yes list="Youtube Allowed Users"
add address=192.168.9.99 list="Youtube Allowed Users"
add address=192.168.9.127 list="Youtube Allowed Users"
add address=192.168.9.2 list="Youtube Allowed Users"
add address=192.168.9.164 disabled=yes list="Youtube Allowed Users"
add address=78.31.8.0/22 list=Spotify
add address=193.182.8.0/21 list=Spotify
add address=193.235.232.0/24 list=Spotify
add address=35.186.224.25 list=Spotify
add address=192.168.9.50 list="Youtube Allowed Users"
add address=192.168.9.149 list="Youtube Allowed Users"
add address=192.168.9.186 list="Youtube Allowed Users"
add address=192.168.9.172 list="Youtube Allowed Users"
add address=192.168.9.63 list="Youtube Allowed Users"
/ip firewall filter
add action=reject chain=input disabled=yes dst-port=53 in-interface=\
ether4-slave-local protocol=udp reject-with=icmp-network-unreachable
add action=accept chain=input comment="default configuration" disabled=yes \
protocol=icmp
add action=accept chain=input comment="default configuration" \
connection-state=established disabled=yes
add action=accept chain=input comment="default configuration" \
connection-state=related disabled=yes
add action=drop chain=input comment="default configuration" disabled=yes \
in-interface=ether1-gateway
add action=accept chain=forward comment="default configuration" \
connection-state=established disabled=yes
add action=accept chain=forward comment="default configuration" \
connection-state=related disabled=yes
add action=drop chain=forward comment="default configuration" \
connection-state=invalid disabled=yes
add action=accept chain=input comment="FTP File Server" dst-port=\
12345,12345-67890 in-interface=ether1-gateway protocol=tcp
add action=drop chain=forward comment="ICC-Guest WiFi" disabled=yes \
dst-address=192.168.0.0/24 src-address=11.11.11.0/24
add action=drop chain=forward disabled=yes dst-address=11.11.11.0/24 \
src-address=192.168.0.0/24
add action=drop chain=input comment="drop ftp brute forcers" dst-port=1234 \
protocol=tcp src-address-list=ftp_blacklist
add action=accept chain=output content="530 Login incorrect" dst-limit=\
1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=ftp_blacklist \
address-list-timeout=3h chain=output content="530 Login incorrect" \
protocol=tcp
add action=drop chain=input comment="drop ssh brute forcers" dst-port=1234 \
protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
address-list-timeout=1w3d chain=input connection-state=new dst-port=1234 \
protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 \
address-list-timeout=1m chain=input connection-state=new dst-port=1234 \
protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
address-list-timeout=1m chain=input connection-state=new dst-port=1234 \
protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
address-list-timeout=1m chain=input connection-state=new dst-port=1234 \
protocol=tcp
add action=drop chain=forward comment="List of Blocked IP Address" disabled=\
yes dst-port=80,443 protocol=tcp src-address=192.168.0.9
add action=drop chain=input disabled=yes protocol=tcp src-address=192.168.0.9
add action=accept chain=forward comment="Allowed Block Website Here!!!" \
disabled=yes dst-address-list=Youtube src-address-list=\
"Youtube Allowed Users"
add action=add-dst-to-address-list address-list=Youtube address-list-timeout=\
4w2d chain=forward comment="Block Website Here!!!" disabled=yes dst-port=\
443 protocol=tcp src-address=192.168.0.0/24 tls-host=*youtube*
add action=add-dst-to-address-list address-list=Spotify address-list-timeout=\
4w2d chain=forward disabled=yes dst-port=443 protocol=tcp src-address=\
192.168.0.0/24 tls-host=*youtube*
add action=drop chain=forward disabled=yes dst-address-list=Youtube
add action=drop chain=forward disabled=yes dst-address-list=Spotify
/ip firewall mangle
add action=mark-routing chain=prerouting disabled=yes dst-address=\
1.2.3.4 new-routing-mark=Out_Ether4 passthrough=yes
add action=mark-routing chain=prerouting disabled=yes new-routing-mark=\
Out_Ether4 passthrough=yes src-address=192.168.0.4
add action=mark-routing chain=prerouting new-routing-mark=Out_Ether4 \
passthrough=yes src-address=192.168.0.4
/ip firewall nat
add action=accept chain=srcnat dst-address=192.168.2.0/24 src-address=\
192.168.0.0/24
# New_Angola_PPTP_Temp not ready
add action=accept chain=srcnat comment="_New_Angola_PPTP_Temp not ready" \
dst-address=192.168.2.0/24 out-interface=New_Angola_PPTP_Temp
add action=masquerade chain=srcnat comment=JOTUN disabled=yes dst-address=\
192.168.99.0/24
add action=masquerade chain=srcnat comment="default configuration" \
dst-address=!192.168.1.0/16 out-interface=ether4-slave-local
add action=masquerade chain=srcnat comment="default configuration" \
dst-address=!192.168.1.0/16 fragment=no hotspot="" out-interface=\
ether1-gateway
add action=dst-nat chain=dstnat dst-address=1.2.3.4 dst-port=1234 \
in-interface=ether4-slave-local protocol=tcp to-addresses=192.168.0.4 \
to-ports=1234
add action=masquerade chain=srcnat dst-address=192.168.3.0/24 out-interface=\
ether3-slave-local
add action=masquerade chain=srcnat dst-address=192.168.4.0/24 out-interface=\
ether3-slave-local
add action=masquerade chain=srcnat dst-address=192.168.5.0/24 out-interface=\
ether3-slave-local
add action=dst-nat chain=dstnat comment="TEST" disabled=yes \
dst-port=1234 protocol=tcp to-addresses=192.168.0.91 to-ports=1234
add action=src-nat chain=srcnat disabled=yes dst-address=192.168.0.91 \
dst-port=1234 protocol=tcp to-addresses=192.168.0.1
add action=masquerade chain=srcnat disabled=yes dst-address=192.168.0.91 \
protocol=tcp src-address=192.168.0.0/24
add action=dst-nat chain=dstnat comment="TEST2" disabled=yes \
dst-port=1234 protocol=tcp to-addresses=192.168.0.99 to-ports=1234
add action=src-nat chain=srcnat disabled=yes dst-address=192.168.0.99 \
dst-port=1234 protocol=tcp to-addresses=192.168.0.1
add action=masquerade chain=srcnat disabled=yes dst-address=192.168.0.99 \
protocol=tcp src-address=192.168.0.0/24
add action=dst-nat chain=dstnat comment="PC - BARCODE" dst-address=\
1.2.3.4 dst-port=1234 protocol=tcp to-addresses=192.168.0.250 \
to-ports=1234
add action=dst-nat chain=dstnat comment="FTP FILEZILLA" dst-port=1234 \
in-interface=ether1-gateway protocol=tcp to-addresses=192.168.0.99
add action=dst-nat chain=dstnat dst-port=12345-67890 in-interface=\
ether1-gateway protocol=tcp to-addresses=192.168.0.99
add action=masquerade chain=srcnat comment="ICC-Guest WiFi" disabled=yes \
out-interface=ap-guest src-address=11.11.11.0/24
/ip proxy
set cache-path=web-proxy1
/ip route
add distance=4 gateway=1.2.3.4 routing-mark=Out_Ether4
add distance=3 gateway=1.2.3.4
add disabled=yes distance=1 dst-address=10.0.0.16/32 gateway=l2tp-out1 \
pref-src=10.0.0.17 scope=10
add distance=1 dst-address=10.10.10.1/32 gateway=\
New_Angola_PPTP_Temp,New_Office_sstp,New_AngolaL2tp
add distance=1 dst-address=1.2.3.4/56 gateway=1.2.3.4
add distance=1 dst-address=1.2.3.4/56 gateway=1.2.3.4
add disabled=yes distance=1 dst-address=1.2.3.4/56 gateway=\
1.2.3.4
add distance=1 dst-address=1.2.3.4/56 gateway=New_Angola_PPTP_Temp
add distance=2 dst-address=1.2.3.4/56 gateway=New_AngolaL2tp
add distance=3 dst-address=1.2.3.4/56 gateway=New_Angola_PPTP114
add disabled=yes distance=2 dst-address=1.2.3.4/56 gateway=l2tp-out1
add distance=1 dst-address=1.2.3.4/56 gateway=1.2.3.4/56
add distance=1 dst-address=1.2.3.4/56 gateway=1.2.3.4/56
add distance=1 dst-address=1.2.3.4/56 gateway=1.2.3.4/56
/ip service
/port remote-access
add
/system clock
set time-zone-autodetect=no time-zone-name=Africa/Luanda
/system identity
set name=Master
/system leds
set 0 interface=wlan1 leds=wlan-led type=wireless-status
set 1 interface=ether1-gateway leds=led1
set 2 interface=ether2-master-local leds=led2
set 3 interface=ether3-slave-local leds=led3
set 4 interface=ether4-slave-local leds=led4
set 5 interface=ether5-slave-local leds=led5 type=interface-activity
/system ntp client
set enabled=yes primary-ntp=8.8.8.8 secondary-ntp=8.8.4.4
/tool e-mail
set address=1.2.3.4 from=email@email.com port=1234 \
start-tls=yes user=email@email.com
/tool graphing interface
add allow-address=1.2.3.4/56 interface=ether1-gateway
/tool graphing queue
add allow-address=1.2.3.4/56
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
/tool sniffer
set filter-interface=ether2-master-local,wlan1 filter-port=imap3,smtp,pop3 \
streaming-enabled=yes streaming-server=192.168.0.99