Community discussions

MikroTik App
 
katopz24
newbie
Topic Author
Posts: 31
Joined: Fri Sep 28, 2018 10:28 pm

Problem with WiFi connection

Mon Apr 22, 2024 11:56 am

PTP Admin

Hi to all,

Please help on WiFi connection.
Mobile or Laptop devices connected to WIFI its showing Connected, No internet. But, can able to access internet or youtube, facebook anything you can able surf internet, but you can see in the Mobile/Laptop WIFI settings, showing no internet. I didn't change anything this year, just started this issue 1 week ago I think, so I decided to seek some help here.

Any suggestion, solution or advice to check its much appreciated.

Here are my devices below:
I have a MikroTik RouterOS (main), Mikrotik RouterOS (repeater) and 5 EAP235-Wall(EU) v1.0.

I'm using OMADA Controller for 5 EAP235-Wall(EU) v1.0.
2 EAP235-Wall(EU) v1.0. - connected via cable and DHCP of main LAN.
3 EAP235-Wall(EU) v1.0. - connected via cable and DHCP of port 5 configured with other Subnet.

Mikrotik remove sensitive information and can be share:
#RouterOS 6.49.6
#
# model = 951Ui-2HnD
/interface bridge
add admin-mac=x:x:x:x:x:x auto-mac=no fast-forward=no mtu=1500 name=\
    bridge-local
/interface ethernet
set [ find default-name=ether1 ] mac-address=x:x:x:x:x:x name=\
    ether1-gateway
set [ find default-name=ether2 ] mac-address=x:x:x:x:x:x name=\
    ether2-master-local
set [ find default-name=ether3 ] mac-address=x:x:x:x:x:x name=\
    ether3-slave-local
set [ find default-name=ether4 ] mac-address=x:x:x:x:x:x name=\
    ether4-slave-local
set [ find default-name=ether5 ] mac-address=x:x:x:x:x:x name=\
    ether5-slave-local poe-out=off
/interface l2tp-client
add connect-to=1.2.3.4 disabled=no name=New_AngolaL2tp user=\
    user
add connect-to=1.2.3.4 name=l2tp-out1 user=user
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n channel-width=\
    20/40mhz-eC country=no_country_set frequency=2457 frequency-mode=\
    manual-txpower mode=ap-bridge ssid=Rmci_Angola2 tx-power=20 \
    tx-power-mode=all-rates-fixed
/interface pptp-client
add connect-to=1.2.3.4 disabled=no name=New_Angola_PPTP114 user=\
    user
add connect-to=1.2.3.4 disabled=no name=New_Angola_PPTP_Temp user=\
    user
add connect-to=1.2.3.4 disabled=no name=pptp-out1 user=user
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
    dynamic-keys supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys name=\
    ICC-Guest supplicant-identity=""
/interface wireless
add mac-address=x:x:x:x:x:x master-interface=wlan1 name=ap-guest \
    security-profile=ICC-Guest ssid=ICC-Guest wds-cost-range=0 \
    wds-default-cost=0
/ip dhcp-server
add authoritative=after-2sec-delay interface=ether1-gateway lease-time=3d \
    name=dhcp1
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add comment="Main Local DHCP" name=default-dhcp ranges=\
    192.168.0.26-192.168.0.254
add comment=Local-DHCP-Jotun name=Pool-Jotun ranges=\
    192.168.99.20-192.168.99.250
/ip dhcp-server
add address-pool=default-dhcp authoritative=after-2sec-delay disabled=no \
    interface=bridge-local lease-time=3d name=default
add address-pool=Pool-Jotun authoritative=after-2sec-delay interface=ap-guest \
    name=dhcp2
add address-pool=Pool-Jotun disabled=no interface=ether5-slave-local \
    lease-time=3d name=server-ether5-jotun
/interface sstp-client
add connect-to=1.2.3.4 disabled=no name=New_Office_sstp profile=\
    default-encryption user=user \
    verify-server-address-from-certificate=no
add connect-to=1.2.3.4 disabled=no name=sstp-out1 profile=\
    default-encryption user=user
/queue type
add kind=pcq name="MaximumDownloadSpeed " pcq-classifier=src-address \
    pcq-rate=500k
add kind=pcq name="MaximumUploadSpeed " pcq-classifier=dst-address pcq-rate=\
    500k

/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface list member
add interface=ether1-gateway list=discover
add interface=ether2-master-local list=discover
add interface=ether3-slave-local list=discover
add interface=ether4-slave-local list=discover
add interface=ether5-slave-local list=discover
add interface=bridge-local list=discover
add interface=l2tp-out1 list=discover
add interface=pptp-out1 list=discover
add interface=sstp-out1 list=discover
add interface=wlan1 list=discover
add interface=ap-guest list=discover
add interface=ether2-master-local list=mactel
add interface=ether3-slave-local list=mactel
add interface=ether2-master-local list=mac-winbox
add interface=ether4-slave-local list=mactel
add interface=ether3-slave-local list=mac-winbox
add interface=ether5-slave-local list=mactel
add interface=ether4-slave-local list=mac-winbox
add interface=bridge-local list=mactel
add interface=ether5-slave-local list=mac-winbox
add interface=wlan1 list=mactel
add interface=bridge-local list=mac-winbox
add interface=wlan1 list=mac-winbox
/ip accounting
set account-local-traffic=yes enabled=yes
/ip accounting web-access
set accessible-via-web=yes address=192.168.0.99/32
/ip address
add address=192.168.0.1/24 comment="default configuration" interface=\
    bridge-local network=192.168.0.0
add address=192.168.0.1/24 comment="default configuration" interface=wlan1 \
    network=192.168.0.0
add address=192.168.22.10/24 interface=ether3-slave-local network=\
    192.168.22.0
add address=1.2.3.4/56 disabled=yes interface=ether4-slave-local \
    network=1.2.3.4
add address=1.2.3.4/56 interface=ether4-slave-local network=\
1.2.3.4/
add address=10.0.0.17 disabled=yes interface=l2tp-out1 network=10.0.0.16
add address=192.168.8.1/24 disabled=yes interface=ether3-slave-local network=\
    192.168.8.0
add address=1.2.3.4/56 interface=ether1-gateway network=1.2.3.0
add address=11.11.11.1/24 interface=ap-guest network=11.11.11.0
add address=192.168.99.1/24 comment=Jotun-Port5 interface=ether5-slave-local \
    network=192.168.99.0
add address=192.168.99.1/24 comment=Jotun-Bridge disabled=yes interface=\
    bridge-local network=192.168.99.0
/ip dhcp-client
add add-default-route=no comment="default configuration" interface=\
    ether1-gateway
add default-route-distance=5 interface=ether3-slave-local
add interface=wlan1
/ip dhcp-server network
add address=11.11.11.0/24 comment="ICC-Guest WiFi" gateway=11.11.11.1
add address=192.168.0.0/24 comment="default configuration" dns-server=\
    192.168.9.1,8.8.8.8 gateway=192.168.0.1 netmask=24
add address=192.168.99.0/24 comment=ether5-Jotun dns-server=\
    192.168.99.1,8.8.8.8 gateway=192.168.99.1
/ip dns
set allow-remote-requests=yes servers=\
1.2.3.4,1.2.3.4,8.8.8.8,1.2.3.4
/ip dns static
add address=192.168.88.1 name=router
/ip firewall address-list
add address=216.58.211.110 list=Youtube
add address=172.217.168.234 list=Youtube
add address=173.194.69.101 list=Youtube
add address=172.217.19.206 list=Youtube
add address=172.217.20.78 list=Youtube
add address=172.217.168.206 list=Youtube
add address=172.217.20.74 list=Youtube
add address=172.217.168.238 list=Youtube
add address=216.58.208.110 list=Youtube
add address=192.168.9.9 disabled=yes list="Youtube Allowed Users"
add address=192.168.9.99 list="Youtube Allowed Users"
add address=192.168.9.127 list="Youtube Allowed Users"
add address=192.168.9.2 list="Youtube Allowed Users"
add address=192.168.9.164 disabled=yes list="Youtube Allowed Users"
add address=78.31.8.0/22 list=Spotify
add address=193.182.8.0/21 list=Spotify
add address=193.235.232.0/24 list=Spotify
add address=35.186.224.25 list=Spotify
add address=192.168.9.50 list="Youtube Allowed Users"
add address=192.168.9.149 list="Youtube Allowed Users"
add address=192.168.9.186 list="Youtube Allowed Users"
add address=192.168.9.172 list="Youtube Allowed Users"
add address=192.168.9.63 list="Youtube Allowed Users"
/ip firewall filter
add action=reject chain=input disabled=yes dst-port=53 in-interface=\
    ether4-slave-local protocol=udp reject-with=icmp-network-unreachable
add action=accept chain=input comment="default configuration" disabled=yes \
    protocol=icmp
add action=accept chain=input comment="default configuration" \
    connection-state=established disabled=yes
add action=accept chain=input comment="default configuration" \
    connection-state=related disabled=yes
add action=drop chain=input comment="default configuration" disabled=yes \
    in-interface=ether1-gateway
add action=accept chain=forward comment="default configuration" \
    connection-state=established disabled=yes
add action=accept chain=forward comment="default configuration" \
    connection-state=related disabled=yes
add action=drop chain=forward comment="default configuration" \
    connection-state=invalid disabled=yes
add action=accept chain=input comment="FTP File Server" dst-port=\
    12345,12345-67890 in-interface=ether1-gateway protocol=tcp
add action=drop chain=forward comment="ICC-Guest WiFi" disabled=yes \
    dst-address=192.168.0.0/24 src-address=11.11.11.0/24
add action=drop chain=forward disabled=yes dst-address=11.11.11.0/24 \
    src-address=192.168.0.0/24
add action=drop chain=input comment="drop ftp brute forcers" dst-port=1234 \
    protocol=tcp src-address-list=ftp_blacklist
add action=accept chain=output content="530 Login incorrect" dst-limit=\
    1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=ftp_blacklist \
    address-list-timeout=3h chain=output content="530 Login incorrect" \
    protocol=tcp
add action=drop chain=input comment="drop ssh brute forcers" dst-port=1234 \
    protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
    address-list-timeout=1w3d chain=input connection-state=new dst-port=1234 \
    protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 \
    address-list-timeout=1m chain=input connection-state=new dst-port=1234 \
    protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
    address-list-timeout=1m chain=input connection-state=new dst-port=1234 \
    protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
    address-list-timeout=1m chain=input connection-state=new dst-port=1234 \
    protocol=tcp
add action=drop chain=forward comment="List of Blocked IP Address" disabled=\
    yes dst-port=80,443 protocol=tcp src-address=192.168.0.9
add action=drop chain=input disabled=yes protocol=tcp src-address=192.168.0.9
add action=accept chain=forward comment="Allowed Block Website Here!!!" \
    disabled=yes dst-address-list=Youtube src-address-list=\
    "Youtube Allowed Users"
add action=add-dst-to-address-list address-list=Youtube address-list-timeout=\
    4w2d chain=forward comment="Block Website Here!!!" disabled=yes dst-port=\
    443 protocol=tcp src-address=192.168.0.0/24 tls-host=*youtube*
add action=add-dst-to-address-list address-list=Spotify address-list-timeout=\
    4w2d chain=forward disabled=yes dst-port=443 protocol=tcp src-address=\
    192.168.0.0/24 tls-host=*youtube*
add action=drop chain=forward disabled=yes dst-address-list=Youtube
add action=drop chain=forward disabled=yes dst-address-list=Spotify
/ip firewall mangle
add action=mark-routing chain=prerouting disabled=yes dst-address=\
    1.2.3.4 new-routing-mark=Out_Ether4 passthrough=yes
add action=mark-routing chain=prerouting disabled=yes new-routing-mark=\
    Out_Ether4 passthrough=yes src-address=192.168.0.4
add action=mark-routing chain=prerouting new-routing-mark=Out_Ether4 \
    passthrough=yes src-address=192.168.0.4
/ip firewall nat
add action=accept chain=srcnat dst-address=192.168.2.0/24 src-address=\
    192.168.0.0/24
# New_Angola_PPTP_Temp not ready
add action=accept chain=srcnat comment="_New_Angola_PPTP_Temp not ready" \
    dst-address=192.168.2.0/24 out-interface=New_Angola_PPTP_Temp
add action=masquerade chain=srcnat comment=JOTUN disabled=yes dst-address=\
    192.168.99.0/24
add action=masquerade chain=srcnat comment="default configuration" \
    dst-address=!192.168.1.0/16 out-interface=ether4-slave-local
add action=masquerade chain=srcnat comment="default configuration" \
    dst-address=!192.168.1.0/16 fragment=no hotspot="" out-interface=\
    ether1-gateway
add action=dst-nat chain=dstnat dst-address=1.2.3.4 dst-port=1234 \
    in-interface=ether4-slave-local protocol=tcp to-addresses=192.168.0.4 \
    to-ports=1234
add action=masquerade chain=srcnat dst-address=192.168.3.0/24 out-interface=\
    ether3-slave-local
add action=masquerade chain=srcnat dst-address=192.168.4.0/24 out-interface=\
    ether3-slave-local
add action=masquerade chain=srcnat dst-address=192.168.5.0/24 out-interface=\
    ether3-slave-local
add action=dst-nat chain=dstnat comment="TEST" disabled=yes \
    dst-port=1234 protocol=tcp to-addresses=192.168.0.91 to-ports=1234
add action=src-nat chain=srcnat disabled=yes dst-address=192.168.0.91 \
    dst-port=1234 protocol=tcp to-addresses=192.168.0.1
add action=masquerade chain=srcnat disabled=yes dst-address=192.168.0.91 \
    protocol=tcp src-address=192.168.0.0/24
add action=dst-nat chain=dstnat comment="TEST2" disabled=yes \
    dst-port=1234 protocol=tcp to-addresses=192.168.0.99 to-ports=1234
add action=src-nat chain=srcnat disabled=yes dst-address=192.168.0.99 \
    dst-port=1234 protocol=tcp to-addresses=192.168.0.1
add action=masquerade chain=srcnat disabled=yes dst-address=192.168.0.99 \
    protocol=tcp src-address=192.168.0.0/24
add action=dst-nat chain=dstnat comment="PC - BARCODE" dst-address=\
    1.2.3.4 dst-port=1234 protocol=tcp to-addresses=192.168.0.250 \
    to-ports=1234

add action=dst-nat chain=dstnat comment="FTP FILEZILLA" dst-port=1234 \
    in-interface=ether1-gateway protocol=tcp to-addresses=192.168.0.99
add action=dst-nat chain=dstnat dst-port=12345-67890 in-interface=\
    ether1-gateway protocol=tcp to-addresses=192.168.0.99
add action=masquerade chain=srcnat comment="ICC-Guest WiFi" disabled=yes \
    out-interface=ap-guest src-address=11.11.11.0/24
/ip proxy
set cache-path=web-proxy1
/ip route
add distance=4 gateway=1.2.3.4 routing-mark=Out_Ether4
add distance=3 gateway=1.2.3.4
add disabled=yes distance=1 dst-address=10.0.0.16/32 gateway=l2tp-out1 \
    pref-src=10.0.0.17 scope=10
add distance=1 dst-address=10.10.10.1/32 gateway=\
    New_Angola_PPTP_Temp,New_Office_sstp,New_AngolaL2tp
add distance=1 dst-address=1.2.3.4/56 gateway=1.2.3.4
add distance=1 dst-address=1.2.3.4/56 gateway=1.2.3.4
add disabled=yes distance=1 dst-address=1.2.3.4/56 gateway=\
    1.2.3.4
add distance=1 dst-address=1.2.3.4/56 gateway=New_Angola_PPTP_Temp
add distance=2 dst-address=1.2.3.4/56 gateway=New_AngolaL2tp
add distance=3 dst-address=1.2.3.4/56 gateway=New_Angola_PPTP114
add disabled=yes distance=2 dst-address=1.2.3.4/56 gateway=l2tp-out1
add distance=1 dst-address=1.2.3.4/56 gateway=1.2.3.4/56
add distance=1 dst-address=1.2.3.4/56 gateway=1.2.3.4/56
add distance=1 dst-address=1.2.3.4/56 gateway=1.2.3.4/56
/ip service

/port remote-access
add
/system clock
set time-zone-autodetect=no time-zone-name=Africa/Luanda
/system identity
set name=Master
/system leds
set 0 interface=wlan1 leds=wlan-led type=wireless-status
set 1 interface=ether1-gateway leds=led1
set 2 interface=ether2-master-local leds=led2
set 3 interface=ether3-slave-local leds=led3
set 4 interface=ether4-slave-local leds=led4
set 5 interface=ether5-slave-local leds=led5 type=interface-activity
/system ntp client
set enabled=yes primary-ntp=8.8.8.8 secondary-ntp=8.8.4.4
/tool e-mail
set address=1.2.3.4 from=email@email.com port=1234 \
    start-tls=yes user=email@email.com
/tool graphing interface
add allow-address=1.2.3.4/56 interface=ether1-gateway
/tool graphing queue
add allow-address=1.2.3.4/56
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
/tool sniffer
set filter-interface=ether2-master-local,wlan1 filter-port=imap3,smtp,pop3 \
    streaming-enabled=yes streaming-server=192.168.0.99
 
jaclaz
Forum Guru
Forum Guru
Posts: 1756
Joined: Tue Oct 03, 2023 4:21 pm

Re: Problem with WiFi connection

Mon Apr 22, 2024 12:11 pm

I don't know, but could it be some DNS related issue?

It seems similar to:
viewtopic.php?t=198145
 
katopz24
newbie
Topic Author
Posts: 31
Joined: Fri Sep 28, 2018 10:28 pm

Re: Problem with WiFi connection

Mon Apr 22, 2024 12:41 pm

Hmm, this is interesting.

I don't have a dedicated DNS, but ISP provides me a DNS for my router.
I'll check on this and coordinate with our ISP.
Thank you for the Idea.

But, I'm still looking for other advice please.
Thanks in advance.
 
Ab5
just joined
Posts: 3
Joined: Fri Jun 12, 2020 10:58 am

Re: Problem with WiFi connection

Tue Apr 23, 2024 10:49 am

check your setup you have Same IP assign to both bridge and lan port

/ip address
add address=192.168.0.1/24 comment="default configuration" interface=\
bridge-local network=192.168.0.0
add address=192.168.0.1/24 comment="default configuration" interface=wlan1 \
network=192.168.0.0
 
katopz24
newbie
Topic Author
Posts: 31
Joined: Fri Sep 28, 2018 10:28 pm

Re: Problem with WiFi connection

Tue Apr 23, 2024 5:54 pm

Yes, same subnet of LAN and WLAN. But, I disabled WLAN, because I used EAP235-Wall(EU) v1.0.

Btw, thanks for the comment.
 
ips
Member Candidate
Member Candidate
Posts: 154
Joined: Mon Oct 09, 2023 6:48 pm
Location: Italy

Re: Problem with WiFi connection

Tue Apr 23, 2024 7:23 pm

AFAICT, setting the IP to wlan1 and putting it on the bridge is a configuration error and it should be removed.
It is also quite hard to understand the configuration where several items are presumably masked without being able to trace the relationships. For example, what is the 1.2.3.4 IPs?
 
katopz24
newbie
Topic Author
Posts: 31
Joined: Fri Sep 28, 2018 10:28 pm

Re: Problem with WiFi connection  [SOLVED]

Wed Apr 24, 2024 1:37 pm

Hi to All,

This is now resolved.

I found that AP and Repeater are making a problem of the network. I tried to trouble the recent installed devices in the network, so I tried to disconnect each of newly installed AP and Repeater and testing a mobile, voila! it's working. So I just reconfigured the AP and Repeater.

Thanks to All!

Who is online

Users browsing this forum: No registered users and 7 guests