/export file=anynameyoulike
/interface bridge
add admin-mac=XX:XX:XX:XX:XX:XX auto-mac=no comment=defconf name=\
"201 - BRIDGE - PrivateLAN"
add admin-mac=XX:XX:XX:XX:XX:XZ auto-mac=no comment=defconf name=\
"299 - BRIDGE - GuestLAN"
/interface list
add comment="contains all WAN interfaces" name=WAN
add comment="contains private subscriber interfaces" name=PRIVATE
add comment="contains subscriber guest interfaces" name=GUEST
add comment="contains all internal interfaces; private and guest" exclude=WAN \
name=INTERNAL
/interface wifi channel
add band=5ghz-ax disabled=no name=wifi1 skip-dfs-channels=10min-cac width=\
20mhz
add band=2ghz-ax disabled=no name=wifi2 skip-dfs-channels=10min-cac width=\
20/40mhz
/interface wifi security
add authentication-types=wpa2-psk,wpa3-psk disabled=no name=Primary-SSID \
passphrase=privatepassword
add authentication-types=wpa2-psk,wpa3-psk disabled=no name=Guest-SSID \
passphrase=guestpassword
/interface wifi configuration
add country="United States" disabled=no mode=ap name=Primary-SSID security=\
Primary-SSID security.authentication-types="" ssid=\
COMPANY-SUBSCRIBER
add country="United States" disabled=no mode=ap name=Guest-SSID security=\
Guest-SSID security.authentication-types="" ssid=SUBSCRIBER-Guest
/interface wifi
set [ find default-name=wifi1 ] channel=wifi1 channel.skip-dfs-channels=\
10min-cac configuration=Primary-SSID configuration.mode=ap disabled=no \
security=Primary-SSID security.authentication-types=wpa2-psk,wpa3-psk
add configuration=Guest-SSID configuration.mode=ap disabled=no mac-address=\
4A:A9:8A:43:96:92 master-interface=wifi1 name=wifi1-Guest security=\
Guest-SSID
set [ find default-name=wifi2 ] channel=wifi2 configuration=Primary-SSID \
configuration.mode=ap disabled=no security=Primary-SSID \
security.authentication-types=wpa2-psk,wpa3-psk
add configuration=Guest-SSID configuration.mode=ap disabled=no mac-address=\
4A:A9:8A:43:96:92 master-interface=wifi2 name=wifi2-Guest security=\
Guest-SSID
/ip pool
add name=dhcp-Pool-Private ranges=192.168.88.101-192.168.88.200
add name=dhcp-Pool-Guest ranges=192.168.89.101-192.168.89.200
/ip dhcp-server
add address-pool=dhcp-Pool-Private bootp-lease-time=lease-time bootp-support=\
dynamic interface="201 - BRIDGE - PrivateLAN" lease-time=10m name=Private
add address-pool=dhcp-Pool-Guest bootp-lease-time=lease-time bootp-support=\
dynamic interface="299 - BRIDGE - GuestLAN" lease-time=10m name=Guest
/interface bridge port
add bridge="201 - BRIDGE - PrivateLAN" comment=defconf interface=ether2
add bridge="201 - BRIDGE - PrivateLAN" comment=defconf interface=ether3
add bridge="201 - BRIDGE - PrivateLAN" comment=defconf interface=ether4
add bridge="201 - BRIDGE - PrivateLAN" comment=defconf interface=ether5
add bridge="201 - BRIDGE - PrivateLAN" comment=defconf interface=wifi1
add bridge="201 - BRIDGE - PrivateLAN" comment=defconf interface=wifi2
add bridge="299 - BRIDGE - GuestLAN" interface=wifi1-Guest
add bridge="299 - BRIDGE - GuestLAN" interface=wifi2-Guest
/ip neighbor discovery-settings
set discover-interface-list=PRIVATE
/interface list member
add comment=defconf interface="201 - BRIDGE - PrivateLAN" list=PRIVATE
add comment=defconf interface=ether1 list=WAN
add interface="299 - BRIDGE - GuestLAN" list=GUEST
add interface="299 - BRIDGE - GuestLAN" list=INTERNAL
add interface="201 - BRIDGE - PrivateLAN" list=INTERNAL
/ip address
add address=192.168.88.1/24 comment=defconf interface=\
"201 - BRIDGE - PrivateLAN" network=192.168.88.0
add address=192.168.89.1/24 comment=defconf interface=\
"299 - BRIDGE - GuestLAN" network=192.168.89.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 domain=\
private.subscriber.company gateway=192.168.88.1
add address=192.168.89.0/24 comment=defconf dns-server=192.168.88.1 domain=\
guest.subscriber.company gateway=192.168.89.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!INTERNAL
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
/ip firewall service-port
set rtsp disabled=no
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=\
33434-33534 protocol=udp
add action=accept chain=input comment=\
"defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=input comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!PRIVATE
add action=accept chain=forward comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
"defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=forward comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!PRIVATE
/system clock
set time-zone-name=America/CITY
/system identity
set name=DeviceName
/system note
set show-at-login=no
/tool mac-server
set allowed-interface-list=PRIVATE
/tool mac-server mac-winbox
set allowed-interface-list=PRIVATE
/interface wifi channel add band=2ghz-n disabled=no frequency=2442,2472 name=2ghz-channels width=20mhz
/interface wifi security add authentication-types=wpa2-psk,wpa3-psk disable-pmkid=yes disabled=no name=myhome-security wps=disable
/interface wifi configuration
add channel=2ghz-channels channel.band=2ghz-ax country=Estonia disabled=no name=config-24ghz security=myhome-security security.ft=yes .ft-over-ds=yes ssid=mywifinetwork
add channel.band=5ghz-ax .skip-dfs-channels=10min-cac country=Estonia disabled=no name=config-5ghz security=myhome-security security.ft=yes .ft-over-ds=yes ssid=mywifinetwork
/interface wifi
set [ find default-name=wifi1 ] configuration=config-5ghz configuration.mode=ap disabled=no security.authentication-types=wpa2-psk,wpa3-psk
set [ find default-name=wifi2 ] configuration=config-24ghz configuration.mode=ap disabled=no security.authentication-types=wpa2-psk,wpa3-psk
Really weird is that Tx Rate is shown differently in client and router and never goes over 286Mbps for this client.
I also have weird problems with AX3 on 7.13 WiFi speed. My test is copying big file from NAS that is directly attached to the router's ethernet. With AC2 at the same place, speeds were nicely 50-55MB/sec.
1: Windows 11 connects over 5GHz AC: link speed shown in computer: 780/780, real speed during copying of file: 1-2.2MB/s
2: Macbook Air 15" M2 connects over 5GHz AX, link speed shown in client 864, in winbox 286, real speed 10-11MB/s. Really weird is that Tx Rate is shown differently in client and router and never goes over 286Mbps for this client.
/interface wifi configuration set [ find name=config-5ghz ] channel.band=5ghz-ac
This was basically what I did. The ax3 range was terrible (barely covering a single room). I drove out with a new in the box ax2, copied and pasted the config, and the ax2 range (and thereby with increased signal levels, performance) increased dramatically and the customer was happy again. Seems most of the forum thinks I'm dumb or it's a config issue, so I've moved on, I have my beliefs, and I will use my evidence and knowledge to just work on the problem and situation in my own ways (higher dB external antennas are en-route for further testing, and/or I will just use ax2 and not ax3)What I really want is just for somebody (if you have time and energy for experimenting, it'd be cool if you did that) to please just put an ax^3 against ax^2/ac^2 with the same exact configuration and in the same exact (or as similar as you can provide) conditions, and make a little semi-scientific report on it. The easiest way is to use default config, default SSID, set band, channel witdth, frequency and TX power and only one device. Better use an open network or WPA2 PSK, it's more stable. Just roleplay a nuclear physicist: if you're wrong about something, it goes kaboom, so better check.
All of this will instantly either prove or disprove that there's something wrong with the hAP ax^3 on a fundamental level. It's called a sanity check.
If this test shows that performances are radically different between ax^3 and ax^2/ac^2, with ax^3 being considerably worse, then you can open a ticket with MikroTik, provide them with solid scientific evidence that there's something wrong with the hAP ax^3 and wait for their reply.
/interface bridge
add admin-mac=<snip> auto-mac=no comment=defconf name=bridge
/interface wifi
set [ find default-name=wifi1 ] channel.band=5ghz-ax .skip-dfs-channels=10min-cac .width=20/40/80mhz configuration.antenna-gain=5 .country=Switzerland .mode=ap .ssid=<snip> .tx-power=28 disabled=no name=eg-wifi1-5g security.authentication-types=wpa2-psk,wpa3-psk .connect-priority=0 .ft=yes .ft-over-ds=yes
set [ find default-name=wifi2 ] channel.band=2ghz-ax .skip-dfs-channels=10min-cac .width=20/40mhz configuration.antenna-gain=5 .country=Switzerland .mode=ap .ssid=<snip> .tx-power=28 disabled=no name=eg-wifi2-2.4g security.authentication-types=wpa2-psk,wpa3-psk .connect-priority=0 .ft=yes .ft-over-ds=yes
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface bridge port
add bridge=bridge comment=defconf interface=all
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
...
TX Power (dBm) Side Max (dBm) Min (dBm) Avg (dBm) ErrAvg (dBm)
3 Front -63 -64 -63.5 0.5
3 Rear -62 -64 -63 1
3 Left -57 -62 -59.5 2.5
3 Right -60 -62 -61 1
13 Front -55 -59 -57 2
13 Rear -52 -55 -53.5 1.5
13 Left -54 -56 -55 1
13 Right -55 -56 -55.5 0.5
20 Front -44 -48 -46 2
20 Rear -46 -50 -48 2
20 Left -46 -50 -48 2
20 Right -42 -44 -43 1
TX Power (dBm) Max (dBm) ErrMax (dBm)
3 -61 1
13 -53.5 1.5
20 -43 1
TX Power (dBm) AdjMax (dBm) ErrAdjMax (dBm)
3 3 0
13 10.5 2.5
20 21 2
2412/20-Ce/gn(27dBm) -> -67 to -70
5660/20-Ceee/ac/DP(25dBm) -> -84 to -88
2412/ax/Ce tx=27 gain=6 -> -75 to -85
5660/ax/Ceee tx=24 gain=6 -> -90 to no signal at all
In-deed I did similar test. No Android here, so I tested with my iPhone reading out signal strength values from "Registration" tab on the Mikrotiks (not sure how much sense those make, but it was the most consistent values I could get).
As @Nullcaller already explained, values in registration tab are about signals received by AP. And it's also important to understand what antenna gain property means: it doesn't change actual antenna performance (because antenna gain is actual physical property of antenna), it only informs ROS about antenna properties. ROS then uses this value to calculate maximum Tx power it can use and still conform to country regulations regarding EIRP (which includes antenna gain). However, setting antenna gain property to different values doesn't affect Rx signal stregth, signal strength is what's received and that depends on actual antenna gain (but not the property setting).Particularly worried I'm more about the antenna gain. As said I tested values from 0 to 6 with basically NO effect on signal strength. Is that normal?
and...
For anyone who got an ax3, an ax2 and an Android device, I propose a different, more direct testing strategy. It still involves pretty much default configs, all that good stuff that I've previously written out. Fixed channels, fixed everything, and an SSID different from anything else you've used, just to be extra-sure.
...
Step 2. Using F-Droid, download an app called 'WiFi Analyzer' and install it.
... No Android here, so I tested with my iPhone reading out signal strength values from "Registration" tab on the Mikrotiks (not sure how much sense those make, but it was the most consistent values I could get).
...
If we measured the error for 3dBm correctly and if the device is outputting on 3dBm correctly (which would be more or less true even if the amplifier was dead, 0 dBm ≈ 3 dBm with the random error values observed),
At the lower power settings of the radio (<2dBm), the radio is not following the settings anymore. It was highly non-linear in that range.
[admin@core] > int wifi/export show-sensitive
# 2024-01-14 08:52:41 by RouterOS 7.13
#
# model = RB5009UG+S+
/interface wifi channel
add band=2ghz-ax disabled=no frequency=2412,2437,2462 name=ch-2ghz skip-dfs-channels=all width=20mhz
add band=5ghz-ax disabled=no frequency=5180,5260,5500,5580,5660,5745 name=ch-5ghz skip-dfs-channels=10min-cac width=20/40/80mhz
/interface wifi security
add authentication-types=wpa2-psk disable-pmkid=yes disabled=no ft=yes ft-over-ds=yes management-protection=allowed name=Home passphrase=secret wps=disable
add authentication-types=wpa3-eap disable-pmkid=yes disabled=no eap-accounting=yes ft=yes ft-over-ds=yes management-protection=required name=radius-eap wps=disable
add authentication-types=wpa3-psk disable-pmkid=yes disabled=no ft=no ft-over-ds=no management-protection=required name=radius-mac passphrase=internet wps=disable
/interface wifi
add channel.frequency=2462 configuration="wifi2 - 2.4 GHz" configuration.mode=ap disabled=no name="2G - Ash - Core Wireless1" radio-mac=48:A9:8A:56:05:9E
add configuration="wifi2 - 2.4 GHz - Guest" disabled=no mac-address=4A:A9:8A:56:05:9F master-interface="2G - Ash - Core Wireless1" name="2G - Ash - Core Wireless2"
add configuration="wifi2 - 2.4 GHz - Office" disabled=no mac-address=4A:A9:8A:56:05:A0 master-interface="2G - Ash - Core Wireless1" name="2G - Ash - Core Wireless3"
add channel.frequency=2412 configuration="wifi2 - 2.4 GHz" configuration.mode=ap disabled=no name="2G - Ash - Cottage1" radio-mac=48:A9:8A:07:5A:C8
add configuration="wifi2 - 2.4 GHz - Guest" disabled=no mac-address=4A:A9:8A:07:5A:C9 master-interface="2G - Ash - Cottage1" name="2G - Ash - Cottage2"
add configuration="wifi2 - 2.4 GHz - Office" disabled=no mac-address=4A:A9:8A:07:5A:CA master-interface="2G - Ash - Cottage1" name="2G - Ash - Cottage3"
add channel.frequency=2437 configuration="wifi2 - 2.4 GHz" configuration.mode=ap disabled=no name="2G - Ash - Game Room1" radio-mac=48:A9:8A:56:05:C9
add configuration="wifi2 - 2.4 GHz - Guest" disabled=no mac-address=4A:A9:8A:56:05:CA master-interface="2G - Ash - Game Room1" name="2G - Ash - Game Room2"
add configuration="wifi2 - 2.4 GHz - Office" disabled=no mac-address=4A:A9:8A:56:05:CB master-interface="2G - Ash - Game Room1" name="2G - Ash - Game Room3"
add channel.frequency=2437 configuration="wifi2 - 2.4 GHz" configuration.mode=ap disabled=no name="2G - Ash - Living Room" radio-mac=48:A9:8A:55:82:8E
add configuration="wifi2 - 2.4 GHz - Guest" disabled=no mac-address=4A:A9:8A:55:82:8F master-interface="2G - Ash - Living Room" name="2G - Ash - Living Room2"
add configuration="wifi2 - 2.4 GHz - Office" disabled=no mac-address=4A:A9:8A:55:82:90 master-interface="2G - Ash - Living Room" name="2G - Ash - Living Room3"
add channel.frequency=2412 configuration="wifi2 - 2.4 GHz" configuration.mode=ap disabled=no name="2G - Ash - Main Gate" radio-mac=48:A9:8A:0D:DC:F0
add configuration="wifi2 - 2.4 GHz - Guest" disabled=no mac-address=4A:A9:8A:0D:DC:F1 master-interface="2G - Ash - Main Gate" name="2G - Ash - Main Gate2"
add configuration="wifi2 - 2.4 GHz - Office" disabled=no mac-address=4A:A9:8A:0D:DC:F2 master-interface="2G - Ash - Main Gate" name="2G - Ash - Main Gate3"
add channel.frequency=2412 configuration="wifi2 - 2.4 GHz" configuration.mode=ap disabled=no name="2G - Ash - Office1" radio-mac=48:A9:8A:55:FB:83
add configuration="wifi2 - 2.4 GHz - Guest" disabled=no mac-address=4A:A9:8A:55:FB:84 master-interface="2G - Ash - Office1" name="2G - Ash - Office2"
add configuration="wifi2 - 2.4 GHz - Office" disabled=no mac-address=4A:A9:8A:55:FB:85 master-interface="2G - Ash - Office1" name="2G - Ash - Office3"
add channel.frequency=2437 configuration="wifi2 - 2.4 GHz" configuration.mode=ap disabled=no name="2G - Ash - Staff Village1" radio-mac=48:A9:8A:55:85:AC
add configuration="wifi2 - 2.4 GHz - Guest" disabled=no mac-address=4A:A9:8A:55:85:AD master-interface="2G - Ash - Staff Village1" name="2G - Ash - Staff Village2"
add configuration="wifi2 - 2.4 GHz - Office" disabled=no mac-address=4A:A9:8A:55:85:AE master-interface="2G - Ash - Staff Village1" name="2G - Ash - Staff Village3"
add channel.frequency=2462 configuration="wifi2 - 2.4 GHz" configuration.mode=ap disabled=no name="2G - Ash - Viv's Office 1" radio-mac=48:A9:8A:55:85:A5
add configuration="wifi2 - 2.4 GHz - Guest" disabled=no mac-address=4A:A9:8A:55:85:A6 master-interface="2G - Ash - Viv's Office 1" name="2G - Ash - Viv's Office 2"
add configuration="wifi2 - 2.4 GHz - Office" disabled=no mac-address=4A:A9:8A:55:85:A7 master-interface="2G - Ash - Viv's Office 1" name="2G - Ash - Viv's Office 3"
add configuration="wifi1 - 5 GHz" configuration.mode=ap disabled=no name="5G - Ash - Core Wireless1" radio-mac=48:A9:8A:56:05:9D
add configuration="wifi1 - 5 GHz - Guest" disabled=no mac-address=4A:A9:8A:56:05:9D master-interface="5G - Ash - Core Wireless1" name="5G - Ash - Core Wireless2"
add configuration="wifi1 - 5 GHz - Office" disabled=no mac-address=4A:A9:8A:56:05:9E master-interface="5G - Ash - Core Wireless1" name="5G - Ash - Core Wireless3"
add configuration="wifi1 - 5 GHz" disabled=no name="5G - Ash - Cottage1" radio-mac=48:A9:8A:07:5A:C7
add configuration="wifi1 - 5 GHz - Guest" disabled=no mac-address=4A:A9:8A:07:5A:C7 master-interface="5G - Ash - Cottage1" name="5G - Ash - Cottage2"
add configuration="wifi1 - 5 GHz - Office" disabled=no mac-address=4A:A9:8A:07:5A:C8 master-interface="5G - Ash - Cottage1" name="5G - Ash - Cottage3"
add configuration="wifi1 - 5 GHz" configuration.mode=ap disabled=no name="5G - Ash - Game Room1" radio-mac=48:A9:8A:56:05:C8
add configuration="wifi1 - 5 GHz - Guest" disabled=no mac-address=4A:A9:8A:56:05:C8 master-interface="5G - Ash - Game Room1" name="5G - Ash - Game Room2"
add configuration="wifi1 - 5 GHz - Office" disabled=no mac-address=4A:A9:8A:56:05:C9 master-interface="5G - Ash - Game Room1" name="5G - Ash - Game Room3"
add configuration="wifi1 - 5 GHz" disabled=no name="5G - Ash - Living Room" radio-mac=48:A9:8A:55:82:8D
add configuration="wifi1 - 5 GHz - Guest" disabled=no mac-address=4A:A9:8A:55:82:8D master-interface="5G - Ash - Living Room" name="5G - Ash - Living Room2"
add configuration="wifi1 - 5 GHz - Office" disabled=no mac-address=4A:A9:8A:55:82:8E master-interface="5G - Ash - Living Room" name="5G - Ash - Living Room3"
add configuration="wifi1 - 5 GHz" disabled=no name="5G - Ash - Main Gate" radio-mac=48:A9:8A:0D:DC:EF
add configuration="wifi1 - 5 GHz - Guest" disabled=no mac-address=4A:A9:8A:0D:DC:EF master-interface="5G - Ash - Main Gate" name="5G - Ash - Main Gate2"
add configuration="wifi1 - 5 GHz - Office" disabled=no mac-address=4A:A9:8A:0D:DC:F0 master-interface="5G - Ash - Main Gate" name="5G - Ash - Main Gate3"
add configuration="wifi1 - 5 GHz" configuration.mode=ap disabled=no name="5G - Ash - Office1" radio-mac=48:A9:8A:55:FB:82
add configuration="wifi1 - 5 GHz - Guest" disabled=no mac-address=4A:A9:8A:55:FB:82 master-interface="5G - Ash - Office1" name="5G - Ash - Office2"
add configuration="wifi1 - 5 GHz - Office" disabled=no mac-address=4A:A9:8A:55:FB:83 master-interface="5G - Ash - Office1" name="5G - Ash - Office3"
add configuration="wifi1 - 5 GHz" disabled=no name="5G - Ash - Staff Village1" radio-mac=48:A9:8A:55:85:AB
add configuration="wifi1 - 5 GHz - Guest" disabled=no mac-address=4A:A9:8A:55:85:AB master-interface="5G - Ash - Staff Village1" name="5G - Ash - Staff Village2"
add configuration="wifi1 - 5 GHz - Office" disabled=no mac-address=4A:A9:8A:55:85:AC master-interface="5G - Ash - Staff Village1" name="5G - Ash - Staff Village3"
add configuration="wifi1 - 5 GHz" configuration.mode=ap disabled=no name="5G - Ash - Viv's Office 1" radio-mac=48:A9:8A:55:85:A4
add configuration="wifi1 - 5 GHz - Guest" disabled=no mac-address=4A:A9:8A:55:85:A4 master-interface="5G - Ash - Viv's Office 1" name="5G - Ash - Viv's Office 2"
add configuration="wifi1 - 5 GHz - Office" disabled=no mac-address=4A:A9:8A:55:85:A5 master-interface="5G - Ash - Viv's Office 1" name="5G - Ash - Viv's Office 3"
/interface wifi access-list
add action=query-radius disabled=no radius-accounting=yes ssid-regexp="Guest"
/interface wifi capsman
set ca-certificate=auto enabled=yes interfaces=vlan1 package-path="" require-peer-certificate=no upgrade-policy=suggest-same-version
/interface wifi configuration
add antenna-gain=0 channel=ch-5ghz country=Taiwan datapath="VLAN: Home - Full" disabled=no mode=ap name="wifi1 - 5 GHz" security=Home ssid=Home
add antenna-gain=0 channel=ch-2ghz country=Taiwan datapath="VLAN: Guest - Full" disabled=no mode=ap name="wifi2 - 2.4 GHz" security=Home ssid=Home
add datapath="VLAN: Invalid - Isolated" disabled=no mode=ap name="wifi1 - 5 GHz - Guest" security=radius-mac ssid="Guest (pw: internet)"
add datapath="VLAN: Invalid - Full" disabled=no mode=ap name="wifi1 - 5 GHz - Office" security=radius-eap ssid="Office"
add datapath="VLAN: Invalid - Isolated" disabled=no mode=ap name="wifi2 - 2.4 GHz - Guest" security=radius-mac ssid="Guest (pw: internet)"
add datapath="VLAN: Invalid - Full" disabled=no mode=ap name="wifi2 - 2.4 GHz - Office" security=radius-eap ssid="Office"
/interface wifi datapath
add bridge=bridge disabled=no name="VLAN: Invalid - Full" vlan-id=3999
add bridge=bridge client-isolation=yes disabled=no name="VLAN: Invalid - Isolated" vlan-id=3999
add bridge=bridge client-isolation=no disabled=no name="VLAN: Guest - Full" vlan-id=53
/interface wifi provisioning
add action=create-enabled disabled=no master-configuration="wifi1 - 5 GHz" name-format="5G - %I" slave-configurations=\
"wifi1 - 5 GHz - Guest,wifi1 - 5 GHz - Office" supported-bands=5ghz-ax
add action=create-enabled disabled=no master-configuration="wifi2 - 2.4 GHz" name-format="2G - %I" slave-configurations=\
"wifi2 - 2.4 GHz - Guest,wifi2 - 2.4 GHz - Office" supported-bands=2ghz-ax
From what I've read in other forum posts the APs should automatically reduce Tx Power by the AP's included antennea, but I do see an increase via Android WiFi Analyzer when I manually set the main SSIDs with antenna-gain=0.
This is not supposed to be the reason. MT published specs for both devices and antenna gain number for ax3 is for included external antennae (are they actually detachable?). And even so, if EIRP calculation is correct, then signal strength in direction of highest gain should be the same. The directionality of antenna only vones into pkay if one manages to turn (both) antennae so that they point directly at wireless station (or directly away from it), dipole antenna (stick-shaped, like those on ax3) radiates very little in these two directions (more about it in wikipedia article, includes nice charts).Semi random thought, but could it be that at least a part of the lamented issues (ax3 covering less than ax2) could be related to the ax3 (external) antennas being more directional when compared to the ax2 omnidirectional (internal) ones?
Always surprised me, as they resemble the "outdoor HGO antenna" https://mikrotik.com/product/hgo_antenna_out"HGO indoor antenna kit"
The outdoor seem "straight", the indoor has the 90°/movable joint on the connector, in the Ax3 manual in the FCC section, they are described as:Always surprised me, as they resemble the "outdoor HGO antenna" https://mikrotik.com/product/hgo_antenna_out"HGO indoor antenna kit"
Same or not?
Very similar to the description of the outdoor ones:APPROVED 2.4 GHz ANTENNA:
3.36 dBi Omni-directional (HGO-antenna-IN)
APPROVED 5 GHz ANTENNA:
6.01 dBi Omni-directional (HGO-antenna-IN)
they could actually be the same with just a different connector.Provides 3.3 dBi gain for the 2.4 GHz band and 5.5-7.1 dBi gain for the 5 GHz band.
/interface wifiwave2 / radio/ print
detail
terse
value-list
I found it!WLAN drivers used to show the allowed EIRP level differences for different frequencies
wifiwave2 driver ... did not find any details per frequency ... except region power limit = 30dBm
/interface/wifi/radio/reg-info country="United States"
ranges: 2402-2472/30
5490-5730/24/dfs
5735-5835/30
5250-5330/24/dfs
5170-5250/30
5835-5895/30/indoor
This is not supposed to be the reason.Semi random thought, but could it be that at least a part of the lamented issues (ax3 covering less than ax2) could be related to the ax3 (external) antennas being more directional when compared to the ax2 omnidirectional (internal) ones?
The regulator limits the max transmitted power in the antenna strongest direction.
... in the Ax3 manual in the FCC section, they are described as:APPROVED 2.4 GHz ANTENNA:
3.36 dBi Omni-directional (HGO-antenna-IN)
APPROVED 5 GHz ANTENNA:
6.01 dBi Omni-directional (HGO-antenna-IN)
Yes yes, many thanks for this ... the combination of words reg-info and country ... would have been a while before I tried this.I found it!
[admin@MikroTik] /interface/wifiwave2/radio> reg-info country=Belgium
number: 0
ranges: 2402-2482/20
5170-5250/23/indoor
5250-5330/23/indoor/dfs
5490-5730/30/dfs
5735-5875/14
Not based on science (antenna radiation patterns and wave propagation are difficult things), but somehow the propagation indoor from room to room, is omnidirectional.IMO, this fact kind of makes directional antennae pointless for WiFi, unless you can spatial MU-MIMIO thingamajiggary your way out of the fact that you're literally just reducing TX power in some directions compared to an omnidirectional antenna.
I was trying different things in terminal, pressed tab while in /interface/wifi/radio/ and went "What's this thing, 'reg-info'? What could that possibly stand fo- Oh. Oh... OOOH!"the combination of words reg-info and country ... would have been a while before I tried this
But isn't it supposed to be at around the level that you ideally want your APs to be running at? Again, only 13-15 dBm of answering power on client devices. Or am I missing something?the default out-of-the-box "auto" used frequency in Europe (5865 MHz) is ONLY 14 dBm in the max power direction !!!
No wonder my devices do not pick up that frequency. Much too weak on different floor.
...
Have to do much more tests. May catch that 5865 MHz when closeby, or just not at all.
This is quite interesting indeed.Measured difference between 5260 and 5680 MHz (-78 to -59) was also bigger than the 7 dB in the table. What is this. !?
Just remember that antenna gain is always bi-directional: same ampification (gain) for transmit as for receive.Or am I missing something?
So, scratch everything about directionality
So then "Nothing is under control".Can't be more simpler, everything default config, so it's either
I'm not a specialist on WiFi tuning, so I kept my testing as simple as possible: ...
I have never seen hAP ac2 use those high frequencies (for Europe at 14 dBm only)
[REDACTED@REDACTED] > /interface/wifiwave2/radio/reg-info country="United States" 0
ranges: 2402-2472/30
5490-5730/24/dfs
5735-5835/30
5250-5330/24/dfs
5170-5250/30
5835-5895/30/indoor
[REDACTED@REDACTED] > /interface/wifiwave2/radio/reg-info country="Germany" 0
ranges: 2402-2482/20
5170-5250/23/indoor
5250-5330/23/indoor/dfs
5490-5710/30/dfs
[REDACTED@REDACTED] > /interface/wifiwave2/radio/reg-info country="France" 0
ranges: 2402-2482/20
5170-5250/23/indoor
5250-5330/23/indoor/dfs
5490-5710/30/dfs
[REDACTED@REDACTED] > /interface/wifiwave2/radio/reg-info country="United Kingdom" 0
ranges: 2402-2482/20
5170-5250/23/indoor
5250-5330/23/indoor/dfs
5490-5710/30/dfs
[REDACTED@REDACTED] > /interface/wifiwave2/radio/reg-info country="Belgium" 0
ranges: 2402-2482/20
5170-5250/23/indoor
5250-5330/23/indoor/dfs
5490-5710/30/dfs
[REDACTED@REDACTED] > /interface/wifiwave2/radio/reg-info country="Latvia" 0
ranges: 2402-2482/20
5170-5250/23/indoor
5250-5330/23/indoor/dfs
5490-5710/30/dfs
[REDACTED@REDACTED] > /interface/wifiwave2/radio/reg-info country="Estonia" 0
ranges: 2402-2482/20
5170-5250/23/indoor
5250-5330/23/indoor/dfs
5490-5710/30/dfs
[REDACTED@REDACTED] > /interface/wifiwave2/radio/reg-info country="Poland" 0
ranges: 2402-2482/20
5170-5250/23/indoor
5250-5330/23/indoor/dfs
5490-5710/30/dfs
[REDACTED@REDACTED] > /interface/wifiwave2/radio/reg-info country="Italy" 0
ranges: 2402-2482/20
5170-5250/23/indoor
5250-5330/23/indoor/dfs
5490-5710/30/dfs
[REDACTED@REDACTED] > /interface/wifiwave2/radio/reg-info country="Spain" 0
ranges: 2402-2482/20
5170-5250/23/indoor
5250-5330/23/indoor/dfs
5490-5710/30/dfs
Hmmm, tested hAP ax2 only for that info. (wifiwave2 could first not run on hAP ac2, and I removed it from hAP ac3)
...
Different tables could lead to different channels used in auto/default setup. Those ax higher channels are non-DFS. Preferred by auto?
Curious about another item - in the cli, viewing the county list by pressing tab for auto-filling "reg-info county=", United States is not listed.
I just tried something - and please tell me it's not this.
Separate from forcing the channel selection (5785) - I turned one antenna horizontal leaving the other vertical. I'm not saying it's great - but somehow this made a *huge* difference is range and operation for this AX3.
... the Wifi Analyzer utility shows my 5G signal in a given location at about -60db. Trying to connect to the AX3 is difficult - usually the phone gets past the authentication but then doesn't receive the DHCP. ... Anyway - once I have a connection Winbox shows a signal of -90 to that client. I don't understand why my phone seems to indicate a relatively decent signal but is unable to connect - until I get on top of the AX3.
You want to be in the red zone of this pattern. The Z-axis is the physical antenna. So one up and one flat, is what is expected to be in the hAP ac2/ax2 .I just tried something - and please tell me it's not this.
Separate from forcing the channel selection (5785) - I turned one antenna horizontal leaving the other vertical. I'm not saying it's great - but somehow this made a *huge* difference is range and operation for this AX3.
If a fresh client device 2 meters from router with default config and in a clear line of sight getsSo then "Nothing is under control".Can't be more simpler, everything default config, so it's either
It IS from different channels. The ac 5GHz signal is 40 times (16dB) stronger than the ax signal when just using the default settings on both.it cannot be from antenna positions or different channels.
/interface/wifi> monitor 1
state: running
channel: 5680/ax/eCee
registered-peers: 3
authorized-peers: 3
tx-power: 24
/interface/wifi> monitor 0
state: running
channel: 2472/ax/eC
registered-peers: 5
authorized-peers: 5
tx-power: 16
Not out of the woods yet, with the ax wifi 2.4GHz. It enables b-protocol with "ax" set. Is this including the 1Mbps basic rate? What a waste of airtime!
You want to be in the red zone of this pattern. The Z-axis is the physical antenna. So one up and one flat, is what is expected to be in the hAP ac2/ax2 .
The red zone, high gain, is both for TX and for RX.
Klembord-2.jpg
Copied from interessting Cisco document : https://www.industrialnetworking.com/pd ... tterns.pdf
But wait... what is this ???? Ugly, very ugly ... (antenna impedance mismatch ???, signal reflection ??? )
Can we think of an objective test for those antenna?
Omnidirectional is 2D omnidirectional, in a plane perpendicular on the antenna.
...
The closest to this ideal omnidirectional is the di-pole , it has a gain of around 2.15dBi (i=isotropic). This is called an omnidirectional antenna.
I hope you find some things.I will measure ac2 later today and ac3 tomorrow.
See viewtopic.php?t=198407#p1039928In the wiki there's a mention of "If the CAP is hAP ax2 or hAP ax3, it is strongly recommended to enable RSTP in the bridge configuration, on the CAP", but nothing about reason for this. I don't have neither Capsman nor CAP mode enabled.
You checked the status of your wifi interface, for not using the low power SRD channels? This SRD channel selection happens by default on the MT ax AP if default configuration is used. (SRD frequencies not excluded). Allowed SRD power is very low in Europe!I'm seriously starting to question whether the AX3 issue is antennas - and more likely a serious radio issue. Is there something we should do to elevate this to Mikrotik's attention?
... Inside my house, through multiple walls, I see a 5G wifi signal from that device. While my AX3 half the distance half the walls - can't connect.
I'm seriously starting to question whether the AX3 issue is antennas - and more likely a serious radio issue. ...
[admin@MikroTik] /interface/wifi/radio> reg-info country=Latvia
number: 0
ranges: 2402-2482/20
5170-5250/23/indoor
5250-5330/23/indoor/dfs
5490-5730/30/dfs
5735-5875/14
So, would it be worth the attempt to replace them with *something else* (even if not particularly high gain but with a better omnidirectionality)?- the long ear antenna on hAP ac3/ax3 are not with strong gain, and are omnidirectional in 2D for the 2.4GHz , but not for the 5GHz band. In 5 GHz band the sideway gain is 4.7 dB lower (3x lower)
Yes, all this stuff about antennas is clear as mud.Interesting, but I see only one RF antenna pattern ... probably the 2.4Ghz .. MT HGO looks as good then.
Difficult one, not an answer but just thoughts....it is it "better" an increased Tx level and a low gain antenna or a reduced Tx level and higher gain antenna
hi, I have the same issue, tried every possible tweaking but signal is super weak. Question here: your problem was solved by a 4dBi antenna? can you please help with a make / model / maybe a link to the item?And I just re-read my post, and then reread it again, and then had to go search the specs (again, because I couldn't believe my own eyes)....
...and yes, if the ax2 has 4dBi and the ax3 (with external antennas) is 3.3 on 2.4GHz the range for 2.4GHz would be worse. And this may be the inherent problem (which i didnt catch before).
So, wow. The cheaper device with no external antennas, is probably the better device to use anyhow.
Although, now I have a slew of replacement antennas in my cart, to try different variations. Ultimately, the ax3 gives you the option of using external antennas for the flexibility of adding your own, however, I think there still lies some fault with MikroTik for including antennas with worse performance in 2.4GHz than the ax2, as almost no one would ever assume a more expensive device with external antennas would provide worse range than a smaller device with internal antennas. So, I think a LOT of people are making this mistake, and then complaining about the bad "performance" (range) of the hAP ax3.
Also, I take slight offense to the moderators adjustment of my original title (something along the lines of..I can't remember what it was now): "100% proof of range issues with hAP ax3" as being "click bait" to "hAP ax3 wireless problem" because
a) this creates a very generic title and problem description which people won't be able to find.
b) I provided sufficient and actual proof that the hAP ax3 in a real environment, worked worse than a hAP ax2 (and an AirCube).
c) I have more or less solved my own problem, and/or provided the answer/solution, that the hAP ax3's 2.4GHz range WILL be worse than the hAP ax2's due to the included antennas, and that to meet or exceed the range of a hAP ax2 someone will need to purchase third party external antennas, as the ones included are insufficient.
I recently installed a Unfi Wi-Fi 6 AP at a client. Most time taken was fitting it on the wall. Up and running in 15 minutes, haven't logged back onto cloud manager in three months since it was installed. Wi-Fi coverage throughout entire office is good.After reading this thread the hAP ax3 doesn't seem so attractive anymore. This is a minefield! I wanted USB, but seemingly it causes some sort of interference. I wanted better Wi-Fi performance, but now the cheaper ax2 appears to perform better. What should I buy? Maybe the hEX S with TP-Link AP's is the least painful solution?
It comes pre-configured in caps-mode from factory. You connect it to your network with running capsman, power up the cap-ac and it is connecting to your capsman server. Provisioned. Done.Hmm even with a device destined for use 99% of the time as an access point, the cAP ac comes preconfigured as a router doesn't it?
Exactly like this.Compare to UnfiFi access point with pre-setup cloud controller - plug it in...
Not exactly at all. You either have to set-up CAPsMAN (not easy) or configured wireless entries (also not trivial).Exactly like this.
I can only talk as a user having multiple AX2 and AX3 installed in various places and contexts but this is not true in my experience.What is the result? The flagship ax3 has worse wi-fi than the older and cheaper ax2, right?
Not really worse, different is the better expression.The flagship ax3 has worse wi-fi than the older and cheaper ax2, right?
I've just taken delivery of a cAP ac and I'm afraid it not configured in CAPs mode. It's definitely in router mode:It comes pre-configured in caps-mode from factory.
I can just give one advice: please read the manual first. It help setting up your device.Work in IT long enough and you know people don't read instructions.
Yes but it's possible I powered it up before I plugged into network. Running of it's own PoE adapter. But the CAPsMAN of the controller was a much later version. I'm currently going through the firmware upgrade cycle 6.47.9->6.49.13->7.12.1->7.14.1. That's three reboots. Hmm, still say UniFi is quicker. and overall simpler. Less powerful for sure but 99% of use cases are pretty simple: private LAN with access points with maybe a guest network.Did you have a correct capsman controller ready on the network ? Because then it will be provisioned and ready to go.
If not, it will move on to next default config.
That's a generic problem for a LOT of brands and highly depends on the quality of the used USB device.With ax3, there apparently were reports that having a USB 3.0 device plugged in would bring down 2.4 GHz WiFi, to the point where devices couldn't even connect to it, and apparently it was fixed by a firmware upgrade. (Which is separate from a system update and must be performed manually in said RouterBOARD menu)
JFYI:
viewtopic.php?t=203470
That's a generic problem for a LOT of brands and highly depends on the quality of the used USB device.
Same with bluetooth.
It all operates in the same 2 - 2.5 GHz-range, you see.
No way a firmware upgrade can fix that. That's a physical problem.
From what I understand the interferences are directly related to the speed of data transfer, while it Is possible that a firmware version may work better than another, the only possible way to reduce interferences Is to reduce - substantially - the speed of the data transfer, which essentially happens in shorter or longer "bursts" that range to up to 4 GHz.
Double and triple shielded" USB 3 extension cables exists, but how much effective they are has to be seen.
Like most of issues where RF Is involved It Is - I believe - largely a hit and miss game.
Can confirm this true on wifi-qcom-ac, country Austria as well (Chateau LTE12, cap ac)Addendum: I don't remember which countries this is true for, but in my testing hAP ax3 seemed to really love 5500/Ceee when frequency was unset.
According to the specs the ax3 shouldn't be able to transmit higher than 27dbm.
"5470-5725 MHz / 27 dBm"
https://help.mikrotik.com/docs/pages/vi ... 2027%20dBm
Remove word "EU" and it says what you actually mean: "regulations probably exist for a reason, but they are not for me"EU regulations probably exist for a reason, but they are not for me.
Factory Firmware 7.8
Upgraded Firmware 7.14.2
Mine is set to US because the signal utterly sucks if I choose my EU country.
My first neighbor is 50 meters away. I don't live in a building with dozens of flats and two dozen wifi networks.
I also have an Audience in the living room set to superchannel / no_country_set. That allows me to go to my back yard and sit by the pond and have good 2.4 GHz signal.
Regulations are not just only because of "avoid angry neighbors". It's about health, interference with other devices using same frequency band and so on.
in older houses you are basically stuck.
Yes, powerline is a possible workaround, though most are just that (i.e. provide an ethernet port and connect through mains), so you have to add a small wireless AP, which will require another power plug/extension cord, and a short ethernet cable between them, the speed (at least with the last ones I had an occasion to test) is not that great and then you have to take into account WAF (SOAP):Powerline adapters? I mean, there's no chance they'll do a gig, but maybe at least a stable 300 megs?
There's also MoCA.
I have never seen a house that has the power distribution box anywhere near where the router is, and copper/FTTH usually comes down somewhere from the attic. The power box is usually at the entrance. And if you have floors, then each floor usually has its own boxjust connect the Magic 2 LAN DINrail adapter via its Gigabit Ethernet port to your router, which should be located as close to the power distribution box as possible (or inside it)
KNFMWS (Kids Need For More Wireless Speed)
This thingy/approach here:
https://www.devolo.global/magic-2-lan-dinrail
could be promising, where/when it is possible injecting signal at the "central hub" of the electrical system (fusebox) could actually provide some serious bettering for distribution, at least in three phases circuits (which are nowhere to be seen in Italy but may be common in other EU countries).
For many years we have been using "United states" here in Ukraine ))I have received my hAP ax3, originally with a RouterOS version of 7.8. The firmware version was the same. I have since updated it with both in-built updater and netinstall, and have observed no differences between installation methods or OS/firmware versions.
My preliminary findings so far is that hAP ax3 seems to disregard country/tx-power/antenna-gain settings in some cases.
Here's what I did. I fixed the frequency at 5745 MHz. Antenna-gain was set to 0, tx-power was set to 30. Channel width was explicitly set to 20/40/80 MHz, band was explicitly set to 5GHz-AX. All other settings were left unchanged.
Here's what I then observed in the Status tab.
If country was set to United States or Brazil, the TX power would be set to 28. As it should be, as 28 dBm is the maximum TX power that hAP ax3 can achieve, with US and Brazil both allowing 30 dBm TX power on 5745/Ceee frequencies. 30-0=30, but 28 is absolute max, so 28 it is.
... and Ukraine 24 dBm in 5745/Ceee.
My measurements in WiFi Analyzer also show that the difference between Russia and Ukraine and China and Argentina aren't phantom. The signal observably increases ~17 dBm when changing from Ukraine to China, from around -41 dBm to around -26 dBm, with a Galaxy A54 5G lying on a cardboard box approximately 15 cm in height, approximately 45 cm away from one of the antennae and approximately 50 cm away from the other.
For many years we have been using "United states" here in Ukraine ))
...
We can use 12,13 channels in 2,4GHz, but in real life we have a lot of American gadgets
And for hAP ax³, why would sticks rotate around second axis, if it's doughnut shape?
The reports don't explain the second axis rotation on the sticks, what the hell is the rotation for?
usually the antennas should be vertical, no matter how you install the deviceThe reports don't explain the second axis rotation on the sticks, what the hell is the rotation for?
usually the antennas should be vertical, no matter how you install the device
You will need to check if that is true in your case.as typically the client devices have only one antenna