MikroTik

erlinden

I thought that the pvid on the bridge could be left set to 1, not sure if it is of any influence?
Could you please add <code></code> tags (with square brackets) to make your config more readable?

Are you familiar with this topic:
viewtopic.php?t=143620

erlinden

I added channels with the corresponding TX Power setting. Might be a bit hard in a big environment, but for my three accesspoints it works great!
/caps-man channel

erlinden

In case of a single unit the central management purpose is a bit contradicting. It is introducing some overhead, I think (my opinion) when you have over 2 CAPS-es it makes sense to use CAPsMAN.

erlinden

Upgrade went smooth...really interested in the "arm - improved system stability"!

erlinden

Very strange, are you sure about the key?
Could you please post /export hide-sensitive file=anythingyoulike?

erlinden

I would:

only use WPA2
set channel manually
only use Ceee as channel width
set country
upgrade firmware
never ever use quick set

erlinden

I always choose channels manually. Don't like auto...

erlinden

Besides SSID and password, you have to make sure that encryption is identical (WA+PA2/AES only).
Channels should never overlap. And make sure that tx power is optimized.

erlinden

Can you please share your /caps-man export hide-sensitive?
Are you using DFS channels? That could explain why not all radios are up.

erlinden

Your trunk port (the one between the Audience and the cAP ac) should be a trunk port. Therefor, on /interface bridge port this port should be be marked on the bridge with default pvid 1 and VLAN tagged only). Same on the trunk port of the cAP ac. Please check again the samples I provided. On /interf...

erlinden

Proper way to set TX power is by setting TX power ;-)

On the WLAN interface, enable 'advanced mode' and select the Tx Power tab. Here you can set the Tx Power Mode and corresponding power.
Don't forget to configure country code first.

erlinden

Your wish... /interface bridge add name=bridge-LAN protocol-mode=none vlan-filtering=yes /interface ethernet set [ find default-name=ether1 ] name=ether1-wan set [ find default-name=ether2 ] name=ether2-nas set [ find default-name=ether3 ] name=ether3-solar set [ find default-name=ether5 ] name=ethe...

erlinden

I spent an hour reading this and still got nowhere. I know how VLANs work, I just dont know how to implement in routerOS. To summarize your wishes: You want to have a trunk between the two devices You want to separate your network into 3 VLAN's (and perhaps an additional management lan?) Here is a ...

erlinden

In addition to your settings I also set things like rates and WMM spupport: set [ find default-name=wlan2 ] band=5ghz-a/n/ac basic-rates-a/g=12Mbps \ channel-width=20/40/80mhz-Ceee country=netherlands disabled=no frequency=\ 5500 mode=ap-bridge rate-set=configured security-profile=Profile \ ssid=MY-...

erlinden

This topic taught me a lot about VLAN's on MikroTik devices:
viewtopic.php?t=143620

erlinden

Did you perform a router reset (with default configuration)? What routerboard are you using? Are you sure that it is 6.47.8? I thought that 6.47.7 was the latest (stable) release!? Or did you mean 6.46.8, which is the latest LTS? Can you please share you config: /export hide-sensitive file=anythingy...

erlinden

I think by resetting it to defaults you should be able to test all interfaces (wired and wireless).
Perhaps do a RouterOS and firmware update to check if memory is working as well..

erlinden

Seems you are trying to configure your accesspoint as a router.
According to the manual all you have to do is press the reset button for 5 seconds and it should have default accesspoint configuration. After this, you can configure the wireless part as required.

erlinden

Though I fully agree with anav...this is still a forum.

The information is too limited...what are you trying to accomplish (functionally)?
Are you trying to configure a port forward?

If so, please read this:
https://monovm.com/blog/port-forwarding-on-mikrotik/

erlinden

Remote access to administer a MikroTik should only be possible through VPN (is my opinion).

erlinden

Depends on your exact configuration, can you please share your /caps-man export hide-sensitive file=anythingyoulike?

erlinden

Hi. Did you ever figure this out? I'm sitting in the same boat at the moment.

I think the conclusion not to expect too much wirelessly of this device as it is 2.4GHz only answers your question...

erlinden

Your Windows machine is reporting "no internet" (and not your hAP AC Lite), you have to find out why. This topic (didn't read it completely) might describe your problem: https://techcommunity.microsoft.com/t5/windows-insider-program/system-reports-no-internet-despite-having-active-connection/m-p/687...

erlinden

Please try using multiple streams (underneath with 8 streams in parallel):

iperf3 -c <ip address> -P 8

erlinden

Might want to connect using the MAC address instead of IP.
Can you please share the config (/export hide-sensitive file=anythingyoulike) of this cAP ac?

erlinden

after update to 6.47.7 there is no more access to web configuration of the device if it in bridge mode.
CAP ac
what to do?

Assuming you have a Windows machine available...have you tried using Winbox? Or, SSH?

erlinden

Just checked Github:
https://github.com/topics/vpn-client?l=c%23

erlinden

I prefer to let my router perform routing functionality. Assuming you only use Ubiquiti as accesspoint(s), I would use queues. As you mention subnets...are you using VLAN's (already)?

erlinden

Could be caused that you selected "outdoor" instead of "any". Think anything beyond channel 52 is indoor only. There is some more information on this to be found in one of the topics. All my configurations are set to any.

erlinden

Did you set the country in the configuration?

erlinden

Use the terminal:

/export file=switch

erlinden

I prefer to have no forwards to any device in my network. If I have to connect to any service, I use VPN. My advise, especially on RDP, would be to close the port asap and configure VPN.

erlinden

I would:

Reset the device, no default configuration
Create a bridge
Add all interfaces to the bridge
Add DHCP client to the bridge

After this, you can browse to the IP assigned to the RB.

What would you like to demonstrate?

erlinden

Okay...makes sense. Does this require multiple bridges? Have you tried using a single bridge?

erlinden

Can you please first explain what you are trying to accomplish?
And hidden SSID's...can remember the days they were useful, long time ago.

erlinden

I'm running an RB4011 as main router. Attached to it is a CRS112-8P-4S that is providing PoE to my Dahua camera. Every day I notice at least one (and sometimes more) connection lost/connection restored. This coincides with a DHCP deassigned followed by a DHCP assigned log message. Besides this, I no...

erlinden

I would first share your config with us...looks like a misconfiguration (why did you add a vlan to eth1?).
/export hide-sensitive file=anythingyoulike

erlinden

Not sure if the default configuration is correct, herewith the default firewall rules: /ip firewall filter add action=accept chain=input comment="accept established,related,untracked" connection-state=established,related,untracked add action=drop chain=input comment="drop invalid" connection-state=i...

erlinden

You can choose the WAN interface-list instead of the public IP address (in the firewall). Your clients should connect to the cloud domain name. Not sure what OpenVPN is requiring in the configuration, but there are tons of samples and blogs about this topic.

erlinden

Ehm..."6.42.10"???
You might want to consider upgrading both devices?

erlinden

The router should be able to handle these speeds easily. Can you share your config ( /export hide-sensitive file=anythingyoulike )? Is the cable modem performing NAT as well? Do you get a public or private IP address on the RB? In case of private, does the WAN network segment differ from the LAN seg...

erlinden

First thing I notice is that you are using 5GHz and 80MHz bandwidth. That is not really a problem, except the channels you are using are overlapping. Besides, when using extension channels configured as XXXX you have no clue what channels are used. I prefer to use these settings: Channel/Frequency/E...

erlinden

I found this topic, might explain the behavior:
viewtopic.php?t=114200

Does the reset button work again?

erlinden

What about resetting it using the command /system reset-configuration?
And while you are at it...you might want to upgrade the RouterOS and firmware.

erlinden

To test network speed, you should use a tool like iPerf:
https://iperf.fr/

Why test NAT if the device will not perform any NAT tasks?

erlinden

I would expect something like this:

add action=dst-nat chain=dstnat dst-port=443 in-interface-list=WAN log=yes protocol=tcp to-addresses=192.168.10.X to-ports=443

Can you explain the meaning of your rules?

erlinden

Have you tried telnet/ssh/web as well?

erlinden

I prefer to use CAPsMAN when configuring more than two accesspoints. In your case you might want to consider using VLAN's to seperate public and private. Please have a look at this great topic:
viewtopic.php?t=143620

erlinden

Please have a look at this topic:
viewtopic.php?t=143620

Besides...please don't use UPnP unless security is of no means to you.

erlinden

First thing I notice is that you run the CAPsMAN manager on ether1, I have set it to all. Next to that...you are using VLAN's. I notice that you run a DHCP client on the CAP, but it is connected to a trunk port on the switch. CAPsMAN should work, but if you want to have an IP address assigned to the...

erlinden

The 2.4G band is subject to interference, especially if you use 40MHz bandwidth. Only use 20MHz bandwidth and channel 1, 6 or 11 (as being the only non overlapping channels with this width). Set country and Frequency mode to regularity-domain. And don't use 802.11B...unless you have a really ancient...

erlinden

If your computer is connected to port 1 (which is configured to be the WAN port in a default configuration), you won't be able to connect. Make sure it is connected to port 2 - 5. Other question remains...how do you reset the RB?

erlinden

Show the certificate please. And also please check your date/time.

erlinden

What port on the RB do you connect to?
How do you reset the device?

erlinden

Couple of things:

Set your TX Power higher, i.e. 2.4G @ 15 and 5G @ 20 (or leave both empty to have maximum TX Power)
Set country code
Set Basic rate to 12 and supported 12 and up
Set installation to Any

Hope this improves

erlinden

On portforward I found this information:
https://portforward.com/efootball-pes-2020/

You have to forward a sh*tload of ports:
TCP: 3074
UDP: 88,500,3074,3544,4500,5730-5731,5739

Hope you are not running an L2TP VPN server?

erlinden

Big LOL!

These ports should be open from within to the Internet, these shoud not be port forwarded (as I assume you did).
UPnP is evil...please don't use it...ever!

Though...some games do require port forwarded to the console (which sucks in my opinion).
What game(s) are giving you problems?

erlinden

Sure your WiFi nic supports AC? Sounds to me like a 802.11n dual stream. Or did you set the hAP to n only?

erlinden

Default config, create VLAN interfaces, block any intervlan traffic except what you want.

But first, start reading this: viewtopic.php?t=143620

erlinden

In addition to @mkx: it is sufficient to configure the accesspoint(s) as CAP, after that you can do all configuration on the CAPsMAN.

erlinden

Do you get an IP address from the correct pool? Did you add a second DHCP service for VLAN 30? Can you share the IP information that is provided on VLAN 30?

erlinden

Can wifistatus be set on a non wireless equiped device? It seems to me that it is a property on the wlan interface.

erlinden

I see you are using nv2 as Wireless Protocol, is this device used for point-2-point connection?

erlinden

Could you please share your configuration? /export hide-sensitive file=anythingyoulike This customer would like to be able to go from one router to the other and not worry about having to reconnect. Is this the use case for using CAPsMAN? Because, in my opinion, you better not use CAPsMAN: it will t...

erlinden

I prefer to use VLAN. Then you can create an additional virtual wlan interface and add vlan filtering. In the firewall you can choose how all traffic is routed.

Please read this topic carefully: viewtopic.php?t=143620

erlinden

That is like really strange, especially when your phone (connected to the same hotspot?) is working correctly.
Have you tried with Windows started in safe mode (with network support)?

Can you please share your config: /export hide-sensitive file=whateveryoulike?

erlinden

Is the hAP ac working as router? Because then you have two networks...

erlinden

Can you please start by describing how you want your cap to function? I'm puzzled with some of the choices you made. And perhaps you can also upgrade RouterOS/firmware? And perhaps have a look at this (great) topic (specifically the access point part): https://forum.mikrotik.com/viewtopic.php?t=143620

erlinden

Could you please share your configuration:
/export hide-sensitive file=whatevernameyoulike

erlinden

Please supply us with some decent information:

What error do you get?
Is your system date/time correct?
Is your system malware/spyware/anywhere ;-) free?
What is the output of Invoke-WebRequest -Uri "https://microsoft.com" in PowerShell (make sure you have elevated rights)?

erlinden

Perhaps you can share your configuration?

/interface wireless export hide-sensitive

And how is WiFi configured on the modem/router?

erlinden

It is just cosmetic and you are not alone:
viewtopic.php?f=2&t=166831

erlinden

viewtopic.php?f=21&t=160503

erlinden

Can you please share /interface wireless export hide-sensitive ? I'm still missing file transfer speed test while both Windows clients are connected directly. [Update] Something changed: Mikrotik removed "antenna gain" from the WinBox menu's in 6.47 and 7.0beta8. The only way to change the antenna g...

erlinden

Those are cable connections, like I said 50MB/s Windows to Windows. Sorry one last thing. I was looking at Antenna gain settings and I can not find them for the life of me. Can you point me in the right direction?- Directly connected means without the RB in between. Or did you mean without the RB y...

erlinden

Defaults (according to https://mikrotik.com/product/rb4011igs_5hacq2hnd_in):
2G = 3
5G = 3

What speeds do you get when you connect those devices directly via cable (you might want to set IP addresses)? Looks like there is no capping caused by your RB4011.

erlinden

Could you (also) use iPerf for testing the network speed?

Offtopic:
Your wireless settings could be optimized, i.e. antenna gain is incorrect, country code not set and there is a lot that benefits from a proper configuration.

erlinden

You can, if you use VLAN.

Why are you referring to CAPsMAN?
Replicating is no problem, subnetting is.

erlinden

What speeds do you get when testing with two computers, using iPerf?
What Internet connection do you have at the vpn client device?

Can you please share your config with us (/export hide-sensitive file=whateveryoulike)?

erlinden

Can you please share your config as well (/export hide-sensitive file=anythingyoulike)?

erlinden

Are all security settings identical?

Besides...your TP-Link can use some tweaking:

Only use WPA2/AES
For 2.4GHz only you channel 1, 6 or 11 (anything in between is overlapping)
Preferably don't use b: use g/n instead

erlinden

There are no dumb questions...dumb choices though... Windows XP is ancient and Windows 7 is (less but still) ancient. You need to confront the computer tech with the fact that you are considering a no longer supprted OS (and he is not advicing Windows 10). In regards to your router ( for which you s...

erlinden

How do you test?
What exact CRS do you use?
What is the CPU usage while testing?
What RouterOS version are you running?
Can you share your config (/export hide-sensitive file=anythingyoulike)?

erlinden

If your client can connect to the Internet, I would expect the hAP ac Lite to be able as well. If you share your config (/export hide-sensitive) and share it here (between code tags) we can have a look. There are several ways to upgrade, please check this site: https://help.mikrotik.com/docs/display...

erlinden

Thanks for the hears up but what should I do on my lunch and afternoon break now? ;)

If asking what not to do...don't change you config ;-)

Good luck team on the migration!

erlinden

Does it work if you set it to channel 5500? What country did you set it to? What the status of the interface in CAPsMAN show as status?

Please...never ever use XXXXXXXX (instead of Ceeeeeee).

erlinden

Reset the device (by using the button):
https://wiki.mikrotik.com/wiki/Manual:R ... set_button
Connect to it via Winbox
https://mikrotik.com/download
Use quickset:
https://wiki.mikrotik.com/wiki/Manual:Quickset#Modes

erlinden

Can you also post an ipconfig /all from a client?
Is in /ip dhcp-client the option use-peer-dns checked?

erlinden

How do you make any changes to the settings? What firmware version are you running? What version of Winbox (assuming you are using Winbox)? Same behaviour if using SSH?

erlinden

Why do you want to block update traffic?
Have you considered using a WSUS server?

erlinden

I know that yours 400 mbps doesn't mean anything, since I've had 42-48 MB/s couple of months ago, then it degradated to 30 MB/s, now it's only 10MB/s - and nothing literally changed in the area these wAPs are operating! So just wait half-a-year when you have maximum 280mbps, afterwards firmware bug...

erlinden

P.S. And don't believe these ones upahead telling about 400-480 mbps - I've reached 750 mbps with wAP AC for 1300mbps client - but that was only !once, for a couple of minutes and I couldn't repeat that result, no matter what. Now it's only ~260-280 mbps, with the same client, same wifi card, same ...

erlinden

maybe the time to change to orthers WiFi devices.

Not sure what requirements (and expectations) you have, I get a solid (little over) 400 Mbps on my cAP ac.

erlinden

I have used this blog post a lot of times, this will help you:
https://www.justinho.com/blog/2017/07/1 ... -lite.html

erlinden

I have some doubts about your accesslist, in comparison herewith mine: /caps-man access-list add action=accept allow-signal-out-of-range=10s disabled=no interface=any \ signal-range=-80..-10 ssid-regexp="" add action=reject allow-signal-out-of-range=10s disabled=no interface=any \ signal-range=-120....

erlinden

Please share your config:
/export hide-sensitive file=whateveryoulike

erlinden

I would: Upgrade to 6.47.3 (for both router and accesspoints) test through iperf (I have no clue how you are currently testing?) share the configuration ( /export hide-sensitive file=anythingyoulike ) to be sure everything is set correctly And in addition: What do you mean by occasionaly? Is it solv...

erlinden

Don't use wpa-psk as authentication-types. Ever. Only use wpa2-psk.
Don't use overlapping channels (also on 5GHz) and use specific extension channels (use Ceee instead of XXXX).

erlinden

I am nearly in your situation: RB4011 (no wireless), cAP ac's and wAP ac. I chose CAPsMAN as cenrtal manager and set all accesspoints in CAPs mode. Separation is done through VLAN. Perhaps have a look at this great tutorial:
viewtopic.php?t=143620

erlinden

Flawless upgrade on:

RB4011iGS+RM
hEX S
cAP ac
wAP ac
CRS112-8P-4S-IN

erlinden

I'm used to working with a single bridge, together with multiple VLAN's. Perhaps you can start over and be inspired by this great tutorial:
viewtopic.php?t=143620

erlinden

Please share your settings (/export hide-sensitive file=whateveryoulike)

erlinden

Can you please supply the configuration (/export hide-sensitive file=whateveryoulike)?
Have you already checked anything (like tracert/test both wired and wireless/checked in the browser with F12 => developer tools/DNS/no VPN/no xxx-ware)?

erlinden

As far as I know it is. I red about people first performing a reset of the configuration and either configure it manually or import the configuration. You can always try if you run into some strange behaviour.

Regarding stability, I use stable (currently 6.47.2) and for me it is very stable.

erlinden

Why do you want to switch?

You can:

create an export
- upgrade (or downgrade, depending on how you like at it)
- perform an import if necessary

erlinden

Can you please share:
/ip dhcp-server network export

erlinden

I think you should have a single bridge and add vlan filtering to that. See also:
viewtopic.php?t=143620

erlinden

Reset all (cAP ac's) as CAPs mode (https://wiki.mikrotik.com/wiki/Manual:Reset) and use CAPsMAN on the Hex. You should be able to connect to cAP ac with Winbox as well...

erlinden

Antenna gain should only be used for setting...antenna gain. Hence why it can't be set for most devices anymore.
Use the transmission power to set transmission power (and make sure it is set 7dBi lower than 5GHZ radio).

erlinden

It depends, but I'm sure you understand that by lack of any relevant information this question can't be answered...

Can you please share your MikroTik configuration (/export hide-sensitive)?

erlinden

First start with the requirements. What does the SLA look like? Who is going to maintain the solution? Installation? Budget?

Choosing hardware is like one of the latest steps do perform.

I assume you are referring to industry standards!?

erlinden

Why do you need two bridges on CAPsMAN? Why is the LAN bridge not sufficient?

Can you please share the config: /export hide-sensitive file=router ?

erlinden

What is the purpose of running the MikroTik as router while you already have a router?

erlinden

Why two bridges? Have you considered VLAN's?

erlinden

You know there is a great Wiki for this switch:
https://wiki.mikrotik.com/wiki/Manual:C ... s_examples

erlinden

There is a lot more information that could be supplied: Did you connect antenna? Could you supply /export hide-sensitive from the accesspoints? What client was used to test with? How did you test? Why use beta? Besides, you can ignore the rants...MikroTik does supply rocksolid WiFi solutions. They j...

erlinden

I'm not sure why you chose this option, perhaps VLAN's is a better way to go to split networks?
viewtopic.php?t=143620

Can you explain why you want two networks? What is the purpose of the two networks?

erlinden

5GHz channels are 20MHz wide. Therefor channel 36 start at 5170 and ends with 5190. Channel to select is 5180 (this is for. 36: 5180 (5170 + 10) 52: 5260 100: 5500 132: 5660 149: 5745 Why not autochannel? Except for DFS radar interference, you don't want your accesspoints to worry about best channel...

erlinden

The wider the bandwidth, the less of channels to choose from. I think this explains it:

And, please never choose XXXX, just select the correct channel and the correct extension channels manually.

erlinden

Ok, seamless roaming is possible if you configure the radios correct together with access lists. It will take same tweaking, but it is doable.
And, please don't try the wireless backhaul route because that won't work as good as wired.

erlinden

What is mesh in your opinion?
Cable is always the preferred option for your backhaul.

erlinden

Can you please share your CAPsMAN configuration: /capsman export hide-sensitive file=capsman
You should be able to manage the cAP ac, are you using Winbox (is the cAP ac discovered)?

erlinden

First, close port 22 (SSH). You don't want to have that opened! Second, if SSH is really required you want to filter IP addresses (though you don't want to open port 22): add action=dst-nat chain=dstnat dst-port=22 in-interface-list=WAN log=yes protocol=tcp src-address=[only allowed address(es)] to-...

erlinden

What information is it showing on /capsman radio?

erlinden

I get speeds up to 400 ~ 450 Mbps in my house, Intel AC8265. There is a lot of tuning that can be done.

Can you please share your config (/capsman export hide-sensitive)?

erlinden

Are you using provisioning rules for matching radios?

Yes! I have a provisioning rule per radio.

erlinden

Virtual interfaces for slaves are created dynamically during provisioning. I think it's best practice not changing any virtual wireless interfaces other then through the caps manager.

erlinden

Can you please share your config?
/export hide-sensitive file=whateveryoulike

Have you already reset the device and reconfigured it?
(By importing the export you can return to the current configuration any time)

erlinden

What if local forwarding is in used should i enable bridge for all interfaces?

Shy, did you try the above reply (resetting and configuring CAPs Mode)? That's like the only thing you have to do on the cAP ac.

erlinden

Yes, also wireless.

Easiest way is by resetting the cAP ac and choosing CAPs Mode.
System, Reset Configuration

erlinden

Have both wAP ac and cAP ac, love them. The wAP ac has 3x3 MU-MIMO while the cAP ac has 2x2 MU-MIMO (on the 5GHz radio). Most clients support 2x2 MU-MIMO, but if it supports 3x3 MU-MIMO it will perform better.

erlinden

Just use /export and import on other devices.

erlinden

Couple of things:

You can copy from the terminal, no need to take screenshots...
Antenna gain can (should?) be set to 19
Only use WPA2/AES (and nothing else)

You know that you are currently not compliant to regulations?

erlinden

Can you please share your config (and remove any non relevant information):

/interface wireless export hide-sensitive

Why are you using superchannel?
What kind of security settings are you using?

erlinden

If publicly available, run a VPN server (like L2TP/IPSEC) and do management over the VPN tunnel

erlinden

Can you please share your config?
/export hide-sensitive file=anynameyoulike

erlinden

Remote management through anything but VPN is bad practice. So I would like to advice you not to do any port forward while publicly connected except VPN.

erlinden

with the well-known Mikrotik wireless coverage and performance issues Nonsense...it's more difficult to configure MikroTik Wifi (and router as well), I don't have any issues. The wireless network is dependant on CAPsMAN running. Because of the out of memory exception it might have caused these prob...

erlinden

Either use Hairpin NAT or solve it by using internal DNS server.

erlinden

My mistake...I thought you set it manually. Still, antenna-gain should be 2 or 3 (depending on interface), so something is messed up.
Also, never use 40MHz bandwidth for 2.4GHz radio, unless you there is absolutely no interference in that band.

erlinden

Don't set antenna gain manually, by setting the country antenna gain is set (implicitly and correct). If you want to lower transmission power you should set power settings.

In addition, I prefer to set channel manually and set extension channel to Ceee.

erlinden

Normis, thanks for your answer. And sorry for misinforming! I used the disable option since the beginning. Can you please explain why removing the interface is the way to go?

erlinden

Either use right mouse click, Disable or Ctrl+D.
Seems somewhere the button was greyed out...

erlinden

Yes...just disable the interface (red cross button)

erlinden

Can you please share your /caps-man export hide-sensitive?

I think you are not using the manually added channel in the configuration...

erlinden

As replied in the PM, could it be MTU related?

erlinden

Can you please share your config: /export hide-sensitive file=router?

In addition:
What DNS servers are you using?
Could it be DNS related?

erlinden

I think it is the yellow cable with the green connector at the right...

erlinden

MT = MikroTik and I think you found the FTU

So how is the rest of the network connected to this FTU?

erlinden

Do you have a fiber termination unit at your place? That holds the fiber cable from outside? Can you make a picture? In my case I connected the MT via fiber to the ftu and no longer am using ISP hardware.

erlinden

Did you try netinstall?
Why this old version?

erlinden

When using fiber you might want to consider the RB760iGS (hEX S). This router has an SFP connection and can suply PoE (and is pricewise inbetween your suggested routers).

erlinden

For me this is working without problems (on Windows 10 and Android): /ip ipsec proposal set [ find default=yes ] enc-algorithms=3des add auth-algorithms=sha512 enc-algorithms=aes-256-cbc name=secure-proposal \ pfs-group=modp4096 /ip ipsec profile add dh-group=modp4096 enc-algorithm=aes-256,aes-128 h...

erlinden

Have you seen my response in your other topic?
viewtopic.php?f=10&t=164748&sid=69d2369 ... 0674947816

erlinden

Just use Winbox, then you can connect by IP address (which fails) or by MAC address. And use a cable for best result (which you are already doing...).

erlinden

Yes, but is it any good and does make use of two radios for example (some can do 2.4ghs and some can do 5ghz chains, assuming this is two radios, one could link to the primary source 2ghz for example and then retx on 5ghz or am I wrong?? All MikroTiks are good...some are just better. There is a ver...

erlinden

What is cheap for you? I.e. I use a hAP ac2 as travel rotuer and find that really cheap.

erlinden

You can continue to use default rule with interface-list, just modify the members of that list.

Indeed...did the steps by heart...

erlinden

No problem, all you have to do is: /interface - change interface list (set ether2 to WAN, ether1 to LAN) /interface bridge - change bridge (remove ether2 and add ether1) /ip firewall - change NAT rule (change ether1 into ether2 in out interface) while performing the above, make sure you are connecte...

erlinden

You might want to try something like (seems to be the CAPsMAN equivalent...you'll figure it out I think): /caps-man access-list add action=accept allow-signal-out-of-range=10s disabled=no interface=any signal-range=-80..-10 ssid-regexp="" add action=reject allow-signal-out-of-range=10s disabled=no i...

erlinden

Thank you!

erlinden

@bpwl: do you set the MCS information manually or leave it as default?

erlinden

Nope, has been working flawlessly for ages (at my sites). Sounds like you are having DNS problems (causing DDNS problems). Can you please give some information: What error do you get? How is the router (what router are you talking about) connected to Internet? What RouterOS version are you running? ...

erlinden

Use fixed channels.
Set all configuration (like country code, installation, etc.)
Nothing wrong with using DFS (only discomfort is the time it might take to scan)

With the settings supplied in your other topic I am able to get 400 ~ 450 Mbps (on the 5GHz radio of course).

erlinden

To get better coverage, use "as many accesspoints" as possible (read necessary). i.e. I have one accesspoint per floor and one in the garden.

Perhaps you can share your configuration (/export hide-sensitive file=router) to give some additional tips!?

erlinden

Are you connected directly or via VPN?

erlinden

I've configured with your settings now. However, provision dont work correct if i dont set Hw. Supported Modes to "gn" for 2.4GHz and "ac" for 5GHz. I get no supported channel on one interface and the 5Ghz interface choose a 2.4GHz channel. Also, do you use guest network with both 2.4 and 5GHz and ...

erlinden

When changwd to 5500 it says not supported channel on interface. Ehat does it mean Exactly what it says...it is not supported. Cause could be either not allowed by regulations (what country are you in?), when you are trying to set a 5GHz channel on the 2.4GHz radio (or vice versa) or misconfigurati...

erlinden

what is client to client forwarding? From the wiki: controls if client-to-client forwarding between wireless clients connected to interface should be allowed, in local forwarding mode this function is performed by CAP, otherwise it is performed by CAPsMAN https://wiki.mikrotik.com/wiki/Manual:CAPsM...

erlinden

how does enable local forwarding helps?

If local-forwarding is not enabled, all traffic will be handled (and encrypted) by the CAPsMAN. This will cause processing power and will therefor always be slower.

erlinden

Select fixed channels, I use one per radio. Set extension-channel=Ce (or Ceee) instead of XX Nothing wrong with DFS Use local-forwarding (on datapath) I'll share my config for which I don't experience any of the problems you mention: /caps-man channel add band=2ghz-g/n control-channel-width=20mhz ex...

erlinden

Please start by sharing your configuration (/capsman export hide-sensitive). "If I set width 20 extension Ceee it works on 5Ghz band, but the other interfaces are not functioning. (in red: no supported channel)." Ceee = 4 x 20 = 80 MHz channel width. On the 2.4GHz radio, 40 MHz is the maximum bandwi...

erlinden

So 25 for 5GHz and 9 for 2.4Ghz is recommended ? When you publish channels do you publish specific frequencies ? The values are working fine for me, but it depends on your situation and needs. If I remember correctly, it is recommended to have a difference of 7 (or 9) dBi (where the 2.4GHz radio sh...

erlinden

In your case I would start by updating RouterOS (before upgrading, do a /export file=router to get a complete configuration).
You are running a very old version at the moment!

Next to that, your encryption is not so strong. I use 3des and pfs-group modp4096

erlinden

If you want to have two networks, you have to use VLAN's.
https://wiki.mikrotik.com/wiki/Manual:C ... with_VLANs

erlinden

Is Windows up-to-date?
Can you please share you configuration?

/ppp export hide-sensitive
/ip ipsec export hide-sensitive

erlinden

Ceee means 5GHz (as 2.4GHz allows Ce at max). Here is (part of) my config: /caps-man channel add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled frequency=2462 name=f-2462 tx-power=9 add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=Ceee frequency=5500 name=f-55...

erlinden

I don't have XBox, but doesn't it simply work with UPnP?

UPnP is security wise a terrible solution.

Though I really like the info...what is the reason for opening a topic on this subject on a MikroTik forum?

erlinden

I prefer to have a configuration per radio per accesspoint. But it will work.

erlinden

Set Control Channel on 20MHz, nothing else! Set extension channel to Ceee. Set channel to either one of these frequencies: 5180 (36) 5260 (52) 5500 (100) 5580 (116) 5660 (132) This also depends on where you are located! Max for the hAP ac2 is 80MHz. You might want to adjust transpmission power, espe...

erlinden

Comparing v7 with v6 are there any improvements or enhancements with regerads to wireless?

viewtopic.php?f=1&t=163957#p807036

erlinden

@Shy, read answers to your other topics. The information can be found easily (in the optional configuration step):
viewtopic.php?f=13&t=163767&p=808123#p808144

erlinden

It looks like you currently have the hAP ac2's configured as router and running CAPsMAN. That is not how it should be configured. So, if you want to accomplish with CAPsMAN (which is a perfect choice): Reset both hAP ac2's and set it as CAPS Mode (choose either one of the two options below): With th...

erlinden

2) Not, it's not possible. Unless you have like complete access and the router/modem/ap is a Linux based system you might have a possibility.

Can you please explain why and what you want to accomplish?

erlinden

I added a DHCP client to all CAPs's (or whatever plural it is) and am able to connect to them with Winbox. Are you sure hey aren't shown in the neighborhood tab? What MAC address are you using?

erlinden

I think it requires a Routerboard to be used as router to be able to set bandwidth. Can you get rid of the Asus router (and replace it with a MikroTik)?

erlinden

Some more recommendations:

use hide-sensitive when exporting
place configs in code tags: [ code] and [ /code] (without the space)
only use WPA2/AES

erlinden

Should i prepare the hAP ac2 to be controlled by CapsMan on hEX s ? Sure, makes sense to manage a network from a single device Do i config the cap interface on the capsman or on the cap device? CAPsMAN is the manager where you do all the configuation CAPs is the slave mode you select on all accessp...

erlinden

Sounds like a very basic configuration where you might want to consider using a single SSID for both bands (by tweaking transmission power all 5GHz capable devices will choose 5 GHz over 2.4GHz). And update the software on all devices. For the hAP ac2's: Reset the device without default configuratio...

erlinden

It doesn't make sense to use CAPsMAN on the (single) device it is managing. So, no...just config the hAP ac2 as preferred.
I use CAPsMAN if there are three or more accesspoints involved.

erlinden

I know I ran into (the same?) problems when not using the entire day for limited rates.
In addition, what version of RouterOS are you running?

erlinden

Try this (and please use export instead of print) /ip kid-control add fri=0s-1d mon=0s-1d name=Child2 rate-limit=64k sat=0s-1d sun=0s-1d thu=0s-1d tue=0s-1d tur-fri=7h-21h30m tur-mon=7h-20h30m tur-sat=7h-21h30m tur-sun=7h-20h30m tur-thu=7h-20h30m tur-tue=7h-20h30m tur-wed=7h-20h30m wed=0s-1d add fri...

erlinden

How are you testing? Do you use multiple streams?

erlinden

~15% cpu with ~250mbps upload, 30.000pps
No firewall, active fast track.

It should be able to do a lot better, assuming you test with multiple streams.

erlinden

20/40MHz eC ? Thank you for the recommendations Sent from my SM-A705FN using Tapatalk You should only choose this option if there are no other 2,4GHz networks (or other means of interference) in your neighborhood. Otherwise...this is like the worst advice you can get. Select the least used channel ...

erlinden

Have you tried changing power?

erlinden

Can you first explain why you need/want multiple SSID's?
Do you also use VLAN's?

erlinden

Only use CAPsMAN if you have like 3 or more accesspoints. Regarding the config: Reset the device without default configuration and start from there. If you want an accesspoint: Required create a bridge add all interfaces (LAN and WLAN) to the bridge (here your device will be unavailable for a short ...

erlinden

Do you need dualband?
Any other requirement?

I would suggest using the wAP ac:
https://mikrotik.com/product/RBwAPG-5HacT2HnD

erlinden

It is indedeed an older version:
https://mikrotik.com/download/archive

You might want to give 6.47.1 (latest stable release) or 6.45.9 (latest long-term release) a try.

Search found 565 matches