AP with Slow Wifi, Lan 200+ Down by 20 Up

Hey Guys, i am still pretty noob when it comes to Mikrotik
but could you guys take a look at my configuration on my wireless AP(should be in slave mode) and see if somethings off
or
let me know if its normal for a RB951G to have 12 down and 6 up on a 200 down by 20 up line.
Lan on this device is great after I set fasttrack correctly.

Also a note :
Had someone come in and tweak our firewalls and somehow the fasttrack got left out on the main router.



Wireless Access Point Router In Slave Mode.

Note: Not sure why it says 100mbs for the interface/ethernet. On the unit itself in winbox its show 1 gbps

MMM      MMM       KKK                          TTTTTTTTTTT      KKK
  MMMM    MMMM       KKK                          TTTTTTTTTTT      KKK
  MMM MMMM MMM  III  KKK  KKK  RRRRRR     OOOOOO      TTT     III  KKK  KKK
  MMM  MM  MMM  III  KKKKK     RRR  RRR  OOO  OOO     TTT     III  KKKKK
  MMM      MMM  III  KKK KKK   RRRRRR    OOO  OOO     TTT     III  KKK KKK
  MMM      MMM  III  KKK  KKK  RRR  RRR   OOOOOO      TTT     III  KKK  KKK

  MikroTik RouterOS 6.43.8 (c) 1999-2018       http://www.mikrotik.com/

[?]             Gives the list of available commands
command [?]     Gives help on the command and list of arguments

[Tab]           Completes the command/word. If the input is ambiguous,
                a second [Tab] gives possible options

/               Move up to base level
..              Move up one level
/command        Use command at the base level
[admin@1st Floor AP] > export compact   
# jan/29/2019 02:52:37 by RouterOS 6.43.8
# software id = ZHI4-IN8U
#
# model = 951G-2HnD
# serial number = 4F4404AD543C
/interface bridge
add admin-mac=4C:5E:0C:B9:6C:9D auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] amsdu-limit=2048 band=2ghz-g/n channel-width=\
    20/40mhz-Ce country="united states" disabled=no distance=indoors frequency=\
    auto mode=ap-bridge ssid="R Basement" tx-power-mode=all-rates-fixed \
    wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
set [ find default-name=ether2 ] name=ether2-master speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
    supplicant-identity=MikroTik wpa-pre-shared-key=RGWifi23 \
    wpa2-pre-shared-key=RGWifi23
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp interface=ether2-master name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge hw=no interface=ether1
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=wlan1 list=discover
add interface=ether2-master list=discover
add interface=ether3 list=discover
add interface=ether4 list=discover
add interface=ether5 list=discover
add interface=bridge list=discover
add interface=bridge list=mactel
add interface=bridge list=mac-winbox
/ip address
add address=192.168.88.1/24 comment=defconf disabled=yes interface=bridge \
    network=192.168.88.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=bridge
/ip dhcp-server network
add comment=defconf gateway=0.0.0.0
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
    invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
    out,none out-interface-list=WAN
/system clock
set time-zone-name=America/New_York
/system identity
set name="1st Floor AP"
/system ntp client
set enabled=yes
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
[admin@1st Floor AP] >

Don’t worry about speed settings in /interface ethernet port … the setting is not used when autoconfig is enabled.

More seriously: you need to remove ether1 from bridge … ether1 is WAN interface, traffic between WAN and LAN is routed anyway, so it doesn’t belong to same L2 network as your LAN.
Before doing it verify to which ether port belongs MAC address, currently set as MAC address of bridge. If it belongs to ether1, you’ll have to change it … doesn’t have to be any of MAC addresses of the RB, you can “invent” one (search for “locally administered MAC address”, there used to be some discussion about it on this forum few weeks ago).

You also have to move dhcp-client to ether1 port at the same time.

/ip dhcp-server network needs some rework.

Hey thank you for the reply.
Should removing the ether 1 from bridge increase speeds?
I did this and it still remains the same.

And should I move Dhcp Client to ether 1 on the slave router when ether 2 is the port the line from the main router is connected into.

Once again just a noob here, trying to learn. Thanks for the patience in advance.

I can only guess what kind of impact can slight misconfiguration have.

My above suggestions are based on assumptions that at least some configuration is sensible, i.e. WAN port is ether1. Now you’re saying WAN is ether2 … which makes cknfig even less sensible. I suggest you plot a simple chart with LAN setup, describe it slightly … then we can make configuration better. At the end speed might get to expected level, who knows?

Just to clarify things:

• The connection between main router and slave router is wired?
• what would be ideal function of slave router? Only switch/AP which extends LAN of main router or proper router/firewall which hides its own LAN/wireless from main router? (while thinking of the answer to this dilemma, don’t think about current config you have on slave router)

Thanks again for engaging in this.
Answers(or the best i can give)

1. The connection between main router and slave router is wired? Yes
2. what would be ideal function of slave router? The ideal function of the slave router would be to only extend internet/lan routing from the first router via wifi and ethernet ports

I hope that makes sense.

Your secondary router (RB2) needs to be reconfigured into a “wireless switch” mode … unfortunately there isn’t a quick-set mode for it.

There are two ways to get to the desired configuration: the easy and the easy

The easy way involves using winbox with its MAC connection. You’d connect to RB2 via ethernet using winbox and perform “reset with no defaults”. RB2 would reboot and wake up without any IP connectivity (here’s why you need to use winbox). After connection to plain-vanilla RB, you’d configure things in the following matter:

/interface bridge
add name=bridge admin-mac=4C:5E:0C:B9:6C:9D auto-mac=no protocol-mode=none
/interface bridge port
add bridge=bridge interface=ether1
add bridge=bridge interface=ether2
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=wlan1
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk  disable-pmkid=yes \
    mode=dynamic-keys supplicant-identity=MikroTik wpa2-pre-shared-key=RGWifi23
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-g/n channel-width=20/40mhz-XX \
    country="united states" disabled=no distance=indoors frequency=auto \
    mode=ap-bridge ssid="R Basement" wireless-protocol=802.11
/ip neighbor discovery-settings
set discover-interface=bridge
/ip dhcp-client
add interface=bridge
/system clock
set time-zone-name=America/New_York
/system identity
set name="1st Floor AP"
/system ntp client
set enabled=yes
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

You could either click through winbox windows to achieve configuration above or you could open a terminal window (from within winbox) and copy-paste the above config into it.


The second easy way involves using either winbox or webfig, reseting the device, this time to factory defaults, and then changing whole lot of config:

• remove complete firewall
• remove DHCP server
• move DHCP client from ether1 to bridge
• reboot RB2 while having ethernet cable for connection towards main router connected to one of ports ether2-ether5
• physically disconnect ethernet cable connecting managing machine with RB2 and reconnect (so that managing machine receives IP address from main router)
• discover RB2’s IP address (assigned by DHCP server on main router)
• add ether1 to bridge
• other minor bits and pieces

At the end the config would look very much like the one I’ve written in [ code ] snippet above.

Ah, yes, at the end it won’t matter which ethernet port is used for connnection towards main router and which port is used for connecting PCs, they will all be equal.