Audience backhaul issues

Hello,

I’m trying to configure Audience devices to work as non-routing APs and use CAPsMAN on RB5009 instead of the built-in one.
I think I got the CAPsMAN on RB5009 mostly working, but the wireless backhaul seems unstable and testing results are inconsistent / I’m occasionally seeing high packet drops.

The setup is as follows:
RouterOS 7.16.2 on all devices
RB5009 serving as CAPsMAN, router, DHCP server, DNS
Audience1 (MikroTik-A1) is configured in AP mode, with wired connection to RB5009.
Audience2 (MikroTik-A2) along with other units are supposed to work as a mesh, using dedicated interface wifi3 for backhaul connectivity.
CAPsMAN is configured to manage wifi1 and wifi2, while wifi3 is configured manually.
I have removed the wireless packages from Audience devices and replaced them with wifi-qcom-ac, so that I don’t need to install the wireless package on RB5009.

For testing, I have a laptop plugged in to RB5009, Audience1 is also plugged in to RB5009, Audience2 connecting over wireless backhaul to Audience1.
Audience devices are about 1/2 meter from each other, no obstructions.
I’m runnig basic tests via PING from laptop to Audience2 (~100 PING count) and getting very inconsistent results - earleir today I was seeing ~80% packet drop, this changed to ~20% after rebooting both Audience units, and later all the way to 0% with no changes.
RF interference is unlikely as I’m doing the testing at a relatively remote location - WiFi scan on wifi3 shows only one other device and two channels in use.
I’m really confused and I’d appreciate if anyone could help to take a look at the config and point out the issues.

RB5009 WiFi config:

/interface wifi datapath
add bridge=bridge disabled=no name=wifi-datapath
/interface wifi security
add authentication-types=wpa2-psk disabled=no encryption=ccmp name=sec-wpa2-front
/interface wifi configuration
add country=Poland datapath=wifi-datapath disabled=no name=2ghz security=sec-wpa2-front ssid=user-2
add country=Poland datapath=wifi-datapath disabled=no name=5ghz security=sec-wpa2-front ssid=user-5

/interface wifi capsman
set ca-certificate=auto certificate=auto enabled=yes interfaces=bridge package-path="" require-peer-certificate=no upgrade-policy=none
/interface wifi provisioning
add action=create-dynamic-enabled master-configuration=2ghz supported-bands=2ghz-g,2ghz-n
add action=create-dynamic-enabled master-configuration=5ghz supported-bands=5ghz-a,5ghz-n,5ghz-ac

Audience1:

# model = RBD25GR-5HPacQD2HPnD
/interface bridge
add name=bridge
/interface lte
set [ find default-name=lte1 ] allow-roaming=no band="" disabled=yes sms-protocol=auto sms-read=no
/interface wifi datapath
add bridge=bridge disabled=no name=wifi-datapath
/interface wifi
# managed by CAPsMAN
# mode: AP, SSID: user-2, channel: 2462/n/eC
set [ find default-name=wifi1 ] configuration.manager=capsman-or-local .mode=ap datapath=wifi-datapath disabled=no
# managed by CAPsMAN
# mode: AP, SSID: user-5, channel: 5180/ac/Ceee
set [ find default-name=wifi2 ] configuration.manager=capsman-or-local .mode=ap datapath=wifi-datapath disabled=no
/interface wifi security
add authentication-types=wpa2-psk disabled=no encryption=ccmp name=sec-wpa2-backhaul
/interface wifi
set [ find default-name=wifi3 ] channel.skip-dfs-channels=10min-cac configuration.country=Poland .hide-ssid=yes .manager=local .mode=ap .ssid=backhaul datapath=wifi-datapath disabled=no \
    security=sec-wpa2-backhaul
/interface bridge port
add bridge=bridge interface=ether1
add bridge=bridge interface=ether2
add bridge=bridge interface=wifi1
add bridge=bridge interface=wifi2
add bridge=bridge interface=wifi3
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface wifi cap
set discovery-interfaces=bridge enabled=yes slaves-static=yes
/ip dhcp-client
add interface=bridge
/system clock
set time-zone-name=Europe/Warsaw
/system identity
set name=MikroTik-A1
/system note
set show-at-login=no

Audience2, configured after removing the default config:

# model = RBD25GR-5HPacQD2HPnD
/interface bridge
add name=bridge
/interface lte
set [ find default-name=lte1 ] allow-roaming=no band="" disabled=yes sms-protocol=auto sms-read=no
/interface wifi datapath
add bridge=bridge disabled=no name=wifi-datapath
/interface wifi
# managed by CAPsMAN
# mode: AP, SSID: user-2, channel: 2472/n/eC
set [ find default-name=wifi1 ] configuration.manager=capsman-or-local .mode=ap datapath=wifi-datapath disabled=no
# managed by CAPsMAN
# mode: AP, SSID: user-5, channel: 5320/ac/eeeC
set [ find default-name=wifi2 ] configuration.manager=capsman-or-local .mode=ap datapath=wifi-datapath disabled=no
/interface wifi security
add authentication-types=wpa2-psk disabled=no encryption=ccmp name=sec-wpa2-backhaul
/interface wifi
set [ find default-name=wifi3 ] channel.skip-dfs-channels=10min-cac configuration.country=Poland .manager=local .mode=station-bridge .ssid=backhaul datapath=wifi-datapath disabled=no security=sec-wpa2-backhaul
/interface bridge port
add bridge=bridge interface=ether1
add bridge=bridge interface=ether2
add bridge=bridge interface=wifi1
add bridge=bridge interface=wifi2
add bridge=bridge interface=wifi3
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface wifi cap
set discovery-interfaces=bridge enabled=yes slaves-static=yes
/ip dhcp-client
add interface=bridge
/system identity
set name=MikroTik-A2
/system note
set show-at-login=no

It seems like you got the concept right. You should try to specify exact frequency for the backhaul and also check that it’s not overlapping with other radios. Also 50 cm can be too close.

This. Depending on channel selected, but … As I mentioned, I’ve got single Audience, so the 4x4 radio is used in AP mode as well … and my tablet, which currently resides around 3m away (and 1.5m below) with LOS, shows signal strength of -35dBm. Which is on the higher end of being comfortable (higher than this receiver gets overwhelned by strong signal).


A BTW question: how many Audiences are you planning to use in your mesh network? You may have to get innovative with more than 2, how much innovative depends on actual conditions at places where they’ll be placed eventually … so you might not get everything set in the lab setup.

Thank you for checking the config and the suggestion, I’ll set a fixed frequency and repeat tests at further distance.

Initially, I’m planning to set up three units - one with Ethernet uplink, two wireless-only. Eventually, I was thinking about adding one or two more units, so a total of four or five Audience devices, with only one wired up.
I have not tested with more than two units yet.
I was hoping that the config for all mesh nodes except the unit with wired uplink would be the same…
What do I need to consider for the additional units?

The problem is that one wireless station can only be connected to one bridge at a time. This problem kicks in when e.g. you need a chain of APs like this:

ethernet -> AP1 <- wireless1 -> AP2 <- wireless2 -> AP3 <- wireless3 -> AP4 (etc)

Let’s say that AP1 is in ap-bridge mode. So AP2 has to be in station-bridge mode. But what about AP3?

This is solvable by using two wifi interfaces, but next problem is that only master wifi interface can be station … because only master wifi interface can control radio and station has to be able to follow any radio-property changes decided by AP. So you can configure AP2 with master wifi interface as station (connected to AP1) and virtual wifi as AP … allowing AP3 to connect. Then configure AP3 likewise (master as station and slave as AP). If you don’t want to fuss around too much, then you can use same security profile (SSID, PSK) on all devices …

But then you have to disable station roaming, decission of AP2 station interface to connect to AP3 would break the data chain. IMO it’s generally not necessary to fuss with ACLs to force AP2 station to connect to AP1 … when master interface as station is not connected and is searching for AP to connect to, also slave interface as AP doesn’t transmit … which means that when devices boot up, AP1 (which is the only one to run master wifi interface as AP) will start to transmit beacons and then AP2 will connect and start transmitting beacon … allowing AP3 to connect … etc. If audiences will physically create a sort of a mesh, then e.g. AP4 might be tempted to connect to AP2 (because AP2 will start to transmit before AP3) and if link between AP2 and AP4 will have larger loss than link between AP3 and AP4, then available throughput at AP4 will suffer. In this case it might be necessary to include ACLs which will force APs to connect to intended “upstream APs” … which is not really ellegant because you’d have to do the measurenents at each of “non-wired” Audiences while the rest are transmitting and select “upstream AP” with best signal strength for each and everyone. Kind of travelling salesman problem but not quite.

Another possibility is to include all identified “upstream APs” as allowed APs (e.g. on AP3 allow AP1 and AP2 but not AP4) and allow station roaming. I guess this wouldn’t work too well because of manually configured wifi2 interfaces which means lack of mobility support … and that means that stations reselect AP when signal strength is really bad.

You really want to set frequency on AP1 manually … because every tine that AP1 might decide to change it, the whole mesh will break apart and start building again. Having the while fleet of APs transmitting on the same frequency would confuse AP1 (apart from APs which woukd connect directly to it as stations it would see them as independent co-channel interference) and would try to avoid them by changing frequency. Since many channeks above 5500MHz are DFS channrks, the switch over would take some time, it could even end up using same frequency since the rest if APs would cease transmitting while waiting for AP1 to resume normal operations (allowing to reconnect their master interfaces).

Thank you for highlighting this and for the detailed explanation.
I saw the virtual interfaces showing up in the stock Audience config, but didn’t quite understand their purpose, now it’s clear.
I’ll need to experiment with this once I get some free time in the next few days.

I haven’t had time to try with the third Audience yet, but does this config make sense for all mesh units for the backhaul interface?

/interface wifi
set [ find default-name=wifi3 ] configuration.country=Poland .mode=station-bridge .ssid=backhaul disabled=no security=sec-wpa2-backhaul datapath="wifi-datapath"
add name=wifi3.ap master-interface=wifi3 configuration.country=Poland .mode=ap .ssid=backhaul disabled=no security=sec-wpa2-backhaul datapath="wifi-datapath"

Aside from the backhaul, I also want to configure the client mobility features.
From what I was able to find out in the docs, I’d need two parameters (it’s a flat network, no VLANs):

ft=yes
ft-over-ds=yes

Is this all, or are there additional parameters recommended for mobility features?

As far as I can tell, you’re heading in the right direction with the latest config snippet.

Don’t forget steering

All the best for this New Year everyone!

Thank you for bringing this up.
I tried configuring steering for two SSIDs, however the configuration doesn’t seem to propagate from CAPsMAN to the CAP.
Specifically, the /interface/wifi/steering portion is empty on CAP and listing details of /interface/wifi/config doesn’t show any steering config.

On CAPsMAN, I configured:

/interface wifi steering
add disabled=no name=Neighbor-user neighbor-group=Neighbor-user
add disabled=no name=Neighbor-user-5 neighbor-group=Neighbor-user-5

/interface wifi configuration
add country=Poland datapath=wifi-datapath disabled=no name=2ghz security=sec-wpa2-front security.ft=yes .ft-over-ds=yes ssid=user steering=Neighbor-user
add country=Poland datapath=wifi-datapath disabled=no name=5ghz security=sec-wpa2-front security.ft=yes .ft-over-ds=yes ssid=user-5 steering=Neighbor-user-5

What am I missing?