fhbash
December 5, 2023, 1:31pm
1
Hey y’all… first, I’ll like to apolozige, I’m just start to learn mikrotik stuff. and was tested and reach 1Gbps
If I go to winbox, and make one test from CAP ac to hEX, I could reach more than 800Mbps, and the interface is negotiate in 1Gbps. My problem is: Any device connected on Wifi, only reach +/- 30Mbps… even no one else is connected on wifi.. here is my current config: Which part can I improve? Thanks!
/caps-man channel
add band=5ghz-n/ac frequency="" name=5g skip-dfs-channels=no
add band=2ghz-g/n frequency=2412,2432,2452,2472 name=2g
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled \
frequency=5180 name=Ch36_20M tx-power=20
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled \
frequency=2412 name=Ch1 tx-power=20
/interface bridge
add name=bridge
/interface ethernet
set [ find default-name=ether1 ] name=ether1-imicro
set [ find default-name=ether2 ] name=ether2-switch
set [ find default-name=ether3 ] name=ether3-wifi-casa
set [ find default-name=ether4 ] name=ether4-trabalho
set [ find default-name=ether5 ] name=ether5-home-server
/interface vlan
add interface=bridge name=vlan-consultorio vlan-id=20
add interface=bridge name=vlan-iot vlan-id=30
add interface=bridge name=vlan-visitante vlan-id=10
/caps-man datapath
add arp=enabled bridge=bridge client-to-client-forwarding=yes local-forwarding=\
yes name=datapath-default
add arp=enabled bridge=bridge client-to-client-forwarding=yes local-forwarding=\
yes name=datapath-visitante vlan-id=10 vlan-mode=use-tag
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1-imicro max-mtu=1492 \
name=pppoe-imicro use-peer-dns=yes user=XXXXXX
/caps-man rates
add basic=6Mbps name="GN Only - No B Rates" supported=\
6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps
/caps-man security
add authentication-types=wpa2-psk disable-pmkid=yes encryption=aes-ccm \
group-encryption=aes-ccm group-key-update=1h name=wifi-visitante
add authentication-types=wpa2-psk disable-pmkid=yes encryption=aes-ccm \
group-encryption=aes-ccm group-key-update=1h name=wifi-casa
/caps-man configuration
add channel=Ch1 country=brazil datapath=datapath-default installation=indoor \
mode=ap name=cfg-2G rates="GN Only - No B Rates" security=wifi-casa ssid=\
casa
add channel=Ch1 country=brazil datapath=datapath-visitante installation=indoor \
mode=ap name=cfg-visitante-2G rates="GN Only - No B Rates" security=\
wifi-visitante ssid=casa-visitante
add channel=Ch36_20M country=brazil datapath=datapath-default installation=any \
mode=ap name=cfg-5G rates="GN Only - No B Rates" security=wifi-casa ssid=\
fellipeh
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.0.100-192.168.0.254,192.168.1.2-192.168.1.254
add name=dhcp_visitante ranges=192.168.10.2-192.168.10.254
add name=dhcp_consultorio ranges=192.168.20.2-192.168.20.254
add name=dhcp_iot ranges=192.168.30.2-192.168.30.254
/ip dhcp-server
add address-pool=dhcp interface=bridge lease-time=1w name=dhcp-v4
add address-pool=dhcp_visitante interface=vlan-visitante lease-time=1d name=\
dhcp-visitante
add address-pool=dhcp_consultorio interface=vlan-consultorio lease-time=1d \
name=dhcp-consultorio
add address-pool=dhcp_iot interface=vlan-iot lease-time=1w name=dhcp_iot
/port
set 0 name=serial0
/queue simple
add max-limit=30M/30M name=queue_vlan target=192.168.10.0/24,192.168.20.0/24
add max-limit=10M/10M name=queue_iot target=192.168.30.0/24
/caps-man manager
set enabled=yes
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=bridge
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=g master-configuration=\
cfg-2G name-format=prefix-identity name-prefix=2.4GHz slave-configurations=\
cfg-visitante-2G
add action=create-dynamic-enabled hw-supported-modes=a,ac master-configuration=\
cfg-5G name-format=prefix-identity name-prefix=5Ghz
/interface bridge port
add bridge=bridge interface=ether2-switch
add bridge=bridge interface=ether3-wifi-casa
add bridge=bridge interface=ether4-trabalho
add bridge=bridge interface=ether5-home-server
/interface list member
add interface=pppoe-imicro list=WAN
add interface=bridge list=LAN
/ip address
add address=192.168.10.1/24 interface=vlan-visitante network=192.168.10.0
add address=192.168.20.1/24 interface=vlan-consultorio network=192.168.20.0
add address=192.168.30.1/24 interface=vlan-iot network=192.168.30.0
add address=192.168.0.1/24 interface=bridge network=192.168.0.0
/ip dhcp-client
add disabled=yes interface=ether1-imicro
/ip dhcp-server config
set store-leases-disk=5h
/ip dhcp-server network
add address=192.168.0.0/24 dns-server=192.168.0.2 gateway=192.168.0.1
add address=192.168.10.0/24 dns-server=192.168.0.2 gateway=192.168.10.1
add address=192.168.20.0/24 dns-server=192.168.0.2 gateway=192.168.20.1
add address=192.168.30.0/24 dns-server=192.168.0.2 gateway=192.168.30.1
/ip dns
set servers=192.168.0.2
/ip firewall address-list
add address=0.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=172.16.0.0/12 comment=RFC6890 list=not_in_internet
add address=192.168.0.0/16 comment=RFC6890 list=not_in_internet
add address=10.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=169.254.0.0/16 comment=RFC6890 list=not_in_internet
add address=127.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=224.0.0.0/4 comment=Multicast list=not_in_internet
add address=198.18.0.0/15 comment=RFC6890 list=not_in_internet
add address=192.0.0.0/24 comment=RFC6890 list=not_in_internet
add address=192.0.2.0/24 comment=RFC6890 list=not_in_internet
add address=198.51.100.0/24 comment=RFC6890 list=not_in_internet
add address=203.0.113.0/24 comment=RFC6890 list=not_in_internet
add address=100.64.0.0/10 comment=RFC6890 list=not_in_internet
add address=240.0.0.0/4 comment=RFC6890 list=not_in_internet
add address=192.88.99.0/24 comment="6to4 relay Anycast [RFC 3068]" list=\
not_in_internet
add address=177.xxx.xx.150 list=PUBLIC_IP
add address=192.168.0.0/16 list=LAN
add address=192.168.0.200-192.168.0.254 list=IOT_IPS
add address=192.168.0.2 list=DNS_SERVER
/ip firewall filter
add action=fasttrack-connection chain=forward comment=FastTrack \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="Established, Related" \
connection-state=established,related
add action=accept chain=forward connection-state=established,related,untracked
add action=drop chain=forward comment="Drop invalid" connection-state=invalid \
log-prefix=invalid
add action=jump chain=forward comment="jump to ICMP filters" jump-target=icmp \
protocol=icmp
add action=accept chain=forward comment="DNS - Visitante" dst-address-list=\
DNS_SERVER in-interface=vlan-visitante
add action=accept chain=forward comment="DNS - Consultorio" dst-address-list=\
DNS_SERVER in-interface=vlan-consultorio
add action=accept chain=forward comment="DNS - iot" dst-address-list=DNS_SERVER \
in-interface=vlan-iot
add action=accept chain=input comment="Accept DNS - UDP" port=53 protocol=udp
add action=accept chain=input comment="Accept DNS - TCP" port=53 protocol=tcp
add action=drop chain=input comment="bloqueio acesso router de fora" dst-port=\
80 in-interface=all-ppp log-prefix=TENTATIVA_HTTP_FORA protocol=tcp
add action=drop chain=forward comment=VISITANTE in-interface=vlan-visitante \
out-interface=!pppoe-imicro
add action=drop chain=forward comment=CONSULTORIO in-interface=vlan-consultorio \
out-interface=!pppoe-imicro
add action=drop chain=input comment="BLOQUEAR WINBOX FORA LAN" dst-port=8291 \
in-interface=pppoe-imicro log-prefix=TENTATIVA-WINBOX protocol=tcp
add action=drop chain=input comment="bloqueio DNS de fora" dst-port=53 \
in-interface=ether1-imicro protocol=udp
add action=drop chain=forward comment=\
"Drop tries to reach not public addresses from LAN" dst-address-list=\
not_in_internet in-interface=bridge log-prefix=!public_from_LAN \
out-interface=!bridge
add action=drop chain=forward comment=\
"Drop incoming packets that are not NAT`ted" connection-nat-state=!dstnat \
connection-state=new in-interface=ether1-imicro log-prefix=!NAT
add action=drop chain=forward comment=\
"Drop incoming from internet which is not public IP" in-interface=\
ether1-imicro log-prefix=!public src-address-list=not_in_internet
add action=accept chain=input dst-address-list=IOT_IPS log=yes log-prefix=IOT
/ip firewall mangle
add action=mark-connection chain=prerouting new-connection-mark=HA_NAT \
passthrough=yes src-address-list=LAN
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
add action=masquerade chain=srcnat out-interface=all-vlan
add action=dst-nat chain=dstnat comment=home_assistant dst-port=8124 \
log-prefix=HA protocol=tcp to-addresses=192.168.0.21 to-ports=8123
add action=dst-nat chain=dstnat comment=home_assistant dst-port=8443 \
log-prefix=HA protocol=tcp to-addresses=192.168.0.21 to-ports=443
add action=dst-nat chain=dstnat comment=nextcloud dst-port=8125 protocol=tcp \
to-addresses=192.168.0.23 to-ports=80
add action=dst-nat chain=dstnat comment="splunk hec" disabled=yes dst-port=8088 \
in-interface=pppoe-imicro log=yes log-prefix=SPLUNK_HEC protocol=tcp \
to-addresses=192.168.0.30 to-ports=8088
add action=dst-nat chain=dstnat comment=splunk disabled=yes dst-port=8000 \
in-interface=pppoe-imicro log=yes log-prefix=SPLUNK_WEB protocol=tcp \
to-addresses=192.168.0.30 to-ports=8000
add action=masquerade chain=srcnat comment="homeassistant NAT" connection-mark=\
HA_NAT
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ipv6 firewall filter
add action=accept chain=input dst-port=546 protocol=udp src-address=fe80::/16
/ipv6 nd
set [ find default=yes ] hop-limit=64
/system clock
set time-zone-name=America/Sao_Paulo
/system identity
set name=MikroTik-Roteador
/system note
set show-at-login=no
/tool graphing interface
add interface=pppoe-imicro
If Im not wrong, you are limiting all interfaces with rates and you stated max rate 54 Mbps ?
In that case +/-30 Mbps looks about right
fhbash
December 5, 2023, 5:15pm
3
If Im not wrong, you are limiting all interfaces with rates and you stated max rate 54 Mbps ?
In that case +/-30 Mbps looks about right
To be honest, I just followed one tutorial on google.. After you said that, I found out the “rate” into CAPSMAN configuration, and remove it.. still above 30Mbps..
I’m using the Speedtest app on my iOS, and the fast[.]com website on my notebook to test it
There’s one thing weird.. even I’m under the CAPs, my phone connects only on 2.4GHz… not on 5GHz… there’s way to force to connect on 5GHz?
normis
December 5, 2023, 5:18pm
4
Yes, why are you setting speed limits here, and wondering why speed is limited?
/caps-man rates
add basic=6Mbps name="GN Only - No B Rates" supported=\
6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps
remove all rates settings completely, and test again
fhbash
December 5, 2023, 5:51pm
5
Yes, why are you setting speed limits here, and wondering why speed is limited?
/caps-man rates
add basic=6Mbps name="GN Only - No B Rates" supported=\
6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps
remove all rates settings completely, and test again
Hi normis, I followed one google tutorial. When I read I understood that checkbox is to select the which frequency will be accept.. I remove it, and still rate under 30Mbps..
If you need max speed use 80 MHz channel width for 5Ghz and 40MHz for 2.4 GHz radio but i wouldn’t recommend you to do that on 2.4 GHz radio, especially if you live in apartment building.
I use 20 MHz for 2.4 GHz and 40 MHz for 5GHz, i could use wider channels as I live in a house and i don’t have any wireless networks around me (i have but they are so weak they are barely detectable)
When you connect with your devices what are reported link speeds ?
fhbash
December 5, 2023, 6:46pm
7
If you need max speed use 80 MHz channel width for 5Ghz and 40MHz for 2.4 GHz radio but i wouldn’t recommend you to do that on 2.4 GHz radio, especially if you live in apartment building.
I use 20 MHz for 2.4 GHz and 40 MHz for 5GHz, i could use wider channels as I live in a house and i don’t have any wireless networks around me (i have but they are so weak they are barely detectable)
When you connect with your devices what are reported link speeds ?
I have only these options on a Control Channel width: 5MHz, 10MHz, 20MHz and 40MHz Turbo.. if I select the 40MHz turbo, on log show that: failed to select channel, no supported channel.
For sake of testing put your frequency to auto and test again.
fhbash
December 5, 2023, 7:21pm
9
I removed the frequency, from the channel… doesn’t make any difference.. I notice my phone was connected like this:
Did you try to separate SSIDs for 2.4 and 5 GHz ? That way you can choose 5GHz network in your phone.
What ROS version are you running ?
fhbash
December 5, 2023, 7:34pm
11
I’ll like to have only 1 SSID, but if I can’t make it run ok, I can separate it…
on hEX: 7.12.1
Maybe the problem it’s on CAPSMAN?
Update your CAPs to newest version for start. If you can post your config after you deleted rate limit.
fhbash
December 5, 2023, 8:39pm
13
CAPs it’s on the latest stable version, 6.49.10
Here is the config:
/caps-man channel
add band=5ghz-n/ac frequency="" name=5g skip-dfs-channels=no
add band=2ghz-g/n frequency=2412,2432,2452,2472 name=2g
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled frequency="" name=Ch36_20M
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled frequency="" name=Ch1 tx-power=20
/interface bridge
add name=bridge
/interface ethernet
set [ find default-name=ether1 ] name=ether1-imicro
set [ find default-name=ether2 ] name=ether2-switch
set [ find default-name=ether3 ] name=ether3-wifi-casa
set [ find default-name=ether4 ] name=ether4-trabalho
set [ find default-name=ether5 ] name=ether5-home-server
/interface vlan
add interface=bridge name=vlan-consultorio vlan-id=20
add interface=bridge name=vlan-iot vlan-id=30
add interface=bridge name=vlan-visitante vlan-id=10
/caps-man datapath
add arp=enabled bridge=bridge client-to-client-forwarding=yes local-forwarding=yes name=datapath-default
add arp=enabled bridge=bridge client-to-client-forwarding=yes local-forwarding=yes name=datapath-visitante vlan-id=10 vlan-mode=use-tag
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1-imicro max-mtu=1492 name=pppoe-imicro use-peer-dns=yes user=XXXXX
/caps-man security
add authentication-types=wpa2-psk disable-pmkid=yes encryption=aes-ccm group-encryption=aes-ccm group-key-update=1h name=wifi-visitante
add authentication-types=wpa2-psk disable-pmkid=yes encryption=aes-ccm group-encryption=aes-ccm group-key-update=1h name=wifi-casa
/caps-man configuration
add channel=Ch1 country=brazil datapath=datapath-default installation=indoor mode=ap name=cfg-2G security=wifi-casa ssid=fellipeh
add channel=Ch1 country=brazil datapath=datapath-visitante installation=indoor mode=ap name=cfg-visitante-2G security=wifi-visitante ssid=fellipeh-visitante
add channel=Ch36_20M country=brazil datapath=datapath-default installation=any mode=ap name=cfg-5G security=wifi-casa ssid=fellipeh
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.0.100-192.168.0.254,192.168.1.2-192.168.1.254
add name=dhcp_visitante ranges=192.168.10.2-192.168.10.254
add name=dhcp_consultorio ranges=192.168.20.2-192.168.20.254
add name=dhcp_iot ranges=192.168.30.2-192.168.30.254
/ip dhcp-server
add address-pool=dhcp interface=bridge lease-time=1w name=dhcp-v4
add address-pool=dhcp_visitante interface=vlan-visitante lease-time=1d name=dhcp-visitante
add address-pool=dhcp_consultorio interface=vlan-consultorio lease-time=1d name=dhcp-consultorio
add address-pool=dhcp_iot interface=vlan-iot lease-time=1w name=dhcp_iot
/port
set 0 name=serial0
/queue simple
add max-limit=30M/30M name=queue_vlan target=192.168.10.0/24,192.168.20.0/24
add max-limit=10M/10M name=queue_iot target=192.168.30.0/24
/caps-man manager
set enabled=yes
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=bridge
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=g master-configuration=cfg-2G name-format=prefix-identity name-prefix=2.4GHz slave-configurations=cfg-visitante-2G
add action=create-dynamic-enabled hw-supported-modes=a,ac master-configuration=cfg-5G name-format=prefix-identity name-prefix=5Ghz
/interface bridge port
add bridge=bridge interface=ether2-switch
add bridge=bridge interface=ether3-wifi-casa
add bridge=bridge interface=ether4-trabalho
add bridge=bridge interface=ether5-home-server
/interface list member
add interface=pppoe-imicro list=WAN
add interface=bridge list=LAN
/ip address
add address=192.168.10.1/24 interface=vlan-visitante network=192.168.10.0
add address=192.168.20.1/24 interface=vlan-consultorio network=192.168.20.0
add address=192.168.30.1/24 interface=vlan-iot network=192.168.30.0
add address=192.168.0.1/24 interface=bridge network=192.168.0.0
/ip dhcp-client
add disabled=yes interface=ether1-imicro
/ip dhcp-server config
set store-leases-disk=5h
/ip dhcp-server network
add address=192.168.0.0/24 dns-server=192.168.0.2 gateway=192.168.0.1
add address=192.168.10.0/24 dns-server=192.168.0.2 gateway=192.168.10.1
add address=192.168.20.0/24 dns-server=192.168.0.2 gateway=192.168.20.1
add address=192.168.30.0/24 dns-server=192.168.0.2 gateway=192.168.30.1
/ip dns
set servers=192.168.0.2
/ip firewall address-list
add address=0.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=172.16.0.0/12 comment=RFC6890 list=not_in_internet
add address=192.168.0.0/16 comment=RFC6890 list=not_in_internet
add address=10.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=169.254.0.0/16 comment=RFC6890 list=not_in_internet
add address=127.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=224.0.0.0/4 comment=Multicast list=not_in_internet
add address=198.18.0.0/15 comment=RFC6890 list=not_in_internet
add address=192.0.0.0/24 comment=RFC6890 list=not_in_internet
add address=192.0.2.0/24 comment=RFC6890 list=not_in_internet
add address=198.51.100.0/24 comment=RFC6890 list=not_in_internet
add address=203.0.113.0/24 comment=RFC6890 list=not_in_internet
add address=100.64.0.0/10 comment=RFC6890 list=not_in_internet
add address=240.0.0.0/4 comment=RFC6890 list=not_in_internet
add address=192.88.99.0/24 comment="6to4 relay Anycast [RFC 3068]" list=not_in_internet
add address=192.168.0.0/16 list=LAN
add address=192.168.0.200-192.168.0.254 list=IOT_IPS
add address=192.168.0.2 list=DNS_SERVER
/ip firewall filter
add action=fasttrack-connection chain=forward comment=FastTrack connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="Established, Related" connection-state=established,related
add action=accept chain=forward connection-state=established,related,untracked
add action=drop chain=forward comment="Drop invalid" connection-state=invalid log-prefix=invalid
add action=jump chain=forward comment="jump to ICMP filters" jump-target=icmp protocol=icmp
add action=accept chain=forward comment="DNS - Visitante" dst-address-list=DNS_SERVER in-interface=vlan-visitante
add action=accept chain=forward comment="DNS - Consultorio" dst-address-list=DNS_SERVER in-interface=vlan-consultorio
add action=accept chain=forward comment="DNS - iot" dst-address-list=DNS_SERVER in-interface=vlan-iot
add action=accept chain=input comment="Accept DNS - UDP" port=53 protocol=udp
add action=accept chain=input comment="Accept DNS - TCP" port=53 protocol=tcp
add action=drop chain=input comment="bloqueio acesso router de fora" dst-port=80 in-interface=all-ppp log-prefix=TENTATIVA_HTTP_FORA protocol=tcp
add action=drop chain=forward comment=VISITANTE in-interface=vlan-visitante out-interface=!pppoe-imicro
add action=drop chain=forward comment=CONSULTORIO in-interface=vlan-consultorio out-interface=!pppoe-imicro
add action=drop chain=input comment="BLOQUEAR WINBOX FORA LAN" dst-port=8291 in-interface=pppoe-imicro log-prefix=TENTATIVA-WINBOX protocol=tcp
add action=drop chain=input comment="bloqueio DNS de fora" dst-port=53 in-interface=ether1-imicro protocol=udp
add action=drop chain=forward comment="Drop tries to reach not public addresses from LAN" dst-address-list=not_in_internet in-interface=bridge log-prefix=!public_from_LAN out-interface=!bridge
add action=drop chain=forward comment="Drop incoming packets that are not NAT`ted" connection-nat-state=!dstnat connection-state=new in-interface=ether1-imicro log-prefix=!NAT
add action=drop chain=forward comment="Drop incoming from internet which is not public IP" in-interface=ether1-imicro log-prefix=!public src-address-list=not_in_internet
add action=accept chain=input dst-address-list=IOT_IPS log=yes log-prefix=IOT
/ip firewall mangle
add action=mark-connection chain=prerouting new-connection-mark=HA_NAT passthrough=yes src-address-list=LAN
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
add action=masquerade chain=srcnat out-interface=all-vlan
add action=dst-nat chain=dstnat comment=home_assistant dst-port=8124 log-prefix=HA protocol=tcp to-addresses=192.168.0.21 to-ports=8123
add action=dst-nat chain=dstnat comment=home_assistant dst-port=8443 log-prefix=HA protocol=tcp to-addresses=192.168.0.21 to-ports=443
add action=dst-nat chain=dstnat comment=nextcloud dst-port=8125 protocol=tcp to-addresses=192.168.0.23 to-ports=80
add action=dst-nat chain=dstnat comment="splunk hec" disabled=yes dst-port=8088 in-interface=pppoe-imicro log=yes log-prefix=SPLUNK_HEC protocol=tcp to-addresses=192.168.0.30 to-ports=8088
add action=dst-nat chain=dstnat comment=splunk disabled=yes dst-port=8000 in-interface=pppoe-imicro log=yes log-prefix=SPLUNK_WEB protocol=tcp to-addresses=192.168.0.30 to-ports=8000
add action=masquerade chain=srcnat comment="homeassistant NAT" connection-mark=HA_NAT
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ipv6 firewall filter
add action=accept chain=input dst-port=546 protocol=udp src-address=fe80::/16
/ipv6 nd
set [ find default=yes ] hop-limit=64
/system clock
set time-zone-name=America/Sao_Paulo
/system identity
set name=MikroTik-Roteador
/system note
set show-at-login=no
/tool graphing interface
add interface=pppoe-imicro
bpwl
December 5, 2023, 11:15pm
14
Wow … a bit old those 54Mbps , this is for 802.11G , single stream.
See: https://mcsindex.com/
Mostly we get dual stream (=2S) see it in the registration table. Like 144Mbps interface (*) rate, for 2 spatial streams, with only 20MHz bandwidth and short-guard interval
After G (g) comes N (n : wifi 4)… with the HT MCS rates 0-7 for single stream, 8-15 for dual spatial stream , etc for triple if AP and client can handle it (needs that many antenna)
(*) … interface rates are not the net data rate. There are a lot of mandatory inter-transmission gaps in wifi , The higher the interface rate , the higher the relative impact of those GAPS.http://forum.mikrotik.com/t/help-mikrotik-capsman-wireless-download-speed-max-200mb-but-pcs-mobiles-link-speed-is-866mbps/142677/1
And … “basic rates” is for broadcasts and beacons, not for regular unicast data. Supported rates defined for 802.11g single spatial stream , from there on look at HT MCS rates, VHT MCS rates etc etc
I can see that you have some queues active with limit of 30 and 10 Mbps. That would limit your speed also.
normis
December 6, 2023, 10:31am
16
Do not follow random tutorials on googe. Looks like this one was 15 years old.
Just to a factory reset and the best possible wireless config will be applied.
fhbash
December 6, 2023, 12:39pm
17
These queues is supposed to run only on the VPNs
Ok, you’re saying it will be better to remove the capsman, and reset all CAPs to the factory and use it without capsman?
As far as I can see you are limiting VLANs. I don’t see VPN settings.
Also in provisioning why did you put supported modes only g ? That can also limit your speed, 802.11g is supposed to go up to 54 Mbps max, so your 30Mbps seems about right.
Also 5GHz radio, why a mode ? Use ac only.
Moba
December 6, 2023, 8:29pm
19
Isn’t the new smaller wave2 driver in 7.13 available for this model ? I am not sure what was changed (maybe updates on the clients), but the package available in 7.12.1 has been exceptionally good on my 4011. I am getting a solid 900 Mbps on ax clients for the first time…
Everything is automatic with this driver, so it’s hard to mess up with bad Google tutorials. Obviously, those queues need to be modified as well.
mkx
December 6, 2023, 8:37pm
20
It is. But on its 16MB flash is a really tight squeeze and config’s gotta be really trivial not to completely fill the remaining space which then causes random problems.
So, I have this infrastructure: hEX ← 2 CAP ac… the CAP’s is connected to my hEX directly using an network cable, and was tested and reach 1Gbps
