Cap AX: clients tend to use 2.4GHz instead of 5GHz

danergo · May 28, 2024, 2:56pm

I know this topic has been discussed many times, but I can’t really understand what’s going on.

I have only one AP: CAP AX. It’s managed by CapsMan (because I’m planning to add more, but currently it’s my single wifi capable device).
Software is up-2-date: 7.14.3 (both for caps manager Mikrotik, and for CAP AX).

I decided to use the same SSID for both 2.4GHz and 5GHz:

/interface/wifi/configuration> print
Flags: X - disabled 
 0   name="default-2.4-trusted" mode=ap ssid="MikroTik-Trusted" hide-ssid=no manager=local security=default-trusted 
     security.ft=yes .ft-over-ds=yes 
     channel.band=2ghz-ax

 1   name="default-5-trusted" mode=ap ssid="MikroTik-Trusted" hide-ssid=no manager=local security=default-trusted 
     channel.band=5ghz-ax 

 2   name="default-2.4-ext" ssid="MikroTik-Ext" security=default-ext 
     channel.band=2ghz-ax 
     
/interface/wifi/security> print     
Flags: X - disabled 
 0   name="default-trusted" authentication-types=wpa2-psk,wpa3-psk passphrase="***************" ft=yes 
     ft-over-ds=yes 

 1   name="default-ext" authentication-types=wpa2-psk,wpa3-psk passphrase="*********************" 
 
/interface/wifi/provisioning> print
Columns: ACTION, MASTER-CONFIGURATION, SLAVE-CONFIGURATIONS
#  ACTION                  MASTER-CONFIGURATION  SLAVE-CONFIGURATIONS
0  create-dynamic-enabled  default-5-trusted                         
1  create-dynamic-enabled  default-2.4-trusted   default-2.4-ext

I tried using FT, but still both my recent Windows11 computer and my recent Galaxy phone connects to 2.4GHz, even IN SPITE 5GHz has higher signal:

Note: both devices (phone and notebook) is really close with direct line of sight to CAP AX.

What should I try to “force” them to 5GHz (if I prefer keeping the same SSID for both bands)?

neki · May 28, 2024, 3:02pm

Can you post your config? Do you have steering configured? I believe that key is using all three 802.11r/k/v.

When sending neighbor reports and BSS transition management requests, an AP will list all other APs within its neighbor group as potential roaming candidates.

By default, a dynamic neighbor group is created for each set of APs with the same SSID and authentication settings.
APs operating in the 5GHz band are indicated to be preferable to ones operating in the 2.4GHz band.

https://help.mikrotik.com/docs/display/ROS/WiFi#WiFi-Steeringproperties

infabo · May 28, 2024, 3:07pm

At least we need:

/interface/wifi/export

danergo · May 28, 2024, 3:09pm

Do I need

security.ft=yes .ft-over-ds=yes

?

If so - on which? Both 2.4G and 5G? Or only 2.4G?

For steering, I didn’t have anything yet, now I’m trying to set it. Which config needs it? Only 2.4G? Or only 5G? Or both?

“Steering” field is “unknown” and I can’t save this config. I have to remove the “Steering” field to save this. Is this OK?

What is that “dynamic … a6c” group? How can I validate which one is this? Or if the name prefix matches, I shall use this here?

Thank you!

danergo · May 28, 2024, 3:12pm

For the “interface/wifi” export:

/interface/wifi> export
# 2024-05-28 17:10:00 by RouterOS 7.14.3
# software id = 3WEH-9T0S
#
# model = L009UiGS
# serial number = ****************
/interface wifi security
add authentication-types=wpa2-psk,wpa3-psk disabled=no ft=yes ft-over-ds=yes name=default-trusted
add authentication-types=wpa2-psk,wpa3-psk disabled=no name=default-ext
/interface wifi configuration
add channel.band=2ghz-ax disabled=no hide-ssid=no manager=local mode=ap name=default-2.4-trusted security=default-trusted security.ft=yes \
    .ft-over-ds=yes ssid=MikroTik-Trusted steering.rrm=no .wnm=no
add channel.band=5ghz-ax disabled=no hide-ssid=no manager=local mode=ap name=default-5-trusted security=default-trusted ssid=MikroTik-Trusted
add channel.band=2ghz-ax disabled=no name=default-2.4-ext security=default-ext ssid=MikroTik-ext
/interface wifi capsman
set enabled=yes package-path=/packages require-peer-certificate=no upgrade-policy=suggest-same-version
/interface wifi provisioning
add action=create-dynamic-enabled disabled=no master-configuration=default-5-trusted supported-bands=5ghz-ax
add action=create-dynamic-enabled disabled=no master-configuration=default-2.4-trusted slave-configurations=default-2.4-ext supported-bands=\
    2ghz-ax

infabo · May 28, 2024, 3:19pm

Unset FT in configuration, as you already defined it in security profile “default-trusted”:

/interface/wifi/configuration/set !security.ft !security.ft-over-ds [find]

Then, you should not disable WNM nor RRM. You loose all roaming capabilities.

/interface/wifi/configuration/set !steering.rrm !steering.wnm [find]

Why do you explicitly set manager=local? I suggest to unset and use default value (=capsman-or-local):

/interface/wifi/configuration/set !manager [find]

infabo · May 28, 2024, 3:28pm

Once changes applied, check your neighbour groups by

/interface/wifi/steering/neighbor-group/print

It should show you one entry like “dynamic-MikroTik-Trusted-” and list the BSSIDs of your APs. In your case 2: 2.4ghz and 5ghz AP each.

holvoetn · May 28, 2024, 3:46pm

Once changes applied, check your neighbour groups by
/interface/wifi/steering/neighbor-group/print
It should show you one entry like “dynamic-MikroTik-Trusted-” and list the BSSIDs of your APs. In your case 2: 2.4ghz and 5ghz AP each.

Groups are based on SSID.
Should be both the same if you want to roam between radios and stay in the same SSID/group.
In OPs case, both SSIDs are the same (MikroTik-Trusted) so it will be as intended.

danergo · May 28, 2024, 6:59pm

Once changes applied, check your neighbour groups by
/interface/wifi/steering/neighbor-group/print
It should show you one entry like “dynamic-MikroTik-Trusted-” and list the BSSIDs of your APs. In your case 2: 2.4ghz and 5ghz AP each.

Indeed I have two item in this list:

 /interface/wifi/steering/neighbor-group/print    
 0 name="dynamic-MikroTik-Trusted-41cc9a6c" 
   bssids=abc,def

 1 name="dynamic-MikroTik-EXT-937f95ec" bssids=xyz

What would be the next step to set/check/change?

infabo · May 29, 2024, 7:27am

Now check your devices roaming behaviour. And since you mentioned a Galaxy phone → I recommend analiti app for analyzing the signal and verify AP capabilities; it also features a handover analyzer. https://play.google.com/store/apps/details?id=com.analiti.fastest.android

danergo · May 29, 2024, 9:23am

Thanks! So now, with your changes my devices shall use the 5GHz (theoretically)?

Anyway, last night - after your changes have been applied - I realized both my phone and notebook switched to 5G, and even another notebook and another phone and also one TV.

So now it seems working just right. More testing will be needed.

neki · May 29, 2024, 10:05am

Superb, anyway at the end, it is up to the client device to decide where it will connect to and that’s usually not in your power. You can just properly configure your network…

infabo · May 29, 2024, 10:20am

But if you disable 802.11k & 802.11v it is less likely that devices decide to roam.

It’s like being on a multi-lane highway: I am responsible for changing lanes. However, if I lack the necessary information about the traffic conditions (no side mirrors, fog, no lights at night), then for safety reasons I will stay on the lane I’m currently driving. Easy as that.

danergo · May 30, 2024, 10:11am

Now after few days of testing:

Galaxy phone tends to use 5G, while my notebook tends to use 2.4G.

Interestingly once I kill my notebook’s connection from \interfaces\wifi\registration, it immediately rejoins to 5G.

It seems devices usually detects 2.4G faster (than 5G) in my environment.

Can I do something to improve this?

Maybe using 802.11v to ‘instruct’ clients on 2.4G (wifi2) to join 5G (wifi1) in case they can see it? (How) Can I set this on CAP AX?

jaclaz · May 30, 2024, 11:43am

Which confirms that every single device may have its own “preferences”.

From the little I know of wi-fi, the 2.4 GHz will appear always or nearly always as having more “power”, while the 5GHz - which is definitely faster - may look as “weaker” signal.

Different Operating Systems and/or devices may (or may not) have settings to “prefer” a band over the other, which doesn’t mean that the “other” band will never be used, only that the one will have some priority, as the general idea of any OS is to assure connectivity (even if slower).

While you cannot do anything about other people’s devices (think of public access points or “guest” networks) you can try setting your device to prefer the one or the other band.

Of course the easiest workaround is to use two different SSID’s for the 2.4 GHz and for the 5 GHz and only give to the device the credentials for the chosen one, but this approach has its own downsides.

BTW, (and only as a side-side note) while I can understand that a mobile phone might be used while walking inside the house, I cannot imagine (I am evidently too old) all these people walking around while (say) making payments on their bank sites, replying to e-mails, or synchronizing their github repositories on their laptops.

@infabo
NIce comparison, I would have used as an example a carriage with horses with blinkers/blinders, but your highway lane is good.

infabo · March 15, 2025, 4:19pm

The 2g-probe-delay introduced in 7.18 maybe of help to resolve the issue finally: http://forum.mikrotik.com/t/wifi-roaming-for-wpa3-broken-again-somewhere-from-7-17-1-to-7-18beta5-edit-solved/181801/1