With one of the recent updates, hap AC lite started to behave incorrectly, periodically losing connection or proposing to enter the password again, but mostly just causing big delays (like 800ms - 4s) I started to investigate the problem and enabled stats graphs.
Peak from 14-16 is the time I had problems today. I updated Mikrotik version (from 6.40 to 6.40.1 ) and reset the router, that visible on the graph, but the problem continued.console process taking up to 60% (I was using only WinBox to measure it). At the same time management took something around 30%. It’s my home router, I am the biggest Internet consumer, all other family members use simple browsing. Typical consumption is:
Open a New Terminal and issue
/export hide-sensitive=yes
That creates a config export in CLI commands syntax; copy & paste it here, along with the output of
/system routerboard print
I did not manage to insert image today, so it’s the fresh daily graph:
I see some correlation with consumption, but my connection speed is not as big:
wlan-2.4 (wlan-5 is almost not used)
routerboard: yes
model: RouterBOARD 952Ui-5ac2nD
serial-number: 66580588A2D2
firmware-type: qca9531L
factory-firmware: 3.27
current-firmware: 3.27
upgrade-firmware: 3.41
routerboard: yes
You need to upgrade RouterBoard firmware:
1.- Click Log so that you see the log of the device
When you see the message about “firware updated, please reboot” in the log, reboot.
Pukkita , thank you, I’ll give it a try.
Config you asked for:
# aug/05/2017 12:14:03 by RouterOS 6.40.1
# software id = LU3R-8YI3
#
# model = RouterBOARD 952Ui-5ac2nD
# serial number = 66580588A2D2
/interface bridge
add admin-mac=E4:8D:8C:EA:27:C9 auto-mac=no fast-forward=no name=bridge-local
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-master-local
set [ find default-name=ether3 ] master-port=ether2-master-local name=\
ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-master-local name=\
ether4-slave-local
set [ find default-name=ether5 ] master-port=ether2-master-local name=\
ether5-slave-local
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n basic-rates-a/g=12Mbps \
basic-rates-b=11Mbps channel-width=20/40mhz-Ce country=ukraine disabled=no \
distance=indoors frequency=2437 mode=ap-bridge name=wlan-2.4 rate-set=\
configured ssid=Rivendell supported-rates-a/g=\
12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps supported-rates-b=11Mbps \
wireless-protocol=802.11 wps-mode=disabled
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40mhz-Ce \
disabled=no distance=indoors mode=ap-bridge name=wlan-5 ssid=Rivendell-5 \
wireless-protocol=802.11
/ip neighbor discovery
set ether1-gateway discover=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods="" \
mode=dynamic-keys supplicant-identity=54AC8B67DD
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=\
bridge-local name=default
/system logging action
set 1 disk-file-name=log
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=wlan-2.4
add bridge=bridge-local interface=wlan-5
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=\
ether2-master-local network=192.168.88.0
/ip arp
add address=192.168.88.195 comment="Raspberry WiFi" interface=bridge-local \
mac-address=B8:27:EB:8E:C6:B3
add address=192.168.88.253 comment="My PC" interface=bridge-local mac-address=\
14:CC:20:1E:54:E2
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=no \
interface=ether1-gateway
/ip dhcp-server lease
add address=192.168.88.225 client-id=1:a8:9f:ba:77:50:7f mac-address=\
A8:9F:BA:77:50:7F server=default
add address=192.168.88.229 mac-address=20:82:C0:E1:6B:4D server=default
/ip dhcp-server network
add address=192.168.88.0/24 comment="default configuration" gateway=\
192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add action=drop chain=forward comment="Drop youtube" disabled=yes \
dst-address-list=youtube src-address=192.168.88.225
add action=accept chain=input comment="default configuration" protocol=icmp
add action=accept chain=input comment="default configuration" connection-state=\
established,related
add action=drop chain=input comment="default configuration" in-interface=\
ether1-gateway
add action=fasttrack-connection chain=forward comment="default configuration" \
connection-state=established,related
add action=accept chain=forward comment="default configuration" \
connection-state=established,related
add action=drop chain=forward comment="default configuration" connection-state=\
invalid
add action=drop chain=forward comment="default configuration" \
connection-nat-state=!dstnat connection-state=new in-interface=\
ether1-gateway
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=ether1-gateway
/system clock
set time-zone-name=Europe/Kiev
#error exporting /system routerboard mode-button
/tool graphing interface
add
/tool graphing resource
add
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=wlan-2.4
add interface=wlan-5
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=wlan-2.4
add interface=wlan-5
add interface=bridge-local
Some enhancements to that config:
1.- Do not set 2.4GHz (wlan1) to 20/40MHz. Unless you live in the middle of the desert, 40MHz isn’t usable in 2.4GHz. Leave it at 20MHz only.
2.- Go to Queues > Interface Queues and change Queue Type of wlan1 and wlan2 interfaces to only-hardware-queue .
3.- Disable graphs. Those consume CPU and slowly trashes NVRAM life.
Kindis
August 5, 2017, 11:03am
7
/ip dns
set allow-remote-requests=yes
This should be
/ip dns
set allow-remote-requests=no
This might be your problem if you router is part of a DNS amplification attack. Very little traffic on external interface but consumes CPU.
@Kindis : Have to disagree… that’s wrong.
First, he’s (rightly) already using the default firewall, so that won’t happen:
/ip firewall filter
add action=drop chain=input comment="default configuration" in-interface=ether1-gateway
Secondly, if he were being subjet to a DNS DDoS attack, Tx on ether1-gateway will be really noticeable, and so CPU usage.
Third, if the does that, his LAN will break:
/ip dhcp-server network
add address=192.168.88.0/24 comment="default configuration" gateway=\
192.168.88.1
As his DHCP would be handing this router DNS to DHCP clients.
For the record, setting 8.8.8.8, 8.8.4.4 or your ISP DNS for the DHCP server to hand to DHCP clients and disabling local DNS would be equally bad practice.
ROS has a DNS cache, take advantage of it! DNS resolution speed has a direct impact on network “snappiness”, it can make a night and day diference on any network.
Is it fine to use 8.8.8.8 or 8.8.4.4 for the router itself if your ISP DNS is slower than google’s, but you’d better keep DNS resolution local for your LAN.
Pukkita , thank you for your advice. Everything is working smoothly, CPU load is even lower than it was.
I’ll disable resource graphs soon, I enabled them only for having some stats when the problem occurred.
Kindis , thank’s for your help too. Seems like problem was in the old firmware (at least it didn’t repeat for two days), but I’ll take it into consideration.
We were using Mikrotik widely at ISP where I worked, but that was 10 years ago
Another haP model, but here was a problem the old firmware too. Thanks a lot!
. I forgot almost everything and never knew much about Wi-Fi, so lot of setting are defaults or old preferences that was optimal then. So much changed since that time. But I’m using my hap ac for a half of the year and it’s the first problem that happened after 10 mins I spent on initial config.