Bought a new hAP ac^2, and having difficulty getting any speed on my wifi.
I have 250 mbit down, but using the MikroTik I only get around 10-20… (2,4 and 5 ghz.)
Using 5 ghz with my old Asus router, I get 238 on my iPhone…
LAN speed is no problem, I max out my connection right away.
I tried all 3 firmware currently available, 6.42.9, 6.43.3 and 6.44beta28 with no measurable difference.
I tried all different channels, only 2.4, only 5 ghz etc.
I´d be happy to supply anyone with whatever logs, info, config etc and all help is much appreciated.
Thank you.
EDIT: If I turn of the security profile, I get full speed.. so must be something related to that feature. Any idea?
I guess you can’t turn off a security profile but you can set mode to none if that is what you mean.
Please provide more information on your wireless security profile configuration.
Have you selected both wpa psk & wpa2 psk.
Have u specified tkip or aes ccm chipers or both or none of them. Try specifying wpa2 psk & aes ccm only. I think tkip have performance issues, is deprecated and no longer considered secure.
Hi,
Thank you for the help.
After trying different things, this is my setup.
Now I get the speed I expected
Strange that tkip affect the speed that much…
Hey! I know this post is a bit old, but as January of 2020 this save my life! I have speeds of 20Mbs and after doing this configuration I get my real speed 300Mbs!
Does tkip slow down performance by its very existence enabled, or does a connection actually have to be using it?
I ask because in certain circumstances (public APs, rural home APs) I have enabled this by default because occasionally we encounter a customer wireless device (printer, security cam, etc.) so old that it will not do aes, then we get “my internet doesn’t work” phone calls. I hate to think I may be slowing down customer performance in the vast proportion of cases where everything knows aes and nothing uses tkip.
OK, from the answer, not sure I got my point across.
Wouldn’t the encryption CPU be burned ONLY if some connection was actually USING tkip?
Does just making tkip available (for devices that may show up that can’t connect over aes) immediately affect cpu even if no such devices actually show up?
If TKIP is an available option BUT not being utilized [enabled] then there is no performance penalty.
You cannot be selective … its either TKIP or WPA/WPA2 with AES … Both will not work at the same time on the AP that provides the service.
If you have multiple AP’s where some have TKIP enables and other AP’s where WPA/WPA2 is enabled The TKIP AP’s will not impact the AP’s and their Clients running under WPA/WPA2… but under this mixed environment collaboration between wireless clients will fail.
Modern Day wireless infrastructure no longer provide support for TKIP. because of the performance penalty.
Wow. The fact that both Winbox and the CLI allow both to be enabled nonexclusively does not hint at this limitation at all! I thought the encryption protocol would be exercised on a per-connection basis, much as APs apply different encryption keys depending on the specific client connection (e.g., private pre-shared key).
The situations where I have been forced to enable tkip for very old devices don’t involve collaboration, so I may change architecture to a separate virtual AP using tkip that I can enable only if needed.
If you enable TKIP for a Virtual AP and have WPA/WPA2 on another Virtual AP that YOU are utilizing on the same wireless MikroTik Router your performance will be poor for both because TKIP will HIT the SAME CPU slowing everything down.
Your architecture must have independent AP with their own dedicated processing power … virtual devices share the same processing power whereas dedicated devices do not.
I’m not going to put two wireless units into someone’s home just because they have a device that’s too old to talk aes, particularly since in many cases they only have the device because they can’t afford to upgrade it. If they have an old device, they’re just gonna have to take the hit. I just want to make sure the people who don’t have devices like that don’t take a hit they don’t need to take.
I understand that tkip is old technology and deprecated and fully anderstand that it can have a huge performance impact on devices like hap lite or even RB2011.
Now the hap ac2 is not a beast, but this CPU runs circles around the 2011. So my question is why such a big performance hit on hap ac2?
Yes, the HAP AC2 does have a 4 core CPU running at 716 MHz so the performance hit extracted by using TKIP for a VIRTUAL AP is in relative terms … and certainly would be far superior to the hap lite or the RB2011 … although I have ZERO idea how RouterOS exploits the cores when using VAP’s. The point is that the processor is taxed far greater by utilizing the CPU for encryption/decryption consequently performance suffers for all dependent devices.
Thx, my post was not to question / dispute what you said, I have little radio frequency technical knowledge and have a natural inquiring mind when it comes to technical stuff and like to understand why, how, etc. to learn more
I understand that encryption using CPU will tax the CPU, but did not expect it to tax the Hap AC2 cpu by that much, i.e. from OP stats it was 10 fold, i.e. from 23Mb/s to 238Mb/s by disabling TKIP and these figures just did not add up for me. i.e. what did we get back in the day on device with much lower spec CPU like RB2011 with TKIP then, 5Mb/s?
Does not sound right or am I missing the boat totally here?
Client device’s Wi-Fi data rate will not exceed 54 Mbps when wired equivalent privacy (WEP) or temporal key integrity protocol (TKIP) encryption is configured.
The IEEE* 802.11n prohibits using high throughput with WEP or TKIP as the unicast cipher. If you use these encryption methods, your data rate will drop to 54 Mbps.
