I though it would be best to just ask if anyone has experienced anything similar, and whether there’s a fix.
I recently bought the hAP ax lite LTE6. My first Mikrotik device. After playing around with it, I managed to get a decent config and everything seemed to work fine. However, now I’m having Wi-Fi connectivity issues and the one common factor is that it’s happening when I’m playing League of Legends. It’s quite rare but I get these 1-3s disconnects. Seems to happen only once or twice in match. One time when I was in a voice at the same time, the whole connection crashed and I wasn’t seeing my Wi-Fi in the connection list in Windows. I had to change to my old router to continue.
Only errors in Event Viewer were some DNS resolution fails and these:
Intel(R) Wi-Fi 6 AX200 160MHz : Has determined that the network adapter is not functioning properly.
Intel(R) Wi-Fi 6 AX200 160MHz : Has encountered an internal error and has failed.
None of these were were happening always but it made me wonder that are my drivers OK, so I reinstalled them, and still getting same issue. I’ve yet to test with another machine. Also, quite weird that it’s only with this Mikrotik router.
I also tried verifying where the issue is and everything seems to indicate that it’s somewhere between my computer and the router. On my computer I was pinging the Mikrotik router(default-gateway) and whenever those connection issues came, I got timed out errors. On my laptop with Winbox open at the same time I was pinging from the Mikrtotik to the next hop and there were no issues nor drops.
I was thinking that this is some bug but so far this has happened on 7.12.1 and 7.13. My config isn’t even anything special. Pretty close to the default. I mainly used the “first-time configuration” guide on Mikrotiks wiki or whatever it was.
/interface bridge
add name=LAN port-cost-mode=short
/interface wifi
set [ find default-name=wifi1 ] configuration.country=REDACTED .mode=ap .ssid=\
HomeWifi disabled=no security.authentication-types=wpa2-psk,wpa3-psk
add configuration.hide-ssid=yes .mode=ap .ssid=Peripheral disabled=no \
mac-address=REDACTED master-interface=wifi1 name=wifi2 \
security.authentication-types=wpa2-psk,wpa3-psk
/interface lte
# A newer version of modem firmware is available!
set [ find default-name=lte1 ] allow-roaming=no band="" disabled=yes
/interface list
add name=listBridge
/ip pool
add name=dhcp_pool0 ranges=10.128.76.2-10.128.76.254
/ip dhcp-server
add address-pool=dhcp_pool0 interface=LAN lease-time=2d name=dhcp1
/port
set 0 name=serial0
/interface bridge port
add bridge=LAN interface=ether2 internal-path-cost=10 path-cost=10
add bridge=LAN interface=ether3 internal-path-cost=10 path-cost=10
add bridge=LAN interface=ether4 internal-path-cost=10 path-cost=10
add bridge=LAN interface=wifi1 internal-path-cost=10 path-cost=10
/ip neighbor discovery-settings
set discover-interface-list=listBridge
/interface list member
add interface=LAN list=listBridge
/ip address
add address=10.128.76.1/24 interface=LAN network=10.128.76.0
add address=10.128.77.1/28 interface=wifi2 network=10.128.77.0
/ip dhcp-client
add interface=ether1
/ip dhcp-server network
add address=10.128.76.0/24 gateway=10.128.76.1
add address=10.128.77.0/28 gateway=10.128.77.1
/ip firewall filter
add action=accept chain=input comment="accept established,related" \
connection-state=established,related
add action=drop chain=input comment="drop invalid" connection-state=invalid
add action=drop chain=input comment="block everything to WAN port" \
in-interface=ether1
add action=drop chain=input comment="block everything to router excluding LAN" \
in-interface=!LAN
add action=accept chain=forward comment="allow streaming for TV" disabled=yes \
dst-address-list=Streaming src-address=10.128.77.0/28
add action=drop chain=forward comment="TV block" out-interface=ether1 \
src-address=10.128.77.0/28
add action=fasttrack-connection chain=forward comment=\
"fast-track for established,related" connection-state=established,related \
hw-offload=yes
add action=accept chain=forward comment="accept established,related" \
connection-state=established,related
add action=drop chain=forward comment="drop invalid" connection-state=invalid
add action=drop chain=forward comment=\
"drop access to clients behind NAT from WAN" connection-nat-state=!dstnat \
connection-state=new in-interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set winbox address=10.128.76.0/24
set api-ssl disabled=yes
/ip ssh
set strong-crypto=yes
/system clock
set time-zone-name=REDACTED
/system note
set show-at-login=no
/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=listBridge
/tool mac-server mac-winbox
set allowed-interface-list=listBridge
Yes, you are correct, @gigabyte091. I did a reset and copied some of the old configuration, so that’s why I’m missing second DHCP server. I have yet to study VLAN setups, so that’s why I went with two DCHP server approach. And it offered what I was hoping for so isolating Peripheral devices, such as TV, to its own separate network. But can this really affect then Wi-Fi connections?
Also, one thing I forgot to mention is that when I was pinging my default-gateway, I could momentarily see very high latency. Like 200ms, highest was 2000ms… Quite rare but sounds kinda bad.
Alright, I reset the router and did two adjustments to the dedault-config since I needed the ether1 to work as WAN port. I disabled the ether1 as bridge port and made it DHCP client. Also, I changed ether1 to the list member WAN, since I am not currently using lte. Unfortunately with this setup I was still having those disconnects on Wi-Fi. Do you think that even these changes can cause the issue because the ultimate default-config testing would need LTE since it’s configured as WAN by default.
/interface bridge
add admin-mac=REDACTED auto-mac=no comment=defconf name=bridge
/interface wifi
set [ find default-name=wifi1 ] channel.band=2ghz-ax .skip-dfs-channels=\
10min-cac .width=20/40mhz configuration.mode=ap .ssid=MikroTik-7712FB \
disabled=no security.authentication-types=wpa2-psk,wpa3-psk .ft=yes \
.ft-over-ds=yes
/interface lte
# A newer version of modem firmware is available!
# sim not present
set [ find default-name=lte1 ] allow-roaming=no band=""
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp interface=bridge lease-time=10m name=defconf
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge comment=defconf disabled=yes interface=ether1
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=wifi1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
192.168.88.0
/ip dhcp-client
add interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\
192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \
connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
out,none out-interface-list=WAN
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=\
33434-33534 protocol=udp
add action=accept chain=input comment=\
"defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=input comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" \
src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" \
dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 \
protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=forward comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/system clock
set time-zone-name=REDACTED
/system note
set show-at-login=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Try to increase your DHCP lease time to 1 day. In default config you have lease time set to 10min and that could cause 1s reconnects as after 10 min new IP is offered.
No change
Logs are showing just wifi1 disconnected, disassociated, associated, connected for my PC repeatedly once the issue happens. Like 10 times, until I finally properly disconnect my PC from the network and reconnect.
Yup, standalone device. Also, FT seems to be enabled in the default-config, as well as FT Over DS. At least those are already enabled for wifi1. The latest config I shared, is the one I’m using now. It’s the default with the exception that ether1 is configured as WAN. I’ll try disabling those.
Okay yeah, I’ll probably have to do that. I might first try to get a SIM card and see if the behaviour continues with complete default-config. I also want to try if it happens with wired connection.
I was also finally able to verify that the issue is not on my PC because the same disconnect happened on another PC on a different multiplayer game. The PC stayed connected to the Wi-Fi but I checked other devices and the Mikrotik SSID was not available. Also, kinda weird that not a single log about that disconnect in the Mikrotik. It’s like the connection to the router is “flapping” whenever the issue occurs. Maybe not the best term but still.
We can’t rule out some kind of hardware fault. I have quite a few of this devices in use and for now i didn’t experienced any problems with them. Nor WiFi or wired connection.
Suggestion, when you experience problem you have then create supout file so support can see what is the problem.
I mean only one thing you can try is to netinstall ROS, so clean clean install. If you still have the same problem unfortunately only option is to contact support.
Unfortunately it didn’t lead to anything. The weird part is that at some point after multiple resets and reconfigurations it just stopped doing it. I haven’t changed anything meaningful in the configurations so I really do not have an answer why it stopped doing it.
Honestly, my experience with this router has been quite rocky. Now I have been having issues where my clients are randomly disconnecting from wifi for like a couple of seconds. Especially when multiple devices are producing traffic, the disconnections increase. This issue is also intermittent and might disappear between reboots.
My only advice is to open a ticket to Mikrotik or try reseting the device and making sure it’s up to date.
Hello,
Thank you for your reply.
Unfortunately, I’ve also noticed the same phenomenon: clients are disconnected from the wifi for a few seconds when several devices (4 or 5 clients) are producing traffic (web browsing, SaaS).
My router is up to date, and there are no fancy settings. Not even a VLAN. I’m really disappointed by this equipment.
Hello,
I can get only 802.11n connection with an Intel AX201 notebook adapter (all defaults for both MikroTik ROS 7.17 and notebook Windows 11 latest driver). Is it possible to get 802.11ax (2.4 GHz only) for this config?
