IPTV cuts and pixelations with Movistar Spain and HAP ax3/ax2

RouterOS General
1

Hi guys,

I’m experiencing issues with my TV service from Movistar Spain and the ax3.

I have 1Gb symmetric fiber connection, with phone and TV service.

As you know, Movistar Spain works with a Triple VLAN setup. VLAN 6 for data, VLAN 2 for TV and VLAN 3 for phone.

I have my ax3 setup accordingly, following an excellent script from adslzone. I’ve created a virtual SSID for the IPTV only with Multicast enhancer. Also tested with one SSID only. No matter what I try, there are video cuts and fast pixelations while playing live channels. VOD works good.

I have my TV box connected via Wifi, as I have the router in first floor. Tested via Netflix app in TV box and it receive about 100Mbps that should be more than ennough.

With my old Asus RT-AC68U, that is also compatible with Movistar Triple Play, there’s no video cuts or pixelations, so the issue is on the MT side.

Any ideas? I run out of ideas now…

My full setup:

# 2024-05-11 14:36:38 by RouterOS 7.14.3
# software id = RGY5-9GVP
#
# model = C53UiG+5HPaxD2HPaxD
# serial number = HFK09******
/interface bridge
add admin-mac=XX:01:C3:01:99:XX auto-mac=no comment=defconf igmp-snooping=yes \
    name=bridge
/interface wireguard
add listen-port=25188 mtu=1420 name=wireguard-rw
/interface vlan
add interface=ether1 name=vlan2-iptv vlan-id=2
add interface=ether1 name=vlan3-telefono vlan-id=3
add interface=ether1 name=vlan6-internet vlan-id=6
/interface pppoe-client
add add-default-route=yes disabled=no interface=vlan6-internet name=internet \
    use-peer-dns=yes user=adslppp@telefonicanetpa
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add comment=vlans-iptv-voip name=VLANs2&3
/interface wifi channel
add band=2ghz-ax disabled=no frequency=2412,2437,2462 name=ch2ghz width=20mhz
add band=5ghz-ax disabled=no name=ch5ghz skip-dfs-channels=all width=\
    20/40/80mhz
/interface wifi datapath
add bridge=bridge disabled=no name=home
/interface wifi security
add authentication-types=wpa2-psk,wpa3-psk disabled=no ft=yes ft-over-ds=yes \
    name=home wps=disable
add authentication-types=wpa2-psk disabled=no name=iptv-sec wps=disable
/interface wifi configuration
add country=Spain datapath=home disabled=no mode=ap name=home security=home \
    ssid=Mikrotik
add country=Spain datapath=home disabled=no mode=ap multicast-enhance=enabled \
    name=iptv-cfg security=iptv-sec ssid=MikrotikIPTV
/interface wifi
set [ find default-name=wifi2 ] channel=ch2ghz configuration=home \
    configuration.mode=ap disabled=no name=wifi-2ghz security=home \
    security.authentication-types=wpa2-psk,wpa3-psk .ft=yes .ft-over-ds=yes
set [ find default-name=wifi1 ] channel=ch5ghz configuration=home \
    configuration.mode=ap disabled=no name=wifi-5ghz security=home \
    security.authentication-types=wpa2-psk,wpa3-psk .ft=yes .ft-over-ds=yes
add configuration=iptv-cfg configuration.mode=ap datapath=home disabled=no \
    mac-address=D6:01:C3:01:99:D0 master-interface=wifi-5ghz name=\
    wifi-iptv-5ghz security=iptv-sec
/ip dhcp-server option
add code=240 name=opch-imagenio value="':::::239.0.2.29:22222'"
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.239
add name=iptv-dhcp ranges=192.168.88.241-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp interface=bridge name=defconf
/routing rip instance
add afi=ipv4 disabled=no name=rip
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wifi-5ghz
add bridge=bridge comment=defconf interface=wifi-2ghz
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=internet list=WAN
add interface=vlan2-iptv list=VLANs2&3
add interface=vlan3-telefono list=VLANs2&3
add interface=wireguard-rw list=LAN
/interface wireguard peers
add allowed-address=172.16.0.2/32 comment=iPhone interface=wireguard-rw \
    public-key="**********************************************"
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
    192.168.88.0
add address=10.169.131.XXX/10 interface=vlan2-iptv network=10.128.0.0
add address=172.16.0.1/24 interface=wireguard-rw network=172.16.0.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf interface=ether1
add add-default-route=no interface=vlan3-telefono use-peer-dns=no \
    use-peer-ntp=no
/ip dhcp-server matcher
add address-pool=iptv-dhcp code=60 name=descos server=defconf value="[IAL]"
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\
    192.168.88.1
add address=192.168.88.240/28 comment=iptv-network dhcp-option=opch-imagenio \
    dns-server=172.26.23.3 gateway=192.168.88.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=accept chain=input comment="vlans: accept voip and iptv vlans" \
    in-interface-list=VLANs2&3
add action=accept chain=input comment="vpn: allow wireguard-rw" dst-port=\
    25188 protocol=udp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment="VLANs2&3: masquerade" \
    out-interface-list=VLANs2&3
/ip firewall service-port
set rtsp disabled=no
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" \
    dst-port=33434-33534 protocol=udp
add action=accept chain=input comment=\
    "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
    udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
    protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=input comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
add action=accept chain=forward comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
    "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
    hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
    500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=forward comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
/routing igmp-proxy
set query-interval=30s quick-leave=yes
/routing igmp-proxy interface
add alternative-subnets=0.0.0.0/0 interface=vlan2-iptv upstream=yes
add interface=bridge
/routing rip interface-template
add instance=rip interfaces=vlan2-iptv,vlan3-telefono mode=passive
/system clock
set time-zone-name=Europe/Madrid
/system note
set show-at-login=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
2

It not working at all be easier problem… And multicast with AX drivers, I’m less familar.

But I’d add the multicast-enhance=enabled to the parent 5Ghz interface as well. The docs are unclear if a child SSID can set that independent of the parent. But I don’t think it hurt your normal LAN traffic, so adding multicast-enhance=enabled to wifi1 should be easy thing to try.

I suppose you can try disabled multicast-enhance=disable, to see what happens… but in 802.11ac world that goes to basic rate. And I suspect that’s what may be going with the dropped frames (i.e. multicast-enhance=enabled is not working), since 6Mb/s likely not enough for high-def movies over multicast.

3

Thanks for your reply. I’ve tried with only the master 5G without slave created and same issues. I think I tried multicast off at first, but will take a look again.

4

You have the RTSP helper, which I believe is critical for Movistar (/ip firewall service-port set rtsp disabled=no)… so it’s not that.

There is not a lot of detail on multicast-enhance, so really hard to know here.

One thing is you may want to enable the querier=yes on the bridge in /routing/igmp-proxy/interface, since I’m not sure you have one elsewhere. I cannot say whether that the issue or not (since packet loss seems like multicast going at basic rate wi-fi problem…), but another thing to try here.

5

Also, I’m not sure quick-leave=yes is needed in the IGMP settings. Perhaps it has a bad interaction with AX drivers, dunno. Anyway, another thing to try.

6

Thanks again! I’ll try to activate the querier and see how it goes.

Related to quick-leave, I tested deactivating it yesterday and also had the issue.

7

Any ideas?

Querier is active. It’s cutting all the time. Tested again with Asus and working like a champ. No cuts.

8

Seems that all options I test doesn’t work. Put the Asus back and it’s perfect.

Opened a ticket with support 6 days ago, no response.

Maybe I’ll need to return the ax3, but I’m not happy with that.

9

Connect tv over eth and start testing again. We don’t know problem come from routeros settings or wifi itself.
If you get good result on eth shift to wifi and focus only to it.

10

Ok, just tested with the TV Box connected directly to an eth port on the ax3.

I also saw some pixelations and a microcut, in an hour or so…

SO there are also problems wired.

Here’s my actual config:

# 2024-05-18 18:11:52 by RouterOS 7.15rc3
# software id = RGY5-9GVP
#
# model = C53UiG+5HPaxD2HPaxD
# serial number = XXXXXXXXX
/interface bridge
add admin-mac=XX:XX:XX:XX:XX:XX auto-mac=no comment=defconf igmp-snooping=yes \
    name=bridge
/interface wireguard
add listen-port=25XXX mtu=1420 name=wireguard-rw
/interface vlan
add interface=ether1 name=vlan2-iptv vlan-id=2
add interface=ether1 name=vlan3-telefono vlan-id=3
add interface=ether1 name=vlan6-internet vlan-id=6
/interface pppoe-client
add add-default-route=yes disabled=no interface=vlan6-internet name=internet \
    use-peer-dns=yes user=adslppp@telefonicanetpa
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add comment=vlans-iptv-voip name=VLANs2&3
/interface wifi channel
add band=2ghz-ax disabled=no frequency=2412,2437,2462 name=ch2ghz width=20mhz
add band=5ghz-ax disabled=no frequency=5540 name=ch5ghz skip-dfs-channels=\
    10min-cac width=20/40/80mhz
/interface wifi security
add authentication-types=wpa2-psk connect-priority=0/1 disabled=no ft=yes \
    ft-over-ds=yes name=home wps=disable
add country=Spain disabled=no mode=ap multicast-enhance=enabled name=home \
    security=home ssid=Mikrotik
/interface wifi
set [ find default-name=wifi2 ] channel=ch2ghz configuration=home \
    https://configuration.mode=ap disabled=no name=wifi-2ghz security=home
set [ find default-name=wifi1 ] channel=ch5ghz configuration=home \
    https://configuration.mode=ap disabled=no name=wifi-5ghz security=home
/ip dhcp-server option
add code=240 name=opch-imagenio value="':::::239.0.2.29:22222'"
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.126
add name=iptv-dhcp ranges=192.168.88.241-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp interface=bridge name=defconf
/queue type
add kind=fq-codel name=fq-codel-default
/routing rip instance
add afi=ipv4 disabled=no name=rip
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wifi-5ghz
add bridge=bridge comment=defconf interface=wifi-2ghz
add bridge=bridge fast-leave=yes interface=*F
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=internet list=WAN
add interface=vlan2-iptv list=VLANs2&3
add interface=vlan3-telefono list=VLANs2&3
add interface=wireguard-rw list=LAN
/interface wireguard peers
add allowed-address=192.168.16.2/32 comment=iPhone interface=wireguard-rw \
    name=peer1 public-key="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
    192.168.88.0
add address=10.169.131.XXX/10 interface=vlan2-iptv network=10.128.0.0
add address=192.168.16.1/24 interface=wireguard-rw network=192.168.16.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf interface=ether1
add add-default-route=no interface=vlan3-telefono use-peer-dns=no \
    use-peer-ntp=no
/ip dhcp-server lease
add address=192.168.88.241 client-id="41:52:52:49:53:5f:56:49:50:35:32:34:32:5\
    7:5f:46:38:38:42:33:37:39:43:38:46:34:39" mac-address=XX:XX:XX:9C:8F:4B \
    server=defconf
/ip dhcp-server matcher
add address-pool=iptv-dhcp code=60 name=descos server=defconf value="[IAL]"
/ip dhcp-server network
add address=192.168.88.0/25 comment=defconf dns-server=192.168.88.1 gateway=\
    192.168.88.1 netmask=24
add address=192.168.88.240/28 comment=iptv-network dhcp-option=opch-imagenio \
    dns-server=172.26.23.3 gateway=192.168.88.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.88.1 comment=defconf name=https://router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=accept chain=input comment="vlans: accept voip and iptv vlans" \
    in-interface-list=VLANs2&3
add action=accept chain=input comment="vpn: allow wireguard-rw" dst-port=\
    25188 protocol=udp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall mangle
add action=set-priority chain=postrouting comment="Prioritise Voip packets" \
    new-priority=5 out-interface=vlan3-telefono passthrough=yes
add action=set-priority chain=postrouting comment="Prioritise IPTV packets" \
    new-priority=4 out-interface=vlan2-iptv passthrough=yes
add action=set-priority chain=postrouting comment=\
    "Prioritise Internet packets" new-priority=1 out-interface=internet \
    passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment="VLANs2&3: masquerade" \
    out-interface-list=VLANs2&3
/ip firewall service-port
set rtsp disabled=no
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" \
    dst-port=33434-33534 protocol=udp
add action=accept chain=input comment=\
    "defconf: accept DHCPv6-Client prefix https://delegation." dst-port=546 protocol=\
    udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
    protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=input comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
add action=accept chain=forward comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
    "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
    hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
    500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=forward comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
/routing igmp-proxy
set query-interval=30s quick-leave=yes
/routing igmp-proxy interface
add alternative-subnets=0.0.0.0/0 interface=vlan2-iptv upstream=yes
add interface=bridge
/routing rip interface-template
add instance=rip interfaces=vlan2-iptv,vlan3-telefono mode=passive
/system clock
set time-zone-name=Europe/Madrid
/system note
set show-at-login=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
11

Boy I would have bet money is was something in the wifi-qcom drivers… cable kinda eliminates that theory…

There just not a lot of knobs to turn here. Only other one that effect a wired and wireless is the bridge MC cache:
/interface bridge set bridge multicast-router=permanent

Cannot say if it help… but one more thing to try. It’s just strange that’s drops stuff/slow/etc… seem like it just won’t work if something is wrong…

Google turned up this on Movistar looks from a pure Linux POV: https://www.luispa.com/linux/2014/10/05/router-linux.html
But at quick glance, you’re doing all/most of that in RouterOS style.

12

Thanks mate. Just tested the permanent setting, same issue. I have tested everything. Maybe it’s a hardware issue on my unit. I just asked Amazon for return. Maybe I’ll buy another ax3 to see how it goes.

13

It is very unlikely that something like this would be related to a defect in your ax3 and would be fixed by returning it and ordering another one…
(I feel for the webshops that get these returns, get devices back as “defective” and have to write off on that. And I feel for myself as I have to pay for that via a surcharge on every device that I buy from such webshops)

14

I’m sorry for that, but I don’t like to pay 140€ for a device that just doesn’t work as expected.

I have the correct setup for my ISP, following guide from the spanish forum adslzone where many users use the same setup and doesn’t have any issues, TV working as expected.

15

Yo.

With the TV on wired, can you send the current configuration as well as the following outputs? Replace

/interface/ethernet/monitor [find name=ether1] once
/interface/bridge/monitor [find name=bridge] once
/interface/bridge/mdb/print

Also, you referred to a page in Spanish documenting the configuration, can you post the link to it?

16

Hi mate

I’ve packed up the router, but if you think it’s worth it or tou can find something, I can unpack it and try.

Here’s the link to the configuration. There are many folks that are really good in MT. I just apply the ISP config on to the default settings. The one for my ISP is Movistar Triple Play (RouterOS >= 7.5). Its the 7th setup on the thread.

https://foro.adslzone.net/mikrotik.199/manual-mikrotik-configuraciones-basicas-isps-routeros-v7.580707/

17

Up to you. If you are game, we can try to go to the bottom of it.

Thx for the link, opening and reading now.

18

Ok, if you can help, I prefer to solve the issue and nor returning. We tested everything and got bored of testing everything without success, but open to more help. I wrote MT support 7 days ago and got no response. It’s really strange, because I put the Asus back and everything is perfect again.

I’ll do that tests and will let you know here.

19

[admin@MikroTik] > /interface/ethernet/monitor [find name=ether1] once
name: ether1
status: link-ok
auto-negotiation: done
rate: 1Gbps
full-duplex: yes
tx-flow-control: no
rx-flow-control: no
supported: 10M-baseT-half,10M-baseT-full,100M-baseT-half,
100M-baseT-full,1G-baseT-half,1G-baseT-full,
2.5G-baseT
advertising: 10M-baseT-half,10M-baseT-full,100M-baseT-half,
100M-baseT-full,1G-baseT-half,1G-baseT-full,
2.5G-baseT
link-partner-advertising: 10M-baseT-half,10M-baseT-full,100M-baseT-half,
100M-baseT-full,1G-baseT-full


[admin@MikroTik] > /interface/bridge/monitor [find name=bridge] once
;;; defconf
state: enabled
current-mac-address: D4:01:C3:01:99:CC
root-bridge: yes
root-bridge-id: 0x8000.D4:01:C3:01:99:CC
root-path-cost: 0
root-port: none
port-count: 6
designated-port-count: 3
fast-forward: no
multicast-router: yes
igmp-querier: none
mld-querier: none


[admin@MikroTik] > /interface/bridge/mdb/print
Flags: D - DYNAMIC
Columns: GROUP, ON-PORTS, BRIDGE

GROUP ON-PORTS BRIDGE

0 D 239.0.2.2 ether5 bridge
1 D 239.0.2.30 ether5 bridge
2 D 239.0.2.129 ether5 bridge
3 D 239.0.2.133 ether5 bridge
4 D 239.0.2.173 ether5 bridge
5 D 239.0.5.246 ether5 bridge
6 D 239.255.255.250 ether2 bridge
ether5
7 D ff02::fb wifi1 bridge


I also noticed that if I left the Routing-IGMP Proxy-MFC windows open in RouterOS, the entrys change. Sometimes more entrys appears, then dissapears after 10-20 seconds.

This is the actual setup. Is basically defconf plus the ISP setup, and Wifi setup.

Using the TV Box through Wifi, the cuts are longer (4-5seconds) and more frequent. With the Asus, even though Wifi is perfect.

# 2024-05-19 20:37:57 by RouterOS 7.14.3
# software id = RGY5-9GVP
#
# model = C53UiG+5HPaxD2HPaxD
# serial number = HFK09QXXXXX
/interface bridge
add admin-mac=D4:01:C3:01:99:CC auto-mac=no comment=defconf igmp-snooping=yes \
    name=bridge
/interface vlan
add interface=ether1 name=vlan2-iptv vlan-id=2
add interface=ether1 name=vlan3-telefono vlan-id=3
add interface=ether1 name=vlan6-internet vlan-id=6
/interface pppoe-client
add add-default-route=yes disabled=no interface=vlan6-internet name=internet \
    use-peer-dns=yes user=adslppp@telefonicanetpa
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add comment=vlans-iptv-voip name=VLANs2&3
/interface wifi channel
add band=2ghz-ax disabled=no frequency=2412,2437,2462 name=2,4Ghz \
    skip-dfs-channels=10min-cac width=20mhz
add band=5ghz-ax disabled=no frequency=5540 name=5Ghz skip-dfs-channels=\
    10min-cac width=20/40/80mhz
/interface wifi configuration
add country=Spain disabled=no mode=ap name=wifi2G ssid=Mikrotik_2.4
add country=Spain disabled=no mode=ap multicast-enhance=enabled name=wifi5G \
    ssid=Mikrotik
/interface wifi security
add authentication-types=wpa2-psk disabled=no name=home wps=disable
/interface wifi
set [ find default-name=wifi1 ] channel=5Ghz channel.band=5ghz-ax \
    .skip-dfs-channels=10min-cac .width=20/40/80mhz configuration=wifi5G \
    configuration.mode=ap disabled=no security=home \
    security.authentication-types=wpa2-psk .ft=no .ft-over-ds=no
set [ find default-name=wifi2 ] channel=2,4Ghz channel.band=2ghz-ax \
    .skip-dfs-channels=10min-cac .width=20/40mhz configuration=wifi2G \
    configuration.mode=ap disabled=no security=home \
    security.authentication-types=wpa2-psk .ft=no .ft-over-ds=no
/ip dhcp-server option
add code=240 name=opch-imagenio value="':::::239.0.2.30:22222'"
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.126
add name=iptv-dhcp ranges=192.168.88.241-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp interface=bridge name=defconf
/routing rip instance
add afi=ipv4 disabled=no name=rip
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wifi1
add bridge=bridge comment=defconf interface=wifi2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=internet list=WAN
add interface=vlan2-iptv list=VLANs2&3
add interface=vlan3-telefono list=VLANs2&3
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
    192.168.88.0
add address=10.169.131.XXX/10 interface=vlan2-iptv network=10.128.0.0
/ip dhcp-client
add comment=defconf interface=ether1
add add-default-route=no interface=vlan3-telefono use-peer-dns=no \
    use-peer-ntp=no
/ip dhcp-server matcher
add address-pool=iptv-dhcp code=60 name=descos server=defconf value="[IAL]"
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\
    192.168.88.1
add address=192.168.88.240/28 comment=iptv-network dhcp-option=opch-imagenio \
    dns-server=172.26.23.3 gateway=192.168.88.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=accept chain=input comment="vlans: accept voip and iptv vlans" \
    in-interface-list=VLANs2&3
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment="VLANs2&3: masquerade" \
    out-interface-list=VLANs2&3
/ip firewall service-port
set rtsp disabled=no
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" \
    dst-port=33434-33534 protocol=udp
add action=accept chain=input comment=\
    "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
    udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
    protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=input comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
add action=accept chain=forward comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
    "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
    hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
    500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=forward comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
/routing igmp-proxy
set query-interval=30s quick-leave=yes
/routing igmp-proxy interface
add alternative-subnets=0.0.0.0/0 interface=vlan2-iptv upstream=yes
add interface=bridge
/routing rip interface-template
add instance=rip interfaces=vlan2-iptv,vlan3-telefono mode=passive
/system clock
set time-zone-name=Europe/Madrid
/system note
set show-at-login=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
20

OK. First thing, let’s change the autonegotiation to only attempt 1Gb/s: in some cases 2.5Gb/s may raise issues.

Can you issue the following command? This may interrupt your connectivity for a second.

/interface/ethernet/set [find name=ether1] advertise=10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-full

You have issues with the IPTV. Have you noticed any issue with watching videos on the computer? For example Youtube video quality dropping for a short moment then coming back up?