I have a Chateau 5G ax at home that I have configured with some VLAN’s and different Wifi. Not because I have to but because I do some testing on it .

If I’m connected to MGMT or VALLAS I get disconnected several times per hour.

At the office we’re running cAP ax and with a similar configuration we’re getting disconnected there to.
First I thought that it was an issue with my computer but then I noticed that I get the disconnections on phone and other computers too.

I have probably misconfigured the devices but I can’t find out how I have misconfigured them.
I have played around with antenna gain to get a bit more coverage at home and that worked but the disconnections continued. The same with my cAP ax at work .

If I reset the device and run in with default settings everything works really good but as soon as I configure VLAN’s the disconnections start

I have attached the config below and I’m really have hope to get this solved .

# 2024-10-27 10:45:59 by RouterOS 7.16.1
# software id = 4XV3-J3JM
#
# model = S53UG+M-5HaxD2HaxD
# serial number = xxxxxxxxxx
/interface bridge
add name=BRIDGE vlan-filtering=yes
/interface ovpn-client
add certificate=skallerod cipher=aes256-gcm connect-to=\
    hidden.com mac-address=FE:09:6A:41:BE:4A name=\
    hidden.com port=1195 user=skallerod \
    verify-server-certificate=yes
/interface wifi
set [ find default-name=wifi2 ] channel.band=2ghz-ax .skip-dfs-channels=\
    10min-cac .width=20mhz configuration.antenna-gain=0 .mode=ap .ssid=MGMT2 \
    datapath.bridge=BRIDGE disabled=no mtu=1500 name=MGMT2 \
    security.authentication-types=wpa2-psk,wpa3-psk .ft=yes .ft-over-ds=yes
set [ find default-name=wifi1 ] channel.band=5ghz-ax .skip-dfs-channels=\
    10min-cac .width=20mhz configuration.antenna-gain=0 .mode=ap .ssid=MGMT5 \
    datapath.bridge=BRIDGE disabled=no mtu=1500 name=MGMT5 \
    security.authentication-types=wpa2-psk,wpa3-psk .ft=yes .ft-over-ds=yes
add configuration.mode=ap .ssid=VALLAS2 datapath.bridge=BRIDGE disabled=no \
    mac-address=7A:9A:18:DD:E1:6C master-interface=MGMT2 mtu=1500 name=\
    VALLAS2
add configuration.mode=ap .ssid=VALLAS5 datapath.bridge=BRIDGE disabled=no \
    mac-address=7A:9A:18:DD:E1:6B master-interface=MGMT5 mtu=1500 name=\
    VALLAS5
/interface lte
set [ find default-name=lte1 ] allow-roaming=no band="" nr-band="" \
    sms-protocol=auto sms-read=no
/interface vlan
add interface=BRIDGE name=GUEST_VLAN vlan-id=20
add interface=BRIDGE name=IoT_VLAN vlan-id=30
add interface=BRIDGE name=MGMT_VLAN vlan-id=99
add interface=BRIDGE name=VALLAS_VLAN vlan-id=10
/interface wifi
add configuration.mode=ap .ssid=GUEST2 datapath.bridge=BRIDGE disabled=no \
    mac-address=7A:9A:18:DD:E1:6E master-interface=MGMT2 name=GUEST2
add configuration.mode=ap .ssid=GUEST5 datapath.bridge=BRIDGE disabled=no \
    mac-address=7A:9A:18:DD:E1:6D master-interface=MGMT5 name=GUEST5
add configuration.mode=ap .ssid=IoT2 datapath.bridge=BRIDGE disabled=no \
    mac-address=7A:9A:18:DD:E1:70 master-interface=MGMT2 name=IoT2
add configuration.mode=ap .ssid=IoT5 datapath.bridge=BRIDGE disabled=no \
    mac-address=7A:9A:18:DD:E1:6F master-interface=MGMT5 name=IoT5
/interface list
add name=MGMT_LAN
add name=VALLAS_LAN
add name=GUEST_LAN
add name=IoT_LAN
add name=WAN
add name=VLANS
/ip pool
add name=dhcp_pool0 ranges=10.20.99.2-10.20.99.254
add name=dhcp_pool1 ranges=10.20.10.2-10.20.10.254
add name=dhcp_pool2 ranges=10.20.20.2-10.20.20.254
add name=dhcp_pool3 ranges=10.20.30.2-10.20.30.254
/ip dhcp-server
add address-pool=dhcp_pool0 interface=MGMT_VLAN name=dhcp1
add address-pool=dhcp_pool1 interface=VALLAS_VLAN name=dhcp2
add address-pool=dhcp_pool2 interface=GUEST_VLAN name=dhcp3
add address-pool=dhcp_pool3 interface=IoT_VLAN name=dhcp4
/interface bridge port
add bridge=BRIDGE frame-types=admit-only-untagged-and-priority-tagged \
    interface=GUEST2 pvid=20
add bridge=BRIDGE frame-types=admit-only-untagged-and-priority-tagged \
    interface=GUEST5 pvid=20
add bridge=BRIDGE frame-types=admit-only-untagged-and-priority-tagged \
    interface=IoT2 pvid=30
add bridge=BRIDGE frame-types=admit-only-untagged-and-priority-tagged \
    interface=IoT5 pvid=30
add bridge=BRIDGE frame-types=admit-only-untagged-and-priority-tagged \
    interface=MGMT2 pvid=99
add bridge=BRIDGE frame-types=admit-only-untagged-and-priority-tagged \
    interface=MGMT5 pvid=99
add bridge=BRIDGE frame-types=admit-only-untagged-and-priority-tagged \
    interface=VALLAS2 pvid=10
add bridge=BRIDGE frame-types=admit-only-untagged-and-priority-tagged \
    interface=VALLAS5 pvid=10
/ip neighbor discovery-settings
set discover-interface-list=MGMT_LAN
/interface bridge vlan
add bridge=BRIDGE tagged=BRIDGE untagged=VALLAS2,VALLAS5 vlan-ids=10
add bridge=BRIDGE tagged=BRIDGE untagged=GUEST2,GUEST5 vlan-ids=20
add bridge=BRIDGE tagged=BRIDGE untagged=IoT2,IoT5 vlan-ids=30
add bridge=BRIDGE tagged=BRIDGE untagged=MGMT2,MGMT5 vlan-ids=99
/interface detect-internet
set detect-interface-list=all
/interface list member
add interface=MGMT_VLAN list=MGMT_LAN
add interface=VALLAS_VLAN list=VALLAS_LAN
add interface=GUEST_VLAN list=GUEST_LAN
add interface=IoT_VLAN list=IoT_LAN
add interface=lte1 list=WAN
add interface=GUEST_VLAN list=VLANS
add interface=IoT_VLAN list=VLANS
add interface=VALLAS_VLAN list=VLANS
/ip address
add address=10.20.99.1/24 interface=MGMT_VLAN network=10.20.99.0
add address=10.20.10.1/24 interface=VALLAS_VLAN network=10.20.10.0
add address=10.20.20.1/24 interface=GUEST_VLAN network=10.20.20.0
add address=10.20.30.1/24 interface=IoT_VLAN network=10.20.30.0
/ip dhcp-server network
add address=10.20.10.0/24 dns-server=9.9.9.9,149.112.112.112 gateway=\
    10.20.10.1
add address=10.20.20.0/24 dns-server=9.9.9.9,149.112.112.112 gateway=\
    10.20.20.1
add address=10.20.30.0/24 dns-server=9.9.9.9,149.112.112.112 gateway=\
    10.20.30.1
add address=10.20.99.0/24 dns-server=9.9.9.9,149.112.112.112 gateway=\
    10.20.99.1
/ip firewall filter
add action=accept chain=input comment=\
    "ALLOW ESTABLISHED, RELATED AND UNTRACKED" connection-state=\
    established,related,untracked
add action=accept chain=input comment=\
    "ALLOW MGMT_VLAN ACCESS TO ROUTER SERVICES" in-interface-list=MGMT_LAN
add action=accept chain=input comment="ALLOW OTHER VLAN ACCESS TO ROUTER DNS" \
    dst-port=53 in-interface-list=VLANS protocol=tcp
add action=accept chain=input comment=\
    "ALLOW  OTHER VLAN ACCESS TO ROUTER DNS" dst-port=53 in-interface-list=\
    VLANS protocol=udp
add action=drop chain=input comment="DROP ALL OTHER INPUT"
add action=accept chain=forward comment=\
    "ALLOW CONNECTION TO MONITORINGVPN FROM VALLAS LAN." in-interface-list=\
    VALLAS_LAN out-interface=hidden.com
add action=accept chain=forward comment=\
    "ALLOW ESTABLISHED, RELATED AND UNTRACKED" connection-state=\
    established,related,untracked
add action=accept chain=forward comment="ALLOW MGMT_VLAN ACCESS TO INTERNET" \
    in-interface-list=MGMT_LAN out-interface-list=WAN
add action=accept chain=forward comment="ALLOW OTHER VLAN ACCESS TO INTERNET" \
    in-interface-list=VLANS out-interface-list=WAN
add action=accept chain=forward comment="ALLOW IoT_VLAN ACCESS TO INTERNET" \
    in-interface-list=IoT_LAN out-interface-list=WAN
add action=accept chain=forward comment=\
    "ALLOW IoT_VLAN ACCESS TO OTHER DEVICES IN IoT_VLAN" in-interface-list=\
    IoT_LAN out-interface-list=IoT_LAN
add action=drop chain=forward comment="DROP ALL OTHER FORWARD"
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/system clock
set time-zone-name=hidden
/system note
set show-at-login=no
/tool mac-server
set allowed-interface-list=MGMT_LAN
/tool mac-server mac-winbox
set allowed-interface-list=MGMT_LAN

Experiencing disconnections while playing https://busimulatorultimate.com/ Mod Apk can disrupt gameplay and user satisfaction. To address this, ensure a stable internet connection and consider switching to a different network if issues persist. Developers can optimize server stability and offer offline modes or features to help reduce the impact of unexpected disconnections for players.

Try to disable WPA3 leaving only WPA2 enabled.

Will test this both at home tonight and at work tomorrow morning .

Is it by experience you found this one out? Just curious .
Is there something wrong with the WPA3 implementation on MT?

I’m afraid It’s a long standing issue, well known to Mikrotik WiFi (AC/AX) users and the main reason I avoid recommending them to my clients.
I love Mikrotik routers and ROS, but on WiFi the description “disappointing” is an understatement…

Sad to say that disabling WPA3 didn’t help me at all. The disconnections continue.

When it disconnects I can’t even list the wifi-network that just stopped working and it takes at least 30 seconds for it to reappear so I can connect to it again.

Good day

Also experiencing a disconnect and wrote to Mikrotik support with this reference number SUP-168210 on the 13 october 2024 and ticket status (Waiting for support). Can anyone from Mikrotik advise on this matter.

Regards
Johannes

I’m having some small success with this one.

As soon as I change some setting on the accesspoint I get a stable connection for some time. It could be days between the last change and the next disconnect.

Today at home I had serious issues I’ve noticed at work that after an accesspoint reboot everything seems more stable. So I rebooted the accesspoint without changing any settings and behold… No issues for a few hours now.

Perhaps setting up auto reboot every day?

Just frustrating this issue and there are lots of people with the same experience and even more people with different kinds of fixes but none of them seems to work for me .

Did you check the logs on your device ? What is the reason for disconnection ? Also why are you using datapath ? Are you planning to use CAPsMAN ?

What are your lease times on DHCP server ?

Did you try to use non-DFS channel ?

So all I can see in log is disconnected, SA Query timeout, signal strength -54.
The signal strength can change somewhat.

It’s always there in the logs but it becomes more and more frequent until the disconnections start.
When I do some change to the wifi settings it’s still there, every now and then. The frequency of it appearing in the log rise and then the disconnections start. And when the disconnections start it’s really annoying. It can disconnect our computers several times during a period of a few minutes. When I get disconnected I can’t even see the 5GHz SSID anymore. Not on any of my devices.

Another thing is that it seems to be limited to the 5GHz band

At the office we have no disturbance on 2.4 or 5 GHz at all, there are no other devices within range.
I have the exact same issue at home and I live in the forest, there are absolutely no wifi-devices anywhere within at least a couple of kilometers.

We previusly had Unifi devices and had no isses at all with them. It started when we switched to cap ac and then continued when we switched to cap ax.

I have tested to run the device with default settings and when I do I have a stable connection. I have no long time testing though so don’t belive me here completely.

As soon as I activate Bridge VLAN filtering with slave wifi I start to get the disconnections.

The datapath is one of the things I read in another thread would help, tested it but it doesn’t.
Well it does, when I set datapath I have a stable connection for a few days and then the issues start again.
When I remove datapath I get a stable connection for a few days and then issue start again.

If I change anything in the Wifi-settings (so far, have probably not tested to change them all yet ) I get a stable connection for a few days and then the same issue begins again.

I simply cannot find the common issue except for myself .

Lease time has been tested. Everything between 30 minutes and 24 hours but the issue persists. I do not know however if changing the DHCP time gives me a stable connection for a few days as it does when I change something in the wifi settings. I have been testing things surrounding this issue for months. I have replaced both router at home and AP at work but the issue persist.
I get the same issue with PC, MAC, Android and Iphone. We have tested to remove everything except a MAC, except a PC, except an Andorid but the issue is still there.

Yes, I have tested using non DFS-channels, both with static frequency settings and by not setting them at all.
I have tested the settings for Skip DFS-channels to be “Disabled, 10min CAC, all” but the issue is the same.

Yesterday was the first time I simply tested to do a reboot though and that seems to give me a stable connection for a few days (don’t know yet though), just like changing the wifi-settings does. I don’t like workaround. Would really like to find RC.

In that case I would like you to welcome you to the Mikrotik club of frustrated wifi users. I hope you like pain and suffering

Jokes aside, did you try new 7.17rc2 maybe ? If that doesn’t help only thing I can think about is sending supout.rif file which you create when problem starts again.

Did you check interface state when you can’t see 5GHz radio on your devices ?

As a long time critic of Mikrotik wifi (Which they admitted was warranted) I have 2 wAP AX here now. Running them as caps. VLANS actually works… which didn’t on the AC units with the new drivers.

Its only been 2 days… but I have yet to see the TONS of wifi disconnects I am used to in Mikrotik WiFi.

He he he he, it’s not easy using devices not built for me .
I have not tested 7.17rc2. Usually try to stick to stable but I will give it a shot .
supout I have not done. Will see to that the next time I’m experiencing disconnections.

Maybe Mikrotik has done a mistake in the hardware? I can buy new hardware, that doesn’t bother me much but I really like MT and would be devastated to learn that they don’t live up to it when it comes to wifi.

As well as lots of frustated users, there are also a lot of users that don’t experience the problems. For sure, settings does a lot. Might be interresting to see your config(s) to give some tweaks and suggestions. And when it comes to wifi, environment is of great influence.

And please have a look at this topic:
http://forum.mikrotik.com/t/not-responding-f-k-a-sa-query-timeout/168864/1

VLANs do work with the wifi-qcom-ac drivers, but you can’t push them from CAPsMAN via a datapath setting, you have to configure them on each CAP, but if you do that they do work just fine.

I took another cap ax (this one is also tested before and also gives me disconnections) and configured it as my company caps. With this configuration it will be stable for a few days and then the disconnections start again.
If I reboot it when the disconnects starts, it's stable again for a few days.
Just like the other caps we're running and also my Chateau 5G ax that I have at home .

Anyone with a suggestion on what I can change are welcome to comment freely . What I already haven't tested I will test .

1970-01-02 00:17:10 by RouterOS 7.16.2

software id = 3G6Q-0HVT

model = cAPGi-5HaxD2HaxD

serial number = HIDDEN

/interface bridge
add name=bridge vlan-filtering=yes
/interface wifi
set [ find default-name=wifi1 ] channel.band=5ghz-ax .skip-dfs-channels=
10min-cac .width=20/40/80mhz configuration.country=Sweden .mode=ap .ssid=
BASETEST disabled=no security.authentication-types=wpa2-psk,wpa3-psk .ft=
yes .ft-over-ds=yes
set [ find default-name=wifi2 ] channel.band=2ghz-ax .skip-dfs-channels=
10min-cac .width=20/40mhz configuration.country=Sweden .mode=ap .ssid=
BASETEST disabled=no security.authentication-types=wpa2-psk,wpa3-psk .ft=
yes .ft-over-ds=yes
add configuration.country=Sweden .mode=ap .ssid=COMPANY disabled=no
mac-address=4A:A9:8A:E2:AE:00 master-interface=wifi1 name=wifi3
security.authentication-types=wpa2-psk,wpa3-psk .ft=yes .ft-over-ds=yes
add configuration.country=Sweden .mode=ap .ssid=COMPANY disabled=no
mac-address=4A:A9:8A:E2:AE:01 master-interface=wifi2 name=wifi4
security.authentication-types=wpa2-psk,wpa3-psk .ft=yes .ft-over-ds=yes
/interface vlan
add interface=bridge name=BASE_VLAN vlan-id=99
add interface=bridge name=COMPANY_VLAN vlan-id=10
/interface list
add name=BASE_LAN
add name=COMPANY_LAN
/interface bridge port
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged
interface=wifi1 pvid=99
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged
interface=wifi2 pvid=99
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged
interface=wifi3 pvid=10
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged
interface=wifi4 pvid=10
add bridge=bridge frame-types=admit-only-vlan-tagged interface=ether1
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged
interface=ether2 pvid=99
/ip neighbor discovery-settings
set discover-interface-list=BASE_LAN
/interface bridge vlan
add bridge=bridge tagged=bridge,ether1 untagged=ether2,wifi1,wifi2 vlan-ids=
99
add bridge=bridge tagged=bridge,ether1 untagged=wifi3,wifi4 vlan-ids=10
/interface list member
add interface=BASE_VLAN list=BASE_LAN
add interface=COMPANY_VLAN list=COMPANY_LAN
/ip dhcp-client
add interface=BASE_VLAN
/system note
set show-at-login=no
/system routerboard settings
set auto-upgrade=yes
/tool mac-server mac-winbox
set allowed-interface-list=BASE_LAN

I had problems with frequent disconnects when WPA3 was enabled. When I disabled WPA3 and PMF I never had an issue again with disconnects.

And my setup is RB5009 as CAPsMAN, 3 wAP ax as CAPs and one SSID (I’m using PPSK Mikrotik finally added to ROS) with 3 VLANs.

Frequencies are added manually for each radio to avoid interference.

I had cAP ax and IMHO wAP ax is working better for me but this could be placement issue. wAP ax is much more suited for my use case.

Disable WPA3 isn’t an option unfortunately but in testing it didn’t help us:(.

Unfortunately, WPA3 on Mikrotik is kinda broken… Like I said, i had same issues until I disabled PMKID i WPA3.

Looking at your config I see nothing wrong. Only thing you can do is send supout file to support.

Most of the time here on forum you will see that a lot of members suggest other users to use another AP. At work i installed U6 Lite from ubiquiti because we had the same problem (that was at the time Mikrotik had a lot of problems with wireless, i think that was around ROS 7.8 -7.9)