Low throughput with 3x Audience

I have three Audiences in my house. One in each corner of a long open plan floor and then a third in an extension (as there is what was previously an exterior wall between the main building and the extension - it has LOS to the second Audience).

Audience 1 - PPPoE - Internet and CAPSMAN (for regular wlan1 and wlan2 - 2/5Ghz)
Audience 2 - Other end of main room. This is the AP for wlan3. It has LOS to the other two units - approx 20m.
Audience 3 - In extension

I then have some 60Ghz kit off the back of Audience 3 to some outbuildings.

The 60Ghz is working brilliantly, but I cannot get more than around 150Mbps between any of the Audiences (1 to 3 maxes out around 120Mbps).
I’m not using the default mesh setup - I found the Station Roaming option would cause them to briefly disconnect every hour or so.
I have wlan3 set to AC only. Audience 2 is in ap bridge mode and the other two are station bridge. I live in the middle of nowhere and have nothing interfering on the 5Ghz channels. CCQ is 85-100% and SNR 64db. I’ve tried 40, 80 and 160Mhz widths. 80/160 works best (Not much between 80/160), changing frequency, lowering tx power. I feel this kit should be capable of more, especially when the tx/rx rates are showing over 1000Mbps.

Any suggestions warmly welcomed

Without the 3 /export , all this is just a novel.

I have also tried switching off Audience 3 and btesting between 1 and 2 (in the same room 20m apart) - 150/160 Mbps max TCP. iperf gives similar figures.

Exports attached if further info required. I’ve invariably done something stupid!

edit - Replaced with exports in code tags below

Remember: Is worst do nothing…

Leave me, and to the other, the time to analize the export.

Audience 1

# aug/25/2021 14:26:08 by RouterOS 6.48.4
# software id = GZ05-6SV0
#
# model = RBD25G-5HPacQD2HPnD
# serial number = D5860CE8C249
/interface bridge
add admin-mac=48:8F:5A:CB:CB:03 auto-mac=no comment=defconf name=bridge
/interface pppoe-client
add add-default-route=yes allow=chap disabled=no interface=ether1 name=\
    pppoe-out2 use-peer-dns=yes user=xxxxxxxxxxxxxx
/interface wireless
# managed by CAPsMAN
# channel: 2447/20-Ce/gn(16dBm), SSID: Lyndale2, local forwarding
set [ find default-name=wlan1 ] disabled=no ssid=MikroTik station-roaming=\
    enabled
# managed by CAPsMAN
# channel: 5240/20-eeeC/ac/P(15dBm), SSID: Lyndale5, local forwarding
set [ find default-name=wlan2 ] disabled=no ssid=MikroTik station-roaming=\
    enabled
/caps-man security
add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm \
    group-encryption=aes-ccm name=security
/caps-man configuration
add channel.band=2ghz-b/g/n channel.control-channel-width=20mhz \
    channel.extension-channel=XX comment=defconf country="united kingdom" \
    datapath.client-to-client-forwarding=yes datapath.local-forwarding=yes \
    distance=indoors installation=indoor name=cfg-2ghz security=security \
    ssid=Lyndale2
add channel.band=5ghz-onlyac channel.control-channel-width=20mhz \
    channel.extension-channel=XXXX comment=defconf country="united kingdom" \
    datapath.client-to-client-forwarding=yes datapath.local-forwarding=yes \
    distance=indoors installation=indoor name=cfg-5ghz-ac security=security \
    ssid=Lyndale5
add channel.band=5ghz-onlyac channel.control-channel-width=20mhz \
    channel.extension-channel=XX comment=defconf country=no_country_set \
    datapath.client-to-client-forwarding=yes datapath.local-forwarding=yes \
    distance=indoors installation=indoor name=cfg-5ghz-an security=security \
    ssid=Lyndale5
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk comment=defconf disable-pmkid=yes \
    eap-methods="" mode=dynamic-keys name=wpsSync supplicant-identity=\
    MikroTik
/interface wireless
set [ find default-name=wlan3 ] band=5ghz-onlyac channel-width=\
    20/40/80/160mhz-XXXXXXXX country=no_country_set disabled=no distance=\
    indoors frequency=5560 frequency-mode=superchannel mode=station-bridge \
    security-profile=wpsSync ssid=SYNC-CBCB06
/ip pool
add name=dhcp ranges=192.168.1.100-192.168.1.150
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge lease-time=1d name=defconf
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
    sword,web,sniff,sensitive,api,romon,dude,tikapp"
/caps-man manager
set enabled=yes
/caps-man manager interface
set [ find default=yes ] forbid=yes
add comment=defconf disabled=no interface=bridge
/caps-man provisioning
add action=create-dynamic-enabled comment=defconf hw-supported-modes=gn \
    master-configuration=cfg-2ghz name-format=prefix-identity name-prefix=\
    2ghz
add action=create-dynamic-enabled comment=defconf hw-supported-modes=ac \
    master-configuration=cfg-5ghz-ac name-format=prefix-identity name-prefix=\
    5ghz-ac
add action=create-dynamic-enabled comment=defconf hw-supported-modes=an \
    master-configuration=cfg-5ghz-an name-format=prefix-identity name-prefix=\
    5ghz-an
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
add bridge=bridge comment=defconf interface=wlan3
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=pppoe-out2 list=WAN
/interface wireless access-list
add interface=wlan3 mac-address=48:8F:5A:CB:C5:4A vlan-mode=no-tag
/interface wireless cap
# 
set caps-man-addresses=127.0.0.1 enabled=yes interfaces=wlan1,wlan2
/interface wireless connect-list
add allow-signal-out-of-range=5m interface=wlan3 mac-address=\
    48:8F:5A:CB:C5:4A security-profile=wpsSync
/ip address
add address=192.168.1.1/24 comment=defconf interface=bridge network=\
    192.168.1.0
add address=192.168.5.1/24 interface=bridge network=192.168.5.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server network
add address=192.168.1.0/24 comment=defconf dns-server=192.168.1.253 gateway=\
    192.168.1.1
/ip dns
set allow-remote-requests=yes servers=192.168.1.253
/ip dns static
add address=192.168.1.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment="OpenVPN 443 TCP" dst-port=443 \
    in-interface=pppoe-out2 protocol=tcp to-addresses=192.168.5.2 to-ports=\
    443
add action=dst-nat chain=dstnat comment="OpenVPN 443 UDP" dst-port=443 \
    in-interface=pppoe-out2 protocol=udp to-addresses=192.168.5.2 to-ports=\
    443
add action=dst-nat chain=dstnat comment="OpenVPN 1194 TCP" dst-port=1194 \
    in-interface=pppoe-out2 protocol=tcp to-addresses=192.168.5.2 to-ports=\
    1194
add action=dst-nat chain=dstnat comment="OpenVPN 1194 UDP" dst-port=1194 \
    in-interface=pppoe-out2 protocol=udp to-addresses=192.168.5.2 to-ports=\
    1194
/system clock
set time-zone-name=Europe/London
/system identity
set name=Lyndale1
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

Audience 2

# aug/25/2021 14:29:21 by RouterOS 6.48.4
# software id = GK7T-MEWU
#
# model = RBD25G-5HPacQD2HPnD
# serial number = D5860CF48011
/interface bridge
add admin-mac=48:8F:5A:CB:C5:46 auto-mac=no comment=defconf name=bridgeLocal
/interface wireless
# managed by CAPsMAN
# channel: 2447/20-eC/gn(16dBm), SSID: Lyndale2, local forwarding
set [ find default-name=wlan1 ] disabled=no ssid=MikroTik station-roaming=\
    enabled
# managed by CAPsMAN
# channel: 5180/20-Ceee/ac/P(15dBm), SSID: Lyndale5, local forwarding
set [ find default-name=wlan2 ] disabled=no ssid=MikroTik station-roaming=\
    enabled
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" management-protection=\
    allowed mode=dynamic-keys name=wps_sync supplicant-identity=""
/interface wireless
set [ find default-name=wlan3 ] adaptive-noise-immunity=ap-and-client-mode \
    band=5ghz-onlyac channel-width=20/40/80/160mhz-XXXXXXXX country=\
    no_country_set default-authentication=no default-forwarding=no disabled=\
    no distance=indoors frequency=5560 frequency-mode=superchannel mode=\
    ap-bridge nv2-downlink-ratio=60 security-profile=wps_sync ssid=\
    SYNC-CBCB06 station-roaming=enabled tdma-period-size=3
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
    sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=ether1
add bridge=bridgeLocal comment=defconf interface=ether2
add bridge=bridgeLocal comment=defconf interface=wlan1
add bridge=bridgeLocal comment=defconf interface=wlan2
add bridge=bridgeLocal comment=defconf interface=wlan3
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface list member
add interface=ether1 list=WAN
add interface=ether2 list=LAN
add interface=wlan2 list=LAN
add interface=wlan3 list=LAN
add interface=wlan1 list=LAN
/interface wireless access-list
add allow-signal-out-of-range=5m interface=wlan3 mac-address=\
    48:8F:5A:CB:CB:06 vlan-mode=no-tag
add allow-signal-out-of-range=5m interface=wlan3 mac-address=\
    48:8F:5A:CB:C8:45 vlan-mode=no-tag
/interface wireless cap
# 
set discovery-interfaces=bridgeLocal enabled=yes interfaces=wlan1,wlan2
/ip address
add address=192.168.1.2/24 interface=ether2 network=192.168.1.0
/ip dhcp-client
add comment=defconf interface=bridgeLocal
/ip dns
set servers=8.8.8.8
/ip route
add distance=1 gateway=192.168.1.1
/system clock
set time-zone-name=Europe/London
/system identity
set name=Lyndale2

Audience 3

# aug/25/2021 14:30:12 by RouterOS 6.48.4
# software id = U29V-Z5VB
#
# model = RBD25G-5HPacQD2HPnD
# serial number = D5860C633487
/interface bridge
add admin-mac=48:8F:5A:CB:C8:41 auto-mac=no comment=defconf name=bridgeLocal
/interface wireless
# managed by CAPsMAN
# channel: 2452/20-Ce/gn(16dBm), SSID: Lyndale2, local forwarding
set [ find default-name=wlan1 ] disabled=no ssid=MikroTik station-roaming=\
    enabled
# managed by CAPsMAN
# channel: 5180/20-Ceee/ac/P(15dBm), SSID: Lyndale5, local forwarding
set [ find default-name=wlan2 ] disabled=no ssid=MikroTik station-roaming=\
    enabled
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys name=\
    wlan3-SYNC-CBCB06-repeater supplicant-identity=MikroTik
/interface wireless
set [ find default-name=wlan3 ] band=5ghz-onlyac channel-width=\
    20/40/80/160mhz-XXXXXXXX country=no_country_set disabled=no distance=\
    indoors frequency=5560 frequency-mode=superchannel mode=station-bridge \
    security-profile=wlan3-SYNC-CBCB06-repeater ssid=SYNC-CBCB06
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
    sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=ether1
add bridge=bridgeLocal comment=defconf interface=ether2
add bridge=bridgeLocal comment=defconf interface=wlan1
add bridge=bridgeLocal comment=defconf interface=wlan2
add bridge=bridgeLocal comment=defconf interface=wlan3
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface list member
add interface=ether1 list=WAN
add interface=ether2 list=LAN
add interface=wlan2 list=LAN
add interface=wlan3 list=LAN
add interface=wlan1 list=LAN
/interface wireless cap
# 
set caps-man-addresses=192.168.1.1 discovery-interfaces=bridgeLocal enabled=\
    yes interfaces=wlan1,wlan2
/interface wireless connect-list
add allow-signal-out-of-range=5m interface=wlan3 mac-address=\
    48:8F:5A:CB:C5:4A security-profile=wlan3-SYNC-CBCB06-repeater
/ip address
add address=192.168.1.3/24 interface=ether2 network=192.168.1.0
/ip dns
set servers=8.8.8.8
/ip route
add distance=1 gateway=192.168.1.1
/system clock
set time-zone-name=Europe/London
/system identity
set name=Lyndale3

Is it worth upgrading to 7.1rc? I see many Audience users using ROS7 but nor sure if that’s just a coincidence.

Well. I tried 7.1 out of desperation. No improvement.
I get 300Mbps+ from client to Audience on the ipq4019 with zero tweaking but at most 200Mbps between Audiences that are a few metres apart on QCA9984 radio which should be capable of much more.

Wish I kept all the boxes now.. these haven’t been the investment I hoped for.

Wifiwave2 it’s the real deal with ROS 7.1 but you lose Capsman (as of now).

Cheers.. i may give that a go. Shame about capsman as I will have 5 APs eventually once I put a couple of cAPs in the outbuildings, but I can live with that.

No bridging with wifiwave2 so I’m back where I started.

MikroTik wireless performance in general is garbage. It really hasn’t improved much at all for years, and has been left in the dust by even very cheap off-the-shelf alternatives
Audience is like buying a Ferrari but the handbrake is permanently on. Fantastic hardware but its so incredibly let down by terrible wifi on the software side

The only benefit is yes surprisingly good range, and the RouterOS features (bridging, capsman etc) but actual througput, latency, stability etc is terrible. $100 ASUS router beats it hands down

If you are meshing them… they shouldn’t be corners. They should be along the wireless signal not at the outside edges.

I am not meshing. I have them in a line through my house (also so I can reach outbuildings at the end of the house via a 60Ghz link). In mesh mode, the station roaming option makes them drop out every hour or so.
The middle one is station ap and the other two are station bridges. Even though they are 10m apart with LOS, I cannot exceed 200Mbps (generally around 160) between them. Speedtest from Audience3 tops out at 50-60Mbps.

Paste this on terminal, do not omit the { } !!!

Lyndale1

{
/interface bridge
set [find] protocol-mode=none
/caps-man security
set [find] authentication-types=wpa2-psk
/caps-man configuration
set cfg-2ghz channel.band=2ghz-g/n
/interface wireless security-profiles
set [find] eap-methods=passthrough supplicant-identity=MikroTik
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,!dude,tikapp"
/interface wireless cap
set enabled=no
:delay 2s
/interface wireless
set [find] station-roaming=disabled
:delay 2s
/interface wireless cap
set enabled=yes
}

Lyndale2

{
/interface bridge
set [find] protocol-mode=none
/interface wireless security-profiles
set [find] eap-methods=passthrough supplicant-identity=MikroTik
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,!dude,tikapp"
/ip neighbor discovery-settings
set discover-interface-list=static
/interface list member
set [find where interface=ether1] list=LAN
/interface wireless cap
set enabled=no
:delay 2s
/interface wireless
set [find] station-roaming=disabled
set [ find default-name=wlan3 ] adaptive-noise-immunity=none nv2-downlink-ratio=50 tdma-period-size=2
:delay 2s
/interface wireless cap
set enabled=yes
}

Lyndale3

{
/interface bridge
set [find] protocol-mode=none
/interface wireless security-profiles
set [find] eap-methods=passthrough supplicant-identity=MikroTik
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,!dude,tikapp"
/ip neighbor discovery-settings
set discover-interface-list=static
/interface list member
set [find where interface=ether1] list=LAN
/interface wireless cap
set enabled=no
:delay 2s
/interface wireless
set [find] station-roaming=disabled
:delay 2s
/interface wireless cap
set enabled=yes
}

Many thanks for taking the time to do this - it’s really appreciated.

I have altered my config a little with the test of wifiwave2 - I’m not currently running Capsman, but will likely re-introduce it as it will be super convenient when I install the CAPs in the outbuildings.
However, I ran through the changes manually from your scripts. Much of it I have already done, as it cleans up some misconfigurations from my initial setup.
set [find] eap-methods=passthrough supplicant-identity=MikroTik is a little unclear as you specify WPA-PSK as the authentication protocol so that option is unavailable if configuring via Winbox.
The main change from what I had is turning off RSTP. This has not improved the overall throughput when using iperf/btest, but has improved Speedtest results from Audience3 which now top out at 72Mbps (which is what I get from my ISP) where previously it varied from 50-60Mbps. Why it was less than btest/iperf previously is a bit of a mystery.

You have at least reviewed my config and confirmed that I’ve not done anything horrendously stupid What I have currently does work well enough for my needs, but it is disappointing that the supposedly superior Audience is no better than the CAP ACs I was running at my previous house, even though the 5Ghz network was dual-role in that case providing both the link between devices and an AP to clients. I could have got much the same result at much lower cost.
Hopefully wifiwave2 will mature over the coming months and I will reap the rewards of my investment with some patience.

Did you try runing 802.11 instead nv2 for link between them?

Also is your routerboard firmware updated to match software?

Otherwise no ideas to help you, you did everything OK.

Hi.. I am using 802.11 - set to ac only. I’ve never tried nv2.
I always upgrade routerboard firmware at the same time as the packages.

Thanks!

I think there is a driver limitation.

I’ve never been able to get more than 150Mbps~200Mbps out of any ARM WiFi product from Mikrotik. There will always be 40 people telling you that you’re doing it wrong, and that you can’t trust Btest, you have to run iPerf, etc. UDP is fast, TCP is always 150~200Mbps, with no CPU bottleneck. NV2 is slightly slower than 802.11.

They need to prioritize those Wave2 drivers. Thank God my WAN speeds are never really over 100Mbps, so it works for my market at the moment. I need the range and that third radio more than the speed.

I put the ACV2 drivers on my Audience. It’s set up as a 3 radio WAP ONLY. CAPS-MAN NO LONGER WORKS. Adding virtual APs has caused the radio to crash. Changing an SSID caused a radio to get stuck on searching for channel.

But… When it’s working…
I finally get throughput ~ 400M/400M with a house full of devices on the unit.