Mikrotik HAP ac. Wi Fi upload is very slow.

FoleyWalkers · December 20, 2022, 9:59am

I’ve set up Mikrotik HAP ac as a switch. All is OK via ethernet but upload is very slow. Like 2 megabits per sec or lower

# model = RouterBOARD 962UiGS-5HacT2HnT
# serial number = 673705817DA5
/interface bridge
add admin-mac=E4:8D:8C:50:BB:87 auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
    disabled=no distance=indoors frequency=auto installation=indoor mode=\
    ap-bridge ssid="Ukrainian MPSE Office @Hgz" wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX \
    disabled=no distance=indoors frequency=auto installation=indoor mode=\
    ap-bridge ssid="Ukrainian MPSE Office 5Hgz" wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk mode=dynamic-keys \
    supplicant-identity=MikroTik wpa-pre-shared-key=BogdanTheGreat \
    wpa2-pre-shared-key=BogdanTheGreat
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp interface=ether2 name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=sfp1
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
add bridge=bridge interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=ether1 list=WAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=sfp1 list=LAN
add interface=wlan2 list=LAN
add interface=wlan1 list=LAN
/ip address
add address=192.168.0.165/24 comment=defconf disabled=yes interface=bridge \
    network=192.168.0.0
/ip dhcp-client
add disabled=no interface=bridge
/ip dhcp-server network
add address=0.0.0.0/24 comment=defconf dns-server=192.168.88.1 gateway=0.0.0.0 \
    netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.0.165 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
    add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
    invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \
    connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" disabled=yes \
    ipsec-policy=out,none out-interface-list=WAN
/system clock
set time-zone-name=Europe/Kiev
/system package update
set channel=testing
/system routerboard settings
set auto-upgrade=yes
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
[admin@MikroTik] >

normis · December 20, 2022, 10:02am

Post also output of registration table, when you are doing the test. To see what band is used, and the signal

FoleyWalkers · December 20, 2022, 10:03am

May you please explain how to do it?

FoleyWalkers · December 20, 2022, 10:09am

 # INTERFACE                                                                                                                                                            RADIO-NAME       MAC-ADDRESS       AP  SIGNAL-STRENGTH TX-RATE UPTIME              
 0 wlan2                                                                                                                                                                                 3E:70:38:89:AA:7C no  -46dBm@6Mbps    866.... 14m50s              
 1 wlan1                                                                                                                                                                                 2A:1E:94:C2:D3:54 no  -77dBm@1Mbps    60Mb... 6m10s               
[admin@MikroTik] >

This one?

normis · December 20, 2022, 10:14am

What kind of device is connecting to it? Looks like no data is transmitted at the moment. Can you check again, when you are doing some kind of speed test?

FoleyWalkers · December 20, 2022, 10:19am

I get it.

Is it correct now?

[admin@MikroTik] > /interface wireless registration-table print
 # INTERFACE                                                                                                                                                            RADIO-NAME       MAC-ADDRESS       AP  SIGNAL-STRENGTH TX-RATE UPTIME              
 0 wlan2                                                                                                                                                                                 3E:70:38:89:AA:7C no  -47dBm@6Mbps    780M... 25m24s              
 1 wlan1                                                                                                                                                                                 2A:1E:94:C2:D3:54 no  -80dBm@1Mbps    60Mb... 16m44s              
[admin@MikroTik] >

normis · December 20, 2022, 10:22am

Command is correct, but your device is still only connecting to 1Mbit or 6Mbit rates. Is it a laptop? Does it support modern WiFi standards?

-47 signal is good, but the other device at -80 is a bad signal (too far away)

FoleyWalkers · December 20, 2022, 10:32am

It’s a modern device 1 meter from the router. Mi 11 ultra and it performs perfectly with the same router at another place.

I’ve tried now Macbook pro and it’s fine but it wasn’t yesterday!

            
 0 wlan2                                                              3E:70:38:89:AA:7C no  -50dBm@6Mbps    780M... 36m27s              
 1 wlan1                                                              2A:1E:94:C2:D3:54 no  -81dBm@HT40-2   60Mb... 27m47s              
 2 wlan2                                                              BC:D0:74:00:6D:DE no  -52dBm@6Mbps    6Mbps   35s                 
[admin@MikroTik] >

Is my configuration correct?

rextended · December 20, 2022, 10:32am

RouterOS version?

Some errors presents, if the device is used as switch + AP, all router cofig must be removed.

wlan1  band=2ghz-b/g/n # must be only 2ghz-g/n
       ssid="Ukrainian MPSE Office @Hgz" # remove @ from ssid

/interface wireless security-profiles
default authentication-types=wpa-psk # do not use wpa-psk, most be use wpa2-psk ONLY

erlinden · December 20, 2022, 10:32am

So much that can be configured:

Don’t use 802.11a neither 802.11b
Don’t use extension channel on the 2.4GHz radio
Consider using 40MHz bandwidth on the 5GHz radio
Specify your channels explicitely
Don’t use wpa-psk, only use wpa2-aes
Country code

FoleyWalkers · December 20, 2022, 10:32am

The other device (-80) is really far away it’s another person connected now in another room

normis · December 20, 2022, 10:34am

Actually best course of action is to do complete config reset and see what speed you get with default settings. Then you will be able to rule out hardware issues in both ends of link.

FoleyWalkers · December 20, 2022, 10:35am

[quote=“, post:9, topic:163029”]
RouterOS version?
[/quote]

6.49.7

Some errors presents, if the device is used as switch + AP, all router cofig must be removed.

wlan1 band=2ghz-b/g/n # must be only 2ghz-g/n
ssid=“Ukrainian MPSE Office @Hgz” # remove @ from ssid

/interface wireless security-profiles
default authentication-types=wpa-psk # do not use wpa-psk, most be use wpa2-psk ONLY

rextended · December 20, 2022, 10:37am

If you want convert “disabled router + ap” to “switch + ap” with all correct settings, post the text inside the file obtained by “/export file=last”

Do not alter the config, I post here on the forum the script for convert the configuration on the device.

rextended · December 20, 2022, 10:40am

Is wpa2-psk, on exported config is already aes-ccm

FoleyWalkers · December 20, 2022, 10:46am

Thank you all!

The problem is I am not a IT professional and those things are really hard to understand for me.
The configuration in general:

My router connected to another, main router. Also Mikrotik.
I need wi fi and Ethernet connection (I need to connect to LAN and internet).
That’s why I set it PTP Bridge AP (I don’t fully understand what does it mean. I was told I need to do so to set the router to a switch mode).
And generally it works but sometimes upload speed is getting awfully slow.

FoleyWalkers · December 20, 2022, 10:47am

It does nothing.

FoleyWalkers · December 20, 2022, 11:05am

I get it

   wpa2-pre-shared-key=BogdanTheGreat
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp interface=ether2 name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=sfp1
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
add bridge=bridge interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=ether1 list=WAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=sfp1 list=LAN
add interface=wlan2 list=LAN
add interface=wlan1 list=LAN
/ip address
add address=192.168.0.165/24 comment=defconf disabled=yes interface=bridge \
    network=192.168.0.0
/ip dhcp-client
add disabled=no interface=bridge
/ip dhcp-server network
add address=0.0.0.0/24 comment=defconf dns-server=192.168.88.1 gateway=\
    0.0.0.0 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.0.165 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" disabled=yes \
    ipsec-policy=out,none out-interface-list=WAN
/system clock
set time-zone-name=Europe/Kiev
/system package update
set channel=upgrade
/system routerboard settings
set auto-upgrade=yes
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

Thanks in advance!!!

rextended · December 20, 2022, 11:15am

and.. the start???

inside /files you see the “last.rsc” file, drag & drop on desktop and open it with notepad or similar

On meantime I work on script, the export is similar, but not identical to the first.

mkx · December 20, 2022, 11:15am

So you say you actually need a combination of ethernet switch and access point? The rest of functions (internet routing, NAT, DHCP server, etc.) should be performed by another device?

Mikrotik, are you listening? We badly need QuickSet profile for this combination!

It’s fairly easy to reach necessary configuration:

download winbox. Connect to hAP ac by clicking MAC address
reset device with no config
reconnect
create a bridge and add all wired interfaces as ports.
Don’t select “all interfaces”, add them one by one.
enable DHCP client, bind it to bridge interface
configure wireless … security profile … according to suggestions already put forward by @erlinden
add wireless interfaces to bridge
reboot hAP again (for good measure)