Long explanation for what I already said.
But maybe he will accept it coming from you 
I am quite aware of using Access Rules for kicking folks off.
I tried to implement that once on some cAPACs, I was savaged by family members for screwing things up, and
it also buggered my own connectivity as we have a complex setup. So I am gun shy of that functionality.
Anav my friend 
you are wasting your valuable retirement time with this ⊠I know that you want to conquer this bugger but tell me something âŠ. Is it really worth the struggle ??? Poke poke POKE
Hi,
just to be clear 800.11 r,k,w has been already implemented in ROS only 800.11v is missing. on the another hand it is implemented only on one AP, not on goup of AP, mybe in the new caps man,
âBand steeringâ should be better than âAccess list signal limit kickingâ and TX power level difference between 5GHz and 2.4GHz radioâs.
Can MT wifiwave2 do this, what Engenius descibes as bandsteering ?
https://helpcenter.engeniustech.com/hc/en-us/articles/235485668-What-is-band-steering-and-what-are-the-steering-modes-available-
How do you select the âSteering modeâ in MT then???
âBand Steeringâ seems to be still something additional to 802.11 r,k,v https://www.mist.com/documentation/802-11k-802-11r-802-11v/
(My favorite) Fortinet has a strong control over client access, which only see one BSSID (MAC address of AP radioâs are identical), as only some AP (radio) respond to a connection request, as steered by the controller.
Experienced: Used it with Fortigate cluster (HA controller) and 37 FortiAP
I donât think it can ⊠in current state. Apart from ACLs (which are static) thereâs no mechanism in ROS to ignore wireless clients when they try to associate ⊠which is, by the way, the gist of Engeniusâ implementation: ignore association requests on non-preferred band from devices which are known to support the preferred band (and the client support for different bands is built dynamically by letting client try to associate to any of APs serving same SSID, hopefully client will reveal support for 5GHz band by trying to associate to it).
Poor manâs solution in ROS would be scheduled job, skimming through registration table of preferred band and set ACLs preventing devices to associate to non-preferred band. Itâs slow, clumsy and might break some clients.
Of course, all of that (proper solution and poor manâs solution) work fine if thereâs a central wireless controller which correlates signalling from all APs serving same SSID.
That is basically a co-channel diversity network where all the APs are receiving and reporting the data and signal strength to the controller, so the controller can decide which AP will send data to that client. It is one big âvirtual APâ. The advantage is that there is no roaming issue, the disadvantage is that you use only a single channel so you limit the capacity of the network.
However, such a system can also run that same method on different channels (with different BSSID probably) in parallel, to increase capacity a little.
Of course not on all channels at the same time, as the transmitters would overwhelm the receivers, but maybe on 2 or 3 channels spread over the 5GHz band, with good filters.
MikroTik has no offerings in this area, but several other enterprise WiFi suppliers do.
This weekend I finally implemented RADIUS-based access on my own home network. I had ACLs in both my main RB4011 and my hAP ac2 additional AP in another room, and merged all SSIDs into one to have several separate networks (VLANs) for different types of clients. Instead of having several virtual wireless interfaces with different SSID, which wastes airtime, I first put âuse vlanâ and vlan# into the ACL rules, then realized I needed to do that twice every time so I finally installed user-manager on the RB4011 to do it.
Now I only need to add the MAC of a client and put it in a group that sends the proper VLAN number, and it works on both APs.
During experiments with this, I found that the default of user-manager to allow only 1 connection per user breaks roaming. When the client tries to roam, it connects to the nearer AP, that sends a RADIUS request to user-manager, which sees âa second connectionâ, rejects it, and the client gets refused. It immediately goes back to the other AP, but as it sees the weak connection and a stronger signal nearby, it keeps flipping. Only removing that single-connection setting per user resolved that.
(it is understandable that the user-manager thinks there are 2 connections because the original is not yet broken)
As the access request to RADIUS also includes the WiFi interface name, it seems it should be possible to reject requests coming in on 2 GHz and allow on 5 GHz.
However, it seems that user-manager is unable to do that, and neither can it have a âdefault user actionâ, so you still need another RADIUS server.
My questions are simple.
If we are supposed to leave things AUTO, and by that I mean dont select frequency. how does the MT select frequency and Tx power??
They provide scan and frequency tools, does this mean we are supposed to use those and forget AUTO, or does AUTO use that information for optimal frequency selection.
Here is what I was successful in getting working, minimally, I basically decided to avoid ax for 2ghz and
selected very basic stuff. The only delving into menus I did was to disable pmkid which I thought should be defaulted to disable??? and WPS disable.
Took me a while to get even this setup. Then realized I had no encryption, used to AES, didnt have a clue what CCMP was. 
Still not working then deciding to look at everything, interfaces checked out⊠bridge ports OOPSIE frigging with the wifi settings means whatever was in bridge ports is goneâŠor unknown.
Thus put the right interfaces there and then started working. The bridge ports is a gotcha as we are used to the MT replacing interfaces with the new name as you do the workâŠ
/interface wifiwave2 channel
add band=5ghz-ax disabled=no name=channel1 width=20/40/80mhz
add band=2ghz-g disabled=no name=channel2 width=20mhz
/interface wifiwave2 configuration
add channel=channel1 channel.band=5ghz-ax .width=20/40/80mhz country=âCanadaâ disabled=no mode=ap name=cfg1 ssid=MT1
add channel=channel2 channel.band=2ghz-g .width=20mhz country=âCanadaâ disabled=no mode=ap name=cfg2 ssid=MT2
/interface wifiwave2 security
add authentication-types=wpa2-psk comment=âTrusted Passwordâ disable-pmkid=yes disabled=no name=HOME wps=disable
/interface wifiwave2
set [ find default-name=wifi1 ] channel=channel1 comment=â5GH - WIFIâ configuration.mode=ap .ssid=MT1 disabled=no security=HOME
set [ find default-name=wifi2 ] channel=channel2 comment=â2GHz WIFIâ configuration=cfg2 configuration.country=âCanadaâ .mode=ap .ssid=MT2 disabled=no security=HOME
âa second connectionâ
As expected, no ?
We want to have fast roaming. And some roaming enhancements connect before they disconnect.
The client device will not continu with 2 connections.
On the other hand, I did not limit the number of connections per named user, for other reasons.
In a holiday resort each vacation home tenant gets a username/password for the family. Anyway they come with multiple devices (PC,tablet,smartphone,smartwatch âŠ) and multiple family members.
It is all one and the same account. Number of connections is not the problem, data volume is the quantity to be limited, even more than speed.
I split the authenticating RADIUS server (3th party) from the accounting RADIUS server (e.g. MT Usermanager, ROS 6), by blocking accounting packets to the authenticating/authorizing server, and using âAccounting Backupâ for the accounting server. (Accounting server has usernames, not passwords).
With RADIUS and username/password, one does AAA on the user , not on the device. Random private administered MAC addresses is no problem in this.
Roaming is smooth and fast. (30 APâs, 40 named users, ± 280 connections and more)
RADIUS should be able to set the VLAN for that RADIUS user (same WLAN-wifi mechanism as with the local ACL, but on username not MAC and ACL). Didnât test that yet.
3th party RADIUS and accounting RADIUS to be replaced by hAP ax3 if user based VLAN setting works , actually not for itâs wifi, but for the ROS licence level 6, and User manager ROS7.
[ RB5009 is only licence level 5 = max 50 wifi sessions via Usermanager with accounting 
]
AUTO does a one-time scan at each boot to find the âleast used channelâ and selects that. It then configures the highest allowed TX power according to local regulations for that channel.
As usual this is far from optimal. You need to make at least a channel list with channels 1, 6 and 11 (2412, 2437, 2462 MHz) for 2 GHz and apply that, or else it will choose a random channel like 3 or 8 and foul up the carrier detection in the area. Really substandard that MikroTik does not use 1-6-11 channel selection by default.
Also (like many other manufacturers) it does not do a re-scan of the spectrum at any time after boot. So changed circumstances on the RF spectrum are never taken into account.
I âexpectedâ this problem only after having encountered it. As I wrote, it is obvious why it happens but not so obvious to me why the default in user-manager is 1 connection, thus causing problems when roaming. Limiting to 1 connection should be left to the user, and only when connections are used for things like PPPoE with fixed address.
No, youâre not alone.
You will have interference from 1 and 6 which is worse then co-existence.
Indeed. Your AP on channel 3 will not detect the transmissions from others on 1 and 6, so it will transmit at the same time as them, instead of waiting for the channel to be clear.
And due to the overlap, it will have interference from (and cause interference to) both channel 1 and 6.
SImple wifi AP devices, select the lowest occupied or lowest energy intense wifi channel, and as such select the typical signal dip for channel 3 and 8.
Seen too often. Fully agree with this text for years: https://metis.fi/en/2018/10/rrm-en/
Keeps us busy in this formum âŠon âpoor wifi performanceâ topics.
But at work I have installed a system from the other well-known competitor in the âcheapâ market segment, and without any configuration it selects only channel 1, 6 or 11 when setting to auto. So it can be done.
On my MikroTiks at home I use this channel list:
/interface wireless channels
add band=2ghz-b/g/n frequency=2412 list=ch1_6_11 name=ch1 width=20
add band=2ghz-b/g/n frequency=2437 list=ch1_6_11 name=ch6 width=20
add band=2ghz-b/g/n frequency=2462 list=ch1_6_11 name=ch11 width=20
Good channel list.
I donât trust âautoâ, not even the XXXX in 20/40/80 XXXX. Check the 80 MHz channel alignment !
http://forum.mikrotik.com/t/v6-49-4-stable-is-released/156240/1
Too bad wifiwave2 doesnât allow constructing frequency lists ⊠or does it? Entries under /interface/wifiwave2/channel donât seem to have property list available?
But you can
Tab Channel, frequency, use the drop down arrow to add frequencies.
