I’m struggling with this issue already for some time and cannot make any progress on this, hence posting the question in this forum.
I’m having multiple Mikrotik wAP access points installed on a harbour. I want to make a connect from within my boat to the WIFI network. Unfortunately it doesn’t work, I cannot make a connection.
I’ve included some screenshots on the signal strength. The signal strength inside the boat is not that good, the range is -75dBm to -79dBm. From what I read I understand that this should be sufficient to be able to make a connection, is my assumption correct?
As there are multiple AP’s on the harbour i’ve configured them in such a way that they use different WIFI channels, the AP’s configured to use the same channel are the furthest away from each other. The Access List on the various AP’s is configured as -81..120 Accept and -120..-80 Reject. This to prevent that a device is trying to connect to an AP further away than the AP closer by with a stronger signal. See also screenshot.
Any suggestions why I cannot make a connection? And what is required to improve this situation?
When checking other clients connected, I see signal strength from -77 and -79, they are connected to the AP, that is what I see on the screenshot. How come they can connect and I cannot connect with my MacBook Pro, iPone and iPad?
You gave almost all information. The only part that’s missing is the LOG of the AP, The LOG needs one extra topic. In System Logging add “wireless” as topics. Then you can follow all attemps and progress of the client connects. (The good ones, to be compared with the failing ones).
This wifi connection will work fine even at -86dBm (if you allow it in the access-list) So being at -75dBm is good enough for a SNR of 20 dB (noise is at -95 dBm). Ok you only get MCS1 encoding , and that gives 13 Mbps interface rate. But nothing here prevents you from connecting.
It is remarkable that you have a self-assigned IP address (169.254.x.x). You should have been given a DHCP lease in normal circumstances. Your client device needs to be set at automatic use of received IP address.
But there are many parameters in a WLAN config. Most can be read from your screenshots, but quite some are missing information.
So to help following material is needed (“=terminal commands to extract”)
Thanks for your feeedback, really appreciated as I’m stuck with this problem and many complaining users.
I’ve included the AP configuration and log file.
The MAC addresses have been changed by text. The “ipad_mac” is the device I’m using for testing. So this it the text to focus on.
The other MAC addresses in the log file have been changed into: Other_Mac1, Other_Mac2, Other_Mac3, etc. etc. AP-log.txt (10.4 KB) yoursecondfilename.rsc (2.4 KB)
If changed the Accss List configuration to:
I see the iPad in the Registration list. But at the moment of taking the screenshot the signal strength was -87 (I guess this is not good) and the Access List rules will kick the iPad out of the connection.
If the signal stays below the signal strength in the allow (authorize) access-list rule , it will be disconnected after the “Allow Signal Out of Range” time given, or the default of 10 sec.
It’s only valid for that WLAN interface. -75 dBm is only good if you have better AP signal around. After the “Allow Signal out of Range” time, the default setting for the WLAN will be used.
Sending station leaving (8) : the client device is roaming on its own decision. That’s OK, it’s what we want.
Sending station leaving (3) : the AP has decided to disconnect the client.
Thanks again, but why is this happening? Is it due to a misconfiguration of the AP? Or is it because I’m simply to far away from the AP and the signal strength is not good enough? And how can I improve this?
Based on your feedback, can I conclude the following:
Access List conditions is applicable for all WLAN interfaces?
Connect List is only for the selected/specified WLAN interface?
I probably doesn’t make sense to have similar rules set at two different locations. What would be the advice? Either use the Access List for all WLAN’s or create rules in Connect List for each individual WLAN interface, is that the correct way of doing it?
Oooops … overlooked that is was “connect list” for -75 dB
Thought and explained as if it was “access list”
“Connect list” is only used when the MKT connects to another AP (as station, station bridge, station pseudobridge, WDS slave … etc) It is not used when another device connects to the MKT.
The access list is wlan specific if the WLAN is specified in the rule. I use WLAN specific rules for 2.4 and 5 GHz because my strategy is different for both bands.
With 2.4 GHz the focus is maximizing coverage (but losing lots of airtime on those weak and slow connections). With 5 GHz the focus is on high performance (but losing on coverage)
So the limits now are totally different. 2.4 GHz is at -86 dB (depends on available AP’s per area), while 5 GHz is at -80 dB. (same AP’s).
Currently doing daily monitoring to adjust the values (per AP). Would not hesitate to go for -90 dB and -76 dB as different settings.
Even the TXpower for 2.4 GHz is reduced by 7 dB, what is also part of the tuning. It lowers to chance for triggering clients to try a connection.
Also upping “basic rate” is another technique for avoiding weak signal trials.
What gives a bad experience is that someone is rejected by all AP’s or even worse banned by all AP , when being in the area assumed covered.
Handheld devices have a fluctuating signal, so to be tolerant for that the “allowed out of range” timing is at least 30 sec. (depends on the AP density again and the need to kick sticky clients fast)
Tuning a system that must handle a random workload, when multiple parameters can be set that are not independent, is never easy. And tuning for zero faults is not the optimum targeted for.
Actually the optimum is different for every device type, and for every user and every use case. Expectations, even as they are not expressed in numbers, are moving targets.
You are braver than I Sir! I only play the switch game between two 5Gzh wlans (meaning two different APs) and not between a 2 and a 5 either on the same or different APs.
Mixing the bands, seems to work well. (Need additional feedback from that user, but they are used to contact me if something is not 100%)
The client device decides the connection. In the beginning between WLAN1 & WLAN2 (connect before disconnect) , at the end it was pushed a bit.(disconnect before connect)
Reason code (8) in https://aboutcher.co.uk/2012/07/linux-wifi-deauthenticated-reason-codes/ , MKT and client mechanism unknown.
.
But is not always changing, when they are @home its steady
.
I recommend to not use access list, except if the harbor is small or really densly AP populated and at every location you have good signal!!!, for any kind of client…!
But as you already experience issues now (with one device only), you will experience exactly this with many new devices
(or have frustrated customers…)
Each device is different. You talk about an Ipad, that is 2x2 device and as such has better reception that 1x1 device.
If someone comes with a “cheap” consumer Wifi device his signal strength will for sure be less.
If you can not ensure that you have better than “-75” signal strength you will end up with many devices not connecting at all.
Covering a phone with something (in a case, cupboard or under towls etc) will reduce signal strength greatly.
→ In an open environment with “unknown devices” you can not know what the signal strength will be.
You need to test each and every device first to know the signal level…
What you want can only be done if you test ALL your clients and know what they do… (Or you are ok that some won’t be able to connect…)
The good solution is not possible today with ROS! What would be needed is actually an access list entry that “allows access only after X seconds”.
The idea would be:
Allow on the AP -70 to +120, with 30 sec out of range (or what ever range makes sense depending on AP density)
Allow device ONLY after 30secs if signal strength is -120 to -65 (which would mean the device can search around and see if it can find something better during the 30 seconds).
Ideally running this via capsman, so that a centrealized daemon knows that the client is able to connect to one of the AP or not, and if not gives them the authorization to conncet with low signal strength. Unfortunately this is science fiction for ROS today but would make a huge improvement to Wifi system performance…
Thanks for the feedback. It seems that this is really a tough topic. I though that I would arrange this quickly, but that is for sure not the case.
I’ve included a layout of the harbour, each red dot on the map is a AP. Mainly I’m using the wAP devices. At two locations I’m using the SXT devices. I’m covering many areas of the harbour but for sure not every spot. I’m at the end, far a way from the wAP AP and having these connection/signal strength problems.
As per your advice, I will remove the Access List configuration and see if that will improve the situation. As you explained and already assumed, this is an open environment with many users and many different devices. I cannot measure them all, I don’t have the time and the motivation to measure each individual device. But that raises the next question, how can I improve the WIFI experience of the users? I get complains about a bad WIFI signal. Also there is a big difference inside and outside the boot.
Is there a best practise configuration for the wAP’s? CAPSMAN has been mentioned a couple of times, I’ve no experience on CAPSMAN, but is this really going to help the WIFI experience? Or is this only for the maintenance and configuration of the AP’s? All the AP’s have wired connections.
I’m using the “AP Bridge” mode on each AP, is that the best mode? Should I use something else? Reasoning for the AP Bridge mode is the VLAN and the central management of DHCP.
Looking forward to other and more feedback on how to improve this WIFI network. Thanks.
Yes, but how to implement a weak signal connection attempt timer ? Connection attempts are “connectionless” like UDP.
Differentiated settings for 2.4GHz and 5 GHz is somewhat similar to the weak signal timer. You always get in 2.4 GHz, and will move up to 5 GHz if the signal is strong.
What if we have the same SSID twice on the same master WLAN but with different access-list settings ? Possible ??
The trigger for “banned” is probably yet another mechanism … (seen from a RADIUS misconfig)
Looking forward to other and more feedback on how to improve this WIFI network. Thanks.
That’s a more general question. Very interesting case. We will have to look at the whole RF spectrum around.
Your information is detailed but filtered, because it was focused on your connection problem, and on “Watersportvereniging Helius”.
The screenshot with channels is filtered on “wsvh” , but the AP search by the client device shows strong “Lovis, Marieke, Marina …” SSID’s in the neighborhood.
Water is a RF signal absorber. Is the weak signal in the boot due to the water or the boot? (Polyester? Metal ? Wood ?) But is most cases it is the client device signal that is weak at the AP!
Many things to explore.
You did not mention the type of Mkt AP you are using.(antenna characteristic) , nor its power setting. (More TXpower will not help, better antenna gain does)
You ar correct, I filtered that Wireless neighbourhood scan result on our own WIFI SSID. There ar for sure other WIFI networks around. The once you listed (Lovis, Marieke, etc) are hotspots on the various boots. That is another probleem. It becomes more and more populair to have a hotspot on the boot to receive the information like wind, speed, GPS, etc. on mobile devices. This is another disturbance factor. I’m not at the harbour at the moment, so cannot easily make another scan. Will try to collect some info remotely and post it here.
The devices I’m using are the wAP devices as the main AP’s on the harbour. I’ve three SXT’s installed as well.
