Hey y’all!
I have one hEX as my default router and two CAP ac connected directly to my hEX. Here is my config:
Both CAP ac if configured to use CAPSMAN.
I configured on CAPSMAN to use same wifi name for 2.4Ghz and 5GHz.
All network cable are working in 1Gbps
my Internet has 200Mbps of bandwidth.
Some notes:
Using network cable I can reach out 200M, but using Wifi, I can only reach ~60M..
Here is the result, using WinBox bandwidth test:
Could I get some help me to identify where is my problem in my network? If needs more info, I’ll be glad to provide!
Thanks!
That bandwidth test you show … is from where to where ? SHould never be run on the device for which you are testing the througput since it puts a HUGE load on the local device (as is shown with that 98% CPU).
Other things:
make sure the channels you use are chosen by you (no auto) and are CLEAR of any interference from other radios (use frequency scan to check)
what security settings do you use for those 5GHz channels ? WPA is known to slow things down. Use WPA2.
have you tested with laptop connected using cable to cap ? What does it say ?
How do you know your issue is not from cap to hex ? Can you setup computer with iperf server via cable to hex, then test via cable and wifi from cap to that iperf server ? What do you get for both options ? Cable should be 950-ish. Wifi at least 300 if everything is ok.
how are those caps powered ? Since Hex doesn’t do POE Out, I guess using power injector ? The 1Gb versions, I hope ? (normally that’s the one in the box with cap ac but I made the mistake myself already to use a wrong injector, therefor I ask to be sure)
And if all that does not help … export of config please.
Hey holvoetn, thanks for your reply.. here is:
This screenshot refers to my hEX (my router) to CAP ac
On my hEX, the interface shows connected as 1Gbps
I tested using iperf via wifi to my computer on cable, and that’s the result:
[ ID] Interval Transfer Bandwidth
[ 1] 0.00-30.53 sec 15.9 MBytes 4.36 Mbits/sec
Here is the export (I removed only the dhcp server leases part)
/caps-man channel
add control-channel-width=20mhz extension-channel=disabled frequency="" name=5g-5660-5180 skip-dfs-channels=no
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled frequency=2412,2432,2452,2472 name=2g-1-5-9-13
/interface bridge
add name=bridge
/caps-man datapath
add bridge=bridge local-forwarding=yes name=datapath-default
add bridge=bridge local-forwarding=yes name=datapath-visitante vlan-id=10 vlan-mode=use-tag
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=wifi-visitante
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=wifi-casa
/caps-man configuration
add channel=2g-1-5-9-13 country=brazil datapath=datapath-default distance=indoors installation=indoor mode=ap name=cfg-2G security=wifi-casa ssid=fellipeh
add channel=2g-1-5-9-13 country=brazil datapath=datapath-visitante distance=indoors installation=indoor mode=ap name=cfg-visitante-2G security=wifi-visitante ssid=fellipeh-visitante
add channel=5g-5660-5180 country=brazil datapath=datapath-default distance=indoors installation=indoor mode=ap name=cfg-5G security=wifi-casa ssid=fellipeh
/caps-man manager
set enabled=yes
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=bridge
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=g,gn master-configuration=cfg-2G slave-configurations=cfg-visitante-2G
add action=create-dynamic-enabled hw-supported-modes=a,ac,an master-configuration=cfg-5G
/ip pool
add name=dhcp ranges=10.0.0.1-10.0.0.254
/ip dhcp-server
add address-pool=dhcp interface=bridge lease-time=4d name=dhcp-v4
That’s not the full export, is it ?
4.36Mbps is ridiculously low !
Here is my infra:
┌────────┬───────┐ ┌┬─────────┐ ┌┬───────┐
│ │ eth3 ◄───────┼│CAP ac(1)├────────┼│My PC │
│ hEX │ │ └┴─────────┘ └┴───────┘
│ router │ │
│ │ eth4 ◄─────────Cap ac(2)
│ │ │
│ │ │ ┌┬─────────┐
│ │ eth5 ◄───────┼┘My home │
│ │ │ │ server │
└────────┴───────┘ └──────────┘
I set the iperf server on My home server and the iperf client on My PC . The CAP ac and My Home Server is directly connected to the ether port on hEX.
/caps-man channel
add control-channel-width=20mhz extension-channel=disabled frequency="" name=\
5g-5660-5180 skip-dfs-channels=no
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled \
frequency=2412,2432,2452,2472 name=2g-1-5-9-13
/interface bridge
add name=bridge
/interface ethernet
set [ find default-name=ether1 ] name=ether1-imicro
set [ find default-name=ether2 ] name=ether2-switch
set [ find default-name=ether3 ] name=ether3-wifi-casa
set [ find default-name=ether4 ] name=ether4-trabalho
set [ find default-name=ether5 ] name=ether5-home-server
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1-imicro max-mtu=1492 \
name=pppoe-imicro use-peer-dns=yes user=XXXXXXX
/interface vlan
add interface=bridge name=vlan-consultorio vlan-id=20
add interface=bridge name=vlan-visitante vlan-id=10
/caps-man datapath
add bridge=bridge local-forwarding=yes name=datapath-default
add bridge=bridge local-forwarding=yes name=datapath-visitante vlan-id=10 \
vlan-mode=use-tag
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm \
name=wifi-visitante
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm \
name=wifi-casa
/caps-man configuration
add channel=2g-1-5-9-13 country=brazil datapath=datapath-default distance=\
indoors installation=indoor mode=ap name=cfg-2G security=wifi-casa ssid=\
fellipeh
add channel=2g-1-5-9-13 country=brazil datapath=datapath-visitante distance=\
indoors installation=indoor mode=ap name=cfg-visitante-2G security=\
wifi-visitante ssid=fellipeh-visitante
add channel=5g-5660-5180 country=brazil datapath=datapath-default distance=\
indoors installation=indoor mode=ap name=cfg-5G security=wifi-casa ssid=\
fellipeh
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=10.0.0.1-10.0.0.254
add name=dhcp_visitante ranges=192.168.1.2-192.168.1.254
add name=dhcp_consultorio ranges=192.168.2.2-192.168.2.254
/ip dhcp-server
add address-pool=dhcp interface=bridge lease-time=4d name=dhcp-v4
add address-pool=dhcp_visitante interface=vlan-visitante lease-time=1d name=\
dhcp-visitante
add address-pool=dhcp_consultorio interface=vlan-consultorio lease-time=1d \
name=dhcp-consultorio
/port
set 0 name=serial0
/queue simple
add max-limit=30M/30M name=queue_vlan target=192.168.1.0/24,192.168.2.0/24
/caps-man manager
set enabled=yes
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=bridge
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=g,gn \
master-configuration=cfg-2G slave-configurations=cfg-visitante-2G
add action=create-dynamic-enabled hw-supported-modes=a,ac,an \
master-configuration=cfg-5G
/interface bridge port
add bridge=bridge interface=ether2-switch
add bridge=bridge interface=ether3-wifi-casa
add bridge=bridge interface=ether4-trabalho
add bridge=bridge interface=ether5-home-server
/interface list member
add interface=pppoe-imicro list=WAN
add interface=bridge list=LAN
/ip address
add address=10.0.0.1/8 interface=bridge network=10.0.0.0
add address=192.168.1.1/24 interface=vlan-visitante network=192.168.1.0
add address=192.168.2.1/24 interface=vlan-consultorio network=192.168.2.0
/ip dhcp-client
add disabled=yes interface=ether1-imicro
/ip dhcp-server config
set store-leases-disk=5h
/ip dhcp-server network
add address=10.0.0.0/8 dns-server=10.0.0.4 gateway=10.0.0.1 netmask=8
add address=192.168.1.0/24 dns-server=10.0.0.4 gateway=192.168.1.1
add address=192.168.2.0/24 dns-server=10.0.0.4 gateway=192.168.2.1
/ip dns
set allow-remote-requests=yes servers=10.0.0.4
/ip firewall address-list
add address=0.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=172.16.0.0/12 comment=RFC6890 list=not_in_internet
add address=192.168.0.0/16 comment=RFC6890 list=not_in_internet
add address=10.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=169.254.0.0/16 comment=RFC6890 list=not_in_internet
add address=127.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=224.0.0.0/4 comment=Multicast list=not_in_internet
add address=198.18.0.0/15 comment=RFC6890 list=not_in_internet
add address=192.0.0.0/24 comment=RFC6890 list=not_in_internet
add address=192.0.2.0/24 comment=RFC6890 list=not_in_internet
add address=198.51.100.0/24 comment=RFC6890 list=not_in_internet
add address=203.0.113.0/24 comment=RFC6890 list=not_in_internet
add address=100.64.0.0/10 comment=RFC6890 list=not_in_internet
add address=240.0.0.0/4 comment=RFC6890 list=not_in_internet
add address=192.88.99.0/24 comment="6to4 relay Anycast [RFC 3068]" list=\
not_in_internet
add address=177.131.51.150 list=PUBLIC_IP
add address=10.0.0.0/24 list=LAN
add address=10.0.0.242-10.0.0.249 list=IOT_IPS
/ip firewall filter
add action=fasttrack-connection chain=forward comment=FastTrack \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="Established, Related" \
connection-state=established,related
add action=drop chain=forward comment="Drop invalid" connection-state=invalid \
log-prefix=invalid
add action=jump chain=forward comment="jump to ICMP filters" jump-target=icmp \
protocol=icmp
add action=accept chain=forward comment="VISITANTE DNS" dst-address=10.0.0.4 \
in-interface=vlan-visitante
add action=accept chain=forward comment="CONSULTORIO - DNS" dst-address=\
10.0.0.4 in-interface=vlan-consultorio
add action=drop chain=forward comment=VISITANTE in-interface=vlan-visitante \
out-interface=!pppoe-imicro
add action=drop chain=forward comment=CONSULTORIO in-interface=\
vlan-consultorio out-interface=!pppoe-imicro
add action=accept chain=forward connection-state=\
established,related,untracked
add action=drop chain=input comment="BLOQUEAR WINBOX FORA LAN" dst-port=8291 \
in-interface=pppoe-imicro log-prefix=TENTATIVA-WINBOX protocol=tcp
add action=drop chain=input comment="bloqueio DNS de fora" dst-port=53 \
in-interface=ether1-imicro protocol=udp
add action=drop chain=forward disabled=yes dst-port=53 out-interface=!all-ppp \
protocol=udp
add action=accept chain=input comment="Accept DNS - UDP" port=53 protocol=udp
add action=accept chain=input comment="Accept DNS - TCP" port=53 protocol=tcp
add action=drop chain=input comment="bloqueio acesso router de fora" \
dst-port=80 in-interface-list=WAN protocol=tcp
add action=drop chain=forward comment=\
"Drop tries to reach not public addresses from LAN" dst-address-list=\
not_in_internet in-interface=bridge log-prefix=!public_from_LAN \
out-interface=!bridge
add action=drop chain=forward comment=\
"Drop incoming packets that are not NAT`ted" connection-nat-state=!dstnat \
connection-state=new in-interface=ether1-imicro log-prefix=!NAT
add action=drop chain=forward comment=\
"Drop incoming from internet which is not public IP" in-interface=\
ether1-imicro log-prefix=!public src-address-list=not_in_internet
add action=accept chain=input dst-address-list=IOT_IPS log=yes log-prefix=IOT
/ip firewall mangle
add action=mark-connection chain=prerouting new-connection-mark=HA_NAT \
passthrough=yes src-address-list=LAN
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
add action=masquerade chain=srcnat out-interface=all-vlan
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ipv6 firewall filter
add action=accept chain=input dst-port=546 protocol=udp src-address=fe80::/16
/system clock
set time-zone-name=America/Sao_Paulo
/system identity
set name=MikroTik-Roteador
/system note
set show-at-login=no
What ip address does your pc get when connected to wifi ?
I got 10.0.0.8 on my computer using the fellipeh wifi.. with no VLAN on this Wifi. VLANs is used in other computer, not on this one I’m testing.
Also tested connecting directly to the CAP ac cable, and iperf reached 900ish speed..I believe the cable is right.
Cable to cable is indeed ok then so we can rule that out.
I used an mac app called Wifi Scanner, and show this to me:
the 2.4gz we have others networks, but none in the same channel, beside my 2 wifi (fellipeh and fellipeh_visitante).. and no other 5GHz…
On 5GHz channel, do you really need A, AN and AC ? I usually only use AC nowadays (actually AX, since all my devices are AX now
Can you also show what your computer indicates when connected ? Frequency band, type, …
Then test again…
I changed for these configs:
and, got little better:
[ 2] local 10.0.0.20 port 5001 connected with 10.0.0.216 port 36090 (icwnd/mss/irtt=11/1448/1000)
[ ID] Interval Transfer Bandwidth
[ 2] 0.00-30.31 sec 78.9 MBytes 21.8 Mbits/sec
I tried to remove that frequency, and the result is the same.
isn’t that to be expected from 20mhz channel width on a/b/g/n/ac wifi ? if you want get more than that , you have to use 40/80mhz width if your client device support it
That was going to be my following remark hence my question to provide connection details on client device
BTW EXCELLENT reading material regarding wifi:https://www.duckware.com/tech/wifi-in-the-us.html
Ok, I needed to remove that configuration from CAPSMAN Channels, because I only have: 5Mhz, 10Mhz, 20Mhz and 40turbo Mhz.. if I set to 40turbo,failed to select channel, no supported channel .. so, removing this option CAPSMAN select this:
selected channel 5805/20/ac(30dBm)
selected channel 2412/20/gn(30dBm)
And here is the test result (almost the same):
[ 3] local 10.0.0.20 port 5001 connected with 10.0.0.216 port 58636 (icwnd/mss/irtt=11/1448/12000)
[ ID] Interval Transfer Bandwidth
[ 3] 0.00-30.62 sec 97.5 MBytes 26.7 Mbits/sec
I’m changing from WinBox.. maybe need some config in terminal, which I don’t have on UI?
RIght … capsman doesn’t allow the same granularity compared to direct config.
Set control channel to 20MHz
RIght … capsman doesn’t allow the same granularity compared to direct config.
Set control channel to 20MHz
I just followed one tutorial on internet, that’s the reason I’m using CAPSMAN.. I think it’s over-engineered in my case.. since I have only 2 APs
I could set Ceee on 5g, but 20MHz, result in error… and could reach 44Mbps using iperf, and 191Mbps using speedtest on my iPhone
in case removing CAPSMAN, which config you think is the best config for me?
So it’s improving already ?
Last tweak:
Be advised you may have to do some more adjustments then only the wifi part if you ditch capsman.
If you go for direct config:
Second AP similar but other frequency.
Personal adjustments:
Thanks holvoetn… I’ll try to do that…
Hi holvoetn,I followed your instruction and removed the CAPSMAN from my network, no need to have it, since I have only 2 CAP ac.. here is how is configured right now:
/interface bridge
add admin-mac=18:FD:74:18:CC:a0 auto-mac=no name=bridge1
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-g/n channel-width=20/40mhz-Ce \
country=brazil disabled=no frequency=2442 frequency-mode=superchannel \
installation=indoor mode=ap-bridge name=wlan-2G ssid=fellipeh wps-mode=\
disabled
set [ find default-name=wlan2 ] band=5ghz-n/ac basic-rates-a/g=\
18Mbps,24Mbps,36Mbps,48Mbps,54Mbps channel-width=20/40mhz-eC country=brazil \
disabled=no frequency=5765 frequency-mode=superchannel installation=indoor \
mode=ap-bridge name=wlan-5G rate-set=configured ssid=fellipeh \
supported-rates-a/g=18Mbps,24Mbps,36Mbps,48Mbps,54Mbps
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
supplicant-identity=MikroTik wpa2-pre-shared-key=XXXXXXX
add authentication-types=wpa2-psk mode=dynamic-keys name=profile-visitante \
supplicant-identity="" wpa2-pre-shared-key=XXXXXXX
/interface wireless
add disabled=no keepalive-frames=disabled mac-address=1A:FD:74:18:aa:8F \
master-interface=wlan-2G multicast-buffering=disabled name=\
wlan-2g-visitante security-profile=profile-visitante ssid=\
fellipeh-visitante vlan-id=10 vlan-mode=use-tag wds-cost-range=0 \
wds-default-cost=0 wps-mode=disabled
/interface bridge port
add bridge=bridge1 interface=wlan-2G
add bridge=bridge1 interface=wlan-5G
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=wlan-2g-visitante
/ip dhcp-client
add disabled=no interface=bridge1
/system clock
set time-zone-name=America/Sao_Paulo
/system identity
set name=Wifi-Casa
Which config can I improve on this case?
I hope both cAPs have different frequencies ? Clear from interference by others ? (as much as possible)
Test what speed you get.
Drop superchannel because most devices will not be able to use it.
On wifi2, use 20/40/80 IF you can find a channel which is clear enough for that width. Otherwise stick to 20/40.
).
