I am using a MikroTik RB450Gx4 running RouterOS version 7. The network uses two ISPs: ISP 1 provides 30 Mbps and ISP 2 provides 100 Mbps. Load balancing is configured using the PCC (Per Connection Classifier) method.

The network topology is as follows: ether1 is connected to ISP 1, ether2 to ISP 2, ether3 to Access Point 1, ether4 to Access Point 2, and ether5 is currently unused. Bandwidth on ether3 and ether4 is limited to 50 Mbps, while ether5 is not bandwidth-limited.

After the configuration is applied, the load balancing operates normally. However, an issue occurs on ether3: after 2–3 minutes, the connection disconnects and the Wi-Fi SSID disappears from connected client devices. The access point used on ether3 is a Ubiquiti UniFi (round model).

Meanwhile, ether4 remains connected, but as more users connect to Access Point 2, the internet performance becomes increasingly slow.

I would like to understand the possible causes of these issues and the correct steps to resolve them.

Hi,

What disconnected means for ether3? Can you provide logs if eth3 links goes down then?
SSIDs are not operated by MT so the solution could be that AP switches them off as it does not see the internet connection.

Sounds like AP reboot.

To the unifi forums you go

P.s. unifi APs should still reboot if they can't reach ntp

UniFi APs make a connection to a management server. As you do not mention it, you probably have a management server “in the cloud”.

It will not like your PCC setup. Advise is to use per-connection-classifier=src-address:2/0 and see if that solves it, or at least setup PCC such that the traffic from the AP is handled that way.

I’m still a beginner, so I’m not sure where the issue might be.

The internet connection works initially, but after 2–3 minutes of usage, the network disconnects. The SSID of the previously connected network can no longer be detected, unless the LAN Ether 3 cable connected to the access point is unplugged and then plugged back in

What does the logging on the RB say? Does it report "disconnect" for ether3?
What number of clients are you talking about?

Can you please answer all questions asked above?

The problem likely is that your PCC is configured with too many participating elements.

When you select “both addresses and ports” or “src address and port”, every connection to the UniFi network application will appear to come from a different IP address and the service does not understand that and disconnects.

So select something that does not include ports.

I am using src-address for PCC, but the problem still persists.

In the Winbox logs, the connected device appears in the log entries, but when the device disconnects, there is no log entry indicating the disconnection. There are around 20 to 30 connected clients.

Put any dumb switch between AP and ether3 + use new cables (new, not the ones from the spare parts box as I had a situation that a batch of cables was bad quality) to see if it changes anything.

Yep, so you come here asking for ideas/suggestions/corrections, but if you don't post your full configuration, instructions here:

the more expert members won't be able to (hopefully) notice a mis-setting and assist you.

and this my configuration:
Network Overview

• Router: MikroTik RB450Gx4

• WAN Interfaces:

  • ether1 → ISP 1 (30 Mbps)

  • ether2 → ISP 2 (100 Mbps)

• LAN Interfaces:

  • ether3 → LAN 1 (Access Point 2 – UniFi)

  • ether4 → LAN 2 (Access Point 1 – UniFi)

  • ether5 → LAN 3

• Access Points: Ubiquiti UniFi (model unknown, mode unknown)

IP Addressing

DHCP Configuration

IP Pools

/ip pool
add name=dhcp_pool1 ranges=192.168.20.1,192.168.20.3-192.168.20.254
add name=dhcp_pool2 ranges=192.168.10.1,192.168.10.3-192.168.10.254
add name=dhcp_pool3 ranges=192.168.30.1,192.168.30.3-192.168.30.254

DHCP Servers

/ip dhcp-server
add name=dhcp1 interface=ether3 address-pool=dhcp_pool2 lease-time=12h
add name=dhcp2 interface=ether4 address-pool=dhcp_pool1 lease-time=12h
add name=dhcp3 interface=ether5 address-pool=dhcp_pool3 lease-time=12h

DHCP Networks

/ip dhcp-server network
add address=192.168.10.0/24 gateway=192.168.10.2
add address=192.168.20.0/24 gateway=192.168.20.2
add address=192.168.30.0/24 gateway=192.168.30.2

DNS

/ip dns
set allow-remote-requests=yes servers=8.8.8.8,1.1.1.1

Bandwidth Limitation (Simple Queue + PCQ)

• LAN on ether3 limited to 50 Mbps

• LAN on ether4 limited to 50 Mbps

• Using PCQ for fair bandwidth distribution per client

/queue simple
add name="LAN-192.168.10.0" target=192.168.10.0/24 \
    max-limit=50M/50M queue=pcq-upload-default/pcq-download-default

add name="LAN-192.168.20.0" target=192.168.20.0/24 \
    max-limit=50M/50M queue=pcq-upload-default/pcq-download-default

Routing Tables

/routing table
add name=TO-ISP1 fib=yes
add name=TO-ISP2 fib=yes

Firewall Mangle (PCC Load Balancing)

Bypass Local Traffic

/ip firewall mangle
add chain=prerouting action=accept dst-address=10.11.24.0/21
add chain=prerouting action=accept dst-address=192.168.1.0/24
add chain=prerouting action=accept dst-address=192.168.10.0/24
add chain=prerouting action=accept dst-address=192.168.20.0/24
add chain=prerouting action=accept dst-address=192.168.30.0/24

Mark Incoming WAN Connections

add chain=prerouting in-interface=ether1 action=mark-connection new-connection-mark=ISP1
add chain=prerouting in-interface=ether2 action=mark-connection new-connection-mark=ISP2

PCC (src-address, ratio 13:12)

• Buckets 0–2 → ISP1

• Buckets 3–12 → ISP2

• Applied to ether3, ether4, ether5

(example shown, full list unchanged)

add chain=prerouting in-interface=ether3 \
    per-connection-classifier=src-address:13/0 \
    action=mark-connection new-connection-mark=ISP1

Mark Routing

add chain=prerouting in-interface=ether3 connection-mark=ISP1 \
    action=mark-routing new-routing-mark=TO-ISP1
add chain=prerouting in-interface=ether3 connection-mark=ISP2 \
    action=mark-routing new-routing-mark=TO-ISP2

add chain=output connection-mark=ISP1 action=mark-routing new-routing-mark=TO-ISP1
add chain=output connection-mark=ISP2 action=mark-routing new-routing-mark=TO-ISP2

NAT

/ip firewall nat
add chain=srcnat out-interface=ether1 action=masquerade
add chain=srcnat out-interface=ether2 action=masquerade

Routes

/ip route
add dst-address=0.0.0.0/0 gateway=10.11.24.1 routing-table=TO-ISP1 \
    check-gateway=ping distance=1
add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-table=TO-ISP2 \
    check-gateway=ping distance=1

add dst-address=0.0.0.0/0 gateway=10.11.24.1 routing-table=TO-ISP2 distance=2
add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-table=TO-ISP1 distance=2

I have already tried placing a simple switch between the access point and ether3, and I also tested with a different cable. However, the SSID is still not detected on client devices.

Please do what are you asked for: PCC Load Balancing Issues on RB450Gx4 – Slow Speed on One AP and Random Disconnect on Another AP - #4 by BartoszP

Please do not send excerpts from config. Full config in one piece.

Why don’t you examine the status and logs of the Unifi device more closely, instead of only diagnosing “the SSID is not detected”? There may be some clues there.

model = RB450Gx4

/ip pool
add name=dhcp_pool1 ranges=192.168.20.1,192.168.20.3-192.168.20.254
add name=dhcp_pool2 ranges=192.168.10.1,192.168.10.3-192.168.10.254
add name=dhcp_pool3 ranges=192.168.30.1,192.168.30.3-192.168.30.254
/ip dhcp-server
add address-pool=dhcp_pool1 interface=ether4 lease-time=12h name=dhcp2

Interface not running

add address-pool=dhcp_pool2 interface=ether3 lease-time=12h name=dhcp1
add address-pool=dhcp_pool3 interface=ether5 lease-time=12h name=dhcp3
/port
set 0 name=serial0
/queue simple
add max-limit=50M/50M name="balmon 1" queue=
pcq-upload-default/pcq-download-default target=192.168.10.0/24
add max-limit=50M/50M name=Balmon2 queue=
pcq-upload-default/pcq-download-default target=192.168.20.0/24
/routing table
add disabled=no fib name=TO-ISP1
add disabled=no fib name=TO-ISP2
/ip address
add address=192.168.10.2/24 interface=ether3 network=192.168.10.0
add address=192.168.20.2/24 interface=ether4 network=192.168.20.0
add address=192.168.30.2/24 interface=ether5 network=192.168.30.0
/ip dhcp-client
add default-route-tables=main interface=ether2
add default-route-tables=main interface=ether1
/ip dhcp-server network
add address=192.168.10.0/24 gateway=192.168.10.2
add address=192.168.20.0/24 gateway=192.168.20.2
add address=192.168.30.0/24 gateway=192.168.30.2
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,1.1.1.1
/ip firewall mangle
add action=accept chain=prerouting dst-address=10.11.24.0/21
add action=accept chain=prerouting dst-address=192.168.1.0/24
add action=accept chain=prerouting dst-address=192.168.10.0/24
add action=accept chain=prerouting dst-address=192.168.20.0/24
add action=accept chain=prerouting dst-address=192.168.30.0/24
add action=mark-connection chain=prerouting in-interface=ether1
new-connection-mark=ISP1
add action=mark-connection chain=prerouting in-interface=ether2
new-connection-mark=ISP2
add action=mark-connection chain=prerouting in-interface=ether3
new-connection-mark=ISP1 per-connection-classifier=src-address:13/0
add action=mark-connection chain=prerouting in-interface=ether4
new-connection-mark=ISP1 per-connection-classifier=src-address:13/0
add action=mark-connection chain=prerouting in-interface=ether5
new-connection-mark=ISP1 per-connection-classifier=src-address:13/0
add action=mark-connection chain=prerouting in-interface=ether3
new-connection-mark=ISP1 per-connection-classifier=src-address:13/1
add action=mark-connection chain=prerouting in-interface=ether4
new-connection-mark=ISP1 per-connection-classifier=src-address:13/1
add action=mark-connection chain=prerouting in-interface=ether5
new-connection-mark=ISP1 per-connection-classifier=src-address:13/1
add action=mark-connection chain=prerouting in-interface=ether3
new-connection-mark=ISP1 per-connection-classifier=src-address:13/2
add action=mark-connection chain=prerouting in-interface=ether4
new-connection-mark=ISP1 per-connection-classifier=src-address:13/2
add action=mark-connection chain=prerouting in-interface=ether5
new-connection-mark=ISP1 per-connection-classifier=src-address:13/2
add action=mark-connection chain=prerouting in-interface=ether3
new-connection-mark=ISP2 per-connection-classifier=src-address:13/3
add action=mark-connection chain=prerouting in-interface=ether4
new-connection-mark=ISP2 per-connection-classifier=src-address:13/3
add action=mark-connection chain=prerouting in-interface=ether5
new-connection-mark=ISP2 per-connection-classifier=src-address:13/3
add action=mark-connection chain=prerouting in-interface=ether3
new-connection-mark=ISP2 per-connection-classifier=src-address:13/4
add action=mark-connection chain=prerouting in-interface=ether4
new-connection-mark=ISP2 per-connection-classifier=src-address:13/4
add action=mark-connection chain=prerouting in-interface=ether5
new-connection-mark=ISP2 per-connection-classifier=src-address:13/4
add action=mark-connection chain=prerouting in-interface=ether3
new-connection-mark=ISP2 per-connection-classifier=src-address:13/5
add action=mark-connection chain=prerouting in-interface=ether4
new-connection-mark=ISP2 per-connection-classifier=src-address:13/5
add action=mark-connection chain=prerouting in-interface=ether5
new-connection-mark=ISP2 per-connection-classifier=src-address:13/5
add action=mark-connection chain=prerouting in-interface=ether3
new-connection-mark=ISP2 per-connection-classifier=src-address:13/6
add action=mark-connection chain=prerouting in-interface=ether4
new-connection-mark=ISP2 per-connection-classifier=src-address:13/6
add action=mark-connection chain=prerouting in-interface=ether5
new-connection-mark=ISP2 per-connection-classifier=src-address:13/6
add action=mark-connection chain=prerouting in-interface=ether3
new-connection-mark=ISP2 per-connection-classifier=src-address:13/7
add action=mark-connection chain=prerouting in-interface=ether4
new-connection-mark=ISP2 per-connection-classifier=src-address:13/7
add action=mark-connection chain=prerouting in-interface=ether5
new-connection-mark=ISP2 per-connection-classifier=src-address:13/7
add action=mark-connection chain=prerouting in-interface=ether3
new-connection-mark=ISP2 per-connection-classifier=src-address:13/8
add action=mark-connection chain=prerouting in-interface=ether4
new-connection-mark=ISP2 per-connection-classifier=src-address:13/8
add action=mark-connection chain=prerouting in-interface=ether5
new-connection-mark=ISP2 per-connection-classifier=src-address:13/8
add action=mark-connection chain=prerouting in-interface=ether3
new-connection-mark=ISP2 per-connection-classifier=src-address:13/9
add action=mark-connection chain=prerouting in-interface=ether4
new-connection-mark=ISP2 per-connection-classifier=src-address:13/9
add action=mark-connection chain=prerouting in-interface=ether5
new-connection-mark=ISP2 per-connection-classifier=src-address:13/9
add action=mark-connection chain=prerouting in-interface=ether3
new-connection-mark=ISP2 per-connection-classifier=src-address:13/10
add action=mark-connection chain=prerouting in-interface=ether4
new-connection-mark=ISP2 per-connection-classifier=src-address:13/10
add action=mark-connection chain=prerouting in-interface=ether5
new-connection-mark=ISP2 per-connection-classifier=src-address:13/10
add action=mark-connection chain=prerouting in-interface=ether3
new-connection-mark=ISP2 per-connection-classifier=src-address:13/11
add action=mark-connection chain=prerouting in-interface=ether4
new-connection-mark=ISP2 per-connection-classifier=src-address:13/11
add action=mark-connection chain=prerouting in-interface=ether5
new-connection-mark=ISP2 per-connection-classifier=src-address:13/11
add action=mark-connection chain=prerouting in-interface=ether3
new-connection-mark=ISP2 per-connection-classifier=src-address:13/12
add action=mark-connection chain=prerouting in-interface=ether4
new-connection-mark=ISP2 per-connection-classifier=src-address:13/12
add action=mark-connection chain=prerouting in-interface=ether5
new-connection-mark=ISP2 per-connection-classifier=src-address:13/12
add action=mark-routing chain=prerouting connection-mark=ISP1 in-interface=
ether3 new-routing-mark=TO-ISP1
add action=mark-routing chain=prerouting connection-mark=ISP1 in-interface=
ether4 new-routing-mark=TO-ISP1
add action=mark-routing chain=prerouting connection-mark=ISP1 in-interface=
ether5 new-routing-mark=TO-ISP1
add action=mark-routing chain=prerouting connection-mark=ISP2 in-interface=
ether3 new-routing-mark=TO-ISP2
add action=mark-routing chain=prerouting connection-mark=ISP2 in-interface=
ether4 new-routing-mark=TO-ISP2
add action=mark-routing chain=prerouting connection-mark=ISP2 in-interface=
ether5 new-routing-mark=TO-ISP2
add action=mark-routing chain=output connection-mark=ISP1 new-routing-mark=
TO-ISP1
add action=mark-routing chain=output connection-mark=ISP2 new-routing-mark=
TO-ISP2
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=masquerade chain=srcnat out-interface=ether2
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=
192.168.1.1 routing-table=TO-ISP2 scope=30 suppress-hw-offload=no
target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=
10.11.24.1 routing-table=TO-ISP1 scope=30 suppress-hw-offload=no
target-scope=10
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=192.168.1.1
routing-table=TO-ISP1 scope=30 suppress-hw-offload=no target-scope=10
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=10.11.24.1
routing-table=TO-ISP2 scope=30 suppress-hw-offload=no target-scope=10

I’ve tried it already, but it didn’t help to fix the issue.

I don’t know the access point’s login password, so I’m unable to access the UniFi device. Is there any way to obtain that information or check its status without logging in?

Please use "preformatted text" button < / > for code. It's not easy to scroll and read hundreds of lines on phone.