Can you post you config?
/export file=anynameyoulike
Make sure to remove serial and any other private information.
Sure
# 2024-01-30 10:59:14 by RouterOS 7.13.2
# software id = ZXEY-STCI
#
# model = C52iG-5HaxD2HaxD
# serial number = xxxxxxxxxx
/interface bridge
add admin-mac=XX:XX:XX:XX:XX:XX auto-mac=no comment=defconf name=bridge \
port-cost-mode=short
/interface wifi
set [ find default-name=wifi1 ] channel.skip-dfs-channels=10min-cac \
configuration.country=Estonia .mode=ap .ssid=LT82-5G disabled=no \
security.authentication-types=wpa2-psk,wpa3-psk .connect-priority=0
set [ find default-name=wifi2 ] channel.skip-dfs-channels=10min-cac \
configuration.country=Estonia .mode=ap .ssid=MikroTik-D219A5 disabled=no \
security.authentication-types=wpa2-psk,wpa3-psk .connect-priority=0
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/ip kid-control
add mon="" name=XXXX
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp interface=bridge lease-time=23h name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2 internal-path-cost=10 \
path-cost=10
add bridge=bridge comment=defconf interface=ether3 internal-path-cost=10 \
path-cost=10
add bridge=bridge comment=defconf interface=ether4 internal-path-cost=10 \
path-cost=10
add bridge=bridge comment=defconf interface=ether5 internal-path-cost=10 \
path-cost=10
add bridge=bridge comment=defconf interface=wifi1 internal-path-cost=10 \
path-cost=10
add bridge=bridge comment=defconf interface=wifi2 internal-path-cost=10 \
path-cost=10
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
192.168.88.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server lease
add address=192.168.88.250 client-id="xxxxxxxxxxxxxxxxxxxxxxxxxx\
xxxxxxxxxxxxxxxxxxxx" mac-address=xxxxxxxxxxxxxxx \
server=defconf
add address=192.168.88.252 client-id=xxxxxxxxxxxxxx mac-address=\
xxxxxxxxxxxxxxxxxxx server=defconf
add address=192.168.88.229 client-id=xxxxxxxxxxxxxxxxxxx mac-address=\
xxxxxxxxxxxxxxxxx server=defconf
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\
192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=jump chain=forward comment="jump to kid-control rules" \
jump-target=kid-control
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
/ip kid-control device
add mac-address=xxxxxxxxxxxxxxxxx name=xxxxxxxxxxxxxx user=xxxxxxxxxxx
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=xxxxxx::/10 comment="defconf: site-local" list=bad_ipv6
add address=::xxxxx:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=xxxx:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=xxxx:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=xxxx::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=\
33434-33534 protocol=udp
add action=accept chain=input comment=\
"defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=input comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!LAN
add action=accept chain=forward comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
"defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=forward comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!LAN
/system clock
set time-zone-name=Europe/Tallinn
/system note
set show-at-login=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
From the basic configuration is See these differences:
/interface/wifi
set wifi1 disabled=no configuration.country=Latvia configuration.ssid=MikroTik security.authentication-types=wpa2-psk,wpa3-psk security.passphrase=8-63_characters
set [ find default-name=wifi1 ] channel.skip-dfs-channels=10min-cac configuration.country=Estonia .mode=ap .ssid=LT82-5G disabled=no security.authentication-types=wpa2-psk,wpa3-psk .connect-priority=0
- channel.skip-dfs-channels=10min-cac → makes sense, just skip these channels
- security.passphrase=8-63_characters → did you remove that from your configuration, or is it not set?
- .connect-priority=0 → did you set that on purpose?
To be honest, I do not recall changing any of the three settings you mentioned.
Darknate, any reason to choose between cake and fq-code?
Testing on my two wan connections, it would appear buffer bloat is something that is always there to some extent.
If one has a reasonable CPU, do you think at least 7.13.3 and beyond it should almost be a defacto default setting (having fq-codel or cake enabled)??
I see no harm in it?
Comparing Apples with pears…as we say in the Netherlands. It’s around 10 times more expensive than i.e. a cAP ax (which indeed doesn’t have 6E).
I’d have to sedate some of my clients to pay over £800 for an access point! I assume it makes the tea too.
CAP AX DOES NOT HAVE 6E. So it’s closer to my XV2-21X.
$130 vs $388
Not with my XE3-4. Which has
2.4 2x2
5.0 2x2
5.8/6 4x4
But that’s around $982
Next up… What sort of client count can we expect on cap AX?
The whole point of Wifi6 was density. Which has always been the weakness of the Tik radios.
They actually say 128 clients on the outdoor unit’s video.
I’m not sure if this is related to this issue, but I see what I think is an unusually high number of “Link down” counts. I’ve got private 2G and 5G interfaces plus two guest interfaces on a virtual VLAN. I rebooted my router yesterday and already I see the following link downs:
private-2g: 2
private-5g: 16
guest-2g: 0
guest-5g: 4
Now I do get radar events on the 5G channel and I’ve got a scheduled script every hour to try putting it back to 5500. But radar events are logged and there was been just one since the reboot.
If not wrong, this indicate that 16 times you didn’t have any client connected to this interface so interface became inactive thus link down count goes up
Ahh, that makes sense, I had no idea the link would go down if nothing is connected! The only things connected to the private 5G are my mobile and laptop. Laptop is off most of the time and I’m guessing the mobile can disconnect for a period of time, esp. overnight. So link downs not that worrying then 
My IoT devices like the Echo Dots, plugs etc. are all connected to the 2G interface.
Later - top marks. Turned my mobile Wi-Fi off and link downs went up by one.
Yea, you can see that wifi interface which has no connected devices became inactive. It’s same thing if you disconnect eth cable from port.
Yup…
Italics in winbox
I suspect my misunderstanding here is possibly a terminology/language issue. In the UK, when something is down, it’s typically broken. The server has gone down, the WiFi is down, my banking website is down etc. I would suggest simply changing Winbox to say idle instead of down would be less confusing. The link isn’t down, it’s simply idle as no clients are connected.
Disconnected ethernet cable is different. That port then is down. No devices connected to WiFi isn’t really down is it? Idle is IMO a better term.
Well, from a networking point of view the interface is actually down like an unplugged cable. Unless you manually label it as edge port (or use ros 7.14+), it will even go through STP listening/learning before forwarding any traffic to the bridge once the first client connects.
Think about it, what is wifi ? Wireless connection to client device instead of the wired one, so if there is no connected devices there is no link and its reported as down and inactive.
There is a setting where you can disable this behavior. Only cli.
Don’t know by memory, mkx mentioned it not too long ago. So should turn up fast using search.
Disable running check or so.
Down and inactive are two different things so you’re sort of agreeing with me 
Down clearly is confusing even if it only confused me 
Further confusion - if I disable the interface (so the link really is down), the link downs doesn’t change. So given this, then changing it to say “Link idle” would work IMO.
I have a wifi bridge connected to the 5G and a printer connected to the 2.4G to stop mine idling down!
It was explained to me in the context of, well if it was in station mode then you would want to know if it is down if I recall.
This was mentioned on the post I made about what I thought were frequent downs. Need to try it.