Poor Wi-Fi range on cAP AX

I have a strong issue with configuration of my home network based on MikroTik RB5009UPr+S+In and cAP AX, especially I mean Wi-Fi configuration based on CAPsMAN. Configuration is quite easy, based on official material from MT help page, so do YT channel.

What I would like to hightly on the beginign is that, I made same configuration for some friends family, with similar devices, there were RB5009UPr, hAP AX2 and 3, cAP AX, hEX S, wAP AC, but also configure it for CCR2004.

So we have configuration of CAPsMAN on main router and rest of devices are working as AP’s, in cases hAP it had dual function.

What is my issue in comparison, to the fact same configs is that I have really poor signal of 2.4 and 5GHz Wi-Fi, in comparison to configs of my friends. Why I’m stating it is poor, because I just switched from Asus RT-AC88U, which has 4x4 MIMO Wi-Fi, that router hang on wall of my living room, cAP AX is exactly in the same place on the wall, maybe even a little bit higher, but…
Before Asus, had no issue with covering of whole flat with signal range, there were places with a little bit weaker, but stil stable (both 2.4GHz, so do 5GHz) and in worst case for 5GHz speed test on mobile phone gave me result like 250-300/150mbps.
Now after switch to Mikrotik, I have full 2.4GHz range only in living room, other rooms show 2-3 out of 4 (radio bar from W11, either Android phone) and I have white maps of range in my flat (devices, which connected before to Asus, can’t find Mikrotik network in the same standing place, here I mean for instance smart home devices like vacuum robot or air purifier). 5GHz network I sit on a couch in front of cAP AX and my laptop shows 3 out of 4 range bar and maximum speed is like 100/150mbps - really strange!! In other rooms I have completely no 5GHz network range!!

I’m must admit I’m a little bit confused, because I got really poor results here and can’t find out what might be the reason of it. It’s strange for me, because same config has friend of mine, which is living same block, same flat layout (~55m2 surface) and we are able to connect to his WLAN from block outside and my laptop also discover his 2.4GHz network (in my flat but can’t connect due to poor signal - but is like 20-30m over block).

Please look on my configuration and give me a tint, what might I do to improve my signal range and speed capacity?
I know it should be possible to get more, because as mine friend from block, I have same ISP, same tariff 600/300mps, in his flat over radio it was possible to achieve in speed test ~600/200 (I had his stuff in my flat for configuration and that time I got similar results) also over the cable (even with crappy tp-link switch by the way) I’m able to get 600/300mbps. So I’m really confused, what might be wrong with my setup, or maybe my cAP AX has kind of hardware issue and it causes this trouble, warranty replacement..?

cAP AX setup

# 2024-10-22 09:08:16 by RouterOS 7.16.1
# software id = 85FB-FT5S
#
# model = cAPGi-5HaxD2HaxD
/interface bridge
add comment="Local bridge" name=bridge_cap port-cost-mode=short
/interface ethernet
set [ find default-name=ether1 ] comment="ETH1 PoE-In from RB5009UPr+S+In"
set [ find default-name=ether2 ] comment="ETH2 PoE-Out to xXx"
/interface list
add name=LAN
/interface wifi datapath
add bridge=bridge_cap comment="Datapath to local bridge" disabled=no name=cap_datapath
/interface wifi
# managed by CAPsMAN
# mode: AP, SSID: fifrak_5G, channel: 5745/ac/Ceee
set [ find default-name=wifi1 ] comment="5GHz WLAN interface" configuration.manager=capsman .mode=ap datapath=cap_datapath disabled=no
# managed by CAPsMAN
# mode: AP, SSID: fifrak, channel: 2437/n/Ce
set [ find default-name=wifi2 ] comment="2.4GHz WLAN interface" configuration.manager=capsman .mode=ap datapath=cap_datapath disabled=no
/ip smb
set domain=FIFRAK
/interface bridge port
add bridge=bridge_cap comment="ETH1 PoE-IN to RB5009UPr+S+In" interface=ether1
add bridge=bridge_cap comment="ETH2 PoE-Out to xXx" interface=ether2
add bridge=bridge_cap comment="5GHz WLAN" interface=wifi1
add bridge=bridge_cap comment="2.4GHz WLAN" interface=wifi2
/ip neighbor discovery-settings
set discover-interface-list=!LAN
/ipv6 settings
set disable-ipv6=yes
/interface detect-internet
set detect-interface-list=all internet-interface-list=all lan-interface-list=all wan-interface-list=all
/interface list member
add comment="Local bridge" interface=bridge_cap list=LAN
/interface wifi cap
set caps-man-addresses=192.168.10.1 certificate=request discovery-interfaces=bridge_cap enabled=yes slaves-datapath=cap_datapath
/ip dhcp-client
add comment="DHCP client on local bridge" interface=bridge_cap
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge_cap type=internal
/system clock
set time-zone-name=Europe/Warsaw
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

RB5009UPr with CAPsMAN

# 2024-10-22 08:50:39 by RouterOS 7.16.1
# software id = P6E8-6DDC
#
# model = RB5009UPr+S+
/disk
set usb1 comment="240GB SSD driver on USB1" media-interface=none media-sharing=no
/interface bridge
add admin-mac=D4:01:C3:5E:93:13 auto-mac=no comment="Local bridge" name=bridge
/interface ethernet
set [ find default-name=ether1 ] comment="ETH1 to switch"
set [ find default-name=ether2 ] comment="ETH2 to NAS"
set [ find default-name=ether3 ] comment="ETH3 PoE-Out to HA"
set [ find default-name=ether4 ] comment="ETH5 to "
set [ find default-name=ether5 ] comment="ETH5 to "
set [ find default-name=ether6 ] comment="ETH6 PoE-Out to cAP AX LAN1"
set [ find default-name=ether7 ] comment="ETH7 to "
set [ find default-name=ether8 ] comment="ETH8 to "
set [ find default-name=sfp-sfpplus1 ] comment="10G SFP+ WAN port" mac-address=50:46:5D:DF:CF:04
/interface wireguard
add comment=back-to-home-vpn listen-port=56597 mtu=1420 name=back-to-home-vpn
/disk
set usb2 media-interface=bridge media-sharing=yes smb-sharing=yes smb-user=guest
/interface list
add comment="WAN list" name=WAN
add comment="LAN list" name=LAN
/interface lte apn
set [ find default=yes ] comment="LTE APN configuration" name=lte_apn
/interface wifi channel
add band=5ghz-ac comment="Channel configuration for 5GHz AC - 5180 - 36, 5200 - 40, 5220 - 44, 5240 - 48, 5745 - 149" disabled=no frequency=5745,5240,5220,5200,5180 name=5ghz_channels skip-dfs-channels=10min-cac width=20/40/80mhz
add band=2ghz-n comment="Channel configuration for 2.4GHz N - 2412 - 1, 2437 - 6, 2462 - 11" disabled=no frequency=2462,2437,2412 name=2.4ghz_channel width=20/40mhz-Ce
/interface wifi datapath
add bridge=bridge comment="Datapath to local bridge" disabled=no name=datapath
/interface wifi security
add authentication-types=wpa2-psk,wpa3-psk comment="Security policy for WLAN" disabled=no ft=yes ft-over-ds=yes name=security_policy wps=disable
/interface wifi steering
add comment="2.4GHz roaming" disabled=no name=2.4ghz_roaming neighbor-group=dynamic-fifrak-3ee7adb3 rrm=yes wnm=yes
add comment="5GHz roaming" disabled=no name=5ghz_roaming neighbor-group=dynamic-fifrak_5G-3ee7adb3 rrm=yes wnm=yes
/interface wifi configuration
add channel=5ghz_channels comment="5GHz AC WLAN configuration" country=Poland datapath=datapath disabled=no mode=ap name=5ghz_ac_configuration security=security_policy ssid=fifrak_5G steering=5ghz_roaming
add channel=2.4ghz_channel comment="2.4GHz N WLAN configuration" country=Poland datapath=datapath disabled=no mode=ap name=2.4ghz_n_configuration security=security_policy ssid=fifrak steering=2.4ghz_roaming
/ip pool
add comment="DHCP server address pool" name=dhcp_pool ranges=192.168.10.100-192.168.10.200
/ip dhcp-server
add address-pool=dhcp_pool comment="Configuration of DHCP server" interface=bridge lease-time=3h name=dhcp_server
/disk settings
set auto-media-interface=bridge auto-media-sharing=yes auto-smb-sharing=yes
/ip smb
set domain=FIFRAK
/interface bridge port
add bridge=bridge comment="Not active - 10G SPF+ WAN port" disabled=yes interface=sfp-sfpplus1
add bridge=bridge comment="2.5G ETH1 to switch" interface=ether1
add bridge=bridge comment="ETH2 to NAS" interface=ether2
add bridge=bridge comment="ETH3 PoE-Out to HA" interface=ether3
add bridge=bridge comment="ETH5 to " interface=ether4
add bridge=bridge comment="ETH5 to " interface=ether5
add bridge=bridge comment="ETH6 PoE-Out to cAP AX LAN1" interface=ether6
add bridge=bridge comment="ETH7 to " interface=ether7
add bridge=bridge comment="ETH8 to " interface=ether8
/ip neighbor discovery-settings
set discover-interface-list=!LAN
/ipv6 settings
set disable-ipv6=yes
/interface detect-internet
set detect-interface-list=all internet-interface-list=all lan-interface-list=all wan-interface-list=all
/interface list member
add comment="LAN interface on local bridge" interface=bridge list=LAN
add comment="WAN interface on SFP+ port" interface=sfp-sfpplus1 list=WAN
/interface wifi access-list
add action=accept comment="Accept strong signal" disabled=no signal-range=-90..120
add action=reject comment="Reject weak signal" disabled=no signal-range=-120..-91
/interface wifi capsman
set ca-certificate=auto certificate=auto enabled=yes interfaces=bridge package-path="" require-peer-certificate=no upgrade-policy=suggest-same-version
/interface wifi provisioning
add action=create-dynamic-enabled comment="Provisioning setup for 5GHz AC WLAN" disabled=no master-configuration=5ghz_ac_configuration name-format=%I_5GHz supported-bands=5ghz-ac
add action=create-dynamic-enabled comment="Provisioning setup for 2.4GHz N WLAN" disabled=no master-configuration=2.4ghz_n_configuration name-format=%I_2.4GHz supported-bands=2ghz-n
/ip address
add address=192.168.10.1/24 comment="Router address in LAN" interface=bridge network=192.168.10.0
/ip cloud
set back-to-home-vpn=enabled ddns-enabled=yes
/ip dhcp-client
add interface=sfp-sfpplus1
/ip dhcp-server network
add address=192.168.10.0/24 comment="Configuration of LAN" dns-server=192.168.10.1 gateway=192.168.10.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.10.1 comment=defconf name=router.lan type=A
/ip firewall address-list
add address=192.168.10.0/24 comment="Acceptance router connection list" list=router_access_list
/ip firewall filter
add action=accept chain=input comment="Accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="Drop invalid" connection-state=invalid
add action=accept chain=input comment="Accept ICMP" protocol=icmp
add action=accept chain=input comment="Accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=accept chain=input comment="Accept cAPs for CAPsMAN" dst-port=5246,5247 protocol=udp
add action=drop chain=input comment="Drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=input comment="LAN router acceptance" dst-port=8291,80 protocol=tcp src-address-list=!router_access_list
add action=accept chain=forward comment="Accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="Accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment=Fasttrack connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="Accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="Drop invalid" connection-state=invalid
add action=drop chain=forward comment="Drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="Masquerade rule" out-interface=sfp-sfpplus1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge type=internal
add interface=sfp-sfpplus1 type=external
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" dst-port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/system clock
set time-zone-name=Europe/Warsaw
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp server
set broadcast=yes enabled=yes multicast=yes
/system ntp client servers
add address=0.pl.pool.ntp.org
add address=1.pl.pool.ntp.org
add address=2.pl.pool.ntp.org
add address=3.pl.pool.ntp.org
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

Perhaps you can play a bit with orientation? Hope that helps. And did you configure the same channels?
And, instead of looking at number of bars, please check the (TX and RX) rates. Signal power is often confused with signal quality.

To play with orientation, there is no possibility, because it is hanging on the wall, so PoE-In cable is coming from bottom. Here I must admit that Asus obviously had 4x external antenna, which I had oriented in different direction, plus minor tilt and maybe that caused better range.
Maybe in some days, I will replace also this crappy tp-link switch on something from MT with PoE, so than I will move cAP, more to the center of flat, but you know, I feel strong disappointment that this hardware switch caused so big issues…

I configured channels as it is shown in code, however on the end as I see cAP AX is working only on those:

# mode: AP, SSID: fifrak_5G, channel: 5745/ac/Ceee
# mode: AP, SSID: fifrak, channel: 2437/n/Ce

How many APs do you have for that capsman config ?
If only 1, why bother with capsman ?
Have you already tried with a problematic cAP AX as clean default and see what it gives then ?
Or reset to caps mode, what happens then ?

The frequencies you use, are you sure they are available and as free as possible from interference by others ?
Try first with 1 selected frequency for each of the bands, adjust as needed (so you KNOW which frequency is being used and you’re not chasing your own tail if it happens to change all the time)

Brief comments on config:

Cap AX config:

/interface detect-internet
set detect-interface-list=all internet-interface-list=all lan-interface-list=all wan-interface-list=all

Please DISABLE. Causes more harm then good. Unless you have a specific reason ?

RB5009 config:

/interface detect-internet
set detect-interface-list=all internet-interface-list=all lan-interface-list=all wan-interface-list=all

Same comment. Disable unless you know why you want it.

set [ find default-name=ether4 ] comment="ETH5 to "

Probably a typo, should be ETH4 ?

/interface wifi access-list
add action=accept comment="Accept strong signal" disabled=no signal-range=-90..120
add action=reject comment="Reject weak signal" disabled=no signal-range=-120..-91

Why this way ?
Some client devices will avoid your AP if such behavior is enforced.
Side note: -90 is already a quite bad signal. Most I’ve seen used is -81, if used. I don’t use it at all.
My advice: remove this restriction, forget network on client device and connect again.

THis code part:
/interface wifi channel
add band=5ghz-ac …
add band=2ghz-n

Why ?
Leave it default so AX can be used ! This may already give quite a difference.

Not sure why you expect any two chain wifi device to compete with a four chain device??
You are comparing american processed cheese (ax) to Swiss gruyere (AC88U)… which is harder and more durable, the swiss cheese, which has flavour and aroma, the swiss cheese, which can you use to cook cuisine casseroles, the swiss cheese. Case closed.

Consider one product is an OPTIMIZED probably 6th generation WIFI6 product, whereas the AX is not yet optimized fully and is probably 3rd generation WIFI6 product, on a comparative scale.
Finally, one product is designed to work out of the box, and the other is designed to be flexible and configurable but not in a sane way and finding a working out of the box solution that is acceptable is not easy. Thrown in capsman and you might as well, drink like you were in university again as you will vomit…

Today I have only one, but something like 2-3 months I will move to new flat, with 2 levels, where are ~130m2 and I will need to anyway add extra AP, my plan is to use 3-4 cAP AX, or mix of cAP and wAP AX.
I made trial with clean setup of cAP but only with reset to CAP mode and in general maybe slightly better, but it wasn’t super improvement…
The only thing which I haven’t tried is using cAP just with DHCP client and WLAN config directly on it, instead of CAPsMAN.

This what I have for 2.4GHz

Flags: P - PRIMARY; S - SECONDARY
Columns: CHANNEL, NETWORKS, LOAD, NF, MAX-SIGNAL, MIN-SIGNAL
   CHANNEL  NETWORKS  LOAD  NF   MAX-SIGNAL  MIN-SIGNAL
P     2412         3  11%   -91  -67         -76       
 S    2417            31%   -92                        
P     2422         3  26%   -91  -71         -87       
      2427            11%   -92                        
 S    2432            15%   -92                        
P     2437         6  19%   -92  -55         -91       
 S    2442            12%   -91                        
      2447            13%   -92                        
P     2452         2  16%   -92  -77         -85       
 S    2457            13%   -92                        
P     2462         3  13%   -92  -60         -78       
      2467            5%    -93                        
      2472            4%    -93                        
-- [Q quit|D dump|C-z pause]

And this for 5GHz

Flags: P - PRIMARY; S - SECONDARY
Columns: CHANNEL, NETWORKS, LOAD, NF, MAX-SIGNAL, MIN-SIGNAL
   CHANNEL  NETWORKS  LOAD  NF    MAX-SIGNAL  MIN-SIGNAL
PS    5180         2  1%    -97   -80         -81       
PS    5200         1  1%    -97   -86         -86       
P     5220         1  1%    -97   -61         -61       
 S    5240                  -97                         
      5260                  -98                         
      5280                  -98                         
P     5300         1  1%    -99   -88         -88       
 S    5320                  -98                         
P     5500         2  1%    -97   -72         -75       
 S    5520                  -95                         
      5540                  -95                         
      5560                  -95                         
      5580                  -96                         
      5600                  -95                         
      5620                  -96                         
      5640                  -96                         
      5660                  -96                         
      5680                  -96                         
      5700                  -96                         
      5720                  -97                         
      5745                  -97                         
      5765                  -96                         
      5785                  -97                         
      5805                  -97                         
      5825                  -97                         
      5845                  -106                        
      5865                  -106

Which channels, should I use as the best, now I have setup 2437 and 5240

Considering config and using of

/interface detect-internet

, I have because it was in default configuration, which somehow I recreated…
So, what would be the best option to use, either why it should be disable? In fact in general for what it is responsible? As I see, if it is not selected on Android app, internet status is not reporting…

Yeah, there was a typo in comments, thanks for paying attention!

/interface wifi access-list

I have it defined in fact from the past RouterOS 6 and old CAPsMAN, somewhere in tutorial, when I was learning Mikrotik and CAPsMAN, one guy proposed this solution for denture of roaming function, now with with wave2, maybe I should kickout this rule..?

/interface wifi channel

I tried and when I left band empty (as grey field) cAP interfaces reporting, that there are not supported channels, in addition I also left blank field in provisioning, because there was also defined AC, either N.

I know that Asus is out of the box product, that have 4x4 MIMO, but anyway as I mention, I configured a lot of same config on different MT devices (I would even might say, that config is always the same, but different only SSID and PASS) and never had so bad result.
But in fact as for the 2.4GHz network speed somehow I don’t care (cuz, it crappy anyway), beside its range, because to this network are connected only some Xiaomi IoT devices, either camera for kid monitoring and that’s all, so I don’t expected that less chains will cause so big performance difference.
However from another side for 5GHz I have in home only 2 laptops, 2 mobile and tablet and it has crappy speed and range. Also I don’t think so that those 2 antenna more in Asus might cause so much better result in comparison to MT, am I right?

2Ghz:
You have 6 networks visible on channel 6 and only 3 on channels 1 and 11.
So best to use 1 or 11. It might also help (contrary to what most may believe) to NARROW your channel width to 20MHz.
You can even try 10MHz.

5Ghz:
5240 looks OK if you’re not using 80Mhz width (since you then get in conflict with 5300).
Again, narrowing the channel might result in better performance.
Or select another 80MHz block (but be careful your client devices can use those frequencies)

Internet detect: most seasoned user leave it to disabled.
Jury is still out on what the real benefit of it is (if you know what you are doing, it doesn’t help at all. On the contrary, it can present unexpected side-effects).

I don’t have possibility to set 10MHz for 2.4GHz network. I set it up to 1 channel and let’s see the results. I have also set 20MHz.

For 5GHz I have some new doubts…

In general both networks I switched from N and AC to AX, because as I see there is no issue with any device which I have, all of them are connecting to AX networks, so great for me.
From other side the doubt, which I have is, which channel, should I use for 5GHz AX in such, especially, if I would like to use 20/40/80MHz width?

Temporary internet/lan detect I will keep it as it is, especially that when I started playing with that, I noticed that change to created lists caused for example in winbox showing 0.0.0.0 IP address… If only internet is functioning, than ok for me to keep “all” and beside WLAN speed and range over cable, I utilize full transfer.

I know maybe it is a little bit stupid…but anyway there no stupid questions, only answers

I saw this YT movie https://www.youtube.com/watch?v=ExRf1a8ithc&t=1800s (I know it is in polish, but it doesn’t matter in fact), so from 30:00 guy is opening this router. And I’m wondering, do you think that kind of DIY upgrade has sense for this AP? What I have in mind is to disconnect those internal antenna and replace them by external one, like this https://mikrotik.com/product/hgo_antenna_out from hAP AX2/3, I think they are also in Chateau. Of course I will drill the housing and on the end they will be outside and I will have kind of white & black spider on the wall.
I’m asking about it as idea to improve wi-fi range and stability?

Whatever 80Mhz block you see is free in your area and is acceptable for your client devices.
Use this as guideline:
https://en.wikipedia.org/wiki/List_of_WLAN_channels#5_GHz_(802.11a/h/n/ac/ax/be)

But be aware, even though UNII-3 channels are possible for AX devices, not all clients support it. Those are also low power channels making transfer through walls more problematic.
E.g. I have a capsman setup with several AX3 and cAP AX where I need to restrict 5Ghz channels to UNII-1 and UNII-2A because the used warehouse scanners can not use any of the higher frequencies.

Naaah, you don’t want that HGO antenna, besides it being black, it has not the hinge at the bottom, they are straight to the connector only.

You can get a (white) third party one, example:
https://unitecom.co.uk/product/2-x-dual-band-2-4-5-ghz-wi-fi-terminal-antenna

Why on earth would you want to add external antennae to cap AX ?
Get AX3 then …

As I wrote, to increase signal range, I assume that they might be better than this small piece of PCB closed in housing. hAP AX3, will look definitely strange on wall, but let me think about. But on the end when I move to new flat I have all of the AP cable anyway on ceiling, so hAP won’t fix here…

Ohh, I haven’t noticed that they don’t have hinge. Anyway I was thinking about something from good production, than CN crapp.

Ok, so I see that 5180-5240 is occupied by 3 networks, but for 5260-5320, there is only one (I suppose even my), then 5300 will be the best channel for 20/40/80 right?

I don’t see any AX3 falling from the ceiling … I got a couple hanging upside down (also AC3, exact same enclosure).
That plastic foot is designed to be used for it.

Vertical mount on desk, horizontal mount on desk but also wall mount and ceiling mount.

Interesting.

Instead of a large black and white spider on the wall, a small black bat hanging from the ceiling (rated WAF -412 ).

You could also add a one of these:
https://www.pngegg.com/it/png-inekv
and a label “Bat-Access Point” on it.

Those I have hanging, are not in normal livings areas.

Wharehouses, shops, etc …