I achieve a maximum download speed of 200-230Mbps in the WLAN with my RB4011igs … Is that normal? My internet is 600MBit down / 60Mbit up.
With a friend, he uses a Netgear router (5 years old) i get 350-400 Mbps with my iPhone ?
Is this due to the configuration of the RB4011igs or the technology?
br Richard
Yes 
How can you expect any answer if we do not know anything about your configuration/setup?
Sorry, here my WLAN config:
/caps-man configuration
add channel.band=2ghz-g/n channel.control-channel-width=20mhz
channel.extension-channel=eC channel.frequency=2437 country=austria
datapath.bridge=bridge-home datapath.client-to-client-forwarding=yes
datapath.vlan-mode=no-tag distance=indoors installation=indoor mode=ap
name=cfg-rb4011-24G-home rx-chains=0,1 security=cAPs-bruni-home
security.authentication-types=wpa2-psk ssid=BRUNI_HOME tx-chains=0,1
add channel.band=5ghz-n/ac channel.control-channel-width=20mhz
channel.extension-channel=Ceee channel.frequency=5180
channel.skip-dfs-channels=yes country=austria datapath.bridge=bridge-home
datapath.client-to-client-forwarding=yes datapath.vlan-mode=no-tag
distance=indoors installation=indoor mode=ap name=cfg-rb4011-50G-home
rx-chains=0,1,2,3 security=cAPs-bruni-home security.authentication-types=
wpa2-psk ssid=BRUNI_HOME tx-chains=0,1,2,3
br, Richard
PS: LAN Performance is perfect !
PSS: WLAN Analyzer (I have the RB4011 + 2 Access Points)
PSSS:
client-to-client-forwarding = yes
local-forwarding = no
Is this the best option ?
br, Richard
This one is killing (at least some if not lots of) performance, that's known since ages. If you don't have a great use case for having it disabled, then don't disable it.
And a question: you're only mentioning single device (RB4011) ... if that's "the whole truth", then using capsman is completely useless complication (even when it comes to wireless interface provisioning).
And a thought on speed: specs for your RB4011 talk about 1733Mbps max rate. This is a purely theoretical number, in reality, even with best radios used, it's possible to achieve slightly more than half of it ... let's say around 1200Mbps (and thst's geberous estimate). However, that's maximum when also station supports 4x4 MIMO (those are quite rare). Most stations support 2x2 MIMO, which halves maximum realistic rate (down to 600Mbps).
But: legacy wireless driver did a pretty bad job on faster radios and could sustain around 2/3 of this number. So 400Mbps with a 2x2 MIMO station. Which is indeed more than what you're seeing now.
There's the new wifi-qcom-ac driver (available in ROS v7), which performs much better. But it comes with a huge gotcha on RB4011: it doesn't support the 2.4GHz radio. And it can't coexist with legacy wireless driver.
But with local forwarding=yes I have to define an IP range +
DHCP on each CAP. I.e. the IP of the phone changes within the house?
br, Richard
It depends on how your “house” LAN is done. If it’s “flat” LAN (i.e. only switches used, all devices use same IP subnet), then you don’t have to change anything, wireless clients will still receive DHCP leases from central DHCP server, they will still use same gateway router, etc. So it basically boils down to the question: do CAP devices discover CAPsMAN automatically (only discovery interface is set) or do you have configured CAPsMAN’s IP address on CAPs?
There are two use cases for “capsman forwarding” (versus “local forwarding”):
- adding additional SSIDs (e.g. guest wifi) … where mixing traffic of different SSIDs on same wired LAN is not desired. When using capsman forwarding, traffic is encapsulated in (encrypted) tunnel between cap and capsman, capsman is then able to treat traffic of different SSIDs differently (in essence: wireless interfaces on capsman, corresponding to each cap and each SSID, can be made members of different bridges on capsman). With local forwarding, traffic separation has to be done using VLANs.
- running capsman and caps in different IP subnets (even in different physical LANs) … and it’s desirable to have wireless traffic break-out on location of capsman … again, (encrypted) tunnel between cap devices and capsman will be created …
In a typical home environemnt it’s usually sufficient to go with VLANs where there is no traffic processing by capsman device (other than routing if capsman happens to run on main router). Using VLANs, however, does mean that traffic separation between devices using same SSID but connected to different APs is not as straight forward as when using capsman forwarding. But traffic separation when using VLANs is not impossible, only different means of doing it have to be used.
Hello mkx
Thank you very much for your help and your time 
Sorry, I’m not that deep into the subject
Both cAP ac are not in cap-mode, where they automatically search for a capsman server, because both cAP ac also have a device connected to the 2nd LAN port. This means that I can log in to RouterOS on both cAP ac, a bridge is also configured on both cAP ac. Both cAP AC have a DHCP IP address (connected), but appear in Capsman L2 connected (Mac address). My network is flat, 192.168.0.0/24. What can/must I do if I switch to local-forwarding=yes ?
br, Richard
Do you have single SSID per radio on CAP … which is then made full member of LAN?
If that’s so, then it should be enough to simply change to “local-forwarding=yes”.
As you can see, I’m guessing a bit. If you can post full config from CAPsMAN and from one of CAP devices, we can check and see if there’s some other showstoppers … execute /export file=anynameyouwish, fetch resulting file off device, open it with favourite text editor, redact any remaining sensitive data (e.g. serial number, wifi password, …) and paste it inside [__code] [/code] environment (</> or icon in the post editor button bar).
Hey
See the cfg files in the attachment (related to Capsman Settings)
I have noticed 2 things:
the virtual APs have no radio-MAC or radio-name … should I add this manually ?
The cAP-sz and the rb4011 have Station-roaming=enabled ? … why ?
br Richard
roe_cap_bad_config.rsc (1.08 KB)
roe_cap_sz_config.rsc (1.15 KB)
roe_rb4011igs_wz_final_config.rsc (8.01 KB)
I asked for full config … capsman and wireless config is not enough to answer your question about going for local forwarding.
station-roaming setting is only relevant if device is operating in station mode, your devices are operating in ap mode.
radio-mac property in capsman is used to match a particular setting profile to a particular radio of a particular CAP. If radio-mac is set to all-zeroes, it’s used as “default” profile and gets applied to all radios that didn’t match sny of rules above this one (rule order does matter in this case) and that are capable of running setup (e.g. frequency setting matches band of the radio).
So if the rule you’re asking about is intended for a particular radio, then you should set radio-mac to proper value.
Sorry, here are the complete
What I don’t understand is that station roaming is active on RB4011 and cAP-sz, although there is not even an option for it in capsman ?
br Richard
cap_sz_full.rsc (1.92 KB)
cap_bad_full.rsc (1.83 KB)
rb4011igs_full.rsc (21.8 KB)
Just a quick answer to the question … I’ll review the configs later.
station-roaming is enabled by default. But, as I already explained: it’s irrelevant for device running in AP mode … and CAP device is running in AP mode.
I checked config of RB4011 and one of CAPs (bad). It seems that it should be possible to go with local-forwarding=yes setting.
You do have added the cap-* interfaces to several interface lists, but it doesn’t seem to me that you’re then using those interface lists … apart from using WLAN-any and WLAN-guest in ACL definition (and even there I think it doesn’t really work … because that property expects interface as argument, not interface-list).
Just the final check: can you post ouptut of command /interface/bridge/port/print, executed on RB4011?
Did I mention that your cAP ac devices would work better if they were upgraded to ROS v7 and if using wifi-qcom-ac drivers? You’d have to upgrade RB4011 to v7 as well to be able to use it as CAPsMAN for both cAP acs. Local wifi on RB4011 would still be running old wireless driver. As to radio configuration: you’d configure radios on RB4011 “straight”, without using CAPsMAN. You’d use the new capsman for provisioning cAP acs (beside higher and more stable speed, you’d get seamless roaming between both cAP acs … mobility to and from RB4011 would still stink).
Good morning 
There are many more devices in the WLAN, I have removed them to make it more compact. And yes, I use the Iintefece lists for ACL and they work there.
Here ist the outpout:
Flags: X - disabled, I - inactive, D - dynamic, H - hw-offload
# INTERFACE BRIDGE HW PVID PRIORITY PATH-COST INTERNAL-PATH-COST HORIZON
0 ether2 bridge-home yes 1 0x80 10 10 none
1 ether3 bridge-home yes 1 0x80 10 10 none
2 ether4 bridge-home yes 1 0x80 10 10 none
3 ether5 bridge-home yes 1 0x80 10 10 none
4 ether6 bridge-home yes 1 0x80 10 10 none
5 I ether7 bridge-home yes 1 0x80 10 10 none
6 I ether8 bridge-home yes 1 0x80 10 10 none
7 I ether9 bridge-home yes 1 0x80 10 10 none
8 ether10 bridge-home yes 1 0x80 10 10 none
9 D rb4011-wz-home-50G bridge-home 1 0x80 10 10 none
10 D rb4011-wz-home-24G bridge-home 1 0x80 10 10 none
11 D cAP-bad-home-24G bridge-home 1 0x80 10 10 none
12 D cAP-bad-home-50G bridge-home 1 0x80 10 10 none
13 D cAP-sz-home-50G bridge-home 1 0x80 10 10 none
14 ID cAP-sz-home-24G bridge-home 1 0x80 10 10 none
15 D cAP-sz-home-aut... bridge-home 1 0x80 10 10 none
16 D rb4011-wz-home-... bridge-home 1 0x80 10 10 none
17 D cAP-bad-home-au... bridge-home 1 0x80 10 10 none
I have to find a time window for the switch to ROs 7.x … there is the WAF (Woman Accept Factor)
br Richard
The bridge port listing shows nothing which would concern me regarding switch over to local-forwarding=yes …
perfect, thx for your help.
can i try it for one AP first ?
… and most of the wifi traffic goes through the AP of the rb4011 which is capsman … does that still make a performance difference ?
And what about the guest virtual AP, this one is not in the bridge.
br, Richard
Sure you can.
... and most of the wifi traffic goes through the AP of the rb4011 which is capsman ... does that still make a performance difference ?
Yes. The most slowdown, caused by capsman-forwarding, is due to processing overhead of tunneling all traffic between capsman and caps ... it's encrypted and (likely) fragmented. It's both bogging CPU and also adds delay (which, in turn, affects TCP connections due to their inherent bi-directionality).
And that can be quite a hit on both devices, specially on capsman if it's controlling many caps.
And what about the guest virtual AP, this one is not in the bridge.
Well ... this one is a biggie. In environments without capsman forwarding we use VLANs to separate traffic from different SSIDs. Then router (which doesn't have to be capsman) treats different VLANs differently.
I actually missed the fact you have guest wifi. Do you have guest wifi on all caps? If not, tgrn try using local-forwarding on one of caps without guest wifi ... just to see how much of a difference local-forwarding would make.
And then consider adding VLANs into your LAN, you'll need them uf you'll go for ROS v7 and wifi-qcom-ac drivers.
thx a lot mkx !!!
i will try and report
an no, guest wlan is only on RB4011, so it should work also ?
br richard
I'm pretty sure that either forwarding on RB4011 doesn't make any difference ... traffic will end up in wireless interface on RB4011 in any case.
Regarding provisioning of radios on RB4011: legacy capsman gladly works with local radios just fine. The new capsman in principle doesn't. And if you'll go for v7 and wifi-qcom-ac (and you won't want to loose 2.4GHz radio on RB4011), then you'll have to configure RB4011's radios "locally". And if you do, then you get full control over what to do with each wireless interface, including the one providing guest wifi (you have to somewhat fight for such control if interfaces are controlled by capsman).
The big feature of legacy capsman is centralized configuration (and capsman forwarding with it's reduction of throughput). But it doesn't help with station roaming. In this redpect it's the same as having a bunch of independent APs, connected to same LAN and with same wireless configuration (manually synchronized).
The new (wifi) capsman can imensely help with station roaming. But it can't provision radios tunning wireless drivers.