Hi all,

I’m new to Mikrotik so I apologise in advance because the learning curve here is huge and I’m a total noob.
I recently installed an Hex S to replace my ISP router in order to have more options on my network.
I also bought a Mikrotik Cap AC for wireless and I’m using Capsman to provision configuration to the AP.

The issue I’m facing is that no matter what I do, I can’t get more than ~300/300Mbps on my wireless. This is specially frustrating because with my ISP router (Wifi) I can get ~600/600Mbps.
Is this an AP limitation or there is some configuration that can improve speed ? Perhaps a faulty AP ? The test results on Mikrotik site are very promising…

Also, the range is not very good. I’m using a freq that is not very used and still the range is quite bad. Any ideas ?

Here is my conf:

apr/29/2021 21:55:19 by RouterOS 6.47.7

software id = NUHX-CT9P

model = RB760iGS

serial number = D4500D037629

/caps-man channel
add band=2ghz-b/g/n name=Default24
add band=5ghz-a/n/ac control-channel-width=20mhz name=Default5g
/caps-man datapath
add local-forwarding=yes name=datapath1
/interface bridge
add name=bridge1
/interface ethernet
set [ find default-name=ether1 ] comment=WAN
set [ find default-name=ether2 ] comment=LAN
set [ find default-name=ether3 ] comment=LAN
set [ find default-name=ether4 ] comment=LAN
set [ find default-name=ether5 ] comment=LAN
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 max-mtu=1480 name=pppoe-out1 user=adslppp@telefonicanetpa
/caps-man configuration
add channel=Default24 country=spain datapath=datapath1 datapath.bridge=bridge1 datapath.mtu=1500 name=SkynetMT_24Ghz security.authentication-types=wpa-psk,wpa2-psk security.encryption=aes-ccm,tkip
ssid=SkynetMT24Ghz
add channel=Default5g channel.frequency=5300 country=spain datapath=datapath1 datapath.bridge=bridge1 datapath.mtu=1500 distance=indoors installation=indoor name=SkynetMT_5Ghz
security.authentication-types=wpa2-psk security.encryption=aes-ccm ssid=SkynetMT5Ghz
/caps-man interface
add channel=Default24 configuration=SkynetMT_24Ghz disabled=yes l2mtu=1600 mac-address=xx:xx:xx:xx:xx master-interface=none name=cap2 radio-mac=xx:xx:xx:xx:xx radio-name=xxxxxxxxxx
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm name=security1
/caps-man interface
add channel=Default5g configuration=SkynetMT_5Ghz disabled=no l2mtu=1600 mac-address=xx:xx:xx:xx:xx master-interface=none name=cap1 radio-mac=xx:xx:xx:xx:xx radio-name=xxxxxxxxxx security=
security1
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp_pool0 ranges=192.168.88.100-192.168.88.254
add name=OVPN-POOL ranges=10.10.1.200-10.10.1.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=bridge1 name=dhcp1
/ppp profile
add dns-server=192.168.88.1 local-address=OVPN-POOL name=OVPN-PERFIL remote-address=OVPN-POOL use-compression=no use-encryption=required
/caps-man manager
set enabled=yes
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=bridge1
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=SkynetMT_24Ghz
/interface bridge port
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=*18
add bridge=bridge1 interface=*19
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether2
/interface ovpn-server server
set certificate=SERVIDOR cipher=blowfish128,aes128,aes192,aes256 default-profile=OVPN-PERFIL enabled=yes require-client-certificate=yes
/ip address
add address=192.168.88.1/24 interface=bridge1 network=192.168.88.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add interface=ether1
/ip dhcp-server lease
add address=192.168.88.10 client-id=xxxxxxxxxx mac-address=xxxxxxxxxx server=dhcp1
add address=192.168.88.231 client-id=xxxxxxxxxx mac-address=xxxxxxxxxx server=dhcp1
/ip dhcp-server network
add address=10.10.1.0/24 comment=VPN dns-server=192.168.88.1 gateway=192.168.88.1 netmask=24
add address=192.168.88.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.88.228 name=xxxxxxxxxx
add address=192.168.88.228 name=xxxxxxxxxx
/ip firewall address-list
add address=192.168.88.2-192.168.88.254 list=allowed_to_router
add address=0.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=172.16.0.0/12 comment=RFC6890 list=not_in_internet
add address=192.168.0.0/16 comment=RFC6890 list=not_in_internet
add address=10.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=169.254.0.0/16 comment=RFC6890 list=not_in_internet
add address=127.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=224.0.0.0/4 comment=Multicast list=not_in_internet
add address=198.18.0.0/15 comment=RFC6890 list=not_in_internet
add address=192.0.0.0/24 comment=RFC6890 list=not_in_internet
add address=192.0.2.0/24 comment=RFC6890 list=not_in_internet
add address=198.51.100.0/24 comment=RFC6890 list=not_in_internet
add address=203.0.113.0/24 comment=RFC6890 list=not_in_internet
add address=100.64.0.0/10 comment=RFC6890 list=not_in_internet
add address=240.0.0.0/4 comment=RFC6890 list=not_in_internet
add address=192.88.99.0/24 comment=“6to4 relay Anycast [RFC 3068]” list=not_in_internet
/ip firewall filter
add action=accept chain=input comment=“default configuration” connection-state=established,related
add action=accept chain=input src-address-list=allowed_to_router
add action=accept chain=input protocol=icmp
add action=drop chain=input
add action=fasttrack-connection chain=forward comment=FastTrack connection-state=established,related
add action=accept chain=forward comment=“Established, Related” connection-state=established,related
add action=drop chain=forward comment=“Drop invalid” connection-state=invalid log=yes log-prefix=invalid
add action=drop chain=forward comment=“Drop tries to reach not public addresses from LAN” dst-address-list=not_in_internet in-interface=bridge1 log=yes log-prefix=!public_from_LAN out-interface=
!bridge1
add action=drop chain=forward comment=“Drop incoming packets that are not NATted" connection-nat-state=!dstnat connection-state=new in-interface=pppoe-out1 log=yes log-prefix=!NAT add action=drop chain=forward comment="Drop incoming packets that are not NATted” connection-nat-state=!dstnat connection-state=new in-interface=ether1 log=yes log-prefix=!NAT
add action=jump chain=forward comment=“jump to ICMP filters” jump-target=icmp protocol=icmp
add action=drop chain=forward comment=“Drop incoming from internet which is not public IP” in-interface=pppoe-out1 log=yes log-prefix=!public src-address-list=not_in_internet
add action=drop chain=forward comment=“Drop incoming from internet which is not public IP” in-interface=ether1 log=yes log-prefix=!public src-address-list=not_in_internet
add action=drop chain=forward comment=“Drop packets from LAN that do not have LAN IP” in-interface=bridge1 log=yes log-prefix=LAN_!LAN src-address=!192.168.88.0/24
add action=accept chain=icmp comment=“echo reply” icmp-options=0:0 protocol=icmp
add action=accept chain=icmp comment=“net unreachable” icmp-options=3:0 protocol=icmp
add action=accept chain=icmp comment=“host unreachable” icmp-options=3:1 protocol=icmp
add action=accept chain=icmp comment=“host unreachable fragmentation required” icmp-options=3:4 protocol=icmp
add action=accept chain=icmp comment=“allow echo request” icmp-options=8:0 protocol=icmp
add action=accept chain=icmp comment=“allow time exceed” icmp-options=11:0 protocol=icmp
add action=accept chain=icmp comment=“allow parameter bad” icmp-options=12:0 protocol=icmp
add action=drop chain=icmp comment=“deny all other types”
add action=accept chain=input comment=“ACCEPT VPN” dst-port=1194 protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1
add action=masquerade chain=srcnat disabled=yes out-interface=ether1
add action=masquerade chain=srcnat comment=“OPENVPN → LAN” src-address=10.10.1.0/24
add action=dst-nat chain=dstnat comment=“RASPBERRYPI: SSH” dst-port=22002 in-interface=pppoe-out1 log=yes protocol=tcp to-addresses=192.168.88.10 to-ports=22002
add action=dst-nat chain=dstnat comment=“XBOX: 88” dst-port=88 in-interface=pppoe-out1 log=yes protocol=tcp to-addresses=192.168.88.231 to-ports=88
add action=dst-nat chain=dstnat comment=“XBOX: 3074” dst-port=3074 in-interface=pppoe-out1 log=yes protocol=udp to-addresses=192.168.88.231 to-ports=3074
add action=dst-nat chain=dstnat comment=“XBOX: 4500” dst-port=4500 in-interface=pppoe-out1 log=yes protocol=udp to-addresses=192.168.88.231 to-ports=4500
add action=dst-nat chain=dstnat comment=“XBOX: 3544” dst-port=3544 in-interface=pppoe-out1 log=yes protocol=udp to-addresses=192.168.88.231 to-ports=3544
add action=dst-nat chain=dstnat comment=“XBOX: 500” dst-port=500 in-interface=pppoe-out1 log=yes protocol=udp to-addresses=192.168.88.231 to-ports=500
add action=dst-nat chain=dstnat comment=“XBOX: 3074” dst-port=3074 in-interface=pppoe-out1 log=yes protocol=tcp to-addresses=192.168.88.231 to-ports=3074
add action=redirect chain=dstnat comment=“Direct all dns requests to the router.” dst-port=53 protocol=udp to-addresses=192.168.88.1 to-ports=53
/ppp secret
add name=jpereira profile=OVPN-PERFIL service=ovpn
/system clock
set time-zone-name=Europe/Madrid

I have the same problem.
RouterOS: 6.47.9
RouterBOARD: RBcAPGi-5acD2nD

You missed the extensionchannel (to get an up to 80MHz bandwidth). Does the speed show connection speed, or is it real live speed tests? In the end…don’t expect (much) more than your current speeds from this accesspoint. I used to use one and in the end switched to another brand (also because Wifi doesn’t seem to have a future with MikroTik). Though I really love all the options it provides. You might want to consider to not use CAPsMAN, there are more options if configured stand alone.

Who told you
a. to get MT wireless
b. to try and configure capsman when not even knowing how to config MT RoS ( a level of complexity certainly not helpful at the beginning maybe later and usually for multiple Capac efficiency)
c. to expect higher speeds ???

For 5ghz 867/3 = 289 so that is what realistically you should expect, (with LOS) you are doing better so thats good.
For 2ghz 300/3=100 will roughly be the real world speed you will get

RouterBOARD: RBwAPG-5HacT2HnD

No problem… 866 in wireless…

https://mikrotik.com/product/cap_ac
Wireless 5 GHz Max data rate 867 Mbit/s - such speed is unattainable.

It’s about wireless speed… not ethernet…

Did you use LocalForwarding, I don’t see it in your config

yes, but it does not matter since we are talking about the speed in the radio channel.

Ubiquiti or something better?

Nope, for an equally cost effective AP as capac I have used the TPLINK EAP245. Its the same vintage wifi5, but is stable and gives speeds as exepected.
If you want higher throughputs you need to spend more money. I am currently looking at the TP620 (if goes on sale) or TP660 (too pricey). However I plan on waiting for a few months of reviews until I pull the plug. Right now content with the 245, performance.

It’s called ROUTER OS.

The WiFi used proprietary drivers and has not kept up with the times.

5 year old standards are only in the development branch when it comes to Mikrotik Wireless.

300 is great for that WAP. But as you add more devices… You will get considerably slower numbers.

My hAP AC2 has it’s wireless turned off. And my network Runs of a Ruckus R650. With 25 clients on that one WAP… I still get over 500M on the wireless to a ACv2 phone.

Data speed in wifi comes in 2 different definitions:

1. Interface rate. The rate at which data is leaving the interface. This is theoretically defined, and Mikrotik is no exception. List of attainable interface rates can be found here: http://mcsindex.com/ .
   You just have to understand the Spatial streams (2S = two streams), MCS encoding (for ac from 0 to 9 per stream, for n 0-7 for 1 stream, 8-15 for 2 stream), and the 0.4µs (SGI) or 0.8µs guard interval. The used MCS and stream and guard interval depends on SNR and on CCQ. (Low SNR or low CCQ will make the interface step down in streams and encoding).
   So for everyone (Mikrotik and other brands), with no exception, 80Mhz/2S/SGI will give 866.7Mbps interface rate with a good signal.

2. Payload data throughput mainly depends on the interface rate and the overhead. That overhead depends to a very large extend to the buffer size used for the transfers. Buffering happens in A-MSDU and in A-MPDU. For 802.11n and ac the maximum buffer size is known and implemented by most. (Mikrotiks limits to medium sizes only: the A-MSDU to 3839 bytes, and the A-MPDU to 262143bytes) http://forum.mikrotik.com/t/ac2-vs-ac3-wifi-not-over-200mb/148289/1 . The overhead can be calculated for any buffer size. CAPsMAN typically reduces the A-MSDU further to 2048 by default.

There is a 3th moderation of speed and that is the TCP congestion avoidance control. This is not related to the AP, but can be influenced by it, So on this 866.7Mbps interface rate, TCP is typical max at 290 Mbps, while UDP is up to 390 Mbps for Mikrotik. (medium buffers and other driver inefficiencies).

Of course any other AP or client on the same channels will consume some part of the air-time, and all other AP’s and clients will wait. If channels are different but overlap they will not wait but destroy each others transmissions and the CCQ will drop, and so will the interface rate used.

In summary mmtik, your bogus 867 Mpbs one way speeds are not based in reality.

Ruckus WAPs in the x10 series have been so cheap… Couldn’t say no.

Ruckus H510, R510, R610, T310 may cost a bit more… But the lack of trouble tickets and pissed off customers MORE THAN MAKES UP FOR IT.

Using Mikrotik wireless was an enormous mistake for us. Save the customer money on the hardware… Make the same money for programing… But get slaughtered on follow-up and trouble tickets. Many of them having to be handled at a complete loss.

Lots of customers bought consumer grade crap just to get rid of the 2.4 connection problems.

Did not make us look good at all.

Sell a better WAP at cost and have zero call backs?
The customers bitch a little bit about the price. Then I show them what that WAP used to cost…

“Do you want a hobby or a solution?”

I think we would be all way luckier customers if MikroTik supported better wireless 802.11ac/ax access points. Currently MikroTik offers “cheapest” solutions which led to too much anger and frustration on our customer side. There are a lot of customers who are willing to pay more to get a better access point, but will not buy “enterprise” hardware. MikroTik needs to improve in order to not loose more and more customers to the next upper layer:

MikroTik cAP AC: 60€

• versus layer:
  TP-Link EAP245v3: 100€
  Grandstream GWN7630: 100€
  …

• versus layer:
  Ruckus R650 unleashed: 460€
  Ruckus R750 ZoneFlex: 590€
  Ruckus R720 ZoneFlex: 550€
  Ruckus R610 ZoneFlex: 380€
  Ruckus R510 ZoneFlex: 290€
  Ruckus R550 ZoneFlex: 580€
  Ruckus R550 unleashed: 340€
  Ruckus R710 ZoneFlex: 540€
  Ruckus R320 ZoneFlex: 170€
  Cambium E410 (802.11ac Wave 2, 2x2): 170€
  Cambium E600 (802.11ac Wave 2, 4x4): 280€
  Cambium XV2-2 (802.11ax, 2x2): 300€
  Cambium XV3-8 (802.11ax, Tri Radio, 8x8): 820€
  …

• versus layer:
  Cisco
  Aruba
  Extreme Networks
  Huawei
  …

This might sound nasty or not nice but I think MTK have more or less given up on access layer wireless.
End of the year WiFi 6E AP’s will be starting to roll out and Mikrotik haven’t done AC Wave2 fully enabled AP.
I suspect writing your own proprietary wireless driver like they do is a daunting and labor intensive task.

Just follow the money and you can see where MTK are spending and making their cash https://youtu.be/lkxpBSmRWg8?t=1673


I only have a couple of sites still running Wap AC’s and planning to move them to Cambium over the next couple of years.
They were good little AP’s for their time but the competition in this space is pretty brutal.
The feedback I see as wireless is getting more and more important to companies operations is that customers want cloud managed, mass provisioning,proper warranties and support.

No, do not want cloud managed. Happy with capsman and controller running within routers, even controlling itself sometimes.

Do want reliable and good performance though.

Systems like Aruba and Cambium you can forego cloud mgmt and set an ap in virtual mobility controller mode where a single ap acts as a master/main node that managed configs and can fail over to another ap in case of failure.Not great for big environments but we’ve put down these type of setups in 0-100 headcount places and they work pretty well.

I am happy with mikrotik wireless products.
I understand that there are better products. but the value for money plus benefits is good

Speed is good
Price better
Ac2

Capsman work

Nah, I can get a better speed with my cap ac or hap ac2, a screenshot at the peak speed can’t fool anyone, consistency is always a problem, try to run 10 speed test continuously and you will see, everyone here complain for a reason. Also, if you have a large number of clients you will find a bigger problem of it, home user will not use these devices and enterprise user will need for capacity. If you love MT, don’t try to cover their problems, it will only result in a bad way, expose them will make them feel the pressure and work hard for a fix, this is the only way. We are waiting for your answer, MT.

Well that’s a single Client download test with MikroTik’s self made driver.

• Have you ever tried to use a MikroTik 802.11ac access point in a multi client scenario? You would shocked by its low performance.

• The new wifiwave2 package includes drivers and firmwares from the chipsets vendors. This is not only about having MU-MIMO, 802.11w or roaming support. I expect much higher performance, aswell.

anuser, differnt story here
capac - $69US approx. $89 Cdn

TPLINK eap245 - 89Cdn. ( you are getting ripped off in europe for this one)
https://www.canadacomputers.com/search/results_details.php?language=en&keywords=eap245
https://www.amazon.ca/TP-Link-EAP245-Wireless-Supports-Injector/dp/B07NMZR3F1/ref=pd_lpo_147_t_0/139-4953212-6098245?_encoding=UTF8&pd_rd_i=B07NMZR3F1&pd_rd_r=493508ff-cd13-4781-9eef-1fcf304f83d9&pd_rd_w=ryOoj&pd_rd_wg=1x2Hs&pf_rd_p=55ea5ed7-d8ce-4183-b0cf-37e635680f3e&pf_rd_r=TTHJZTMV06ZDESWR32H3&psc=1&refRID=TTHJZTMV06ZDESWR32H3