I want to use dual band Wifi configuration for my AX^3. I choose 5Ghz and 2Ghz, set some basic config like SSID and security but for some reason I can connect only to wifi1 5Ghz. I couldn’t find answer in google. In recent software update I see a lot of wifi improvements but I don’t see anything specific to my issue.
lags: R - RUNNING; S - SLAVE
Columns: NAME, TYPE, ACTUAL-MTU, L2MTU, MAX-L2MTU, MAC-ADDRESS
# NAME TYPE ACTUAL-MTU L2MTU MAX-L2MTU
0 R ether1 ether 1500 1568 9214
1 RS ether2 ether 1500 1568 9214
2 RS ether3 ether 1500 1568 9214
3 S ether4 ether 1500 1568 9214
4 S ether5 ether 1500 1568 9214
5 RS ads veth 1500
;;; defconf
6 R bridge bridge 1500 1560
7 R docker bridge 1500 65535
8 R lo loopback 65536
9 R pppoe pppoe-out 1492
10 RS wifi1 wifi 1500 1560 1560
11 S wifi2 wifi 1500 1560 1560
/system/package/print
Columns: NAME, VERSION, BUILD-TIME, SIZE
# NAME VERSION BUILD-TIME SIZE
0 wifi-qcom 7.17.2 2025-02-06 09:10:24 10.2MiB
1 container 7.17.2 2025-02-06 09:10:24 64.1KiB
2 routeros 7.17.2 2025-02-06 09:10:24 12.0MiB
One thing that brought my attention is that the 2nd interface is not running
/interface/wifi/print
0 MBR wifi1 ap sid_name 20/40/80mhz
1 MB wifi2 ap sid_name2 20/40mhz
Wifi interfaces will only show as running when something is connected.
Since you do not show the relevant parts of config it’s a guessing game.
Please provide export of wifi part of config.
Here is exported file:
2025_02_cfg_part.rsc (4.1 KB)
(I cleaned up some sections, let me know if I provide all required information)
/container mounts
add dst=/opt/adguardhome/work name=adguard-work src=\
/usb1/adguard-home/opt/adguardhome/work
add dst=/opt/adguardhome/conf name=adguard-conf src=\
/usb1/adguard-home/opt/adguardhome/conf
/interface bridge
add admin-mac=G4:1E:57:76:37:G5 auto-mac=no comment=defconf name=bridge
add name=docker
/interface ethernet
set [ find default-name=ether1 ] mac-address=28:A6:F7:FD:41:4F
/interface wifi
set [ find default-name=wifi1 ] channel.band=5ghz-ax .skip-dfs-channels=\
10min-cac .width=20/40/80mhz configuration.mode=ap .ssid=\
szarlotka_cynamonowa disabled=no security.authentication-types=\
wpa2-psk,wpa3-psk .ft=yes .ft-over-ds=yes
set [ find default-name=wifi2 ] channel.band=2ghz-ax .skip-dfs-channels=\
10min-cac .width=20/40mhz configuration.mode=ap .ssid=\
sernik_brzoskwiniowy disabled=no security.authentication-types=\
wpa-psk,wpa2-psk .ft=yes .ft-over-ds=yes
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-imperium \
user=8010
/interface veth
add address=192.168.11.2/24 gateway=192.168.11.1 gateway6="" name=ads
/disk
set usb1 media-interface=bridge media-sharing=yes smb-sharing=yes
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
...
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wifi1
add bridge=bridge comment=defconf interface=wifi2
add bridge=docker interface=ads
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
...
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
...
/system script
add comment=defconf dont-require-permissions=no name=dark-mode owner=*sys \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
source="\r\
\n :if ([system leds settings get all-leds-off] = \"never\") do={\r\
\n /system leds settings set all-leds-off=immediate \r\
\n } else={\r\
\n /system leds settings set all-leds-off=never \r\
\n }\r\
\n "
add comment=defconf dont-require-permissions=no name=wps-accept owner=*sys \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
source="\r\
\n :foreach iface in=[/interface/wifi find where (configuration.mode=\"a\
p\" && disabled=no)] do={\r\
\n /interface/wifi wps-push-button \$iface;}\r\
\n "
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
I am not seeing a glaring error on wifi part except I don’t see a country setting ?
Where is dhcp server for lan ?
Where are ip settings for bridge ?
Dns ?
I unchecked WPA/PSK option so the only auth type is WPA2/PSK and it worked. Is it possible that some devices can not work correctly with that setting(WPA+WPA2)? If it’s something different I can provide lan, bridge and dns information.
That’s certainly possible.
Also, lots of IoT devices don’t want to connect to network with WPA3 as option, even if WPA2 can be used as well.