Hi all!
New here. I’m Jose from Spain.
I’ve recently purchased a brand new HAP ax3. It’s installed along a ZTE ONT. I have 1Gbps symmetric fiber connection.
The ax3 is working properly, but the wireless performance is really poor.
Before ax3, I had an Asus RT-AC68U that is 10 years old, Wifi 5 device.
For example, in a room that I previously got about 300-350Mbps with the Asus, now I get only 50-100Mbps with the ax3 in 5Ghz ax band. I’ve scanned the freq utilization and frequency is in the less congested area. The difference is crazy, specially comparing with a 10yo device that doesn’t have Wifi 6.
This is the performance I will get with this device? Maybe would be improved with software updates? If not, I can return the ax3, received it yesterday. Any other MT device that performs better? (With Wifi included, for now I would like just one device).
Thanks
ips
May 8, 2024, 6:44am
2
Could you please share your config?
/export file="configuration"
I had an RT-AC56U years ago. These devices from so long ago did not adhere the regulatory domain restrictions. You could either set them to “co country”, maximum possible tx-power by hardware and so on. You could check your settings from your Asus device.
I personally use the hAP ax3 in my home with a 1Gbit connection and can easily get 800Mbit on Speedtest from an iPhone. So definitely something in your settings or wireless regulatory restrictions. Post your full config.
Normis, I thought you were using hap ax2 at home…
Changed to AX3 due to USB port, where I can put my containers
Based on your experience with both devices, would you say that the reception/coverage is worse with the AX3?
Definitely not worse, but not drastically better either. I would say in my concrete wall apartment AX3 is maybe 5-10% better
Thanks for the responses guys.
@normis I can also get 700-800 just next to the ax3, but not very good in other rooms or different floor like the old Asus or the Fritz 7590AX.
Here’s my config:
# 2024-05-08 15:54:54 by RouterOS 7.14.3
# software id = RGY5-9GVP
#
# model = C53UiG+5HPaxD2HPaxD
# serial number = HFK09QJXXXX
/interface bridge
add admin-mac=D4:01:C3:01:99:CC auto-mac=no comment=defconf igmp-snooping=yes \
name=bridge
/interface wifi
set [ find default-name=wifi1 ] channel.band=5ghz-ax .frequency=5180 .width=\
20/40/80mhz configuration.mode=ap .multicast-enhance=enabled .ssid=\
MikroTik disabled=no security.authentication-types=wpa2-psk,wpa3-psk \
.connect-priority=0 .ft=yes .ft-over-ds=yes
set [ find default-name=wifi2 ] channel.band=2ghz-ax .frequency=2457 .width=\
20mhz configuration.mode=ap .multicast-enhance=enabled .ssid=MikroTik2G \
disabled=no mtu=1500 security.authentication-types=wpa2-psk,wpa3-psk .ft=\
yes .ft-over-ds=yes
/interface wireguard
add listen-port=25188 mtu=1420 name=wireguard-rw
/interface vlan
add interface=ether1 name=vlan2-iptv vlan-id=2
add interface=ether1 name=vlan3-telefono vlan-id=3
add interface=ether1 name=vlan6-internet vlan-id=6
/interface pppoe-client
add add-default-route=yes disabled=no interface=vlan6-internet name=internet \
use-peer-dns=yes user=adslppp@telefonicanetpa
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add comment=vlans-iptv-voip name=VLANs2&3
/ip dhcp-server option
add code=240 name=opch-imagenio value="':::::239.0.2.29:22222'"
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.239
add name=iptv-dhcp ranges=192.168.88.241-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp interface=bridge name=defconf
/routing rip instance
add afi=ipv4 disabled=no name=rip
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wifi1
add bridge=bridge comment=defconf interface=wifi2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=internet list=WAN
add interface=vlan2-iptv list=VLANs2&3
add interface=vlan3-telefono list=VLANs2&3
add interface=wireguard-rw list=LAN
/interface wireguard peers
add allowed-address=172.16.0.2/32 comment=iPhone interface=wireguard-rw \
public-key="DvEwnF2zdkRb5f9CQSPzcCzNLAr1A+Og6yJOXXXXX="
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
192.168.88.0
add address=10.169.131.XXX/10 interface=vlan2-iptv network=10.128.0.0
add address=172.16.0.1/24 interface=wireguard-rw network=172.16.0.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add add-default-route=no interface=vlan3-telefono use-peer-dns=no \
use-peer-ntp=no
/ip dhcp-server matcher
add address-pool=iptv-dhcp code=60 name=descos server=defconf value="[IAL]"
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\
192.168.88.1
add address=192.168.88.240/28 comment=iptv-network dhcp-option=opch-imagenio \
dns-server=172.26.23.3 gateway=192.168.88.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=accept chain=input comment="vlans: accept voip and iptv vlans" \
in-interface-list=VLANs2&3
add action=accept chain=input comment="VPN Allow wireguard-rw" dst-port=25188 \
protocol=udp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment="VLANs2&3: masquerade" \
out-interface-list=VLANs2&3
/ip firewall service-port
set rtsp disabled=no
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" \
dst-port=33434-33534 protocol=udp
add action=accept chain=input comment=\
"defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=input comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!LAN
add action=accept chain=forward comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
"defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=forward comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!LAN
/routing igmp-proxy
set query-interval=30s quick-leave=yes
/routing igmp-proxy interface
add alternative-subnets=0.0.0.0/0 interface=vlan2-iptv upstream=yes
add interface=bridge
/routing rip interface-template
add instance=rip interfaces=vlan2-iptv,vlan3-telefono mode=passive
/system clock
set time-zone-name=Europe/Madrid
/system note
set show-at-login=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Your frequency, check how it works in others. Do this command
and see what you can use
for example
ranges: 2402-2482/20
you could try 5490-5730
anav
May 8, 2024, 2:46pm
11
normis, you have a special Iphone LOL. I have the ax3 and dont get 800 but will go recheck now that you have made me curious.
It’s been a while now but if memory serves me correct I was having slow-downs with this option enabled .connect-priority=0
Thanks! Will try disabling it
Your frequency, check how it works in others. Do this command
and see what you can use
for example
ranges: 2402-2482/20
you could try 5490-5730
I’m testing 5490-5730 right now. Seems it’s better. Will test a bit more and comment results.
What’s the tx power and channel?
I have found better combination using the range 5180-5330. Just did a test in ground floor (router is in first) and got 311 Mbps.
Right now channel is 5320 and Tx power is 17.
Also I moved a bit more the antennas to a 45º position.
ips
May 8, 2024, 9:21pm
16
Just to check, likely not involved in the problem: is the RouterBoard device firmware updated?
That’s at the low end. There might be better frequencies that have significantly higher power (mid 20s). Different countries have different limits. It’s possible your old ASUS wasn’t obeying the local power limits. A recent change in RouterOS is that it used to default (I think) to the USA which has one of the highest TX power to Latvia where the maximum Tx power is lower. Also varies by device and antenna gain. This is a table I put together for the UK with some devices:
So I have my hAP ax2 sett to 5500 which gives me 25 compared to 18 over the “safe” non-DFS frequency.
Caveats:
I’ve reported/observed a situation where if you set just a single frequency (say 5500) and a radar event occurs later on that channel, the entire 5Ghz interface shuts down. So I’ve got multiple frequencies configured: 5500, 5660, 5580, 5260, 5180.
I’ve also observed situations that if you specify a list like that, RouterOS doesn’t take it as gospel. I expected it to do radar CAC checks on 5500 and if it finds one, move onto 5660. However, RouterOS also appears to do other checks (noise from other access points?) and can quickly (i.e. not CAC check) move through the list so you end up on 5180. Personally I think if you specify a frequency list, RouterOS should use those frequencies unless CAC radar check fails.
As mentioned, my hAP ax2 gets fake (IMO) radar events which throws it off 5500 and it never goes back. This is a flaw IMO as the specification state that if a radar event does occur, the router can try again in 30 minutes on that channel. RouterOS doesn’t appear to do this. So I’ve got a scheduled script that runs every hour. It turns the interface off and back on if it’s not on 5500.
There are so many posts on here about poor Wi-Fi performance with the AX devices that it can’t be mistaken/wrong configuration. The gun is just smoking too much.
@robmaltsystems thanks for sharing your research, I also had my AP stuck with frequency 5500 due to DFS, sounds like a bug to me.
jfim88
May 10, 2024, 1:28pm
20
That’s at the low end. There might be better frequencies that have significantly higher power (mid 20s). Different countries have different limits. It’s possible your old ASUS wasn’t obeying the local power limits. A recent change in RouterOS is that it used to default (I think) to the USA which has one of the highest TX power to Latvia where the maximum Tx power is lower. Also varies by device and antenna gain. This is a table I put together for the UK with some devices:
So I have my hAP ax2 sett to 5500 which gives me 25 compared to 18 over the “safe” non-DFS frequency.
Caveats:
I’ve reported/observed a situation where if you set just a single frequency (say 5500) and a radar event occurs later on that channel, the entire 5Ghz interface shuts down. So I’ve got multiple frequencies configured: 5500, 5660, 5580, 5260, 5180.
I’ve also observed situations that if you specify a list like that, RouterOS doesn’t take it as gospel. I expected it to do radar CAC checks on 5500 and if it finds one, move onto 5660. However, RouterOS also appears to do other checks (noise from other access points?) and can quickly (i.e. not CAC check) move through the list so you end up on 5180. Personally I think if you specify a frequency list, RouterOS should use those frequencies unless CAC radar check fails.
As mentioned, my hAP ax2 gets fake (IMO) radar events which throws it off 5500 and it never goes back. This is a flaw IMO as the specification state that if a radar event does occur, the router can try again in 30 minutes on that channel. RouterOS doesn’t appear to do this. So I’ve got a scheduled script that runs every hour. It turns the interface off and back on if it’s not on 5500.
There are so many posts on here about poor Wi-Fi performance with the AX devices that it can’t be mistaken/wrong configuration. The gun is just smoking too much.
Thanks for your very informative response.
I’ve tested the higher channels too, but seems that I get more speed in the lower ones, even with less Tx Power. Will do more tests.
