WAP for LAN - MikroTik RouterBOARD mAP 2nD - Very slow

jamesmaddison · October 7, 2022, 8:18am

Hi,

I’ve got a MikroTik RouterBOARD mAP 2nD.

Essentially, I just want a WAP for a LAN on 192.168.1.0/24. I’ve shown the rough topology below.

My configuration is given below.

# jan/02/1970 00:39:09 by RouterOS 6.48.6
# software id = KAL8-QJ85
#
# model = RBmAP2nD
# serial number = 
/interface bridge
add admin-mac=18:FD:74:52:62:52 auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
    country="united kingdom" disabled=no distance=indoors frequency=auto \
    installation=indoor mode=ap-bridge ssid="Mapex Router" wireless-protocol=\
    802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk mode=dynamic-keys \
    supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=dhcp ranges=192.168.1.10-192.168.1.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=pwr-line1
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.1.100/24 comment=defconf interface=bridge network=\
    192.168.1.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server network
add address=192.168.1.0/24 comment=defconf gateway=192.168.1.100 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.1.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked disabled=yes
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid disabled=yes
add action=accept chain=input comment="defconf: accept ICMP" disabled=yes \
    protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" disabled=yes \
    dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    disabled=yes in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    disabled=yes ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    disabled=yes ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related disabled=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked disabled=yes
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid disabled=yes
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new disabled=yes in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/system identity
set name=RouterOS
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

This configuration works in the sense that I can ping other devices. However it’s extremely slow. Pings take 3000-4000ms.

Have I done something wrong or do I need a higher spec of router?

Thanks in advance

holvoetn · October 7, 2022, 10:19am

First remark:
If your ether1 is the real WAN access (as in connected to your ISP modem/router) it can not be AND DHCP client AND be part of the bridge.
There is a reason those other ports are added with comment “defconf”. Since ether1 does not have this, I will assume you added it.
Remove it from the bridge.

On the question of you need a higher spec router, nobody can tell without more info why you placed it in your network and what it is being used for.

Personally I have a couple of those devices, 2 of them installed with a client each time connecting local shop network bidirectionally to Azure Cloud services over ISP modem.
No problems whatsover performance wise (max bandwith of ISP is 50Mb, map can handle a lot more then that).
They are pretty capable if you stay within their specifications.

jamesmaddison · October 7, 2022, 10:22am

Hi,

Sorry if I’ve been unclear.

There is no need for an internet connection through the router - the wireless access is exclusively for connecting a laptop to the wired network.

The situation is that I have a machine with multiple devices on a wired network (192.168.1.0/24), and I would like to plug the router in to give me a wireless AP for the network.

Hopefully that makes sense!

Thanks

holvoetn · October 7, 2022, 10:28am

Still the same.
ether1 is in your config a part of the bridge. You can not have a dhcp client on a slave port.
Remove ether1 from the bridge