Wi-Fi performance bad on RB4011 - possible misconfig

Dear Community!

I have bought a RB4011iGS+5HacQ2HnD-IN router.
I was able to set up everything - got a little help in the forum here - everything working perfectly, except WLAN.
I can get maxed out rates (the max I get from my ISP) on ether interfaces, but not on Wi-Fi. I hope that I could get at least around 400Mbps on Wi-Fi with this router.

Tried different configs, I couldn’t get better rates than 190Mbps on 5GHz and 40Mbps on 2.4GHz.
Mostly I’m interested in 5GHz performance… 2.4GHz is too crowded here (5GHz not).
My much cheaper router produced slightly better rates than this. So I assume this must be a config error (or maybe the 5GHz problem on RB4011 is still there?)

Hope someone can give me some advice on what might be configured wrongly, or what I could try out to improve the performace.

My current config:

# may/09/2020 01:49:00 by RouterOS 6.46.6
# software id = CK9Q-MRSJ
#
# model = RB4011iGS+5HacQ2HnD
# serial number = D1460B1C119B
/interface bridge
add name=vlan_bridge protocol-mode=none vlan-filtering=yes
/interface vlan
add interface=vlan_bridge name=vlan_base vlan-id=99
add interface=vlan_bridge name=vlan_guest vlan-id=20
add interface=vlan_bridge name=vlan_private vlan-id=10
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add name=VLAN
add name=BASE
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk comment="Guest Profile" eap-methods="" mode=\
    dynamic-keys supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" group-key-update=1h management-protection=allowed mode=\
    dynamic-keys name=profile_private supplicant-identity=""
/interface wireless
set [ find default-name=wlan1 ] band=5ghz-n/ac channel-width=20/40/80mhz-XXXX country=hungary disabled=no \
    installation=indoor mode=ap-bridge name=wlan_atlas secondary-channel=auto security-profile=\
    profile_private ssid=atlas wireless-protocol=802.11 wmm-support=enabled wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=C6:AD:34:E9:0F:B9 master-interface=wlan_atlas \
    multicast-buffering=disabled name=wlan_atlas_guest ssid=atlas-Guest wds-cost-range=0 \
    wds-default-cost=0 wps-mode=disabled
set [ find default-name=wlan2 ] band=2ghz-b/g/n channel-width=20/40mhz-XX country=no_country_set \
    disabled=no distance=indoors frequency=auto installation=indoor mode=ap-bridge name=wlan_fujijama \
    security-profile=profile_private ssid=fujijama wireless-protocol=802.11
add disabled=no keepalive-frames=disabled mac-address=C6:AD:34:E9:0F:BA master-interface=wlan_fujijama \
    multicast-buffering=disabled name=wlan_fujijama_guest ssid=fujijama-Guest wds-cost-range=0 \
    wds-default-cost=0 wps-mode=disabled
/ip kid-control
add name="Children control"
/ip pool
add name=dhcp_pool_private ranges=10.0.0.50-10.0.0.254
add name=dhcp_pool_guest ranges=10.0.3.2-10.0.3.254
add name=dhcp_pool_base ranges=10.0.99.2-10.0.99.254
/ip dhcp-server
add address-pool=dhcp_pool_private disabled=no interface=vlan_private lease-time=1d name=dhcp_private
add address-pool=dhcp_pool_guest disabled=no interface=vlan_guest lease-time=1h name=dhcp_guest
add address-pool=dhcp_pool_base disabled=no interface=vlan_base lease-time=1h name=dhcp_base
/ppp profile
add bridge=vlan_bridge local-address=10.0.0.2 name=ppp_private remote-address=188.142.192.135
/queue simple
add max-limit=2M/90M name="Limit Guest VLAN" target=vlan_guest
/interface bridge port
add bridge=vlan_bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes \
    interface=ether2 pvid=10
add bridge=vlan_bridge interface=sfp-sfpplus1
add bridge=vlan_bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes \
    interface=ether3 pvid=10
add bridge=vlan_bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes \
    interface=ether4 pvid=10
add bridge=vlan_bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes \
    interface=ether5 pvid=10
add bridge=vlan_bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes \
    interface=ether6 pvid=10
add bridge=vlan_bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes \
    interface=ether7 pvid=10
add bridge=vlan_bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes \
    interface=ether8 pvid=10
add bridge=vlan_bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes \
    interface=ether9 pvid=20
add bridge=vlan_bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes \
    interface=wlan_atlas pvid=10
add bridge=vlan_bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes \
    interface=wlan_fujijama pvid=10
add bridge=vlan_bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes \
    interface=wlan_fujijama_guest pvid=20
add bridge=vlan_bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes \
    interface=wlan_atlas_guest pvid=20
add bridge=vlan_bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes \
    interface=ether10 pvid=99
/ip neighbor discovery-settings
set discover-interface-list=VLAN
/interface bridge vlan
add bridge=vlan_bridge tagged=vlan_bridge untagged=\
    ether2,ether3,ether4,ether5,ether6,ether7,ether8,wlan_atlas,wlan_fujijama vlan-ids=10
add bridge=vlan_bridge tagged=vlan_bridge untagged=ether9,wlan_fujijama_guest,wlan_atlas_guest vlan-ids=\
    20
add bridge=vlan_bridge tagged=vlan_bridge untagged=ether10 vlan-ids=99
/interface detect-internet
set detect-interface-list=all
/interface l2tp-server server
set authentication=mschap1,mschap2 default-profile=ppp_private
/interface list member
add interface=ether1 list=WAN
add interface=vlan_base list=VLAN
add interface=vlan_private list=VLAN
add interface=vlan_guest list=VLAN
add interface=vlan_base list=BASE
add interface=vlan_private list=BASE
/interface ovpn-server server
set auth=sha1 certificate=server cipher=aes256 enabled=yes require-client-certificate=yes
/interface wireless access-list
add comment=COMP1 interface=wlan_atlas mac-address=08:62:66:BC:8C:BF
/ip address
add address=10.0.99.1/24 interface=vlan_base network=10.0.99.0
add address=10.0.0.2/24 interface=vlan_private network=10.0.0.0
add address=10.0.3.2/24 interface=vlan_guest network=10.0.3.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server lease
add address=10.0.0.99 mac-address=78:11:DC:55:9E:00 server=dhcp_private
add address=10.0.0.100 client-id=1:0:4:20:f0:af:64 mac-address=00:04:20:F0:AF:64 server=dhcp_private
add address=10.0.0.195 mac-address=EC:FA:BC:12:83:9F server=dhcp_private
add address=10.0.0.85 mac-address=DC:4F:22:C0:7A:BB server=dhcp_private
add address=10.0.0.84 mac-address=DC:4F:22:C0:74:57 server=dhcp_private
add address=10.0.0.83 mac-address=DC:4F:22:C0:73:5B server=dhcp_private
add address=10.0.0.131 client-id=1:8:62:66:bc:8c:bf mac-address=08:62:66:BC:8C:BF server=dhcp_private
add address=10.0.0.59 mac-address=EC:FA:BC:86:CD:DD server=dhcp_private
add address=10.0.0.135 client-id=1:dc:a6:32:d:4b:73 mac-address=DC:A6:32:0D:4B:73 server=dhcp_private
add address=10.0.0.93 mac-address=78:11:DC:EB:54:08 server=dhcp_private
add address=10.0.0.101 mac-address=40:31:3C:D0:D9:30 server=dhcp_private
add address=10.0.0.105 mac-address=98:F4:AB:B8:64:0F server=dhcp_private
add address=10.0.0.110 mac-address=98:F4:AB:B8:6D:01 server=dhcp_private
add address=10.0.0.112 mac-address=C8:2B:96:10:AB:53 server=dhcp_private
add address=10.0.0.109 mac-address=04:CF:8C:15:BD:5E server=dhcp_private
add address=10.0.0.120 mac-address=C8:2B:96:11:4F:B4 server=dhcp_private
add address=10.0.0.87 mac-address=E4:F0:42:20:42:53 server=dhcp_private
add address=10.0.0.103 mac-address=04:CF:8C:25:61:92 server=dhcp_private
add address=10.0.0.138 mac-address=98:F4:AB:F3:43:E2 server=dhcp_private
add address=10.0.0.175 mac-address=EC:FA:BC:14:83:26 server=dhcp_private
add address=10.0.0.86 mac-address=DC:4F:22:C0:75:0A server=dhcp_private
add address=10.0.0.111 mac-address=C8:2B:96:10:AF:4F server=dhcp_private
add address=10.0.0.98 mac-address=34:CE:00:FB:DB:F3 server=dhcp_private
add address=10.0.0.53 client-id=1:50:13:95:bf:f7:dc comment=Yi-Hack mac-address=50:13:95:BF:F7:DC server=\
    dhcp_private
/ip dhcp-server network
add address=10.0.0.0/24 dns-server=10.0.0.3 gateway=10.0.0.2
add address=10.0.3.0/24 dns-server=10.0.0.3 gateway=10.0.3.2
add address=10.0.99.0/24 dns-server=8.8.8.8 gateway=10.0.99.1
/ip dns
set allow-remote-requests=yes servers=9.9.9.9
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="Allow Estab & Related" connection-state=established,related
add action=accept chain=input comment="Allow VLAN_HOME Full Access" in-interface-list=BASE
add action=drop chain=input comment=Drop connection-state=""
add action=accept chain=forward comment="Allow Estab & Related" connection-state=established,related
add action=accept chain=forward comment="Access Pi-hole DNS from VLANs UDP" dst-address=10.0.0.3 \
    dst-port=53 in-interface-list=VLAN protocol=udp
add action=accept chain=forward comment="Access Pi-hole DNS from VLANs TCP" dst-address=10.0.0.3 \
    dst-port=53 in-interface-list=VLAN protocol=tcp
add action=accept chain=forward comment="VLAN Internet Access only" connection-state=new \
    in-interface-list=VLAN out-interface-list=WAN
add action=drop chain=forward comment=Drop connection-state=""
/ip firewall nat
add action=masquerade chain=srcnat comment=masquerade ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment=NAS dst-port=22 in-interface=ether1 protocol=tcp to-addresses=\
    10.0.0.252 to-ports=18022
add action=dst-nat chain=dstnat comment="Transmission Web Interface" dst-port=19091 in-interface=ether1 \
    protocol=tcp to-addresses=10.0.0.252 to-ports=9091
add action=dst-nat chain=dstnat comment=Transmission dst-port=49850 in-interface=ether1 protocol=tcp \
    to-addresses=10.0.0.252 to-ports=49850
add action=dst-nat chain=dstnat comment=HTTPS dst-port=61443 in-interface=ether1 protocol=tcp \
    to-addresses=10.0.0.252 to-ports=443
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
/ppp secret
add local-address=10.0.0.2 name=kristof profile=ppp_private remote-address=10.0.0.10 service=ovpn
/system clock
set time-zone-name=Europe/Budapest
/system leds
set 0 type=on
add interface=wlan_fujijama leds="wlan_fujijama_signal1-led,wlan_fujijama_signal2-led,wlan_fujijama_signal\
    3-led,wlan_fujijama_signal4-led,wlan_fujijama_signal5-led" type=wireless-signal-strength
add interface=wlan_fujijama leds=wlan_fujijama_tx-led type=interface-transmit
add interface=wlan_fujijama leds=wlan_fujijama_rx-led type=interface-receive
/system ntp client
set enabled=yes server-dns-names=0.hu.pool.ntp.org,1.hu.pool.ntp.org
/tool graphing interface
add allow-address=10.0.0.0/24
/tool graphing resource
add allow-address=10.0.0.0/24
add allow-address=10.0.99.0/24
/tool mac-server
set allowed-interface-list=BASE
/tool mac-server mac-winbox
set allowed-interface-list=BASE

Mikrotik fannboys are going to slander me, but trust me, You have two options:

1. Return/sell Mikrotik and buy some other, less configurable, but better working wifi router.
2. Disable wireless and buy some other, less configurable, but better working wifi accesspoint and connect it to Mikrotik router.

+1

1. You buy any other vendor’s wireless product, then you study and learned some extra tuning skill, you get even better result
2. You buy MT wireless product, then you study and learned those knowledge to understand why does it perform so bad, you start to accept it and think it’s normal to have this kinda performance

Make your choice

Okay thanks!

This router was pretty expensive and I hoped that I could get a decent speed with Wi-Fi.
I saw here that lots of people have problems with it, but I never thought this is that common. In general I love MT products and its configurability (though I never had any Wi-Fi device before).

What I can’t understand: If I set Frequency to auto, it will choose a frequency which is really-really crowded. The channels above 100 are empty completely… I have found a frequency which is empty and it gives a little bit better speeds for me, however still far from what I wanted.

Hope someone from MT can comment on this.
Anyway how I can activate the intial configuration support? This router has a Level5 license which means I have 30 days of support, though I haven’t found anything yet.
Maybe someone from MT can have some ideas what might be wrong.

100% true.

Mikrotik’s wifi device owner is either too shame to admit what a big mistake he made, or after a abnormal configuration marathon is having a Stockholm syndrome.

Don’t be a masochist, thre is no fix. Been there, done that, read my (or use google and find thousands more) story - http://forum.mikrotik.com/t/cap-ac-wifi-speed-is-terrible-bad/138783/1

I have read this thread before…
I’m not really happy with this as I just bought the router… however for me, it is almost the same as my previous cheap router (in terms of speed), but the distance and stability is much better…

Also how could I set the secondary channel? It seems that any value I give, it will not accept, only auto.

What’s your client device? It is possible that the speed is limited by the capabilities of your client, not the AP.
Can you show what’s in the registration table (/interface wireless registration-table print stats) during the test?

Hey, at least the 5 GHz interface is stable now, it used to be crashing regularly for more than a year. Another 1-2 years from now mikrotik wifi transfer speed might be up to what other vendors provide today.
However, 200-300 Mbps wifi speed is already pretty ok in most situations. If you really need reliably faster wifi today, you should indeed get an access point from another vendor as already suggested.

What do you mean, setting the secondary channel. You already did set the bandwidth to “80 MHZ , indoor” in your configuration: So you want 80+80(secondary) bandwidth.indoor freq.

set [ find default-name=wlan1 ] band=5ghz-n/ac channel-width=20/40/80mhz-XXXX country=hungary disabled=no
installation=indoor

“indoor” is limiting the possibilities to indoor-frequencies and the corresponding maximum EIRP power of 20 dBm
Channel 100 (5500MHz is part of the “installation=any” frequencies, that channel cannot be used here.
There are 2 80 MHz bands indoors, and 3 80 MHz bands outdoors
5ghz-n/ac: n supports up to 40 MHz, ac up to 80 MHz. If you want 80 MHz + secondary I think selecting ac-only the better “band” setting

[admin@Mkt] > interface wireless info country-info
country: hungary
ranges: 2402-2482/b,g,gn20,gn40(20dBm)
2417-2457/g-turbo(20dBm)
5170-5250/a,an20,an40,ac20,ac40,ac80,ac160,ac80+80(23dBm)/passive,indoor
5170-5330/a,an20,an40,ac20,ac40,ac80,ac160,ac80+80(20dBm)/dfs,passive,indoor
5250-5330/a,an20,an40,ac20,ac40,ac80,ac160,ac80+80(20dBm)/dfs,passive,indoor
5490-5710/a,an20,an40,ac20,ac40,ac80,ac160,ac80+80(27dBm)/dfs,passive
5190-5310/a-turbo(20dBm)/dfs
5180-5300/a-turbo(20dBm)/dfs
5520-5680/a-turbo(27dBm)/dfs,passive
5510-5670/a-turbo(27dBm)/dfs,passive
902-927/b,g,g-turbo,gn20,gn40(30dBm)

Not much to choose from if you want 2x80 MHz width channel (36-40-44-48) and (52-56-60-64).
“Auto” frequency selecting is not to be trusted. Avoid it ! But the device had no other choice than to select the whole indoor frequency band as it was asked to find 80+80 MHz

There are more possibilities with installation =any. You are legally allowed to use outdoor frequencies indoors. But be aware of the weather radar frquencies (120,124,128), they have always a DFS initial delay of 10 minutes!

80+80 only makes sense if your client device supports this!

You have done the first step right: select freq based on possible interference.
Now do the second step. And have a good look at all the counters in the “registration” table.
Received Signal strength, strength per ch (spatial stream), SNR, p-throughput, and the used send and receive mode eg. “5500 MHZ/40 MHz/2S/SGI” because bandwidth, number of streams, guard interval will all depend on the client device as well. CCQ and the relation frames/HW frames will give the retransmits done, an indication of the signal quality and disturbance. And these counters are crucial to understand objectively how well the “AP-device wifi combination” is performing. Tuning can be done based on the “registration” values.
The maximum theoretical performance based on bandwidth/streams/ encoding quality are very well known and are part of the 802.11 standards; http://mcsindex.com/
Not using “registration” is pure guesswork.

Based specs - https://mikrotik.com/product/rb4011igs_5hacq2hnd_in

Wireless 5 GHz Max data rate 1733 Mbit/s
Wireless 2.4 GHz Max data rate 300 Mbit/s

If 5Ghz is providing max 70% of 2,4Ghz speed, then this is not OK at all.

Ksuuk, open your mind.

2.4 GHz has 300 Mbps at the best conditions. 2 spatial streams, MCS7 encoding, 40 MHz bandwidth, short guard interval.. This is the interface bruto rate. The throughput possible is between 60 and 75% of this, if traffic is in 1 direction, and there is zero interference. Traffic will fall lower than half if in both directions.

5 GHz has 1733 Mbps at the best conditions: 4 spatial streams at 80 MHz (no client device has this), or 2 spatial streams at 160 MHz (which client device is that?), MCS9 encoding which is very sensitive with its 256 QAM, 50 dB+ SNR, short guard interval, and an exit interface that can cope with that speed.(> 1Gbps). No other devices allowed as it uses a very broad range in the freq spectrum. Data throughput is 60 to 75% of the interface rate in one direction, less than halve in both directions. The AP beacons are still transmitted at 6 Mbps and take a large part of the air-time.

https://www.duckware.com/tech/wifi-in-the-us.html
http://www.revolutionwifi.net/revolutionwifi/p/ssid-overhead-calculator.html

You can prefer to keep claiming this brand of wifi is not performing by gut feeling. You do this already 6 years I can find out. Your methodology to make it evidence based did not improve in all that time. On the contrary you desingage any time some evidence is asked for. It might prove you have been wrong.

I got an Audience which based on the same wireless chipset with RB4011, in 2x2 the max speed I got is about 470mbps, pretty good I must say, same speed with those IPQ4018/4019 based products like hAP ac2/cAP ac, and ping respond is best among all the APs I got (Aruba IAP-225/315, Ruckus R510, Ubiquiti nanoHD/UAP-AC-LR, Netgear R7800, RT-AC86U, GT-AC5300… many many more), but the problem is, MT AP’s speed is inconsistent, for example, if I run 10 times of speed test or iperf3, all those devices gave me 10 times same top speed, but MT APs gave me like 3 times 470mbps, 5 times 400mbps±, 2 times 300-mbps, no matter how I tune, I tried all the parameters I can test in MT, spent few months to test it, because I really love the ping respond that MT offer, but no luck at all.

So my personal conclusion is if your ISP speed is 300mbps or below, MT will offer you the best ping respond and max out the speed of your ISP offer at most of the time, but if your ISP speed is greater than 300mbps, you will find some difficulties to get consistent max speed, I mean consistently get the max speed, not sometimes but all the time. In this case, better go for other vendors, there is nothing to do with config.

@rkrisi
Be a little patient and MikroTik will improve the wireless performance in your RB4011 … it may take another 6 months … patience is key

My suggestion for you is to buy the Ubiquiti nanoHD access Point
Connect that to your RB4011 and you will have superb performance beyond your wildest expectations

However, if you go with my suggestion, to configure the nanoHD it requires a CONTROLLER … 2 options are available … a software controller that you install on your windows pc [free] or you can buy a hardware controller called UC_CK.

1. BMW can run 1000 km/h using 0 L petrol, if dropped out from spaceship, but still in official specs is given the max speed what tires/road can handle and with min/max/normal petrol usage. So Mikrotik should also give not theoretical, which users never get, but common spec -s.

2. My first wifi based topic/post at all was made at 22.04.2020, so please redraw Your false accusations and apologize.

3. In my topic, based suggestions, I made several resets, several different config modes and pasted config -s also, but even if it worked for some, as I still have problems with same hardware and same config, so it’s not a config issue. Also the config fine tune suggestions were contradictory and mostly just guesses.

4. How did Your message help the user problem?

I have noticed same problem, almost every speedtest run gives a different result and this happens only with Miktotik. It’s like having some internal hidden quota, cache, or something else. And because of such unstable speedtest result is impossible to tune, as I can’t be sure does some option make it better or worse.

Thanks for your detailed answer!
Looking at the registration table, which client should I look at? Or should I conclude an average performance of the current setting?
For example my phone which is quite far away from the router has:
-60dbm Signal Strength and RX rate 585Mbps Tx rate 351Mbps, but still speedtest shows around 150Mbps speed.

What conclusion can I draw from these? How could I use this informations to improve the speed?

Thanks!

I don’t mind if this will just improve over time

I don’t think so. I have tried different devices.
Basically my computer which has a PCIE Asus AC Wi-Fi card (Intel chipset - I don’t know the exact model though, but it has external antennas), my iPhone 8, iPad, Xiaomi mobile phones, several laptops.
The best I could get was around 210Mbps.

How did you get these speeds, what configuration do you use?