WiFi Access Points Maxes at 300mbps D/L

Hello there. It’s my first time setting up a Mikrotik Hex Refresh as a replacement for my Synology Router and it was a very steep learning curve in terms of configuring all the basic set up. After spending hours tinkering this router, I think I got it to the point where it is functioning the way I wanted except for one thing. My WiFi download speeds are considerably slow compared to my previous setup. The download speed appears to max out at 300mbps.

I have a 1Gbit connection from the ISP and all wired connections to the RouterBoard are downloading at 950mbps.

My WiFi access points are Google WiFi AC nodes configured as bridge so all DHCP leases are coming from the RouterBoard. I connected a computer directly to this node and can confirm that I can download at 950mbps no problem.

I already have fasttrack enabled as initially I was having issues with hardwired devices maxing out at only 600mbps. After enabling, I’m now getting the correct speed but this only works for wired connections.

I also tried connecting my old Synology AC router directly to the RouterBoard and configured it as a basic router with WiFi. I get the same thing—->hardwired devices connected to the Synology AC Router are getting a steady 950mbps download but wireless devices are maxing out at 300mbps.

Is there any configuration that I need to change in order to get the old speeds I’m getting without the RouterBoard?

Thanks in advance for any help

If you replace the hEX with the Synology, do you get higher wireless speeds?
From the information you supply, the hEX doesn’t seem to be the problem.

Yeah, same question as above. The description clearly says, that over the cable you get full speed, but your wifi AP is not from MikroTik, so I don’t see how the hEX could have any influence on the problem

Maybe yes, maybe no.
Hard to say without knowing your configuration.
Follow this:
http://forum.mikrotik.com/t/forum-rules/173010/1
and post your configuration for review.

Some interference in form of timing jitter affecting TCP window scaling?

Experience with official test results says that figure listed under “Ethernet test results → Routing → 25 ip filter rules → 512 bytes [packet size]” resemble real-life performance quite well. And hEX refresh has 498.1 [Mbps], which means that 950Mbps @OP sees when using wired computers is quite an achievement. And any slight disturbance can mean a very noticeable drop in performance.

Download analiti. Take a look at your wireless interference.

Yes. The image showing 400+Mbps downloads were results from before I put in the Mikrotik router

Not sure if this will help but here are my iPerf3 results on my Macbook (WiFi) to PC (Wired):

Connecting to host 10.0.0.171, port 5201

[ 5] local 10.0.0.98 port 51678 connected to 10.0.0.171 port 5201

[ ID] Interval Transfer Bitrate

[ 5] 0.00-1.01 sec 45.2 MBytes 375 Mbits/sec

[ 5] 1.01-2.00 sec 43.6 MBytes 370 Mbits/sec

[ 5] 2.00-3.01 sec 16.8 MBytes 139 Mbits/sec

[ 5] 3.01-4.01 sec 8.38 MBytes 70.4 Mbits/sec

[ 5] 4.01-5.01 sec 9.12 MBytes 76.4 Mbits/sec

[ 5] 5.01-6.01 sec 12.5 MBytes 105 Mbits/sec

[ 5] 6.01-7.01 sec 29.1 MBytes 244 Mbits/sec

[ 5] 7.01-8.01 sec 34.5 MBytes 290 Mbits/sec

[ 5] 8.01-9.01 sec 39.1 MBytes 327 Mbits/sec

[ 5] 9.01-10.01 sec 38.4 MBytes 324 Mbits/sec

- - - - - - - - - - - - - - - - - - - - - - - - -

[ ID] Interval Transfer Bitrate

[ 5] 0.00-10.01 sec 277 MBytes 232 Mbits/sec sender

[ 5] 0.00-10.01 sec 275 MBytes 230 Mbits/sec receiver

This one’s from a PC (wired) to another PC (Wired)

Connecting to host 10.0.0.198, port 5201

[ 5] local 10.0.0.98 port 61145 connected to 10.0.0.198 port 5201

[ ID] Interval Transfer Bitrate

[ 5] 0.00-1.00 sec 101 MBytes 850 Mbits/sec

[ 5] 1.00-2.01 sec 98.6 MBytes 819 Mbits/sec

[ 5] 2.01-3.01 sec 98.2 MBytes 820 Mbits/sec

[ 5] 3.01-4.01 sec 97.8 MBytes 820 Mbits/sec

[ 5] 4.01-5.00 sec 96.4 MBytes 820 Mbits/sec

[ 5] 5.00-6.01 sec 98.8 MBytes 820 Mbits/sec

[ 5] 6.01-7.01 sec 97.6 MBytes 820 Mbits/sec

[ 5] 7.01-8.01 sec 97.1 MBytes 818 Mbits/sec

[ 5] 8.01-9.00 sec 97.5 MBytes 820 Mbits/sec

[ 5] 9.00-10.00 sec 97.6 MBytes 820 Mbits/sec

- - - - - - - - - - - - - - - - - - - - - - - - -

[ ID] Interval Transfer Bitrate

[ 5] 0.00-10.00 sec 981 MBytes 823 Mbits/sec sender

[ 5] 0.00-10.02 sec 979 MBytes 819 Mbits/sec receiver

To isolate if this is a problem with the Google Wifi AP, i switched to my old Synology router and set it as an AP behind the Mikrotik router and I got the same exact results.
Getting max throughput when PC is connected directly to the Synology AP but maxes at 300 when connected via WiFi to the Synology AP

Already several times it has been hinted to show your config although the info you provide, does not seem to indicate an issue with the wired part.
Even if you add a non-MT AP into the mix, it is still a wired device for your Hex.

However …if from wired to wired you “only” get around 820Mbps, then something is possibly not ok. You should get 950-ish.
I also have Hex Refresh and using ports 2-5 it can reach 950Mbps (= 1Gb connection) without even sweating if set properly.
Unless you also added ether1 into the mix ?? That’s a special case on this device since it does not pass switch chip, only direct connection to CPU.

But then we need to see your config AND small diagram how everything is connected.

My full config:

# 2024-12-23 20:36:45 by RouterOS 7.16.2
# software id = 7UXP-FZDD
#
# model = E50UG
# serial number = HH7XXXX
/interface bridge
add name=bridge1.LAN1
add name=bridge2.LAN2
/interface ethernet
set [ find default-name=ether1 ] name=ether1.WAN1
set [ find default-name=ether2 ] name=ether2.WAN2
set [ find default-name=ether3 ] name=ether3.WAN3
set [ find default-name=ether4 ] name=ether4.LAN1
set [ find default-name=ether5 ] name=ether5.LAN2
/ip pool
add name=LAN1 ranges=10.0.0.60-10.0.0.254
add name=LAN2 ranges=172.0.1.2-172.0.1.254
/ip dhcp-server
add address-pool=LAN1 interface=bridge1.LAN1 lease-time=1d name=LAN1
add address-pool=LAN2 interface=bridge2.LAN2 lease-time=1d name=LAN2
/routing table
add disabled=no fib name=WAN1
add disabled=no fib name=WAN2
add disabled=no fib name=WAN3
add disabled=no fib name="Ping via WAN1"
add disabled=no fib name="Ping via WAN2"
add disabled=no fib name="Ping via WAN3"
/interface bridge port
add bridge=bridge1.LAN1 interface=ether4.LAN1
add bridge=bridge1.LAN1 interface=ether5.LAN2
/ip address
add address=10.0.0.1/24 interface=bridge1.LAN1 network=10.0.0.0
add address=172.0.1.1/24 interface=bridge2.LAN2 network=172.0.1.0
/ip dhcp-client
add add-default-route=no interface=ether1.WAN1 script=":if (\$bound=1) do={\r\
    \n  /ip route set [find where comment=\"WAN1\"] gateway=\$\"gateway-addres\
    s\";/ip route set [find where comment=\"Ping via WAN1\"] gateway=\$\"gatew\
    ay-address\";/ip route set [find where comment=\"Default route via WAN1\"]\
    \_gateway=\$\"gateway-address\";/tool/netwatch set [find where comment=\"P\
    ing via WAN1\"] src-address=\$\"lease-address\" disabled=no;/routing rule \
    set [find where comment=\"Ping via WAN1\"] src-address=\$\"lease-address\"\
    \r\
    \n} else={\r\
    \n  /ip route set [find where comment=\"WAN1\"] disabled=yes\r\
    \n}" use-peer-dns=no use-peer-ntp=no
add add-default-route=no interface=ether2.WAN2 script=":if (\$bound=1) do={\r\
    \n  /ip route set [find where comment=\"WAN2\"] gateway=\$\"gateway-addres\
    s\";/ip route set [find where comment=\"Ping via WAN2\"] gateway=\$\"gatew\
    ay-address\";/ip route set [find where comment=\"Default route via WAN2\"]\
    \_gateway=\$\"gateway-address\";/tool/netwatch set [find where comment=\"P\
    ing via WAN2\"] src-address=\$\"lease-address\" disabled=no;/routing rule \
    set [find where comment=\"Ping via WAN2\"] src-address=\$\"lease-address\"\
    \r\
    \n} else={\r\
    \n  /ip route set [find where comment=\"WAN2\"] disabled=yes\r\
    \n}" use-peer-dns=no use-peer-ntp=no
add add-default-route=no interface=ether3.WAN3 script=":if (\$bound=1) do={\r\
    \n  /ip route set [find where comment=\"WAN3\"] gateway=\$\"gateway-addres\
    s\";/ip route set [find where comment=\"Ping via WAN3\"] gateway=\$\"gatew\
    ay-address\";/ip route set [find where comment=\"Default route via WAN3\"]\
    \_gateway=\$\"gateway-address\";/tool/netwatch set [find where comment=\"P\
    ing via WAN3\"] src-address=\$\"lease-address\" disabled=no;/routing rule \
    set [find where comment=\"Ping via WAN3\"] src-address=\$\"lease-address\"\
    \r\
    \n} else={\r\
    \n  /ip route set [find where comment=\"WAN3\"] disabled=yes\r\
    \n}" use-peer-dns=no use-peer-ntp=no
/ip dhcp-server lease
add address=10.0.0.18 comment="RaspberryPi Docker" mac-address=\
    2C:CF:67:62:56:FE server=LAN1
add address=10.0.0.11 comment=SynologyNAS mac-address=00:11:32:BB:B6:C8 \
    server=LAN1
add address=10.0.0.12 comment="Epson WF C5790" mac-address=DC:CD:2F:A3:C1:0B \
    server=LAN1
add address=10.0.0.15 comment="RaspberryPi OctoPrint" mac-address=\
    DC:A6:32:81:15:98 server=LAN1
add address=10.0.0.16 comment="RaspberryPi PiKVM" mac-address=\
    D8:3A:DD:AA:3E:2B server=LAN1
add address=10.0.0.17 comment="RaspberryPi HomeAssistant" mac-address=\
    E4:5F:01:8A:2A:A6 server=LAN1
add address=10.0.0.31 comment="Oasis Mini" mac-address=18:8B:0E:D0:65:64 \
    server=LAN1
add address=10.0.0.42 comment="Sony PlayStation Portal" mac-address=\
    9C:37:CB:69:2E:AA server=LAN1
add address=10.0.0.41 client-id=1:bc:33:29:68:31:5a comment=\
    "Sony PlayStation 5" mac-address=BC:33:29:68:31:5A server=LAN1
add address=10.0.0.13 client-id=1:90:9:d0:7:4a:e3 comment=SynologyRouter2 \
    mac-address=90:09:D0:07:4A:E3 server=LAN1
/ip dhcp-server network
add address=10.0.0.0/24 gateway=10.0.0.1 netmask=24
add address=172.0.1.0/24 gateway=172.0.1.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=1.1.1.1 verify-doh-cert=yes
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=\
    established,related hw-offload=yes
add action=accept chain=forward connection-state=established,related
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1.WAN1
add action=masquerade chain=srcnat out-interface=ether2.WAN2
add action=masquerade chain=srcnat out-interface=ether3.WAN3
add action=dst-nat chain=dstnat comment="PS Remote Play" dst-port=8572 \
    protocol=udp to-addresses=10.0.0.41 to-ports=8572
add action=dst-nat chain=dstnat comment="PS Remote Play" dst-port=9303 \
    protocol=udp to-addresses=10.0.0.41 to-ports=9303
add action=dst-nat chain=dstnat comment="PS Remote Play" dst-port=9308 \
    protocol=udp to-addresses=10.0.0.41 to-ports=9308
add action=dst-nat chain=dstnat comment="PS Remote Play" dst-port=9297 \
    protocol=udp to-addresses=10.0.0.41 to-ports=9297
add action=dst-nat chain=dstnat comment="SN DownloadStation" dst-port=16881 \
    protocol=tcp to-addresses=10.0.0.11 to-ports=16881
add action=dst-nat chain=dstnat comment="SN DownloadStation" dst-port=16881 \
    protocol=udp to-addresses=10.0.0.11 to-ports=16881
add action=dst-nat chain=dstnat comment=Plex dst-port=32400 protocol=tcp \
    to-addresses=10.0.0.11 to-ports=32400
/ip route
add comment=WAN2 disabled=no distance=5 dst-address=0.0.0.0/0 gateway=\
    XXX.201.XXX.1 routing-table=main scope=30 suppress-hw-offload=no \
    target-scope=10
add comment=WAN3 disabled=yes distance=10 dst-address=0.0.0.0/0 gateway=\
    10.XXX.0.1 routing-table=main scope=30 suppress-hw-offload=no \
    target-scope=10
add comment=WAN1 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    10.150.XXX.1 routing-table=main scope=30 suppress-hw-offload=no \
    target-scope=10
add comment="Ping via WAN1" disabled=no distance=1 dst-address=1.1.1.1/32 \
    gateway=10.150.XXX.1 routing-table="Ping via WAN1" scope=30 \
    suppress-hw-offload=no target-scope=10
add comment="Ping via WAN3" disabled=no distance=1 dst-address=1.1.1.1/32 \
    gateway=10.XXX.0.1 routing-table="Ping via WAN3" scope=30 \
    suppress-hw-offload=no target-scope=10
add comment="Ping via WAN2" disabled=no distance=1 dst-address=1.1.1.1/32 \
    gateway=XXX.X.X.1 routing-table="Ping via WAN2" scope=30 \
    suppress-hw-offload=no target-scope=10
add comment="Default route via WAN2" disabled=no distance=1 dst-address=\
    0.0.0.0/0 gateway=XXX.201.XXX.1 routing-table=WAN2 scope=30 \
    suppress-hw-offload=no target-scope=10
add comment="Default route via WAN3" disabled=no distance=1 dst-address=\
    0.0.0.0/0 gateway=10.XXX.0.1 routing-table=WAN3 scope=30 \
    suppress-hw-offload=no target-scope=10
add comment="Default route via WAN1" disabled=no distance=1 dst-address=\
    0.0.0.0/0 gateway=10.150.XXX.1 routing-table=WAN1 scope=30 \
    suppress-hw-offload=no target-scope=10
/ip service
set www disabled=yes
/ip upnp
set allow-disable-external-interface=yes enabled=yes show-dummy-rule=no
/ip upnp interfaces
add disabled=yes interface=ether1.WAN1 type=external
add interface=ether2.WAN2 type=external
add disabled=yes interface=ether3.WAN3 type=external
add interface=bridge1.LAN1 type=internal
/routing rule
add action=lookup-only-in-table comment="Ping via WAN1" disabled=no \
    dst-address=1.1.1.1/32 src-address=10.150.XXX.156 table="Ping via WAN1"
add action=lookup-only-in-table comment="Ping via WAN2" disabled=no \
    dst-address=1.1.1.1/32 src-address=XXX.201.XXX.53 table="Ping via WAN2"
add action=lookup-only-in-table comment="Ping via WAN3" disabled=no \
    dst-address=1.1.1.1/32 src-address=10.XXX.63.111 table="Ping via WAN3"
add action=lookup-only-in-table comment="Route LAN IP to WAN1" disabled=no \
    src-address=10.0.0.22/32 table=WAN1
add action=lookup-only-in-table comment="Route LAN IP to WAN2" disabled=no \
    src-address=10.0.0.23/32 table=WAN2
add action=lookup-only-in-table comment="Route LAN IP to WAN2" disabled=no \
    src-address=10.0.0.42/32 table=WAN2
add action=lookup-only-in-table comment="Route LAN IP to WAN3" disabled=yes \
    src-address=10.0.0.24/32 table=WAN3
/system clock
set time-zone-name=Asia/Manila
/system note
set show-at-login=no
/tool netwatch
add comment="Ping via WAN1" disabled=no down-script="/ip route set [find where\
    \_comment=\"WAN1\"] disabled=yes\r\
    \n/routing rule set [find where comment=\"Route LAN IP to WAN1\"] disabled\
    =yes" host=1.1.1.1 http-codes="" interval=1s src-address=10.150.XXX.156 \
    test-script="" type=icmp up-script="/ip route set [find where comment=\"WA\
    N1\"] disabled=no\r\
    \n/routing rule set [find where comment=\"Route LAN IP to WAN1\"] disabled\
    =no"
add comment="Ping via WAN2" disabled=no down-script="/ip route set [find where\
    \_comment=\"WAN2\"] disabled=yes\r\
    \n/routing rule set [find where comment=\"Route LAN IP to WAN2\"] disabled\
    =yes" host=1.1.1.1 http-codes="" interval=1s src-address=XXX.201.XXX.53 \
    test-script="" type=icmp up-script="/ip route set [find where comment=\"WA\
    N2\"] disabled=no\r\
    \n/routing rule set [find where comment=\"Route LAN IP to WAN2\"] disabled\
    =no"
add comment="Ping via WAN3" disabled=no down-script="/ip route set [find where\
    \_comment=\"WAN3\"] disabled=yes\r\
    \n/routing rule set [find where comment=\"Route LAN IP to WAN3\"] disabled\
    =yes" host=1.1.1.1 http-codes="" interval=1s src-address=10.XXX.63.111 \
    test-script="" type=icmp up-script="/ip route set [find where comment=\"WA\
    N3\"] disabled=no\r\
    \n/routing rule set [find where comment=\"Route LAN IP to WAN3\"] disabled\
    =no"

(moved post with config into this thread since you replied in another thread, from 2023)

Please also add drawing how you test your iperf setup.
From which device to which port on Hex, which port from Hex to which other device.
Same with wireless AP, what port is it being connected to ?

Quick comment: this is not a standard config you show here and may very well be the reason why everything slows down …
As an example: using 2 bridges makes sure everything has to pass CPU once you pass bridge boundaries. Bye bye throughput.

Sorry, please let me know if my diagram makes sense.

On SpeedTest i am constantly getting 910-930ish download and 900ish upload on wired connections

Thank you for this diagram.

Where is the iperf server ?

Also, you did not mention in your initial post you have THREE WAN connections to ISP ?
Which device is using which WAN connection ?

Ether5/LAN2 is not being used for the moment ?

Thanks. The 2nd bridge I have was just configured for future expansion in case all goes well in my configuration. This is currently not being used.
The config I have is mainly to utilize Netwatch to handle the multi-wan failover.

There came a time when both WAN1 and WAN2 failed, and we were without internet for a week, so I had to add WAN3 hence the need for a multiwan router.
WAN1 is active for most connections. Im using WAN2 and WAN3 as failovers and not load balancing. I have other IPs configured to the other WANs (different docker containers running speedtest trackers for each WAN connection—they work fine. I get the correct speeds advertised by my ISPs on each connection). Other than that its just WAN1 for everything.

The iPerf3 server is on PC2 and PC1 as the client for the Wireless to Wired test
PC2 as server and PC3 as the client for the wired to wired test

If you are testing from PC1 wireless to PC2, you are not really passing Hex.
It stays on that switch.

What sort of switch is it ?

Simple test since both ether4 and ether5 are on the same bridge:
remove that switch from the mix.
remove/disable bridge2 (to be sure HW offloading is fully active on the remaining bridge) - reboot might be needed, I am not sure here so better be safe and do it.
Add AP1 to ether4
Add PC2 to ether5.

Iperf test. Results ?

Its a basic TPLink 16-port Gigabit switch TL-SG1016.

Noted on this. I’ll test this tonight and report back here.

There are months apart between the results from the two screenshots, over half a year. When is the most recent “good” result (obtained with the old router)? Your wireless environment might have changed in between, maybe the neighbor bought more powerful equipment and now there is more interference? Maybe the Google nodes got some firmware upgrades, or the MacBook some driver upgrades?