I was wondering if you can help me identify any obvious issues with my configuration (see the copy of the config file below). I'm using RB760iGS as my router and 2 Cap AC connected to it via lan, one on each floor. My initial idea was to have a single SSID for both bands and let devices decide what to use. I've noticed that my TV wouldn't stream 1080p/4k content and just starts to constantly buffer.
VOIP calls from my laptop (WebEx) or phone (Viber) would come out choppy. I would also experience slowness in remote desktop application, and my corporate vpn would often disconnect.
Ping test from a laptop showed 0.7% loss to 1.1.1.1 (over 2hrs of running it) and no loss to my router.
I then added a dedicated SSID for 5ghz only to test my laptop connection. VPN stopped disconnecting, but I didn't see any improvement in VOIP or remote desktop apps.
Below is my configuration.
Thank you.
Code: Select all
# jun/09/2020 11:42:37 by RouterOS 6.47
# software id = ZWB7-TAK4
#
# model = RB760iGS
# serial number =
/caps-man channel
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled name=2G
add band=5ghz-onlyac control-channel-width=20mhz extension-channel=Ceee name=5G skip-dfs-channels=yes
/interface bridge
add admin-mac=<admin_mac_address> auto-mac=no comment=defconf name=bridge
/caps-man datapath
add bridge=bridge client-to-client-forwarding=yes local-forwarding=yes name=wifi_datapath
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm group-key-update=1h name=wifi_security
/caps-man configuration
add channel=2G country="united states3" datapath=wifi_datapath installation=any mode=ap name=cfg2G security=wifi_security ssid=<SSID1>
add channel=5G country="united states3" datapath=wifi_datapath installation=any mode=ap name=cfg5G security=wifi_security ssid=<SSID1>
add channel=5G country="united states3" datapath=wifi_datapath installation=any mode=ap name=cfg5g2 security=wifi_security ssid=<SSID2>
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip kid-control
add name=<kid>
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
/user group
set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp
/caps-man access-list
add action=accept allow-signal-out-of-range=10s disabled=no signal-range=-80..120 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s disabled=no ssid-regexp=""
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes upgrade-policy=suggest-same-version
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=bridge
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=cfg2G name-format=prefix-identity name-prefix=2.4g
add action=create-dynamic-enabled hw-supported-modes=ac master-configuration=cfg5G name-format=prefix-identity name-prefix=5g slave-configurations=cfg5g2
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=sfp1
/ip neighbor discovery-settings
set discover-interface-list=none
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server lease
add address=192.168.88.x client-id=x_client_id mac-address=x_mac server=defconf
add address=192.168.88.y client-id=1:y_mac mac-address=y_mac server=defconf
add address=192.168.88.z client-id=1:z_mac mac-address=z_mac server=defconf
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=8.8.8.8,8.8.4.4 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.88.1 name=router.lan type=A
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment="Default masq" out-interface=ether1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh port=2200
set api disabled=yes
set winbox address=192.168.88.0/24
set api-ssl disabled=yes
/ip ssh
set forwarding-enabled=remote strong-crypto=yes
/system clock
set time-zone-name=America/Toronto
/system logging
add topics=wireless,debug
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=none
/tool mac-server ping
set enabled=no