Community discussions

MikroTik App
 
Bagpuss
just joined
Topic Author
Posts: 12
Joined: Wed Jun 30, 2021 9:56 pm
Location: London, UK

Why is my CAPsMAN network not as good as I hope for?

Thu Sep 02, 2021 2:20 am

Hi, I’m hoping that there are some RouterOS legends here who can see what’s going wrong with my network, please?

It’s not a big or complex setup:
One RB4011iGS+5HacQ2HnD, running everything. Connected to a cable modem.
Two HAPac2 units, connected by Ethernet, managed by CAPsMAN, to provide better WiFi coverage throughout the house.

It works really well! Until it doesn’t. I can’t pinpoint the problem. A computer that is connected only by Ethernet gets 100% reliable fast internet. Things connected by wifi just don’t. It works fine, with fast access, then something bombs out. iPhone, for example, works fine, then suddenly just can’t get internet through the wifi. Defaults to 4G. It comes back eventually.

Happy to post whatever is needed here - a complete export, with hide-sensitive? Is that the protocol?

Thank you in advance!
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: Why is my CAPsMAN network not as good as I hope for?

Thu Sep 02, 2021 2:38 am

Correct. To export and paste your configuration (and I'm assuming you are using WebFig or Winbox), open a terminal window, and type (without the quotes) "/export hide-sensitive file=any-filename-you-wish". Then open the files section and right click on the filename you created and select download in order to download the file to your computer. It will be a text file with whatever name you saved to with an extension of .rsc. Then in your message here, click the code display icon in the toolbar above the text entry (the code display icon is the 7th one from the left and looks like a square with a blob in the middle). Then paste the text from the file in between the two code words in brackets.
 
Bagpuss
just joined
Topic Author
Posts: 12
Joined: Wed Jun 30, 2021 9:56 pm
Location: London, UK

Re: Why is my CAPsMAN network not as good as I hope for?

Thu Sep 02, 2021 3:11 am

Thank you Jim, those instructions were helpful. Code below.

So, I'm not a total beginner, but not an expert. RouterOS gets pretty technical mighty fast!
This setup was largely created by a friend who is more proficient. I have done a small amount of tinkering over the years, but trying to be very careful and not playing with things I don't understand.
That said, I have got this stuff to learn with.

Setup: Terraced house, three floors. I've done wifi scans, and while the neighbours do have networks, I think we're not too congested.
There's a 2.GHhz baby monitor in the house, but it's not always running.
The access list rules (accept/reject) are intended to stop smart phones from clinging on to distant, weak AP signals.
A device should never be more than about 10m from an AP, even if through a wall or floor. I do have a couple more HaP AC2s in boxes, but I feel they shouldn't be necessary?

What might be the problem? Or problems? Have I done something stupid? What can I improve?

Very much open to suggestions, and keen to learn.
Thank you!



# sep/02/2021 00:46:53 by RouterOS 6.48.4
# software id = 8NSR-U1IH
#
# model = RB4011iGS+5HacQ2HnD
# serial number = 968909******
/caps-man channel
add band=2ghz-b/g/n control-channel-width=20mhz extension-channel=disabled \
    frequency=2412 name=channel1
add band=2ghz-b/g/n control-channel-width=20mhz extension-channel=disabled \
    frequency=2437 name=channel6
add band=2ghz-b/g/n control-channel-width=20mhz extension-channel=disabled \
    frequency=2462 name=channel11
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=Ce \
    frequency=5180 name=channel36
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=Ce \
    frequency=5220 name=channel44
/interface bridge
add arp=proxy-arp name=bridge-Home priority=0x1000
/interface wireless
# managed by CAPsMAN
# channel: 5500/20-Ceee/ac/DP(27dBm)+5210/80/P(20dBm), SSID: Lancelot, local forwarding
set [ find default-name=wlan1 ] antenna-gain=0 country=no_country_set \
    disabled=no frequency-mode=manual-txpower radio-name=B869F4BE97AB ssid=\
    MikroTik station-roaming=enabled
# managed by CAPsMAN
# channel: 2412/20/gn(20dBm), SSID: Lancelot, local forwarding
set [ find default-name=wlan2 ] antenna-gain=0 country=no_country_set \
    disabled=no frequency-mode=manual-txpower ssid=MikroTik station-roaming=\
    enabled
add disabled=no mac-address=BA:69:F4:B2:9F:30 master-interface=wlan2 name=\
    wlan3 station-roaming=enabled
add disabled=no mac-address=BA:69:F4:BE:97:AC master-interface=wlan1 name=\
    wlan5 station-roaming=enabled
add disabled=no mac-address=BA:69:F4:B2:9F:30 master-interface=wlan2 name=\
    wlan6 station-roaming=enabled
add disabled=no mac-address=BA:69:F4:BE:97:AC master-interface=wlan1 name=\
    wlan7 station-roaming=enabled
add disabled=no mac-address=B8:69:F4:BE:97:AC master-interface=wlan1 name=\
    wlan12
/interface ethernet
set [ find default-name=ether1 ] name=ether1-VIRGINMEDIA
set [ find default-name=ether2 ] name=ether2-WAN2
set [ find default-name=ether3 ] name=ether3LAN
set [ find default-name=ether4 ] arp=reply-only name=ether4LAN
set [ find default-name=ether5 ] arp=reply-only name=ether5LAN
/interface vlan
add comment=\
    "VLAN for guests - can't get onto home devices, e.g. Sonos, URC etc" \
    interface=bridge-Home name=vlan20-GUESTS vlan-id=20
/caps-man datapath
add bridge=bridge-Home client-to-client-forwarding=yes local-forwarding=yes \
    name=datapath-DdV vlan-mode=no-tag
add bridge=bridge-Home client-to-client-forwarding=yes local-forwarding=yes \
    name=datapath-guest vlan-id=20 vlan-mode=use-tag
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm name=DdVSEC
add authentication-types=wpa2-psk encryption=aes-ccm name=GuestSEC
/caps-man configuration
add country="united kingdom" datapath=datapath-DdV mode=ap name=cfg-DdV \
    security=DdVSEC ssid=Lancelot
add country="united kingdom" datapath=datapath-guest name=cfg-Guest security=\
    GuestSEC ssid=Guests
/caps-man interface
add channel=channel6 channel.frequency=2437 configuration=cfg-DdV disabled=no \
    l2mtu=1600 mac-address=CC:2D:E0:CA:20:61 master-interface=none name=\
    cap-Kitch2GLance radio-mac=CC:2D:E0:CA:20:61 radio-name=""
add channel.frequency=2437 configuration=cfg-Guest disabled=yes l2mtu=1600 \
    mac-address=CE:2D:E0:CA:20:61 master-interface=cap-Kitch2GLance name=\
    cap-Kitch2Gguest radio-mac=00:00:00:00:00:00 radio-name=""
add channel=channel36 channel.frequency=5180 configuration=cfg-DdV datapath=\
    datapath-DdV disabled=no l2mtu=1600 mac-address=CC:2D:E0:CA:20:62 \
    master-interface=none name=cap-Kitch5GLance radio-mac=CC:2D:E0:CA:20:62 \
    radio-name="" security=DdVSEC
add channel=channel36 channel.frequency=5180 configuration=cfg-Guest \
    disabled=yes l2mtu=1600 mac-address=CE:2D:E0:CA:20:62 name=\
    cap-Kitch5Gguest radio-mac=00:00:00:00:00:00 radio-name=""
add channel=channel1 channel.frequency=2412 configuration=cfg-DdV disabled=no \
    l2mtu=1600 mac-address=B8:69:F4:B2:9F:30 master-interface=none name=\
    cap-LivRm2GLance radio-mac=B8:69:F4:B2:9F:30 radio-name=B869F4B29F30
add configuration=cfg-Guest disabled=yes l2mtu=1600 mac-address=\
    BA:69:F4:B2:9F:30 master-interface=cap-LivRm2GLance name=\
    cap-LivRm2Gguests radio-mac=00:00:00:00:00:00 radio-name=""
add configuration=cfg-DdV disabled=no l2mtu=1600 mac-address=\
    B8:69:F4:BE:97:AC master-interface=none name=cap-LivRm5GLance radio-mac=\
    B8:69:F4:BE:97:AC radio-name=B869F4BE97AC
add channel=channel11 configuration=cfg-DdV disabled=no l2mtu=1600 \
    mac-address=CC:2D:E0:CA:1F:9F master-interface=none name=cap-Off2GLance \
    radio-mac=CC:2D:E0:CA:1F:9F radio-name=CC2DE0CA1F9F
add channel=channel44 channel.frequency=5220 configuration=cfg-DdV disabled=\
    no l2mtu=1600 mac-address=CC:2D:E0:CA:1F:A0 master-interface=none name=\
    cap-Off5GLance radio-mac=CC:2D:E0:CA:1F:A0 radio-name=CC2DE0CA1FA0
add configuration=cfg-Guest disabled=yes l2mtu=1600 mac-address=\
    CE:2D:E0:CA:1F:9F master-interface=cap-Off2GLance name=cap-off2G-Guest \
    radio-mac=00:00:00:00:00:00 radio-name=""
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc,aes-128-cbc lifetime=0s \
    pfs-group=none
/ip kid-control
add name="Test user"
/ip pool
add name=pool-LAN ranges=192.168.18.60-192.168.18.150
add name=pool-Guests ranges=192.168.5.10-192.168.5.200
add name=pool-VPN ranges=10.10.10.210-10.10.10.219
/ip dhcp-server
add add-arp=yes address-pool=pool-LAN disabled=no interface=bridge-Home \
    lease-time=8h10m name=dhcp-LAN
add add-arp=yes address-pool=pool-Guests disabled=no interface=vlan20-GUESTS \
    lease-time=2h10m name=dhcp-Guests
/ppp profile
add dns-server=8.8.8.8,8.8.4.4 local-address=10.10.10.1 name=L2TP-IPSEC \
    queue-type=multi-queue-ethernet-default remote-address=pool-VPN \
    use-encryption=required
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
    sword,web,sniff,sensitive,api,romon,dude,tikapp"
/caps-man access-list
add action=accept allow-signal-out-of-range=10s disabled=no signal-range=\
    -75..120 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s disabled=no signal-range=\
    -120..-76 ssid-regexp=""
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes upgrade-policy=\
    suggest-same-version
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=cfg-DdV \
    slave-configurations=cfg-Guest
/interface bridge port
add bridge=bridge-Home interface=ether3LAN
add bridge=bridge-Home interface=ether4LAN
add bridge=bridge-Home interface=ether5LAN
add bridge=bridge-Home interface=vlan20-GUESTS
add bridge=bridge-Home interface=ether6
add bridge=bridge-Home interface=ether7
add bridge=bridge-Home interface=ether8
add bridge=bridge-Home interface=ether9
add bridge=bridge-Home interface=ether10
add bridge=bridge-Home interface=sfp-sfpplus1
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface detect-internet
set detect-interface-list=all
/interface l2tp-server server
set authentication=mschap1,mschap2 default-profile=L2TP-IPSEC enabled=yes \
    keepalive-timeout=disabled max-mru=1400 max-mtu=1460
/interface list member
add interface=ether1-VIRGINMEDIA list=WAN
add interface=ether2-WAN2 list=LAN
add interface=ether3LAN list=LAN
add interface=ether4LAN list=LAN
add interface=ether5LAN list=LAN
add interface=ether6 list=LAN
add interface=ether7 list=LAN
add interface=ether8 list=LAN
add interface=ether9 list=LAN
add interface=ether10 list=LAN
add interface=sfp-sfpplus1 list=LAN
add interface=wlan2 list=LAN
/interface wireless cap
# 
set bridge=bridge-Home certificate=request discovery-interfaces=bridge-Home \
    enabled=yes interfaces=wlan1,wlan2
/ip address
add address=192.168.18.1/24 interface=bridge-Home network=192.168.18.0
add address=192.168.5.1/24 interface=vlan20-GUESTS network=192.168.5.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=6h
/ip dhcp-client
add disabled=no interface=ether1-VIRGINMEDIA use-peer-dns=no
add add-default-route=no disabled=no interface=ether2-WAN2
/ip dhcp-server lease
add address=192.168.18.140 client-id=1:b0:c5:54:e:aa:6f mac-address=\
    B0:C5:54:0E:AA:6F server=dhcp-LAN
add address=192.168.18.98 client-id=1:8:ed:ed:28:e1:14 comment=\
    "IC Realtime NVR" mac-address=08:ED:ED:28:E1:14 server=dhcp-LAN
/ip dhcp-server network
add address=192.168.5.0/24 dns-server=192.168.5.1 gateway=192.168.5.1
add address=192.168.18.0/24 dns-server=192.168.18.1 gateway=192.168.18.1 \
    netmask=24
/ip dns
set allow-remote-requests=yes cache-max-ttl=1d servers=8.8.8.8,8.8.4.4
/ip firewall filter
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=accept chain=input comment=L2TP/IPSEC dst-port=500 protocol=udp
add action=accept chain=input comment=L2TP/IPSEC dst-port=1701 protocol=udp
add action=accept chain=input comment=L2TP/IPSEC dst-port=4500 protocol=udp
add action=accept chain=input protocol=ipsec-ah
add action=accept chain=input protocol=ipsec-esp
add action=accept chain=input comment=\
    "allow winbox from Dud - everyone else can take a running jump" \
    dst-port=8291 in-interface=ether1-VIRGINMEDIA protocol=tcp src-address=\
    93.89.xxx.xxx
add action=accept chain=input comment="allow www" dst-port=8080 in-interface=\
    ether1-VIRGINMEDIA protocol=tcp
add action=accept chain=input comment="allow www" dst-port=8080 in-interface=\
    ether2-WAN2 protocol=tcp
add action=accept chain=input comment="Allow SSH" dst-port=62222 \
    in-interface=ether1-VIRGINMEDIA protocol=tcp
add action=drop chain=input dst-address=192.168.18.0/24 src-address=\
    192.168.5.0/24
add action=drop chain=input in-interface=ether1-VIRGINMEDIA
add action=accept chain=input comment="allow IC Realtime NVR access" \
    dst-port=8081 in-interface=ether1-VIRGINMEDIA protocol=tcp
add action=accept chain=input comment="IC Realtime NVR remote access" \
    dst-port=4443 in-interface=ether1-VIRGINMEDIA protocol=tcp
add action=accept chain=input comment="allow IC Realtime NVR" dst-port=37777 \
    in-interface=ether1-VIRGINMEDIA protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=\
    192.168.18.0/24 src-address=192.168.18.0/24
add action=masquerade chain=srcnat out-interface=ether1-VIRGINMEDIA
add action=masquerade chain=srcnat out-interface=ether2-WAN2
add action=masquerade chain=srcnat comment="L2TP/IPSEC NAT" dst-address=\
    !10.10.10.0/24 src-address=10.10.10.0/24
add action=dst-nat chain=dstnat comment="NVR Web page" dst-port=4443 \
    in-interface=ether1-VIRGINMEDIA protocol=tcp to-addresses=192.168.18.98
add action=dst-nat chain=dstnat comment="NVR Port Fwd Rule 1" dst-port=37777 \
    in-interface=ether1-VIRGINMEDIA protocol=tcp to-addresses=192.168.18.98 \
    to-ports=37777
add action=dst-nat chain=dstnat comment="NVR Port Fwd Rule 2" dst-port=554 \
    in-interface=ether1-VIRGINMEDIA protocol=tcp to-addresses=192.168.18.98 \
    to-ports=554
add action=dst-nat chain=dstnat comment="NVR Port Fwd Rule 3" dst-port=37778 \
    in-interface=ether1-VIRGINMEDIA protocol=udp to-addresses=192.168.18.98 \
    to-ports=37778
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www port=8080
set ssh port=62222
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/ppp secret
add name=xxxxxx profile=L2TP-IPSEC service=l2tp
/system clock
set time-zone-name=Europe/London
/system identity
set name=MikroTik-LivRm
/system leds
add interface=wlan2 leds="wlan2_signal1-led,wlan2_signal2-led,wlan2_signal3-le\
    d,wlan2_signal4-led,wlan2_signal5-led" type=wireless-signal-strength
add interface=wlan2 leds=wlan2_tx-led type=interface-transmit
add interface=wlan2 leds=wlan2_rx-led type=interface-receive
/system routerboard settings
set auto-upgrade=yes
/tool traffic-monitor
add interface=ether1-VIRGINMEDIA name=tmon1
add interface=ether1-VIRGINMEDIA name=tmon2 threshold=0 traffic=received \
    trigger=always
 
Bagpuss
just joined
Topic Author
Posts: 12
Joined: Wed Jun 30, 2021 9:56 pm
Location: London, UK

Re: Why is my CAPsMAN network not as good as I hope for?

Mon Sep 27, 2021 7:16 pm

Hello,
can anyone spot any anomalies here, please?
Had an occurrence just now where two iPhones were getting 0.5Mbps, while a laptop over ethernet is getting 370Mbps.

It's driving me bananas. Half tempted to start again with some different kit, but I'm so invested in this now - time, mainly! And I want to crack it!

Thanks :-)
 
ivicask
Member
Member
Posts: 417
Joined: Tue Jul 07, 2015 2:40 pm
Location: Croatia, Zagreb

Re: Why is my CAPsMAN network not as good as I hope for?

Mon Sep 27, 2021 8:16 pm

I got same issues as you and i dont think there is anything left i didint try, other brands work fine on same setup with zero issues.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Why is my CAPsMAN network not as good as I hope for?

Mon Sep 27, 2021 9:02 pm

I get average results with occasional stability issues but way better than what you are getting.
Big difference is I dont use capsman its not for the beginner IMHO and should be left alone if possible.
 
Bagpuss
just joined
Topic Author
Posts: 12
Joined: Wed Jun 30, 2021 9:56 pm
Location: London, UK

Re: Why is my CAPsMAN network not as good as I hope for?

Mon Sep 27, 2021 9:55 pm

But... but... I can't just give up!

CAPsMAN allows so many useful things, right? Access lists, to boot phones off, forcing them to join a better AP as one moves around the property instead of clinging on to a weak, distant AP . And I have plenty of kit, so I don't really want to get new kit. And I have spare kit, so when we move house in 6 months, I can get a sprawling place working, right?

It must be something fixable; I'm not asking for the world!

So in this instance, it was one HAPac2 that was presenting the problem. Two iPhones (11 Pro and 13 Pro) were both connected to the 5GHz network, only about 3 meters form AP. Getting 0.5Mbps, ping of 150ms. Reboot the HAPac2, both reconnect to the same network and get 200Mbps.

So I know that it CAN work, I just want it to remain stable.

The problem's in there somewhere! Anyone got any suggestions?
 
biomesh
Long time Member
Long time Member
Posts: 561
Joined: Fri Feb 10, 2012 8:25 pm

Re: Why is my CAPsMAN network not as good as I hope for?

Mon Sep 27, 2021 10:05 pm

I would set your 2ghz channels to 2ghz-onlyn or at least 2ghz-g/n. For 5ghz set it to 5ghz-n/ac. You could have issues negotiating the older protocols.
 
ivicask
Member
Member
Posts: 417
Joined: Tue Jul 07, 2015 2:40 pm
Location: Croatia, Zagreb

Re: Why is my CAPsMAN network not as good as I hope for?

Mon Sep 27, 2021 10:32 pm

I would set your 2ghz channels to 2ghz-onlyn or at least 2ghz-g/n. For 5ghz set it to 5ghz-n/ac. You could have issues negotiating the older protocols.
As you can see from hes config above he did that, so did i, while you are right and old protocols are total performanse killers and cause problems, in this case its not helping.
 
Bagpuss
just joined
Topic Author
Posts: 12
Joined: Wed Jun 30, 2021 9:56 pm
Location: London, UK

Re: Why is my CAPsMAN network not as good as I hope for?

Mon Sep 27, 2021 10:52 pm

Thanks for the suggestions, I’m hopeful that it’s something like this! A simple “silly boy, you’ve got this wrong” and we’re away!
Any more ideas?
 
ivicask
Member
Member
Posts: 417
Joined: Tue Jul 07, 2015 2:40 pm
Location: Croatia, Zagreb

Re: Why is my CAPsMAN network not as good as I hope for?

Mon Sep 27, 2021 11:09 pm

I don't think it's config issue or anything we can do our side, I mostly only have issue with Apple devices and I think its something Mikrotik needs to resolve their side.
 
biomesh
Long time Member
Long time Member
Posts: 561
Joined: Fri Feb 10, 2012 8:25 pm

Re: Why is my CAPsMAN network not as good as I hope for?

Mon Sep 27, 2021 11:19 pm

As you can see from hes config above he did that, so did i, while you are right and old protocols are total performanse killers and cause problems, in this case its not helping.
His config did not have those settings, thus the suggestion. Those are the settings I use with zero issues. I don't use apple devices though.
 
Bagpuss
just joined
Topic Author
Posts: 12
Joined: Wed Jun 30, 2021 9:56 pm
Location: London, UK

Re: Why is my CAPsMAN network not as good as I hope for?

Tue Sep 28, 2021 12:07 am

Thanks biomesh, I've made the changes to 2ghz-onlyn ando 5ghz-n/ac. Let's see if this is the magic fix :-)
 
ivicask
Member
Member
Posts: 417
Joined: Tue Jul 07, 2015 2:40 pm
Location: Croatia, Zagreb

Re: Why is my CAPsMAN network not as good as I hope for?

Tue Sep 28, 2021 7:53 am

As you can see from hes config above he did that, so did i, while you are right and old protocols are total performanse killers and cause problems, in this case its not helping.
His config did not have those settings, thus the suggestion. Those are the settings I use with zero issues. I don't use apple devices though.
What, did he change It I swear I saw n/ac only and g/n in config when made my post.

But anways it's first thing I set and I still have this sporadically problems with apple devices while other work fine.
 
Bagpuss
just joined
Topic Author
Posts: 12
Joined: Wed Jun 30, 2021 9:56 pm
Location: London, UK

Re: Why is my CAPsMAN network not as good as I hope for?

Wed Oct 13, 2021 1:09 am

Hi,
I didn’t edit my post, promise! And the changes are not, alas, the magic fix I hoped for.

A few devices still drop off intermittently.

I’m wondering, is there a boilerplate configuration I could use or adapt, or even compare mine to?

I’m not winning any brownie points with the WiFi. It’s so disappointing! I have more, and “better” kit than many other people I know, and I’m “more technical” than them. But I can’t make my WiFi reliable :-(

Any more things to try?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Why is my CAPsMAN network not as good as I hope for?

Wed Oct 13, 2021 1:24 am

Yes, go out and buy one TP Link EAP245, and just compare performance.
Then come back and report.
 
User avatar
rushlife
Member Candidate
Member Candidate
Posts: 243
Joined: Thu Nov 05, 2015 12:30 pm

Re: Why is my CAPsMAN network not as good as I hope for?

Wed Oct 13, 2021 10:51 am

local-forwarding=yes

just turn this off

NO is right value
 
biomesh
Long time Member
Long time Member
Posts: 561
Joined: Fri Feb 10, 2012 8:25 pm

Re: Why is my CAPsMAN network not as good as I hope for?

Wed Oct 13, 2021 6:07 pm

Generally speaking local-forwarding=no means all wifi traffic will be handled by the capsman server (via a bridge interface) and will be slower than with local-forwarding=yes - many times much slower. I have never heard of faster performance with local-forwarding=no unless you have something very odd in your network.
 
Bagpuss
just joined
Topic Author
Posts: 12
Joined: Wed Jun 30, 2021 9:56 pm
Location: London, UK

Re: Why is my CAPsMAN network not as good as I hope for?

Wed Oct 13, 2021 7:28 pm

Thank you again for the input, it is much appreciated.

If "performance" is the speed of the wifi, then I'm okay with performance - it's 200-300Mbps to an iPhone. Speed is okay, the issue is that sometimes it doesn't work at all. For example, in an iPhone's settings, a device will say it's still connected to the wifi network, but the wifi status icon disappears from the status bar, and is replaced by the 4G icon. The phone (or iPad) has ceased to get internet traffic, apparently. The internet is still there - devices connected with cables still work okay - but there's an issue with WiFi.

Frankly, consistent slower wifi would be tolerable over being told by other people in the house "the wifi's not working"!

I could just buy new kit, TP Link (or more likely Zyxel), and sometimes I'm tempted so to do. But then I think to myself hang-the-hell on, you've got loads of this kit and it works in other people's setups, so it's just a configuration issue, fix it. I'd have to buy 3 or 4 APs, so it wouldn't be an inexpensive migration.

I would be prepared to start from scratch (software configuration wise) yet again to try to make it work, though I'd rather not. Because most of the time it works fine, then it suddenly doesn't!

And as luck would have it, while writing that last sentence, my phone is not getting internet traffic! It's only 1.5m from an AP. I had tested it a few minutes ago, 200Mbps. My computer, on which I'm writing this, is connected. (Though I have a tiny suspicion that the wifi stopped working for a moment - I tried disabling the Ethernet connection to check the wifi, and it wasn't working for a minute or so on my MacBook Pro)

I've tried turning my phone wifi off and on, and it took a while to reconnect, but has reconnected. Comfortably getting 9ms and 200Mbps again. Aaarrrrgggghhhhh!!!!!!
 
biomesh
Long time Member
Long time Member
Posts: 561
Joined: Fri Feb 10, 2012 8:25 pm

Re: Why is my CAPsMAN network not as good as I hope for?

Thu Oct 14, 2021 3:34 am

If it's mainly just the apple devices, try to increase the lease time. Others have reported issues with shorter lease times on apple devices.
 
Bagpuss
just joined
Topic Author
Posts: 12
Joined: Wed Jun 30, 2021 9:56 pm
Location: London, UK

Re: Why is my CAPsMAN network not as good as I hope for?

Thu Nov 04, 2021 7:01 pm

Hi,

Thanks again for all the input. I’ve changed tack: I have a bunch of Zyxel Nebula kit I’m going to move to. So that I can have a better chance of getting done what I want to!

But… I want to get new kit running alongside old before I dump the old.

Some people have suggested that I could just plug the Zyxel switch into a port on my RB4011 and off we go, but it’s clearly not that simple.

I need to get the Zyxel switch talking to the Nebula cloud config servers. And already I’m falling down. I think it’s a firewall or NAT issue, and I’ve tried opening ports, setting up forwarding, but I’m not having success.

Does anyone have experience of this, or just know what I should do, please? I’ve spent hours trying so far :-(

Obviously the Zyxel chaps want to sell me an expensive Zyxel firewall and more kit. But I have a good router and firewall, and I kind of know that my RB4011 is way more powerful than I need for this work, and that’s fine and I have it. Am I being foolish? From reading around on this forum, my distilled thoughts are: use the Mikrotik for routing and firewall, turn off wireless.

I feel I’m close to success, but it’s just out of reach! Any ideas, please?
 
Bagpuss
just joined
Topic Author
Posts: 12
Joined: Wed Jun 30, 2021 9:56 pm
Location: London, UK

Re: Why is my CAPsMAN network not as good as I hope for?

Thu Nov 04, 2021 9:56 pm

Hold that thought...
As part of trying everything, I went digging around in the Zyxel switch settings, and found an option to turn on cloud management. Lo and behold... it's not talking to its cloud management. Very frustrating, as I really have wasted hours on this nonsense.

So, the one question that remains is: does the RB4011 remain, purely to act as a router and firewall? My instincts are that it should, as long as I can make it work and get what I need out of it. The thing here is that whilst my needs are modest, so is my RouterOS skillset.

I'm running my broadband provider's kit in modem only mode (Virgin Media, UK), and everything thereafter is done by the RB4011, by the way.

Thumbs up or thumbs down to keeping that bit of it?
 
holvoetn
Forum Guru
Forum Guru
Posts: 5317
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Why is my CAPsMAN network not as good as I hope for?

Thu Nov 04, 2021 10:06 pm

Whatever equipment you put after it, you can always use the Tik.
You just need to figure out which ports to open to where and which direction.

I got my first Mikrotik somewhere around March.
It's amazing what you can do with these things.
So much to learn ...
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Why is my CAPsMAN network not as good as I hope for?

Thu Nov 04, 2021 10:30 pm

Too funny I moved off of zyxel (and a reseller) many moon ago and migrated to a better bang for the buck in Mikrotik routers.
Yes they took a bit more brain power to config but very doable. If I can do it, so can you.
The default settings are pretty decent from the getgo.
If you want to make adjustments or changes to match your use cases, people here are willing to help.
Big thumbs up for the RB4011 wired.
(if you dont want it I will send you the postage to send me the unit, would be great for one of my kids).
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3169
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Why is my CAPsMAN network not as good as I hope for?

Fri Nov 05, 2021 7:07 pm

Maybe this was already done. But you for sure want to make sure "indoor" mode is set on the Wi-Fi radio interfaces, as the "dynamic ranging" doesn't play well with iOS IMO. If you haven't already replaced your APs, that is.
 
Bagpuss
just joined
Topic Author
Posts: 12
Joined: Wed Jun 30, 2021 9:56 pm
Location: London, UK

Re: Why is my CAPsMAN network not as good as I hope for?

Wed Nov 24, 2021 2:18 pm

Hi,

all working beautifully now, with Zyxel APs. The RB4011 still acting as firewall, so there's life in the old dog yet.

There's no doubt that one gets more bang for buck with Mikrotik, right up to the point that it just doesn't work. After a few years of trying to make the kit reliable, with the help of people far more knowledgable than myself, it was time to try a different tack!

Thanks again for all help and input, it's much appreciated.

I'll let the dust settle before trying to do any more tinkering with the Mikrotik as a firewall. In the meantime, I have a list of things to go on a well known auction site :-)

Who is online

Users browsing this forum: dioeyandika, GoogleOther [Bot], rplant and 44 guests