Community discussions

MikroTik App
just joined
Topic Author
Posts: 16
Joined: Mon Nov 18, 2019 10:32 pm

Better home CAPsMAN setup?

Sat Dec 19, 2020 6:20 pm

Home CAPsMAN set-up

I've got the following in the house, all running long-term 6.46.8

Front Room - hAP AC2
Dining room - WAP AC
Upstairs - hAP ac lite

Then at the bottom of the garden I have another hAP ac lite

These are all wired together using a couple of RB2011 switches.

The hap AC2 is my router, is connected to my modem (UK 80/20 fibre ADSL) and is also my CAPsMAN manager.

The AC2 and WAP AC are about 8m away from each other.
Then the AC2 and ac lite upstairs about the same 8m distance too.

Then shed ac lite is 20m down the bottom of the garden on a powerline connection, so not too botherd about that one.

I have manually set the channels so that the APs don't clash.

I've set all this up, but I'm convinced it could be better.

--Devices don't seem to drop off and pass on to other APs well enough.
--Sometimes 2ghz seems to connect over 5ghz

I'm hoping that some of you experts might be able to spot any easy to fix problems?

Part of me thinks to just scrap the whole CAPsMAN setup and get some easy to use TP-Link with an app. I just want it to be painless and just work.

Any thoughts or tips would be very much appreciated.

# dec/19/2020 16:02:26 by RouterOS 6.46.8
# software id = RVQ2-WUT2
# model = RBD52G-5HacD2HnD
# serial number = B4A00AF187FA
/caps-man channel
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled \
    name=NEW-CH2.4-auto reselect-interval=1h
add band=5ghz-n/ac control-channel-width=20mhz extension-channel=XXXX name=\
    NEW-CH5-auto reselect-interval=1h
add band=2ghz-g/n control-channel-width=20mhz frequency=2412 name=ch2.4-ch1
add band=2ghz-g/n control-channel-width=20mhz frequency=2437 name=ch2.4-ch6
add band=2ghz-g/n control-channel-width=20mhz frequency=2462 name=ch2.4-ch11
add band=5ghz-n/ac frequency=5320 name=5ghz-ch64
add band=5ghz-n/ac frequency=5765 name=5ghz-ch153
add band=5ghz-n/ac frequency=5745 name=5ghz-ch149
/interface bridge
add name=bridge1
add name=empty-bridge
/interface ethernet
set [ find default-name=ether2 ] name="Nvidia"
set [ find default-name=ether1 ] name="Plusnet DSL"
set [ find default-name=ether3 ] name="Sky Box"
set [ find default-name=ether4 ] name="Upstairs Link"
set [ find default-name=ether5 ] name=empty
/interface pppoe-client
add add-default-route=yes disabled=no interface="Plusnet DSL" name=pppoe-out1 \
    use-peer-dns=yes user=xxxxxx
/interface wireless
# managed by CAPsMAN
# channel: 5765/20-Ceee/ac/DP(17dBm), SSID: MikroTik-AP, CAPsMAN forwarding
set [ find default-name=wlan2 ] band=5ghz-n/ac channel-width=20/40/80mhz-XXXX \
    country="united kingdom" mode=ap-bridge multicast-helper=full name=\
    wlan-downstairs--local-5ghz ssid=BTHub6-WALL station-roaming=enabled \
# managed by CAPsMAN
# channel: 2437/20/gn(17dBm), SSID: MikroTik-AP, CAPsMAN forwarding
set [ find default-name=wlan1 ] band=2ghz-g/n channel-width=20/40mhz-XX \
    country="united kingdom" frequency=auto mode=ap-bridge multicast-helper=\
    full name=wlan-downstairs-local-2ghz ssid=BTHub6-WALL station-roaming=\
    enabled wireless-protocol=802.11
/caps-man datapath
add bridge=bridge1 client-to-client-forwarding=yes local-forwarding=no name=\
add bridge=bridge1 client-to-client-forwarding=yes local-forwarding=no name=\
/caps-man rates
add basic=6Mbps name=rate1 supported=\
/caps-man security
add authentication-types=wpa2-psk comment=\
    "Main Security config for 2ghz and 5ghz" encryption=aes-ccm name=\
/caps-man configuration
add channel=NEW-CH2.4-auto country="united kingdom" datapath=datapath1 \
    datapath.bridge=bridge1 datapath.client-to-client-forwarding=yes name=\
    NEW-2.4-Config rates=rate1 security=security1 ssid=MikroTik-AP
add channel=NEW-CH5-auto country="united kingdom" datapath=datapath1 \
    datapath.bridge=bridge1 datapath.client-to-client-forwarding=yes name=\
    NEW-5-Config security=security1 ssid=MikroTik-AP
/caps-man interface
add channel=ch2.4-ch11 configuration=NEW-2.4-Config disabled=no l2mtu=1600 \
    mac-address=B8:69:F4:F8:3A:37 master-interface=none name=\
    "2ghz-Dining Room-CH11" radio-mac=B8:69:F4:F8:3A:37 radio-name=\
add channel=ch2.4-ch6 configuration=NEW-2.4-Config disabled=no l2mtu=1600 \
    mac-address=74:4D:28:74:F3:97 master-interface=none name=\
    2ghz-Front-Room-CH6 radio-mac=74:4D:28:74:F3:97 radio-name=744D2874F397
add channel=ch2.4-ch1 configuration=NEW-2.4-Config disabled=no l2mtu=1600 \
    mac-address=CC:2D:E0:F1:D5:E9 master-interface=none name=2ghz-Landing-CH1 \
    radio-mac=CC:2D:E0:F1:D5:E9 radio-name=CC2DE0F1D5E9
add channel=ch2.4-ch1 configuration=NEW-2.4-Config disabled=no l2mtu=1600 \
    mac-address=CC:2D:E0:DE:DC:98 master-interface=none name=2ghz-Shed-CH1 \
    radio-mac=CC:2D:E0:DE:DC:98 radio-name=CC2DE0DEDC98
add channel=5ghz-ch64 configuration=NEW-5-Config disabled=no l2mtu=1600 \
    mac-address=B8:69:F4:F8:3A:36 master-interface=none name=\
    "5ghz-Dining Room wAP-CH64" radio-mac=B8:69:F4:F8:3A:36 radio-name=\
add channel=5ghz-ch153 configuration=NEW-5-Config disabled=no l2mtu=1600 \
    mac-address=74:4D:28:74:F3:98 master-interface=none name=\
    5ghz-Front-Room-CH153 radio-mac=74:4D:28:74:F3:98 radio-name=744D2874F398
add channel=5ghz-ch149 configuration=NEW-5-Config disabled=no l2mtu=1600 \
    mac-address=CC:2D:E0:F1:D5:E8 master-interface=none name=\
    5ghz-Landing-CH149 radio-mac=CC:2D:E0:F1:D5:E8 radio-name=CC2DE0F1D5E8
add channel=5ghz-ch149 configuration=NEW-5-Config disabled=no l2mtu=1600 \
    mac-address=CC:2D:E0:DE:DC:97 master-interface=none name=5ghz-Shed-CH149 \
    radio-mac=CC:2D:E0:DE:DC:97 radio-name=CC2DE0DEDC97
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods="" \
    mode=dynamic-keys supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge1 lease-time=1d name=dhcp1
/snmp community
set [ find default=yes ] read-access=no
add addresses= name=my_servers
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
/caps-man access-list
add action=accept allow-signal-out-of-range=10s disabled=no mac-address=\
    84:25:19:31:34:6F signal-range=-120..120 ssid-regexp=""
add action=accept allow-signal-out-of-range=always comment=\
    "If your signal is between -88dB and +120dB, you are allowed to connect." \
    disabled=no signal-range=-88..120 ssid-regexp=""
add action=reject allow-signal-out-of-range=always comment="If your signal dro\
    ps below -89dB, you\92re kicked from this AP, go find another AP to connec\
    t to that has a stronger signal." disabled=no signal-range=-120..-89 \
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes upgrade-policy=\
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=g,gn \
    master-configuration=NEW-2.4-Config name-format=prefix-identity \
add action=create-dynamic-enabled hw-supported-modes=an,ac \
    master-configuration=NEW-5-Config name-format=prefix-identity \
/interface bridge port
add bridge=bridge1 interface="Nvidia"
add bridge=bridge1 interface="Sky Box"
add bridge=bridge1 interface="Upstairs Link"
add bridge=bridge1 interface=empty
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=LAN
/interface list member
add interface=pppoe-out1 list=WAN
add interface=bridge1 list=LAN
/interface wireless cap
set bridge=bridge1 caps-man-addresses= discovery-interfaces=bridge1 \
    enabled=yes interfaces=\
/ip address
add address= interface=bridge1 network=
/ip dhcp-client
add interface="Plusnet DSL"
/ip dhcp-server lease
add address= client-id=\
    ff:9e:37:69:8c:0:2:0:0:ab:11:bf:3c:6b:39:b3:ec:13:a8 mac-address=\
    5E:76:62:9C:3D:CA server=dhcp1
add address= mac-address=C2:DD:ED:84:3B:C4
add address= client-id=1:0:cd:fe:b2:49:4b mac-address=\
    00:CD:FE:B2:49:4B server=dhcp1
add address= client-id=\
    ff:ca:53:9:5a:0:2:0:0:ab:11:d8:1e:f7:81:bf:19:df:91 mac-address=\
    36:78:72:7D:8F:63 server=dhcp1
add address= comment="Lux Inverter" mac-address=\
    B0:F8:93:2F:5A:4B server=dhcp1
/ip dhcp-server network
add address= dns-server=, gateway=\ netmask=24
/ip dns
set allow-remote-requests=yes servers=,
/ip dns static
add address= name="Landing AP.lan"
add address= name=LandingAP.lan
add address= name=DownstairsAP.lan
add address= name=ShedAP.lan
plus more
/ip firewall address-list
add address= comment="Self-Identification [RFC 3330]" list=Bogons
add address= comment="Private[RFC 1918] - CLASS A # Check if you nee\
    d this subnet before enable it" list=Bogons
add address= comment="Loopback [RFC 3330]" list=Bogons
add address= comment="Link Local [RFC 3330]" list=Bogons
add address= comment="Private[RFC 1918] - CLASS B # Check if you \
    need this subnet before enable it" list=Bogons
add address= comment="Reserved - IANA - TestNet1" list=Bogons
add address= comment="6to4 Relay Anycast [RFC 3068]" list=\
add address= comment="NIDB Testing" list=Bogons
add address= comment="Reserved - IANA - TestNet2" list=Bogons
add address= comment="Reserved - IANA - TestNet3" list=Bogons
add address= comment=\
    "MC, Class D, IANA # Check if you need this subnet before enable it" \
add address= list=Google_DNS
add address= list=Google_DNS
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=
set ssh disabled=yes
set api disabled=yes
set winbox address=
set api-ssl disabled=yes
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/ip upnp
set enabled=yes
set enabled=yes
/system clock
set time-zone-name=Europe/London
/system identity
set name="Front Room AP"
/system leds settings
set all-leds-off=immediate
/system package update
set channel=long-term
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Long time Member
Long time Member
Posts: 641
Joined: Wed Jun 12, 2013 1:59 pm

Re: Better home CAPsMAN setup?

Sun Dec 20, 2020 12:27 am

A way to improve roaming experience is by lowering transmission power. To start with, set the 2G radios 7dB lower than 5G radios.
Next, extension channels (5G) can be better set to Ceee instead of XXXX because you have better control.
First the problem, then the solution
Member Candidate
Member Candidate
Posts: 190
Joined: Thu Jun 21, 2018 9:29 pm

Re: Better home CAPsMAN setup?

Sun Dec 20, 2020 12:48 am

--Devices don't seem to drop off and pass on to other APs well enough.
--Sometimes 2ghz seems to connect over 5ghz
Well, there's not much you can do with CAPsMAN as these are basically client issues. The wifi client decides when to roam to another AP and the client decides which band it prefers and where to roam.
As most clients use signal strength for decision making, this is the only reasonable change you should consider: Lower the signal strength on the "undesired" radios as far as possible without disconnecting the client, in order to encourage it to roam to an AP with stronger signal.

Regarding the rest of your config:
  • I advise against using access-list rules to kick weak signal clients. These rules might cause more harm than benefits and will disrupt stable (but slow) connections instead of waiting for a client to roam.
  • Check your log for group key timeouts. If you see such log messages, consider setting group-key-update=1h in your caps-man security profile to prevent mobile devices with long idle periods from hitting timeouts.
  • Extending basic rates from 6 only to 6,12,24 may give you a slight performance improvement, as it allows acks to be send at a faster rate in good signal conditions.
Member Candidate
Member Candidate
Posts: 152
Joined: Mon Nov 16, 2015 10:14 am

Re: Better home CAPsMAN setup?

Mon Dec 21, 2020 1:29 pm

As Erlinden wrote, lower 2GHz TX Power. That will do magic for you. Try with 7db lower than 5GHz at first, but don't be afraid to lower even more.
What you are looking for is all 5GHz devices to always select 5GHz if the coverage is good enough.
Use a wireless scanner on an android phone that can show you the actual coverage you have in different rooms.

The reason/logic behind reducing 2GHz TX power is that clients will normally select the radio with best coverage, even if that means 2GHz. And since 2GHz penetrate walls a lot better than 5GHz, at default settings clients will often see 2GHz as better than 5GHz.
You will normally not experience any actual reduction of coverage, because the TX-power your clients (mobile phones for example) have is normally the limit for a sucessfull WIFI connection.

Who is online

Users browsing this forum: No registered users and 39 guests