Community discussions

MikroTik App
 
andydz
just joined
Topic Author
Posts: 1
Joined: Thu Apr 06, 2023 3:48 pm

Slow WiFi speeds with VLAN filtering on hap ax2

Sat May 13, 2023 8:44 pm

Hello

I recently bought a hap ax2 to replace my ac2 for better wifi speeds on wifi 6 devices. While configuring I thought I’ll implement some VLAN filtering for my iot devices and server stuff with separate ip ranges for everything. But here’s the thing. When configured with VLANs wifi speed caps at around 420Mbps but when I configure the router to only have one ip range for everything without any VLANs speed goes up to 7-800Mbps. I am fully aware that the switch chip in the device does not support HW offload with VLAN filtering, but the CPU doesn’t go above 30%. I am confused. Is it a HW limitation or did I just mess up the config?



Config:

# may/13/2023 13:52:53 by RouterOS 7.8

# software id = CPBF-L7HX

#

# model = C52iG-5HaxD2HaxD

# serial number = HE508PV0X13

/interface bridge

add ingress-filtering=no name=LAN pvid=10 vlan-filtering=yes

/interface vlan

add interface=LAN name=VLAN10_Network vlan-id=10

add interface=LAN name=VLAN101_Servers vlan-id=101

add interface=LAN name=VLAN102_LAN vlan-id=102

add interface=LAN name=VLAN103_WiFi vlan-id=103

add interface=LAN name=VLAN104_IoT vlan-id=104

/interface list

add name=All_LAN

/interface wifiwave2 security

add authentication-types=wpa2-psk,wpa3-psk disabled=no name=MeerkatSec

add authentication-types=wpa-psk,wpa2-psk disabled=no name=IoTSec

/interface wifiwave2

set [ find default-name=wifi1 ] channel.skip-dfs-channels=10min-cac \

configuration.country=Hungary .mode=ap .ssid=Meerkat_5G disabled=no \

security=MeerkatSec security.authentication-types=wpa2-psk,wpa3-psk

set [ find default-name=wifi2 ] channel.skip-dfs-channels=10min-cac \

configuration.mode=ap .ssid=Meerkat disabled=no security=MeerkatSec

add configuration.mode=ap .ssid=Meerkat_IoT disabled=no mac-address=\

4A:A9:8A:60:4B:49 master-interface=wifi2 name=wifi3 security=IoTSec

/ip pool

add name=dhcp_pool0 ranges=10.0.0.2-10.0.0.126

add name=dhcp_pool1 ranges=10.0.1.2-10.0.1.254

add name=dhcp_pool2 ranges=10.0.2.2-10.0.2.254

add name=dhcp_pool3 ranges=10.0.3.2-10.0.3.254

add name=dhcp_pool4 ranges=10.0.4.2-10.0.4.254

/ip dhcp-server

add address-pool=dhcp_pool0 interface=VLAN10_Network name=Network_DHCP

add address-pool=dhcp_pool1 interface=VLAN101_Servers name=Servers_DHCP

add address-pool=dhcp_pool2 interface=VLAN102_LAN name=LAN_DHCP

add address-pool=dhcp_pool3 interface=VLAN103_WiFi name=WiFi_DHCP

add address-pool=dhcp_pool4 interface=VLAN104_IoT name=IoT_DHCP

/port

set 0 name=serial0

/interface bridge port

add bridge=LAN interface=ether1 pvid=10

add bridge=LAN interface=ether3 pvid=102

add bridge=LAN interface=ether4 pvid=102

add bridge=LAN interface=wifi1 pvid=103

add bridge=LAN interface=wifi2 pvid=103

add bridge=LAN interface=wifi3 pvid=104

add bridge=LAN interface=ether2 pvid=102

/ip neighbor discovery-settings

set discover-interface-list=!dynamic

/ipv6 settings

set max-neighbor-entries=15360

/interface bridge vlan

add bridge=LAN tagged=VLAN10_Network,LAN,ether1 vlan-ids=10

add bridge=LAN tagged=LAN,ether1 vlan-ids=101

add bridge=LAN tagged=LAN,ether1 vlan-ids=102

add bridge=LAN tagged=LAN vlan-ids=103

add bridge=LAN tagged=LAN vlan-ids=104

/interface list member

add interface=LAN list=All_LAN

add interface=VLAN10_Network list=All_LAN

add interface=VLAN101_Servers list=All_LAN

add interface=VLAN102_LAN list=All_LAN

add interface=VLAN103_WiFi list=All_LAN

/ip address

add address=10.0.0.1/25 interface=VLAN10_Network network=10.0.0.0

add address=10.0.1.1/24 interface=VLAN101_Servers network=10.0.1.0

add address=10.0.2.1/24 interface=VLAN102_LAN network=10.0.2.0

add address=10.0.3.1/24 interface=VLAN103_WiFi network=10.0.3.0

add address=10.0.4.1/24 interface=VLAN104_IoT network=10.0.4.0

add address=192.168.0.5/24 interface=ether5 network=192.168.0.0

/ip dhcp-server network

add address=10.0.0.0/25 dns-server=1.1.1.1 gateway=10.0.0.1

add address=10.0.1.0/24 dns-server=1.1.1.1 gateway=10.0.1.1

add address=10.0.2.0/24 dns-server=1.1.1.1 gateway=10.0.2.1

add address=10.0.3.0/24 dns-server=1.1.1.1 gateway=10.0.3.1

add address=10.0.4.0/24 dns-server=1.1.1.1 gateway=10.0.4.1

/ip dns

set servers=1.1.1.1

/ip firewall address-list

add address=10.0.0.0/24 list=IoT_Block

add address=10.0.1.0/24 list=IoT_Block

add address=10.0.2.0/24 list=IoT_Block

add address=10.0.3.0/24 list=IoT_Block

/ip firewall filter

add action=fasttrack-connection chain=forward comment=FastTrack \

connection-state=established,related hw-offload=yes

add action=accept chain=input connection-state=established,related,untracked

add action=drop chain=input connection-state=invalid

add action=accept chain=input protocol=icmp

add action=drop chain=input in-interface-list=!All_LAN

add action=accept chain=forward connection-state=established,related,new

add action=drop chain=forward connection-state=invalid

add action=drop chain=forward dst-address-list=IoT_Block src-address=\

10.0.4.0/24

add action=drop chain=forward connection-nat-state=!dstnat in-interface=\

ether5

/ip firewall nat

add action=masquerade chain=srcnat src-address-list=IoT_Block

add action=masquerade chain=srcnat src-address=10.0.4.0/24

/ip route

add disabled=no dst-address=0.0.0.0/0 gateway=192.168.0.1 routing-table=main \

suppress-hw-offload=no

/system clock

set time-zone-name=Europe/Budapest

Who is online

Users browsing this forum: Nullcaller, petardo and 26 guests