I have bought a RB4011iGS+5HacQ2HnD-IN router.
I was able to set up everything - got a little help in the forum here - everything working perfectly, except WLAN.
I can get maxed out rates (the max I get from my ISP) on ether interfaces, but not on Wi-Fi. I hope that I could get at least around 400Mbps on Wi-Fi with this router.
Tried different configs, I couldn't get better rates than 190Mbps on 5GHz and 40Mbps on 2.4GHz.
Mostly I'm interested in 5GHz performance... 2.4GHz is too crowded here (5GHz not).
My much cheaper router produced slightly better rates than this. So I assume this must be a config error (or maybe the 5GHz problem on RB4011 is still there?)
Hope someone can give me some advice on what might be configured wrongly, or what I could try out to improve the performace.
My current config:
# may/09/2020 01:49:00 by RouterOS 6.46.6
# software id = CK9Q-MRSJ
#
# model = RB4011iGS+5HacQ2HnD
# serial number = D1460B1C119B
/interface bridge
add name=vlan_bridge protocol-mode=none vlan-filtering=yes
/interface vlan
add interface=vlan_bridge name=vlan_base vlan-id=99
add interface=vlan_bridge name=vlan_guest vlan-id=20
add interface=vlan_bridge name=vlan_private vlan-id=10
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add name=VLAN
add name=BASE
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk comment="Guest Profile" eap-methods="" mode=\
dynamic-keys supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" group-key-update=1h management-protection=allowed mode=\
dynamic-keys name=profile_private supplicant-identity=""
/interface wireless
set [ find default-name=wlan1 ] band=5ghz-n/ac channel-width=20/40/80mhz-XXXX country=hungary disabled=no \
installation=indoor mode=ap-bridge name=wlan_atlas secondary-channel=auto security-profile=\
profile_private ssid=atlas wireless-protocol=802.11 wmm-support=enabled wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=C6:AD:34:E9:0F:B9 master-interface=wlan_atlas \
multicast-buffering=disabled name=wlan_atlas_guest ssid=atlas-Guest wds-cost-range=0 \
wds-default-cost=0 wps-mode=disabled
set [ find default-name=wlan2 ] band=2ghz-b/g/n channel-width=20/40mhz-XX country=no_country_set \
disabled=no distance=indoors frequency=auto installation=indoor mode=ap-bridge name=wlan_fujijama \
security-profile=profile_private ssid=fujijama wireless-protocol=802.11
add disabled=no keepalive-frames=disabled mac-address=C6:AD:34:E9:0F:BA master-interface=wlan_fujijama \
multicast-buffering=disabled name=wlan_fujijama_guest ssid=fujijama-Guest wds-cost-range=0 \
wds-default-cost=0 wps-mode=disabled
/ip kid-control
add name="Children control"
/ip pool
add name=dhcp_pool_private ranges=10.0.0.50-10.0.0.254
add name=dhcp_pool_guest ranges=10.0.3.2-10.0.3.254
add name=dhcp_pool_base ranges=10.0.99.2-10.0.99.254
/ip dhcp-server
add address-pool=dhcp_pool_private disabled=no interface=vlan_private lease-time=1d name=dhcp_private
add address-pool=dhcp_pool_guest disabled=no interface=vlan_guest lease-time=1h name=dhcp_guest
add address-pool=dhcp_pool_base disabled=no interface=vlan_base lease-time=1h name=dhcp_base
/ppp profile
add bridge=vlan_bridge local-address=10.0.0.2 name=ppp_private remote-address=188.142.192.135
/queue simple
add max-limit=2M/90M name="Limit Guest VLAN" target=vlan_guest
/interface bridge port
add bridge=vlan_bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes \
interface=ether2 pvid=10
add bridge=vlan_bridge interface=sfp-sfpplus1
add bridge=vlan_bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes \
interface=ether3 pvid=10
add bridge=vlan_bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes \
interface=ether4 pvid=10
add bridge=vlan_bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes \
interface=ether5 pvid=10
add bridge=vlan_bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes \
interface=ether6 pvid=10
add bridge=vlan_bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes \
interface=ether7 pvid=10
add bridge=vlan_bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes \
interface=ether8 pvid=10
add bridge=vlan_bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes \
interface=ether9 pvid=20
add bridge=vlan_bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes \
interface=wlan_atlas pvid=10
add bridge=vlan_bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes \
interface=wlan_fujijama pvid=10
add bridge=vlan_bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes \
interface=wlan_fujijama_guest pvid=20
add bridge=vlan_bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes \
interface=wlan_atlas_guest pvid=20
add bridge=vlan_bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes \
interface=ether10 pvid=99
/ip neighbor discovery-settings
set discover-interface-list=VLAN
/interface bridge vlan
add bridge=vlan_bridge tagged=vlan_bridge untagged=\
ether2,ether3,ether4,ether5,ether6,ether7,ether8,wlan_atlas,wlan_fujijama vlan-ids=10
add bridge=vlan_bridge tagged=vlan_bridge untagged=ether9,wlan_fujijama_guest,wlan_atlas_guest vlan-ids=\
20
add bridge=vlan_bridge tagged=vlan_bridge untagged=ether10 vlan-ids=99
/interface detect-internet
set detect-interface-list=all
/interface l2tp-server server
set authentication=mschap1,mschap2 default-profile=ppp_private
/interface list member
add interface=ether1 list=WAN
add interface=vlan_base list=VLAN
add interface=vlan_private list=VLAN
add interface=vlan_guest list=VLAN
add interface=vlan_base list=BASE
add interface=vlan_private list=BASE
/interface ovpn-server server
set auth=sha1 certificate=server cipher=aes256 enabled=yes require-client-certificate=yes
/interface wireless access-list
add comment=COMP1 interface=wlan_atlas mac-address=08:62:66:BC:8C:BF
/ip address
add address=10.0.99.1/24 interface=vlan_base network=10.0.99.0
add address=10.0.0.2/24 interface=vlan_private network=10.0.0.0
add address=10.0.3.2/24 interface=vlan_guest network=10.0.3.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server lease
add address=10.0.0.99 mac-address=78:11:DC:55:9E:00 server=dhcp_private
add address=10.0.0.100 client-id=1:0:4:20:f0:af:64 mac-address=00:04:20:F0:AF:64 server=dhcp_private
add address=10.0.0.195 mac-address=EC:FA:BC:12:83:9F server=dhcp_private
add address=10.0.0.85 mac-address=DC:4F:22:C0:7A:BB server=dhcp_private
add address=10.0.0.84 mac-address=DC:4F:22:C0:74:57 server=dhcp_private
add address=10.0.0.83 mac-address=DC:4F:22:C0:73:5B server=dhcp_private
add address=10.0.0.131 client-id=1:8:62:66:bc:8c:bf mac-address=08:62:66:BC:8C:BF server=dhcp_private
add address=10.0.0.59 mac-address=EC:FA:BC:86:CD:DD server=dhcp_private
add address=10.0.0.135 client-id=1:dc:a6:32:d:4b:73 mac-address=DC:A6:32:0D:4B:73 server=dhcp_private
add address=10.0.0.93 mac-address=78:11:DC:EB:54:08 server=dhcp_private
add address=10.0.0.101 mac-address=40:31:3C:D0:D9:30 server=dhcp_private
add address=10.0.0.105 mac-address=98:F4:AB:B8:64:0F server=dhcp_private
add address=10.0.0.110 mac-address=98:F4:AB:B8:6D:01 server=dhcp_private
add address=10.0.0.112 mac-address=C8:2B:96:10:AB:53 server=dhcp_private
add address=10.0.0.109 mac-address=04:CF:8C:15:BD:5E server=dhcp_private
add address=10.0.0.120 mac-address=C8:2B:96:11:4F:B4 server=dhcp_private
add address=10.0.0.87 mac-address=E4:F0:42:20:42:53 server=dhcp_private
add address=10.0.0.103 mac-address=04:CF:8C:25:61:92 server=dhcp_private
add address=10.0.0.138 mac-address=98:F4:AB:F3:43:E2 server=dhcp_private
add address=10.0.0.175 mac-address=EC:FA:BC:14:83:26 server=dhcp_private
add address=10.0.0.86 mac-address=DC:4F:22:C0:75:0A server=dhcp_private
add address=10.0.0.111 mac-address=C8:2B:96:10:AF:4F server=dhcp_private
add address=10.0.0.98 mac-address=34:CE:00:FB:DB:F3 server=dhcp_private
add address=10.0.0.53 client-id=1:50:13:95:bf:f7:dc comment=Yi-Hack mac-address=50:13:95:BF:F7:DC server=\
dhcp_private
/ip dhcp-server network
add address=10.0.0.0/24 dns-server=10.0.0.3 gateway=10.0.0.2
add address=10.0.3.0/24 dns-server=10.0.0.3 gateway=10.0.3.2
add address=10.0.99.0/24 dns-server=8.8.8.8 gateway=10.0.99.1
/ip dns
set allow-remote-requests=yes servers=9.9.9.9
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="Allow Estab & Related" connection-state=established,related
add action=accept chain=input comment="Allow VLAN_HOME Full Access" in-interface-list=BASE
add action=drop chain=input comment=Drop connection-state=""
add action=accept chain=forward comment="Allow Estab & Related" connection-state=established,related
add action=accept chain=forward comment="Access Pi-hole DNS from VLANs UDP" dst-address=10.0.0.3 \
dst-port=53 in-interface-list=VLAN protocol=udp
add action=accept chain=forward comment="Access Pi-hole DNS from VLANs TCP" dst-address=10.0.0.3 \
dst-port=53 in-interface-list=VLAN protocol=tcp
add action=accept chain=forward comment="VLAN Internet Access only" connection-state=new \
in-interface-list=VLAN out-interface-list=WAN
add action=drop chain=forward comment=Drop connection-state=""
/ip firewall nat
add action=masquerade chain=srcnat comment=masquerade ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment=NAS dst-port=22 in-interface=ether1 protocol=tcp to-addresses=\
10.0.0.252 to-ports=18022
add action=dst-nat chain=dstnat comment="Transmission Web Interface" dst-port=19091 in-interface=ether1 \
protocol=tcp to-addresses=10.0.0.252 to-ports=9091
add action=dst-nat chain=dstnat comment=Transmission dst-port=49850 in-interface=ether1 protocol=tcp \
to-addresses=10.0.0.252 to-ports=49850
add action=dst-nat chain=dstnat comment=HTTPS dst-port=61443 in-interface=ether1 protocol=tcp \
to-addresses=10.0.0.252 to-ports=443
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
/ppp secret
add local-address=10.0.0.2 name=kristof profile=ppp_private remote-address=10.0.0.10 service=ovpn
/system clock
set time-zone-name=Europe/Budapest
/system leds
set 0 type=on
add interface=wlan_fujijama leds="wlan_fujijama_signal1-led,wlan_fujijama_signal2-led,wlan_fujijama_signal\
3-led,wlan_fujijama_signal4-led,wlan_fujijama_signal5-led" type=wireless-signal-strength
add interface=wlan_fujijama leds=wlan_fujijama_tx-led type=interface-transmit
add interface=wlan_fujijama leds=wlan_fujijama_rx-led type=interface-receive
/system ntp client
set enabled=yes server-dns-names=0.hu.pool.ntp.org,1.hu.pool.ntp.org
/tool graphing interface
add allow-address=10.0.0.0/24
/tool graphing resource
add allow-address=10.0.0.0/24
add allow-address=10.0.99.0/24
/tool mac-server
set allowed-interface-list=BASE
/tool mac-server mac-winbox
set allowed-interface-list=BASE