Community discussions

MikroTik App
 
djon151
just joined
Topic Author
Posts: 3
Joined: Thu Nov 25, 2021 12:05 pm

CRS354 CPU load 100%

Thu Nov 25, 2021 12:35 pm

MikroTik CRS354-48P-4S + 2Q + RM switch with Capsman deployed. 50 cAP ac access points connected. The bridge is lifted on the switch, vlan is added. Kerio acts as a DHCP server, since it is necessary to control the visited pages. With a small load of up to 20-30 devices, everything works perfectly, as the number of connections increases to 100-150 devices, the processor on the switch is loaded by 100% and problems begin with connection, with access to the network, and random disconnections of access points are also observed.
 
User avatar
pukkita
Trainer
Trainer
Posts: 3051
Joined: Wed Dec 04, 2013 11:09 am
Location: Spain

Re: CRS354 CPU load 100%

Thu Nov 25, 2021 7:29 pm

You're using a low powered CPU switch (that has its strengths in its switch chips, PoE, etc and hardware features) to manage a decently sized CAPsMAN network.

Check System > Profile most probably CPU will be 100% and there lies the problem.

I'd add a router with good CPU and move the CAPsMAN duties to it. heX, 4011, CCR1009... up to you.

Are you using local forwarding? That would alleviate the load... Are you using certificates (more CPU load)?

Are you sure your vlan settings ain't disabling hardware acceleration making things worse?

Posting an export and ROS details would give you higher chances to be helped... also prints or screenshots of the Bridge > ports, etc.

In any case adding a router with appropiate CPU power for the task, a must.
 
djon151
just joined
Topic Author
Posts: 3
Joined: Thu Nov 25, 2021 12:05 pm

Re: CRS354 CPU load 100%

Fri Nov 26, 2021 12:03 pm

Hello!
Yes, in System> Profile, the processor load is 100%.
I would like to manage the points using Capsman to control the settings from a single point of control.
Configuration with settings:
# nov/26/2021 13:45:45 by RouterOS 6.48.5
# software id = RXSJ-FN7N
#
# model = CRS354-48P-4S+2Q+
# serial number = B8440C4B52A2
/caps-man channel
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled \
    frequency=2412,2437,2462 name=KIS-2G reselect-interval=1h tx-power=19
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2437 name=KIS-2GOf \
    tx-power=17
add band=5ghz-n/ac control-channel-width=20mhz extension-channel=XX \
    frequency=5180,5200,5220,5240,5745,5765,5785,5805,5825 name=KIS-5G \
    reselect-interval=1h tx-power=17
add band=2ghz-onlyn control-channel-width=20mhz frequency=2412 name=KIS-Guest \
    tx-power=17
/interface bridge
add name=KIS vlan-filtering=yes
/interface vlan
add interface=KIS name=vlan1 vlan-id=1
add interface=KIS name=vlan10 vlan-id=10
add interface=KIS name=vlan50 vlan-id=50
add interface=KIS name=vlan101 vlan-id=101
/caps-man datapath
add bridge=KIS name=KIS2 vlan-id=10 vlan-mode=use-tag
add bridge=KIS client-to-client-forwarding=yes local-forwarding=no name=\
    KIS_Office vlan-id=50 vlan-mode=use-tag
add bridge=KIS name=KIS5 vlan-id=10 vlan-mode=use-tag
add bridge=KIS client-to-client-forwarding=yes name=KIS-Guest2 vlan-id=101 \
    vlan-mode=use-tag
/caps-man rates
add basic=12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps name=rate1 supported=\
    12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps
/caps-man security
add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm,tkip \
    group-encryption=aes-ccm name=KIS2G passphrase=XXXXX
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm \
    name=KIS-Office passphrase=XXXXX
add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm,tkip \
    group-encryption=aes-ccm name=KIS5G passphrase=XXXXX
add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm,tkip \
    group-encryption=aes-ccm name=KIS-GUest passphrase=XXXXX
/caps-man configuration
add channel=KIS-2G country=kazakhstan datapath=KIS2 guard-interval=long \
    hw-protection-mode=none mode=ap name=KIS rates=rate1 rx-chains=0,1,2,3 \
    security=KIS2G ssid=KIS-2G tx-chains=0,1,2,3
add channel=KIS-2GOf country=kazakhstan datapath=KIS_Office distance=indoors \
    mode=ap name=KIS_Office rates=rate1 rx-chains=0,1,2,3 security=KIS-Office \
    ssid=KIS-OFFICE2G tx-chains=0,1,2,3
add channel=KIS-5G country=kazakhstan datapath=KIS5 guard-interval=long \
    hw-protection-mode=none mode=ap name=KIS-5G rates=rate1 rx-chains=0,1,2,3 \
    security=KIS5G ssid=KIS-5G tx-chains=0,1,2,3
add channel=KIS-Guest country=kazakhstan datapath=KIS-Guest2 guard-interval=\
    long hw-protection-mode=rts-cts mode=ap name="KIS Guest" rates=rate1 \
    rx-chains=0,1,2,3 security=KIS-GUest ssid=KIS-GUEST2G tx-chains=0,1,2,3
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/caps-man access-list
add action=accept allow-signal-out-of-range=10s disabled=no signal-range=\
    -70..120 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s disabled=no signal-range=\
    -120..-71 ssid-regexp=""
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=b,gn \
    master-configuration=KIS name-format=prefix-identity name-prefix=2G
add action=create-dynamic-enabled hw-supported-modes=ac,an \
    master-configuration=KIS-5G name-format=prefix-identity name-prefix=5G
/interface bridge port
add bridge=KIS hw=no interface=ether48
add bridge=KIS hw=no interface=ether8
add bridge=KIS interface=ether1
add bridge=KIS interface=ether2
add bridge=KIS interface=ether3
add bridge=KIS interface=ether4
add bridge=KIS interface=ether5
add bridge=KIS interface=ether6
add bridge=KIS interface=ether7
add bridge=KIS interface=ether9
add bridge=KIS interface=ether10
add bridge=KIS interface=ether11
add bridge=KIS interface=ether12
add bridge=KIS interface=ether13
add bridge=KIS interface=ether14
add bridge=KIS interface=ether15
add bridge=KIS interface=ether16
add bridge=KIS interface=ether17
add bridge=KIS interface=ether18
add bridge=KIS interface=ether19
add bridge=KIS interface=ether20
add bridge=KIS interface=ether21
add bridge=KIS interface=ether22
add bridge=KIS interface=ether23
add bridge=KIS interface=ether24
add bridge=KIS interface=ether25
add bridge=KIS interface=ether26
add bridge=KIS interface=ether27
add bridge=KIS interface=ether28
add bridge=KIS interface=ether29
add bridge=KIS interface=ether30
add bridge=KIS interface=ether31
add bridge=KIS interface=ether32
add bridge=KIS interface=ether33
add bridge=KIS interface=ether34
add bridge=KIS interface=ether35
add bridge=KIS interface=ether36
add bridge=KIS interface=ether37
add bridge=KIS interface=ether38
add bridge=KIS interface=ether39
add bridge=KIS interface=ether40
add bridge=KIS interface=ether41
add bridge=KIS interface=ether42
add bridge=KIS interface=ether43
add bridge=KIS interface=ether44
add bridge=KIS interface=ether45
add bridge=KIS interface=ether46
add bridge=KIS interface=ether47
add bridge=KIS interface=ether49
add bridge=KIS interface=qsfpplus1-1
add bridge=KIS interface=qsfpplus1-2
add bridge=KIS interface=qsfpplus1-3
add bridge=KIS interface=qsfpplus1-4
add bridge=KIS interface=qsfpplus2-1
add bridge=KIS interface=qsfpplus2-2
add bridge=KIS interface=qsfpplus2-3
add bridge=KIS interface=qsfpplus2-4
add bridge=KIS interface=sfp-sfpplus1
add bridge=KIS interface=sfp-sfpplus2
add bridge=KIS interface=sfp-sfpplus3
add bridge=KIS interface=sfp-sfpplus4
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip settings
set tcp-syncookies=yes
/interface bridge vlan
add bridge=KIS tagged=ether48 untagged=ether8,ether4 vlan-ids=10
add bridge=KIS tagged=ether48 untagged=ether8,ether4 vlan-ids=50
add bridge=KIS tagged=ether48 untagged=ether8,ether4 vlan-ids=101
/interface list member
add interface=ether1 list=WAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=ether6 list=LAN
add interface=ether7 list=LAN
add interface=ether8 list=LAN
add interface=ether9 list=LAN
add interface=ether10 list=LAN
add interface=ether11 list=LAN
add interface=ether12 list=LAN
add interface=ether13 list=LAN
add interface=ether14 list=LAN
add interface=ether15 list=LAN
add interface=ether16 list=LAN
add interface=ether17 list=LAN
add interface=ether18 list=LAN
add interface=ether19 list=LAN
add interface=ether20 list=LAN
add interface=ether21 list=LAN
add interface=ether22 list=LAN
add interface=ether23 list=LAN
add interface=ether24 list=LAN
add interface=ether25 list=LAN
add interface=ether26 list=LAN
add interface=ether27 list=LAN
add interface=ether28 list=LAN
add interface=ether29 list=LAN
add interface=ether30 list=LAN
add interface=ether31 list=LAN
add interface=ether32 list=LAN
add interface=ether33 list=LAN
add interface=ether34 list=LAN
add interface=ether35 list=LAN
add interface=ether36 list=LAN
add interface=ether37 list=LAN
add interface=ether38 list=LAN
add interface=ether39 list=LAN
add interface=ether40 list=LAN
add interface=ether41 list=LAN
add interface=ether42 list=LAN
add interface=ether43 list=LAN
add interface=ether44 list=LAN
add interface=ether45 list=LAN
add interface=ether46 list=LAN
add interface=ether47 list=LAN
add interface=ether48 list=LAN
add interface=ether49 list=LAN
add interface=qsfpplus1-1 list=LAN
add interface=qsfpplus1-2 list=LAN
add interface=qsfpplus1-3 list=LAN
add interface=qsfpplus1-4 list=LAN
add interface=qsfpplus2-1 list=LAN
add interface=qsfpplus2-2 list=LAN
add interface=qsfpplus2-3 list=LAN
add interface=qsfpplus2-4 list=LAN
add interface=sfp-sfpplus1 list=LAN
add interface=sfp-sfpplus2 list=LAN
add interface=sfp-sfpplus3 list=LAN
add interface=sfp-sfpplus4 list=LAN
add list=LAN
/interface wireless cap
set bridge=KIS discovery-interfaces=*42
/ip address
add address=172.12.100.150/24 interface=ether2 network=172.12.100.0
/ip dhcp-client
add interface=KIS
/ip dns
set servers=172.12.100.1
/ip firewall filter
add action=accept chain=forward connection-state=established,related
add action=fasttrack-connection chain=forward connection-state=\
    established,related protocol=tcp
add action=fasttrack-connection chain=forward connection-state=\
    established,related
add action=accept chain=input dst-address-type=local src-address-type=local
/ip route
add distance=1 gateway=172.12.100.1
/system clock
set time-zone-name=Asia/Almaty
/system routerboard settings
set boot-os=router-os
 
User avatar
rushlife
Member Candidate
Member Candidate
Posts: 243
Joined: Thu Nov 05, 2015 12:30 pm

Re: CRS354 CPU load 100%

Fri Nov 26, 2021 12:10 pm

capsman on switch is bad idea, it's just that simple
 
djon151
just joined
Topic Author
Posts: 3
Joined: Thu Nov 25, 2021 12:05 pm

Re: CRS354 CPU load 100%  [SOLVED]

Fri Nov 26, 2021 12:35 pm

Yes, I think I should consider a router with a powerful processor for Capsman, as advised by Pukkita.

Who is online

Users browsing this forum: Ahrefs [Bot] and 24 guests