Community discussions

MikroTik App
 
User avatar
Tony359
just joined
Topic Author
Posts: 24
Joined: Fri Dec 02, 2022 12:31 am

SLow WiFi on hAP ac3

Fri Dec 02, 2022 12:40 am

Hello all,

I've just received a new hAP AC3 and I am slowly trying to familiarise with the OS. I am going to install these (if they perform well) in several locations where I need basic but stable WiFi access with the purpose of accessing and controlling equipment remotely. Long range (large room) is required but only one or a few connections at the time will be made.

I think I've got where I wanted to be. However while testing I noticed that the WiFi seems to be much slower than my home router which is supplied by my ISP (FritzBox).

As a test setup I have the router sitting close to me, I have it connected to my home network on a fixed IP with my FritzBox as a gateway. To remove the internet from the equation I tried transferring a large (30GB) file from my NAS onto my laptop via 5Ghz WiFi.

While I do 300-450Mbit/s with my FritzBox, the Mikrotik only reaches 70Mbit.

Here is my configuration - I've edited some parts out which feel like sensitive to me! :)

The laptop was connected in 5Ghz with both routers.

Thanks for your help!
# dec/01/2022 22:32:09 by RouterOS 7.6
# software id = FB1B-LQD8
#
# model = RBD53iG-5HacD2HnD
# serial number = xxxxxxxxxxx
/interface bridge
add name=Bridge
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk mode=dynamic-keys name=Dxxxxxxxxx \
    supplicant-identity=""
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n country="united kingdom" \
    disabled=no frequency=2437 mode=ap-bridge security-profile=Dxxxxxxxxx \
    ssid=Dxxxxxxxxxx
set [ find default-name=wlan2 ] band=5ghz-a/n/ac country="united kingdom" \
    disabled=no frequency=5240 mode=ap-bridge security-profile=Dxxxxxxxx \
    ssid=Dxxxxxxxxxxx
/ip pool
add name=dhcp_pool0 ranges=192.168.100.2-192.168.100.254
/ip dhcp-server
add address-pool=dhcp_pool0 interface=Bridge lease-time=1h name=dhcp1
/interface bridge port
add bridge=Bridge interface=ether3
add bridge=Bridge interface=ether4
add bridge=Bridge interface=ether5
add bridge=Bridge interface=wlan1
add bridge=Bridge interface=wlan2
add bridge=Bridge interface=ether2
/ip address
add address=192.168.100.1/24 interface=Bridge network=192.168.100.0
add address=192.168.0.200/24 interface=ether1 network=192.168.0.0
/ip dhcp-server network
add address=192.168.100.0/24 dns-server=192.168.100.1 gateway=192.168.100.1
/ip dns
set allow-remote-requests=yes servers=192.168.0.1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=192.168.0.1 routing-table=main \
    suppress-hw-offload=no
/system clock
set time-zone-name=Europe/London
/system identity
set name=xxxxxxxxx

 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26287
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: SLow WiFi on hAP ac3

Fri Dec 02, 2022 11:06 am

First question, are you sure you actually connected to the 5GHz interface? When device has just started up, it can take up to 5-10 minutes for the devices to verify there are no weather radars in the 5GHz range. You can see the progress when you click on the 5GHz interface in Winbox. 70Mbit sounds like 2GHz is used.

edit
The laptop was connected in 5Ghz with both routers.
ok but please double check anyway and post the output of the registration table, when the test is being done :D
 
User avatar
Tony359
just joined
Topic Author
Posts: 24
Joined: Fri Dec 02, 2022 12:31 am

Re: SLow WiFi on hAP ac3

Fri Dec 02, 2022 12:22 pm

Hi there

Thanks for your help.

It's taken me some searching to find out where the "registration table" is and also how to find out when the wireless has finished looking for weather radars! :)

10 minutes after powering on the router this is the registration table. I see 86Mbit TX/RX rate which is consistent with my 70Mbit transfers in Windows.

What would be the next step?

Thanks again!
Tony
You do not have the required permissions to view the files attached to this post.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26287
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: SLow WiFi on hAP ac3

Fri Dec 02, 2022 12:29 pm

you have somehow downgraded your wifi settings to use only 1 chain and only a 20MHz channel. Did you change the wireless settings yourself? Try to use QuickSet and change it to HomeAP-Dual, then default settings should get applied
 
User avatar
Tony359
just joined
Topic Author
Posts: 24
Joined: Fri Dec 02, 2022 12:31 am

Re: SLow WiFi on hAP ac3

Fri Dec 02, 2022 1:03 pm

Thank you!

Yes, I did remove the default configuration and followed a tutorial online - clearly not the best one I guess!

The quickset fixed the chain but I manually changed the Channel Width to "20/40/80Mhz XXXX" - is that the correct setting?

I now see 860Mbit/s bandwidth, which is great! However I am still a bit on the slow side on Windows. I read 250Mbit from my NAS compared to the 300-450Mbit of the other router.
Anywhere else I should look into?

Would you recommend restoring the default settings and apply whatever changes I need for my setup on top - rather than wiping it and starting from scratch?

Thanks again for your help!
You do not have the required permissions to view the files attached to this post.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26287
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: SLow WiFi on hAP ac3

Fri Dec 02, 2022 1:07 pm

yes, I recommend reseting to defaults, they usually are optimised for best speed. you possibly have disabled fasttrack, that enables less CPU processing of the traffic, making downloads faster
 
User avatar
Tony359
just joined
Topic Author
Posts: 24
Joined: Fri Dec 02, 2022 12:31 am

Re: SLow WiFi on hAP ac3

Fri Dec 02, 2022 7:49 pm

Hello Normis,

After many hours spent on the router, I am not sure I have made any progress :)

I've reset the router but this time keeping the default setup. Then I changed what I needed - it took me a while to make it work (and still doesn't, see below).

The throughput is unchanged. Please see below, screenshot using my home router and screenshot using the Mikrotik. As you can see there is about 100Mbit/s missing.

On top of that, Please see a diagram of my network. This is just a test but eventually it will need to be installed in a similar fashion (where I do not have control of the main switch/router and I need to create a separate WiFi on a different network with DHCP server on it).

The problem I have now is that I cannot connect to the Mikrotik from a Desktop PC sitting on the 192.168.0.0 network. Not even via Mac Address. However, I can ping 192.168.0.200! I suppose maybe some Firewall as Eth1 is the "internet" socket?

Here is my new settings.

I hope this helps - thanks for your help so far!

Thanks
# dec/02/2022 17:24:48 by RouterOS 7.6
# software id = FB1B-LQD8
#
# model = RBD53iG-5HacD2HnD
# serial number = xxxxxxxxxxx
/interface bridge
add admin-mac=18:FD:74:39:40:16 auto-mac=no comment=defconf name=bridge
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk mode=dynamic-keys name=xxxxxxxxxxxx \
    supplicant-identity=""
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
    country="united kingdom" disabled=no distance=indoors frequency=auto mode=\
    ap-bridge name=wlan1-2Ghz security-profile=xxxxxxxxxxxx ssid=xxxxxxxxxxxx \
    wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX \
    disabled=no distance=indoors frequency=auto mode=ap-bridge name=wlan2-5Ghz \
    security-profile=xxxxxxxxxxxx ssid=xxxxxxxxxxxx wireless-protocol=802.11
/ip pool
add name=xxxxx-DHCP ranges=192.168.100.10-192.168.100.254
/ip dhcp-server
add address-pool=xxxxx-DHCP interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1-2Ghz
add bridge=bridge comment=defconf interface=wlan2-5Ghz
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.0.200/24 interface=ether1 network=192.168.0.0
add address=192.168.100.1/24 interface=bridge network=192.168.100.0
/ip dhcp-server network
add address=192.168.100.0/24 comment=defconf dns-server=192.168.100.1 gateway=\
    192.168.100.1
/ip dns
set allow-remote-requests=yes servers=192.168.0.1
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
    invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \
    connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
    out,none out-interface-list=WAN
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=192.168.0.1 routing-table=main \
    suppress-hw-offload=no
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=\
    33434-33534 protocol=udp
add action=accept chain=input comment=\
    "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp \
    src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
    protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=input comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
    invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" \
    src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" \
    dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
    hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 \
    protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=forward comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/system clock
set time-zone-name=Europe/London
/system identity
set name=xxxxxxxxxxxx
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

You do not have the required permissions to view the files attached to this post.
 
ivicask
Member
Member
Posts: 417
Joined: Tue Jul 07, 2015 2:40 pm
Location: Croatia, Zagreb

Re: SLow WiFi on hAP ac3

Fri Dec 02, 2022 9:05 pm

Can you try disable MIMO powersave(set it to NO SMPS) under wifi card extra settings inside device manager and see if it makes speed difference.
You do not have the required permissions to view the files attached to this post.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: SLow WiFi on hAP ac3

Fri Dec 02, 2022 9:31 pm

Another note on wireless performance: the interface rate (e.g. 833Mbps) is what it says - interface rate. Frames passing interface have overhead (frame headers etc.), then there are inter-frame gaps, duplex gap, etc. So the rule of thumb says that payload rate of around half of interface rate is pretty good result in real life.

Default setup makes ether1 interface WAN interface. Which means that device routes between ether1 and the rest, performing NAT on the way. Also traffic originating on ether1 is subject to rigorous firewall rules (which includes blocking management access).
Sadly there's no QuickSet mode for a switch/AP configuration of device, that has to be done manually (but it is probably the easiest mode to do manually).
 
User avatar
Tony359
just joined
Topic Author
Posts: 24
Joined: Fri Dec 02, 2022 12:31 am

Re: SLow WiFi on hAP ac3

Fri Dec 02, 2022 10:11 pm

ivicask: no change unfortunately

mkx: that is it! Clearly the Mikrotik is treating my LAN traffic as Internet traffic so it's applying its firewall to it. The FritzBox isn't as it's just relying LAN traffic to the WiFi. So as a test I changed the Mikrotik config to have my laptop on the same LAN network and ignore ETH1. Now speeds are matching the FritzBox if not a bit better.

Amazing. Thank you guys!

Regarding my inability to access the router via the 192.168.0.0 network, I suppose it's because from the router's standpoint I am trying to access it from the Internet - and that might be disabled. Can someone point me to how to change that please?

Edit: gotcha. /ip firewall filter add action=accept chain=input disabled=no dst-port=8291 protocol=tcp

Obviously this needs to be carefully thought. But I might want to select a range of IPs from which the management is allowed.

Thanks again!
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2978
Joined: Mon Apr 08, 2019 1:16 am

Re: SLow WiFi on hAP ac3

Fri Dec 02, 2022 11:22 pm

If you are not getting the 866Mbps on 80MHz/2S/SGI then the wifi signal might be disturbed (adjacent channel interference is one of the reasons). Adjacent channel interference happens when the channel you use.overlaps with another channel use that interferes.

When using "5240 XXX", you have to check what you actually get. It might not be the standard alignment for wide channels as one expects.
See test : viewtopic.php?t=183744#p918305
versus table: viewtopic.php?t=183744#p918001

"5240 eeeC" would be in line with the table. But the signal around is the only thing that really matters, to have that interference or not.
Any interference, noise or distortion will give faulty transmissions and make the wifi driver lower the interface rate or even the number of transmit channels. (See the 1S in the screenshot) to compensate.

MT has a good tool to check the wifi environment: "Snooper" on the standard wireless driver.
The new "wifiwave2" driver, that can be used with hAP ac3 and RouterOS v7 on 5 GHz, does not have that tool, but but will give (much) better performance


PS: You may want to add interface ether1 to the bridge, to make it all one LAN environment. (Be aware of multiple DHCP servers in that LAN! So one step could be to move the DHCP client from ETH1 to the bridge and remove or disable the DHCP server on the bridge.)
 
User avatar
Tony359
just joined
Topic Author
Posts: 24
Joined: Fri Dec 02, 2022 12:31 am

Re: SLow WiFi on hAP ac3

Sat Dec 03, 2022 12:20 am

Thank you. I am getting 866. I was getting it before but speeds were not there - it went ok when I started doing tests on LAN and not WAN.

I will have to keep ETH1 on Wan, see my network diagram above. That is a requirement for this project: to have two networks (I thought they had to be VLAN but I see you can do without VLANs on this router), one from where the Internet is coming (and other equipment is reachable) and one for the WiFi on a different network with its own DHCP. These two networks must be able to talk.

Who is online

Users browsing this forum: Ahrefs [Bot], Maknz, Shylie and 22 guests