Community discussions

MikroTik App
 
User avatar
webequipped
newbie
Topic Author
Posts: 27
Joined: Tue Oct 13, 2009 7:42 pm

The most arduous access point ever: hAP ax³

Fri Jul 19, 2024 11:04 pm

AMENDED: I have added a zip file containing both an exported script and backup. Sorry was a long day and my rant overrode my common sense. I appreciate the comments and you guys are correct without looking at the details only assumptions can be the outcome.
Login details: admin + 123letmein

This without a doubt has been the most arduous Mikrotik access point I have ever had the displeasure of dealing with in my near 20 years of using Mikrotik products. I have spent way to many hours dealing with this access point.

I am using this hAP ax³ strictly as an access point with DHCP relay set, all ports are in a bridge and the bridge is a DHCP client and it is connected via the 2.5Gbps ether port to an upstream CRS310 that is my gateway, DHCP, DNS, NAT and firewall filtering device. So I am using the minimalist settings for this hAP ax³ to serve as an access point, straight up KISS (keeping it stupid simple).

Some devices connect, can get to the web and surf, literally no issues. On the exact same radio I can connect a device, RECEIVE a DHCP address and all the correct network information, from that same radio, yet CANNOT get out to the internet. NO IT IS NOT THE DNS, otherwise none of my network would be working. There are multiple other devices connected via Ethernet to the CRS310 and none have any connection issues.

Some devices I have that are Wi-Fi 6 capable will connect on the 2.4Ghz or the 5Ghz and get an IP and network information from either radios, however they cannot surf the web on the 5Ghz side. Both radio's are in the same bridge with the other ethernet ports and everything that connects through that bridge can get to the web. For example my iPhone 14 Pro can connect to the 2.4Ghz side and surf the internet no issues, if I try the 5Ghz side it connects, I get an IP and all the rest of the network info, yet the iPhone tells me there is no internet and I cannot open any web sites! I can see the iPhone's MAC address assigned on that 5Ghz radio so I know it is successfully communicating with that radio, yet the iPhone cannot surf the web!

Yet I have two Reolink cameras that are connected on the 5GHz side and work perfectly. I can stream the camera directly to my iPhone from these cameras.

BEYOND FRUSTRATING, I literally want to take this hAP ax³ out side and shoot it with my 12 gauge, but I don't want to waste the shells.

What are the optimal settings for using this hAP ax³ in the USA, for both radios, on the channel tab, what frequencies are best?

Does anyone have this hAP ax³ setup and work without client issues? If so, would you kindly pass along your setup?

If I cannot get this thing working in the next coming days I will just returned it and go back to my reliable RB4011.

Is it possible that I received a bad hAP ax³?
You do not have the required permissions to view the files attached to this post.
Last edited by webequipped on Sat Jul 20, 2024 5:32 pm, edited 6 times in total.
 
infabo
Forum Guru
Forum Guru
Posts: 1177
Joined: Thu Nov 12, 2020 12:07 pm

Re: The most arduous access point ever: hAP 3ax

Fri Jul 19, 2024 11:13 pm

without seeing your config nobody will reply to this rant
 
MichalPospichal
newbie
Posts: 34
Joined: Sun Feb 04, 2018 11:27 pm
Location: Czech Republic

Re: The most arduous access point ever: hAP 3ax

Sat Jul 20, 2024 12:54 am

Do you have HW offloading set to OFF on the bridge? Try to activate RSTP there and retry.
 
holvoetn
Forum Guru
Forum Guru
Posts: 6024
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: The most arduous access point ever: hAP 3ax

Sat Jul 20, 2024 8:33 am

without seeing your config nobody will reply to this rant
The only and most sensible reply possible, indeed ...
 
User avatar
tangent
Forum Guru
Forum Guru
Posts: 1566
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: The most arduous access point ever: hAP ax³

Sat Jul 20, 2024 9:00 am

…my near 20 years of using Mikrotik products…

…may be leading you astray, because these new ax routers' behavior differs in quite a number of ways from the old ones. If all you did was copy your RB4011 config over, it's no wonder you're having trouble. (Details: 1, 2)

I literally want to take this hAP ax³ out side and shoot it with my 12 gauge

Send it to me. I can put it to a better use than as a skeet clay.

I mean, have you ever tried cleaning the remains of an ax³ off a target range before, to comply with the club's littering rules? Talk about frustrating, try'na find all them little plastic bits…

what frequencies are best?

Being a home user, I leave mine free to pick. Hard-coding frequencies is for large sites with fixed AP layouts, where you can make a plan and have a reasonable hope that it will stick long enough to be worth the effort. At home, surrounded by neighbors who wouldn't follow your careful plan even if you laid it out for them with charts and graphs, not even if you offered free cookies? Nah; lunacy.

would you kindly pass along your setup?

If you'll reset your router to the defaults and post that configuration for me, I'll diff mine against yours. I'd appreciate it if you did it via "/export terse show-sensitive", with PII like the MAC, default SSID, and default PSKs manually redacted. (That will in turn let me add it to my collection, for future use.)

If you want me to do the resetting instead, you'll be waiting until I get both a lull where I can risk my device being out of commission and the itch to go and do it. You, on the other hand, already have a broken config, so what've you got to lose?
 
User avatar
Nullcaller
Member Candidate
Member Candidate
Posts: 172
Joined: Mon Oct 16, 2023 3:09 pm

Re: The most arduous access point ever: hAP ax³

Sat Jul 20, 2024 5:14 pm

I hate to break it to you, but the people you're talking to on this forum are, generally speaking, not the unfortunate souls that are responsible for the design of the hAP ax³. I understand your frustration. Truly, I do. But without an effort from yourself to efficiently convey information, as opposed to conveying your anger and frustration, no one on this forum will be able to help you, including myself. To that extent, a great first step would be to paste

/export file=hAPax3-cfg.rsc

into the terminal of your ax3, press Enter, upload the contents of the file generated to some file-sharing website (or even just paste it directly into a forum post), and share it in this topic. Note that RouterOS 7 hides sensitive data by default, unlike RouterOS 6, which required 'hide-sensitive' argument passed to the '/export' command. Also, if you reiterated the results of experiments you performed (which device works, which doesn't, etc) in a more understandable and less ranty format, that'd be nice, thanks.
 
User avatar
webequipped
newbie
Topic Author
Posts: 27
Joined: Tue Oct 13, 2009 7:42 pm

Re: The most arduous access point ever: hAP ax³

Sat Jul 20, 2024 5:19 pm

See my apology and attached script in the original post. Login details are posted there as well.

Here you go Tangent:

/interface bridge add name=LanBridge port-cost-mode=short
/interface ethernet set [ find default-name=ether1 ] advertise=10M-baseT-half,10M-
baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,2.5G-baseT comment=Eth1 l
2mtu=1598 name=LAN1
/interface ethernet set [ find default-name=ether2 ] comment=Eth2 l2mtu=1598 name=
LAN2
/interface ethernet set [ find default-name=ether3 ] comment=Eth3 l2mtu=1598 name=
LAN3
/interface ethernet set [ find default-name=ether4 ] comment=Eth4 l2mtu=1598 name=
LAN4
/interface ethernet set [ find default-name=ether5 ] comment=Eth5 l2mtu=1598 name=
LAN5
/interface wifi security add authentication-types=wpa2-psk,wpa3-psk disabled=no en
cryption=ccmp,gcmp,ccmp-256,gcmp-256 group-key-update=1h management-protection=all
owed name=WifiSec passphrase=123letmein wps=disable
/interface wifi set [ find default-name=wifi2 ] channel.band=2ghz-ax .frequency=24
12,2432,2462 .skip-dfs-channels=10min-cac .width=20mhz comment=House configuration
.country="United States" .mode=ap .ssid=MyHouse disabled=no name=House2.4GHz secur
ity=WifiSec
/interface wifi set [ find default-name=wifi1 ] channel.band=5ghz-ax .frequency=51
80,5250,5745 .skip-dfs-channels=10min-cac .width=20/40/80mhz comment=House5GHz con
figuration.country="United States" .mode=ap .ssid=MyHouse5GHz disabled=no name=Hou
se5GHz security=WifiSec
/interface bridge port add bridge=LanBridge ingress-filtering=no interface=LAN4 in
ternal-path-cost=10 path-cost=10
/interface bridge port add bridge=LanBridge ingress-filtering=no interface=LAN5 in
ternal-path-cost=10 path-cost=10
/interface bridge port add bridge=LanBridge ingress-filtering=no interface=LAN2 in
ternal-path-cost=10 path-cost=10
/interface bridge port add bridge=LanBridge interface=LAN3 internal-path-cost=10 p
ath-cost=10
/interface bridge port add bridge=LanBridge interface=House5GHz internal-path-cost
=10 path-cost=10
/interface bridge port add bridge=LanBridge interface=House2.4GHz internal-path-co
st=10 path-cost=10
/interface bridge port add bridge=LanBridge interface=LAN1
/interface bridge port add bridge=LanBridge interface=*B
/interface bridge port add bridge=LanBridge interface=all
/ip neighbor discovery-settings set discover-interface-list=!dynamic
/ip dhcp-client add interface=LanBridge
/ip dhcp-relay add dhcp-server=192.168.50.1 disabled=no interface=LanBridge name=d
hcpRelay
/ip dns set allow-remote-requests=yes
/ip firewall service-port set ftp disabled=yes
/ip service set telnet disabled=yes port=23
/ip service set ftp disabled=yes port=21
/ip service set www port=80
/ip service set ssh disabled=yes port=22
/ip service set api port=8728
/ip service set winbox port=8291
/ip service set api-ssl port=8729
/system clock set time-zone-autodetect=no time-zone-name=US/Pacific
/system clock manual set dst-delta=+01:00 time-zone=-07:00
/system identity set name=AP1-AX-House
/system note set show-at-login=no
/system ntp client set enabled=yes
/system ntp client servers add address=0.us.pool.ntp.org
/system ntp client servers add address=1.us.pool.ntp.org
/system ntp client servers add address=2.us.pool.ntp.org
/system ntp client servers add address=3.us.pool.ntp.org
 
User avatar
Nullcaller
Member Candidate
Member Candidate
Posts: 172
Joined: Mon Oct 16, 2023 3:09 pm

Re: The most arduous access point ever: hAP ax³

Sat Jul 20, 2024 5:28 pm

See my apology and attached script in the original post. Login details are posted there as well.

Apology accepted, but delete login details this instant. They aren't needed, and you should never share them, because security concerns. I don't think it's that bad for a device only accessible from your local network. But it's the principle that should be followed here. If you use these credentials on your edge router or something, definitely change them, though.
 
User avatar
webequipped
newbie
Topic Author
Posts: 27
Joined: Tue Oct 13, 2009 7:42 pm

Re: The most arduous access point ever: hAP ax³

Sat Jul 20, 2024 5:34 pm

I made them up on the fly just encase someone could not get into the settings I provided. I would never post any real credentials I use. Same with the password on the wifi security. :-)
 
User avatar
Nullcaller
Member Candidate
Member Candidate
Posts: 172
Joined: Mon Oct 16, 2023 3:09 pm

Re: The most arduous access point ever: hAP ax³

Sat Jul 20, 2024 5:40 pm

I made them up on the fly just encase someone could not get into the settings I provided. I would never post any real credentials I use. Same with the password on the wifi security. :-)

Ah, good then.

I took a look at the config... So, why do you need a DHCP relay on the ax³, again? All your interfaces are in one bridge... And two times, actually? All interfaces are in the bridge individually, then there's the "all" entry (which has different settings, so that may be it as well), then there's also a dead pointer entry, "*B". Say what, try and remove the "all" entry and the "*B" entry from Bridge > Ports, then see if it works.
 
User avatar
webequipped
newbie
Topic Author
Posts: 27
Joined: Tue Oct 13, 2009 7:42 pm

Re: The most arduous access point ever: hAP ax³

Sat Jul 20, 2024 5:56 pm

I will give it a try and report back. I find that curious about the bridge because I am sure I only used the "All" setting. I am to lazy to add them one at a time. :-)
DHCP relay = is not needed since the server is on the same sub net.
 
User avatar
Nullcaller
Member Candidate
Member Candidate
Posts: 172
Joined: Mon Oct 16, 2023 3:09 pm

Re: The most arduous access point ever: hAP ax³

Sat Jul 20, 2024 6:07 pm

I will give it a try and report back. I find that curious about the bridge because I am sure I only used the "All" setting. I am to lazy to add them one at a time. :-)
DHCP relay = is not needed since the server is on the same sub net.

Ah, I see. Remove the DHCP relay as well, then. It may be competing with the DHCP server that's on the CRS, and that might be what's happening here. Though I'd probably pin it on RSTP misbehaving because of a weird bridge config, rather than on DHCP weirdness.
 
ansky
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Sun Mar 10, 2024 6:10 pm

Re: The most arduous access point ever: hAP ax³

Sat Jul 20, 2024 6:14 pm

If you are using it as an AP, you can bridge the WiFi interface to the LAN interface, so the AP will act as a switch.
Remove the DHCP client and DHCP relay. The AP does not need an IP address and can be managed by WinBox if you are on the same switch.
Maybe you should specify vlan 1 in data path in the WiFi config, or some other vlan depending on what you use. Mikrotik uses vlan 1 as default.
Last edited by ansky on Sat Jul 20, 2024 6:29 pm, edited 1 time in total.
 
User avatar
Nullcaller
Member Candidate
Member Candidate
Posts: 172
Joined: Mon Oct 16, 2023 3:09 pm

Re: The most arduous access point ever: hAP ax³

Sat Jul 20, 2024 6:25 pm

If you are using it as an AP, you can bridge the WiFi interface to the LAN interface, so the AP will act as a switch.

That is entirely correct. However, that is also already the case, see config =P

Maybe you should specify vlan 1 in data path in the WiFi config, or some other vlan depending on what you use. Mikrotik uses vlan 1 as default.

Setting vlan to 1 explicitly is not required, and IMO it is better to leave VLAN-related settings alone in a VLAN-less environment, which this one seems to be.
 
ansky
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Sun Mar 10, 2024 6:10 pm

Re: The most arduous access point ever: hAP ax³

Sat Jul 20, 2024 6:31 pm

If you are using it as an AP, you can bridge the WiFi interface to the LAN interface, so the AP will act as a switch.

That is entirely correct. However, that is also already the case, see config =P

Maybe you should specify vlan 1 in data path in the WiFi config, or some other vlan depending on what you use. Mikrotik uses vlan 1 as default.

Setting vlan to 1 explicitly is not required, and IMO it is better to leave VLAN-related settings alone in a VLAN-less environment, which this one seems to be.
How do you know it's VLAN-less ? Maybe the router is using VLAN 1. Most mikrotik interfaces will use VLAN 1 if left unconfigured, except for WiFi.
 
User avatar
Nullcaller
Member Candidate
Member Candidate
Posts: 172
Joined: Mon Oct 16, 2023 3:09 pm

Re: The most arduous access point ever: hAP ax³

Sat Jul 20, 2024 6:40 pm

How do you know it's VLAN-less ? Maybe the router is using VLAN 1. Most mikrotik gear will use VLAN 1 if left unconfigured, but will not mark packets as VLAN 1 for WiFi.

Because I read the config and there's no mention of VLANs?

Sure, the interface on the CRS that's connected to the ax3 could somehow be configured as a VLAN1 access port. With somehow only tagged packets being admitted and untagged packets being dropped as opposed to tagged (Jackie Chan meme).

But that would mean that the entire ax3 would essentially be offline, and not a single client connected to it would be able to access the Internet. Which is not the case:

...my iPhone 14 Pro can connect to the 2.4Ghz side and surf the internet no issues...
 
ansky
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Sun Mar 10, 2024 6:10 pm

Re: The most arduous access point ever: hAP ax³

Sat Jul 20, 2024 6:43 pm

How do you know it's VLAN-less ? Maybe the router is using VLAN 1. Most mikrotik gear will use VLAN 1 if left unconfigured, but will not mark packets as VLAN 1 for WiFi.

Because I read the config and there's no mention of VLANs?

Sure, the interface on the CRS that's connected to the ax3 could somehow configured as a VLAN1 access port. With somehow only tagged packets being admitted and untagged packets being dropped as opposed to tagged (Jackie Chan meme).

But that would mean that the entire ax3 would essentially be offline, and not a single client connected to it would be able to access the Internet. Which is not the case:
Isn't tagging done by default on ethernet but not on WiFi? If a packets comes from WiFi headed for ethernet, it doesn't get tagged and the virtual bridge drops the traffic. This would explain why DHCP would work but nothing else. Since he setup a dhcp relay.

Image



...my iPhone 14 Pro can connect to the 2.4Ghz side and surf the internet no issues...
Maybe the iphone is tagging the traffic as VLAN 1.
 
User avatar
Nullcaller
Member Candidate
Member Candidate
Posts: 172
Joined: Mon Oct 16, 2023 3:09 pm

Re: The most arduous access point ever: hAP ax³

Sat Jul 20, 2024 6:53 pm

Look. We're talking VLAN-less config here. Not a single mention of VLANs in the config file. Which means that any and all Ethernet frames leaving the ax3 and going into the CRS are untagged. Yes, ChatGPT is correct, MikroTik uses VLAN1 by default as its native VLAN. No, by default, no packet is tagged, unless you specifically make it tag packets. Which means that if CRS only accepted tagged VLAN1 frames, which would be ludicrous, the entirety of the ax3 would be offline, as CRS would reject any and all frames coming from the ax3.

And no, iPhones don't VLAN-tag traffic. And even if iPhones did VLAN-tag traffic, they wouldn't randomly tag traffic only on the 2.4GHz interface, and not on the 5GHz one.
 
User avatar
webequipped
newbie
Topic Author
Posts: 27
Joined: Tue Oct 13, 2009 7:42 pm

Re: The most arduous access point ever: hAP ax³

Sat Jul 20, 2024 7:22 pm

Ok, did as you suggested Nullcaller.

I cleaned up the bridge, rebuild it from scratch, manually added each interface. I also removed the DHCP relay as the DHCP server is on the same network so it is not needed.

I now have it back in play and decide to test it again with my iPhone. It works normally on the 2.4Ghz radio, pages loading very fast all good. Switching over the 5Ghz side, produces the almost the same result. Pages do load however they on average always take over a full minute to do so. So an improvement of sorts...

I did order a new hAP ax3 and it arrived late last night. I now have that hAP ax3 manually configured with the same settings and replaced the other hAP ax3. Unfortunately no change in the behavior.

Here is the export from the new hAP ax3:

# 2024-07-20 09:20:11 by RouterOS 7.15.2
# software id = removed
#
# model = C53UiG+5HPaxD2HPaxD
# serial number = removed
/interface bridge add name=LanBridge
/interface ethernet set [ find default-name=ether1 ] name=LAN1
/interface ethernet set [ find default-name=ether2 ] name=LAN2
/interface ethernet set [ find default-name=ether3 ] name=LAN3
/interface ethernet set [ find default-name=ether5 ] name=LAN5
/interface ethernet set [ find default-name=ether4 ] name=LANr4
/interface wifi security add authentication-types=wpa2-psk,wpa3-psk disabled=no encryption=ccmp,gcmp,ccmp-256,gcmp-256 group-key-update=1h name=WifiSec passphrase=removed wps=dis
able
/interface wifi set [ find default-name=wifi2 ] channel.band=2ghz-ax .frequency=2412,2432,2462 .width=20/40mhz-Ce configuration.country="United States" .mode=ap .ssid=House disable
d=no name=House2.4GHz security=WifiSec
/interface wifi set [ find default-name=wifi1 ] channel.band=5ghz-ax .frequency=5180,5240,5745 .width=20/40/80mhz configuration.country="United States" .mode=ap .ssid=House5GHz dis
abled=no name=House5GHz security=WifiSec
/interface bridge port add bridge=LanBridge interface=LAN1
/interface bridge port add bridge=LanBridge interface=LAN2
/interface bridge port add bridge=LanBridge interface=LAN3
/interface bridge port add bridge=LanBridge interface=LANr4
/interface bridge port add bridge=LanBridge interface=LAN5
/interface bridge port add bridge=LanBridge interface=House2.4GHz
/interface bridge port add bridge=LanBridge interface=House5GHz
/ip neighbor discovery-settings set discover-interface-list=!dynamic
/ip dhcp-client add interface=LanBridge
/ip dns set allow-remote-requests=yes
/system clock set time-zone-name=America/Los_Angeles
/system identity set name=AP2-AX-House
/system note set show-at-login=no
/system routerboard settings set auto-upgrade=yes

I am bewildered and dismayed to say the least.... :-(
 
ansky
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Sun Mar 10, 2024 6:10 pm

Re: The most arduous access point ever: hAP ax³

Sat Jul 20, 2024 7:44 pm

/interface wifi set [ find default-name=wifi1 ] channel.band=5ghz-ax .frequency=5180,5240,5745 .width=20/40/80mhz configuration.country="United States" .mode=ap .ssid=House5GHz dis
abled=no name=House5GHz security=WifiSec
Please do a simple test, use only 20 MHz width on 5 GHz, set frequency as 5180-5650. Set tx power 15. Disable 2.4 GHz. Be about 10 feet from the router.
 
erlinden
Forum Guru
Forum Guru
Posts: 2295
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: The most arduous access point ever: hAP ax³

Sat Jul 20, 2024 8:29 pm

Use wpa2-aes only for the time being. And only ccmp. And turn on debug logging on wifi to get some more insights.
 
User avatar
Nullcaller
Member Candidate
Member Candidate
Posts: 172
Joined: Mon Oct 16, 2023 3:09 pm

Re: The most arduous access point ever: hAP ax³

Sat Jul 20, 2024 8:59 pm

It works normally on the 2.4Ghz radio, pages loading very fast all good. Switching over the 5Ghz side, produces the almost the same result. Pages do load however they on average always take over a full minute to do so. So an improvement of sorts...

And now I'm getting Vietnam flashbacks from all other topics about the ax^3...

Could you please run
/interface/wifi/radio/reg-info country="United States" number=0
and
/interface/wifi/monitor [find default-name=wifi1]
and copy and paste the results here?

Also, where did you buy the ax3s from, and is it Amazon, perchance?
 
User avatar
Nullcaller
Member Candidate
Member Candidate
Posts: 172
Joined: Mon Oct 16, 2023 3:09 pm

Re: The most arduous access point ever: hAP ax³

Sat Jul 20, 2024 9:10 pm

Also, two more things to try:
  • Try testing the speed really really close to the router, no more than 3 feet away.
  • Try replacing the antennas, if you have different ones. Take care to switch the router off before unscrewing anything.
 
infabo
Forum Guru
Forum Guru
Posts: 1177
Joined: Thu Nov 12, 2020 12:07 pm

Re: The most arduous access point ever: hAP ax³

Sat Jul 20, 2024 10:06 pm

Just viewed the config from zip in original post. I see no reason for DHCP relay, this is not needed when all devices on same subnet. and as already mentioned, bridge interface=all should be removed - I do not even know what this does actually.
 
User avatar
tangent
Forum Guru
Forum Guru
Posts: 1566
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: The most arduous access point ever: hAP ax³

Sun Jul 21, 2024 2:45 am

Here you go Tangent:

That isn't at all what I asked you for. It isn't…

  • …the default configuration, but instead this heavily-changed AP bridge thing you're trying to set up. While it is highly useful to see what you're trying to do, I want you to realize that the reason I asked for the defconf was so that I could have a clean baseline to diff my local configuration against, since it's closer to stock than yours is. Without that baseline, I was left with two hard choices: either try to produce a 3-way diff without the common baseline version on hand, or take the risk of resetting my own working router for the purpose of this comparison.
  • …terse mode, which meant I had to go in and fix all the whitespace changes to get a clean diff
  • …cleaned of PII; this is important not merely for your privacy but because the baselines I'm using here to diff against are cleaned of PII, causing more work in identifying the important differences. (For one, you've given away your router's serial number, which means a malefactor knows where to try breaking in if you were to ever enable MT's nebulously-named (hah!) Cloud service.)

When someone asks you for something on this forum, please assume they have good reasons for asking, and don't second-guess them. Disregarding reasonable requests for information makes it harder for people to help you. It's in your interest to help us succeed in helping you, is it not?

Being the weekend, I chose to take the gamble on resetting the local ax³ acting as my Internet gateway router in order to get a clean baseline. I've uploaded it here for others' comparison.

This allowed me to produce this diff against one of the two exports you provided. As you can see, you've changed a lot of things. Me, if I saw that much red in a diff, I'd at least entertain the hypothesis that I broke something with all that change, not go straight to blaming the baseline I started from. One of the key rules of troubleshooting is, take small steps, and test after each step. Then you know where things broke.

I decided to strip all the configuration flotsam out of your export and reset a few things to defconf state to clear some of the noise away. (e.g. "LanBridge" → "bridge", interface names back to defconf, etc.) The resulting diff is a bit more readable, but not by much. We can see that you've still changed a lot of things. Some things of note:

  • Naming the SSIDs differently for 2.4 and 5GHz isn't a great practice. It prevents roaming, which modern WiFi devices expect to handle on their own.
  • Abstracting common elements like "wifi security…name=WifiSec" is a good practice. I'd recommend doing more of that with "/internet wifi configuration" and such. Ideally, the 2.4 and 5GHz sections should be identical but for radio-specific details, as in my (working!) config below.
  • I find it worth repeating that setting channels on a home router is silliness unless you're out in the middle of nowhere or somehow able to control what your neighbors are doing. The only exception I find to this is to exclude one of the defaults where it's known to interfere, and even then, you can expect the radio firmware to figure that out on its own.
  • The "interface=*B" bit is a result of configuring something one way, deleting the referent, and leaving the old config change behind, pointing at nothing. Remove it.

As promised, here are the salient elements of the diff of my config relative to the same baseline:

/interface wifi configuration add channel.skip-dfs-channels=10min-cac country="United States" disabled=no mode=ap name=HomeWiFi security.authentication-types=wpa2-psk,wpa3-psk .ft=yes .ft-over-ds=yes .passphrase="**ELIDED**" ssid="Home WiFi" 
/interface wifi set [ find default-name=wifi1 ] channel.band=5ghz-ax .width=20/40/80mhz configuration=HomeWiFi
/interface wifi set [ find default-name=wifi2 ] channel.band=2ghz-ax .width=20/40mhz configuration=HomeWiFi

Notice that it abstracts the common elements of the two radios' configurations with the "/interface wifi configuration add…" line, referenced from the two "wifi set" lines. The only material difference you might want to keep is your restriction of the 2.4 GHz radio to 20 MHz channels; I may end up doing that myself.

This configuration works. In particular, my iPhone roams between the 2.4 and 5GHz networks without hassle. I'm not the type to dive deeply into something that's working, so perhaps there is some strange handoff problem I don't see, but the important bit is that I don't see it. From my perspective, everything works fine, which is all I asked of it. 🤓
 
User avatar
Nullcaller
Member Candidate
Member Candidate
Posts: 172
Joined: Mon Oct 16, 2023 3:09 pm

Re: The most arduous access point ever: hAP ax³

Sun Jul 21, 2024 5:00 am

@tanget, that was a heck of a tangent.

...my iPhone roams between the 2.4 and 5GHz networks without hassle. I'm not the type to dive deeply into something that's working, so perhaps there is some strange handoff problem I don't see, but the important bit is that I don't see it. From my perspective, everything works fine, which is all I asked of it. 🤓

If you take a hammer to your ax3, then just close your eyes for a sec, you won't be able to see that nothing works! Unless of course you count the quick flashback montage that will be streamed directly from your memory into your consciousness on repeat if you actually do this. But, I mean, who counts that?

Couple of things:
  • If you just look at the config itself, rather than gawping at the red in the diff, you'll see that the original config provided by @webequipped is pretty much just default CAP config, with a few things changed around, with a lot of changes being not relevant to the situation at hand. You're not telling me setting NTP servers is gonna impact your wifi performance, now, are you?
  • Having 2.4 GHz and 5 GHz networks separate is a matter of preference. Your clients aren't necessarily gonna be the smartest on earth. I find the roaming decisions of mine pretty dumb some of the time, despite all my networks being chef's kiss level optimized for roaming. Naming 2.4 and 5 GHz networks differently provides you with the ability to fine-tune your client's behavior, which I quite like.
  • Having channels specified makes a heck of a lot of sense in a home environment. MikroTik routers are dumb with channel auto-selection, and if you think otherwise, you've just been moderately lucky. They will randomly select 5745/Ceee with max power set to 14 dBm by local regulations in Europe. They prefer higher 5 GHz channels, so if you have any devices that don't work with 5735-5815 frequency range, no 5 GHz for you for random periods of time. They will gaslight themselves into believing that 10-min DFS channels are really the bestest choice there is, and patiently wait for a radar event while you're trying to log into them to figure out why there's no wifi after you rebooted the router. (that, at the very least, can be avoided with the 'skip-dfs-channels' setting) And if your interference situation is good, which it might as very well be, setting channels explicitly in a small CAPsMAN setup makes a lot of sense. You just have one router on the non-DFS supported-by-every-device 5180 frequency, and another one on some wild shiny new 5745 that allows more power in some countries.
  • All of this is irrelevant. None of this matters. The 2.4/5 GHz names aren't the problem. The channel selection isn't the problem. And the in-depth diff analysis you did doesn't actually matter. Because if you just scrolled down, you would see the updated config. With most of the config bloat removed. Without the "*B" dead pointer. Without the "interface=all" in bridge. And guess what? It kinda works now, but the problem is different. The problem now, is the old one. The one the ax3 seemingly can't escape...

The problem now is that the 5 GHz interface, specifically, is slow for no apparent reason. That's what should be discussed. Not SSID naming conventions.
 
User avatar
Nullcaller
Member Candidate
Member Candidate
Posts: 172
Joined: Mon Oct 16, 2023 3:09 pm

Re: The most arduous access point ever: hAP ax³

Sun Jul 21, 2024 5:10 am

Just so that we're all on the same page, here's the post with the latest config, edited slightly:

I cleaned up the bridge, rebuild it from scratch, manually added each interface. I also removed the DHCP relay as the DHCP server is on the same network so it is not needed.

I now have it back in play and decide to test it again with my iPhone. It works normally on the 2.4Ghz radio, pages loading very fast all good. Switching over the 5Ghz side, produces the almost the same result. Pages do load however they on average always take over a full minute to do so. So an improvement of sorts...

I did order a new hAP ax3 and it arrived late last night. I now have that hAP ax3 manually configured with the same settings and replaced the other hAP ax3. Unfortunately no change in the behavior.

Here is the export from the new hAP ax3:
# 2024-07-20 09:20:11 by RouterOS 7.15.2
# software id = removed 
#
# model = C53UiG+5HPaxD2HPaxD
# serial number = removed 
/interface bridge add name=LanBridge
/interface ethernet set [ find default-name=ether1 ] name=LAN1
/interface ethernet set [ find default-name=ether2 ] name=LAN2
/interface ethernet set [ find default-name=ether3 ] name=LAN3
/interface ethernet set [ find default-name=ether5 ] name=LAN5
/interface ethernet set [ find default-name=ether4 ] name=LANr4
/interface wifi security add authentication-types=wpa2-psk,wpa3-psk disabled=no encryption=ccmp,gcmp,ccmp-256,gcmp-256 group-key-update=1h name=WifiSec passphrase=removed wps=dis
able
/interface wifi set [ find default-name=wifi2 ] channel.band=2ghz-ax .frequency=2412,2432,2462 .width=20/40mhz-Ce configuration.country="United States" .mode=ap .ssid=House disable
d=no name=House2.4GHz security=WifiSec
/interface wifi set [ find default-name=wifi1 ] channel.band=5ghz-ax .frequency=5180,5240,5745 .width=20/40/80mhz configuration.country="United States" .mode=ap .ssid=House5GHz dis
abled=no name=House5GHz security=WifiSec
/interface bridge port add bridge=LanBridge interface=LAN1
/interface bridge port add bridge=LanBridge interface=LAN2
/interface bridge port add bridge=LanBridge interface=LAN3
/interface bridge port add bridge=LanBridge interface=LANr4
/interface bridge port add bridge=LanBridge interface=LAN5
/interface bridge port add bridge=LanBridge interface=House2.4GHz
/interface bridge port add bridge=LanBridge interface=House5GHz
/ip neighbor discovery-settings set discover-interface-list=!dynamic
/ip dhcp-client add interface=LanBridge
/ip dns set allow-remote-requests=yes
/system clock set time-zone-name=America/Los_Angeles
/system identity set name=AP2-AX-House
/system note set show-at-login=no
/system routerboard settings set auto-upgrade=yes
I am bewildered and dismayed to say the least.... :-(

@webequipped, please remove the old config from the original post and add the link to the post with the new one, or just update it.
 
User avatar
tangent
Forum Guru
Forum Guru
Posts: 1566
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: The most arduous access point ever: hAP ax³

Sun Jul 21, 2024 5:32 am

Having 2.4 GHz and 5 GHz networks separate is a matter of preference.

You're telling me that bridging the two wifi networks has no effect on the original problem statement, where one side works and the other doesn't? You don't think it's even worth trying to see if it suddenly starts working when you allow the router to see that both sides are the same modulo fine details regarding frequencies and such?

I repeat: my config works. I just got a 656 Mbit/sec iperf3 result across my ax³ to an iPhone while standing right next to it. I get about half of that in the next room over. I've seen better, but while this may be slower than I'd like, it isn't "slow" by any reasonable standard.

MikroTik routers are dumb with channel auto-selection…max power set to 14 dBm by local regulations in Europe.

It may be relevant that the OP and I are both in the US, where these problems may not occur. A lot of the moaning about the ax³ I'm seeing is from people in other countries, citing issues like incorrect radio power tables.

if you just scrolled down, you would see the updated config.

Yes, it's true, I did not read each and every message in the thread after the one directed at me. I am clearly a very bad person and should stop trying to help.
 
User avatar
Nullcaller
Member Candidate
Member Candidate
Posts: 172
Joined: Mon Oct 16, 2023 3:09 pm

Re: The most arduous access point ever: hAP ax³

Sun Jul 21, 2024 5:56 am

You're telling me that bridging the two wifi networks has no effect on the original problem statement, where one side works and the other doesn't?

No, I'm telling you naming SSIDs has no effect on the original problem. It might hide the problem, by the means of clients learning to roam away from the slow 5GHz radio, if you have them on the same SSID. It will not solve it.

I repeat: my config works. I just got a 656 Mbit/sec iperf3 result across my ax³ to an iPhone while standing right next to it. I get about half of that in the next room over. I've seen better, but while this may be slower than I'd like, it isn't "slow" by any reasonable standard.

That I do not doubt. However, there's been quite a few ax3s on this forum now (some of them from the US, if memory serves me right) that just plain don't work that way no matter what you do. Speeds are terrible on the 5GHz interface specifically anywhere but right next to the router. I have personally tried a config from such an ax3 on my own ax3, and found that the config worked perfectly on mine. So, at least with one such ax3, which had the same weird symptoms as all other ax3s, this had likely been a hardware problem. I am thus working on the assumption that this is one as well.

Heck, you know what? Please hold, I will try the exact config @webequipped provided on my ax3, and will return with the results in the next, say, 30 minutes.

Yes, it's true, I did not read each and every message in the thread after the one directed at me. I am clearly a very bad person and should stop trying to help.

No, you aren't, and you shouldn't. That said, I still find it kind of funny that you wrote a whole wall of text about an old config, probably spending, like, 10-30 minutes on it, whereas if you spent 2 minutes scrolling down, you'd just go "Oh" and that would be it. I mean, it sucks, I've been there myself: "AND NOW I SHALL DESTROY THEM WITH MY PERFECTLY CRAFTED ARG- Oh... ... ... oh... ... ... Maaaaan!" But we must collectively move beyond this if we are to succeed :)
 
User avatar
tangent
Forum Guru
Forum Guru
Posts: 1566
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: The most arduous access point ever: hAP ax³

Sun Jul 21, 2024 6:33 am

naming SSIDs…might hide the problem, by the means of clients learning to roam away from the slow 5GHz radio

If that were happening here, I wouldn't be getting 656 Mbit/sec with iperf3. That's plain impossible on 2.4 GHz, particularly since I took the OP's implicit hint and switched off 40 MHz channel support here on that band.

a hardware problem

Sure, I'll buy that, given suitable tests.

you wrote a whole wall of text about an old config, probably spending, like, 10-30 minutes on it

Yes, it took me a long time to compose the message you took such offense to. Probably closer to an hour, what with the need to reset my local ax³ to factory settings to get a baseline.

But, would I have written anything different based on the new config? Not really. Sure, I wouldn't have brought up the now-fixed *B damage, but the rest of my critiques remain as relevant as they were before.

And I ain't sayin' they're unassailable, merely that the concerns I brought up haven't changed, based on the latest diff.

Whether my ideas of what's relevant here are correct is a separate matter. I'll always step back from a position when confronted with hard data proving it untenable.
 
User avatar
Nullcaller
Member Candidate
Member Candidate
Posts: 172
Joined: Mon Oct 16, 2023 3:09 pm

Re: The most arduous access point ever: hAP ax³

Sun Jul 21, 2024 6:52 am

I am coming to you live from a Wi-Fi network called 'House5GHz' (password 12345678 if you wanna jump in as well). Sorry, took a bit longer than I expected, I had to dangle an RB1100 from an Ethernet cable (I wish one day I could be as strong as that Ethernet cable). Anyway, here's some quick and dirty speedtesting action:

Screenshot_20240721_064342_Speedtest.png
(this one is pretty far away from the router, as far away as I can go without leaving the house)

Screenshot_20240721_064420_Speedtest.png
(this one is right in front of the router)


Unless @webequipped made the common mistake of putting the router in a concrete box with walls 6 feet thick, I daresay they should be able to access the Internet at decent speeds. Maybe the problem is testing methodology, or the configuration of the CRS. But it is, in all likelihood, not with the ax3's configuration.
You do not have the required permissions to view the files attached to this post.
 
User avatar
Nullcaller
Member Candidate
Member Candidate
Posts: 172
Joined: Mon Oct 16, 2023 3:09 pm

Re: The most arduous access point ever: hAP ax³

Sun Jul 21, 2024 8:15 am

Now that I think of it, a few facts might be significant:
  1. I have the international version of the hAP ax3.
  2. It auto-chose frequency 5745.

I mean, the issue still probably lies either with hardware or with firmware (someone fat-fingering 3 dBm instead of 30 into firmware regulatory limitations that might be different from RouterOS regulatory limitations because reasons, and this is only the case for the US version because FCC or something). But it might be a good idea to test different frequencies to confirm that the behavior stays the same.
 
User avatar
tangent
Forum Guru
Forum Guru
Posts: 1566
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: The most arduous access point ever: hAP ax³

Sun Jul 21, 2024 8:19 am

I had to dangle an RB1100 from an Ethernet cable

Fun coincidence: my ax³ was dangling from its Ethernet cables at one point in the above testing, too, and it was due to a design error I'll happily lay at MT's feet: putting only one PoE port on it, and making it the same one for in and out.

I power my ax³ from a PoE switch so I only have to buy one UPS. That means ether1 has to be a LAN port, so I moved the WAN to ether5. The thing is, when you reset the router to defconf, the PoE in port reverts to a WAN port and thus quite reasonably will not respond to MAC-WinBox. I had to go dig the box out of storage to find the power brick, and the cord wouldn't stretch until I had the router hanging by its Ethernet cables.

I concede the usefulness of PoE out on this box for powering an LTE modem or WISP CPE antenna, but PoE in should be on ether5. I've asked, and nobody has given me an example of WAN CPE that provides PoE. That's a LAN-side function.

quick and dirty speedtesting action

If you were trying to make us jealous by showing off your symmetric Internet connection, you've succeeded. I've gotta use iperf3 inside the house to stress this router's capabilities.

But it is, in all likelihood, not with the ax3's configuration.

Conceded, happily.

I love bending Cunningham's Law to my own selfish ends. 🤓
 
User avatar
tangent
Forum Guru
Forum Guru
Posts: 1566
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: The most arduous access point ever: hAP ax³

Sun Jul 21, 2024 8:38 am

I have the international version of the hAP ax3.

Mine's the "-US" variant even though it came to me through Getic.

It auto-chose frequency 5745

How do you make it admit that truth, please? All I can get is a long list of available channels, plus the "Scan" function, which doesn't show "me" in the list.
 
User avatar
Nullcaller
Member Candidate
Member Candidate
Posts: 172
Joined: Mon Oct 16, 2023 3:09 pm

Re: The most arduous access point ever: hAP ax³

Sun Jul 21, 2024 8:42 am

putting only one PoE port on it, and making it the same one for in and out.

<...>

I concede the usefulness of PoE out on this box for powering an LTE modem or WISP CPE antenna, but PoE in should be on ether5. I've asked, and nobody has given me an example of WAN CPE that provides PoE. That's a LAN-side function.

Yes, yes, YES! My god. Finally, somebody said it! Everyone, are you seeing this? Somebody ranted about this and it wasn't me! I didn't start it! I'm not insane! Not gonna lie, I feel so validated right now.

I guess they put PoE in on port 1 because they always put it on port 1 with all the APs, which makes perfect sense. But making port 1 PoE out as well? Why did you have to hurt me like that, MikroTik?

My WAN is also on port 5 because of this. I power the ax3 off of a PoE injector in a different room that's plugged into a UPS. I don't have frequent power outages, but I do have some long-ish brownouts, and they're annoying. I also have a second box connected to the ax3. If I had a separate PoE out port, I could have powered it from the ax3. But I don't, so I have a second PoE injector, which is a bit ludicrous =P

If you were trying to make us jealous by showing off your symmetric Internet connection, you've succeeded. I've gotta use iperf3 inside the house to stress this router's capabilities.
8)
 
User avatar
Nullcaller
Member Candidate
Member Candidate
Posts: 172
Joined: Mon Oct 16, 2023 3:09 pm

Re: The most arduous access point ever: hAP ax³

Sun Jul 21, 2024 8:43 am

How do you make it admit that truth, please? All I can get is a long list of available channels, plus the "Scan" function, which doesn't show "me" in the list.

It should display so in the wifi interface status tab, or with 'monitor' command from cli. I used WiFi Analyzer, though.
 
User avatar
Nullcaller
Member Candidate
Member Candidate
Posts: 172
Joined: Mon Oct 16, 2023 3:09 pm

Re: The most arduous access point ever: hAP ax³

Sun Jul 21, 2024 8:53 am

Mine's the "-US" variant even though it came to me through Getic.

So you'll be able to test if the config works on the US version then :wink:

Speaking about Getic, I also have a pet theory that some of these weird ax3s are coming from Amazon returns rebadged as new routers. Someone plugs the ax3 in without antennas, reads the "DO NOT PLUG IN WITHOUT ANTENNAS OR IT WILL LITERALLY EXPLODE" label, puts it back in the box, and sends it to Amazon, where a sleep-deprived worker that hasn't been to the toilet for the last 36 hours has 0.09 picoseconds to check whether the device is in full working order, and voila, you have a borked ax3, sold as new.

It might be happening with other big-name brand retailers as well, because nobody is probably handling the returns for the ax3 properly, i.e. checking whether the WiFi works as it should.
 
User avatar
tangent
Forum Guru
Forum Guru
Posts: 1566
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: The most arduous access point ever: hAP ax³

Sun Jul 21, 2024 8:57 am

'monitor' command from cli.

Thank you.

My 5 GHz radio is on 5500/ax/Ceee at the moment, which according to the Freq. Scan tool in WinBox has 0% usage on all four of the 20 MHz sub-channels. I take that as validation that it did a good job choosing automatically even with a fair bit of competition around. My location is small-town center, so not rural, but not a big-city apartment building, either.

(I use 80 MHz channel widths max here since I don't have any client devices capable of 160.)
 
User avatar
Nullcaller
Member Candidate
Member Candidate
Posts: 172
Joined: Mon Oct 16, 2023 3:09 pm

Re: The most arduous access point ever: hAP ax³

Sun Jul 21, 2024 9:19 am

Not at all.

Yes, it really likes 5500 by default for some reason, but it can definitely roam to other frequencies if it decides so out of the blue. And my phone for some reason just refuses to see this frequency =P

As for 160 MHz width... Unfortunately, the ax3 itself doesn't support it. The only MT router that does, as far as I'm aware, is the Audience. And it is limited to 5500 and above, which practically means there's only one 160 MHz channel. Of course, there's 80+80, but that's no fun.

At least they're gonna be forced to finally support it all with WiFi 7. If you don't have no 160 MHz, you ain't WiFi 7, them's the rules.
 
User avatar
tangent
Forum Guru
Forum Guru
Posts: 1566
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: The most arduous access point ever: hAP ax³

Sun Jul 21, 2024 9:46 am

So you'll be able to test if the config works on the US version then :wink:

I've taken enough risks with my home IT core for one Saturday. Maybe tomorrow, but probably not, and definitely not during the week; I work from home.

I also have a pet theory that some of these weird ax3s are coming from Amazon returns rebadged as new routers.

In fact, mine was a return, but not fraudulently resold as new. I got a steep discount on it (~$80 at a time when supply was short) and was told up front it'd been used. I figured it was returned by someone who plugged it in, dropped a deuce when they saw the web/mobile UIs, and sent it back nearly untried.

There is a chance that your cooked-radio hypothesis explains why it isn't as fast as the <NAUGHTY-U-WORD-EXPURGATED> router it replaced, which could drill a 600 Mbit/sec hole through cinder block walls. On every other measure, this ax³ has been a major upgrade despite costing a fifth of what it replaced.
 
User avatar
Nullcaller
Member Candidate
Member Candidate
Posts: 172
Joined: Mon Oct 16, 2023 3:09 pm

Re: The most arduous access point ever: hAP ax³

Sun Jul 21, 2024 10:15 am

There is a chance that your cooked-radio hypothesis explains why it isn't as fast as the <NAUGHTY-U-WORD-EXPURGATED> router it replaced

Unlikely. The ax3 is fast, yes, but it does not maintain its fastness through obstacles too well. In fact, it can't really maintain the maximum 1200 Mbps speed with direct line of sight at a distance further than 3 feet. The obstacle is air. 3 feet of air drop the speed by 25%. So no wonder it can't drill 600 Mbps through cinder blocks.

Where it really shines at (at least if it's not borked), is maintaining decent speeds at a long range. It can probably cover a small-to-medium house on its own, without additional access points, if allowed to operate at maximum power. Which is kinda cool. So if it drills 50-100 megs, then it's probably fine.
 
User avatar
Nullcaller
Member Candidate
Member Candidate
Posts: 172
Joined: Mon Oct 16, 2023 3:09 pm

Re: The most arduous access point ever: hAP ax³

Sun Jul 21, 2024 10:26 am

I've taken enough risks with my home IT core for one Saturday. Maybe tomorrow, but probably not, and definitely not during the week; I work from home.

That's understandable. You could test out different frequencies without taking it out and loading a full new config onto it. That might be a good sanity check. Otherwise, I don't think it's worth it, really it. Unless it's something really specific in the firmware, like "if encryption=WPA3 && CCMP && someotherstuff and if the version is US, then set flame to the radio at the next full moon", we will learn nothing and just get frustrated.
 
ansky
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Sun Mar 10, 2024 6:10 pm

Re: The most arduous access point ever: hAP ax³

Sun Jul 21, 2024 4:19 pm

/interface wifi set [ find default-name=wifi1 ] channel.band=5ghz-ax .frequency=5180,5240,5745 .width=20/40/80mhz configuration.country="United States" .mode=ap .ssid=House5GHz dis
abled=no name=House5GHz security=WifiSec
Please do a simple test, use only 20 MHz width on 5 GHz, set frequency as 5180-5650. Set tx power 15. Disable 2.4 GHz. Be about 10 feet from the router.

The reason I suggested this is because my own ax3 shows worse performance on 80 MHz than on 40 MHz. Even 20 MHz performs better than 80 MHz, but 40 gives the best results to me. Maybe we received bad hardware.
 
User avatar
Nullcaller
Member Candidate
Member Candidate
Posts: 172
Joined: Mon Oct 16, 2023 3:09 pm

Re: The most arduous access point ever: hAP ax³

Mon Jul 22, 2024 6:30 am

The reason I suggested this is because my own ax3 shows worse performance on 80 MHz than on 40 MHz. Even 20 MHz performs better than 80 MHz, but 40 gives the best results to me. Maybe we received bad hardware.

Huh. @webequipped, in addition to all other tests I asked you to do, could you please also try this? In fact, try and drop it to 20 MHz, just to be sure.

It is entirely possible that it's somehow bad on 80 MHz but not on 40 MHz, because of how exactly WiFi cards usually fail. There's a great talk about it by Ron Touw.
 
Coughy
newbie
Posts: 45
Joined: Tue Apr 23, 2024 2:53 am
Location: Brisbane Au

Re: The most arduous access point ever: hAP ax³

Mon Jul 22, 2024 11:03 am

just my 2 cents worth im not as smart as these guys and girls but what firmware and routeros are you running OP??
I have a hap ax3 and the 7.14.3 is the best routeros and I have had very similar problems as you the later 7.15 and latest betas have broke a lot of usability for me anyhow on the hap ax3
upgrade or downgrade whichever you are at the moment and retry this it fixed my issues and my constant wan drop outs
 
User avatar
robmaltsystems
Long time Member
Long time Member
Posts: 669
Joined: Fri Jun 21, 2019 12:04 pm

Re: The most arduous access point ever: hAP ax³

Mon Jul 22, 2024 2:53 pm

>Remove the DHCP client

Is it okay to have this on the bridge - mainly so you can see what IP the access point/switch is using?

PS. I can sympathise with some of the posters frustration. I got a hAP ax2 for use at home. Mainly to get familiar with AX on RouterOS before I even consider using with clients. I've had it six months and still don't feel confident to start using with my clients... I seem to spend ages tweaking settings and my main Lenovo laptop still has trouble connecting at 5GHz AC at what I class to be "not far from the router". Hence my post just now about antenna size. My overall impression is Mikrotik still to do better with Wi-Fi...

PS. Yes, I admit the NIC in the Lenovo (Realtek) isn't the best in the world but if I connect a TP-Link access point in the same location, it connects to 5GHz at a good speed every time.
 
ansky
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Sun Mar 10, 2024 6:10 pm

Re: The most arduous access point ever: hAP ax³

Mon Jul 22, 2024 8:16 pm

>Remove the DHCP client

Is it okay to have this on the bridge - mainly so you can see what IP the access point/switch is using?
I think it's better that the AP does not have any IP during troubleshooting, to make sure it's not doing routing and that it's behaving as a simple switch.
 
User avatar
Nullcaller
Member Candidate
Member Candidate
Posts: 172
Joined: Mon Oct 16, 2023 3:09 pm

Re: The most arduous access point ever: hAP ax³

Tue Jul 23, 2024 12:10 pm

I must admit, that does make sense. In practice, the amount of sense it makes is vanishingly small, since AP can't route packets anywhere but back to the bridge anyway. But this is in the spirit of theoretical advice of removing variables that could affect the results of experiments, yes.
 
ansky
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Sun Mar 10, 2024 6:10 pm

Re: The most arduous access point ever: hAP ax³

Tue Jul 23, 2024 5:34 pm

I must admit, that does make sense. In practice, the amount of sense it makes is vanishingly small, since AP can't route packets anywhere but back to the bridge anyway. But this is in the spirit of theoretical advice of removing variables that could affect the results of experiments, yes.

Routing problems due to the AP are avoided. Routing loops and/or routing misconfigurations are prevented. The attack surface is decreased since the AP can't be managed at layer 3 (web, SSH, Telnet). The possibility of IP conflicts is avoided, and there is no need to keep track of an additional IP address. ARP traffic is decreased.

All in all, it eliminates the AP as a potential layer 3 problem and makes it function just as a switch. To me, it improves mental clarity.
I believe the best strategy for remote management of APs is to create EoIP tunnels. This reduces the amount of firewall rules for management traffic, forces proper segmentation and reduces attack surface to a minimum. Not having to deal with layer 3 routing is highly beneficial IMO.

Who is online

Users browsing this forum: tornadoro and 16 guests