Answer the question
In order to leave comments, you need to log in
Why does Mikrotik rb2011UiAS-2HnD + 2 wAP ac distribute WIFI 2 and 5 GHz unstable?
Good afternoon! I came to a new place of work, and here is Mikrotik rb2011uias-2hnd as a gateway and 2 wAP ac as an access point. I have never worked with Mikrotik, only with pfSense. Employees complain that the Internet falls off without any special prerequisites; they could not see any patterns. There is access to Mikrotik, passwords from access points have been lost for centuries, alas. Moreover, when searching for networks, 3 networks are visible - 2.5 GHz and some with wAP at the end
/interface bridge
add admin-mac=E4:8D:8C:0C:4C:2E auto-mac=no fast-forward=no name=bridge-local
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway speed=100Mbps
set [ find default-name=ether2 ] name=ether2-master-local speed=100Mbps
set [ find default-name=ether3 ] name=ether3-slave-local speed=100Mbps
set [ find default-name=ether4 ] name=ether4-slave-local speed=100Mbps
set [ find default-name=ether5 ] name=ether5-slave-local speed=100Mbps
set [ find default-name=ether6 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
ether6-master-local
set [ find default-name=ether7 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
ether7-slave-local
set [ find default-name=ether8 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
ether8-slave-local
set [ find default-name=ether9 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
ether9-slave-local
set [ find default-name=ether10 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
ether10-slave-local
/caps-man interface
add disabled=no mac-address=64:D1:54:1C:F3:95 master-interface=none name=\
cap10 radio-mac=64:D1:54:1C:F3:95 radio-name=64D1541CF395
add disabled=no mac-address=E4:8D:8C:6B:80:AF master-interface=none name=\
cap11 radio-mac=E4:8D:8C:6B:80:AF radio-name=E48D8C6B80AF
add disabled=no mac-address=E4:8D:8C:4B:0B:26 master-interface=none name=\
cap12 radio-mac=E4:8D:8C:4B:0B:26 radio-name=E48D8C4B0B26
add disabled=no mac-address=E4:8D:8C:BE:0E:E6 master-interface=none name=\
cap13 radio-mac=E4:8D:8C:BE:0E:E6 radio-name=E48D8CBE0EE6
add disabled=no mac-address=E4:8D:8C:BE:0E:E5 master-interface=none name=\
cap14 radio-mac=E4:8D:8C:BE:0E:E5 radio-name=E48D8CBE0EE5
add disabled=no mac-address=E4:8D:8C:72:A2:03 master-interface=none name=\
cap15 radio-mac=E4:8D:8C:72:A2:03 radio-name=E48D8C72A203
add disabled=no mac-address=E4:8D:8C:72:A2:02 master-interface=none name=\
cap16 radio-mac=E4:8D:8C:72:A2:02 radio-name=E48D8C72A202
add disabled=no mac-address=E4:8D:8C:D5:49:6D master-interface=none name=\
cap17 radio-mac=E4:8D:8C:D5:49:6D radio-name=E48D8CD5496D
add disabled=no mac-address=E4:8D:8C:D5:49:6C master-interface=none name=\
cap18 radio-mac=E4:8D:8C:D5:49:6C radio-name=E48D8CD5496C
add disabled=no mac-address=E4:8D:8C:4B:0B:24 master-interface=none name=\
cap21 radio-mac=E4:8D:8C:4B:0B:24
/caps-man datapath
add bridge=bridge-local name=datapath1
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm,tkip group-encryption=\
aes-ccm name=security1 passphrase=
/caps-man configuration
add channel.band=5ghz-a/n/ac channel.control-channel-width=20mhz \
channel.extension-channel=Ce channel.frequency=5180 channel.tx-power=38 \
datapath=datapath1 datapath.bridge=bridge-local guard-interval=any name=\
cfg1 rx-chains=0,1,2 security=security1 security.authentication-types=\
wpa2-psk security.encryption=aes-ccm,tkip security.group-encryption=\
aes-ccm security.passphrase= ssid= tx-chains=\
0,1,2
/caps-man interface
add arp=enabled channel.control-channel-width=20mhz channel.frequency=2412 \
configuration=cfg1 configuration.mode=ap configuration.ssid= \
disabled=no l2mtu=0 mac-address=00:00:00:00:00:00 master-interface=none \
mtu=1500 name=cap1 radio-mac=00:00:00:00:00:00
add arp=enabled configuration=cfg1 datapath=datapath1 datapath.bridge=\
bridge-local disabled=no l2mtu=1600 mac-address=E4:8D:8C:72:A1:FA \
master-interface=none mtu=1500 name=cap2 radio-mac=E4:8D:8C:72:A1:FA \
radio-name=E48D8C72A1FA security.authentication-types=wpa2-psk \
security.encryption=aes-ccm security.passphrase=
add arp=enabled configuration=cfg1 configuration.ssid= disabled=\
no l2mtu=1600 mac-address=E4:8D:8C:72:A1:F9 master-interface=none mtu=\
1500 name=cap3 radio-mac=E4:8D:8C:72:A1:F9 radio-name=E48D8C72A1F9
add arp=enabled configuration=cfg1 disabled=no l2mtu=1600 mac-address=\
D4:CA:6D:C6:12:E1 master-interface=none mtu=1500 name=cap4 radio-mac=\
D4:CA:6D:C6:12:E1 radio-name=D4CA6DC612E1
add arp=enabled configuration=cfg1 disabled=no l2mtu=1600 mac-address=\
E4:8D:8C:72:A1:FD master-interface=none mtu=1500 name=cap5 radio-mac=\
E4:8D:8C:72:A1:FD radio-name=E48D8C72A1FD
add arp=enabled configuration=cfg1 disabled=no l2mtu=0 mac-address=\
D4:CA:6D:C6:12:E2 master-interface=none mtu=1500 name=cap6 radio-mac=\
D4:CA:6D:C6:12:E2 radio-name=D4CA6DC612E2
add arp=enabled configuration=cfg1 disabled=no l2mtu=1600 mac-address=\
E4:8D:8C:72:A1:FC master-interface=none mtu=1500 name=cap7 radio-mac=\
E4:8D:8C:72:A1:FC radio-name=E48D8C72A1FC
add arp=enabled configuration=cfg1 disabled=no l2mtu=1600 mac-address=\
E4:8D:8C:6B:80:AE master-interface=none mtu=1500 name=cap8 radio-mac=\
E4:8D:8C:6B:80:AE radio-name=E48D8C6B80AE
add arp=enabled configuration=cfg1 disabled=no l2mtu=1600 mac-address=\
E4:8D:8C:4B:0B:25 master-interface=none mtu=1500 name=cap9 radio-mac=\
E4:8D:8C:4B:0B:25 radio-name=E48D8C4B0B25
/interface ovpn-client
add certificate= cipher=aes256 connect-to= \
disabled=yes mac-address= name= user=
/interface list
add exclude=dynamic name=discover
add name=
add name=mac-winbox
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk management-protection=allowed mode=\
dynamic-keys name= supplicant-identity=MikroTik \
wpa-pre-shared-key= wpa2-pre-shared-key=
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n country=\
no_country_set disabled=no distance=indoors frequency=2442 \
frequency-mode=manual-txpower mode=ap-bridge security-profile=\
Profile1 ssid= station-roaming=enabled \
wireless-protocol=802.11
/ip ipsec policy group
add name=l2tp-officegroup
/ip ipsec profile
add dh-group=modp1024 enc-algorithm=aes-256,aes-128,3des name=profile_1
/ip ipsec peer
add local-address=192.168.1.1 name=peer2 passive=yes profile=profile_1
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha512,sha256,sha1,md5 \
enc-algorithms=aes-256-ctr,aes-128-cbc,3des
/ip pool
add name=l2tp ranges=192.168.1.15-192.168.1.254
/ppp profile
add local-address=l2tp name="pptp office" remote-address=0.0.0.0 \
use-encryption=yes
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
add addresses=0.0.0.0/0 authentication-password=\
authentication-protocol=SHA1 encryption-password= name=\
security=private
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-enabled ip-address-ranges=192.168.1.5-192.168.1.250 \
master-configuration=cfg1 slave-configurations=cfg1
add action=create-enabled ip-address-ranges=192.168.1.55 \
master-configuration=cfg1 radio-mac=D4:CA:6D:C6:12:E2 \
slave-configurations=cfg1
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=ether6-master-local
add bridge=bridge-local hw=no interface=sfp1
add bridge=bridge-local interface=wlan1
add bridge=bridge-local disabled=yes interface=ether1-gateway
add bridge=bridge-local interface=ether3-slave-local
add bridge=bridge-local interface=ether4-slave-local
add bridge=bridge-local interface=ether5-slave-local
add bridge=bridge-local interface=ether7-slave-local
add bridge=bridge-local interface=ether8-slave-local
add bridge=bridge-local interface=ether9-slave-local
add bridge=bridge-local interface=ether10-slave-local
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface l2tp-server server
set allow-fast-path=yes default-profile=default enabled=yes ipsec-secret=\
use-ipsec=yes
/interface list member
add interface=sfp1 list=discover
add interface=ether2-master-local list=discover
add interface=ether3-slave-local list=discover
add interface=ether4-slave-local list=discover
add interface=ether5-slave-local list=discover
add interface=ether6-master-local list=discover
add interface=ether7-slave-local list=discover
add interface=ether8-slave-local list=discover
add interface=ether9-slave-local list=discover
add interface=ether10-slave-local list=discover
add interface=wlan1 list=discover
add interface=bridge-local list=discover
add interface=cap1 list=discover
add interface=cap2 list=discover
add interface=cap6 list=discover
add interface=cap3 list=discover
add interface=cap4 list=discover
add interface=cap5 list=discover
add interface=cap7 list=discover
add interface=cap8 list=discover
add interface=cap9 list=discover
add interface=cap21 list=discover
add interface=cap10 list=discover
add interface=cap11 list=discover
add interface=cap12 list=discover
add interface=cap13 list=discover
add interface=cap14 list=discover
add interface=cap15 list=discover
add interface=cap16 list=discover
add interface=cap17 list=discover
add interface=cap18 list=discover
add interface=ovpn-out1 list=discover
add interface=ether2-master-local list=mactel
add interface=ether6-master-local list=mactel
add interface=ether2-master-local list=mac-winbox
add interface=wlan1 list=mactel
add interface=ether6-master-local list=mac-winbox
add interface=sfp1 list=mactel
add interface=wlan1 list=mac-winbox
add interface=sfp1 list=mac-winbox
/interface pptp-server server
set authentication=chap,mschap1,mschap2 default-profile="pptp office" \
enabled=yes
Answer the question
In order to leave comments, you need to log in
Не весь конфиг влез
/ip address
add address=192.168.1.20/24 comment="default configuration" interface=\
ether2-master-local network=192.168.1.0
add address=192.168.1.1/24 interface=ether2-master-local network=192.168.1.0
add address= interface=ether1-gateway network=
add address=192.168.1.30/24 interface=ether2-master-local network=192.168.1.0
/ip dhcp-client
add comment="default configuration" interface=ether1-gateway
/ip dhcp-server
add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=\
bridge-local lease-time=10h10m name=default
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.10,192.168.1.11 gateway=\
192.168.1.1 netmask=24
add address=192.168.88.0/24 comment="default configuration" gateway=\
192.168.88.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=
/ip dns static
add address=192.168.1.30 name=router
/ip firewall filter
add action=accept chain=input in-interface=ether1-gateway protocol=gre
add action=accept chain=input dst-port=1723 in-interface=ether1-gateway \
protocol=tcp
add action=accept chain=input in-interface=ether1-gateway protocol=ipsec-esp
add action=accept chain=input dst-port=161 protocol=udp src-address=\
add action=accept chain=input dst-port=1701,500,4500 in-interface=\
ether1-gateway protocol=udp
add action=accept chain=forward src-address=10.8.0.0/24
add action=fasttrack-connection chain=forward comment="default configuration" \
connection-state=established,related
add action=accept chain=forward comment="default configuration" \
connection-state=established,related
add action=drop chain=forward comment="default configuration" \
connection-state=invalid log-prefix=drop6
add action=drop chain=forward comment="default configuration" \
connection-nat-state=!dstnat connection-state=new in-interface=\
ether1-gateway log-prefix=drop7
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=drop chain=input in-interface=ether1-gateway log-prefix=drop8
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=ether1-gateway
/ip ipsec identity
add generate-policy=port-override peer=peer2 policy-template-group=\
l2tp-officegroup remote-id=ignore secret=
/ip pool
add name=dhcp next-pool=dhcp ranges=192.168.1.15-192.168.1.254
add name=pool1 next-pool=dhcp ranges=192.168.1.6
/ip route
add distance=1 gateway=
add distance=1 dst-address=10.8.0.0/24 gateway=
/ip service
set telnet disabled=yes
set ftp address=10.8.0.0/24,192.168.1.0/24
set www address=10.8.0.0/24,192.168.1.0/24
set ssh address=10.8.0.0/24
set api address=10.8.0.0/24
set winbox address=10.8.0.0/24,192.168.1.0/24
set api-ssl address=10.8.0.0/24
/lcd interface pages
set 0 interfaces="sfp1,ether1-gateway,ether2-master-local,ether3-slave-local,e\
ther4-slave-local,ether5-slave-local,ether6-master-local,ether7-slave-loca\
l,ether8-slave-local,ether9-slave-local,ether10-slave-local"
/ppp l2tp-secret
add comment="l2tp office" secret=
/ppp secret
add comment="l2tp office connection" name= password= \
service=l2tp
add comment="pptp office test" name= password= \
profile="pptp office" service=pptp
/snmp
set contact= enabled=yes location="mikrotik office" \
trap-community= trap-generators=interfaces,temp-exception \
trap-interfaces=all
/system clock
set time-zone-name=
/system logging
add topics=dhcp
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
/tool romon port
add
Causes of glitches:
- First, check where exactly Wi-Fi falls off. Start pinging Mikrotik and some site (for example, google) at the same time and see where there will be packet loss in case of problems. If packets are lost only to the site and the Mikrotik itself pings without problems, then kick the provider. If everything falls off and Mikrotik doesn't respond then dig further ↓
- the firmware is a curve, you should always use (Long-term) and not (Stable). And even in (Long-term) not all versions are stable 6.46.8 is now the latest stable.
- a weak Wi-Fi signal (a far point, a lot of walls) for 5 GHz, this is the most relevant, it literally breaks through 2 walls and doesn’t catch any further, for 2 GHz it breaks through 3 walls easily (these are approximate).
- lease-time in DHCP = 10h10m - this is a good time, it is large (although you can raise it up to 23h59m). If there was a little like 5 minutes then there would be glitches, I had glitches when it was a little time, but you have no more problems.
- Neighbors interfere with interference, run a Wi-Fi scanner on your phone and see if the neighbors interfere.
Here is the program
- Change the mode settings for Wi-Fi. There are B / G / N / AC modes, see the settings. Change to the older and more reliable B mode and forcibly turn off all the rest. I changed in an apartment building and as soon as I changed the signal became more stable, but at the same time, alas, the speed dropped.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question