Wireless disconnection messages explained!

Tue Feb 06, 2007 9:22 am

http://wiki.mikrotik.com/wiki/Wireless_Debug_Logs

It's a work in progress, so suggestions and corrections are welcome.

sidney · Tue Feb 06, 2007 9:41 am

Thats that should help us pin point most of our problems

Sidney

janisk · Tue Feb 06, 2007 11:25 am

if you have any better explanation then you can add it there, but you hvae to be 100% sure that it is so.

HarvSki · Tue Feb 06, 2007 5:07 pm

Thanks Normis this is very helpful

GotNet · Tue Feb 06, 2007 7:21 pm

Thank you!!

4Hell · Tue Feb 06, 2007 11:03 pm

Finaly!!! Thanks!!!

BulleriNET · Tue Feb 06, 2007 11:54 pm

Very Nice Thank You

Chofex · Wed Feb 07, 2007 5:41 am

Perfect!

I've been needing this for months!

ivaring · Thu Feb 08, 2007 5:53 pm

Hi all.
I tried this functionallity and it works really well.
Is this then active by default?, I mean, every log is sent to memory after any event (that I choose).

Thanks.

gregdhayes · Thu Mar 29, 2007 11:17 pm

I'm getting the MIC Failures on several of my clients. Interference isn't an issue on one of them and their signal is -50, ccq is around 99.

Client is conecting to a RB112/CM9 using a laptop. Two other customers are using Tranzeo CPE 90's.

They connect fine....then out of the blue I see those MIC failures.

Is there another explanation for the cause of these? Or is it just a compatibility issue between the cpe's and ap and using TKIP.

Thanks

R1CH · Fri Mar 30, 2007 12:44 pm

Advice for "no beacons" if connecting to a Cisco AP, you need to increase the beacon rate on the Cisco radio config. Default is 100 and all my routerOS clients constantly dropped with this error, changing to 50 and it's rock solid.

ldvaden · Tue Apr 03, 2007 7:51 am

http://wiki.mikrotik.com/wiki/Wireless_Debug_Logs

It's a work in progress, so suggestions and corrections are welcome.

Congratulations! This information is very helpful.

kind regards/ldv

leonj · Thu Apr 12, 2007 11:01 am

Thank you!

ivaring · Sat May 26, 2007 8:43 pm

Talking about disconnection.

I suffered mainly two problems.
a) trees disturbing registration, so, moving antennas was the solution
b) excesive power on antennas, so, N/S ratio was too poor

I solved this problem, today not disconnection messages since 3 months ago!

Thanks.

denni · Thu May 31, 2007 7:52 am

thanks guy good work .. it help us !!

mkbatur · Mon Jun 04, 2007 6:10 pm

good working.

channingzou · Wed Aug 01, 2007 6:27 am

[admin@MikroTik] > /system logging
[admin@MikroTik] system logging> add topics=wireless,debug action=memory
hi, can I log to disk?
system logging> add topics=wireless,debug action=disk

Wed Aug 01, 2007 9:24 am

Then 'log print buffer=disk'.

djape · Thu Aug 09, 2007 5:02 pm

Wow, thx so much for this...cheers...

Viroslash · Thu Sep 27, 2007 3:16 pm

This information avoided many questions!

ilnicchio · Fri Sep 28, 2007 10:08 am

Hi,
I see a message not listed in your page:
"removed dynamic WDS link <DEV>, name"
but don't know the reason of removal.

So many thanks for your very usefull page!

webformix · Sun Apr 20, 2008 5:53 am

Hey Normis, myself and possibly a growing number of other ROS users are experiencing issues that are detailed in my post @ Client Disconnect Issues

This seems to be a ROS + XR2/SR2 + Tranzeo CPQ compatibility issue? I took a look at the list of disconnect messages that you've listed, and was wondering if you could shed any additional light on the following error messages:

exchange timeout or received deauth:
4-way handshake timeout (15) error.
group key exchange timeout
unicast key exchange timeout

Thanks in advance!

alex_rhys-hurn · Fri Apr 25, 2008 12:49 am

webformix,

I have just spent a happy day dealing with exactly the errors you list.

We solved permanently by changing channels. We were getting interference from a nearby wifi base station.

We found this with was happening with both Dlink DWL2100 AP in ap client mode and Mikrotik with R52 wifi cards.

Backing off the hardware retries to 4 from 15 made no difference. Playing antennae made no difference.

In the process we even found one client with many tx errors. swapped the client to no avail.

Changed channel and all solved.....

Good luck.

-headstrong- · Tue Jul 15, 2008 7:48 pm

I was also experiencing the problem of my wireless clients getting disconnected the whole time......

I had a few of them in "client bridge" mode and the rest in "client" mode...( my CPE's are all linksys but my AP's are all mikrotik)

So I put them all in "client" mode and magically all my disconnecting errors have dissapeared......So i'm assuming that wireless bridges cannot co-exist with wireless clients......not sure if this is correct but it works in my setup

EDIT: It has been 6 hours since i tried the above and not 1 disconnect...previously it was every 2 minutes

nilesh · Thu Jul 24, 2008 2:36 pm

is there any specific log messege to kmow the reason of disconeection like network conjstion or authenticaion failure.

is there any facility to know the percentage of collision in between 2 points

Thu Jul 24, 2008 2:40 pm

is there any specific log messege to kmow the reason of disconeection like network conjstion or authenticaion failure.

did you read the page in the original post ???

nilesh · Thu Jul 24, 2008 2:44 pm

i had read but there is nothing abt collision.

Thu Jul 24, 2008 2:49 pm

yes, there is nothing about collision, but there is certainly a lot about disconnection messages when authentication failed.

there is no way to determine any collisions.

serthan · Thu Jul 31, 2008 9:58 am

thank you

beny30 · Mon Dec 22, 2008 5:01 pm

I could not debug but I tried to use C9 in ap bridge mode and clients get disconnected very often. How can I use it as AP and not have problems do clients "see" if it set to "client" mode?

Tue Dec 23, 2008 10:19 am

I could not debug but I tried to use C9 in ap bridge mode and clients get disconnected very often. How can I use it as AP and not have problems do clients "see" if it set to "client" mode?

please read this topic from beginning. enable debug mode, and see what log says then

jwcn · Wed Feb 18, 2009 12:09 am

How about "disconnected - too many poll timeouts"

jcremin · Thu Jul 23, 2009 5:07 am

How about "disconnected - too many poll timeouts"

I'm getting this a lot too with the newer wireless-test package with nstreme and polling enabled. One one specific tower, everything is fine if the noise floor is -99 or -100, but if it gets any worse than -98, everything starts freaking out and the only way to ensure a solid connection is with a -60 or better signal. It should be much more stable at much lower signals than that.

dada · Thu Oct 08, 2009 3:15 pm

How about "disconnected - too many poll timeouts"
I'm getting this a lot too with the newer wireless-test package with nstreme and polling enabled. One one specific tower, everything is fine if the noise floor is -99 or -100, but if it gets any worse than -98, everything starts freaking out and the only way to ensure a solid connection is with a -60 or better signal. It should be much more stable at much lower signals than that.

what is your HW. retries value? If you have a newer ROS the default value is 4. It may be too low for the good link. I have just solved disconnect problems on nstreme link (no dual nstreme) with changing Hw. retries from 4 to 10 (ROS 3.30). The link was working fine except that it tended to disconnect frequently under load. After the change links never disconnected yet.

-headstrong- · Sat Oct 10, 2009 2:54 pm

How about "disconnected - too many poll timeouts"
I have just solved disconnect problems on nstreme link (no dual nstreme) with changing Hw. retries from 4 to 10 (ROS 3.30). The link was working fine except that it tended to disconnect frequently under load. After the change links never disconnected yet.

Did you change the HW retries to 10 on the AP or the AP and CPE?

dada · Mon Oct 12, 2009 2:30 pm

How about "disconnected - too many poll timeouts"
Did you change the HW retries to 10 on the AP or the AP and CPE?

I changed hw. retries on both sides. But it was a PtP link - not AP with many clients.

Perhaps it would be enough to increase the retries on only one side ( the side which as problems with delivering frames to the other side) - if a problem affect only one direction

ibeeby · Thu May 13, 2010 9:15 am

Very helpful and well written article - exceptionally useful for those with wireless issues to resolve.

A link to this article should be made sticky in the Forum imho as I suspect that it will answer a lot of faqs immediately.

Thanks Normis!

Jamesy · Wed May 26, 2010 7:34 pm

From above:

"Talking about disconnection.

I suffered mainly two problems.
a) trees disturbing registration, so, moving antennas was the solution
b) excesive power on antennas, so, N/S ratio was too poor

I solved this problem, today not disconnection messages since 3 months ago!

Thanks."

what is N/S ratio mean?

cmit · Thu Jun 10, 2010 9:59 am

I think S/N raiot was meant, meaning signal/noise. So how much "louder" your signal is than the RF noise that's around. If your signal is too weak and nearly at the level of the noise, the receiver on the wireless card cannot detect and decode the signal correctly.

mjoksimovic · Sat Jun 26, 2010 2:24 am

Thank you normis for posting this conf, very usable.

RAHQGideon · Thu Jul 01, 2010 5:00 pm

Thanks. Makes a bit more sense now!

murali438 · Fri Jul 09, 2010 1:32 pm

what are the messeages called "unicast key exchange time out "
and "disconnected extensive data loss"

Fri Jul 09, 2010 1:39 pm

did you read the document? http://wiki.mikrotik.com/wiki/Wireless_ ... CREASON.3E

raingalls · Sat Jul 10, 2010 8:29 pm

Very helpful and organized information.

netbeam · Tue Oct 26, 2010 12:42 am

Any ideas what this might mean?

Tue Oct 26, 2010 8:06 am

what exactly? wireless logs don't show any problems

neandero · Fri Oct 29, 2010 12:10 am

Yes, I would want to what is the cause of the below:

I would also want to know if there is a way to NOT log info for a specific mac so my log file will not be so full

Fri Oct 29, 2010 8:27 am

extensive data loss, bad signal.

ditonet · Fri Oct 29, 2010 12:58 pm

@Normis

Could you please explain this message: 'lost connection, not polled for too long'.
Can't find it here http://wiki.mikrotik.com/wiki/Wireless_Debug_Logs

TIA, Grzegorz.

Fri Oct 29, 2010 1:02 pm

@Normis

Could you please explain this message: 'lost connection, not polled for too long'.
Can't find it here http://wiki.mikrotik.com/wiki/Wireless_Debug_Logs

TIA, Grzegorz.

nstreme config needs checking. email support with supout.rif file

chvdr · Thu Nov 04, 2010 1:50 pm

@Normis

Could you please explain this message: 'lost connection, not polled for too long'.
Can't find it here http://wiki.mikrotik.com/wiki/Wireless_Debug_Logs

TIA, Grzegorz.
nstreme config needs checking. email support with supout.rif file

is there any algorythm to solve such behaviour of the wireless interfaces. once i set "dynamic size" to give best performance, another time - "best fit"... what is the secret actually?

MikrotikNewbie · Thu Sep 29, 2011 5:26 pm

Any help with synchronization timeouts? I get wireless disconnects to those to often. Also I get occasional media access errors.

Thank you!

andycelo · Wed Apr 04, 2012 2:58 pm

Hello,

i have problem with disconnecting - too many poll timeout message. Connection is very unstable, max uptime 5day, signal -54dBm, signal to noise 64dB, CCQ 100/100%. On AP side 435g with 3mini PCI R52nM card, other sides clients two 433ah and alix with the same type of cards. Problem is only in card which is AP bridge 5Ghz N with Nstreme. (The rest two card in 435g are 5Ghz-A with nstreme in AP mode, there are no problems.) Traffic in n mode with bandwidth test aprx 105mbps rx and tx. I try change routerboard 435g two times, all the card maybe three times. Tested version 4.17, 5.9, 5.14 on both sides, with very similar result. By the version 5.14 disconnect all three clients in the same time, version 4.17 usually disconnect only one client. HW retries try to set from 7 to 15 on both sides many times, the result was max 5day uptime, anyway try to change TX power signal. Nstreme settings: enable-nstreme=yes enable-polling=yes disable-csma=no framer-policy=best-fit framer-limit=3200. Connectors, cables and antenas checked. Connections from the same place to other side in 5ghz-turbo mode aprx 350days uptime, without any disconnects.

Pls, any other ideas how to solve this problem???

Andy

sonny · Sat Apr 14, 2012 11:42 am

andycelo:

Try to use another channel. Your noise is to hi -64? normaly this should be the signal strength.
Noise should not be mor then -88 to -90. Better -100

Use RF shields for your antenna.

ddooll85 · Tue Apr 24, 2012 8:08 pm

sonny

andycelo:
Your noise is to hi -64?

it is "signal to noise" not just noise
it's a different things
64 dB is normal

christyjame · Thu May 17, 2012 2:00 pm

Dear Seniors,

Thank you for this post.It'll be useful for us.

WirelessRudy · Tue Jun 19, 2012 4:52 pm

http://wiki.mikrotik.com/wiki/Wireless_Debug_Logs

It's a work in progress, so suggestions and corrections are welcome.

I'll guess progress is slow.... Its 2012 now and NV2 already in use for some years but still no update on this document in regard of message produced in NV2 networks.....

Also, the link at the bottom to a doc. fm GTHill.com is not working any longer...

icedblind · Fri Jun 22, 2012 11:36 am

Hi,

we have a ptp link, each one built with:
- RB 411AH in plastic enclosure
- rOS firmware 5.17
- radio card Ubiquiti sr71-15
- dual pol dish antenna with 29dbi gain
configuration:
- nv2 enabled with security
- chains enabled: 0 & 1
- current Tx power: 9db
- tx power mode: card rates
link data:
- 18km link
- los/fresnel respected
- rssi -66/-66 dBm
- snr 53 dB
- noise -120dbm
- ccq 98/100%

Both points have - frequently right now - disconnections, for this reason in log:
"wireless,info mac@wlan1: lost connection, not responding"

We've already changed both routerboards and radio cards, changed frequencies, changed position of antennas, downgraded and reupgraded fw, changed tx power, switched to 802.11.
Nothing says that there are interferences on air (happens on every free frequency), disconnections appear accidentally at any time, night or day.

How is it possibile to dig deeper on this log message & find a solution?
(in logging, "wireless,debug" enabled in memory, see attached image)

Thank you.

nmthaker · Sun Jul 22, 2012 5:39 am

**************** SORRY WRONG MESSAGE AT WRONG POST BUT NOT GETTING REPLY ON ORIGINAL POST*******************

Dear Sir

I had configured one point to point link getting RSSI 64/68 but in that the link bandwidth throughfut is only 3mbps , where the hardware is RB433AH, with 800mW card, some times working well but some times it is not working well,

Can you please let me know how to improve the signal !!

Thanks in advance

mobile4lte · Fri Sep 28, 2012 6:34 am

thanks ,it is very helpful for me .It helps me solve a lot of confusion.I also know that router in broken network, computer and cache function.thank you again.

naeemy · Fri Mar 07, 2014 3:33 pm

what should i do for resolve this problem logining?

wlan1: disconnected xx:xx:xx:xx:xx:xx, received deauth class 3 frame received
wlan1: disconnected xx:xx:xx:xx:xx:xx,, received disassoc sending station leaving

paams · Fri Apr 15, 2016 6:23 am

Hello Normis,

I am getting severe wireless link discontinuity issue in my PtP link. I'm receiving following error in my mikrotik logs :-

lost connection, received deauth: class 2 frame received (6)

What is the issue in the link? What i have to change and where? How to fix this?

Any help will be appreciated and will be a very grateful to fix this issue. Thanks.

Fri Apr 15, 2016 7:49 am

Other side receives the packets sporadically, may happen it considers the link to be lost and then it receives another packet. As the connection from its point of view is not established anymore it responds with deauth. Your signal strength/quality is obviously too low.

paams · Fri Apr 15, 2016 8:14 am

Other side receives the packets sporadically, may happen it considers the link to be lost and then it receives another packet. As the connection from its point of view is not established anymore it responds with deauth. Your signal strength/quality is obviously too low.

Hello Jarda, how's you. i hope its going good there and thanks for your post reply.

Actually, i am facing Mikrotik PtP wireless link discontinue issue over 2.5km distance. At AP site there is RB433AH with EnGenius radio card connected 15dBi antenna and at station end there is Groove 52HPn with 29dBi grid antenna. Also, client registration at AP end goes to disappear and then tries to get reconnected and comes again, CCQ also goes to down 15-18%. It keeps continue happening. I have been checking at both the ends at AP site changing R433AH with new one and new radio card and at station end with new Groove 52HPn. But link discontinue problem still persist. There is one thing at AP site with RB433AH i had first old version ROS 3.10, as it was very old card and working rock solid without any issue, but after upgrading the ROS version to 6.34 problem gets started. Also, there is other XR5 card attached to this board linked at 7km to an another Groove 52HPn station, but no issue at all even signal strength is low still working good.

Sun Apr 17, 2016 10:08 pm

Hi.
Well, you know how it is. As there are too many unknowns, the debugging of long links is sometimes like forecasting from the crystal sphere. Bad signal level is the first. You should reach around -55db on both sides, with some 45db snr. Sometimes a connector could be bad, sometimes the wet could leak in the cable, sometimes a good neighbor is transmitting your way on close frequency. So, spectrum analysis on both sides is necessary too. Finally you may move to integrated all-in-one single purpose device like QRT or dynadish or even maybe the LHG. No hassle with cards, enclosures, pigtails, antennas... maybe just wind blown into your antenna and it moved a bit. You could check it and re-align. It looks it may be connected to the update, you have made. I have good experience with 6.32.3 (wireless-cm2), now maybe the 6.35 (wireless-rep) could be good too. It is too early to say, but you can try it.

See? you can try everything. None knows what will help in your case.

dalex · Tue Apr 19, 2016 2:06 pm

I had the same problem when i upgraded to 6.34.x some 911,s, an 411AH, and an 433AH (both with RB52HN).

Links that were 140 days rock steady, started disconnecting every 10 - 60 seconds. Terrible.

I thing it has to do with the "wireless" to "wireless-cm" transition that MT enforced.

Switched back to 6.32.3/"wireless" totally fixed the problem.

In some h/w use of the "wireless-fp" package fixed some of the problem. Thank you Mikrotik for the new LOW-ROM devices that made downgrade impossible !!!

nichky · Sun Aug 21, 2016 12:49 am

i've got same problem for years..

22:33:20 wireless,debug wlan1: 00:80:48:41:AF:2A attempts to connect
22:33:20 wireless,debug wlan1: 00:80:48:41:AF:2A not in local ACL, by default accept
22:33:20 wireless,info 00:80:48:41:AF:2A@wlan1: connected

file.png

elitebb · Fri Sep 16, 2016 8:11 pm

i've got same problem for years..

22:33:20 wireless,debug wlan1: 00:80:48:41:AF:2A attempts to connect
22:33:20 wireless,debug wlan1: 00:80:48:41:AF:2A not in local ACL, by default accept
22:33:20 wireless,info 00:80:48:41:AF:2A@wlan1: connected

file.png

So what is the problem . It's just debug logging . Ap check for acl entry and by default client got connected .

esbenrug · Thu Oct 06, 2016 11:24 am

Hi,

First, I would like to say that this page is really awsome. Thank you.

I am trying to establish a dynamic WDS connection but it fails. So I went to the page to get help and I think I found a typo:

<MAC>@<DEV>: connected [, is AP][, wants WDS]
Station with address <MAC> connected. if "is AP" present - remote device is AP, if "is WDS" presents, remote device wants to establish WDS link.

Shouldn''t "is WDS" be "wants WDS" in the explanation or are those two different error messages. I get "wants WDS" but your explanation of "is WDS" suits "wants WDS" well I think. If they are two different error messages what is the explanation of "wants WDS" then ?

BR
Esben

naseeruaq · Sun Nov 06, 2016 6:24 am

http://wiki.mikrotik.com/wiki/Wireless_Debug_Logs

It's a work in progress, so suggestions and corrections are welcome.

Thanks ,its very helpful...

JimmyNyholm · Mon Jan 09, 2017 8:47 pm

I'm getting the MIC Failures on several of my clients. Interference isn't an issue on one of them and their signal is -50, ccq is around 99.

Client is conecting to a RB112/CM9 using a laptop. Two other customers are using Tranzeo CPE 90's.

They connect fine....then out of the blue I see those MIC failures.

Is there another explanation for the cause of these? Or is it just a compatibility issue between the cpe's and ap and using TKIP.

Thanks

I don't know about mikrotik implementation but I would say: NEVER USE TKIP. In the Standard is antihack feature and all clients get deauth'ed if that kicks in. (This is true for other manufactures following that standard and I would guess that Mikrotik is following the rfc's as well.

lectrapon · Thu Mar 23, 2017 5:23 pm

Hi normis,
I have upgrade from 6.34.6 to 6.37.5 my RB951G-2HnD.
I have disabled wireless-fp package before restart and upgrade RouterOS. I have one wireless package and it was already activated (I think that installation is fine!)

But When I activate wireless...few second later I got this log message for every connecting devices:

.....disconnected, received deauth: 4-way handshake timeout (15)

I haven't this message explained in your link...?

Here is my configuration on Access Point 1 (Roaming with Dynamic Mesh):

/interface mesh
add name=Mesh-Interface
/interface wireless
set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode \
    band=2ghz-b/g/n disabled=no frequency=2457 mode=ap-bridge \
    noise-floor-threshold=-100 radio-name=RB951G_AP1 ssid=\
    "xxxxxxxx" wds-default-bridge=Mesh-Interface \
    wds-mode=dynamic-mesh wmm-support=enabled
/interface wireless nstreme
set wlan1 enable-polling=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
    management-protection=allowed mode=dynamic-keys name=WDS_secure \
    supplicant-identity="" wpa-pre-shared-key=13ctr4WDS wpa2-pre-shared-key=\
    13ctr4WDS
/ip dhcp-server
add disabled=no interface=Mesh-Interface name=Relay_Server_DHCP1 relay=\
    10.5.50.2
add disabled=no interface=Mesh-Interface name=Relay_Server_DHCP2 relay=\
    10.5.50.3
add disabled=no interface=Mesh-Interface name=Relay_Server_DHCP3 relay=\
    10.5.50.4
/ip hotspot profile
add dns-name=xxx.hotspot.fr hotspot-address=10.5.50.1 login-by=\
    mac,http-chap mac-auth-mode=mac-as-username-and-password name=hsprof1
/ip pool
add name=hs-pool ranges=10.5.50.2-10.5.50.254
/ip dhcp-server
add address-pool=hs-pool disabled=no interface=Mesh-Interface lease-time=1h \
    name=dhcp1
/ip hotspot
add address-pool=hs-pool addresses-per-mac=2 disabled=no interface=\
    Mesh-Interface login-timeout=30m name=hotspot1 profile=hsprof1
/interface mesh port
add interface=wlan1 mesh=Mesh-Interface
/ip address
add address=10.5.50.1/24 comment="hotspot network" interface=wlan1 network=\
    10.5.50.0
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no \
    interface=ether1
....
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
/system leds
set 0 interface=wlan1
/system logging
add topics=hotspot
add topics=dhcp
/tool romon
set enabled=yes

ivicask · Wed Apr 12, 2017 9:39 am

Hi normis,
I have upgrade from 6.34.6 to 6.37.5 my RB951G-2HnD.
I have disabled wireless-fp package before restart and upgrade RouterOS. I have one wireless package and it was already activated (I think that installation is fine!)

But When I activate wireless...few second later I got this log message for every connecting devices:

.....disconnected, received deauth: 4-way handshake timeout (15)

I haven't this message explained in your link...?

Here is my configuration on Access Point 1 (Roaming with Dynamic Mesh):

/interface mesh
add name=Mesh-Interface
/interface wireless
set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode \
    band=2ghz-b/g/n disabled=no frequency=2457 mode=ap-bridge \
    noise-floor-threshold=-100 radio-name=RB951G_AP1 ssid=\
    "xxxxxxxx" wds-default-bridge=Mesh-Interface \
    wds-mode=dynamic-mesh wmm-support=enabled
/interface wireless nstreme
set wlan1 enable-polling=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
    management-protection=allowed mode=dynamic-keys name=WDS_secure \
    supplicant-identity="" wpa-pre-shared-key=13ctr4WDS wpa2-pre-shared-key=\
    13ctr4WDS
/ip dhcp-server
add disabled=no interface=Mesh-Interface name=Relay_Server_DHCP1 relay=\
    10.5.50.2
add disabled=no interface=Mesh-Interface name=Relay_Server_DHCP2 relay=\
    10.5.50.3
add disabled=no interface=Mesh-Interface name=Relay_Server_DHCP3 relay=\
    10.5.50.4
/ip hotspot profile
add dns-name=xxx.hotspot.fr hotspot-address=10.5.50.1 login-by=\
    mac,http-chap mac-auth-mode=mac-as-username-and-password name=hsprof1
/ip pool
add name=hs-pool ranges=10.5.50.2-10.5.50.254
/ip dhcp-server
add address-pool=hs-pool disabled=no interface=Mesh-Interface lease-time=1h \
    name=dhcp1
/ip hotspot
add address-pool=hs-pool addresses-per-mac=2 disabled=no interface=\
    Mesh-Interface login-timeout=30m name=hotspot1 profile=hsprof1
/interface mesh port
add interface=wlan1 mesh=Mesh-Interface
/ip address
add address=10.5.50.1/24 comment="hotspot network" interface=wlan1 network=\
    10.5.50.0
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no \
    interface=ether1
....
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
/system leds
set 0 interface=wlan1
/system logging
add topics=hotspot
add topics=dhcp
/tool romon
set enabled=yes

Same problem here out of box with new HEX3 and 3 WAP AC.
I have done the most basic possible configuration using HEX as CAPSMAN controller and 3 WAP AC and when i try to connect with any device i have here i get 4-way handshake timeout error, whats strange only one device manages to connect and thats old Asus laptop equipped with Intel 4965AGN.
I tried upgrading all devices to latest 6.39rc68 than reseting them to factory defaults and again done the most basic configuration again same error across several devices, only this Asus Intel 4965AGN connects and works fine.

Iv also sent supout to mikrotik support, hope this gets solved soon as i need to deploy this soon..

EDIT:I kinda got it working, for some reason it doesnt accept any letters for WPA and or /WPA2, if i enter any numbers it works like 1234567890, if i enter 123456789A it doesnt work, whats going on i dont understand this?

EDIT:Now again doesnt work no matter what combination of password i enter, this is driving me nuts..

anil · Sat Nov 25, 2017 7:34 pm

extensive data loss, bad signal.

i am having same issue on the clear line of sight, where the client is not far than 500meters, so how can you say bad signal??

Sanjaylove1 · Mon Jan 22, 2018 7:14 am

Hi goodevening I run a wisp and I am having a problem with client been disconnected and have to be login in back again, do any one know why this is happening and when I try to login with my Mac address its saying my user and password is invalid

hruhoriy · Sat Apr 21, 2018 10:10 pm

Hello

I have CRS125-24G-1S-2HnD
RouterOS 6.42

But error in Wireless:

disconnected, received deauth: authentication not valid (2)
disconnected received deauth class 3 frame received (6)
disconnected received deauth class 3 frame received (7)

Image

How to fix it?

Thanks.

gdemanuele · Thu May 03, 2018 8:54 pm

am currently having severe and frequent intermittent WIFI disconnections on my CRS125-24G-1S-2HnD-IN ... is there any idea/help what this might be caused with please?

Thu Jun 28, 2018 7:52 pm

Normis,
do you take care about the manual web page? Please, update!

The link to pdf on the bottom of the page does not work also.

I am also receiving "disconnected, received deauth: authentication not valid (2)" on AP side and "no beacons" on client side every few seconds while the link otherwise is able transfer data meanwhile.

edit: I switched on "keepalive frames" on AP, looks the messages stopped. At least for a while now...

edit2: it didn't help for long. Searching for real solution...

Fri Jun 29, 2018 3:38 am

improvement in wireless logs are much appreciated

for example en latest versions y have noted log reports client signal level at connection event, very useful

thx

omega-00 · Mon Jul 02, 2018 7:00 am

I am also receiving "disconnected, received deauth: authentication not valid (2)" on AP side and "no beacons" on client side every few seconds while the link otherwise is able transfer data meanwhile.

I'm also seeing this one appear from time to time on v6.42.5

13:55:48 wireless,info <removed1>@wlan1: disconnected, unicast key exchange timeout 
13:55:52 wireless,info <removed2>@wlan1: connected, signal strength -68 
13:55:55 wireless,info <removed2>@wlan1: disconnected, received deauth: authentication not valid (2) 
13:56:00 wireless,info <removed1>@wlan1: connected, signal strength -72 
13:56:05 wireless,info <removed1>@wlan1: disconnected, unicast key exchange timeout 
13:56:32 wireless,info <removed2>@wlan1: connected, signal strength -66 
13:56:35 wireless,info <removed2>@wlan1: disconnected, received deauth: authentication not valid (2)

joj14 · Sat Jul 07, 2018 3:40 pm

Pls can you help me?

DmitryT · Thu Oct 11, 2018 11:22 am

I make mac address accsess list + dhcp lease time 2:00 hour. Its works fine.

Askey307 · Thu Oct 11, 2018 5:39 pm

HI Normis

This will help us here at MIRO Distribution so much with technical support for clients on the wireless without sending the supout rif files up to MIkrotik when needed. Much appreciated.

mudhoney · Tue Jan 15, 2019 1:01 pm

I needed this. Thank You!

Corin · Wed Feb 17, 2021 8:05 pm

For those of you that have disconnects, reconnects and reassociations especially ion iOS devices, and i think there are a lot of you since this is an old issue, try this:
My device is RB951G-2HnD and various iOS 13, 14 devices. Before bellow setting all of them were reassociating and generated the log entries which we all know by now.

1. Make sure you are not using an older version of ROS (not less than 6.44.6)
2. Increase key echange interval from 5min to 30min or more.
3. DHCP lease of min 2hours.
4. Band: 2GHz-G/N
5. Channel Width: 20MHz
6. Frequency: Avoid Ch 6 (as it is set by default on many routers) use Ch 1 (2412) or Ch 11 (2462)
and most important
7. Disable AMSDU (Wireless -> HT Tab) and only AMSDU. Leave AMPDU Priorities as is, with 0 checked.
To disable AMSDU enter 0 to AMSDU Limit and AMSDU Treshold.
Also, AMSDU does not work well with noisy wifi environments... (crowded apartment buildings)

YES, i know that disabling AMSDU will decrease your throughput but not as much as you might think.
With above settings I have a N Wifi network with a speed of 8...10MB/s throughput and no reassociations/reconnects.

I'm not saying this will work for everyone but maybe it will work for you as well.
It depends on your use case and needs (max throughput or max connection stability)

jmcguckin · Tue Aug 10, 2021 10:57 pm

I set wireless, debug but I never see any wireless debug messages in the log. Lots of wireless, info messages though.

robmaltsystems · Mon Feb 19, 2024 4:58 pm

Can't see this reason (SA Query Timeout) in the list on the FAQ:

02:1D:CF:58:E5:BD@guest-2g disconnected, SA Query timeout, signal strength -77

Should I raise tickets for things like this or just mention here?

stranky · Tue Jul 16, 2024 7:16 pm

Useful for WIFI wave 1

But, wireless debug doesn't work anymore for wifiwave2 and just gives very basic information?

Wireless info and wireless debug just give the same informational info (connected, disconnected, associated etc)

Unless there is another way to get debug info from wireless?

Thanks,

infabo · Tue Jul 16, 2024 11:27 pm

Debugging new wifi is hopeless. Log messages hardly contain any useful debug info.

stranky · Wed Jul 17, 2024 12:16 am

Debugging new wifi is hopeless. Log messages hardly contain any useful debug info.

Thank god it’s just not me!

Do Mikrotik have a roadmap/tracker to see when items like this will be fixed?

infabo · Wed Jul 17, 2024 1:31 am

The whole wifi section suffers a lot of info. wifi radar event log - a void of not existing info. tapping in the dark. no log about CAC, no logs on why/when/which channel was chosen. no logs when rescan interval kicks in and switches channel - and why it did choose to change. o dear, infamous SA query timeout. people freaking out because it does not tell you anything about what causing it. Yah, timeout. shit happens. I see this very rarely but some members have it flooding their logs and it is just as useful as a pipe to /dev/null.

registration table - a bare minimum implemention. does not even have a hostname column, so you need to check up DHCP lease table to get an idea about the device (unless you are super brain remembering Mac addresses). requested to have that hostname column (as legacy wireless had it); answer from support: nah, won't add it. sorry.

configuration print is okayish, but keeping the overview when working with many configurations/channels/security/etc profiles and plumbing them all together and overriding derived values down the path can be challenge. there should be a representation to better display the hierarchy.

stranky · Wed Jul 17, 2024 3:27 pm

The whole wifi section suffers a lot of info. wifi radar event log - a void of not existing info. tapping in the dark. no log about CAC, no logs on why/when/which channel was chosen. no logs when rescan interval kicks in and switches channel - and why it did choose to change. o dear, infamous SA query timeout. people freaking out because it does not tell you anything about what causing it. Yah, timeout. shit happens. I see this very rarely but some members have it flooding their logs and it is just as useful as a pipe to /dev/null.

registration table - a bare minimum implemention. does not even have a hostname column, so you need to check up DHCP lease table to get an idea about the device (unless you are super brain remembering Mac addresses). requested to have that hostname column (as legacy wireless had it); answer from support: nah, won't add it. sorry.

configuration print is okayish, but keeping the overview when working with many configurations/channels/security/etc profiles and plumbing them all together and overriding derived values down the path can be challenge. there should be a representation to better display the hierarchy.

I've started using the wifi monitoring under the "quick set" , that way it at least gives you a name of the device, and signal info, but as you say I still have to then check the Registration to see extra info, like what AP etc, but I find it better than trying to look at my DHCP leases!

It would be very nice to have additional basic info like EIRP (I actually raised this as a new feature to Mikrotik yesterday - SUP-159289) just so I can see what my antenna gain is and TX power (The antenna gain now looks to be set automatically, which is great, but not clear)

As a new user of Mikrotik Wi-Fi, it is confusing to see CAP and HAP wifi products missing, what I would call basic data points in one place, and as you say basic debugging for wifi etc.

Seems like there are alot of smart people on the forums with lots of great knowledge, and with good ideas that could help Mikrtok improve in a few areas (even if its just adding more column to certain areas and using the data that's already being captured elsewhere)

I'm happy to raise and put forward new features and ideas to Mikrotik support, but not sure what my expectation should be.

Thanks,

Coughy · Fri Sep 13, 2024 3:24 am

ok gents and ladies gurus
what does this mean i get it all the time from mt to ap on the lower side of my house

Screenshot 2024-09-12 151835.png

is it bad? is it working when it does this?
is my config wrong?
is the ap to far away from each other?
ive been tryinf heaps of settings but it keeps coming back
only seems to be on the 2.4 network
im running 7.16rc4 (tested all of them) but nothing seems to work
i have hapax3 as main router
then i have lan2,lan3 running capax
then lan4 running hapax2 as a ap
and lan5 running to my managed switch to my pcs

gigabyte091 · Fri Sep 13, 2024 8:09 am

Can you post your configuration ?

Coughy · Fri Sep 13, 2024 11:08 am

Can you post your configuration ?

i think i might have some of it working now but sure
is it
/export hide-sensitive
then copy and past here
or like this
/export file=config-7.16.rc4 hide-sensitive
which would u like ??

Coughy · Fri Sep 13, 2024 11:14 am

This is what i have so far and seems to be working some what ok

Edit 2.4Ghz is roaming just seen it just slower than 5Ghz to show it
no roaming from 2.4Ghz tho that i can see so far not to really conserned tho with the 2.4Ghz as i only have a few to connect to that that have to every thing els is 5Ghz

but yer let me know what you think if any thing could be made better
i have taken a few bits and pieces from everyones topics here and made this config
have tried alot of ideas and settings this is todays latest try so far so good lol

# 2024-09-13 18:09:14 by RouterOS 7.16rc4
# software id = V3PJ-CM9W
#
# model = C53UiG+5HPaxD2HPaxD
# serial number = Hxxxxxxxxx
/interface bridge
add name=Dockers
add admin-mac=D4:01:C3:02:0F:6A auto-mac=no comment=defconf name=bridge priority=0x7000
/interface ethernet
set [ find default-name=ether1 ] name=ether1-WAN
set [ find default-name=ether2 ] name=ether2-Hallway
set [ find default-name=ether3 ] name=ether3-David
set [ find default-name=ether4 ] name=ether4-Dinning
set [ find default-name=ether5 ] name=ether5-LAN
/interface veth
add address=10.0.0.2/24 gateway=10.0.0.1 gateway6="" name=veth1-Adguard
/interface wireguard
add comment=back-to-home-vpn listen-port=58411 mtu=1420 name=back-to-home-vpn
/disk
set usb1 media-interface=bridge media-sharing=yes smb-sharing=yes smb-user=guest
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wifi channel
add disabled=no name=ch1-5Ghz
add disabled=no name=ch2-2.4Ghz
/interface wifi datapath
add bridge=bridge disabled=no name=datapath1
/interface wifi security
add authentication-types="" disabled=no name=sec1
/interface wifi steering
add disabled=no name=steering1 neighbor-group=dynamic-MikroTik-020F6E-97a21101 rrm=yes wnm=yes
/interface wifi configuration
add channel=ch1-5Ghz channel.frequency=5470-5725 .reselect-interval=1h..2h .width=20/40/80mhz country=Australia datapath=datapath1 \
    datapath.bridge=bridge disabled=no dtim-period=3 mode=ap multicast-enhance=enabled name=cfg1-5Ghz security=sec1 \
    security.authentication-types=wpa2-psk .connect-priority=0/1 .disable-pmkid=yes .ft=yes .ft-over-ds=yes .group-encryption=ccmp \
    .group-key-update=2h .management-protection=disabled .wps=disable ssid=Pal29_WiFi steering=steering1 steering.neighbor-group=\
    dynamic-MikroTik-020F6E-97a21101 .rrm=yes .wnm=yes
add channel=ch2-2.4Ghz channel.frequency=2300-7300 .reselect-interval=1h..1h30m .width=20/40mhz country=Australia datapath=datapath1 \
    datapath.bridge=bridge disabled=no mode=ap name=cfg2-2.4Ghz security=sec1 security.authentication-types=wpa2-psk .connect-priority=0/1 \
    .disable-pmkid=yes .ft=yes .ft-over-ds=yes .group-encryption=ccmp .group-key-update=2h .management-protection=disabled .wps=disable ssid=\
    Pal29_WiFi steering=steering1 steering.neighbor-group=dynamic-MikroTik-020F6E-97a21101 .rrm=yes .wnm=yes
/interface wifi
set [ find default-name=wifi1 ] channel=ch2-2.4Ghz configuration=cfg2-2.4Ghz configuration.country=Australia .mode=ap .ssid=Pal29_WiFi \
    datapath=datapath1 datapath.bridge=bridge disabled=no name=HapAx3_2.4Ghz security=sec1 security.authentication-types=wpa2-psk .ft=yes \
    .ft-over-ds=yes steering=steering1 steering.neighbor-group=dynamic-MikroTik-020F6E-97a21101 .rrm=yes .wnm=yes
set [ find default-name=wifi2 ] channel=ch1-5Ghz channel.skip-dfs-channels=10min-cac configuration=cfg1-5Ghz configuration.country=Australia \
    .mode=ap .ssid=Pal29_WiFi datapath=datapath1 datapath.bridge=bridge disabled=no name=HapAx3_5Ghz security=sec1 \
    security.authentication-types=wpa2-psk .ft=yes .ft-over-ds=yes steering=steering1 steering.neighbor-group=\
    dynamic-MikroTik-020F6E-97a21101 .rrm=yes .wnm=yes
add channel=ch1-5Ghz channel.frequency=5670-5730 configuration=cfg1-5Ghz configuration.country=Australia .mode=ap .ssid=Pal29_WiFi datapath=\
    datapath1 datapath.bridge=bridge disabled=no name=cap-wifi1-Hallway-5Ghz radio-mac=78:9A:18:59:BA:50 security=sec1 \
    security.authentication-types=wpa2-psk .ft=yes .ft-over-ds=yes steering=steering1 steering.neighbor-group=\
    dynamic-MikroTik-020F6E-97a21101
add channel=ch2-2.4Ghz channel.frequency=2300-7300 configuration=cfg2-2.4Ghz configuration.country=Australia .mode=ap .ssid=Pal29_WiFi \
    datapath=datapath1 datapath.bridge=bridge disabled=no name=cap-wifi2-Hallway-2.4Ghz radio-mac=78:9A:18:59:BA:51 security=sec1 \
    security.authentication-types=wpa2-psk .ft=yes .ft-over-ds=yes steering=steering1 steering.neighbor-group=\
    dynamic-MikroTik-020F6E-97a21101
add channel=ch1-5Ghz channel.frequency=5670-5730 configuration=cfg1-5Ghz configuration.country=Australia .mode=ap .ssid=Pal29_WiFi datapath=\
    datapath1 datapath.bridge=bridge disabled=no name=cap-wifi3-Davids-5Ghz radio-mac=78:9A:18:59:BA:A7 security=sec1 \
    security.authentication-types=wpa2-psk .ft=yes .ft-over-ds=yes steering=steering1 steering.neighbor-group=\
    dynamic-MikroTik-020F6E-97a21101
add channel=ch2-2.4Ghz configuration=cfg2-2.4Ghz configuration.country=Australia .mode=ap .ssid=Pal29_WiFi datapath=datapath1 \
    datapath.bridge=bridge disabled=no name=cap-wifi4-Davids-2.4Ghz radio-mac=78:9A:18:59:BA:A8 security=sec1 security.authentication-types=\
    wpa2-psk .ft=yes .ft-over-ds=yes steering=steering1 steering.neighbor-group=dynamic-MikroTik-020F6E-97a21101
add channel=ch1-5Ghz channel.frequency=5510-5670 configuration=cfg1-5Ghz configuration.country=Australia .mode=ap .ssid=Pal29_WiFi datapath=\
    datapath1 datapath.bridge=bridge disabled=no name=cap-wifi5-Dinning-5Ghz radio-mac=48:A9:8A:FD:26:89 security=sec1 \
    security.authentication-types=wpa2-psk .ft=yes .ft-over-ds=yes steering=steering1 steering.neighbor-group=\
    dynamic-MikroTik-020F6E-97a21101
add channel=ch2-2.4Ghz configuration=cfg2-2.4Ghz configuration.country=Australia .mode=ap .ssid=Pal29_WiFi datapath=datapath1 \
    datapath.bridge=bridge disabled=no name=cap-wifi6-Dinning-2.4Ghz radio-mac=48:A9:8A:FD:26:8A security=sec1 security.authentication-types=\
    wpa2-psk .ft=yes .ft-over-ds=yes steering=steering1 steering.neighbor-group=dynamic-MikroTik-020F6E-97a21101
/ip pool
add name=dhcp ranges=192.168.5.100-192.168.5.254
/ip dhcp-server
add address-pool=dhcp interface=bridge lease-time=6h name=defconf
/system logging action
set 0 memory-lines=150
set 1 disk-lines-per-file=4
/container
add interface=veth1-Adguard root-dir=usb1/adguard start-on-boot=yes workdir=/opt/adguardhome/work
/container config
set ram-high=500.0MiB registry-url=https://registry-1.docker.io tmpdir=usb1/pull
/disk settings
set auto-media-interface=bridge auto-media-sharing=yes auto-smb-sharing=yes
/dude
set enabled=yes
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-Hallway
add bridge=bridge comment=defconf interface=ether3-David
add bridge=bridge comment=defconf interface=ether4-Dinning
add bridge=bridge comment=defconf interface=ether5-LAN
add bridge=bridge comment=defconf interface=HapAx3_5Ghz
add bridge=bridge comment=defconf interface=HapAx3_2.4Ghz
add bridge=Dockers interface=veth1-Adguard
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ipv6 settings
set max-neighbor-entries=2048
/interface detect-internet
set detect-interface-list=all
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1-WAN list=WAN
/interface wifi access-list
add action=accept allow-signal-out-of-range=10s disabled=no interface=any signal-range=-90..-20
/interface wifi capsman
set enabled=yes interfaces=all package-path="" require-peer-certificate=no upgrade-policy=none
/ip address
add address=192.168.5.1/24 comment=defconf interface=bridge network=192.168.5.0
add address=10.0.0.1/24 interface=Dockers network=10.0.0.0
/ip cloud
set back-to-home-vpn=enabled ddns-enabled=yes ddns-update-interval=10m
/ip cloud back-to-home-users
add allow-lan=yes comment=" samsung SM-S926B" name="Pal29Tik | C53UiG+5HPaxD2HPaxD" private-key=\
    "KPOcy11F8wGNGDDOvl/1eg/7iDSOQzaATqK8JfMlrHA=" public-key="snMz+366/m/pJ+Cppd2o/3uZixpSf7Dqd1MdDAkKfk0="
/ip dhcp-client
add comment=defconf interface=ether1-WAN
/ip dhcp-server lease
add address=192.168.5.12 client-id=1:d8:bb:c1:70:59:d3 comment="My PC" mac-address=D8:BB:C1:70:59:D3 server=defconf
add address=192.168.5.45 comment="LG Washing Machine" mac-address=80:5B:65:74:7F:C1 server=defconf
add address=192.168.5.2 client-id=1:78:9a:18:59:ba:4e comment="Hallway Cap" mac-address=78:9A:18:59:BA:4E server=defconf
add address=192.168.5.46 client-id=1:60:9:c3:68:75:21 comment="Fronius Solar inverter" mac-address=60:09:C3:68:75:21 server=defconf
add address=192.168.5.3 client-id=1:78:9a:18:59:ba:a5 comment="Davids Cap" mac-address=78:9A:18:59:BA:A5 server=defconf
add address=192.168.5.4 client-id=1:48:a9:8a:fd:26:84 comment="Dinning Room" mac-address=48:A9:8A:FD:26:84 server=defconf
add address=192.168.5.43 comment="LG Dryer" mac-address=4C:BA:D7:D3:66:D1 server=defconf
add address=192.168.5.60 client-id=1:38:86:f7:b8:19:a8 comment="Google outside" mac-address=38:86:F7:B8:19:A8 server=defconf
add address=192.168.5.66 comment="Ethans Google Minii" mac-address=D4:F5:47:11:3F:83 server=defconf
add address=192.168.5.62 comment="Google Home" mac-address=48:D6:D5:64:A9:F3 server=defconf
add address=192.168.5.23 client-id=1:5c:aa:fd:5:8a:50 comment=SONOZ mac-address=5C:AA:FD:05:8A:50 server=defconf
add address=192.168.5.27 client-id=1:58:e8:76:4:17:36 comment="IVSEC Cams" mac-address=58:E8:76:04:17:36 server=defconf
add address=192.168.5.26 client-id=1:10:62:e5:5e:92:dd comment="HP Printer" mac-address=10:62:E5:5E:92:DD server=defconf
add address=192.168.5.44 client-id=1:a4:36:c7:c1:e9:62 comment="LG Dishwasher" mac-address=A4:36:C7:C1:E9:62 server=defconf
add address=192.168.5.61 client-id=1:c:dc:7e:2a:ef:24 comment="Camp Chef" mac-address=0C:DC:7E:2A:EF:24 server=defconf
add address=192.168.5.13 client-id=1:38:2c:4a:af:d4:cf comment="Khloes PC" mac-address=38:2C:4A:AF:D4:CF server=defconf
add address=192.168.5.14 client-id=1:4c:cc:6a:8d:9c:33 comment="Ethans PC" mac-address=4C:CC:6A:8D:9C:33 server=defconf
/ip dhcp-server network
add address=192.168.5.0/24 comment=defconf dns-server=10.0.0.2 gateway=192.168.5.1 netmask=24
/ip dns
set allow-remote-requests=yes cache-size=4096KiB servers=10.0.0.2
/ip dns static
add address=192.168.5.1 comment=defconf name=router.lan type=A
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new \
    in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/ip firewall service-port
set ftp ports=2201
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip kid-control
add fri=0s-1d mon=0s-1d name=system-dummy sat=0s-1d sun=0s-1d thu=0s-1d tue=0s-1d tur-fri=0s-1d tur-mon=0s-1d tur-sat=0s-1d tur-sun=0s-1d \
    tur-thu=0s-1d tur-tue=0s-1d tur-wed=0s-1d wed=0s-1d
/ip service
set telnet address=192.168.5.0/24 port=2325
set ftp address=192.168.5.0/24 port=2277
set www disabled=yes
set ssh address=192.168.5.0/24 port=2280
set api address=192.168.5.0/24
set winbox address=192.168.5.0/24
set api-ssl address=192.168.5.0/24
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge type=internal
add interface=ether1-WAN type=external
/ipv6 address
add address=::d601:c3ff:fe02:f69 eui-64=yes from-pool=Leaptel interface=ether1-WAN
add address=::d601:c3ff:fe02:f6a eui-64=yes from-pool=Leaptel interface=bridge
/ipv6 dhcp-client
add add-default-route=yes interface=ether1-WAN pool-name=Leaptel request=prefix
/ipv6 dhcp-server
add address-pool=Leaptel interface=ether1-WAN name=server1
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" dst-port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/system clock
set time-zone-name=Australia/Brisbane
/system identity
set name=Pal29Tik
/system logging
set 0 topics=info,!wireguard
add disabled=yes topics=wireless
add action=disk disabled=yes topics=disk
/system note
set show-at-login=no
/system package update
set channel=testing
/system routerboard wps-button
set enabled=yes on-event=wps-accept
/system script
add comment=defconf dont-require-permissions=no name=wps-accept owner=*sys policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\r\
    \n   :foreach iface in=[/interface/wifi find where (configuration.mode=\"ap\" && disabled=no)] do={\r\
    \n     /interface/wifi wps-push-button \$iface;}\r\
    \n "
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/user group
add name=admin policy=local,ftp,reboot,read,write,test,winbox,password,web,sniff,sensitive,romon,rest-api,!telnet,!ssh,!policy,!api

Coughy · Sat Sep 14, 2024 3:13 am

next installment no my changes didnt fix this over night it is back

Screenshot 2024-09-12 151835.png

This is what i have so far and seems to be working some what ok

Edit 2.4Ghz is roaming just seen it just slower than 5Ghz to show it
no roaming from 2.4Ghz tho that i can see so far not to really conserned tho with the 2.4Ghz as i only have a few to connect to that that have to every thing els is 5Ghz

but yer let me know what you think if any thing could be made better
i have taken a few bits and pieces from everyones topics here and made this config
have tried alot of ideas and settings this is todays latest try so far so good lol

# 2024-09-13 18:09:14 by RouterOS 7.16rc4
# software id = V3PJ-CM9W
#
# model = C53UiG+5HPaxD2HPaxD
# serial number = Hxxxxxxxxx
/interface bridge
add name=Dockers
add admin-mac=D4:01:C3:02:0F:6A auto-mac=no comment=defconf name=bridge priority=0x7000
/interface ethernet
set [ find default-name=ether1 ] name=ether1-WAN
set [ find default-name=ether2 ] name=ether2-Hallway
set [ find default-name=ether3 ] name=ether3-David
set [ find default-name=ether4 ] name=ether4-Dinning
set [ find default-name=ether5 ] name=ether5-LAN
/interface veth
add address=10.0.0.2/24 gateway=10.0.0.1 gateway6="" name=veth1-Adguard
/interface wireguard
add comment=back-to-home-vpn listen-port=58411 mtu=1420 name=back-to-home-vpn
/disk
set usb1 media-interface=bridge media-sharing=yes smb-sharing=yes smb-user=guest
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wifi channel
add disabled=no name=ch1-5Ghz
add disabled=no name=ch2-2.4Ghz
/interface wifi datapath
add bridge=bridge disabled=no name=datapath1
/interface wifi security
add authentication-types="" disabled=no name=sec1
/interface wifi steering
add disabled=no name=steering1 neighbor-group=dynamic-MikroTik-020F6E-97a21101 rrm=yes wnm=yes
/interface wifi configuration
add channel=ch1-5Ghz channel.frequency=5470-5725 .reselect-interval=1h..2h .width=20/40/80mhz country=Australia datapath=datapath1 \
    datapath.bridge=bridge disabled=no dtim-period=3 mode=ap multicast-enhance=enabled name=cfg1-5Ghz security=sec1 \
    security.authentication-types=wpa2-psk .connect-priority=0/1 .disable-pmkid=yes .ft=yes .ft-over-ds=yes .group-encryption=ccmp \
    .group-key-update=2h .management-protection=disabled .wps=disable ssid=Pal29_WiFi steering=steering1 steering.neighbor-group=\
    dynamic-MikroTik-020F6E-97a21101 .rrm=yes .wnm=yes
add channel=ch2-2.4Ghz channel.frequency=2300-7300 .reselect-interval=1h..1h30m .width=20/40mhz country=Australia datapath=datapath1 \
    datapath.bridge=bridge disabled=no mode=ap name=cfg2-2.4Ghz security=sec1 security.authentication-types=wpa2-psk .connect-priority=0/1 \
    .disable-pmkid=yes .ft=yes .ft-over-ds=yes .group-encryption=ccmp .group-key-update=2h .management-protection=disabled .wps=disable ssid=\
    Pal29_WiFi steering=steering1 steering.neighbor-group=dynamic-MikroTik-020F6E-97a21101 .rrm=yes .wnm=yes
/interface wifi
set [ find default-name=wifi1 ] channel=ch2-2.4Ghz configuration=cfg2-2.4Ghz configuration.country=Australia .mode=ap .ssid=Pal29_WiFi \
    datapath=datapath1 datapath.bridge=bridge disabled=no name=HapAx3_2.4Ghz security=sec1 security.authentication-types=wpa2-psk .ft=yes \
    .ft-over-ds=yes steering=steering1 steering.neighbor-group=dynamic-MikroTik-020F6E-97a21101 .rrm=yes .wnm=yes
set [ find default-name=wifi2 ] channel=ch1-5Ghz channel.skip-dfs-channels=10min-cac configuration=cfg1-5Ghz configuration.country=Australia \
    .mode=ap .ssid=Pal29_WiFi datapath=datapath1 datapath.bridge=bridge disabled=no name=HapAx3_5Ghz security=sec1 \
    security.authentication-types=wpa2-psk .ft=yes .ft-over-ds=yes steering=steering1 steering.neighbor-group=\
    dynamic-MikroTik-020F6E-97a21101 .rrm=yes .wnm=yes
add channel=ch1-5Ghz channel.frequency=5670-5730 configuration=cfg1-5Ghz configuration.country=Australia .mode=ap .ssid=Pal29_WiFi datapath=\
    datapath1 datapath.bridge=bridge disabled=no name=cap-wifi1-Hallway-5Ghz radio-mac=78:9A:18:59:BA:50 security=sec1 \
    security.authentication-types=wpa2-psk .ft=yes .ft-over-ds=yes steering=steering1 steering.neighbor-group=\
    dynamic-MikroTik-020F6E-97a21101
add channel=ch2-2.4Ghz channel.frequency=2300-7300 configuration=cfg2-2.4Ghz configuration.country=Australia .mode=ap .ssid=Pal29_WiFi \
    datapath=datapath1 datapath.bridge=bridge disabled=no name=cap-wifi2-Hallway-2.4Ghz radio-mac=78:9A:18:59:BA:51 security=sec1 \
    security.authentication-types=wpa2-psk .ft=yes .ft-over-ds=yes steering=steering1 steering.neighbor-group=\
    dynamic-MikroTik-020F6E-97a21101
add channel=ch1-5Ghz channel.frequency=5670-5730 configuration=cfg1-5Ghz configuration.country=Australia .mode=ap .ssid=Pal29_WiFi datapath=\
    datapath1 datapath.bridge=bridge disabled=no name=cap-wifi3-Davids-5Ghz radio-mac=78:9A:18:59:BA:A7 security=sec1 \
    security.authentication-types=wpa2-psk .ft=yes .ft-over-ds=yes steering=steering1 steering.neighbor-group=\
    dynamic-MikroTik-020F6E-97a21101
add channel=ch2-2.4Ghz configuration=cfg2-2.4Ghz configuration.country=Australia .mode=ap .ssid=Pal29_WiFi datapath=datapath1 \
    datapath.bridge=bridge disabled=no name=cap-wifi4-Davids-2.4Ghz radio-mac=78:9A:18:59:BA:A8 security=sec1 security.authentication-types=\
    wpa2-psk .ft=yes .ft-over-ds=yes steering=steering1 steering.neighbor-group=dynamic-MikroTik-020F6E-97a21101
add channel=ch1-5Ghz channel.frequency=5510-5670 configuration=cfg1-5Ghz configuration.country=Australia .mode=ap .ssid=Pal29_WiFi datapath=\
    datapath1 datapath.bridge=bridge disabled=no name=cap-wifi5-Dinning-5Ghz radio-mac=48:A9:8A:FD:26:89 security=sec1 \
    security.authentication-types=wpa2-psk .ft=yes .ft-over-ds=yes steering=steering1 steering.neighbor-group=\
    dynamic-MikroTik-020F6E-97a21101
add channel=ch2-2.4Ghz configuration=cfg2-2.4Ghz configuration.country=Australia .mode=ap .ssid=Pal29_WiFi datapath=datapath1 \
    datapath.bridge=bridge disabled=no name=cap-wifi6-Dinning-2.4Ghz radio-mac=48:A9:8A:FD:26:8A security=sec1 security.authentication-types=\
    wpa2-psk .ft=yes .ft-over-ds=yes steering=steering1 steering.neighbor-group=dynamic-MikroTik-020F6E-97a21101
/ip pool
add name=dhcp ranges=192.168.5.100-192.168.5.254
/ip dhcp-server
add address-pool=dhcp interface=bridge lease-time=6h name=defconf
/system logging action
set 0 memory-lines=150
set 1 disk-lines-per-file=4
/container
add interface=veth1-Adguard root-dir=usb1/adguard start-on-boot=yes workdir=/opt/adguardhome/work
/container config
set ram-high=500.0MiB registry-url=https://registry-1.docker.io tmpdir=usb1/pull
/disk settings
set auto-media-interface=bridge auto-media-sharing=yes auto-smb-sharing=yes
/dude
set enabled=yes
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-Hallway
add bridge=bridge comment=defconf interface=ether3-David
add bridge=bridge comment=defconf interface=ether4-Dinning
add bridge=bridge comment=defconf interface=ether5-LAN
add bridge=bridge comment=defconf interface=HapAx3_5Ghz
add bridge=bridge comment=defconf interface=HapAx3_2.4Ghz
add bridge=Dockers interface=veth1-Adguard
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ipv6 settings
set max-neighbor-entries=2048
/interface detect-internet
set detect-interface-list=all
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1-WAN list=WAN
/interface wifi access-list
add action=accept allow-signal-out-of-range=10s disabled=no interface=any signal-range=-90..-20
/interface wifi capsman
set enabled=yes interfaces=all package-path="" require-peer-certificate=no upgrade-policy=none
/ip address
add address=192.168.5.1/24 comment=defconf interface=bridge network=192.168.5.0
add address=10.0.0.1/24 interface=Dockers network=10.0.0.0
/ip cloud
set back-to-home-vpn=enabled ddns-enabled=yes ddns-update-interval=10m
/ip cloud back-to-home-users
add allow-lan=yes comment=" samsung SM-S926B" name="Pal29Tik | C53UiG+5HPaxD2HPaxD" private-key=\
    "KPOcy11F8wGNGDDOvl/1eg/7iDSOQzaATqK8JfMlrHA=" public-key="snMz+366/m/pJ+Cppd2o/3uZixpSf7Dqd1MdDAkKfk0="
/ip dhcp-client
add comment=defconf interface=ether1-WAN
/ip dhcp-server lease
add address=192.168.5.12 client-id=1:d8:bb:c1:70:59:d3 comment="My PC" mac-address=D8:BB:C1:70:59:D3 server=defconf
add address=192.168.5.45 comment="LG Washing Machine" mac-address=80:5B:65:74:7F:C1 server=defconf
add address=192.168.5.2 client-id=1:78:9a:18:59:ba:4e comment="Hallway Cap" mac-address=78:9A:18:59:BA:4E server=defconf
add address=192.168.5.46 client-id=1:60:9:c3:68:75:21 comment="Fronius Solar inverter" mac-address=60:09:C3:68:75:21 server=defconf
add address=192.168.5.3 client-id=1:78:9a:18:59:ba:a5 comment="Davids Cap" mac-address=78:9A:18:59:BA:A5 server=defconf
add address=192.168.5.4 client-id=1:48:a9:8a:fd:26:84 comment="Dinning Room" mac-address=48:A9:8A:FD:26:84 server=defconf
add address=192.168.5.43 comment="LG Dryer" mac-address=4C:BA:D7:D3:66:D1 server=defconf
add address=192.168.5.60 client-id=1:38:86:f7:b8:19:a8 comment="Google outside" mac-address=38:86:F7:B8:19:A8 server=defconf
add address=192.168.5.66 comment="Ethans Google Minii" mac-address=D4:F5:47:11:3F:83 server=defconf
add address=192.168.5.62 comment="Google Home" mac-address=48:D6:D5:64:A9:F3 server=defconf
add address=192.168.5.23 client-id=1:5c:aa:fd:5:8a:50 comment=SONOZ mac-address=5C:AA:FD:05:8A:50 server=defconf
add address=192.168.5.27 client-id=1:58:e8:76:4:17:36 comment="IVSEC Cams" mac-address=58:E8:76:04:17:36 server=defconf
add address=192.168.5.26 client-id=1:10:62:e5:5e:92:dd comment="HP Printer" mac-address=10:62:E5:5E:92:DD server=defconf
add address=192.168.5.44 client-id=1:a4:36:c7:c1:e9:62 comment="LG Dishwasher" mac-address=A4:36:C7:C1:E9:62 server=defconf
add address=192.168.5.61 client-id=1:c:dc:7e:2a:ef:24 comment="Camp Chef" mac-address=0C:DC:7E:2A:EF:24 server=defconf
add address=192.168.5.13 client-id=1:38:2c:4a:af:d4:cf comment="Khloes PC" mac-address=38:2C:4A:AF:D4:CF server=defconf
add address=192.168.5.14 client-id=1:4c:cc:6a:8d:9c:33 comment="Ethans PC" mac-address=4C:CC:6A:8D:9C:33 server=defconf
/ip dhcp-server network
add address=192.168.5.0/24 comment=defconf dns-server=10.0.0.2 gateway=192.168.5.1 netmask=24
/ip dns
set allow-remote-requests=yes cache-size=4096KiB servers=10.0.0.2
/ip dns static
add address=192.168.5.1 comment=defconf name=router.lan type=A
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new \
    in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/ip firewall service-port
set ftp ports=2201
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip kid-control
add fri=0s-1d mon=0s-1d name=system-dummy sat=0s-1d sun=0s-1d thu=0s-1d tue=0s-1d tur-fri=0s-1d tur-mon=0s-1d tur-sat=0s-1d tur-sun=0s-1d \
    tur-thu=0s-1d tur-tue=0s-1d tur-wed=0s-1d wed=0s-1d
/ip service
set telnet address=192.168.5.0/24 port=2325
set ftp address=192.168.5.0/24 port=2277
set www disabled=yes
set ssh address=192.168.5.0/24 port=2280
set api address=192.168.5.0/24
set winbox address=192.168.5.0/24
set api-ssl address=192.168.5.0/24
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge type=internal
add interface=ether1-WAN type=external
/ipv6 address
add address=::d601:c3ff:fe02:f69 eui-64=yes from-pool=Leaptel interface=ether1-WAN
add address=::d601:c3ff:fe02:f6a eui-64=yes from-pool=Leaptel interface=bridge
/ipv6 dhcp-client
add add-default-route=yes interface=ether1-WAN pool-name=Leaptel request=prefix
/ipv6 dhcp-server
add address-pool=Leaptel interface=ether1-WAN name=server1
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" dst-port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/system clock
set time-zone-name=Australia/Brisbane
/system identity
set name=Pal29Tik
/system logging
set 0 topics=info,!wireguard
add disabled=yes topics=wireless
add action=disk disabled=yes topics=disk
/system note
set show-at-login=no
/system package update
set channel=testing
/system routerboard wps-button
set enabled=yes on-event=wps-accept
/system script
add comment=defconf dont-require-permissions=no name=wps-accept owner=*sys policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\r\
    \n   :foreach iface in=[/interface/wifi find where (configuration.mode=\"ap\" && disabled=no)] do={\r\
    \n     /interface/wifi wps-push-button \$iface;}\r\
    \n "
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/user group
add name=admin policy=local,ftp,reboot,read,write,test,winbox,password,web,sniff,sensitive,romon,rest-api,!telnet,!ssh,!policy,!api

Who is online