hEX router overloaded and very slow
Posted: Tue Apr 03, 2018 11:21 am
Hey all.
I very much need someone's help over here.
I have installed and deployed hostpot service in the office as on this diagram: We have three Mikrotik devices. Router hEX poe lite and two access points - MikroTik cAP lite devices.
The hostpot+usermanger is configured on hEX router. The way it is configured - everything works, but it works very very slow. I have just about 10-15 workers in the office and when half of them are connected, the internet starts to work super slow. When i check hEX router CPU load it is bouncing at around 70-100%. Checking Tools-Profile(CPU) i can see that SPI takes a lot of resources. If i understand it correctly it has to do with traffic routing. And it kind of makes sense, if all 10-15 user's traffic is routed through one hEX router it might slow things down. Can someone help me to easier things up and make CPU load less?
What I thought might help is configuring CAPsMAN enabling "Local Forwarding" in Provision tab. After trying that it certainly makes hEX router work hard, but then cAP devices looses hotspot feature and start working as usual(no password) wi-fi network :/
Here are some of my configurations (please tell me if you need to see more configs):
I m at the position when i m struggling, so any help will be highly appreciated!
I very much need someone's help over here.
I have installed and deployed hostpot service in the office as on this diagram: We have three Mikrotik devices. Router hEX poe lite and two access points - MikroTik cAP lite devices.
The hostpot+usermanger is configured on hEX router. The way it is configured - everything works, but it works very very slow. I have just about 10-15 workers in the office and when half of them are connected, the internet starts to work super slow. When i check hEX router CPU load it is bouncing at around 70-100%. Checking Tools-Profile(CPU) i can see that SPI takes a lot of resources. If i understand it correctly it has to do with traffic routing. And it kind of makes sense, if all 10-15 user's traffic is routed through one hEX router it might slow things down. Can someone help me to easier things up and make CPU load less?
What I thought might help is configuring CAPsMAN enabling "Local Forwarding" in Provision tab. After trying that it certainly makes hEX router work hard, but then cAP devices looses hotspot feature and start working as usual(no password) wi-fi network :/
Here are some of my configurations (please tell me if you need to see more configs):
Code: Select all
[admin@MikroTik-router] > caps-man provisioning print
Flags: X - disabled
0 radio-mac=00:00:00:00:00:00 hw-supported-modes="" identity-regexp="" common-name-regexp="" ip-address-ranges=""
action=create-dynamic-enabled master-configuration=Office-main slave-configurations=Office-guest name-format=prefix
name-prefix="Office-
[admin@MikroTik-router] > caps-man configuration print
0 name="Office-main" mode=ap ssid="meshpower-office" country=rwanda
datapath.client-to-client-forwarding=no datapath.bridge=bridge-hotspot
datapath.local-forwarding=no channel.band=2ghz-b/g/n
1 name="Office-guest" mode=ap ssid="meshpower-guest" country=rwanda
security.authentication-types=wpa2-psk security.passphrase="meshpowerguest"
datapath.bridge=bridge-guest datapath.local-forwarding=no channel.band=2ghz-b/g/n
[admin@MikroTik-router] > interface bridge print detail
Flags: X - disabled, R - running
0 R name="bridge-guest" mtu=auto actual-mtu=1500 l2mtu=1600 arp=enabled
arp-timeout=auto mac-address=66:D1:54:DF:7F:57 protocol-mode=rstp
fast-forward=no igmp-snooping=no priority=0x8000 auto-mac=yes
max-message-age=20s forward-delay=15s transmit-hold-count=6 ageing-time=5m
region-name="" region-revision=0 max-hops=20 vlan-filtering=no pvid=1
1 R name="bridge-hotspot" mtu=auto actual-mtu=1500 l2mtu=1600 arp=enabled
arp-timeout=auto mac-address=64:D1:54:DF:7F:57 protocol-mode=rstp
fast-forward=no igmp-snooping=no priority=0x8000 auto-mac=yes
max-message-age=20s forward-delay=15s transmit-hold-count=6 ageing-time=5m
region-name="" region-revision=0 max-hops=20 vlan-filtering=no pvid=1
2 R ;;; created from master port
name="bridge1" mtu=auto actual-mtu=1500 l2mtu=1598 arp=enabled arp-timeout=auto
mac-address=6C:3B:6B:76:DC:75 protocol-mode=rstp fast-forward=yes
igmp-snooping=no priority=0x8000 auto-mac=no admin-mac=6C:3B:6B:76:DC:75
max-message-age=20s forward-delay=15s transmit-hold-count=6 ageing-time=5m
region-name="" region-revision=0 max-hops=20 vlan-filtering=no pvid=1
[admin@MikroTik-router] > interface bridge port print
Flags: X - disabled, I - inactive, D - dynamic, H - hw-offload
# INTERFACE BRIDGE HW PVID PRIORITY PATH-COST INTERNAL-PATH-COST HORIZON
0 H ether3 bridge1 yes 1 0x80 10 10 none
1 H ether4 bridge1 yes 1 0x80 10 10 none
2 H ether5 bridge1 yes 1 0x80 10 10 none
3 H ether2-master bridge1 yes 1 0x80 10 10 none
4 XI ether1 bridge1 yes 1 0x80 10 10 none
5 D Office-1 bridge-hotspot yes 1 0x80 10 10 none
6 ID Office-1-1 bridge-guest yes 1 0x80 10 10 none
7 D Office-2 bridge-hotspot yes 1 0x80 10 10 none
8 ID Office-2-1 bridge-guest yes 1 0x80 10 10 none
[admin@MikroTik-router] > ip hotspot profile print
Flags: * - default
0 * name="default" hotspot-address=0.0.0.0 dns-name="" html-directory=flash/hotspot html-directory-override=""
rate-limit="" http-proxy=0.0.0.0:0 smtp-server=0.0.0.0 login-by=cookie,http-chap http-cookie-lifetime=3d
split-user-domain=no use-radius=no
1 name="Office-profile" hotspot-address=192.168.92.1 dns-name="" html-directory=flash/hotspot_office
html-directory-override="" rate-limit="" http-proxy=0.0.0.0:0 smtp-server=0.0.0.0
login-by=cookie,http-chap,mac-cookie http-cookie-lifetime=3d split-user-domain=no use-radius=yes
radius-accounting=yes radius-interim-update=received nas-port-type=wireless-802.11 radius-default-domain=""
radius-location-id="" radius-location-name="" radius-mac-format=XX:XX:XX:XX:XX:XX