Community discussions

MikroTik App
 
dmfr
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 52
Joined: Thu Oct 15, 2020 11:14 am

Feedback : CAPSman tests, coming from Unifi

Fri Dec 17, 2021 12:51 am

I recently had to decide sourcing wireless equipment for a new site.
Site is a warehouse (~12 APs) and adjacent offices (2 floors ~4 APs)
On other premises we have been using Unifi gear and kind of satisfied with it, with notable exception of 'new' NanoHD which has been a disaster, due to poor interoperabiliy of Mediatek chip with low end android and/or RTL-based laptops (RTL8821CE).

Being very pleased with Mikrotik routers (RB4011) on all sites, and some switches here and there, I decided to order & try MTK wireless equipment and consider a CAPSman setup for the new warehouse.

Our test equipment :
- AP side / Unifi : 4 UAP-AC-LR
- AP side / Mikrotik : 4 WAP AC (new model), for test purposes, would go for AC metal(warehouse) and CAP-AC (for offices).
- Wireless clients :
* Android industrial : Honeywell CT45 / Zebra MC33xx
* Smartphones : Pixel 3/4a/6
* High-end laptop : Intel AC9260
* Low-end laptop : RTL8821CE

All testing has been done in very same network / time / weather conditions.
Wired network free of any concern, giving excellent LAN performance + constant 900/500 uplink throughput.

General feedback :

CAPSman system is awesome ! Clean, simple & works well.
Very different from GUI Java based controller, would integrate very well with our custom logging/monitor daemon thanks to MTK API which we are already familiar with.
Note: we only use local forwarding.

Throughput,
- Max throughput is noticeably a step behind Unifi. It takes time to "rise" to the max (~450M download), and is much more "client-dependant" to reach it.
- General throughput is good, ~100M achieved in medium reach conditions, not very far from UAP-AC perfs.
- Far reach not as good as UAP-LR, probably because of antenna design (wap-ac vs. UAP long range)
Bottom line: not "so" good, but very OK for real-life use cases.

....
Now to main concern : Roaming.

Disclaimer first, we didn't stop like "Mikrotik doesn't have 802.11r/v/k/whatever".
Besides, on Unifi gear, "Fast roaming" controller option (does it mean 802.11r enabled?) is not even checked.
We wanted to compare with facts.
Testing is done :
- using an optimized, zero latency, SIP VoIP app playing non-stop music from Asterisk server
- monitor roaming from controllers (for MTK : /system logging add topics=caps)
- monitor roaming from android when possible (debug options)

So,

Unifi : from an audio perspective, you can't even tell for sure when the device is roaming. You just can't.

Mikrotik : Constant ~1sec drop when roaming. We tried tried RSTP off/on, ROS 7/6.49.2, numerous resets and other tweaking. Constant ~1sec drop.

Things Unifi has & Mikrotik does not :
- Radius auth cache, it does not query radius on each association, Mikrotik does
- "BSS Transition" (shown in "Extended capabilities" on IW tool scan), cannot tell what it exactly does
- see below, "fast roaming" (802.11r ?) is NOT enabled on Unifi gear.
On side note, same 1sec drop happens using WPA-PSK as well , so it is not EAP/radius related.

I trust Mikrotik is already aware of above facts, and such a test setup is very easy to reproduce.
Now that ROS 7.1 is finally out (and performing well on routers), may they focus on wireless optimizations that could bring their equipment to "corporate" level.

Significant market share to conquer, I know for a fact that many SMBS these days are disastified with Ruckus/Meraki/Aruba overpriced gear and mandatory cloud management.

Would welcome any cross feedback, further testing, or any settings tuning if i missed something.

Thanks for reading & regards !
 
User avatar
genesispro
Member
Member
Posts: 304
Joined: Fri Mar 14, 2014 12:33 pm

Re: Feedback : CAPSman tests, coming from Unifi

Fri Dec 17, 2021 11:27 am

Interesting article and I would be happy to see these improvements.
One other thing that is different that I have already suggested in the past but didn't see any action except the very first days of discussion is the fact that ubnt controller is pushing the parameters to the APs and if we loose for some reason access to the controller the APs are still working without collecting statistics. Even if you reboot them all settings are there working fine.
In the MikroTik controller if the client loose communication for a few (5-6 I think) seconds, it stops working waiting for the controller to "control" it.
Of course that would only be possible with the local forwarding option but I believe that most traffic hungry setups are done with local forwarding else they are way slower!

It would be an interesting option and then we could also move our controllers to the cloud as well for our customers!
 
ivicask
Member
Member
Posts: 438
Joined: Tue Jul 07, 2015 2:40 pm
Location: Croatia, Zagreb

Re: Feedback : CAPSman tests, coming from Unifi

Fri Dec 17, 2021 11:42 am


Mikrotik : Constant ~1sec drop when roaming. We tried tried RSTP off/on, ROS 7/6.49.2, numerous resets and other tweaking. Constant ~1sec drop.
Did you add this for improved roaming?(fine tune the value to your liking)
/caps-man access-list
add action=accept allow-signal-out-of-range=6s client-to-client-forwarding=yes disabled=no interface=any signal-range=-80..120 ssid-regexp=""
add action=reject allow-signal-out-of-range=6s client-to-client-forwarding=yes disabled=no interface=any signal-range=-120..-83 ssid-regexp=""
Depends on client, but for example i tested with my Samsung s21 phone while roaming in 3 floors school with 20 CAPs and zero drop pings.
 
ivicask
Member
Member
Posts: 438
Joined: Tue Jul 07, 2015 2:40 pm
Location: Croatia, Zagreb

Re: Feedback : CAPSman tests, coming from Unifi

Fri Dec 17, 2021 11:46 am

Interesting article and I would be happy to see these improvements.
One other thing that is different that I have already suggested in the past but didn't see any action except the very first days of discussion is the fact that ubnt controller is pushing the parameters to the APs and if we loose for some reason access to the controller the APs are still working without collecting statistics. Even if you reboot them all settings are there working fine.
In the MikroTik controller if the client loose communication for a few (5-6 I think) seconds, it stops working waiting for the controller to "control" it.
Of course that would only be possible with the local forwarding option but I believe that most traffic hungry setups are done with local forwarding else they are way slower!

It would be an interesting option and then we could also move our controllers to the cloud as well for our customers!
I had similar question, Mikrotik support told me they are planing to add CAP standalone mode for local forwarding so even if it gets disconnected from CAPSMAN it continues to work fine, we can only wait.
 
User avatar
genesispro
Member
Member
Posts: 304
Joined: Fri Mar 14, 2014 12:33 pm

Re: Feedback : CAPSman tests, coming from Unifi

Fri Dec 17, 2021 12:04 pm

(any trick to make cap client keep settings while capsman is down?)
viewtopic.php?t=177472
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 3123
Joined: Mon Apr 08, 2019 1:16 am

Re: Feedback : CAPSman tests, coming from Unifi

Fri Dec 17, 2021 12:58 pm

Klembord-2.jpg
.
.
To my experience this will not let you return to this AP for 6 sec, after you have been kicked out, even if your signal is now OK.
Even if you set this to 1 sec, there is another cache for a short delay that says "banned(last failure ...)"
This is a problem if the AP's are in adjacent rooms and people are going back and forth in the 2 rooms.
So "flapping" from one AP to another will create reject periodes.
The same seems to happen with a client device, trying to do band switching to 5 GHz on the same AP, but failing on signal strength.
Klembord-3.jpg
You do not have the required permissions to view the files attached to this post.
 
ivicask
Member
Member
Posts: 438
Joined: Tue Jul 07, 2015 2:40 pm
Location: Croatia, Zagreb

Re: Feedback : CAPSman tests, coming from Unifi

Fri Dec 17, 2021 1:28 pm

Klembord-2.jpg
.
.
To my experience this will not let you return to this AP for 6 sec, after you have been kicked out, even if your signal is now OK.
Even if you set this to 1 sec, there is another cache for a short delay that says "banned(last failure ...)"
This is a problem if the AP's are in adjacent rooms and people are going back and forth in the 2 rooms.
So "flapping" from one AP to another will create reject periodes.
The same seems to happen with a client device, trying to do band switching to 5 GHz on the same AP, but failing on signal strength.

Klembord-3.jpg
Yeah i know, thats why i wrote you should fine tune this to own preference, depends what kinda of signal coverage you have, i tune this value to fix problems..

But yeah its not perfect solution for all situations and clients
Last edited by ivicask on Fri Dec 17, 2021 2:36 pm, edited 1 time in total.
 
dmfr
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 52
Joined: Thu Oct 15, 2020 11:14 am

Re: Feedback : CAPSman tests, coming from Unifi

Fri Dec 17, 2021 1:38 pm

Did you add this for improved roaming?(fine tune the value to your liking)
...
add action=reject allow-signal-out-of-range=6s client-to-client-forwarding=yes disabled=no interface=any signal-range=-120..-83 ssid-regexp=""
At best it's not any better, at worse in your dark spots clients get kicked out and will try to reassociate to same AP.
From my experience it's much more efficient to set a standard minimum data rate of 12 or 18M, so clients are at least aware of the limits, and will try on purpose to find nearest AP more aggressively
/caps-man rates
add basic=18Mbps name=rates_5g supported=18Mbps,24Mbps,36Mbps,48Mbps,54Mbps
add basic=18Mbps name=rates_2g supported=18Mbps,24Mbps,36Mbps,48Mbps,54Mbps


But anyway that's not the point here.
The ~1sec drop is not related to a critical loss of signal, and i'm not sure it is really related to strict-sense roaming either...
It's more like, in the Mikrotik setup, the AP, upon association, waits ~1sec before it starts forwarding data.

The 1sec "audio drop" occurs just after android client shows successfull association to new AP, not before or during the operation, that's the thing...

Might be related :
- to the lack of "BSS transition" ? i still don't know exactly what it is
- to some delay in Mikrotik APs firmware ?
 
gotsprings
Forum Guru
Forum Guru
Posts: 2307
Joined: Mon May 14, 2012 9:30 pm

Re: Feedback : CAPSman tests, coming from Unifi

Fri Dec 17, 2021 2:38 pm

As long as I send Support Riffs to Mikrotik and they go "Ohh Well"...

I will keep paying for Ruckus.

My bitching about Mikrotik wireless is well known.

And the day that Caps-Man can control a good radio... that can support MU_MIMO and keep clients connected... I will bid farewell to other manufactures...

However,
I have been really impressed with how well my Audience has worked with Wave 2 drivers. But sure enough... it dropped a few 2.4 clients and didn't let them reconnect. Its unplugged again and my Ruckus R650 has kept all the clients connected for several days now.

And to continue my griping...
A Mikrotik cAP XL AC is a 2x2 AC V1 Wireless Aceess Point with absolutely no proposed update path to even WAVE2 which has been standard since 2016. US Price $100
Engenius EWS357AP is a 2x2 WiFi 6 AP. US Price $100
Netgear, TPLink and a few others all rebadge that WAP for about the same price.
Of course UniF--k is $100 as well.
Last edited by gotsprings on Fri Dec 17, 2021 3:00 pm, edited 1 time in total.
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 3123
Joined: Mon Apr 08, 2019 1:16 am

Re: Feedback : CAPSman tests, coming from Unifi

Fri Dec 17, 2021 2:47 pm

From my experience it's much more efficient to set a standard minimum data rate of 12 or 18M, so clients are at least aware of the limits, and will try on purpose to find nearest AP more aggressively
Yes, I do this as well. (In this case basic rates 6 and 9 Mbps, HT mcs 0 and 1, and all VHT MCS, are disabled on 5 GHz) Difficult to tune, and I miss somewhat the "allow-out-of-range" equivalent. Missing AP beacons will disconnect the client, maybe too soon.

Interesting is, if you did not enable the wireless log, you only see the lines with info. And is that sequence not the well known "clients always disconnect" syndrome?
This here is only because one device is at the ultimate edge of the designed coverage, has only one weak AP in reach. In all other points it would have moved to another better AP .
Last edited by bpwl on Fri Dec 17, 2021 6:15 pm, edited 1 time in total.
 
ivicask
Member
Member
Posts: 438
Joined: Tue Jul 07, 2015 2:40 pm
Location: Croatia, Zagreb

Re: Feedback : CAPSman tests, coming from Unifi

Fri Dec 17, 2021 2:53 pm

Did you add this for improved roaming?(fine tune the value to your liking)
...
add action=reject allow-signal-out-of-range=6s client-to-client-forwarding=yes disabled=no interface=any signal-range=-120..-83 ssid-regexp=""
At best it's not any better, at worse in your dark spots clients get kicked out and will try to reassociate to same AP.
From my experience it's much more efficient to set a standard minimum data rate of 12 or 18M, so clients are at least aware of the limits, and will try on purpose to find nearest AP more aggressively
/caps-man rates
add basic=18Mbps name=rates_5g supported=18Mbps,24Mbps,36Mbps,48Mbps,54Mbps
add basic=18Mbps name=rates_2g supported=18Mbps,24Mbps,36Mbps,48Mbps,54Mbps


But anyway that's not the point here.
The ~1sec drop is not related to a critical loss of signal, and i'm not sure it is really related to strict-sense roaming either...
It's more like, in the Mikrotik setup, the AP, upon association, waits ~1sec before it starts forwarding data.

The 1sec "audio drop" occurs just after android client shows successfull association to new AP, not before or during the operation, that's the thing...

Might be related :
- to the lack of "BSS transition" ? i still don't know exactly what it is
- to some delay in Mikrotik APs firmware ?
I tried exactly like that and than i had droped pings not to mention some clients would randomly get disconnected, think its some power saver on wlan cards and it cant go into lower rates and gets disconnected with full signal..
 
dmfr
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 52
Joined: Thu Oct 15, 2020 11:14 am

Re: Feedback : CAPSman tests, coming from Unifi

Fri Dec 17, 2021 3:21 pm

From my experience it's much more efficient to set a standard minimum data rate of 12 or 18M, so clients are at least aware of the limits, and will try on purpose to find nearest AP more aggressively
Yes, I do this as well. Difficult to tune, and I miss somewhat the "allow-out-of-range" equivalent. Missing AP beacons will disconnect the client, maybe too soon.
Problem with access-lists, client might get kicked while it's not yet ready to roam.
For sure it will reconnect to a better AP, but since the drop was unexpected from its point-of-view, it might some take time to scan & reassociate.

And the day that Caps-Man can control a good radio... that can support MU_MIMO and keep clients connected... I will bid farewell to other manufactures...
Sure it would be nice, however in many basic setups, seamless roaming and continuous forwarding is more critical than "extreme" throughtput.
MU-MIMO only makes a real difference in HD environments for high data loads.
However I agree that wifiwave2 on RB4011iGS+5HacQ2HnD-IN looks promising.

I tried exactly like that and than i had droped pings not to mention some clients would randomly get disconnected, think its some power saver on wlan cards and it cant go into lower rates and gets disconnected with full signal..
Driver client issue. Client is not supposed to switch lower rates if they're not advertised.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 21893
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Feedback : CAPSman tests, coming from Unifi

Fri Dec 17, 2021 6:50 pm

Gotsprings, have you worked with Grandstream APs at all.
Reason I ask helping in another thread where he uses such AP 7630.
What caught my eye was the options for isolating clients on a WLAN.
Now curious about its performance capabilities.
The GW 7660 is their wifi6 model (only 2x2 though? but for $129US may be decent!)
Very similar to the TPLInk EAP620.
(how bout $94 You should get one just for testing, I dont have an R&D Budget)
(https://www.ipphone-warehouse.com/grand ... ess-point/)


Client isolation feature blocks any TCP/IP connection between connected
clients to GWN76XX’s Wi-Fi access point. Client isolation can be helpful
to increase security for Guest networks/Public WiFi.
Three modes are available:
 Radio Mode: Wireless clients can access to the internet services,
GWN7xxx router and the access points GWN76XX but they cannot
communicate with each other.
 Internet Mode: Wireless clients will be allowed to access only the
internet services and they cannot access any of the management
services, either on the router nor the access points GWN76XX.
 Gateway MAC Mode: Wireless clients can only communicate with
the gateway, the communication between clients is blocked and
they cannot access any of the management services on the
GWN76XX access points
 
gotsprings
Forum Guru
Forum Guru
Posts: 2307
Joined: Mon May 14, 2012 9:30 pm

Re: Feedback : CAPSman tests, coming from Unifi

Fri Dec 17, 2021 8:06 pm

ANAV

Never seen Grand Stream Wireless, that I am aware of.

I wasted a ton of time the last few weeks looking at other VENDORS. I say vendors as they all seem to be buying the same things and putting their name on it. So the objective now is to find who rebadges the radio, for the least amount of money.
Last edited by gotsprings on Sat Dec 18, 2021 2:05 am, edited 1 time in total.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 21893
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Feedback : CAPSman tests, coming from Unifi

Fri Dec 17, 2021 9:26 pm

Grandstream seems to be US based out of Boston.
It would be good to support made in USA from that perspective if so inclined.
What are your expectations? There is very little point in making how hardware.
Most companies shop for hardware solutions, but the difference is in who controls the firmware.
Clearly companies like TP Link outsource their firmware updates as well and it gets changed very infrequently.
 
dmfr
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 52
Joined: Thu Oct 15, 2020 11:14 am

Re: Feedback : CAPSman tests, coming from Unifi

Fri Dec 17, 2021 11:55 pm

I am glad everyone finds the ideal AP seeking for new shiny brands. Ubiquiti was one at some point.
Hope Mikrotik does not follow the same marketing / cloud / smartphone-enabled-management way...

Back to the original topic,

Did we solve the mystery of roaming in Mikrotik ?

Genesispro, I had second thoughts about your remark :
One other thing that is different that I have already suggested in the past but didn't see any action except the very first days of discussion is the fact that ubnt controller is pushing the parameters to the APs and if we loose for some reason access to the controller the APs are still working without collecting statistics. Even if you reboot them all settings are there working fine.
In the MikroTik controller if the client loose communication for a few (5-6 I think) seconds, it stops working waiting for the controller to "control" it.
Of course that would only be possible with the local forwarding option but I believe that most traffic hungry setups are done with local forwarding else they are way slower!

One thing I didn't test yet was similar but standalone setups for several APs.
Consider this setup for two separate APs:
/radius
add address=10.39.1.51 secret=xxxxxxxxx service=wireless
/interface wireless security-profiles
add authentication-types=wpa2-eap mode=dynamic-keys name=EAP_AP supplicant-identity=MikroTik
/interface wireless
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX disabled=no frequency=auto mode=ap-bridge security-profile=EAP_AP ssid=Mikrotik wireless-protocol=802.11

Here we are, perfect roaming !

Mikrotik is right when they say 802.11r/k/v is mainly marketing speech.
Now they just have to fix CAPSman system because the ~1sec-roaming-drop is, 100% sure, introduced by the controller system.
Even using local forwarding mode.
 
gotsprings
Forum Guru
Forum Guru
Posts: 2307
Joined: Mon May 14, 2012 9:30 pm

Re: Feedback : CAPSman tests, coming from Unifi

Sat Dec 18, 2021 12:10 am

The 2.4 radio just giving up, is more of a problem for me. Some devices can't connect to 5GHZ. So when the 2.4 radio decides to silently drop packets, then deny access to a device until restarted... I don't have time in my life for all the problems Mikrotik radios caused us.
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 3123
Joined: Mon Apr 08, 2019 1:16 am

Re: Feedback : CAPSman tests, coming from Unifi

Sat Dec 18, 2021 1:09 am

Sep/23/2021 16:59:06 dude,event syslog: 192.168.28.58: wireless,info wAP08: 26:D4:90:5D:C6:6B@wlan2: connected, signal strength -79
Sep/23/2021 16:59:07 dude,event syslog: 192.168.36.1: <150>Sep 23 16:59:05 DrayTek: RADIUS SRV: EAP user "ROM08" authentication succeeded from 192.168.28.58:48820
Sep/23/2021 16:59:14 dude,event syslog: 192.168.28.38: wireless,info hAP08: 26:D4:90:5D:C6:6B@wlan2: connected, signal strength -50
Sep/23/2021 16:59:15 dude,event syslog: 192.168.36.1: <150>Sep 23 16:59:13 DrayTek: RADIUS SRV: EAP user "ROM08" authentication succeeded from 192.168.28.38:39296
Sep/23/2021 16:59:16 dude,event syslog: 192.168.28.58: wireless,info wAP08: 26:D4:90:5D:C6:6B@wlan2: disconnected, registered to other device in network
Sep/23/2021 16:59:38 dude,event syslog: 192.168.28.38: wireless,info hAP08: 26:D4:90:5D:C6:6B@wlan1: connected, signal strength -70
Sep/23/2021 16:59:39 dude,event syslog: 192.168.36.1: <150>Sep 23 16:59:37 DrayTek: RADIUS SRV: EAP user "ROM08" authentication succeeded from 192.168.28.38:39440
Sep/23/2021 16:59:39 dude,event syslog: 192.168.28.38: wireless,info hAP08: 26:D4:90:5D:C6:6B@wlan2: disconnected, registered to other interface
Sep/23/2021 16:59:49 dude,event syslog: 192.168.28.38: wireless,info hAP08: 26:D4:90:5D:C6:6B@wlan2: connected, signal strength -53
Sep/23/2021 16:59:49 dude,event syslog: 192.168.36.1: <150>Sep 23 16:59:47 DrayTek: RADIUS SRV: EAP user "ROM08" authentication succeeded from 192.168.28.38:36006
Sep/23/2021 16:59:49 dude,event syslog: 192.168.28.38: wireless,info hAP08: 26:D4:90:5D:C6:6B@wlan1: disconnected, registered to other interface
.
.
I have been looking in my year-long logging of all connects/disconnects for a case where fast roaming was visible. Roaming happens e.g. when people go indoor (hap) and outdoor (wap).
Radius server for WPA2-EAP is on the Draytek (it is invoked every time, no caching with EAP)
From the logging of this device initiated roaming, you can see that the association and authentication happens before the disconnect from the previous connect is detected. Be it between AP's (wap,hap) or between interfaces in the same AP. (I don't know if this is noticible for the user, and can't ask it ad hoc because this is very remote. (1200km) But they all claim everything goes smooth)

It's deserted there right now, only a concierge passing by, not knowing his smartphone is connecting. I was very very SAD to see my log in #6. The forced roaming via access-list and higher basic rates is not delivering what I expected, even as the concierge in only somewhere in that street it should not have done those long rejects. [adjusted already allowing -83dBm for 5 GHz and 2.4GHz, it was -83dBm for 2.4GHz and -80dBm for 5GHz]. Without air-time-fairness kicking off slow connections is mandatory in my case.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 21893
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Feedback : CAPSman tests, coming from Unifi

Sat Dec 18, 2021 1:58 am

Yeah I played with some of those settings for a short bit but when family started yelling at me, I removed the fancy attempts at controlling access to APs..........
 
gotsprings
Forum Guru
Forum Guru
Posts: 2307
Joined: Mon May 14, 2012 9:30 pm

Re: Feedback : CAPSman tests, coming from Unifi

Sat Dec 18, 2021 2:04 am

ANAV,

Looks like Grandstream bought some Engenius, so they could connect their phones.

Who is online

Users browsing this forum: ciruliss, cralin and 4 guests