Skip to content
MikroTik RouterOS Docs

Dense WiFi Deployment Guide

Dense WiFi Deployment Guide

Section titled “Dense WiFi Deployment Guide”

This guide covers deploying multiple MikroTik access points in dense environments where APs are close together - warehouses, offices, stadiums, conference rooms, or any location requiring many APs to cover the area.

The Dense WiFi Challenge

Section titled “The Dense WiFi Challenge”

When deploying many APs in close proximity, traditional WiFi planning breaks down:

  • Co-channel interference - Multiple APs on the same channel interfere with each other
  • Excessive client roaming - Clients jump between APs with overlapping coverage
  • Hidden node problems - Clients can’t hear each other but APs hear both
  • SSID proliferation - Multiple SSIDs per radio reduce available throughput

“The discussion revolves around issues with high jitter and ping times associated with Mikrotik cAP-ac units in a large warehouse environment. Suggestions provided include using different channels, improving the physical installation layout, limiting signal strength, and configuring 5GHz usage instead of 2.4GHz.” - MikroTik Forum

Key Metrics for Dense Deployments

Section titled “Key Metrics for Dense Deployments”
MetricTargetNotes
Channel reuseMaximizeSame channel should be far apart
Coverage overlap15-20%For roaming, not full coverage
Clients per AP<50More causes contention
Airtime utilization<50%High = slow for everyone

Channel Planning

Section titled “Channel Planning”

The 3-Channel Rule (2.4 GHz)

Section titled “The 3-Channel Rule (2.4 GHz)”

For 2.4 GHz, use only 3 non-overlapping channels:

ChannelCenter Frequency
12412 MHz
62437 MHz
112462 MHz

Repeat this pattern - each “cluster” of 3 APs uses channels 1, 6, 11.

5 GHz Channel Options

Section titled “5 GHz Channel Options”

5 GHz offers many more options:

Non-DFS (US): 36, 40, 44, 48, 149, 153, 157, 161, 165
DFS:          52, 56, 60, 64, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144

Channel Width Considerations

Section titled “Channel Width Considerations”
WidthChannels UsedProsCons
20 MHz1Least interference, more reuseLess capacity
40 MHz2BalancedSome interference
80 MHz4Max capacityMore interference

For dense environments, 20 MHz is often best:

  • More channel reuse options
  • Less co-channel interference
  • More stable connections
# RouterOS 7 - WiFiWave2 channel configuration
/interface wifi channel
add frequency=5180,5220,5260,5300 name=20MHz-5G width=20mhz

Channel Reuse Pattern Example

Section titled “Channel Reuse Pattern Example”

Example for 9 APs using channel reuse:

          [AP1 Ch36]    [AP2 Ch44]    [AP3 Ch52]
          [AP4 Ch44]    [AP5 Ch36]    [AP6 Ch52]
          [AP7 Ch52]    [AP8 Ch36]    [AP9 Ch44]

Goal: Same channel should have maximum physical separation.

Power Level Tuning

Section titled “Power Level Tuning”

The Paradox

Section titled “The Paradox”

More power = better range, but also:

  • Clients roam less (stick to distant AP)
  • More interference to neighboring APs
  • Higher mobile device battery drain

Solution: Reduce TX Power

Section titled “Solution: Reduce TX Power”
# WiFiWave2 - reduce TX power per configuration
/interface wifi configuration
add channel=5G name=5G-config security=MySecurity ssid=MyNet tx-power=10

Community recommendation:

“limiting signal strength” - helps in dense environments

Dynamic Power Adjustment

Section titled “Dynamic Power Adjustment”

Consider manually setting different power per AP:

  • Edge APs: Lower power
  • Center APs: Higher power
  • Match to coverage needs
# Set different power levels for different APs
/interface wifi configuration
set Office-1 tx-power=10
set Office-2 tx-power=15
set Office-3 tx-power=20

Band Selection in Dense Environments

Section titled “Band Selection in Dense Environments”

Prefer 5 GHz

Section titled “Prefer 5 GHz”

“configuring 5GHz usage instead of 2.4GHz” was the key solution for warehouse issues

Reasons:

  • More available channels
  • Less crowded spectrum
  • Better for high density
  • Less range = easier to control overlap

Limit 2.4 GHz

Section titled “Limit 2.4 GHz”

Use 2.4 GHz only for:

  • Legacy devices that don’t support 5 GHz
  • Long-range coverage needs
  • IoT devices that only support 2.4 GHz

Separate Networks

Section titled “Separate Networks”
# Separate SSIDs for different purposes
/interface wifi configuration
add channel=ch-5G-20 country="US" name=2G-config security=MySecurity ssid=Corp-2G
add channel=ch-5G-20 country="US" name=5G-config security=MySecurity ssid=Corp-5G

Client Load Balancing

Section titled “Client Load Balancing”

MikroTik Options

Section titled “MikroTik Options”
# Group APs for client balancing
/interface wifi configuration
set load-balancing-group=group1

Manual Approaches

Section titled “Manual Approaches”
  1. Different SSIDs: Direct devices to specific APs
  2. Power adjustment: Push clients to stronger APs
  3. Band steering: Prefer 5 GHz
  4. Access lists: Control client connections

Client Limits

Section titled “Client Limits”
# Limit clients per AP
/interface wifi configuration
set max-station-count=50

Signal-Based Access Control

Section titled “Signal-Based Access Control”

Force Clients to Nearest AP

Section titled “Force Clients to Nearest AP”

Prevent clients with marginal signals from causing instability by rejecting weak connections:

# WiFiWave2 access list
/interface wifi access-list
add action=accept signal-range=-70..120
add action=reject signal-range=-120..-71

For CAPsMAN:

/caps-man access-list
add action=accept signal-range=-65..120
add action=reject signal-range=-120..-66

Why -65 to -70 dBm? This threshold allows roaming while preventing clients with marginal signals from causing instability.

Combined Power + Access List

Section titled “Combined Power + Access List”

For best results, combine power reduction with access lists:

# Step 1: Reduce cell size via TX power
/interface wifi configuration
set tx-power=10


# Step 2: Reject weak signals
/interface wifi access-list
add action=accept signal-range=-70..120
add action=reject signal-range=-120..-71

This ensures:

  1. Each AP covers a smaller area (TX power reduction)
  2. Only clients with good signal connect (access list)
  3. Clients roam to the closest AP rather than staying on a distant one

SSID Proliferation Problems

Section titled “SSID Proliferation Problems”

The Problem

Section titled “The Problem”

Running multiple SSIDs (virtual APs) on the same radio reduces available throughput because the radio must share airtime between networks.

“Virtual APs provide flexibility by creating multiple SSIDs from a single physical radio, but they reduce available throughput because the radio must share time between networks.”

Recommendations

Section titled “Recommendations”
ApproachProsCons
Single SSID + 802.1X + VLANsFull throughputComplex authentication
Separate physical APsFull throughput per SSIDMore hardware
2-3 Virtual APs per radioFlexibility30-50% throughput reduction

Practical rules:

  • Limit SSIDs per radio to 2-3 maximum
  • Use separate physical APs for different networks rather than virtual APs
  • For guest/IoT/corporate segmentation, consider VLANs with single SSID + 802.1X

Hardware Protection Modes

Section titled “Hardware Protection Modes”

For hidden node problems (when clients can’t see each other but APs can hear both), enable hardware protection:

# Option 1: CTS-to-self (simpler, usually sufficient)
/interface wifi
set hw-protection-mode=cts-to-self


# Option 2: RTS-CTS (more robust but adds overhead)
/interface wifi
set hw-protection-mode=rts-cts

The hidden node problem occurs when:

  • Two clients are near different APs but can’t hear each other
  • They both transmit simultaneously
  • Both APs hear the transmission, causing a collision
  • Clients never know their transmission failed

Rate Limiting for Dense Deployments

Section titled “Rate Limiting for Dense Deployments”

In dense environments, a single misbehaving client can affect everyone. Rate limiting protects the network.

Per-Client Bandwidth Limits

Section titled “Per-Client Bandwidth Limits”

Queue Tree (recommended for throughput limits):

/queue tree
add name=client-limit parent=global bucket-size=0.01 max-limit=10M/10M queue=default/default

Per-IP Limits using Simple Queues:

/queue simple
add target=192.168.1.10 max-limit=10M/10M name=client1
add target=192.168.1.11 max-limit=10M/10M name=client2

Connection Limits (Anti-Abuse)

Section titled “Connection Limits (Anti-Abuse)”

Prevent any single client from consuming excessive connection table entries:

/ip firewall filter
add chain=forward protocol=tcp connection-limit=100,32 action=drop

This limits each client to 100 concurrent TCP connections, preventing connection exhaustion attacks.

Client Isolation

Section titled “Client Isolation”

Enable client isolation to prevent peer-to-peer communication:

# In datapath settings
/interface wifi datapath
set client-isolation=yes

Or for CAPsMAN:

/caps-man datapath
set client-isolation=yes

Complete Dense Deployment Example

Section titled “Complete Dense Deployment Example”

WiFiWave2 Direct Configuration

Section titled “WiFiWave2 Direct Configuration”
# Enable WiFi
/interface wifi enable wifi1


# Channel plan - 20 MHz for maximum reuse
/interface wifi channel
add frequency=5180 name=ch36 width=20mhz
add frequency=5240 name=ch48 width=20mhz
add frequency=5320 name=ch64 width=20mhz
add frequency=5500 name=ch100 width=20mhz
add frequency=5700 name=ch140 width=20mhz


# Security
/interface wifi security
add authentication-types=wpa2-psk encryption=ccmp name=CorpSec passphrase=MyPass


# Configuration - 20 MHz channels, moderate power
/interface wifi configuration
add channel=ch36 country="US" datapath.local-forwarding=yes \
    manager=capsman name=Office-1 security=CorpSec ssid=CorpNet tx-power=15
add channel=ch48 country="US" datapath.local-forwarding=yes \
    manager=capsman name=Office-2 security=CorpSec ssid=CorpNet tx-power=15


# Access list for better roaming
/interface wifi access-list
add action=accept signal-range=-70..120

CAPsMAN Controller Configuration

Section titled “CAPsMAN Controller Configuration”
# Enable CAPsMAN
/caps-man manager set enabled=yes


# Define channels - 20MHz for 5GHz in dense deployment
/caps-man channel add frequency=5180,5200,5220,5240 band=5ghz-n/ac width=20mhz \
    name=5ghz-dense reselect-interval=15m
/caps-man channel add frequency=2412,2437,2462 band=2ghz-n width=20mhz \
    name=2ghz-dense reselect-interval=15m


# Security profile
/caps-man security add name=dense-sec authentication-types=wpa2-psk \
    encryption=aes-ccm passphrase=YourSecurePassword!


# Datapath with client isolation
/caps-man datapath add name=dense-dp bridge=bridge-local local-forwarding=yes \
    client-isolation=yes


# Configuration - reduced power, fast roaming
/caps-man configuration add name=dense-ap \
    channel=5ghz-dense \
    security=dense-sec \
    datapath=dense-dp \
    ssid=Office-Dense \
    country=UnitedStates \
    tx-power=17 \
    ft=yes \
    rrm=yes \
    bss-transition=yes


# Provisioning
/caps-man provisioning add \
    action=create-dynamic-enabled \
    hw-supported-modes=ac,ax \
    master-configuration=dense-ap

Dense WiFi Checklist

Section titled “Dense WiFi Checklist”

Before deploying:

  • Plan channel allocation (1/6/11 for 2.4GHz, 20MHz channels for 5GHz)
  • Calculate required AP spacing (typically 15-25m for 5GHz)
  • Configure TX power to control cell size
  • Set up access lists to reject weak signals
  • Enable hardware protection mode (cts-to-self)
  • Limit SSIDs per radio to 2-3
  • Configure rate limiting for abuse prevention
  • Enable client isolation
  • Test with representative client devices

Troubleshooting Dense Deployments

Section titled “Troubleshooting Dense Deployments”

High Ping Jitter

Section titled “High Ping Jitter”
  1. Check for co-channel interference - run spectrum analyzer
  2. Reduce TX power
  3. Switch to 5GHz (more channels available)
  4. Enable hw-protection-mode
  5. Use different channels across APs

Clients Not Roaming

Section titled “Clients Not Roaming”
  1. Verify signal access list allows roaming (-65 to -70 threshold)
  2. Check TX power isn’t too low
  3. Ensure 802.11r is enabled for fast roaming
  4. Verify coverage overlap (15-20% between APs)

Slow Throughput

Section titled “Slow Throughput”
  1. Reduce channel width to 20MHz
  2. Add more non-overlapping channels
  3. Check for hidden node issues
  4. Enable client isolation
  5. Verify client signal strength distribution
  6. Limit 2.4 GHz usage - prefer 5 GHz

Intermittent Connections

Section titled “Intermittent Connections”
  1. Use spectrum analyzer
  2. Check neighboring networks
  3. Move to less crowded channels
  4. Check for external interference

Performance Drop During Peak

Section titled “Performance Drop During Peak”
  1. Client load balancing
  2. More APs at lower power
  3. 5 GHz preferred (more channels)
  4. Rate limit heavy users

Monitoring Dense Deployments

Section titled “Monitoring Dense Deployments”

Key Metrics to Watch

Section titled “Key Metrics to Watch”
# Clients per AP
/interface wifi registration-table print count-only


# Airtime utilization (via registration table)
/interface wifi registration-table print detail


# Signal distribution
/interface wifi registration-table print where signal<-70

Tools

Section titled “Tools”
  • /interface wifi snooper - See all WiFi traffic
  • /tool sniffer - Packet capture
  • Third-party WiFi analyzers

Regular Checks

Section titled “Regular Checks”
  1. Client distribution across APs
  2. Signal quality distribution
  3. Channel utilization
  4. Error rates

Real-World Example: Warehouse

Section titled “Real-World Example: Warehouse”

“The discussion revolves around issues with high jitter and ping times associated with Mikrotik cAP-ac units in a large warehouse environment. Suggestions provided include using different channels, improving the physical installation layout, limiting signal strength, and configuring 5GHz usage instead of 2.4GHz.”

Key lessons from the forum:

  • Use multiple channels, not channel 1 everywhere
  • Better physical placement of APs
  • Lower signal strength
  • 5 GHz preferred over 2.4 GHz

Summary

Section titled “Summary”

Do

Section titled “Do”
  • Use 5 GHz primarily
  • Use 20 MHz channel width
  • Plan channel reuse carefully
  • Reduce TX power below default
  • Enable local forwarding
  • Monitor client distribution

Don’t

Section titled “Don’t”
  • Overlap 2.4 GHz too much
  • Use 40 MHz on 2.4 GHz
  • Set high TX power in dense areas
  • Ignore client distribution
  • Use auto channel without planning
Section titled “Related Documentation”