How control bandwidth with mikrotik queueMikrotik queues and limiting total upstream bandwidthOpenVPN tun routing (can ping tun interfaces) with mikrotik and NAT on both endsMikrotik and Freeradius (user time limit)Download rate or Data Limitation on Mikrotik hotspot don't apply on usersMikrotik simple queueMikrotik - Changing/removing a master-port disconnects from a routerHow to set up QoS on MikroTik RouterOS?Wifi-as-WAN with a Mikrotik RB941-2nD-TC?Mikrotik - 5GHz AC - only 110MbpsMikrotik Port Based Bandwidth Limtation CPU 100% for 1/5gbps limit

Preventing Employees from either switching to Competitors or Opening Their Own Business

How can drunken, homicidal elves successfully conduct a wild hunt?

Frame failure sudden death?

What can I, as a user, do about offensive reviews in App Store?

How did students remember what to practise between lessons without any sheet music?

How to officially communicate to a non-responsive colleague?

Does setting a new type clear the rules text for non-lands?

Movie about a boy who was born old and grew young

Was the Tamarian language in "Darmok" inspired by Jack Vance's "The Asutra"?

Does a 3rd-level Wolf Totem barbarian get advantage against enemies when an ally is within 5 feet of the enemy?

Russian equivalents of "no love lost"

How do you show, through your narration, a hard and uncaring world?

How does a transformer increase voltage while decreasing the current?

Payment instructions allegedly from HomeAway look fishy to me

Can the poison from Kingsmen be concocted?

Smooth switching between 12 V batteries, with a toggle switch

Implement Homestuck's Catenative Doomsday Dice Cascader

Why doesn’t a normal window produce an apparent rainbow?

Can anyone identify this tank?

Is open-sourcing the code of a webapp not recommended?

Is it possible to 'live off the sea'

Print the string equivalents of a phone number

Does an ice chest packed full of frozen food need ice?

Why only the fundamental frequency component is said to give useful power?



How control bandwidth with mikrotik queue


Mikrotik queues and limiting total upstream bandwidthOpenVPN tun routing (can ping tun interfaces) with mikrotik and NAT on both endsMikrotik and Freeradius (user time limit)Download rate or Data Limitation on Mikrotik hotspot don't apply on usersMikrotik simple queueMikrotik - Changing/removing a master-port disconnects from a routerHow to set up QoS on MikroTik RouterOS?Wifi-as-WAN with a Mikrotik RB941-2nD-TC?Mikrotik - 5GHz AC - only 110MbpsMikrotik Port Based Bandwidth Limtation CPU 100% for 1/5gbps limit






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;








0















I have a mikrotik router and i want to limit the speed of wlan users. I create a queue for target = wlan and set the limit downloa and upload = 64k, but when i test it, this seems not working correctly!
Test download speed > 500k.
The router config is default.
How can i do that



/interface bridge
add admin-mac=E4:8D:8C:46:C7:0F auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce 
 disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=PNG1 
 wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether2 ] name=ether2-master
set [ find default-name=ether3 ] master-port=ether2-master
set [ find default-name=ether4 ] master-port=ether2-master
set [ find default-name=ether5 ] master-port=ether2-master
/ip neighbor discovery
set ether1 discover=no
set bridge comment=defconf
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=
 dynamic-keys wpa-pre-shared-key=noor3664 wpa2-pre-shared-key=noor3664
/ip hotspot profile
add dns-name=so.zzz hotspot-address=10.5.50.1 login-by=http-pap name=hsprof1 
 use-radius=yes
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
add name=hs-pool-2 ranges=10.5.50.2-10.5.50.254
/ip dhcp-server
add address-pool=dhcp authoritative=after-10sec-delay disabled=no interface=
 bridge name=defconf
add address-pool=hs-pool-2 interface=ether2-master lease-time=1h name=dhcp1
/ip hotspot
add address-pool=hs-pool-2 addresses-per-mac=1 interface=ether2-master name=
 hotspot1 profile=hsprof1
/ip hotspot user profile
add address-pool=hs-pool-2 advertise=yes advertise-interval="" advertise-url="" 
 name=uprof1 open-status-page=http-login transparent-proxy=yes
/queue type
set 0 pfifo-limit=200
/queue interface
set ether2-master queue=default-small
/queue simple
add limit-at=30k/30k max-limit=30k/30k name=queue1 queue=default/default 
 target=bridge total-queue=default
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add auto-isolate=yes bridge=bridge interface=wlan1
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=
 192.168.88.0
add address=10.5.50.1/24 comment="hotspot network" interface=ether2-master 
 network=10.5.50.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=10.5.50.0/24 comment="hotspot network" gateway=10.5.50.1
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=4.2.2.4
/ip dns static
add address=10.5.50.1 name=router
/ip firewall filter
add chain=input comment="defconf: accept ICMP" protocol=icmp
add chain=input comment="defconf: accept established,related" connection-state=
 established,related
add action=drop chain=input comment="defconf: drop all from WAN" in-interface=
 ether1
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" 
 connection-state=established,related
add chain=forward comment="defconf: accept established,related" 
 connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=
 invalid
add action=drop chain=forward comment=
 "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat 
 connection-state=new in-interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=
 ether1
add action=masquerade chain=srcnat comment="masquerade hotspot net
 src-address=10.5.50.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot net
 src-address=10.5.50.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot net
 src-address=10.5.50.0/24
/ip hotspot user
add name=admin
/radius
add address=192.168.88.1 service=hotspot
add address=192.168.88.1 service=hotspot
/system clock
set time-zone-name=Asia/Tehran
/system leds
set 0 interface=wlan1
/system routerboard settings
set protected-routerboot=disabled
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=bridge
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=bridge
[admin@MikroTik] >





mikrotik







share|improve this question
























  • Did you read through any of the plenty of tutorials on the mikrotik site?

    – TomTom
    Jun 17 '16 at 19:16











  • yes, i add the export.

    – Mehdi Amrollahi
    Jun 18 '16 at 0:26

















0















I have a mikrotik router and i want to limit the speed of wlan users. I create a queue for target = wlan and set the limit downloa and upload = 64k, but when i test it, this seems not working correctly!
Test download speed > 500k.
The router config is default.
How can i do that



/interface bridge
add admin-mac=E4:8D:8C:46:C7:0F auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce 
 disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=PNG1 
 wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether2 ] name=ether2-master
set [ find default-name=ether3 ] master-port=ether2-master
set [ find default-name=ether4 ] master-port=ether2-master
set [ find default-name=ether5 ] master-port=ether2-master
/ip neighbor discovery
set ether1 discover=no
set bridge comment=defconf
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=
 dynamic-keys wpa-pre-shared-key=noor3664 wpa2-pre-shared-key=noor3664
/ip hotspot profile
add dns-name=so.zzz hotspot-address=10.5.50.1 login-by=http-pap name=hsprof1 
 use-radius=yes
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
add name=hs-pool-2 ranges=10.5.50.2-10.5.50.254
/ip dhcp-server
add address-pool=dhcp authoritative=after-10sec-delay disabled=no interface=
 bridge name=defconf
add address-pool=hs-pool-2 interface=ether2-master lease-time=1h name=dhcp1
/ip hotspot
add address-pool=hs-pool-2 addresses-per-mac=1 interface=ether2-master name=
 hotspot1 profile=hsprof1
/ip hotspot user profile
add address-pool=hs-pool-2 advertise=yes advertise-interval="" advertise-url="" 
 name=uprof1 open-status-page=http-login transparent-proxy=yes
/queue type
set 0 pfifo-limit=200
/queue interface
set ether2-master queue=default-small
/queue simple
add limit-at=30k/30k max-limit=30k/30k name=queue1 queue=default/default 
 target=bridge total-queue=default
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add auto-isolate=yes bridge=bridge interface=wlan1
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=
 192.168.88.0
add address=10.5.50.1/24 comment="hotspot network" interface=ether2-master 
 network=10.5.50.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=10.5.50.0/24 comment="hotspot network" gateway=10.5.50.1
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=4.2.2.4
/ip dns static
add address=10.5.50.1 name=router
/ip firewall filter
add chain=input comment="defconf: accept ICMP" protocol=icmp
add chain=input comment="defconf: accept established,related" connection-state=
 established,related
add action=drop chain=input comment="defconf: drop all from WAN" in-interface=
 ether1
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" 
 connection-state=established,related
add chain=forward comment="defconf: accept established,related" 
 connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=
 invalid
add action=drop chain=forward comment=
 "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat 
 connection-state=new in-interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=
 ether1
add action=masquerade chain=srcnat comment="masquerade hotspot net
 src-address=10.5.50.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot net
 src-address=10.5.50.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot net
 src-address=10.5.50.0/24
/ip hotspot user
add name=admin
/radius
add address=192.168.88.1 service=hotspot
add address=192.168.88.1 service=hotspot
/system clock
set time-zone-name=Asia/Tehran
/system leds
set 0 interface=wlan1
/system routerboard settings
set protected-routerboot=disabled
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=bridge
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=bridge
[admin@MikroTik] >





mikrotik







share|improve this question
























  • Did you read through any of the plenty of tutorials on the mikrotik site?

    – TomTom
    Jun 17 '16 at 19:16











  • yes, i add the export.

    – Mehdi Amrollahi
    Jun 18 '16 at 0:26













0












0








0








I have a mikrotik router and i want to limit the speed of wlan users. I create a queue for target = wlan and set the limit downloa and upload = 64k, but when i test it, this seems not working correctly!
Test download speed > 500k.
The router config is default.
How can i do that



/interface bridge
add admin-mac=E4:8D:8C:46:C7:0F auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce 
 disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=PNG1 
 wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether2 ] name=ether2-master
set [ find default-name=ether3 ] master-port=ether2-master
set [ find default-name=ether4 ] master-port=ether2-master
set [ find default-name=ether5 ] master-port=ether2-master
/ip neighbor discovery
set ether1 discover=no
set bridge comment=defconf
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=
 dynamic-keys wpa-pre-shared-key=noor3664 wpa2-pre-shared-key=noor3664
/ip hotspot profile
add dns-name=so.zzz hotspot-address=10.5.50.1 login-by=http-pap name=hsprof1 
 use-radius=yes
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
add name=hs-pool-2 ranges=10.5.50.2-10.5.50.254
/ip dhcp-server
add address-pool=dhcp authoritative=after-10sec-delay disabled=no interface=
 bridge name=defconf
add address-pool=hs-pool-2 interface=ether2-master lease-time=1h name=dhcp1
/ip hotspot
add address-pool=hs-pool-2 addresses-per-mac=1 interface=ether2-master name=
 hotspot1 profile=hsprof1
/ip hotspot user profile
add address-pool=hs-pool-2 advertise=yes advertise-interval="" advertise-url="" 
 name=uprof1 open-status-page=http-login transparent-proxy=yes
/queue type
set 0 pfifo-limit=200
/queue interface
set ether2-master queue=default-small
/queue simple
add limit-at=30k/30k max-limit=30k/30k name=queue1 queue=default/default 
 target=bridge total-queue=default
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add auto-isolate=yes bridge=bridge interface=wlan1
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=
 192.168.88.0
add address=10.5.50.1/24 comment="hotspot network" interface=ether2-master 
 network=10.5.50.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=10.5.50.0/24 comment="hotspot network" gateway=10.5.50.1
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=4.2.2.4
/ip dns static
add address=10.5.50.1 name=router
/ip firewall filter
add chain=input comment="defconf: accept ICMP" protocol=icmp
add chain=input comment="defconf: accept established,related" connection-state=
 established,related
add action=drop chain=input comment="defconf: drop all from WAN" in-interface=
 ether1
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" 
 connection-state=established,related
add chain=forward comment="defconf: accept established,related" 
 connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=
 invalid
add action=drop chain=forward comment=
 "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat 
 connection-state=new in-interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=
 ether1
add action=masquerade chain=srcnat comment="masquerade hotspot net
 src-address=10.5.50.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot net
 src-address=10.5.50.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot net
 src-address=10.5.50.0/24
/ip hotspot user
add name=admin
/radius
add address=192.168.88.1 service=hotspot
add address=192.168.88.1 service=hotspot
/system clock
set time-zone-name=Asia/Tehran
/system leds
set 0 interface=wlan1
/system routerboard settings
set protected-routerboot=disabled
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=bridge
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=bridge
[admin@MikroTik] >





mikrotik







share|improve this question
















I have a mikrotik router and i want to limit the speed of wlan users. I create a queue for target = wlan and set the limit downloa and upload = 64k, but when i test it, this seems not working correctly!
Test download speed > 500k.
The router config is default.
How can i do that



/interface bridge
add admin-mac=E4:8D:8C:46:C7:0F auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce 
 disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=PNG1 
 wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether2 ] name=ether2-master
set [ find default-name=ether3 ] master-port=ether2-master
set [ find default-name=ether4 ] master-port=ether2-master
set [ find default-name=ether5 ] master-port=ether2-master
/ip neighbor discovery
set ether1 discover=no
set bridge comment=defconf
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=
 dynamic-keys wpa-pre-shared-key=noor3664 wpa2-pre-shared-key=noor3664
/ip hotspot profile
add dns-name=so.zzz hotspot-address=10.5.50.1 login-by=http-pap name=hsprof1 
 use-radius=yes
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
add name=hs-pool-2 ranges=10.5.50.2-10.5.50.254
/ip dhcp-server
add address-pool=dhcp authoritative=after-10sec-delay disabled=no interface=
 bridge name=defconf
add address-pool=hs-pool-2 interface=ether2-master lease-time=1h name=dhcp1
/ip hotspot
add address-pool=hs-pool-2 addresses-per-mac=1 interface=ether2-master name=
 hotspot1 profile=hsprof1
/ip hotspot user profile
add address-pool=hs-pool-2 advertise=yes advertise-interval="" advertise-url="" 
 name=uprof1 open-status-page=http-login transparent-proxy=yes
/queue type
set 0 pfifo-limit=200
/queue interface
set ether2-master queue=default-small
/queue simple
add limit-at=30k/30k max-limit=30k/30k name=queue1 queue=default/default 
 target=bridge total-queue=default
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add auto-isolate=yes bridge=bridge interface=wlan1
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=
 192.168.88.0
add address=10.5.50.1/24 comment="hotspot network" interface=ether2-master 
 network=10.5.50.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=10.5.50.0/24 comment="hotspot network" gateway=10.5.50.1
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=4.2.2.4
/ip dns static
add address=10.5.50.1 name=router
/ip firewall filter
add chain=input comment="defconf: accept ICMP" protocol=icmp
add chain=input comment="defconf: accept established,related" connection-state=
 established,related
add action=drop chain=input comment="defconf: drop all from WAN" in-interface=
 ether1
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" 
 connection-state=established,related
add chain=forward comment="defconf: accept established,related" 
 connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=
 invalid
add action=drop chain=forward comment=
 "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat 
 connection-state=new in-interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=
 ether1
add action=masquerade chain=srcnat comment="masquerade hotspot net
 src-address=10.5.50.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot net
 src-address=10.5.50.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot net
 src-address=10.5.50.0/24
/ip hotspot user
add name=admin
/radius
add address=192.168.88.1 service=hotspot
add address=192.168.88.1 service=hotspot
/system clock
set time-zone-name=Asia/Tehran
/system leds
set 0 interface=wlan1
/system routerboard settings
set protected-routerboot=disabled
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=bridge
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=bridge
[admin@MikroTik] >





mikrotik




mikrotik






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jun 18 '16 at 0:25







Mehdi Amrollahi

















asked Jun 17 '16 at 18:27









Mehdi AmrollahiMehdi Amrollahi

10413




10413












  • Did you read through any of the plenty of tutorials on the mikrotik site?

    – TomTom
    Jun 17 '16 at 19:16











  • yes, i add the export.

    – Mehdi Amrollahi
    Jun 18 '16 at 0:26

















  • Did you read through any of the plenty of tutorials on the mikrotik site?

    – TomTom
    Jun 17 '16 at 19:16











  • yes, i add the export.

    – Mehdi Amrollahi
    Jun 18 '16 at 0:26
















Did you read through any of the plenty of tutorials on the mikrotik site?

– TomTom
Jun 17 '16 at 19:16





Did you read through any of the plenty of tutorials on the mikrotik site?

– TomTom
Jun 17 '16 at 19:16













yes, i add the export.

– Mehdi Amrollahi
Jun 18 '16 at 0:26





yes, i add the export.

– Mehdi Amrollahi
Jun 18 '16 at 0:26










2 Answers
2






active

oldest

votes


















1














Disable any fasttrack rules on your firewall.



Fasttrack will bypass pretty much the whole stack - including the queues.



It's mentioned very clearly in the documentation.
http://wiki.mikrotik.com/wiki/Manual:Wiki/Fasttrack




Description



IPv4 FastTrack handler is automatically used for marked connections.
Use firewall action "fasttrack-connection" to mark connections for
fasttrack. Currently only TCP and UDP connections can be actually
fasttracked (even though any connection can be marked for fasttrack).
IPv4 FastTrack handler supports NAT (SNAT, DNAT or both).



Note that not all packets in a connection can be fasttracked, so it is
likely to see some packets going through slow path even though
connection is marked for fasttrack. This is the reason why
fasttrack-connection is usually followed be identical action=accept
rule. Fasttracked packets bypass firewall, connection tracking,
simple queues, queue tree with parent=global, ip
traffic-flow(restriction removed in 6.33), ip accounting, ipsec,
hotspot universal client, vrf assignment, so it is up to administrator
to make sure fasttrack does not interfere with other configuration;







share|improve this answer






























    0














    You need simple queue with PCQ in order to control all (or specific range) users bandwidth. following are one example:



    /ip firewall address-list
    add address=10.0.0.20-10.0.0.255 list=USER_LIST

    # Marking packets going to USER_LIST
    /ip firewall mangle
    add action=mark-connection chain=prerouting comment="MARK CONN USER_LIST" src-address-list=USER_LIST new-connection-mark=user_conn passthrough=yes
    add action=mark-packet chain=prerouting comment="MARK PKTS USER_LIST" connection-mark=user_conn new-packet-mark=user_pkts passthrough=yes

    # Creating PCQ base Queue - 512k per user
    /queue type
    add kind=pcq name=user-download-512k pcq-classifier=dst-address pcq-dst-address6-mask=64 pcq-rate=512k pcq-src-address6-mask=64
    add kind=pcq name=user-upload-512k pcq-classifier=src-address pcq-dst-address6-mask=64 pcq-rate=512k pcq-src-address6-mask=64

    #- Make sure you move this simple queue on TOP, or else it will not work
    /queue simple
    add comment="Allow 512k Down/up per user by zaib" name="512k per user" packet-marks=user_pkts queue=user-upload-512k/user-download-512k target=""


    More Info here.queue example






    share|improve this answer























      Your Answer








      StackExchange.ready(function()
      var channelOptions =
      tags: "".split(" "),
      id: "2"
      ;
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function()
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled)
      StackExchange.using("snippets", function()
      createEditor();
      );

      else
      createEditor();

      );

      function createEditor()
      StackExchange.prepareEditor(
      heartbeatType: 'answer',
      autoActivateHeartbeat: false,
      convertImagesToLinks: true,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: 10,
      bindNavPrevention: true,
      postfix: "",
      imageUploader:
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      ,
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      );



      );













      draft saved

      draft discarded


















      StackExchange.ready(
      function ()
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f784670%2fhow-control-bandwidth-with-mikrotik-queue%23new-answer', 'question_page');

      );

      Post as a guest















      Required, but never shown

























      2 Answers
      2






      active

      oldest

      votes








      2 Answers
      2






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      1














      Disable any fasttrack rules on your firewall.



      Fasttrack will bypass pretty much the whole stack - including the queues.



      It's mentioned very clearly in the documentation.
      http://wiki.mikrotik.com/wiki/Manual:Wiki/Fasttrack




      Description



      IPv4 FastTrack handler is automatically used for marked connections.
      Use firewall action "fasttrack-connection" to mark connections for
      fasttrack. Currently only TCP and UDP connections can be actually
      fasttracked (even though any connection can be marked for fasttrack).
      IPv4 FastTrack handler supports NAT (SNAT, DNAT or both).



      Note that not all packets in a connection can be fasttracked, so it is
      likely to see some packets going through slow path even though
      connection is marked for fasttrack. This is the reason why
      fasttrack-connection is usually followed be identical action=accept
      rule. Fasttracked packets bypass firewall, connection tracking,
      simple queues, queue tree with parent=global, ip
      traffic-flow(restriction removed in 6.33), ip accounting, ipsec,
      hotspot universal client, vrf assignment, so it is up to administrator
      to make sure fasttrack does not interfere with other configuration;







      share|improve this answer



























        1














        Disable any fasttrack rules on your firewall.



        Fasttrack will bypass pretty much the whole stack - including the queues.



        It's mentioned very clearly in the documentation.
        http://wiki.mikrotik.com/wiki/Manual:Wiki/Fasttrack




        Description



        IPv4 FastTrack handler is automatically used for marked connections.
        Use firewall action "fasttrack-connection" to mark connections for
        fasttrack. Currently only TCP and UDP connections can be actually
        fasttracked (even though any connection can be marked for fasttrack).
        IPv4 FastTrack handler supports NAT (SNAT, DNAT or both).



        Note that not all packets in a connection can be fasttracked, so it is
        likely to see some packets going through slow path even though
        connection is marked for fasttrack. This is the reason why
        fasttrack-connection is usually followed be identical action=accept
        rule. Fasttracked packets bypass firewall, connection tracking,
        simple queues, queue tree with parent=global, ip
        traffic-flow(restriction removed in 6.33), ip accounting, ipsec,
        hotspot universal client, vrf assignment, so it is up to administrator
        to make sure fasttrack does not interfere with other configuration;







        share|improve this answer

























          1












          1








          1







          Disable any fasttrack rules on your firewall.



          Fasttrack will bypass pretty much the whole stack - including the queues.



          It's mentioned very clearly in the documentation.
          http://wiki.mikrotik.com/wiki/Manual:Wiki/Fasttrack




          Description



          IPv4 FastTrack handler is automatically used for marked connections.
          Use firewall action "fasttrack-connection" to mark connections for
          fasttrack. Currently only TCP and UDP connections can be actually
          fasttracked (even though any connection can be marked for fasttrack).
          IPv4 FastTrack handler supports NAT (SNAT, DNAT or both).



          Note that not all packets in a connection can be fasttracked, so it is
          likely to see some packets going through slow path even though
          connection is marked for fasttrack. This is the reason why
          fasttrack-connection is usually followed be identical action=accept
          rule. Fasttracked packets bypass firewall, connection tracking,
          simple queues, queue tree with parent=global, ip
          traffic-flow(restriction removed in 6.33), ip accounting, ipsec,
          hotspot universal client, vrf assignment, so it is up to administrator
          to make sure fasttrack does not interfere with other configuration;







          share|improve this answer













          Disable any fasttrack rules on your firewall.



          Fasttrack will bypass pretty much the whole stack - including the queues.



          It's mentioned very clearly in the documentation.
          http://wiki.mikrotik.com/wiki/Manual:Wiki/Fasttrack




          Description



          IPv4 FastTrack handler is automatically used for marked connections.
          Use firewall action "fasttrack-connection" to mark connections for
          fasttrack. Currently only TCP and UDP connections can be actually
          fasttracked (even though any connection can be marked for fasttrack).
          IPv4 FastTrack handler supports NAT (SNAT, DNAT or both).



          Note that not all packets in a connection can be fasttracked, so it is
          likely to see some packets going through slow path even though
          connection is marked for fasttrack. This is the reason why
          fasttrack-connection is usually followed be identical action=accept
          rule. Fasttracked packets bypass firewall, connection tracking,
          simple queues, queue tree with parent=global, ip
          traffic-flow(restriction removed in 6.33), ip accounting, ipsec,
          hotspot universal client, vrf assignment, so it is up to administrator
          to make sure fasttrack does not interfere with other configuration;








          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Jun 20 '16 at 10:26









          Cha0sCha0s

          2,18121223




          2,18121223























              0














              You need simple queue with PCQ in order to control all (or specific range) users bandwidth. following are one example:



              /ip firewall address-list
              add address=10.0.0.20-10.0.0.255 list=USER_LIST

              # Marking packets going to USER_LIST
              /ip firewall mangle
              add action=mark-connection chain=prerouting comment="MARK CONN USER_LIST" src-address-list=USER_LIST new-connection-mark=user_conn passthrough=yes
              add action=mark-packet chain=prerouting comment="MARK PKTS USER_LIST" connection-mark=user_conn new-packet-mark=user_pkts passthrough=yes

              # Creating PCQ base Queue - 512k per user
              /queue type
              add kind=pcq name=user-download-512k pcq-classifier=dst-address pcq-dst-address6-mask=64 pcq-rate=512k pcq-src-address6-mask=64
              add kind=pcq name=user-upload-512k pcq-classifier=src-address pcq-dst-address6-mask=64 pcq-rate=512k pcq-src-address6-mask=64

              #- Make sure you move this simple queue on TOP, or else it will not work
              /queue simple
              add comment="Allow 512k Down/up per user by zaib" name="512k per user" packet-marks=user_pkts queue=user-upload-512k/user-download-512k target=""


              More Info here.queue example






              share|improve this answer



























                0














                You need simple queue with PCQ in order to control all (or specific range) users bandwidth. following are one example:



                /ip firewall address-list
                add address=10.0.0.20-10.0.0.255 list=USER_LIST

                # Marking packets going to USER_LIST
                /ip firewall mangle
                add action=mark-connection chain=prerouting comment="MARK CONN USER_LIST" src-address-list=USER_LIST new-connection-mark=user_conn passthrough=yes
                add action=mark-packet chain=prerouting comment="MARK PKTS USER_LIST" connection-mark=user_conn new-packet-mark=user_pkts passthrough=yes

                # Creating PCQ base Queue - 512k per user
                /queue type
                add kind=pcq name=user-download-512k pcq-classifier=dst-address pcq-dst-address6-mask=64 pcq-rate=512k pcq-src-address6-mask=64
                add kind=pcq name=user-upload-512k pcq-classifier=src-address pcq-dst-address6-mask=64 pcq-rate=512k pcq-src-address6-mask=64

                #- Make sure you move this simple queue on TOP, or else it will not work
                /queue simple
                add comment="Allow 512k Down/up per user by zaib" name="512k per user" packet-marks=user_pkts queue=user-upload-512k/user-download-512k target=""


                More Info here.queue example






                share|improve this answer

























                  0












                  0








                  0







                  You need simple queue with PCQ in order to control all (or specific range) users bandwidth. following are one example:



                  /ip firewall address-list
                  add address=10.0.0.20-10.0.0.255 list=USER_LIST

                  # Marking packets going to USER_LIST
                  /ip firewall mangle
                  add action=mark-connection chain=prerouting comment="MARK CONN USER_LIST" src-address-list=USER_LIST new-connection-mark=user_conn passthrough=yes
                  add action=mark-packet chain=prerouting comment="MARK PKTS USER_LIST" connection-mark=user_conn new-packet-mark=user_pkts passthrough=yes

                  # Creating PCQ base Queue - 512k per user
                  /queue type
                  add kind=pcq name=user-download-512k pcq-classifier=dst-address pcq-dst-address6-mask=64 pcq-rate=512k pcq-src-address6-mask=64
                  add kind=pcq name=user-upload-512k pcq-classifier=src-address pcq-dst-address6-mask=64 pcq-rate=512k pcq-src-address6-mask=64

                  #- Make sure you move this simple queue on TOP, or else it will not work
                  /queue simple
                  add comment="Allow 512k Down/up per user by zaib" name="512k per user" packet-marks=user_pkts queue=user-upload-512k/user-download-512k target=""


                  More Info here.queue example






                  share|improve this answer













                  You need simple queue with PCQ in order to control all (or specific range) users bandwidth. following are one example:



                  /ip firewall address-list
                  add address=10.0.0.20-10.0.0.255 list=USER_LIST

                  # Marking packets going to USER_LIST
                  /ip firewall mangle
                  add action=mark-connection chain=prerouting comment="MARK CONN USER_LIST" src-address-list=USER_LIST new-connection-mark=user_conn passthrough=yes
                  add action=mark-packet chain=prerouting comment="MARK PKTS USER_LIST" connection-mark=user_conn new-packet-mark=user_pkts passthrough=yes

                  # Creating PCQ base Queue - 512k per user
                  /queue type
                  add kind=pcq name=user-download-512k pcq-classifier=dst-address pcq-dst-address6-mask=64 pcq-rate=512k pcq-src-address6-mask=64
                  add kind=pcq name=user-upload-512k pcq-classifier=src-address pcq-dst-address6-mask=64 pcq-rate=512k pcq-src-address6-mask=64

                  #- Make sure you move this simple queue on TOP, or else it will not work
                  /queue simple
                  add comment="Allow 512k Down/up per user by zaib" name="512k per user" packet-marks=user_pkts queue=user-upload-512k/user-download-512k target=""


                  More Info here.queue example







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Aug 18 '17 at 5:02









                  iBBiiBBi

                  4718




                  4718



























                      draft saved

                      draft discarded
















































                      Thanks for contributing an answer to Server Fault!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid


                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.

                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function ()
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f784670%2fhow-control-bandwidth-with-mikrotik-queue%23new-answer', 'question_page');

                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      -

                      Popular posts from this blog

                      How to write a 12-bar blues melodyI-IV-V blues progressionHow to play the bridges in a standard blues progressionHow does Gdim7 fit in C# minor?question on a certain chord progressionMusicology of Melody12 bar blues, spread rhythm: alternative to 6th chord to avoid finger stretchChord progressions/ Root key/ MelodiesHow to put chords (POP-EDM) under a given lead vocal melody (starting from a good knowledge in music theory)Are there “rules” for improvising with the minor pentatonic scale over 12-bar shuffle?Confusion about blues scale and chords

                      Image
                      Why is a set not a partition of itself? Would an 8% reduction in drag outweigh the weight addition from this custom CFD-tested winglet? Labeling matrices/rectangles and drawing Sigma inside rectangle Unexpected Netflix account registered to my Gmail address - any way it could be a hack attempt? 51% attack - apparently very easy? refering to CZ's "rollback btc chain" - How to make sure such corruptible scenario can never happen so easily? Missouri raptors have wild hairdos Can someone explain homicide-related death rates? Why is tomato paste so cheap? What are the implications of the new alleged key recovery attack preprint on SIMON? Effects of ~10atm pressure on engine design Is taking modulus on both sides of an equation valid? Jumping frame contents with beamer and pgfplots Are there any established rules for splitting books into parts, chapters, sections etc? Anatomically Correct Carnivorous Tree Why do I get two different answers when solvi...
                      Read more

                      What if the end-user didn't have the required library?What is setup.py?What is a clean, pythonic way to have multiple constructors in Python?What does Ruby have that Python doesn't, and vice versa?What is the reason for having '//' in Python?How do I create a namespace package in Python?How to package shared objects that python modules depend on?setuptools vs. distutils: why is distutils still a thing?Navigation in Windows 10 vs code not going to virtualenv library when the same library is installed at user levelPython create package for local usePackaging a project that uses multiple python versionsWhy is permission denied on pip install except for when “--user” is included at end of command?

                      Image
                      Can a tourist shoot a gun in the USA? Will a coyote attack my dog on a leash while I'm on a hiking trail? Labeling matrices/rectangles and drawing Sigma inside rectangle How can I answer high-school writing prompts without sounding weird and fake? Is there ever any indication in the MCU as to how Spider-Man got his powers? Jumping frame contents with beamer and pgfplots Would an 8% reduction in drag outweigh the weight addition from this custom CFD-tested winglet? Is it possible to create different colors in rocket exhaust? German characters on US-International keyboard layout Does gravity affect the time evolution of a QM wave function? 51% attack - apparently very easy? refering to CZ's "rollback btc chain" - How to make sure such corruptible scenario can never happen so easily? Why are solar panels kept tilted? Is Germany still exporting arms to countries involved in Yemen? Unexpected Netflix account registered to my Gmail address - any wa...
                      Read more

                      Esgonzo ibérico Índice Descrición Distribución Hábitat Ameazas Notas Véxase tamén "Acerca dos nomes dos anfibios e réptiles galegos""Chalcides bedriagai"Chalcides bedriagai en Carrascal, L. M. Salvador, A. (Eds). Enciclopedia virtual de los vertebrados españoles. Museo Nacional de Ciencias Naturales, Madrid. España.Fotos

                      Image
                      escíncidospenínsula Ibéricaesgonzo comúnJacques von Bedriagaesgonzo comúndimorfismo sexualovovivíparaendémicaPenínsula IbéricaCordilleira CantábricaAsturiasPaís VascoGaliciaRías BaixasMurosCarnotaillas CíesOnsAtlánticoIllas CíesIlla de Onsilla do PesegueiroIlla de Sancti PetriMediterráneoMar MenorIlla de TabarcaGaliciaCantabriaBurgossolosdestrución do hábitatIUCN Abrir o menú principal Procurar Esgonzo ibérico Ler noutra lingua Vixiar esta páxina Editar function mfTempOpenSection(id)var block=document.getElementById("mf-section-"+id);block.className+=" open-block";block.previousSibling.className+=" open-block"; Esgonzo ibérico Estado de conservación Case ameazada Clasificaci...
                      Read more