Hello, I am new to RouterOS. My predecessor configured the queues and mangle rules to limit bandwidth for each device connected to the NW. However, this is limiting bandwidth across the entire NW. We would like to only limit bandwidth for internet usage on the WAN port. Unfortunately, I have yet to discover how to do this properly without causing any further issues. Currently, I am getting familiar with webfig and reviewing the state of the current configuration. I would really appreciate any guidance on this issue. I would be glad to provide any further information.

Some things to note:

webfig v5.22

router 1100ah

currently 7 ports of 13 are in use with no routing in place (same NW; same rules)

two queues; each with src and dst packet marking

I am not able to open the mangle rules. Meaning, when I click on them nothing happens (IP > firewall > mangle). I suppose there is nothing to configure there, or can't be modified. Though when I click on add new, there are plenty of settings which seem rather promising. Maybe I have to redo the mangle rules???

Cheers,
Von Paul

Advice: use winbox. Webfig replicates its UI, but the UX is much, much better using winbox, and it’s the tool you’ll be using in the future.

A glance to the configuration is needed in order to be able to help you; in order to share that, you need to create an export of the configuration and paste it here, editing out any sensitive details.

To do that, open a New Terminal windows and issue

/export hide-sensitive

then copy & paste the output here.

duplicate removed…

Hello Pukkita, thank you for the assistance…it is much appreciated!!!

Here is the configuration export:

MikroTik RouterOS 5.22 (c) 1999-2012       http://www.mikrotik.com/
[XXX@MikroTik] > /export hide-sensitive
# feb/02/2016 09:40:24 by RouterOS 5.22


#
/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
    disabled=no forward-delay=15s l2mtu=1598 max-message-age=20s mtu=1500 \
    name="Traffic Control Bridge" priority=0x8000 protocol-mode=none \
    transmit-hold-count=6
/interface ethernet
set 0 arp=enabled auto-negotiation=yes disabled=no full-duplex=yes l2mtu=1600 \
    mac-address=00:0C:42:EB:6A:20 mtu=1500 name=ether12 speed=100Mbps
set 1 arp=enabled auto-negotiation=yes disabled=no full-duplex=yes l2mtu=1600 \
    mac-address=00:0C:42:EB:6A:21 mtu=1500 name=ether13 speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:EB:6A:15 \
    master-port=none mtu=1500 name=ether1 speed=1Gbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:EB:6A:16 \
    master-port=none mtu=1500 name=ether2 speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:EB:6A:17 \
    master-port=none mtu=1500 name=03-Office speed=100Mbps
set 5 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:EB:6A:18 \
    master-port=none mtu=1500 name=04-LargeDorm speed=100Mbps
set 6 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:EB:6A:19 \
    master-port=none mtu=1500 name="05-Guest house" speed=100Mbps
set 7 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:EB:6A:1A \
    master-port=none mtu=1500 name="06-Red Barn" speed=100Mbps
set 8 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:EB:6A:1B \
    master-port=none mtu=1500 name=07-GenTech speed=1Gbps
set 9 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:EB:6A:1C \
    master-port=none mtu=1500 name=08-Solplex speed=1Gbps
set 10 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:EB:6A:1D \
    master-port=none mtu=1500 name=09-Omega speed=1Gbps
set 11 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:EB:6A:1E \
    master-port=none mtu=1500 name=ether10 speed=100Mbps
set 12 arp=enabled auto-negotiation=yes disabled=no full-duplex=yes l2mtu=\
    1600 mac-address=00:0C:42:EB:6A:1F mtu=1500 name=ether11 speed=100Mbps
/interface ethernet switch
set 0 mirror-source=none mirror-target=none name=switch2
set 1 mirror-source=none mirror-target=none name=switch1
/ip hotspot profile
set [ find default=yes ] dns-name="" hotspot-address=0.0.0.0 html-directory=\
    hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=\
    cookie,http-chap name=default rate-limit="" smtp-server=0.0.0.0 \
    split-user-domain=no use-radius=no
/ip hotspot user profile
set [ find default=yes ] name=default shared-users=1 status-autorefresh=1m \
    transparent-proxy=no
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=3des \
    lifetime=30m name=default pfs-group=modp1024
/ip pool
add name="Lower Speed" ranges=10.0.0.50-10.0.0.254
add name="Higher Speed" ranges=10.0.0.20-10.0.0.49
add name="Network Devices" ranges=10.0.0.15-10.0.0.19
/ip dhcp-server
add address-pool="Lower Speed" authoritative=after-2sec-delay bootp-support=\
    static disabled=no interface="Traffic Control Bridge" lease-time=3d name=\
    server2
/port
set 0 baud-rate=115200 data-bits=8 flow-control=none name=serial0 parity=none \
    stop-bits=1
set 1 baud-rate=115200 data-bits=8 flow-control=none name=serial1 parity=none \
    stop-bits=1
/ppp profile
set 0 change-tcp-mss=yes name=default only-one=default use-compression=\
    default use-encryption=default use-mpls=default use-vj-compression=\
    default
set 1 change-tcp-mss=yes name=default-encryption only-one=default \
    use-compression=default use-encryption=yes use-mpls=default \
    use-vj-compression=default
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name="Master Queue" packet-mark="" parent=global-out \
    priority=8
/queue type
set 0 kind=pfifo name=default pfifo-limit=50
set 1 kind=pfifo name=ethernet-default pfifo-limit=50
set 2 kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
set 3 kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 \
    red-limit=60 red-max-threshold=50 red-min-threshold=10
set 4 kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
add kind=pcq name="Lower Speed Download" pcq-burst-rate=0 \
    pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=src-address \
    pcq-dst-address-mask=24 pcq-dst-address6-mask=64 pcq-limit=20 pcq-rate=1M \
    pcq-src-address-mask=24 pcq-src-address6-mask=64 pcq-total-limit=7500
add kind=pcq name="Lower Speed Upload" pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=24 \
    pcq-dst-address6-mask=64 pcq-limit=20 pcq-rate=1M pcq-src-address-mask=24 \
    pcq-src-address6-mask=64 pcq-total-limit=6000
add kind=pcq name="Higher Speed Upload" pcq-burst-rate=0 pcq-burst-threshold=\
    0 pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=24 \
    pcq-dst-address6-mask=64 pcq-limit=20 pcq-rate=2M pcq-src-address-mask=24 \
    pcq-src-address6-mask=64 pcq-total-limit=6000
add kind=pcq name="Higher Speed Download" pcq-burst-rate=0 \
    pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=src-address \
    pcq-dst-address-mask=24 pcq-dst-address6-mask=64 pcq-limit=20 pcq-rate=2M \
    pcq-src-address-mask=24 pcq-src-address6-mask=64 pcq-total-limit=750
add kind=sfq name="Master Queue" sfq-allot=2000000 sfq-perturb=5
set 10 kind=none name=only-hardware-queue
set 11 kind=mq-pfifo mq-pfifo-limit=50 name=multi-queue-ethernet-default
set 12 kind=pfifo name=default-small pfifo-limit=10
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name="Lower Speed Download" packet-mark=\
    "Lower Speed Download" parent="Master Queue" priority=8 queue=\
    "Lower Speed Download"
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name="Lower Speed Upload" packet-mark="Lower Speed Upload" \
    parent="Master Queue" priority=8 queue="Lower Speed Upload"
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name="Higher Speed Upload" packet-mark="Higher Speed Upload" \
    parent="Master Queue" priority=8 queue="Higher Speed Upload"
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name="Higher Speed Download" packet-mark=\
    "Higher Speed Download" parent="Master Queue" priority=1 queue=\
    "Higher Speed Download"
/routing bgp instance
set default as=65530 client-to-client-reflection=yes disabled=no \
    ignore-as-path-len=no name=default out-filter="" redistribute-connected=\
    no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no \
    redistribute-static=no router-id=0.0.0.0 routing-table=""
/routing ospf instance
set [ find default=yes ] disabled=no distribute-default=never in-filter=\
    ospf-in metric-bgp=auto metric-connected=20 metric-default=1 \
    metric-other-ospf=auto metric-rip=20 metric-static=20 name=default \
    out-filter=ospf-out redistribute-bgp=no redistribute-connected=no \
    redistribute-other-ospf=no redistribute-rip=no redistribute-static=no \
    router-id=0.0.0.0
/routing ospf area
set [ find default=yes ] area-id=0.0.0.0 disabled=no instance=default name=\
    backbone type=default
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0 authentication-protocol=MD5 \
    encryption-protocol=DES name=public read-access=yes security=none \
    write-access=no
/system logging action
set 0 memory-lines=100 memory-stop-on-full=no name=memory target=memory
set 1 disk-file-count=2 disk-file-name=log disk-lines-per-file=100 \
    disk-stop-on-full=no name=disk target=disk
set 2 name=echo remember=yes target=echo
set 3 bsd-syslog=no name=remote remote-port=514 src-address=0.0.0.0 \
    syslog-facility=daemon syslog-severity=auto target=remote

    
/tool user-manager profile limitation
add address-list="" download-limit=0B group-name="" ip-pool="" name=new1 \
    rate-limit-min-rx=408576B rate-limit-min-tx=131072B rate-limit-priority=6 \
    rate-limit-rx=408576B rate-limit-tx=131072B transfer-limit=0B \
    upload-limit=0B uptime-limit=5m
/user group
set read name=read policy="local,telnet,ssh,reboot,read,test,winbox,password,w\
    eb,sniff,sensitive,api,!ftp,!write,!policy" skin=default
set write name=write policy="local,telnet,ssh,reboot,read,write,test,winbox,pa\
    ssword,web,sniff,sensitive,api,!ftp,!policy" skin=default
set full name=full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,\
    winbox,password,web,sniff,sensitive,api" skin=default
/interface bridge port
add bridge="Traffic Control Bridge" disabled=no edge=auto external-fdb=auto \
    horizon=none interface=ether2 path-cost=10 point-to-point=auto priority=\
    0x80
add bridge="Traffic Control Bridge" disabled=no edge=auto external-fdb=auto \
    horizon=none interface="06-Red Barn" path-cost=10 point-to-point=auto \
    priority=0x80
add bridge="Traffic Control Bridge" disabled=no edge=auto external-fdb=auto \
    horizon=none interface=07-GenTech path-cost=10 point-to-point=auto \
    priority=0x80
add bridge="Traffic Control Bridge" disabled=no edge=auto external-fdb=auto \
    horizon=none interface=08-Solplex path-cost=10 point-to-point=auto \
    priority=0x80
add bridge="Traffic Control Bridge" disabled=no edge=auto external-fdb=auto \
    horizon=none interface=09-Omega path-cost=10 point-to-point=auto \
    priority=0x80
add bridge="Traffic Control Bridge" disabled=no edge=auto external-fdb=auto \
    horizon=none interface=03-Office path-cost=10 point-to-point=auto \
    priority=0x80
add bridge="Traffic Control Bridge" disabled=no edge=auto external-fdb=auto \
    horizon=none interface=04-LargeDorm path-cost=10 point-to-point=auto \
    priority=0x80
add bridge="Traffic Control Bridge" disabled=no edge=auto external-fdb=auto \
    horizon=none interface="05-Guest house" path-cost=10 point-to-point=auto \
    priority=0x80
add bridge="Traffic Control Bridge" disabled=no edge=auto external-fdb=auto \
    horizon=none interface=ether10 path-cost=10 point-to-point=auto priority=\
    0x80
add bridge="Traffic Control Bridge" disabled=no edge=auto external-fdb=auto \
    horizon=none interface=ether11 path-cost=10 point-to-point=auto priority=\
    0x80
add bridge="Traffic Control Bridge" disabled=no edge=auto external-fdb=auto \
    horizon=none interface=ether12 path-cost=10 point-to-point=auto priority=\
    0x80
add bridge="Traffic Control Bridge" disabled=no edge=auto external-fdb=auto \
    horizon=none interface=ether13 path-cost=10 point-to-point=auto priority=\
    0x80
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-pppoe=no \
    use-ip-firewall-for-vlan=no
/interface ethernet switch port
set 0 vlan-header=leave-as-is vlan-mode=disabled
set 1 vlan-header=leave-as-is vlan-mode=disabled
set 2 vlan-header=leave-as-is vlan-mode=disabled
set 3 vlan-header=leave-as-is vlan-mode=disabled
set 4 vlan-header=leave-as-is vlan-mode=disabled
set 5 vlan-header=leave-as-is vlan-mode=disabled
set 6 vlan-header=leave-as-is vlan-mode=disabled
set 7 vlan-header=leave-as-is vlan-mode=disabled
set 8 vlan-header=leave-as-is vlan-mode=disabled
set 9 vlan-header=leave-as-is vlan-mode=disabled
set 10 vlan-header=leave-as-is vlan-mode=disabled
set 11 vlan-header=leave-as-is vlan-mode=disabled
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=\
    default-encryption enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=\
    1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=\
    default enabled=no keepalive-timeout=60 mac-address=FE:9D:0E:EC:F6:2B \
    max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default-encryption \
    enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/interface sstp-server server
set authentication=pap,chap,mschap1,mschap2 certificate=none default-profile=\
    default enabled=no keepalive-timeout=60 max-mru=1500 max-mtu=1500 mrru=\
    disabled port=443 verify-client-certificate=no
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=10.0.0.1/24 disabled=no interface=ether2 network=10.0.0.0
add address=OMIT disabled=no interface=ether1 network=\
    208.83.xx.xx
add address=10.0.0.4/24 disabled=no interface="06-Red Barn" network=10.0.0.0
/ip dhcp-client
add add-default-route=yes default-route-distance=0 disabled=yes interface=\
    ether1 use-peer-dns=yes use-peer-ntp=yes
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server lease
add address="Higher Speed" client-id=1:68:94:23:21:40:3e disabled=no \
    mac-address=68:94:23:21:40:3E server=server2
add address="Higher Speed" always-broadcast=yes client-id=1:b8:e8:56:2a:b:cc \
    disabled=no mac-address=B8:E8:56:2A:0B:CC server=server2
add address="Higher Speed" always-broadcast=yes client-id=1:b0:65:bd:a5:5:a9 \
    disabled=no mac-address=B0:65:BD:A5:05:A9 server=server2
add address="Higher Speed" always-broadcast=yes client-id=1:80:e6:50:36:5:8e \
    disabled=no mac-address=80:E6:50:36:05:8E server=server2
add address="Higher Speed" always-broadcast=yes client-id=1:60:3:8:ec:f2:66 \
    disabled=no mac-address=60:03:08:EC:F2:66 server=server2
add address="Higher Speed" always-broadcast=yes client-id=1:e0:91:53:46:75:96 \
    disabled=no mac-address=E0:91:53:46:75:96 server=server2
add address="Higher Speed" always-broadcast=yes client-id=1:4:1e:64:ec:46:bc \
    comment="" disabled=no mac-address=04:1E:64:EC:46:BC \
    server=server2
add address="Higher Speed" client-id=1:7c:e9:d3:5e:ab:cc disabled=no \
    mac-address=7C:E9:D3:5E:AB:CC server=server2
add address="Higher Speed" always-broadcast=yes client-id=1:10:9a:dd:ac:80:c \
    comment="Fern- Staff" disabled=no mac-address=10:9A:DD:AC:80:0C server=\
    server2
add address="Higher Speed" client-id=1:0:17:3f:b5:db:69 comment=\
    "Elizabeth Erkle" disabled=no mac-address=00:17:3F:B5:DB:69 server=\
    server2
add address="Higher Speed" client-id=1:e4:ce:8f:2:9c:7c comment=LaDean \
    disabled=no mac-address=E4:CE:8F:02:9C:7C server=server2
add address="Higher Speed" always-broadcast=yes client-id=1:34:23:ba:b0:89:7f \
    comment=Ananda disabled=no mac-address=34:23:BA:B0:89:7F server=server2
add address="Lower Speed" disabled=no mac-address=00:0B:CD:21:39:93 server=\
    server2
add address="Higher Speed" client-id=1:28:b2:bd:76:b6:d7 disabled=no \
    mac-address=28:B2:BD:76:B6:D7 server=server2
add address="Higher Speed" always-broadcast=yes client-id=1:9c:4e:36:62:9e:c4 \
    disabled=no mac-address=9C:4E:36:62:9E:C4 server=server2
add address=10.0.0.151 client-id=1:24:a4:3c:a2:7e:5d disabled=no mac-address=\
    24:A4:3C:A2:7E:5D server=server2
add address="Network Devices" client-id=1:c0:4a:0:f:6d:34 disabled=no \
    mac-address=C0:4A:00:0F:6D:34 server=server2
add address="Higher Speed" always-broadcast=yes client-id=1:f8:27:93:80:c7:ea \
    disabled=no mac-address=F8:27:93:80:C7:EA server=server2
add address=10.0.0.251 client-id=1:44:d9:e7:22:17:9f disabled=no mac-address=\
    44:D9:E7:22:17:9F server=server2
add address="Higher Speed" always-broadcast=yes client-id=1:a4:31:35:a0:bf:73 \
    disabled=no mac-address=A4:31:35:A0:BF:73 server=server2
add address="Higher Speed" disabled=no mac-address=20:AA:4B:FB:46:83 server=\
    server2
add address="Network Devices" comment=\
    "Omega File Server Located in Pump House" disabled=no mac-address=\
    00:D0:B8:0A:AF:44 server=server2
add address="Higher Speed" always-broadcast=yes client-id=1:e8:b1:fc:86:b0:14 \
    disabled=no mac-address=E8:B1:FC:86:B0:14 server=server2
add address="Higher Speed" client-id=1:28:92:4a:1c:4:7d disabled=no \
    mac-address=28:92:4A:1C:04:7D server=server2
add address="Network Devices" client-id=1:0:1f:c6:5f:e:96 comment=\
    "UniFi Wireless AP Host Controller Location in Middle Office Back Room" \
    disabled=no mac-address=00:1F:C6:5F:0E:96 server=server2
add address="Higher Speed" disabled=no mac-address=00:22:FA:62:FE:1E server=\
    server2
add address="Higher Speed" client-id=1:68:5d:43:a7:ca:5b disabled=no \
    mac-address=68:5D:43:A7:CA:5B server=server2
add address="Network Devices" client-id=1:24:a4:3c:a2:85:14 disabled=no \
    mac-address=24:A4:3C:A2:85:14 server=server2
add address=10.0.0.125 client-id=1:0:20:0:9b:93:be disabled=no mac-address=\
    00:20:00:9B:93:BE server=server2
add address=10.0.0.204 client-id=0:0:1b:78:1d:78:53 disabled=no mac-address=\
    00:1B:78:1D:78:53 server=server2
/ip dhcp-server network
add address=10.0.0.0/24 dhcp-option="" dns-server=8.8.8.8,63.251.161.33 \
    gateway=10.0.0.1 ntp-server="" wins-server=""
/ip dns
set allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB \
    max-udp-packet-size=4096 servers=63.251.161.33,8.8.8.8
/ip dns static
add address=8.8.8.8 disabled=no name=Google ttl=1d
/ip firewall address-list
add address=10.0.0.50-10.0.0.215 disabled=no list="Lower Speed"
add address=10.0.0.20-10.0.0.49 disabled=no list="Higher Speed"
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
    tcp-close-wait-timeout=10s tcp-established-timeout=1d \
    tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
    tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
    tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall mangle
add action=mark-packet chain=forward comment="Lower Speed Upload" disabled=no \
    dst-address-type="" new-packet-mark="Lower Speed Upload" passthrough=yes \
    src-address-list="Lower Speed"
add action=mark-packet chain=forward comment="Lower Speed Download" disabled=\
    no dst-address-list="Lower Speed" dst-address-type="" hotspot="" \
    new-packet-mark="Lower Speed Download" passthrough=yes
add action=mark-packet chain=forward comment="Higher Speed Download" \
    disabled=no dst-address-list="Higher Speed" new-packet-mark=\
    "Higher Speed Download" passthrough=yes
add action=mark-packet chain=forward comment="Higher Speed Upload" disabled=\
    no new-packet-mark="Higher Speed Upload" passthrough=yes \
    src-address-list="Higher Speed"
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=ether1
add action=dst-nat chain=dstnat disabled=yes in-interface=ether1 \
    to-addresses=10.0.0.0/24
add action=src-nat chain=srcnat disabled=yes out-interface=ether1 \
    src-address=10.0.0.0/24 to-addresses=OMIT
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip neighbor discovery
set ether12 disabled=no
set ether13 disabled=no
set ether1 disabled=no
set ether2 disabled=no
set 03-Office disabled=no
set 04-LargeDorm disabled=no
set "05-Guest house" disabled=no
set "06-Red Barn" disabled=no
set 07-GenTech disabled=no
set 08-Solplex disabled=no
set 09-Omega disabled=no
set ether10 disabled=no
set ether11 disabled=no
set "Traffic Control Bridge" disabled=no
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \
    cache-on-disk=no enabled=no max-cache-size=unlimited \
    max-client-connections=600 max-fresh-time=3d max-server-connections=600 \
    parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080 serialize-connections=\
    no src-address=0.0.0.0
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=208.83.199.241 \
    scope=30 target-scope=10
/ip service

/ip smb
set allow-guests=yes comment=MikrotikSMB domain=MSHOME enabled=no interfaces=\
    all
/ip smb shares
set [ find default=yes ] comment="default share" directory=/pub disabled=no \
    max-sessions=10 name=pub
/ip smb users
set [ find default=yes ] disabled=no name=guest read-only=yes
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no \
    inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
/port firmware
set directory=firmware ignore-directip-modem=no
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/queue interface
set ether12 queue=only-hardware-queue
set ether13 queue=only-hardware-queue
set ether1 queue=only-hardware-queue
set ether2 queue=only-hardware-queue
set 03-Office queue=only-hardware-queue
set 04-LargeDorm queue=only-hardware-queue
set "05-Guest house" queue=only-hardware-queue
set "06-Red Barn" queue=only-hardware-queue
set 07-GenTech queue=only-hardware-queue
set 08-Solplex queue=only-hardware-queue
set 09-Omega queue=only-hardware-queue
set ether10 queue=only-hardware-queue
set ether11 queue=only-hardware-queue
/radius incoming
set accept=no port=3799
/routing bfd interface
set [ find default=yes ] disabled=no interface=all interval=0.2s min-rx=0.2s \
    multiplier=5
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m \
    gateway-selection=no-gateway origination-interval=5s preferred-gateway=\
    0.0.0.0 timeout=1m ttl=50
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
    metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
    redistribute-connected=no redistribute-ospf=no redistribute-static=no \
    routing-table=main timeout-timer=3m update-timer=30s
/snmp
set contact="" enabled=no engine-id="" location="" trap-generators="" \
    trap-target="" trap-version=1
/system clock
set time-zone-name=America/Los_Angeles
/system clock manual
set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=\
    "jan/01/1970 00:00:00" time-zone=+16:00
/system console
set [ find port=serial0 ] channel=0 disabled=no port=serial0 term=vt102
/system identity
set name=MikroTik
/system logging
set 0 action=memory disabled=no prefix="" topics=info
set 1 action=memory disabled=no prefix="" topics=error
set 2 action=memory disabled=no prefix="" topics=warning
set 3 action=echo disabled=no prefix="" topics=critical
/system note
set note="" show-at-login=yes
/system ntp client
set enabled=yes mode=unicast primary-ntp=216.xxx.xx.xx secondary-ntp=0.0.0.0
/system ntp server
set broadcast=no broadcast-addresses="" enabled=no manycast=yes multicast=no
/system resource irq
set 0 cpu=auto
set 1 cpu=auto
set 2 cpu=auto
set 3 cpu=auto
set 4 cpu=auto
set 5 cpu=auto
set 6 cpu=auto
set 7 cpu=auto
set 8 cpu=auto
set 9 cpu=auto
set 10 cpu=auto
set 11 cpu=auto
set 12 cpu=auto
set 13 cpu=auto
set 14 cpu=auto
/system routerboard settings
set baud-rate=115200 boot-delay=2s boot-device=nand-if-fail-then-ethernet \
    boot-protocol=bootp cpu-frequency=1066MHz enable-jumper-reset=yes \
    enter-setup-on=any-key force-backup-booter=no memory-data-rate=533DDR \
    silent-boot=no
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=\
    0.0.0.0 user=""
/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=\
    none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=\
    100
/tool e-mail
set address=0.0.0.0 from=<> password="" port=25 starttls=no user=""
/tool graphing
set page-refresh=300 store-every=5min
/tool graphing interface
add allow-address=0.0.0.0/0 disabled=no interface=ether1 store-on-disk=yes
add allow-address=0.0.0.0/0 disabled=no interface=07-GenTech store-on-disk=\
    yes
add allow-address=0.0.0.0/0 disabled=no interface=08-Solplex store-on-disk=\
    yes
add allow-address=0.0.0.0/0 disabled=no interface=09-Omega store-on-disk=yes
/tool graphing queue
add allow-address=0.0.0.0/0 allow-target=yes disabled=no simple-queue=all \
    store-on-disk=yes
/tool mac-server
set [ find default=yes ] disabled=no interface=all
/tool mac-server mac-winbox
set [ find default=yes ] disabled=no interface=all
/tool mac-server ping
set enabled=yes
/tool sms
set allowed-number="" channel=0 keep-max-sms=0 receive-enabled=no
/tool sniffer
set file-limit=1000KiB file-name="" filter-ip-address="" filter-ip-protocol=\
    "" filter-mac-address="" filter-mac-protocol="" filter-port="" \
    filter-stream=yes interface=all memory-limit=100KiB memory-scroll=yes \
    only-headers=no streaming-enabled=no streaming-server=0.0.0.0
/tool traffic-generator
set latency-distribution-scale=10 test-id=0
/tool user-manager profile profile-limitation
add from-time=0s limitation=new1 profile=Pauper till-time=23h59m59s weekdays=\
    sunday,monday,tuesday,wednesday,thursday,friday,saturday
/tool user-manager router

[XXX@MikroTik] >

I’m afraid that setup needs tons of cleanup… plus is ROS 5.22, if it’s a RB1100AHx2 I’d upgrade it to ROS 6.

Right now your queue tree is doing nothing in terms of QoS, and I’d say (don’t have a 5.x machine to load it and verify) its applying speed limitation by pcq just by using source IP ranges.

Thank you for having a look at the configuration!

Do you have any suggestions for quickly/easily modifying a setting for the bandwidth control to only affect internet traffic rather than all NW traffic. Otherwise, it looks like I will have to build new mangles and or queues and do some testing.

Well, thanks again!

That will depend on the ip addresses of the regular “network”, which specific range is used on the “regular” network?

Well, its pretty simple in the aspect that we separate the bandwidth limitation into 2 IP address ranges using DHCP for both. The first, which is tagged as “lower bandwidth” in the range 10.0.0.50 - 10.0.0.215. This is the default dhcp address range (most users are in this range). Otherwise I can assign a user/device to the higher BW address pool (under IP > DHCP Server > Leases > connected device settings > make static > address > higher bandwidth address pool. The higher BW address range is 10.0.0.20 - 10.0.0.49. The remaining addresses in the 10.0.0 NW are used periodically if setting a static address for whatever reason.

Also, it appears all of the interfaces are going through a traffic control bridge.

Hopefully I was able to explain that well enough. I look forward to getting a better understanding of RouterOS for the future . I did attach an image of the IP > firewall > address list.

Thanks again for helping me with this.

Cheers,
Paul

Hello Everyone,

I want to configure Policies, Subnet, IP, status in Mikrotik NAS from exposed APIs. My provisioning server will call the API and allow the Subnet/IP and add/update Policy and activate/deactivate/delete the status.

Requesting you to share me APIs which will suffice my requirement.

Same thing I am seeing in CLI mode.
e.g.
master-port=none mtu=1500 name=08-Solplex speed=1Gbps
set 10 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited
disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:EB:6A:1D
master-port=none mtu=1500 name=09-Omega speed=1Gbps
set 11 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited
disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:EB:6A:1E
master-port=none mtu=1500 name=ether10 speed=100Mbps
set 12 arp=enabled auto-negotiation=yes disabled=no full-duplex=yes l2mtu=
1600 mac-address=00:0C:42:EB:6A:1F mtu=1500 name=ether11 speed=100Mbps
/interface ethernet switch
set 0 mirror-source=none mirror-target=none name=switch2
set 1 mirror-source=none mirror-target=none name=switch1
/ip hotspot profile
set [ find default=yes ] dns-name=“” hotspot-address=0.0.0.0 html-directory=
hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=
cookie,http-chap name=default rate-limit=“” smtp-server=0.0.0.0
split-user-domain=no use-radius=no
/ip hotspot user profile
set [ find default=yes ] name=default shared-users=1 status-autorefresh=1m
transparent-proxy=no
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=3des
lifetime=30m name=default pfs-group=modp1024
/ip pool
add name=“Lower Speed” ranges=10.0.0.50-10.0.0.254
add name=“Higher Speed” ranges=10.0.0.20-10.0.0.49