EDIT: to avoid create another topic I suggest you to read directly the last post, https://forum.mikrotik.com/viewtopic.php?f=7&t=164248&p=809469#p809469HERE[/url], thanks a lot
Hi, I’m going to face soon a problem and I would like to read your suggestions about, thank you in advance for this.
3 routers (rb941-2nd), one of them connected to the main internet router (Asus) and used as AP, others used just as AP (Capmsman). I would like to create 2 SSID, the first connected to the main router LAN broadcast with main bandwith priority (without limits), the other (for public use) with reduction if the first SSID needs bandwith. I also need for the second SSID to create a second IP domain, to don’t let access to the main LAN network. How ot proceed?
I’ve seen the CAPSMAN using as default the bridge as gateway, should I create anothe bridge with bandwith (rigid) limits? There may be a chance to use QoS instead to leave the public full bandwith if the staff doesn’t need internet?
I suppose I’ve to assign the second bridge a different IP domain and add a static route. Thank you for kind help
I think it requires a Routerboard to be used as router to be able to set bandwidth. Can you get rid of the Asus router (and replace it with a MikroTik)?
Thnak you for your kind answer,
- it seems a rb941-2nd will not be able to managa about 30 megabit (max) of traffic on CAPSMAN yes?
- What about the solutions of fixed bandith reduction for public or QoS? May the fixed solves the CPU limitations?
- Cosnidering the following scheme, where circles are 3 rb941 and the rectangle a possible future Mikrotik routerboard, is it possible to implement CAPSMAN from routerboard if they are connected in this way?
Thank you
Hi, I hope someone may kindly help here,
finally I succeded to create CAPs and 2 different SSID, the main is based on the bridge, the same IP domain of the main router and where each mikrotik has its loopback ip address, the second CAPs SSID is based on a new bridge for public internet WiFi, where there is a DHCP and a NAT on the CAPSMAN, to make the nat work I needed to specify WAN as out interface list, why? I’m not using ethernet1 to avoid use WAN, there is no WAN in this router, the WAN is connected to the first Asus remote router, which is connected to Ethernet2.
In particular it is working with suche parameters:
Chain: srcnat, src.addresses 10.0.0.0/22, out interface list: WAN, action: src-nat, to addresses: 192.168.88.250 (which is the second IP I created for this router, to avoid use .251 that is reachabel from internet with some port forwarding an Asus. My questions are:
- Why use WAN?
- How can I limit the bandwith of the public internet? I suppose I can change something in this nat but if I put “1M” on the Connection Rate the clients are not working more, if I use Extra-Limit it doesn’t have any influence. I’ve also noticed that on the statistics of this NAT ia have very few traffic.. while I’m for example doing a speedtest at 20 megabit.. no sense here. ON the new bridge I see this traffic but there are no limitation parameters there, it looks the router doing the first NAT of the public domain source and after it allow all the packets from this MAC (?) source from new bridge to main bridge, without natting, probably to save CPU resurces. Is it like that? How can I limit the bandwith of public to 10M for example?
Thank you a lot!
It would be better for you to get a Mikrotik router to replace the ASUS, that way can unify the network management and limit bandwidth from there
Can someone please tell me how to reduce bandwidth? Thank you a lot
thank you for your kind help
You need mangle rules to mark the traffic coming from the SSID you need to limit and create the corresponding queues, Mikrotik queue management is complex and I’m not capable of helping directly but you can research more about it.
Thank you for reply, this topic doesn’t work, I’ll create 2 of them more specific, let’s see
There are many Mikrotik experts here but they’ll probably want to charge for help with your specific setup.
PD: I’m a ROS noob that went with OpenWRT just cause it was way more convenient for my home network requirements.