mAntbox ax 15s - Help configuring rate llmiting

Hi,

I purchased a mAntbox ax 15s which works perfectly well so far.

I’m using it as a basic access point : no router, no DHCP, no NAT, no VLAN. Just a wireless link.

I want to provide two access level to the wifi clients : the default/standard one, and a premium access with priority and a minimum guaranteed bandwidth.

The uplink provides 1Gbps.

I want (1) to provide 500Mbps guaranteed to the premium group, and (2) to limit standard client group to 700Mbps.

I need these limits to apply both upward and downwards.

I can’t reference any IP adress/subnet, and I can’t use VLAN on the ethernet/uplink side, because I have no control over the DHCP and I need wifi clients to be in the uplink subnet (for printers, NAS etc).

I’ve been spending hours trying to set this up, without success. Even with the help of ChatGPT (which is surprisingly incompetent) and Gemini (which is better, but quickly lost too).

I understand that I need 1) to mark packets, then 2) to have packets queued. And that PCQ is a good fit for fairness.

I also understand that limit-at is the way to go for guaranting group bandwidth, and max-limit for capping group bandwidth.

I tried marking at the wifi interface level, at the bridge filter level and at the firewall mangle level, using in/out bridge port, in/out interface, and VLANs.

I tried simple queues, and a queue tree with PCQ.

I toggled many settings (fast track, fast path, use IP firewall, hw yes/no, etc).

At the end of this (very long) day, nothing works and I’m back to the initial backup with my custom ssid and passphrase.

That’s why I’m calling for help. Of course I’m not asking for a full turn key setup. But I really need :

1. simple and crystal clear explanation about the RouterOS way of doing things together with the new wifi drivers

2. a direction to follow with warnings and tricks, so that I know where to look for.

I’m ok to use either two multipassphrases, or two ssids for handling groups.

I’m ok for any architecture.

I just have a preference for performance / low CPU use so that I get the best rates and the highest number of simutaneous clients.

Thank you very much for your help.

Install own router just before AP and take control over management and all traffic to the ISP you use.

Configure the device in router mode; this will give you full control over the network and allow you to set up the queue tree.

And the math doesn’t add up: if you reserve 500 Mbps, where will you get 700 Mbps if the entire channel is 1,000? Again, Wi-Fi isn’t a wired connection—it’s impossible to guarantee those numbers.

Thank you for your answer.

Unfortunately I can’t take control of the DHCP.

About the 700Mbps limit for the standard group : it’s just to avoid air time saturation but I agree it’s arguable (and probably out of effect at such speed, given the CPU based filtering) - and it’s not an important goal. What matters to me is the guaranteed minimum + balance between clients.

I have slightly improved things by using a tree of simple queues : parent gets the uplink BW and I created two children, one per group, and use the total-limit-at of each. Don’t know why it doesn’t work with general up/down limits. And there is no fairness so in a same group, a client can get 400 and the other one 5 or 10Mbps. I need PCQ but it’s not clear where to use it.