Hi.
I want use multi Queue for same IP with the following conditions:
ether1: Users LAN
ether2: Local Servers LAN
ether3: Internet Line
And
All users must access servers have no restrictions.
Some users have access to the Internet.
Some servers have access to the Internet.
I configure the Internet an Users by using Firewall Nat and IP binding rules and control their traffic with queue. but there is a big problem other users can use the local servers 
Please post a network diagram and some examples of the business requirements.
I draw a simple network diagram and now you can see it. there is more than 20 PC in this network and some of them connected with Wireless (laptops).
I think that a file server will add to this network very soon.
All users and servers in same IP range : 192.168.0.1-192.168.0.255
Internet IP in range: 89.144.166.70-89.144.166.80
Sorry, I can not speak English well
In that network diagram the servers and users connect to the router on different LAN segments, but you say they share the same network. Are you using your router as a bridge?
Stations on the same network do NOT talk to each other through a router, they talk to each other directly. A true router (not acting as a bridge) would never see traffic between the print server and a user.
Now Print server and data server on the local network users there.
And also for file sharing server data has been used
This causes pressure on the server has.
Moreover, networks designed to Work group and virtually all the files available to all users Contract (which is not true in terms of security)
Kind of users in recent days have been added to the files they need and not the data.
I use the hot spot and QUEUES users access to broadband Internet and have them set. For if the data server, print server and file server from the internal network to move the network servers, Internet users no longer have access to the server and pass bandwidth limitations are imposed.
What do you think you should?
Translated by Google translate
I think you should do away with the Hotspot as it adds no security whatsoever and use WPA2 instead, move the servers to a different network so you can firewall them off, write the firewall rules so your business requirements are reflected, and then use mangle rules o set packet marks on LAN to WAN traffi only (leaving LAN to server traffic alone) and use queues based on packet marks.
The trickiest step with that is moving the servers to a different network. Do that first, then the rest gets pretty easy.
for save my network I create a VMware team with 3 virtual machine an 2 virtual LAN.
I plan this network with the following diagram.
Virtual Machine 1: Windows 2003 Server
Network Adapter 1: IP:192.168.2.1 sub:255.255.255.0 GW:192.168.2.165 DNS:192.168.2.165 & 4.2.2.1
Computer Name: VMServer
(Data Server): MS SQL Server 2000 Enterprise Edition SP4
Virtual Machine 2: Windows XP SP2
Network Adapter 1: IP:192.168.1.1 sub:255.255.255.0 GW:192.168.1.165 DNS:192.168.1.165 & 4.2.2.1
Computer Name: VMXP
(Data Client): MS SQL Server 2000 Standard Edition
Virtual Machine 3: Mikrotik RouterOS 2.9
Network Adapter 1 (ether1): 192.168.0.165/24 - really connected to local network
Network Adapter 2 (ether2): 89.144.166.74/24 - really connected to internet
Network Adapter 3 (ether3): 192.168.2.165/24
Network Adapter 4 (ether4): 192.168.1.165/24
after applying all of this setting, in RouterOS (I use winbox)
with these conditions I can’t Hotspot
Now I must find a way to find VMServer in VMXP and Find OfficeServer in VMXP and find a way to control the internet bandwidth 
you say that I must use WPA2! but how I must do it? Is there any document about it?
