Dear Friends,
i’m using RB951ui-2HnD, OS v6.27.
ether1 = Radio / Internet
ether2 = my PC
ether3 = Switch 24 ports
ether4 = Switch 16 ports
i got 2 Mbps (1:1) from my ISP.
This is what i want:
ether2 (my PC) = 1 M
ether3 (Switch 24 ports) = 500 k
ether4 (Switch 16 ports) = 500 k
How to set Simple Queue for each ether ports?
i set it with Winbox but seems not working.
Thank you very much before.
Can anyone help me? 
It’s not that i didn’t search for solution.
i’m not a leecher who just ask and go, take and go, whatever.
i have read many topics here & did google search also.
i have more than 20 Wireless APs connected to ether3 & ether4, all IPs were Static (ARP)
RouterBoard => 192.168.1.1
Wireless APs => 192.168.1.2 ~ 192.168.1.25 (.26 ~ .30 reserved for future use)
Bridge as DHCP Server, Pool range from 192.168.1.31 to 192.168.1.254
i have more than 200 employees which are prohibited to access our Wifi, those Wifi are for customers only.
i know that i can limit the bandwidth by interfaces using different segment of IPs, for example:
ether2 => 192.168.1.0
ether3 => 192.168.2.0
ether4 => 192.168.3.0
The problem is, i can’t do that, i tried already and got many complains from our customers, this is a public building which people sit here, walk there, using iPhone, Blackberry, Android & Tablet, if i use different segment of IP, their gadgets will get disconnected everytime they move from one area to another.
Their gadgets will keep renewing the IPs because of different segment.
So, i have to keep using only one segment (192.168.1.0)
i also know that i can limit the bandwidth of every IPs, using only Simple Queue, add all IPs of DHCP pool from 192.168.1.31 to .254..
But as i said already, i have hundreds of employees, i did MAC Addresses filter via IP - Firewall => Chain = Forward, Action = Reject, and fill their MAC Addresses in Src.MAC Address.
But my DCHP Server are full of our employees IPs, since the pool is only .31 to .254.
If there’s a way to prevent those MAC Addresses to get IPs, then my problem will be solved.
But using either Chain=Forward / Input and Action=Drop / Reject doesn’t mean that those MAC addresses will really get blocked. It only blocked their internet access, not blocking them to get IPs.
If i can really block all of our employees MAC Addresses, prevent them to get (lease) IPs, i can surely do Bandwidth limitation based on IP Addresses.
Sorry for my English, but i hope someone here can understand and help me.
I also know that i can ‘make Static’ those unwanted MAC Addreses, then block them.
But again, all 200 of Employees’ MAC Addresses will be Static ones, it’s not a solution.
Also, it’s impossible for me to add all 200 MAC Addresses to each Wireless AP for blocking purpose, i have more than 20 Wireless APs 
My real question is:
Can i do Bandwidth limitation based on Interfaces:
ether2 => 1024 kb/s
ether3 => 512 kb/s
ether4 => 512 kb/s
Without using different segment of IPs (only one segment).
-or- Can i block unwanted MAC Addresses from leasing IPs? The Firewall can only block their internet access, not prevent them to get IPs, my DHCP are full of employees IPs, either they got internet access or dropped. I have hundreds of Chain=Forward/Input and Action=Reject/Drop inside the IP=>Firewall
Thank you very much for those who really wanted to help. 