Hi,
I´m having difficulties setting up queue tree (or simple queue) for my network. I have RB2011 running on 6.43.8 (on bunch of CRS326).
All I want to do is to limit bandwitch on each port that is in bridge because those are my customers and I have limited bandwitch for each one of them.
So far I managed to do this, but it works only for upload. I mainly need it to limit download. Note that this is a “testing” routerboard on my table. In reality, I have more subnets etc. but this one is emulation on what´s going on.
# feb/26/2019 16:35:47 by RouterOS 6.43.8
#
# model = 2011UiAS
/interface bridge
add fast-forward=no name=bridge1_user_PC vlan-filtering=yes
add name=bridge2_conn_other_MK
/interface ethernet
set [ find default-name=ether1 ] name=ether1_connectivity speed=100Mbps
set [ find default-name=ether2 ] name=ether2_master speed=100Mbps
set [ find default-name=ether3 ] name=ether3_PC_slave speed=100Mbps
set [ find default-name=ether4 ] name=ether4_conn_other_MK speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether6 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether7 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether8 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether9 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether10 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface ethernet switch port
set 6 vlan-mode=fallback
set 7 vlan-mode=fallback
set 8 vlan-mode=fallback
set 9 vlan-mode=fallback
set 10 vlan-mode=fallback
set 12 vlan-mode=fallback
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip firewall layer7-protocol
add name=P2Pmatch regexp="^(\\x13bittorrent protocol|azver\\x01\$|get /scrape\
\\\?info_hash=get /announce\\\?info_hash=|get /client/bitcomet/|GET /data\
\\\?fid=)|d1:ad2:id20:|\\x08'7P\\)[RP]"
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip pool
add name=dhcp_pool2 ranges=192.168.102.1-192.168.102.253
/ip dhcp-server
add address-pool=dhcp_pool2 disabled=no interface=bridge1_user_PC name=dhcp1
/queue tree
add name=DOWNLOAD packet-mark=DOWNLOAD10 parent=global priority=1
add max-limit=20M name=PC packet-mark=PC parent=DOWNLOAD priority=2 queue=\
default
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/interface bridge port
add auto-isolate=yes bridge=bridge1_user_PC horizon=1 interface=ether2_master
add auto-isolate=yes bridge=bridge1_user_PC horizon=1 interface=\
ether3_PC_slave
add bridge=bridge2_conn_other_MK interface=ether1_connectivity
add bridge=bridge2_conn_other_MK interface=ether4_conn_other_MK
/interface bridge settings
set allow-fast-path=no use-ip-firewall=yes use-ip-firewall-for-vlan=yes
/ip settings
set allow-fast-path=no
/ip address
add address=192.168.100.248/24 interface=bridge2_conn_other_MK network=\
192.168.100.0
add address=192.168.102.254/24 interface=bridge1_user_PC network=\
192.168.102.0
/ip dhcp-server network
add address=192.168.102.0/24 gateway=192.168.102.254
/ip dns
set servers=193.165.79.11,193.165.79.13
/ip firewall mangle
add action=mark-packet chain=postrouting new-packet-mark=DOWNLOAD10 \
out-interface=bridge1_user_PC passthrough=yes
add action=mark-packet chain=forward in-bridge-port=ether3_PC_slave \
new-packet-mark=PC passthrough=yes
/ip route
add distance=1 gateway=192.168.100.254
/ip service
set telnet address=193.165.0.0/16 disabled=yes
set ftp address=193.165.0.0/16 disabled=yes
set www disabled=yes
set ssh address=193.165.0.0/16 disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/lcd interface pages
set 0 interfaces="sfp1,ether1_connectivity,ether2_master,ether3_PC_slave,ether\
4_conn_other_MK,ether5,*7,ether7,ether8,ether9,ether10"
/system clock
set time-zone-name=Europe/Prague
/system identity
set name=TEST