I should preface this by saying I’m not a networking expert:
I work for a small NGO, and our office has a Routerboard 951Ui-2HnD router. Though it’s not my primary job I do handle IT issues as well, and to be honest this router is driving me nuts. I’m trying to find an easy way to restrict bandwidth for all wireless clients, but everything I do brings our internet speed to a crawl and even makes the router intermittently nonresponsive. The router is fully up to date both in RouterOS and firmware, and is set up as a Home AP.
I have tried two methods - the first being the “default AP rx/tx rates” option under wireless → interfaces. The second was to add clients to the access list and set individual bandwidth limits manually.
Neither of those methods worked. In each case, internet speeds became atrociously bad, but more importantly the router itself becomes intermittently nonresponsive (I can tell from trying to log in to the router itself). I’m not sure what I’m doing wrong as I haven’t changed many of the router’s settings - almost everything is at default. I do not want to go through the trouble of setting up a queue for every individual computer, especially since we don’t use static IP addresses. I would have thought the most simple solution would be the default AP rx/tx rates option, but that doesn’t seem to work.
Is there a particular setting or settings that conflict with restricting bandwidth to wireless clients? Any solutions would be hugely appreciated.
It sounds like the CPU is hitting 100% when you try queueing traffic. Setting global queues will prevent the router from being able to use fastpath, so the CPU gets a lot more load.
Are these guest users who you’re trying to limit? You could create a second wlan for guest WiFi and put the queue on that interface, and restrict the primary wlan for full-service users.
The wireless interface is bridged - the problem with removing the bridge is that while all of our computers in the office are wireless, our printer is not and is plugged into the router via ethernet. If I remove the bridge, will that remove the ability to print?
They aren’t guest users, unfortunately, they are just our normal employees. We’ve had issues in the past with people downloading/torrenting/streaming and taking up our entire bandwidth. We only have an 8 Mbps connection, so it’s pretty easy to do I figured the simpler solution - instead of trying to manually block a lot of websites through the firewall - would be to restrict every wireless client to 1-2 Mbps. That way even if someone is doing something they aren’t supposed to, they still won’t be able to suck up all of our very limited bandwidth.
It certainly seems like the CPU is hitting 100% load, as I’m not sure why else the router would become unresponsive. I should mention that while I’ve been trying to restrict wireless bandwidth through the wireless interface and not through queues, I did set one queue up on the router. We share our office with another organization, and they share our internet as well. We had a second router, so instead of setting up a guest WiFi network on our Mikrotik router (which I’d tried before but ran into password issues with), I simply plugged the second router into the Mikrotik one via ethernet. I then set up a simple queue to limit the bandwidth to their router’s IP (which is static) to 1 Mbps, as they only pay us for that much. This seems to work fine.
I tried looking into using queues to restrict our wireless bandwidth, but it just didn’t seem easy to do without setting up static IPs. You can restrict bandwidth to a block of IP addresses, but that’s no good as I want the bandwidth limits to be per user.
Just an update - I set the interface queue for the wireless card to hardware-only, and so far after re-instituting the default AP/client tx rates to 2 Mbps, the router seems stable.
Do we know how exactly the default-ap-tx-rate works? Is it itself a queue? Because if it is, my thinking was that maybe using that option would create a conflict with the interface queue (since you’d in effect have 2 queues on the same interface). No idea if that’s even remotely correct, but is it possible that’s what was going on?
I figured the simpler solution - instead of trying to manually block a lot of websites through the firewall - would be to restrict every wireless client to 1-2 Mbps. That way even if someone is doing something they aren’t supposed to, they still won’t be able to suck up all of our very limited bandwidth.