Heya,

I'm not too much knowledgable, but hopefully someone can point me to the right path.

My end goal is to limit down/up speed of devices connected to the guest AP. I have AP Tx Limit set up, but that only affects the download. So I learned about Simple Queues which work wonderfully but I want them to target only guest devices which is where I'm stuck.

Under Simple Queue, if I set the Target to my guest wifi (virtual AP/interface), nothing happens. If I type in a static subnet IP like the default 192.168.88.0/24, everything works great but affects devices on all AP's.

Is there an easy way to separate this? Do I need something like another DHCP server and IP range just for that AP? If so, how would I set that up?

I'm using WebFig primarily, but I can SSH if needed.

Thanks!

Under Simple Queue, if I set the Target to my guest wifi (virtual AP/interface), nothing happens. If I type in a static subnet IP like the default 192.168.88.0/24, everything works great but affects devices on all AP's.

Yes, the best way to fix this is to put your guests on a different network, it is safer anyway because that way you can prevent them from doing things like turning on and off light switches or reprogramming your fridge etc. if they have IP connectivity. The virtual AP is connected to your main network because it will be a port on your bridge. Simply remove this port and the virtual AP will be disconnected from the bridge and will be its own network. Then you can go into IP->Addresses to assign it an IP (ex. 192.168.89.1/24) and go into IP->DHCP->DHCP setup button, choose your virtual AP and run through the wizard. This should create the DHCP server. Then go into Interfaces->Interface list tab, and if you have an interface list called "LAN", add the guest wifi virtual AP to this (if you don't have that interface list, don't worry about that step). The last thing you will need to go into the IP->Firewall, look through the various rules and tabs to find rules that specifically reference the 192.168.88.0/24 subnet. You will need to duplicate these rules for the 192.168.89.0/24 subnet. Alternatively, in the IP->firewall rules in the various tabs, you can change references from 192.168.88.0/24 to 192.168.88.0/23, then those will include the 192.168.89.0/24 subnet in the same rule by summarizing the two subnets.

Huh, setting both at the same time does indeed have the desired effect, so I have that at the very least.

I'll try to set it up properly, as a separate network anyways. The only confusing part for me is this:

The virtual AP is connected to your main network because it will be a port on your bridge. Simply remove this port and the virtual AP will be disconnected from the bridge

No idea what "port" refers to here, or how to disconnect the AP from the bridge. Something with the "mode" perhaps?

This is what I have if it helps:

I'm actually curious how yours is working with the two at the same time (as others had sometimes claimed before), after my post I tried this and revised the post when I found it didn't really work for me (it affected my wired computer as well, as I had suspected it would). Can you share your simple queue config that made it work? You might have done something slightly differently than I did.

No idea what "port" refers to here, or how to do that specific thing?

Bridge menu on the left, Ports tab.

Aaah gotcha, thanks! I'll give it a go.

This is all I have/had:
I just tested this more carefully and it does not work after all. I must've jumped too quickly to that conclusion, probably because the AP Tx Limit was active.

I finally managed to get this working with some minor quirks along the way. Some of the steps mentioned it seems were not required for me with a basic/default config but I'm definitely keeping it in mind as I build this further. Thank you for the help!

I'll summarize what I did for other beginners stumbling around here:

1) Create or edit a virtual AP and make sure it is not in any bridge (remove from Bridge > Ports)
2) Set an IP on guest wifi interface (IP > Addresses)
3) Create a DHCP server on it (I used the wizard under IP > DHCP Server > DHCP Setup since I kept making some unknown mistake)
3b) This also creates an IP pool automatically so no worries there
3c) Small note: I couldn't go through the wizard on WebFig for some reason. Had to use a WinBox port for Mac
4) Add a simple queue, set the AP or the IP (range) as the target, and set the down/up limits as desired
5) If enabled, disable fasttrack in IP > Firewall since it comes by default