There are two separate VLANs for management and data.
wlan1 is a trunk port with both VLANs tagged, ether1 is an access port (only untagged data VLAN) where customer has their PPPoE client.
DHCP client is running on bridge management VLAN, for management access to the device itself.
Until now, it's easy (wlan1 station-bridge config omitted for clarity, data VLAN 1001 and mgmt VLAN 1002 in this example):
Also, unknown-unicast flood is disabled as it is the PPPoE client that sends something first so the bridge can learn its MAC address.
Code: Select all
/interface bridge add name=bridge1 protocol-mode=none vlan-filtering=yes /interface vlan add interface=bridge1 name=vlan-mgmt vlan-id=1002 /interface bridge port add bridge=bridge1 broadcast-flood=no frame-types=admit-only-untagged-and-priority-tagged hw=no ingress-filtering=yes interface=ether1 pvid=1001 \ unknown-multicast-flood=no unknown-unicast-flood=no add bridge=bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=wlan1 /interface bridge vlan add bridge=bridge1 tagged=wlan1 untagged=ether1 vlan-ids=1001 add bridge=bridge1 tagged=wlan1,bridge1 vlan-ids=1002 /ip dhcp-client add dhcp-options=hostname,clientid disabled=no interface=vlan-mgmt
But, I'd like to add a traffic shaper to limit upload before it overloads the wireless network (download is shaped from the other end). And, it's high pps that kills wireless much more so than high Mbps.
So, I'd like to shape traffic going out on wlan1, only data VLAN, to 1000pps. This is about 12 Mbps in full-sized frames, and proportionally less in smaller ones.
Data traffic to be bridged is PPPoE, the shaper should be transparent and pass anything equally without looking at any IPs etc. (in the data VLAN only, not affecting management).
This way the device is always accessible for management even if the data VLAN shaper is completely saturated. Any suggestions how to do this?
Another thing I'd like to implement - not yet possible, or am I wrong? - is to limit ether1 bridge port to learn just a single MAC address (any single one, without specifying it).