Syed Jahanzaib Personal Blog to Share Knowledge !

November 24, 2015

Quick Note: Limit interface total bandwidth by Queue Tree

Filed under: Mikrotik Related — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 3:12 PM




We want to limit WAN interface upload/download to 300 mb so that it may not cross this limit to avoid any chocking or lets say for our own bandwidth management.


We can use Mangle section to mark up/down traffic on particular interface and then using Queue tree we can achieve our required task.

  • Tested with Mikrotik 6.4x.x (It was also working with older versions as well)
# Mark packets for up/down on WAN interface, we are using ether1 for test, change it as per required
/ip firewall mangle
add action=mark-packet chain=prerouting comment="Mark Packets for Upload on WAN interface / jz" in-interface=ether1 new-packet-mark=wan_upload_pkts passthrough=yes
add action=mark-packet chain=postrouting comment="Mark Packets for Download on WAN interface / jz" new-packet-mark=wan_download_pkts out-interface=ether1 passthrough=yes

# Add Parent Queue to define Maximum Limit that WAN can touch
/queue tree
add comment="Limit Total Traffic to 300mb for WAN interface ether1 / zaib" max-limit=300M name=wan-total-traffic parent=global queue=default

# Now add 2 queues to control download/upload , and point it to use above PARENT queue , so that up/down can remain in limit.
add comment="Limit upload Packets marked by mangle / Jz" name=upload packet-mark=wan_upload_pkts parent=wan-total-traffic queue=default
add comment="Limit download Packets marked by mangle / Jz" name=download packet-mark=wan_download_pkts parent=wan-total-traffic queue=default


You can use it to distribute specific amount of bandwidth to specific interface, or lets say subnet or number of users. Example if you have 10 mb of bandwidth link and you want to distribute 5 mb to specific number of users. Lot of other queuing trick you can achieve using Marking/Queue combination !

Syed Jahanzaib


  1. HI There,

    I want to limit by selected Source IP-Address (Generally HTTP Port 80 or SSL Port 443) (different for Generally in the direction from internet (dest IP, port 80) back to desktop – Download direction.

    I have a bridge that bridges two interfaces eth0-eth1 running at 15 Gbps, with approximately 80,000 devices/users/endpoints all with unique internet IP-Addresses and its aware which is Lan and Internet. Each IP-address in maps to a username with no natting.

    Can yo ushow how to do this?

    Thanks MBS

    On 24 November 2015 at 21:12, Syed Jahanzaib Personal Blog to Share


    Comment by mario sanguineti — November 24, 2015 @ 3:37 PM

  2. Hi, what if you have adsl 5Mb up and 1Mb down for example?


    Comment by Bane Ivosev — November 24, 2015 @ 6:21 PM

  3. Hi, Could You please explain how to efficiently create mangle and queue on Mikrotik connected to ADSL line (eg 10Mbit download and 1 Mbit upload) in ROS 6?


    Comment by Rad — December 1, 2015 @ 1:32 AM

  4. Thanks for easy configuration tutorials-


    Comment by John Mark — April 1, 2019 @ 12:21 PM

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: