Syed Jahanzaib Personal Blog to Share Knowledge !

April 14, 2012

Howto Exempt any User / Website from Mikrotik PCC [Part-1]

Filed under: Mikrotik Related — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 11:32 AM

Another updated working example [may-2017]

I recently deployed Dual WAN P.C.C configuration  at a local The scenario is something like below . . .


The problem they were facing of one particular Banking web site name , The best method to resolve such P.C.C issues is to use src-address as classifier, this way user WAN ip won’t be change and they will be stick to 1 wan for there session. But in above scenario I cant use src-address as users are not directly hitting PCC. So I made a workaround and exempted the user and in one case , the destination website from being processed by the P.C.C

The simple theory is to make a address with the user ip or the destination web site IP address. and then create an rule in mangle to exempt it from P.C.C, Then create a new default route in with your desired WAN selected , for that traffic which is exempted from P.C.C

Important:  Move this rule above of other PCC rules, so it will accept the data before PCC catches it.


To Exempt Any User IP from PCC Rule,

/ip firewall address-list
add list=usere-exempted-from-pcc address=

Now create Mangle Rule to accept traffic from above list, then PCC will not precess this user ip address , and Mikrotik will use the Default route for this user Traffic. (We will add it later)


/ip firewall mangle
add action=accept chain=prerouting disabled=no src-address-list=user-exempted-from-pcc

To Exempt Any Web Site from PCC, first track its IP Address (or pool), then add it in exempt list.

/ip firewall address-list
add list=site-exempted-from-pcc address=

( is for test purpose)

Now create its mangle rule

/ip firewall mangle
add action=accept chain=prerouting disabled=no dst-address-list=site-exempted-from-pcc

Adding Route for Un-Marked Traffic

You have to add Default ROUTE rule to tell Mikrotik to use this ROUTE as default route for all other UNMARKED traffic not processed / marked by the PCC. and in this route, you can bind exempted traffic request to always go through Specific Link only.

/ip route
add comment=”Default Route For Un-Marked Traffic” disabled=no distance=3 dst-address= gateway= scope=30 target-scope=10

(Change IP Address as per your network configuration)



%d bloggers like this: