How to Limit Bandwidth Using MAC Address on Mikrotik

mamet zeroshell
mamet zeroshell
September 05, 2022
We will limit bandwidth on a Mikrotik client based on the user's MAC, where the MAC address of "A" will get IP "A" with a locked status for MAC for IP "A"="A".

  • For automatic IP conditions, we create a DHCP server by referring to MAC to IP.
  • Provide a firewall filter to lock MAC to IP or IP to MAC.
  • Then create a mangle that marks MAC for connection marking.
  • Create a queue tree and provide a packet mark to the mangle.

To limit bandwidth on MikroTik based on MAC address and lock it to a specific IP, you can follow these steps:

1. Bind MAC Address to IP

  • Go to IP > DHCP Server > Leases.
  • Find the device's MAC address and assign it a static IP by clicking "Make Static."
  • This ensures the device always gets the same IP.

2. Create a Simple Queue

  • Navigate to Queues > Simple Queues.
  • Add a new queue and set the target to the static IP assigned in the previous step.
  • Specify the bandwidth limits (e.g., max-limit=2M/2M for 2 Mbps upload/download).

3. Optional: Use Scripts for Automation

  • If you want to automate this for multiple devices, you can use a script in System > Scripts.
Example script:


:foreach i in=[/ip dhcp-server lease find] do={
    :local mac [/ip dhcp-server lease get $i mac-address];
    :local ip [/ip dhcp-server lease get $i address];
    /queue simple add name=$mac target=$ip max-limit=2M/2M;
}

This script creates queues for all devices with active DHCP leases.

4. Monitor and Test

  • Check the Queues section to ensure the bandwidth limits are applied.
  • Test the setup by connecting the device and verifying the speed.
As follows:


# Lock MAC address to IP address
/ip dhcp-server lease
add address=192.168.1.100 mac-address=00:11:22:33:44:55 comment="User1"
add address=192.168.1.101 mac-address=AA:BB:CC:DD:EE:FF comment="User2"

# Filter rules to mark mac to ip
/ip firewall filter
add chain=forward src-address=192.168.1.100 src-mac-address=!00:11:22:33:44:55 action=drop comment="User1"
add chain=forward src-address=!192.168.1.100 src-mac-address=00:11:22:33:44:55 action=drop comment="User1"

# Mangle rules to mark traffic based on MAC address
/ip firewall mangle
add chain=prerouting src-mac-address=00:11:22:33:44:55 action=mark-connection new-connection-mark=User1_conn
add chain=prerouting src-mac-address=AA:BB:CC:DD:EE:FF action=mark-connection new-connection-mark=User2_conn
add chain=prerouting connection-mark=User1_conn action=mark-packet new-packet-mark=User1_packet
add chain=prerouting connection-mark=User2_conn action=mark-packet new-packet-mark=User2_packet

# Queue Tree to limit speed based on MAC address
/queue tree
add name="User1_Limit" parent=global-in packet-mark=User1_packet limit-at=5M max-limit=10M
add name="User2_Limit" parent=global-in packet-mark=User2_packet limit-at=3M max-limit=6M
Related Posts
Related Posts
Scroll to top
Code Copied!