Hi,
Does arp reply-only works if the mikrotik is configured as a bridge????

Thats what im trying to do:

Configured mikrotik as a bridge, both ext and int interface added to the bridge, and i have only one ip adress of the privat subnet assigned to the bridge interface (for administrative purposes).
I want to use mikrotik to limit trafick to my users. Everything working OK except one thing.
I didnt manage to shape traffic by mac, so i do it by ip adress. But, the clients have the posibility to change ip adress and they wont be limited (or find another bigger limit). Also i want to force them use only one IP, becouse they might get in confilc with already used IP adresses.

I builded static arp list, and added every clients Mac adress and their IP adress, so i can force them to use only the Ip adress that i have asigned to them.
I activated Arp reply-only on the bridge interface, but still I can change watever IP address i want and i can conect to internet from my computer. (i also tried to make arp reply-only to the LAN (internall) interface also but still the same.

I assume, I can't limit clients with static arp table cose it is a bridge mode, and all that does is forward packet form one interface to another, and maybe it doesnt need to do arp with users.
Or, am im dowing something wring with my configuration ?????

I was unable to get that working in a bridged configuration v2.8.

ended up using MAC filtering via the bridge interface firewall and limit traffic via IP in simple queues.

Assign a static IP to each customer premise router.

While a customer could break in, to gain access to the premise router and change IP,
it is possible to make an entry for each unused IP and severly limit the bandwdth to deter them.

That maight be a solution, but what if the costumer changes IP to already used one, and make IP conflict?

In order for the customer to do that, he would have to hack into a router with the proper login name and password.

Even so, I believe the hacker would get the error message as the premise router keeps the customers always on.

Not the best, as it wont match an IP to a MAC.

Yess, thats true. I also dont care too much for users which i have installed a router on their side. I was more focusing on the users who concet with their computer directly to the wireless bridge. They have assigned Ip adresses from DHCP server, but i cant stop them to have static adresses of their choice within that subnet.

Well i tried a lot of things and the only thing shaping in bridge mode is IP adress. I cant configure mikrotik as a router, cose i have another router with serial conection to internet, and doing both NAT, and public IPs for my network. Also i thought of buying a serial PCI card for my mikrotik, but as much as i saw on the internet they are way to expensive.
In the end, as you did, i ended up filtering MACs on the bridge firewall.
I accepted all my users MACs and in the end i droped everything.
It works good, and my cpu resorses didnt change at all.
I only wish it was a posibility to limit the bandwidth imediately on the rule of bridge firewall, and also to name rules by customers names( macs are imposible to remember . THAT would be a TRUE and simple to manage traffick shaper by mac adress, in bridge mode.
thats just a wish

Ok--in the bridge firewall rules/tools--where you allowed the MAC--you can add a comment which will attach to the entry and show each clients name if you desire.

much like the Name for the IP limiting entry in the Simple Queues.

Wow, thanks man.
How stupid I was, I didnt thing about that LOL.
Setled that, and now I only wish it was a traffic shape based on those MACs
Anyhow im statisfied with my mikrotik bridge, it makes my life easier.