We require to be able to shape on our system by MAC address and have separate differing upload and download speeds. However, the current rules I have grabbed from the documentation to tag packets by MAC, appear to treat all traffic as both rather than upload and download.

Here are the rules we are currently using:
/ ip firewall mangle
add chain=prerouting src-mac-address=00:12:17:0D:A5:9B action=mark-connection new-connection-mark=00:12:17:0D:A5:9B-con \
passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=00:12:17:0D:A5:9B-con action=mark-packet new-packet-mark=00:12:17:0D:A5:9B \
passthrough=yes comment="" disabled=no

/ queue simple
add name="00:12:17:0D:A5:9B-queue" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=00:12:17:0D:A5:9B \
direction=both priority=4 queue=default/default limit-at=256000/512000 max-limit=256000/512000 total-queue=default \
disabled=no

As you can see above, MAC 00:12:17:0D:A5:9B should have 256k/512k, however the system only gives them 256k upload and 256k download when testing. The internet appears very sluggish and I believe this is due to possibly packets being shaped twice.

Also, when looking at the stats for downloaded bytes and uploaded bytes, they are identical for all queues in the system.

Finally, we cannot shape by IP Address as our customers a dynamically assigned IP address, and we are not using PPPoE as not all of our CPE's support this feature (yet).

--Ian.

Yo can bound an IP to a MAC address in DHCP server...

Yes you can, but what would stop someone from changing their IP to a static IP to have full speed?

do another thing : in /ip firewall filter, bind IP and MAC address combination (if IP address x.x.x.x doesn't have MAC y:y:y:y:y:y:y, then drop) and do shaping based on IP address only. This way it should work flawlessly.

I'll give that a try, but might take some time to script/implement.

Thanks.

--Ian.

Yes you can, but what would stop someone from changing their IP to a static IP to have full speed?

Try static ARP....

try reply-only ARP!

We require to be able to shape on our system by MAC address and have separate differing upload and download speeds. However, the current rules I have grabbed from the documentation to tag packets by MAC, appear to treat all traffic as both rather than upload and download.

Here are the rules we are currently using:
/ ip firewall mangle
add chain=prerouting src-mac-address=00:12:17:0D:A5:9B action=mark-connection new-connection-mark=00:12:17:0D:A5:9B-con \
passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=00:12:17:0D:A5:9B-con action=mark-packet new-packet-mark=00:12:17:0D:A5:9B \
passthrough=yes comment="" disabled=no

/ queue simple
add name="00:12:17:0D:A5:9B-queue" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=00:12:17:0D:A5:9B \
direction=both priority=4 queue=default/default limit-at=256000/512000 max-limit=256000/512000 total-queue=default \
disabled=no

As you can see above, MAC 00:12:17:0D:A5:9B should have 256k/512k, however the system only gives them 256k upload and 256k download when testing. The internet appears very sluggish and I believe this is due to possibly packets being shaped twice.

Also, when looking at the stats for downloaded bytes and uploaded bytes, they are identical for all queues in the system.

Finally, we cannot shape by IP Address as our customers a dynamically assigned IP address, and we are not using PPPoE as not all of our CPE's support this feature (yet).

--Ian.

Did you get this to work properly or did you find a better way to issue dynamic IP's to your clients without hotspot or pppoe?