Mungkin sebahagian dari kita selalu bertanya-tanya bagaimana sich caranya membangun sebuah hotspot pada perangkat mikrotik dengan management bandwith yang sempurna yang terbagi rata ke seluruh client? Karena selama ini kita selalu beranggapan bahwa management bandwith hotspot mikrotik tidak dapat berjalan pada simple queues maupun queues tree di karenakan hotspot akan mengambil bandwith default dari user yang kita buat. Berikut ini akan saya jabarkan bagaimana cara agar bandwith management pada hotspot mikrotik kita dapat berfungsi dengan sempurna tanpa menggunakan bandwith default yang kita set pada saat melakukan create user hotspot (alias bandwith user bisa kita berikan unlimited) dengan menggunakan queues tree (simple queues tidak dapat bekerja dikarenakan bandwith dari hotspot akan selalu mengambil posisi paling atas):

1. Pastikan settingan koneksi internet dan hotspot mikrotik Anda telah berfungsi dan user profiles pada menu IP → Hotspot → User Profiles → General, centangan pada Transparent Proxy tidak tercentang.
2. Untuk membatasi download berdasarkan Extension File buka menu IP → Firewall → Layer7 Protocols.
   Isikan dengan value berikut ini:

   /ip firewall layer7-protocol add name="3gp" regexp="\\.(3gp)"
   /ip firewall layer7-protocol add name="EXE" regexp="\\.(exe)"
   /ip firewall layer7-protocol add name="RAR" regexp="\\.(rar)"
   /ip firewall layer7-protocol add name="ZIP" regexp="\\.(zip)"
   /ip firewall layer7-protocol add name="7z" regexp="\\.(7z)"
   /ip firewall layer7-protocol add name="CAB" regexp="\\.(cab)"
   /ip firewall layer7-protocol add name="ASF" regexp="\\.(asf)"
   /ip firewall layer7-protocol add name="MOV" regexp="\\.(mov)"
   /ip firewall layer7-protocol add name="WMV" regexp="\\.(wmv)"
   /ip firewall layer7-protocol add name="MPG" regexp="\\.(mpg)"
   /ip firewall layer7-protocol add name="MPEG" regexp="\\.(mpeg)"
   /ip firewall layer7-protocol add name="MKV" regexp="\\.(mkv)"
   /ip firewall layer7-protocol add name="AVI" regexp="\\.(avi)"
   /ip firewall layer7-protocol add name="FLV" regexp="\\.(flv)"
   /ip firewall layer7-protocol add name="WAV" regexp="\\.(wav)"
   /ip firewall layer7-protocol add name="RM" regexp="\\.(rm)"
   /ip firewall layer7-protocol add name="MP3" regexp="\\.(mp3)"
   /ip firewall layer7-protocol add name="MP4" regexp="\\.(mp4)"
   /ip firewall layer7-protocol add name="RAM" regexp="\\.(ram)"
   /ip firewall layer7-protocol add name="RMVB" regexp="\\.(rmvb)"
   /ip firewall layer7-protocol add name="DAT" regexp="\\.(dat)"
   /ip firewall layer7-protocol add name="DAA" regexp="\\.(daa)"
   /ip firewall layer7-protocol add name="ISO" regexp="\\.(iso)"
   /ip firewall layer7-protocol add name="NRG" regexp="\\.(nrg)"
   /ip firewall layer7-protocol add name="BIN" regexp="\\.(bin)"
   /ip firewall layer7-protocol add name="VCD" regexp="\\.(vcd)"
   

   Untuk membatasi youtube pada Layer7 Protocols silahkan input regexp value berikut ini:

   Name: YOUTUBE
   Regexp: http/(0\.9|1\.0|1\.1)[\x09-\x0d ][1-5][0-9][0-9][\x09-\x0d -~]*(content-type: video)
   

   

3. Buka menu IP → Firewall → Mangle.
   Isikan dengan value berikut ini:

   /ip firewall mangle add comment="Download" chain=postrouting action=mark-connection new-connection-mark=download passthrough=yes out-interface=bridge-local
   /ip firewall mangle add chain=postrouting action=mark-packet new-packet-mark=EXE passthrough=no layer7-protocol=EXE connection-mark=download
   /ip firewall mangle add chain=postrouting action=mark-packet new-packet-mark=3gp passthrough=no layer7-protocol=3gp connection-mark=download
   /ip firewall mangle add chain=postrouting action=mark-packet new-packet-mark=7z passthrough=no layer7-protocol=7z connection-mark=download
   /ip firewall mangle add chain=postrouting action=mark-packet new-packet-mark=ASF passthrough=no layer7-protocol=ASF connection-mark=download
   /ip firewall mangle add chain=postrouting action=mark-packet new-packet-mark=AVI passthrough=no layer7-protocol=AVI connection-mark=download
   /ip firewall mangle add chain=postrouting action=mark-packet new-packet-mark=BIN passthrough=no layer7-protocol=BIN connection-mark=download
   /ip firewall mangle add chain=postrouting action=mark-packet new-packet-mark=CAB passthrough=no layer7-protocol=CAB connection-mark=download
   /ip firewall mangle add chain=postrouting action=mark-packet new-packet-mark=DAA passthrough=no layer7-protocol=DAA connection-mark=download
   /ip firewall mangle add chain=postrouting action=mark-packet new-packet-mark=DAT passthrough=no layer7-protocol=DAT connection-mark=download
   /ip firewall mangle add chain=postrouting action=mark-packet new-packet-mark=FLV passthrough=no layer7-protocol=FLV connection-mark=download
   /ip firewall mangle add chain=postrouting action=mark-packet new-packet-mark=ISO passthrough=no layer7-protocol=ISO connection-mark=download
   /ip firewall mangle add chain=postrouting action=mark-packet new-packet-mark=MKV passthrough=no layer7-protocol=MKV connection-mark=download
   /ip firewall mangle add chain=postrouting action=mark-packet new-packet-mark=MOV passthrough=no layer7-protocol=MOV connection-mark=download
   /ip firewall mangle add chain=postrouting action=mark-packet new-packet-mark=MP3 passthrough=no layer7-protocol=MP3 connection-mark=download
   /ip firewall mangle add chain=postrouting action=mark-packet new-packet-mark=MP4 passthrough=no layer7-protocol=MP4 connection-mark=download
   /ip firewall mangle add chain=postrouting action=mark-packet new-packet-mark=MPEG passthrough=no layer7-protocol=MPEG connection-mark=download
   /ip firewall mangle add chain=postrouting action=mark-packet new-packet-mark=MPG passthrough=no layer7-protocol=MPG connection-mark=download
   /ip firewall mangle add chain=postrouting action=mark-packet new-packet-mark=NRG passthrough=no layer7-protocol=NRG connection-mark=download
   /ip firewall mangle add chain=postrouting action=mark-packet new-packet-mark=RAM passthrough=no layer7-protocol=RAM connection-mark=download
   /ip firewall mangle add chain=postrouting action=mark-packet new-packet-mark=RAR passthrough=no layer7-protocol=RAR connection-mark=download
   /ip firewall mangle add chain=postrouting action=mark-packet new-packet-mark=RM passthrough=no layer7-protocol=RM connection-mark=download
   /ip firewall mangle add chain=postrouting action=mark-packet new-packet-mark=RMVB passthrough=no layer7-protocol=RMVB connection-mark=download
   /ip firewall mangle add chain=postrouting action=mark-packet new-packet-mark=VCD passthrough=no layer7-protocol=VCD connection-mark=download
   /ip firewall mangle add chain=postrouting action=mark-packet new-packet-mark=WAV passthrough=no layer7-protocol=WAV connection-mark=download
   /ip firewall mangle add chain=postrouting action=mark-packet new-packet-mark=WMV passthrough=no layer7-protocol=WMV connection-mark=download
   /ip firewall mangle add chain=postrouting action=mark-packet new-packet-mark=YOUTUBE passthrough=no layer7-protocol=YOUTUBE connection-mark=download
   /ip firewall mangle add chain=postrouting action=mark-packet new-packet-mark=ZIP passthrough=no layer7-protocol=ZIP connection-mark=download
   
   /ip firewall mangle add comment="Browsing" chain=postrouting action=mark-connection new-connection-mark=browsing passthrough=yes out-interface=bridge-local
   /ip firewall mangle add chain=postrouting action=mark-packet new-packet-mark=browsing-low passthrough=no protocol=tcp connection-mark=browsing connection-bytes=0-204800
   /ip firewall mangle add chain=postrouting action=mark-packet new-packet-mark=browsing-med passthrough=no protocol=tcp connection-mark=browsing connection-bytes=204800-2048000
   /ip firewall mangle add chain=postrouting action=mark-packet new-packet-mark=browsing-hi passthrough=no protocol=tcp connection-mark=browsing connection-bytes=2048000-0
   
   /ip firewall mangle add comment="Upload" chain=prerouting action=mark-connection new-connection-mark=upload passthrough=yes in-interface=bridge-local
   /ip firewall mangle add chain=prerouting action=mark-packet new-packet-mark=uploading passthrough=no connection-mark=upload
   
   

   

4. Langkah terakhir mari kita buat queues types dan queues tree.
   Isikan dengan value berikut ini:

   /queue type add name="pcq-up" kind=pcq pcq-rate=128k pcq-limit=50 pcq-classifier=src-address pcq-total-limit=2000 pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-src-address-mask=32 pcq-dst-address-mask=32 pcq-src-address6-mask=128 pcq-dst-address6-mask=128
   /queue type add name="pcq-down" kind=pcq pcq-rate=512k pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000 pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=30s pcq-src-address-mask=32 pcq-dst-address-mask=32 pcq-src-address6-mask=128 pcq-dst-address6-mask=128
   

   

   /queue tree add comment="Download" name="Download" parent=global-out limit-at=0 priority=8 max-limit=1M burst-limit=0 burst-threshold=0 burst-time=0s
   /queue tree add name="EXE" parent=Download packet-mark=EXE limit-at=64k queue=pcq-down priority=8 max-limit=128k burst-limit=512k burst-threshold=0 burst-time=15s
   /queue tree add name="3gp" parent=Download packet-mark=3gp limit-at=64k queue=pcq-down priority=8 max-limit=128k burst-limit=512k burst-threshold=0 burst-time=15s
   /queue tree add name="7z" parent=Download packet-mark=7z limit-at=64k queue=pcq-down priority=8 max-limit=128k burst-limit=512k burst-threshold=0 burst-time=15s
   /queue tree add name="ASF" parent=Download packet-mark=ASF limit-at=64k queue=pcq-down priority=8 max-limit=128k burst-limit=512k burst-threshold=0 burst-time=15s
   /queue tree add name="AVI" parent=Download packet-mark=AVI limit-at=64k queue=pcq-down priority=8 max-limit=128k burst-limit=512k burst-threshold=0 burst-time=15s
   /queue tree add name="BIN" parent=Download packet-mark=BIN limit-at=64k queue=pcq-down priority=8 max-limit=128k burst-limit=512k burst-threshold=0 burst-time=15s
   /queue tree add name="CAB" parent=Download packet-mark=CAB limit-at=64k queue=pcq-down priority=8 max-limit=128k burst-limit=512k burst-threshold=0 burst-time=15s
   /queue tree add name="DAA" parent=Download packet-mark=DAA limit-at=64k queue=pcq-down priority=8 max-limit=128k burst-limit=512k burst-threshold=0 burst-time=15s
   /queue tree add name="DAT" parent=Download packet-mark=DAT limit-at=64k queue=pcq-down priority=8 max-limit=128k burst-limit=512k burst-threshold=0 burst-time=15s
   /queue tree add name="FLV" parent=Download packet-mark=FLV limit-at=64k queue=pcq-down priority=8 max-limit=128k burst-limit=512k burst-threshold=0 burst-time=15s
   /queue tree add name="ISO" parent=Download packet-mark=ISO limit-at=64k queue=pcq-down priority=8 max-limit=128k burst-limit=512k burst-threshold=0 burst-time=15s
   /queue tree add name="MKV" parent=Download packet-mark=MKV limit-at=64k queue=pcq-down priority=8 max-limit=128k burst-limit=512k burst-threshold=0 burst-time=15s
   /queue tree add name="MOV" parent=Download packet-mark=MOV limit-at=64k queue=pcq-down priority=8 max-limit=128k burst-limit=512k burst-threshold=0 burst-time=15s
   /queue tree add name="MP3" parent=Download packet-mark=MP3 limit-at=64k queue=pcq-down priority=8 max-limit=128k burst-limit=512k burst-threshold=0 burst-time=15s
   /queue tree add name="MP4" parent=Download packet-mark=MP4 limit-at=64k queue=pcq-down priority=8 max-limit=128k burst-limit=512k burst-threshold=0 burst-time=15s
   /queue tree add name="MPEG" parent=Download packet-mark=MPEG limit-at=64k queue=pcq-down priority=8 max-limit=128k burst-limit=512k burst-threshold=0 burst-time=15s
   /queue tree add name="MPG" parent=Download packet-mark=MPG limit-at=64k queue=pcq-down priority=8 max-limit=128k burst-limit=512k burst-threshold=0 burst-time=15s
   /queue tree add name="NRG" parent=Download packet-mark=NRG limit-at=64k queue=pcq-down priority=8 max-limit=128k burst-limit=512k burst-threshold=0 burst-time=15s
   /queue tree add name="RAM" parent=Download packet-mark=RAM limit-at=64k queue=pcq-down priority=8 max-limit=128k burst-limit=512k burst-threshold=0 burst-time=15s
   /queue tree add name="RAR" parent=Download packet-mark=RAR limit-at=64k queue=pcq-down priority=8 max-limit=128k burst-limit=512k burst-threshold=0 burst-time=15s
   /queue tree add name="RM" parent=Download packet-mark=RM limit-at=64k queue=pcq-down priority=8 max-limit=128k burst-limit=512k burst-threshold=0 burst-time=15s
   /queue tree add name="RMVB" parent=Download packet-mark=RMVB limit-at=64k queue=pcq-down priority=8 max-limit=128k burst-limit=512k burst-threshold=0 burst-time=15s
   /queue tree add name="VCD" parent=Download packet-mark=VCD limit-at=64k queue=pcq-down priority=8 max-limit=128k burst-limit=512k burst-threshold=0 burst-time=15s
   /queue tree add name="WAV" parent=Download packet-mark=WAV limit-at=64k queue=pcq-down priority=8 max-limit=128k burst-limit=512k burst-threshold=0 burst-time=15s
   /queue tree add name="WMV" parent=Download packet-mark=WMV limit-at=64k queue=pcq-down priority=8 max-limit=128k burst-limit=512k burst-threshold=0 burst-time=15s
   /queue tree add name="YOUTUBE" parent=Download packet-mark=YOUTUBE limit-at=64k queue=pcq-down priority=8 max-limit=128k burst-limit=512k burst-threshold=0 burst-time=20s
   /queue tree add name="ZIP" parent=Download packet-mark=ZIP limit-at=64k queue=pcq-down priority=8 max-limit=128k burst-limit=512k burst-threshold=0 burst-time=15s
   
   /queue tree add comment="Browsing" name="Browsing" parent=global-out limit-at=0 priority=8 max-limit=1M burst-limit=0 burst-threshold=0 burst-time=0s
   /queue tree add name="browsing-low" parent=Browsing packet-mark=browsing-low limit-at=0 queue=pcq-down priority=8 max-limit=512k burst-limit=0 burst-threshold=0 burst-time=0s
   /queue tree add name="browsing-med" parent=Browsing packet-mark=browsing-med limit-at=0 queue=pcq-down priority=8 max-limit=256k burst-limit=512k burst-threshold=0 burst-time=15s
   /queue tree add name="browsing-hi" parent=Browsing packet-mark=browsing-hi limit-at=0 queue=pcq-down priority=8 max-limit=128k burst-limit=256k burst-threshold=0 burst-time=15s
   
   /queue tree add comment="Upload" name="upload" parent=global-in limit-at=0 priority=8 max-limit=512k burst-limit=0 burst-threshold=0 burst-time=0s
   /queue tree add name="uploading" parent=upload packet-mark=uploading limit-at=0 queue=pcq-up priority=8 max-limit=256k burst-limit=256k burst-threshold=0 burst-time=15s
   

   

Pada gambar diatas terlihat bahwa chain pada firewall mangle adalah postrouting dan parent yang kita gunakan untuk management bandwith download adalah global-out (kebalikan dari management bandwith tanpa hotspot), karena disini yang kita batasi adalah koneksi yang keluar dari mikrotik ke client dan sebaliknya yang keluar dari client ke mikrotik (upload). Dan untuk upload sendiri disini kita menggunakan metode firewall mangle dengan chain prerouting dan parent yang kita gunakan untuk management bandwith adalah global-in.