Any easy way to limit LAN port internet bandwidth? Limit by port, not by user

Hi,
I look after the network bits at my local community centre. We use Zoom for remote session sometimes. Unfortunately all the users on WIFI in building are killing the Zoom bandwidth.
For simplicity the Zoom PC is wired to LAN Port 1, the connection to the external WIFI access point is on LAN Port 2. The internet DSL connection is 70Meg Down 10 Meg Up.
Is it possible to limit the total internet bandwidth usage on LAN Port 2 to 60Meg Down 7 Meg Up- thereby giving room for the Zoom PC?

Whats the easiest solution to implement? I don't want to limit by device because the WIFI is open to all centre users.

@moeller0 isn't this a situation where CAKE can be placed on just LAN port 2?

So @philtrick that would just be a case of installing the sqm stuff in LuCi and setting up CAKE on ethX corresponding to LAN port 2 - eth2? So 60Mbit/s on egress and 7Mbit/s on ingress.

That would also limit LAN-LAN but perhaps you don't care about that.

If you do then perhaps it's IFB time but we should rule out a simpler solution first.

nft rate limit

Just create a new vlan for LAN2 and use SQM to limit its speed.

1 Like

I thought of that too but then you won't get CAKE's per internal IP host fairness.

Thanks for your posts. I've got a 2nd hand Archer C7 arriving today from ebay. I'll get openwrt loaded up and then test at home before deploying. I'll post feedback here if the thread is still open.

Thanks again!

Hi again, got the router, got openwrt setup. got luci-sqm loaded up.

Do I need to VLAN the LAN ports to do SQM on an individual LAN Port?
I can only see br-lan or eth0.

Thanks

Before you do anything else put a cake instance on the wan and tune it to the DSL speed. That may be all that you need.

I would make a separate network of wifi users set it up with a strict firewall like a guest network and its own SQM instance that is considerably less than the DSL speed. But the overall wan queue is essential.

Yes, every port that you want to limit individually has to have its own vlan.