Hello!
I am a newbie and I use Flint2 with OpenWRT 23.05.5.
Have mwan3 with 2x wireguard connections active. Failover, fallback and killswitch activated. I got help here in the forum to setup this.
Do you guys know what is the easiest way to limit the speed of all individual lan-ports to 150Mbit? 150Mbit per port. I mean maximum speed on Lan1 should be 150Mbit and Lan2 also 150Mbit.
Both can maximum use 300 Mbit of the router.
Thank you for help! 
combined, or per client ?
I mean per LAN-port.
So if you connect to Lan1 you can maximize get 150Mbit, and if you use Lan2 also maximum 150Mbit.
If both Lan1 and Lan2 is used, they can together use maximum 300Mbit of the router.
If you think like it is 1 Lan port per person 
, and every person gets maximum 150Mbit.
I am sorry for my bad english
I assume that the LAN ports live on a switch? In that case you need to pass each LAN port to the CPU independently (e.g. by assigning each port its own VLAN address) and then built a software bridge there, then you can instantiate one traffic shaper per VLAN/LAN port, but keep in mind that traffic shaping is rather expensive, so you might run out of CPU quickly.
Depending on what you want to achieve, maybe start with sqm-scripts on each wan interface configured for per-internal-IP fairness. That will NOT limit specific LAN ports, but it will try to share the WAN capacity equitably between active IP addresses, which might already be an improvement.
Today I have
WAN modem -> flint2 OpenWRT router -> TP-link 5-port QOS switch that gives 150Mbit to every port.
I just dont know if this extra QOS switch will interupt or destroy anything for the connected devices. Or else it seems to work kinda good.
That should continue to work as well as before...
I asked ChatGPT, it told me VoIP could be interupted if using QOS Switch with speed limiting. And i know one that used our setup told me (VoIP) Teams worked bad.
Thats why I was thinking to use speed limiting inside openwrt to prevent errors.
But i dont know, maybe a better qos switch can make it more error proof. 
ChatGPT answer:
How a QoS switch can disrupt VoIP:
Wrong traffic prioritization
If the switch does not prioritize VoIP packets (like RTP), voice traffic may compete with downloads or video streams, causing lag and choppy audio.Hard bandwidth limits per port
Setting a strict speed cap (e.g., 512 kbps) on a port used for VoIP can drop packets, especially during video calls or screen sharing.Lack of DSCP/CoS support
If the switch ignores or strips DSCP tags (e.g., EF46 for voice), it won't know that VoIP traffic is high priority."Storm control" or multicast filtering
Some switches limit broadcast/multicast traffic, which can interfere with call setup or group calls in some VoIP systems.Simplistic or default QoS settings
Basic or automatic QoS modes may misclassify VoIP as regular traffic, especially on cheap or unmanaged switches.
.
ChatGPT:
What type of switch to use for speed limiting with minimal connection issues (especially for VoIP)
If you want to limit network speed per device or port without affecting sensitive applications like VoIP or video calls, it's best to use a smart or managed switch with proper QoS (Quality of Service) support.
Recommended switch features:
Port-based rate limiting
Look for switches that allow you to set upload/download limits per port. This way, you can control speeds without involving your router.Support for DSCP/802.1p (CoS) prioritization
The switch should respect DSCP tags (like EF46 for VoIP) and prioritize important traffic automatically. This ensures voice and video stay smooth, even if speed is capped.Configurable QoS policies
You should be able to define what traffic gets priority (e.g., UDP, SIP, RTP) and what doesn't (e.g., bulk downloads).Stable firmware & VLAN support
For more advanced setups, having VLAN and IGMP snooping support helps reduce broadcast noise and improves overall reliability.
Example product:
TP-Link TL-SG108E (Easy Smart Switch)
- 8 Gigabit ports
- Web GUI and Windows config utility
- Supports port-based rate limiting
- Supports 802.1p (CoS) priority
- Can recognize DSCP tags
- VLAN support (802.1Q)
- Very low price (around €25–35 / $30–40)
Not ideal for very advanced setups (no CLI, no SNMP)
- Unmanaged switches with "automatic QoS" — these often make things worse.
- Cheap switches that offer only basic rate limiting without proper traffic classification.
Use a managed switch with port-based rate limiting and DSCP-aware QoS. This gives you the control you want, without interfering with real-time traffic like VoIP or video conferencing.
Let me know if you'd like help picking a specific model based on your needs or budget!
If ChatGPT is not lying for me I will go for this, lol 
What do you masters think, is he lying? 
That is why I said "work as well as before"...
Hardly, as switches tend to only offer policers and policers are overly harsh...
The problem with that is, you lack the knowledge to judge whether what ChatGPT reports is actually correct, and ChatGPT itself lacks a concept of correctness... so best only use ChatGPT in areas where you are an expert, or only use it as starting point for further research always keeping in mind, that the report could be completely fabricated.
Honestly, try sqm (opkg install luci-app-sqm) and configure one instance per wireguard interface (for that you need to statically distribute the wan capacity between the wireguard instances) and follow these instructions for configuring per internal IP fairness... (one can go fancier than this, but that should be simple to configure and test...)
Thank you for your great reply.
But we have 2 routers connected to the WAN-modem.
This one should maximum use 300 Mbit (2 lan ports of 150Mbit each)
And the other main router should use the rest of the capacity.
I dont know if your solution match with this 
Thank you.
Maybe post a sketch of your network's structure showing the positions of these addditional routers.
Also does the flint2 have any other clients to serve either by wired or by WiFi?
So I would guess for decent low latency performance (so VoIP does not suck for A and B) you would need to:
Now, if you are actually running your own small ISP business with A, B, ... maybe you should look into LibreQoS (which requires an x86 dual NIC box as dedicated shaper), but for just 2 additional networks that might be too much hassle.
What is the aggregate WAN speed here, and how strict do you want to enforce the 150 Mbps limit?
lol, its no ISP business. We have 2 different renters in this house and I dont want them to steal all the bandwitch and also not do anything illegal that could harm us, thats why we use VPN.
And i am a newbie, i will not understand anything of LibreQoS or AQM, will only think it look cool. 
In the TP-link switch, we have this settings. Maybe I should choose DSCP/802.1P instead?
That is unlikely to improve A and B's VoIP experience, you really need to replace that switches limiter with something gentler...
For the first per-intenal-IP isolation would most likely help a lot, unless your renters have loads of machines connected thst all do bulk transfers, but that does not address the legality issue you bring up...
If all that causes issues is the fact that the switches policer is too harsh, then disabling that policers and instantiate one sqm instance per wg interface would help. But only if your wan link does not experience congestion do to your own traffic without any traffic shaping...
Question: do A and B operate their own router with their own NAT and hence only have a single IP address/prefix each?
They have wifi-routers with dhcp on, but they are offerd to change it if they want.
But no one have changed as much as I can see in the ping.
Something gentlier, do you mean a better switch? Could you recommend anything thank you!
