Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Ilford

Pages1
#1
24.7, 24.10 Series / Re: VLAN priority for DHCP not working
September 15, 2024, 11:21:26 AM
I disabled IDS and VLAN-PCP works as expected for DHCP without any rules or normalization.

Thank you very much @doktornotor !

I guess there is still an issue on that (very specific user case I concede), but I had IDS enabled on a VLAN interface (WAN) and maybe this is not a good practice.
#2
24.7, 24.10 Series / Re: VLAN priority for DHCP not working
September 09, 2024, 01:44:02 PM
Thanks for the replies. Indeed I have Surricata enabled.

I cannot debug more this week but I will try disabling Surricata or even re-install OS for a clean test.
#3
24.7, 24.10 Series / Re: VLAN priority for DHCP not working
September 08, 2024, 04:35:02 PM
Thanks for the tip, I'll try messing with the code next week maybe  ;D
#4
24.7, 24.10 Series / Re: VLAN priority for DHCP not working
September 08, 2024, 04:00:36 PM
@meyergru : Same result with a floating rule :(

@doktornotor I'm not playing with dhclient conf files directly, vlan-pcp is set via GUI on WAN interface config.

sysctl net.link.vlan.mtag_pcp : made some tries by enabling and disabling priority at VLAN level and at WAN's DHCP level, it is always "1"

 
#5
24.7, 24.10 Series / Re: VLAN priority for DHCP not working
September 08, 2024, 02:24:40 PM
Quote from: doktornotor on September 08, 2024, 02:03:26 PM
Perhaps post what you have created...




#6
24.7, 24.10 Series / Re: VLAN priority for DHCP not working
September 08, 2024, 02:01:22 PM
It never matches :( Maybe the automatic rule "Allow DHCP client on WAN" matches before ?
#7
24.7, 24.10 Series / Re: VLAN priority for DHCP not working
September 08, 2024, 01:43:56 PM
I tried but do you know how can I do that ? It needs to be done before VLAN encapsulation so it won't be a rule on the WAN interface I guess. Do I need to assign the physical interface underneath the VLAN to create such a rule ?
#8
24.7, 24.10 Series / Re: VLAN priority for DHCP not working
September 08, 2024, 12:46:34 PM
@doktornotor Yeah if I set pcp 6 on the VLAN interface, DHCP works, but ISP limits the bandwidth if I tag everything with pcp 6


@dseven Yep I came across these threads, I don't use virtualization, I run Opnsense on a Sophos SG230 rev2 appliance, optic fiber is plugged to a SFP ONU on the firewall.

I'm observing the PCP by capturing packets on the GUI on the physical interface (not VLAN) and then I open the capture with Wireshark.

#9
24.7, 24.10 Series / Re: VLAN priority for DHCP not working
September 08, 2024, 10:55:24 AM
Yep I'm talking about PCP at the VLAN level (tag is 832). Not even DSCP.

WAN is directly connected to ISP (FTTH), so WAN has a public IP. They require PCP 6 on DHCP (Orange France). Doc I followed is here : https://docs.opnsense.org/manual/how-tos/orange_fr_fttp.html
#10
24.7, 24.10 Series / VLAN priority for DHCP not working
September 08, 2024, 09:07:29 AM
Hello,

I'm running Opnsense 24.7.3_1.

I have a VLAN interface with VLAN priority set to 0. Then my WAN is on that VLAN device.

I need to set VLAN priority to 6 on DHCP packets, but the setting on wan's interface has no effect on DHCP packets, as if the VLAN settings overwrites it.

In the config file "dhclient_wan.conf" there is vlan-pcp 6, but all DHCP packets are still in priority 0.

Is there a known issue about that ? How can I fix this ? 
Pages1