Messages

1

24.7 Production Series / Re: VLAN priority for DHCP not working

« on: September 15, 2024, 11:21:26 am »

I disabled IDS and VLAN-PCP works as expected for DHCP without any rules or normalization.

Thank you very much @doktornotor !

I guess there is still an issue on that (very specific user case I concede), but I had IDS enabled on a VLAN interface (WAN) and maybe this is not a good practice.

2

24.7 Production Series / Re: VLAN priority for DHCP not working

« on: September 09, 2024, 01:44:02 pm »

Thanks for the replies. Indeed I have Surricata enabled.

I cannot debug more this week but I will try disabling Surricata or even re-install OS for a clean test.

3

24.7 Production Series / Re: VLAN priority for DHCP not working

« on: September 08, 2024, 04:35:02 pm »

Thanks for the tip, I'll try messing with the code next week maybe 

4

24.7 Production Series / Re: VLAN priority for DHCP not working

« on: September 08, 2024, 04:00:36 pm »

@meyergru : Same result with a floating rule

@doktornotor I'm not playing with dhclient conf files directly, vlan-pcp is set via GUI on WAN interface config.

 sysctl net.link.vlan.mtag_pcp : made some tries by enabling and disabling priority at VLAN level and at WAN's DHCP level, it is always "1"

 

5

24.7 Production Series / Re: VLAN priority for DHCP not working

« on: September 08, 2024, 02:24:40 pm »

Perhaps post what you have created...

6

24.7 Production Series / Re: VLAN priority for DHCP not working

« on: September 08, 2024, 02:01:22 pm »

It never matches Maybe the automatic rule "Allow DHCP client on WAN" matches before ?

7

24.7 Production Series / Re: VLAN priority for DHCP not working

« on: September 08, 2024, 01:43:56 pm »

I tried but do you know how can I do that ? It needs to be done before VLAN encapsulation so it won't be a rule on the WAN interface I guess. Do I need to assign the physical interface underneath the VLAN to create such a rule ?

8

24.7 Production Series / Re: VLAN priority for DHCP not working

« on: September 08, 2024, 12:46:34 pm »

@doktornotor Yeah if I set pcp 6 on the VLAN interface, DHCP works, but ISP limits the bandwidth if I tag everything with pcp 6


@dseven Yep I came across these threads, I don't use virtualization, I run Opnsense on a Sophos SG230 rev2 appliance, optic fiber is plugged to a SFP ONU on the firewall.

I'm observing the PCP by capturing packets on the GUI on the physical interface (not VLAN) and then I open the capture with Wireshark.

9

24.7 Production Series / Re: VLAN priority for DHCP not working

« on: September 08, 2024, 10:55:24 am »

Yep I'm talking about PCP at the VLAN level (tag is 832). Not even DSCP.

WAN is directly connected to ISP (FTTH), so WAN has a public IP. They require PCP 6 on DHCP (Orange France). Doc I followed is here : https://docs.opnsense.org/manual/how-tos/orange_fr_fttp.html

10

24.7 Production Series / VLAN priority for DHCP not working

« on: September 08, 2024, 09:07:29 am »

Hello,

I'm running Opnsense 24.7.3_1.

I have a VLAN interface with VLAN priority set to 0. Then my WAN is on that VLAN device.

I need to set VLAN priority to 6 on DHCP packets, but the setting on wan's interface has no effect on DHCP packets, as if the VLAN settings overwrites it.

In the config file "dhclient_wan.conf" there is vlan-pcp 6, but all DHCP packets are still in priority 0.

Is there a known issue about that ? How can I fix this ?