Hi everyone,

I have setup a box with 2 NICs as a transparent bridge for traffic shaping with v3.4

It seems that the queues do not pickup traffic in tagged VLANS. These VLANS are not setup on this box, it just transparently passes the traffic through.

Is there a way I can use mangle to set the packet-mark for certain VLAN traffic, then send traffic to a particular queue based on the packet-mark?

Under bridge I have "Use IP Firewall" and "Use IP Firewall for VLAN" ticked.

Regards,

As far as I know it is not possible to mark traffic in mangle per VLAN-ID [Tag].
You can set mangle marks per specific interface [VLAN interface, if VLAN is configured on RouterOS] or you need to think about other matcher to mark the traffic.

Hi Sergejs,

Thanks for your response, here is some more information.

VLAN1 192.168.0.0/24 (Untagged)
VLAN2 10.0.0.0/24 (802.1q Tagged)

This traffic passes through the bridge, VLAN1 is untagged and VLAN2 is tagged. (Neither are setup on the RouterOS)

If I setup a queue with a target for 192.168.0.1 traffic to and from that IP goes into the queue.
If I setup a queue with a target for 10.0.0.1 no traffic makes it in the queue.

Do you have any ideas how I could make a queue for a certain address in VLAN2

Regards,

If you bridge the VLANS properly you can queue them and do all sorts of neat stuff.

You currently have ETH1----bridge----ETH2. Whilst this will pass vlan traffic, there is not much you can do with it.

Remove bridge that contains the physical ports, and make sure you dont put physical ports in the bridge, only VLAN ports.

EG
Add VLAN1 to ETH1
and VLAN1 to ETH2
Then create bridge1 and place both VLAN1 ports into bridge 1

then

Add VLAN2 to ETH1
and VLAN2 to ETH2
Then create bridge2 and place both VLAN2 ports into bridge 2


NOTE: you really shouldn't mix untagged with tagged traffic on the same physical interface once you do this. Just bridge .q traffic through separate bridges only. Trying to bridge untagged traffic AND tagged traffic will cause lots of problems.


EDIT: If you are bridging non-ip traffic (eg PPPoE) you cant do do s*** with it. You can only queue PPPoE traffic at the server or the CPE, NOT at the bridge level. Limitation of MT or LInux in general? not sure.......

... ...
Add VLAN1 to ETH1
and VLAN1 to ETH2
Then create bridge1 and place both VLAN1 ports into bridge 1
then
Add VLAN2 to ETH1
and VLAN2 to ETH2
Then create bridge2 and place both VLAN2 ports into bridge 2

VLAN1 to eteher1 and then VLAN1 on ether2? or different VLAN ifaces to ether1 and ether2 with same tag? imeant the same VLAN ID...

can you explain how it is all connected physically, it is very important to know is there any way that VLAN 2 bypasses the traffic shapper.

regards.

Faton

The simplest way to do this would probably be to use the Bridge Filter. In there you can mark packets by VLAN ID. This occurs prior to the ip firewall chains, so should give you plenty of flexibility from there.

Regards,
Jake