Bridge filter does not see tagged vlan

omidkosari · September 25, 2008, 11:39am

 /interface bridge filter> print
Flags: X - disabled, I - invalid, D - dynamic 
 0   chain=forward action=mark-packet new-packet-mark=pppoe-discovery mac-protocol=0x8863 

 1   chain=forward action=mark-packet new-packet-mark=pppoe-discovery mac-protocol=0x8864 

 2   chain=forward action=mark-packet new-packet-mark=pppoe-discovery mac-protocol=vlan vlan-encap=0x8863 

 3   chain=forward action=mark-packet new-packet-mark=pppoe-session mac-protocol=vlan vlan-encap=0x8864 

 4   chain=forward action=mark-packet new-packet-mark=ALL-VLANs mac-protocol=vlan 

 5   chain=forward action=mark-packet new-packet-mark=ALL-VLANs mac-protocol=!vlan

ROS v3.14

the problem is 0,1,2,3 does not see anything and count.
actually the bridge filter can not see any tagged vlan and the count of number 4,5 is just for untagged vlan

this is a bug.

netrat · September 25, 2008, 12:22pm

Are you sure the rule is in the right chain? Is it traffic going across the bridge from one interface to another? Try putting it in the input chain and see what happens.

omidkosari · September 25, 2008, 12:38pm

yes i am sure . it is just a bridge with 2 ports . ether1 and ether2 showing correct traffic. i have tested all chains but no success .

Chupaka · September 25, 2008, 1:20pm

post here your ‘/interface bridge settings print’

omidkosari · September 25, 2008, 1:22pm

/interface bridge settings print
use-ip-firewall: yes
use-ip-firewall-for-vlan: yes

omidkosari · September 26, 2008, 7:20pm

no idea ?

netrat · September 26, 2008, 7:34pm

Please post

/interface bridge print
/interface bridge port print
/interface vlan print
/interface pppoe-server server print

I’ll setup a RB with your config and see if I get he same results.

omidkosari · September 26, 2008, 8:12pm

int br pr
Flags: X - disabled, R - running 
 0  R name="main-bridge" mtu=1500 arp=enabled mac-address=00:50:FC:F9:3D:EB 
      protocol-mode=none priority=0x8000 auto-mac=yes 
      admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s 
      transmit-hold-count=6 ageing-time=5m

int br por pr
Flags: X - disabled, I - inactive, D - dynamic 
 #    INTERFACE              BRIDGE              PRIORITY PATH-COST  HORIZON   
 0    ether1                 main-bridge         0x80     10         none      
 1    ether2                 main-bridge         0x80     10         none

i have no pppoe server or vlan on this mikrotik . but tested with combinations of vlan and no success

netrat · September 26, 2008, 8:14pm

So why are you trying to block VLANs on the bridge if you have none configured? You might have VLAN traffic over the bridge, but it isn’t PPPoE which is why your filter rules aren’t matching anything. Are you running a PPPoE server? I’m confused

omidkosari · September 26, 2008, 8:21pm

i dont want to block vlans .

ADSL users =====  SWITCH (tagged and untagged VLANs ) ==== Mikrotik Bridge ======  Mikrotik PPPOE server === internet

the configs i sent is for Mikrotik Bridge .

netrat · September 27, 2008, 3:01am

Yes I misspoke. Why are you trying to mark the packets on the vlans? Are you sure you have PPPoE traffic on the vlans going over the bridge?

omidkosari · September 27, 2008, 7:50am

of course i have pppoe traffic on the vlan over that bridge. one example reason is limit the pppoe discovery packets. and some other reasons.
thanks for pursuit

omidkosari · September 29, 2008, 7:48am

did you test it ? any news ?

netrat · September 29, 2008, 3:21pm

Yes the rules work fine for me. Try setting use-ip-firewall and use-ip-firewall-for-vlan to no.

omidkosari · October 1, 2008, 12:25pm

I already tested this such stuffs before . No other suggestions ?