How to set priority code on vlan (for pppoe)

Zoolander06 · July 30, 2019, 9:08am

Hello folks,

I have a SDSL access, and my ISP ask me to set a pppoe session over the vlan2900, with the priority code 2.
Before I was working with Zyxel, and I just had to specify priority code in vlan settings.
Now I work with Mikrotik (and I love the freedom they offer), and I don’t know how to do that.
I tried a mangle rule :

/ip firewall mangle add action=set-priority chain=output new-priority=2 out-interface=vlan2900 passthrough=yes

But I don’t see any traffic going through, so I don’t think it works.
I think that’s because firewall works on layer 3 when pppoe is layer 2, right ?

So, could anybody explain to me how to do what I want to do (if possible) ?

Thanks

Zoolander06 · July 30, 2019, 9:16am

I reply myself

What if I do that ?

/interface ethernet switch rule
add new-vlan-priority=2 ports=ether1 switch=switch1
/interface ethernet switch vlan
add independent-learning=no ports=ether1 switch=switch1 vlan-id=2900

Is that correct ? I’m not sure how vlan works on switch level…

msatter · July 30, 2019, 11:14am

I can only set the vlan and I do it in /interface vlan

Then PPPoE uses the VLAN interface as exit and the VLAN uses WAN as exit (eth1 in your case)

You have to state which router you use because some like mine can do only software VLAN.

Zoolander06 · July 30, 2019, 12:07pm

Yes you’re right, but my problem is that I have to set a priority code on the VLAN, and I want to be sure I do it the right way.

sindy · July 30, 2019, 12:21pm

You’re right that PPPoE is L2 so /ip firewall rules do not handle PPPoE frames.

But as /interface ethernet switch rules act on ingress frames, you have to set your rule to match the CPU port of the switch. As there is an issue with matching VLAN ID, you’ll have to match on the MAC address instead, see this post.

Zoolander06 · July 30, 2019, 2:59pm

Thank you Sindy for this explanation

I don’t understand how the MAC address matching work.
Do I have to match on the MAC address of the SDSL modem ?

Joris

sindy · July 30, 2019, 3:44pm

Hm, it should be the MAC address of the remote PPPoE server, but as I think of it, it seems we have a deadlock problem here, as you don’t know its MAC address until it answers and it doesn’t answer until you set the VLAN priority.

So try to match on src-mac-address first:
/interface ethernet switch rule add switch=switch2 ports=switch2-cpu src-mac-address=mac:add:ress:of:eth:er1/ff:ff:ff:ff:ff:ff new-vlan-priority=2

If it doesn’t help, just set the vlan priority of all packets from CPU to 2:

/interface ethernet switch rule add switch=switch2 ports=switch2-cpu new-vlan-priority=2

And if even that doesn’t help, post your configuration according to the hint in my automatic signature below.

Zoolander06 · July 30, 2019, 4:00pm

I will try with src mac address.
If I tag everything with priority code 2, I think it will break my local network too…

sindy · July 30, 2019, 4:14pm

It should not as normally only advanced L2 equipment cares about that field, and it only uses it to choose which frame to send next out a given egress port if several have arrived while the previous one was being sent. So unless there is a constant overbooking on a link, the frames with lower priority are just delayed, not dropped.

I don’t understand what makes some ISPs misuse 802.1Q as a kind of sub-address of the VID, except that they want to prevent people from using their own gear, but when this is the intention, it makes no sense to tell the customer how to set the gear.

Zoolander06 · August 7, 2019, 10:25am

Yes but some equipements won’t process Ethernet frames with 802.1q added bytes, I think…

I managed to get it working by matching mac address. Actually, I know mac address cause even without the priority code set, PPPoE works, the only thing is that upstream bandwith is quite limited.

So, I have to match the mac adresse 06:47:01:00:00:00 in my switch rule, and everything is fine.
I don’t really understand what is this mac address, but I found it by capturing frames on the ethernet port…

Thanks for your help

Joris

Filament · February 11, 2020, 6:14pm

Guys,

What would be the correct way to insert QoS priority in this situation?

I’m trying to configure a Mikrotik Hap Ac2, which is connected to a Nokia ONT (this ONT is supplied by the ISP)

I’m currently using this config:

/interface vlan
add interface=ether1 name=vlan24voda vlan-id=24
/interface pppoe-client
add add-default-route=yes allow=pap,chap disabled=no interface=vlan24voda keepalive-timeout=60 max-mru=1492 max-mtu=1492 name=pppoe-voda password=BLABLA user=LWN1234567890@lowi

But I’d like to insert the correct QoS tag. Should I configure the mangling in the VLAN interface?

/ip firewall mangle add chain=postrouting action=set-priority new-priority=3 out-interface=vlan24voda

Or should I mangle it in the PPPoE interface?

/ip firewall mangle add chain=postrouting action=set-priority new-priority=3 out-interface=pppoe-voda

Which of the two options is correct?

Kind regards.

Zoolander06 · February 17, 2020, 4:51pm

Hello,

Sorry for the late answer.
Actually, you can’t do that with a mangle, you have to do that with a switch rule :

/interface ethernet switch rule
add new-vlan-priority=3 ports=switch1-cpu src-mac-address=[interface_mac_address]/FF:FF:FF:FF:FF:FF switch=switch1

The mac address is the one of the interface on which your ONT is connected.
The port and the switch could vary depending of your hardware, I don’t know the hAP AC2, but I use this rule on a RB2011, which use the same switch chip.
I hope this will help you.

Joris