Hi there,
I would like some of you guys help with this issue I am having with packet marks.
One of our customers wants us to create three user groups on a single subnet, business, employee and vip.
Guest network is a hotspot, and works seperately from the internal network.
The reason why they want a single subnet instead of three seperate ones is not relevant.
I accomplished this by using address lists and blocking traffic from one address list to another.
Each group has to be marked with a seperate DSCP flag, so the modem can keep the traffic seperated.
I used some old mangle rules from a previous configuration I made, where different subnets where used to seperate and mark traffic.
At first I tested this configuration using three seperate subnets, and it worked.
Then I tried changing the src-address ranges to src-address-list, then the packet marks stopped working.
Only the first rule matches and marks the traffic, and the last rule marking with a DSCP flag.
I tried different settings on the packet marks for the business network, but none of it worked.
The TCP ACK packets have to go through a different DSCP flag, this is tested and works, I tried disabling those to check if this caused the issue, but it didn’t.
The mangle rules are attached to this post, could you have a look and tell me what goes wrong?
If you have any questions, feel free to ask.
I hope you can help me, because I am stuck on this part of the configuration, the rest works fine.
mangle rules.rsc (4.95 KB)