Protocol 32

pikpik · November 21, 2012, 4:01pm

hi guys

how can i drop packets over protocol 32 via bridge filter ?

CelticComms · November 21, 2012, 7:54pm

Set the bridge to use the firewall (settings button in Bridge screen).

Add a filter to drop the protocol 32 packets in IP Firewall.

pikpik · November 22, 2012, 9:36am

is this correct?

/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-vlan=no

/ip firewall filter
add action=drop chain=forward comment=“” disabled=no protocol=32

or

/interface bridge filter
add action=drop chain=forward comment=“” disabled=no mac-protocol=0x20

It did not work I still see many pockets in torch

CelticComms · November 22, 2012, 4:50pm

I may have misread your original post. Are you seeing the traffic being forwarded to another interface? Remember that filtering on the forwarding chain will still allow the traffic to be seen in Torch on the source interface.

pikpik · November 22, 2012, 7:26pm

I have simple bridge and all interfaces in bridge port (3xeth 1x wlan(ap-bridge with some clients)). When i run torch command via wlan i see traffic on protocol 32 ~12mbps/~500pps. One ethers nothing. It is possible to block them on wlan interface?

CelticComms · November 22, 2012, 9:15pm

Is this IP protocol 32 decimal? or 32 Hex (i.e. 50). VPN traffic?

pikpik · November 23, 2012, 9:03am

It’s dec (32 MERIT-INP MERIT Internodal Protocol i think ). no vpn traffic.

This is what I observed:

I see this traffic on all MT devices with wlan (MP or PtP). But i think its caused by ap-bridge with clients.

On AP have few UBNT devices and some else i.e. CA8-4, RB etc. When i disable all of UBNT via access-list, above traffic disappears.

When i allow only one UBNT no matter which, traffic appears to go again.

AP conf: ap-bridge with wpa2-psk or wep, dynamic-wds, band b-g-a-n ( no matter), wireless prot. 802.11 only.

PS.sry for my eng

CelticComms · November 23, 2012, 10:29pm

It sounds as if the traffic is on the WLAN so remember that if clients are creating the traffic it will still be visible on the WLAN interface regardless of what you filter on the bridge. Possibly the MAC addresses involved mean that you are not forwarding it on the bridge anyway…

Does one of the clients have something streaming?

pikpik · November 26, 2012, 3:10pm

SOLVED!

It’s pppoe traffic. On station side in torch i see pppoe traffic ( the same as the bridge side ), but on the side of the bridge is seen as protocol 32 - i don’t know why. I think is ROS bug. This should be protocol 34916 (pppoe) not 32.

Thx for help CelticComms. karma for trying :>