Dear Community,
We have a bit deep problem, so I’m trying to be as detailed as possible:
VLAN 255 - Management vlan (nat ip range, 10.x.x.x), all routerboards has ip address from this vlan
VLAN 3 - Vlan for user internet access (Generally at the moment it consist one /24, and 2 /26 public ip range)
There is a setup with the following:
[]RB333 #1 -
[]ETH1 - connected to a Cisco 2950 switch, this is where the internet coming from, Tagged mode
[]WLAN1 - Internet forward (WDS)
[]BRIDGE1 - This holds : VLAN3, VLAN255, ETH1, WDS1 (The VLANS’s interface is the BRIDGE1)
-
Site 1
[]RB532 #1 -
[][]WLAN1 - Gets the internet from RB333 #1
[][]ETHER1 - forwards the traffic coming from the WLAN1
[][*]BRIDGE1 - Again it is the same, VLAN3, VLAN255, ETH1, WLAN1 (Again the VLANS’s interface is BRIDGE1) -
Site 1 - other side of the building
[]RB532 #2
[][]ETH2 - gets all traffic from RB532 #1
[][]BRIDGE1 - Holds : ETH2 , WLAN1 (WDS1) (This forwards the two vlans in tagged mode) (This bridge is the interface of the VLANS)
[][]BRIDGE2 - Holds : VLAN3 , WLAN2, ETH1, ETH3 (Client access)
[][]ETH1 - Client access (Vlan 3 in untagged mode)
[][]ETH3 - Client access (Vlan 3 in untagged mode)
[][]WLAN1 - WDS AP Mode (Forwards all vlan’s to the next endpoint)
[][*]WLAN2 - Client access (Vlan 3 in untagged mode)
The problem is, that the traffice, coming from ETH3 gets “forwarded” to WLAN1 at RB532#2 therefore the wlan bandwidth got eaten up by only this kind of traffic. We’ve tried with bridge filtering, but ip filter is greyed out at thet point, but the main task would be : DROP all traffice coming from ETH3 and going to WLAN1 , with source ip address xxx.xxx.xxx.xxx.
We were trying to mark the packets, but it is nearly impossible to tell on which interface the ip traffic is originating (although we know, that the client with the specific ip address is sitting behind ETH3 on RB532 #2), therefore we think normal firewall rule will not be able to help us out. We have switched on IP Firewall on, and IP Firewall on VLAN on in the bridge settings
I almost forgot to mention, all routerboards have been upgraded to 4.5 from 3.30, but it didn’t add, nor took anything from this case.
Please give us some suggestions.
Many thanks,
Balazs Kovacs
InterEuro Computer Ltd.
Hungary