Page 1 of 1

Marking Packets in v2 versus v3

Posted: Thu May 15, 2008 12:20 am
by e2346437
Hey Folks,
I'm adding VOIP priority to all the Mikrotik routers between my customers and my head end. I've just deployed a version 3.0 RB333 as an access point on a tower. It is configured with a WLAN interface, an Ether1 interface, and is bridging traffic from the WLAN to Ether1. From there it goes to a core MT router running 2.9.43.

I have deployed this config to mark the VOIP packets on the MT Access Point bridge and the core router:

/ip firewall mangle
add action=mark-packet chain=forward comment="" disabled=no \
new-packet-mark=VOIP passthrough=no src-address=64.x.x.x
add action=mark-packet chain=forward comment="" disabled=no \
dst-address=64.x.x.x new-packet-mark=VOIP passthrough=no

The problem is that the version 3.0 Mikrotik does not detect any VOIP packets, as evidenced by the lack of a packet count. However, the version 2.9.43 core router with the same config does detect and mark packets.

My colleaugue said, well, maybe MT bridges can't mark VOIP packets, but I proved him wrong by deploying the packet-mark config on an upstream version 2.9.43 bridge and it works just fine. The only problem is getting it to work on version 3.0.

I can verify that there is VOIP traffic on the AP as I can Torch the traffic.

So folks, what am I doing wrong? Is there something I should be doing differently? What should I try?

Thanks,
Eric

Re: Marking Packets in v2 versus v3

Posted: Thu May 15, 2008 2:50 am
by Chupaka
/interface bridge settings set use-ip-firewall=yes

Re: Marking Packets in v2 versus v3

Posted: Thu May 15, 2008 3:12 am
by e2346437
Thanks, that worked! What is the nature of this command? Why is it there?

Re: Marking Packets in v2 versus v3

Posted: Thu May 15, 2008 11:21 am
by janisk
if you want your bridge traffic to be passed ip (OSI layer 3) filtering, then you set this value, otherwise bridge traffic is considered to be mac traffic (OSI layer 2)