Code: Select all
/ip(v6) firewall mangle action=set-priority
I understand from-dscp-high-3-bits follows RFC8235, but how is it different from from-dscp?
And what is from-ingress? is it Layer 2 priority (such as 802.11 UP)?
/ip(v6) firewall mangle action=set-priority
"set priority" is only considered on the device that is actually potentially applying the priority setting to either a VLAN priority (CoS), WMM, NV2, or MPLS packet. In the case of VLAN priority (CoS) that is the device that is actually adding the tag to the packet, and the set priority has to happen prior to the point that the device adds the tag or it won't work. The VLAN priority will survive through other switches/bridges so you shouldn't need to set it on each layer 2 hop within a broadcast domain, only on the device that first adds the VLAN tag. In the case of WMM or NV2, the device that actually creates the WMM or NV2 packet (i.e. the wireless AP or SU) will need to be the one with the set priority action - however with WMM and NV2 priority this is extremely local and only survives this particular wireless link and not multiple wireless links in a chain. For MPLS, the router that applies the first MPLS label onto the packet must be the router that has the set priority action - when the packet moves from router to router, it will inherit the priority from the MPLS label.In general, when is the "set priority" considered?
In particular I have the following layout:
WAN <-- untagged --> bridge <-- tagged --> vlan interface (bridge vlan-filtering) <-- tagged --> RouterOS switches <-- tagged --> wlan (WMM enabled, vlan is set on the interface) ((( untagged ))) WMM and DSCP aware clients
I want WMM and DSCP to be retained and converted within LAN boundaries and drop priority on WAN ingress and egress.
1. What do I need to do, if anything, to make sure WMM priority is carried into VLAN CoS?
2. Do I need to do anything extra to prevent the CoS -> DSCP conversion before packets egress the WAN port?
viewtopic.php?t=149605 points that CoS may be cleared on a bridge. Although I'm not sure whether it applies to packets that go from one VLAN to another (both ports are part of the bridge, but with different tags) or even when VLAN header is untouched (both bridge ports belong to the same VLAN).The VLAN priority will survive through other switches/bridges so you shouldn't need to set it on each layer 2 hop within a broadcast domain, only on the device that first adds the VLAN tag.
I would take this with a grain of salt and confirm everything by doing packet captures. A MikroTik switch doing simple bridging should not result in the VLAN priority being changed for any VLAN tag that might be present. What I would expect to see is that the VLAN priority will be retained across all hops.viewtopic.php?t=149605 points that CoS may be cleared on a bridge. Although I'm not sure whether it applies to packets that go from one VLAN to another (both ports are part of the bridge, but with different tags) or even when VLAN header is untouched (both bridge ports belong to the same VLAN).
Do you mean that in this case CoS must be set "manually" via a set-priority from-ingress Bridge Filter rule?It is possible to have a bridge that removes and reapplies a VLAN tag, for instance!
Probably - I mean it is possible to have a bridge that connects two different interface VLANs on two different interfaces, and in this particular setup, I could understand the device treating them as two different VLANs where it would remove one tag and add the next. This is not the normal situation though.Do you mean that in this case CoS must be set "manually" via a set-priority from-ingress Bridge Filter rule?
a bridge that connects two different interface VLANs on two different interfaces
Yes, precisely, I could see this configuration potentially being seen as removing a VLAN tag and adding a new one, and therefore behaving differently than a bridge with vlan-filtering set to yes.Ah I see, a bridge where ports are VLAN interfaces (/interface vlan) and not a bridge with vlan-filtering=yes and differently tagged physical interfaces.Code: Select alla bridge that connects two different interface VLANs on two different interfaces
So if you want to convert WMM priority to CoS you will need to add a set priority to ingress priority rule on the device that is receiving the packet over wireless and applying a VLAN tag at the same time. If it is bridging you can use a bridge filter rule for this, forward chain. If it is routing you would use a mangle rule in the firewall, also forward chain.Assuming that clients do not utilize DSCP, where would you suggest to convert WMM priority from clients into CoS? I understand it must happen on the device that receives a wlan packet and then tags, but cannot quite grasp at what point exactly.
Since it's wlan interface that does tagging, should it be a rule on a wlan interface? What chain? IP Firewall Mangle or Bridge Filter?