Tagging dhcp6c request with a PRIORITY



  • My ISP Orange in France requires that dhcp6c6 requests are made on VLAN 832
    Thats easy using the VLAN settings and i can see my requested going out via a wireshark trace on VLAN 832 no issues.

    However any dhcp6c solicit request must also be made with VLAN PRI 6 where as all other traffic should pass with PRI 0

    I know that the dhcp6c solicit uses UDP source port 546 with destination port 547

    I've tried various combinations to create a firewall rule for this using the advanced settings under EXTRA OPTIONS of the firewall GUI specifically VLAN PRIO SET

    But I'm not getting any luck

    Could someone point me in the right direction please, screenshots of the rule would be amazing :-)



  • I assume by "VLAN PRI 6", I assume you're referring to the VLAN tag priority bits.  If so, that has nothing to do with pfSense or anything else at layer 3.  It's an Ethernet setting on your interface.  The VLAN tag would contain the VLAN ID and priority bits.  I believe you can use ethtool for this, but I've never tried it.  I'm not aware of any setting within pfSense that will set VLAN priority.  However, the wrong priority should not prevent it from getting through.


  • Banned

    VLAN priority is configurable when you create the VLAN. In the GUI. No need for ethtool.



  • OK, I guess it's just not configurable after the VLAN is created.



  • Thanks guys the problem with using vlan priority in the gui that way is it then sets the priority for all traffic on the vlan

    I need to change it just for dhcp6c solicit request

    Hence trying to use the vlan priority field in the firewalls config



  • I need to change it just for dhcp6c solicit request

    I don't think that's possible.  Everything in a VLAN gets the same priority.  Perhaps you meant the differentiated services bits in the IPv6 header?  Again, having a different value will not prevent the packet from being delivered, just affect the priority.



  • @JKnott:

    I need to change it just for dhcp6c solicit request

    I don't think that's possible.  Everything in a VLAN gets the same priority.  Perhaps you meant the differentiated services bits in the IPv6 header?  Again, having a different value will not prevent the packet from being delivered, just affect the priority.

    I didn't explain myself well JKnott. You hit the nail on the head. I don't want to block anything just change the priority of the one packet



  • Is it possible for you to provide exactly what Orange requires?  Do they not provide config info?  I completely fail to understand why they need a priority set for something like dhcp.  You'd normally use it for time sensitive applications, such as VoIP.  DHCP, including on IPv6 is a best effort protocol and if a response is not received, it simply tries again.  No need for any special priority.

    I used DHCP6-PD with my ISP and I don't have to do anything special.  It just works.


  • Banned

    I'd suggest to switch to a less idiotic ISP.



  • When I see someone make strange requrests, such as this, I often find there's a miscommunication somewhere.  What the OP is describing simply does not make sense.  For example, why is a VLAN needed to talk to a DHCP server?  Does the traffic also travel through that VLAN?  If not, then it's a really strange situation.  Also, as I mentioned, priority should have virtually no effect on DHCP operation.  I have seen VLANs used in commercial installations, but not home.  And in the case of commercial installations, VLANs were used because one carrier was connecting another to a customer they otherwise couldn't reach.  On the other hand, my ISP provides a modem/router that connects to the cable TV network and can be configured in either router or bridge mode.  Either way, it's just a plain Ethernet connection, without any need for priority, VLAN or anything else.


  • Banned

    Well, while the VLAN may make sense for things like triple-play, the DHCP priority tag is just a giant WTF.



  • I don't disagree with anything your saying either of you but I can assure you all Internet traffic must flow over vlan 832 (tv traffiic over 838 and ip phone 835)

    I didn't design this but it the way Orange in France is configure for FTTH

    I have a netgear switch currently achieving the priority setting for the dchp6c solicit so I know it's the right set up and my wirfeshark traces match those of the router supplied by orange

    If I take the priority off (remove the switch)  then I don't get an ip. If I tag the VLAN flow is about 10% of what it should be

    In short I don't think I'm misunderstanding what is needed in fact my current setup confirm this. I had just hoped to lose the netgear switch and use pfsense to set the priority

    I guess not


Log in to reply