Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DSCP leak from comcast Business class on Netgate SG5100

    Scheduled Pinned Locked Moved Traffic Shaping
    3 Posts 3 Posters 805 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      Kerat
      last edited by Kerat

      I am building out a fleet of Netgate SG-3100/5100 Firewalls at 19 locations. We are going to have dual WAN connections and are have implemented at about half the sites. One connection is a MOE connection and we are allowed to pass DSCP tags without trouble. Our secondary connection is a mixture of Comcast Business Class Internet or fiber DIA connections. We are noticing that connection Zoom and Teams traffic from the Comcast Business Class Internet connect often have poor connectivity on wifi only (unifi). After further testing it seems that packets from the ingress seem to leak DSCP settings Comcasts network and WMM is reading these settings and categorizing the traffic to the endpoints as CS1 instead of EF. My thoughts on countermeasures are:

      1. see if there is a way to reset the DSCP tag to DF or AF on inbound traffic from the Comcast Business class connection.
      2. Reach out to Comcast and see if they can strip the DSCP tag coming into our network (I am not hopeful that their support number will understand what I am asking for).
      3. see if it is possible to set the wireless AP to ignore WMM.
        Has anyone else had this problem and been able to address it?
      A johnpozJ 2 Replies Last reply Reply Quote 1
      • A
        amessinamessinet.com @Kerat
        last edited by

        @kerat Unfortunately, I am seeing the same issue. From https://docs.netgate.com/pfsense/en/latest/trafficshaper/dscp.html, all I can see is "Warning: pfSense software does not support the setting or changing of DiffServ values, only matching." 😞

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator @Kerat
          last edited by johnpoz

          @kerat Why would you not strip the tags or mark how you want as it enters the network from the AP.. At your switch?

          As to disable wmm on unifi ap I found this.

          https://omg.dje.li/2020/02/disabling-wmm-on-ubiquiti-unifi-uaps/

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.