802.1p tagging not working (BellAliant FibreOP)
-
Hey all,
I have BellAliant FibreOP, they stick IPTV, internet, and voice over one fibre. There is an ONT unit that converts the fibre to an FXS voice port and a single gigabit RJ45. BellAliant provides a useless ActionTec router that takes the gigabit connection from the ONT and uses VLAN 35 for internet access (DHCP for IP address) and then uses VLAN 34 for IPTV.
The issue at hand is this, when the IPTV box send its data on VLAN 34 it doesn't attach a 802.1p tag. That is left up to the router to do before it sends the data out on VLAN 34 to the ONT. The BellAliant network will drop/ignore any IPTV VLAN 34 packets that are not tagged with 802.1p priority 4 (video/VI).
I am using two Intel PRO/1000 NICs for the ONT WAN connection and IPTV data, with an onboard Broadcom gigabit for the LAN. I have pfSense working perfectly with the WAN selected as em0_vlan35 with DHCP, but when capturing packets on the WAN VLAN 34 (em0_vlan34) I see that they are always priority 0. I have set firewall rules to allow any traffic in and out of the OPT1 (em0_vlan34) and OPT2 (em1_vlan34) and to set a 802.1p tag as 4 (VI) both ways on both interfaces. So it looks like this:
WAN -> em0_vlan35 (142.163.x.x DHCP)
LAN -> bge0 (10.100.100.1/24)
OPT1 -> em0_vlan34 (no IP)
OPT2 -> em1_vlan34 (no IP)
bridge0 -> OPT1, OPT2Firewall rules for OPT1 and OPT2 are like this:
Any in, any out, anywhere. Any inbound ('none') 802.1p tag, outbound VI (4).This patch is what lead me onto using 2.1 dev, https://github.com/vizvayu/pfsense/commit/1346306cf7bdc82d4f33b607e46452fe6efa691f but there is a slight bug in the code. This is the change I made to allow me to select a different match (input?) priority than the outgoing tag when going back to the page to edit the rule.
> "> - > $vlanprio = array("none", "be", "bk", "ee", "ca", "vi", "vo", "ic", "nc"); $vlanprioset = array("none", "be", "bk", "ee", "ca", "vi", "vo", "ic", "nc"); $opts = ""; foreach($vlanprio as $vprio) { if ($vprio == $pconfig['vlanprio']) $selected = " SELECTED"; else $selected = ""; if ($vprio == "none") $opts .= "<option value="\"\"" {$vprio}="">{$vprio}</option>\n"; else $opts .= "<option value="\"{$vprio}\"" {$selected}="">" . strtoupper($vprio) . "</option>\n"; } $optsset = ""; foreach($vlanprioset as $vprioset) { if ($vprioset == $pconfig['vlanprioset']) $selected = " SELECTED"; else $selected = ""; if ($vprioset == "none") $optsset .= "<option value="\"\"" {$vprioset}="">{$vprioset}</option>\n"; else $optsset .= "<option value="\"{$vprioset}\"" {$selected}="">" . strtoupper($vprioset) . "</option>\n"; } ?>But it seems that the 802.1p firewall rules really don't work, did I do something wrong or is there something else I can try?
Here is a screenshot of the packets captured on the WAN after turning on 802.1p VI in the firewall rules, VLAN is set properly but PRI is still 0 (best effort/BE):
Any help would be appreciated, getting the TV working is the last step to having super awesome 50/30 internet that doesn't crap out when torrenting ;)
-
Forgot to mention I'm using the snapshot from Sept. 23, 2012, I had upgraded from 2.0 stable using the .tgz.
-
I have a similar setup as the OP, waiting on this functionality as well. Would be awesome to replace unreliable residential gateways.
-
I'm running 2.0.1, looking forward to using 2.1 and removing the ActionTec…
Please follow up here with any more news/updates... Or if there is anything I can try...
-
I haven't heard of any updates so I ended up using an old Nortel BayStack 420 to do my VLAN and 802.1p tagging for data, left the ActionTec in place for TV. My network now looks like this:
ONT -> D-Link 10/100 Switch -> ActionTec (WAN internet turned off) VLAN 34/802.1p VI/4) -> Coax and Ethernet to Motorola Boxes | ^ | | LAN port | | OPT1 DHCP (this is for management of the ActionTec, | | and I should be able to creatively route packets from Motorola boxes on my usual network) | ^ -> BayStack Trunk port -> VLAN 35 untagged port -> pfSense box -> Usual networkAnd it actually works fine! :D