![]() By default, all packets (incoming and locally generated) inside the router have priority 0. To be able to use multiple WMM access categories, not just best effort where all packets with default priority 0 go, priority must be set for those packets. Mikrotik AP and client classifies packets based on the priority assigned to them, according to the table (as per WMM specification): 1,2 - background 0,3 - best effort 4,5 - video 6,7 - voice. AP does not have control over how clients are transmitting packets, and clients do not have control over how AP transmits packets. QoS policy (different handling of access categories) is applied on transmitted packets, therefore the transmitting device is treating different packets differently, e.g. the "normal" and the fasttrack rules).WMM works by dividing traffic into 4 access categories: background, best effort, video, voice. Firewall rules effectively work on initial packets, the rest are usually treated by generic "allow established,related" rules (yes, two. which means that traffic originating in the opposite direction will be allowed. allow DHCP from clients)Īdd action=drop chain=input in-interface=vlan101Īdd action=drop chain=forward in-interface=vlan101 out-interface-list=not_from_vlan101īeware that with stateful firewall blocking rules are "uni directional". ![]() # you might want to create some rules allowing specific traffic and place them above these drop rules (e.g. # arrange the following rules to make sure that not wanted traffic is blocked while the rest of traffic is still allowed to pass Add comment="should not connect to vlan101" name=not_from_vlan101Īdd list=not_from_vlan101 interface=vlan100Īdd list=not_from_vlan101 interface=vlan102Īdd list=not_from_vlan101 interface=vlan103Īdd list=not_from_vlan101 interface=vlan104 ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |