1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

QOS and VLAN

Discussion in 'Tomato Firmware' started by tompson, Nov 10, 2012.

  1. tompson

    tompson Serious Server Member

    I'm running Tomato 1.28.0000 MIPSR2-102 K26 USB AIO-64K on Asus RT-N66U

    I have the following configuration:
    2 LANs: br0 with the subnet 192.168.0.0/24 dhcp enabled + br1 with the subnet 10.0.0.0/24 dhcp enabled.
    I added a virtual wireless interface wl0.1. SSID is set to broadcast and it's defined as an access point. This virtual wireless interface is bridged to br1. (this is in use for my guests)
    A new VLAN, vlan 3, set to bridge to br1.
    I set up a bandwidth limit for LAN1(br1) + some access restriction;
    Everything works well!!

    Now I would like to implement QOS.
    I started observing info reported in QOS> View Details and here I found very strange behavior.

    I can see all the source/destination connection related to LAN(br0) but nothing is reported related to LAN1(br0). The only traffic that I can see for LAN1(br1) is from router (10.0.0.1:53) to client (10.0.0.x:y) that afaik should be the answers to DNS requests.

    I checked via shell with the command “cat /proc/net/ip_conntrack” and here I can see also the traffic related to LAN1(br1).
    Is there any reason why LAN1(br1) traffic is not reported within the tomato QOS> View Details interface?

    I add the following:
    - In IP traffic all the traffic from clients in LAN1 is well reported;
    - Web usage for clients in LAN1 is well reported;
    - Access restriction related to MAC / IP address in LAN1(br1) are working;

    I really like tomato, and I would like to understand reasons for this odd behavior.
    Hope to gave you all the needed info to let you understand my problem.

    Thanks in advance
    Bye
     
  2. tompson

    tompson Serious Server Member

    Any help here?

    I'm a little bit confused...
    Am I the only one with facing this problem? therefore nobody can help me?
    Am I the only one using guest netwok and tryong to setup QOS?

    Would be very helpfull from me to have any kind of feedback from you, i.e:
    - different configuration, sorry I cannot help;
    - diferent configuration here, but I'll give a try..:)
    - same configuration here, but I do not see the same odd behaviour;
    - same configuration here, same odd behavior..
    - It is well know this is not working...

    Please let me know
    Thanks
     
  3. Porter

    Porter LI Guru Member

    What you are doing is a bit exotic and the QoS-system doesn't seem to understand this. That's why you can't see all your connections. What's more important is that QoS works.

    I take it you want tp limit your guest LAN, right? Did you implement a filter on the Classification page that puts traffic to and from your guest LAN 10.0.0.0/24 into a sperate class?

    Did you then try if the filter worked be doing a speed test from inside your guest LAN?
     
  4. tompson

    tompson Serious Server Member

    First of all thanks a lot for your feedback.

    What do you mean with "exotic"? Can you suggest a more traditional configuration to have a guest network isolated and not affecting (too much) the performance of the users in the main lan?

    I created a filter in the classification page (based on the source address)

    To be more precise now I can see also the traffic related to the guest network in the proper class as defined
    Unfortunately the connection list for guest (i.e. for web usage) as: Source=internet host ip, S.Port=80, Destination=my wan-ip, D.Port=xxxxx
    Normally for the main LAN the same connections are listed as Source=Client LAN ip, S.Port=xxxxx, Destination=Internet host ip, D.Port=80

    As written before, the command “cat /proc/net/ip_conntrack” always list the connection in the correct way.
    Is then this behaviors a bug?
    Can I hope to see it fixed in a future release?

    Thanks a lot
     
  5. Porter

    Porter LI Guru Member

    Having a guest LAN is somewhat exotic. That's why you can't see everything in QoS/Details, because nobody checked whether this worked flawlessly with QoS. I don't see it getting fixed either because it's just cosmetics. This is an open source project so feel free to get involved.
     
  6. sfbob

    sfbob Serious Server Member

    One work around is to make your "guest" network the main network and your personal network the virtual network you have actually added. Assuming you do not need Qos on your personal network, you will be able to apply Qos rules to the guest network. I have observed similar behavior on several routers several months ago....Qos does not seem to have visiblity of the virtual network. The drawback in doing this is the "guest" network would have access to files on the virtual network unless you write rules to prevent this.
     
  7. tompson

    tompson Serious Server Member

    Ok, guest wireless LAN could sound exotic but I see it more & more offered in the new routers in the stock firmware.
    Anyway the behaviour is the same if we run a second internal LAN not necessary dedicated to guests, and let me say this should be a little bit less exotic situation.
    I general I think could be helpful to check the list of internet connections generated from a client indipendently of his LAN. Even if not strictly related to QOS implementation. Isn't it?

    Get involed? How could it be? Not sure to have the right skill to do it..:-(
     
  8. tompson

    tompson Serious Server Member

    sfbob:
    QOS seems to work on both the LANs.
    The only problem is the odd reporting of the connections list in QOS detail (see previos post)
    > QOS classification ok
    > source/destination not ok
     
  9. darkknight93

    darkknight93 Networkin' Nut Member

    in fact i'm facing the same issue. i have configured br1 as seperate vLan and created some firewall rules to prevent access from br1 to br0 or the router's interface/dns service.

    I want to limit bandwith for br1 and control the priority of services for br1.

    If i get my setup running, i'll post :)
     

Share This Page