DPI filters not being obeyed
DPI filters not being obeyed
Re-creating this topic here on Routers subforums as @Vincent-TP requested so.
I have created 2 DPI Application Filter for my business network and from my tests I see that rules are not correctly followed.
DPI configuration:
First here is my DPI configuration. You can see all my VLANS area assined to 2 Application Filters.
The blocking filter: Personel_Filter
This is the default filter set for most VLANs on my network that filters the most of the stuff that doesn't belong company network and allows a related apps in Allowed_Class1, Allowed_Class2 and Allowed_Class3 rules etc.
The unrestricted filter: Yonetici_Filter
This filter only uses Allowed_Unrestricted_Class1 rule that allows all app traffic to pass through.
As you can see it flags all 2386 apps to QoS Class 1 which should allow the traffic.
My pc is set to VLAN that is assigned to the unrestricted filter: Yonetici_Filter
The problem
So basically I expect:
- All the PC and devices in other VLANs to get traffic blocked for apps like battlenet, steam, dropbox and discord.
- My PC that sits in specific VLAN (yonetici) with the unrestricted DPI filter (Yonetici_Filter) assigned should allow these apps.
In my tests though, I can see my own PCs traffic for apps like battlenet, steam, dropbox and discord is blocked.
When I click the details of the blocked apps, I can see my own PC is listed in details:
From my understanding rules from the restricting profile (Personel_Filter) is affecting my PC even though it should only be evaluated using Yonetici_Filter. Either I'm misconfiguring something here or there is a bug.
Any ideas?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Bonesoul wrote
In your case, you permit all traffic in Default network and restrict the games for specific groups.
In my use case (in a factory / business scenario) I need to apply strict restrictions on all networks including Default and only allow a few specific pcs to be unrestricted.
I guess this is the reason your setup and my one differ where mine doesn't work as I expected.
By the way I do also use oc-400 and have enabled logging traffic option.
Can you also show a sample QoS config of yours?
Thanks
Edit:
Upgraded to latest ER8411 firmware 1.3.1 but still the same issue.
And it is incorrect to use DPI for QoS. There is no possibility to use DPI to tag the traffic with priority.
And if you want it to be unrestricted on the VLAN you expect, you should leave it blank instead of selecting any of the apps. Do not select any of the apps if you need to allow.
I don't have QoS as it does not relate to the problem.
- Copy Link
- Report Inappropriate Content
No I want to default VLAN (1) to use strictly restricted filter and a specific vlan to bypass the restrictions and use a unrestricted filter as I've explained in my screenshots.
I suspect something is wrong with my VLAN interface settings, can you share your example configs vlan interface settings so I can compare yours and mine?
- Copy Link
- Report Inappropriate Content
> And if you want it to be unrestricted on the VLAN you expect, you should leave it blank instead of selecting any of the apps. Do not select any of the apps if you need to allow.
Tried this but still did not fix my problem.
I still think either I have a config problem with my VLANs or my 8411 router is not obeying the defined DPI rules. Can you show your examples VLAN config screenshots so I can double check?
Still looking for a solution for this.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 903
Replies: 13
Voters 0
No one has voted for it yet.