Bonjour à tous,
Avec l'objectif de répondre aux difficultés de @jericho63, voici quatre configurations ultra-minimalistes permettant d'utiliser l'ensemble des services Live/Replay/VOD d'Orange. La livebox est une Livebox 5 et le décodeur testé est le Livebox Play. Je tourne sous CHR, mais dans ces configurations j'ai tenté de simuler un CCR2004-1G-12S+2XS.
Dans ces configurations :
- Le WAN est sur sfp-sfpplus1 ;
- Le LAN est sur sfp-sfpplus6 ;
- Le décodeur est directement branché sur sfp-sfpplus12.
Ces configurations sont ultra-minimalistes : aucun firewall, pas d'IPv6, ... L'objectif étant de se concentrer sur le décodeur.
Il faudra peut-être adapter les serveurs DNS Orange utilisés selon la localisation.
Après activation du firewall IPv4, il faut ajouter les règles suivantes en adaptant le in-interface selon la configuration utilisée, mais l'idée générale reste la même.
/ip firewall filter add action=accept chain=forward comment="Allow Forward Multicast Orange" dst-port=8200,8202 in-interface=wan840 protocol=udp
# La ligne suivante semble inutile en pratique ...
/ip firewall filter add action=accept chain=forward comment="Allow Forward IGMP Protocol" in-interface=wan840 protocol=igmp
# La ligne suivante semble inutile en pratique ...
/ip firewall filter add action=accept chain=input comment="Allow Input Multicast Orange" dst-port=8200,8202 in-interface=wan840 protocol=udp
/ip firewall filter add action=accept chain=input comment="Allow Input IGMP Protocol" in-interface=wan840 protocol=igmp
Configuration 1 : Aucun bridge, la CoS 6 n'est pas gérée. Elle l'est, par exemple, dans un CRS305 en amont du routeur. La CoS 5 est gérée dans la table mangle.
Configuration 2 : Introduction d'un bridge. Le vlan 832 est dans le bridge et la CoS 6 est gérée dans le bridge. Le vlan 840 est en dehors du bridge et la CoS 5 est gérée dans la table mangle.
Configuration 3 : Introduction d'un bridge. Les vlan 832 & 840 sont dans le bridge, la CoS 6 est gérée dans le bridge. La CoS 5 est gérée dans la table mangle.
Configuration 4 : Introduction d'un bridge. Les vlan 832 & 840 sont dans le bridge, les CoS 5 & 6 sont gérées dans le bridge.
J'ai très rapidement testé les quatre configurations et elles semblent fonctionnelles. Les configurations sont certainement perfectibles, n'hésitez pas à me faire part de vos remarques. Enfin malgré le durcissement des règles en début d'année, toujours pas de CoS 6 à Vannes (56), aussi je ne peux garantir les règles Cos 6.
Configuration 1 :
# 2023-08-17 10:20:33 by RouterOS 7.10.2
# software id =
#
/interface ethernet
set [ find default-name=ether1 ] auto-negotiation=no name=sfp-sfpplus1
set [ find default-name=ether2 ] auto-negotiation=no name=sfp-sfpplus6
set [ find default-name=ether3 ] disable-running-check=no name=sfp-sfpplus12
/interface vlan
add interface=sfp-sfpplus1 name=vlan832 vlan-id=832
add interface=sfp-sfpplus1 name=vlan840 vlan-id=840
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-client option
add code=90 name=RFC-3118-Authentication value=0x0000000000000000000000xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
add code=77 name=User-Class value="'+FSVDSL_livebox.Internet.softathome.Livebox5'"
add code=60 name=Vendor-Class-Identifier value="'sagem'"
/ip pool
add name=pool1 ranges=10.28.201.100-10.28.201.200
add name=pool2 ranges=192.168.2.100-192.168.2.200
/ip dhcp-server
add address-pool=pool1 interface=sfp-sfpplus6 name=server-DHCP-lan
add address-pool=pool2 interface=sfp-sfpplus12 name=server-DHCP-deco
/ip address
add address=10.28.201.1/24 interface=sfp-sfpplus6 network=10.28.201.0
add address=192.168.2.1/24 interface=sfp-sfpplus12 network=192.168.2.0
add address=192.168.255.254 interface=vlan840 network=192.168.255.254
/ip dhcp-client
add dhcp-options=Vendor-Class-Identifier,User-Class,RFC-3118-Authentication,clientid interface=vlan832
/ip dhcp-server network
add address=10.28.201.0/24 gateway=10.28.201.1
add address=192.168.2.0/24 dns-server=80.10.246.130,81.253.149.1 gateway=192.168.2.1
/ip firewall mangle
add action=set-priority chain=output new-priority=5 out-interface=vlan840 passthrough=yes src-address-type=local
/ip firewall nat
add action=masquerade chain=srcnat out-interface=vlan832
/routing igmp-proxy interface
add interface=sfp-sfpplus12
add alternative-subnets=193.0.0.0/8,81.0.0.0/8,172.0.0.0/8,80.0.0.0/8 interface=vlan840 upstream=yes
/system note
set show-at-login=no
Configuration 2 :
# 2023-08-18 08:51:36 by RouterOS 7.10.2
# software id =
#
/interface bridge
add name=Bridge-Wan
/interface ethernet
set [ find default-name=ether1 ] auto-negotiation=no name=sfp-sfpplus1
set [ find default-name=ether2 ] auto-negotiation=no name=sfp-sfpplus6
set [ find default-name=ether3 ] disable-running-check=no name=sfp-sfpplus12
/interface vlan
add interface=sfp-sfpplus1 name=vlan832 vlan-id=832
add interface=sfp-sfpplus1 name=vlan840 vlan-id=840
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-client option
add code=90 name=RFC-3118-Authentication value=0x0000000000000000000000xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
add code=77 name=User-Class value="'+FSVDSL_livebox.Internet.softathome.Livebox5'"
add code=60 name=Vendor-Class-Identifier value="'sagem'"
/ip pool
add name=pool1 ranges=10.28.201.2-10.28.201.100
add name=pool2 ranges=192.168.2.2-192.168.2.100
/ip dhcp-server
add address-pool=pool1 interface=sfp-sfpplus6 name=server-DHCP-lan
add address-pool=pool2 interface=sfp-sfpplus12 name=server-DHCP-deco
/interface bridge filter
add action=set-priority chain=output dst-port=67 ip-protocol=udp log=yes log-prefix="Set CoS6 on DHCP request" mac-protocol=ip new-priority=6 out-interface=vlan832 passthrough=yes
/interface bridge port
add bridge=Bridge-Wan frame-types=admit-only-vlan-tagged interface=vlan832 pvid=832
/ip address
add address=10.28.201.1/24 interface=sfp-sfpplus6 network=10.28.201.0
add address=192.168.2.1/24 interface=sfp-sfpplus12 network=192.168.2.0
add address=192.168.255.254 interface=vlan840 network=192.168.255.254
/ip dhcp-client
add dhcp-options=Vendor-Class-Identifier,User-Class,RFC-3118-Authentication,clientid interface=Bridge-Wan
/ip dhcp-server network
add address=10.28.201.0/24 gateway=10.28.201.1
add address=192.168.2.0/24 dns-server=80.10.246.130,81.253.149.1 gateway=192.168.2.1
/ip firewall mangle
add action=set-priority chain=output new-priority=5 out-interface=vlan840 passthrough=yes src-address-type=local
/ip firewall nat
add action=masquerade chain=srcnat out-interface=Bridge-Wan
/routing igmp-proxy interface
add interface=sfp-sfpplus12
add alternative-subnets=193.0.0.0/8,81.0.0.0/8,172.0.0.0/8,80.0.0.0/8 interface=vlan840 upstream=yes
/system note
set show-at-login=no
Configuration 3 :
# 2023-08-18 08:55:53 by RouterOS 7.10.2
# software id =
#
/interface bridge
add name=Bridge-Wan
/interface ethernet
set [ find default-name=ether1 ] auto-negotiation=no name=sfp-sfpplus1
set [ find default-name=ether2 ] auto-negotiation=no name=sfp-sfpplus6
set [ find default-name=ether3 ] disable-running-check=no name=sfp-sfpplus12
/interface vlan
add interface=sfp-sfpplus1 name=vlan832 vlan-id=832
add interface=sfp-sfpplus1 name=vlan840 vlan-id=840
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-client option
add code=90 name=RFC-3118-Authentication value=0x0000000000000000000000xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
add code=77 name=User-Class value="'+FSVDSL_livebox.Internet.softathome.Livebox5'"
add code=60 name=Vendor-Class-Identifier value="'sagem'"
/ip pool
add name=pool1 ranges=10.28.201.2-10.28.201.100
add name=pool2 ranges=192.168.2.2-192.168.2.100
/ip dhcp-server
add address-pool=pool1 interface=sfp-sfpplus6 name=server-DHCP-lan
add address-pool=pool2 interface=sfp-sfpplus12 name=server-DHCP-deco
/interface bridge filter
add action=set-priority chain=output dst-port=67 ip-protocol=udp log=yes log-prefix="Set CoS6 on DHCP request" mac-protocol=ip new-priority=6 out-interface=vlan832 passthrough=yes
/interface bridge port
add bridge=Bridge-Wan frame-types=admit-only-vlan-tagged interface=vlan832 pvid=832
add bridge=Bridge-Wan frame-types=admit-only-vlan-tagged interface=vlan840 pvid=840
/ip address
add address=10.28.201.1/24 interface=sfp-sfpplus6 network=10.28.201.0
add address=192.168.2.1/24 interface=sfp-sfpplus12 network=192.168.2.0
add address=192.168.255.254 interface=vlan840 network=192.168.255.254
/ip dhcp-client
add dhcp-options=Vendor-Class-Identifier,User-Class,RFC-3118-Authentication,clientid interface=Bridge-Wan
/ip dhcp-server network
add address=10.28.201.0/24 gateway=10.28.201.1
add address=192.168.2.0/24 dns-server=80.10.246.130,81.253.149.1 gateway=192.168.2.1
/ip firewall mangle
add action=set-priority chain=output new-priority=5 out-interface=Bridge-Wan passthrough=yes src-address-type=local
/ip firewall nat
add action=masquerade chain=srcnat out-interface=Bridge-Wan
/routing igmp-proxy interface
add interface=sfp-sfpplus12
add alternative-subnets=193.0.0.0/8,81.0.0.0/8,172.0.0.0/8,80.0.0.0/8 interface=Bridge-Wan upstream=yes
/system note
set show-at-login=no
Configuration 4 :
# 2023-08-18 09:25:40 by RouterOS 7.10.2
# software id =
#
/interface bridge
add name=Bridge-Wan
/interface ethernet
set [ find default-name=ether1 ] auto-negotiation=no name=sfp-sfpplus1
set [ find default-name=ether2 ] auto-negotiation=no name=sfp-sfpplus6
set [ find default-name=ether3 ] disable-running-check=no name=sfp-sfpplus12
/interface vlan
add interface=sfp-sfpplus1 name=vlan832 vlan-id=832
add interface=sfp-sfpplus1 name=vlan840 vlan-id=840
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-client option
add code=90 name=RFC-3118-Authentication value=0x0000000000000000000000xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
add code=77 name=User-Class value="'+FSVDSL_livebox.Internet.softathome.Livebox5'"
add code=60 name=Vendor-Class-Identifier value="'sagem'"
/ip pool
add name=pool1 ranges=10.28.201.2-10.28.201.100
add name=pool2 ranges=192.168.2.2-192.168.2.100
/ip dhcp-server
add address-pool=pool1 interface=sfp-sfpplus6 name=server-DHCP-lan
add address-pool=pool2 interface=sfp-sfpplus12 name=server-DHCP-deco
/interface bridge filter
add action=set-priority chain=output dst-port=67 ip-protocol=udp log=yes log-prefix="Set CoS6 on DHCP request" mac-protocol=ip new-priority=6 out-interface=vlan832 passthrough=yes
add action=set-priority chain=output log=yes log-prefix="Set CoS5 on IGMP request" mac-protocol=ip new-priority=5 out-bridge=Bridge-Wan passthrough=yes
/interface bridge port
add bridge=Bridge-Wan frame-types=admit-only-vlan-tagged interface=vlan832 pvid=832
add bridge=Bridge-Wan frame-types=admit-only-vlan-tagged interface=vlan840 pvid=840
/ip address
add address=10.28.201.1/24 interface=sfp-sfpplus6 network=10.28.201.0
add address=192.168.2.1/24 interface=sfp-sfpplus12 network=192.168.2.0
/ip dhcp-client
add dhcp-options=Vendor-Class-Identifier,User-Class,RFC-3118-Authentication,clientid interface=Bridge-Wan
/ip dhcp-server network
add address=10.28.201.0/24 gateway=10.28.201.1
add address=192.168.2.0/24 dns-server=80.10.246.130,81.253.149.1 gateway=192.168.2.1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=Bridge-Wan
/routing igmp-proxy interface
add interface=sfp-sfpplus12
add alternative-subnets=193.0.0.0/8,81.0.0.0/8,172.0.0.0/8,80.0.0.0/8 interface=Bridge-Wan upstream=yes
/system note
set show-at-login=no