The PPPoE clients are connected to a switch and send their traffic untagged, this traffic is then send tagged to the CCR2116 (sfpplus1 ->VLAN 101 & 102). This is working and both PPPoE clients have a working PPPoE session.
The problem is that the PPPoE client can ping IP address 100.64.102.1 (this IP address is on the CCR2116) but can't ping 100.64.102.2 (next hop behind the CCR2116).
As soon as I start the sniffer on the CCR2116 (/tool/sniffer/quick interface=sfp-sfpplus1) the ping from the client is working?? Also the very first ping from the client, directly after the pppoe sessions is established, is answered al subsequent pings are failing.
I tried disabling l3-hw-offloading and also tried the latest 7.20.4 release, but that all makes no difference.
So is the router providing vlans or the CCR, as I see no router setup and thus no way for it to work as PPP server. It looks like the CCR is setup as a switch???
The config export shown is the config of the CCR2116 (which must act as a PPPoE server). All PPPoE clients are in a different VLAN (in my example 101 & 102).
The switch in the picture is a simple cisco-look-a-like switch with the following config
The router in my setup is not providing VLANs. The router has only one interface with IP-address: 100.64.102.2/30 and this interface is directly connected to the CCR2116 (sfp-sfpplus3). Besides the interface IP-address the router has a static route: 100.64.0.0/10 -> 100.64.102.1
It might have something to do with FastPath. In your configuration, FastPath is probably in use, because the conditions are satisfied (no firewall, no connection tracking, no queue, no VRF, no IPSec, no hotspot), and the FastPath bridge handler is used.
When you turn on the sniffer, FastPath (and the FP Bridge handler) is disabled. If everything works then, then FP might be the culprit.
What you can try, is to move sfp-sfpplus1 out of the br bridge, keeping it as a standalone port. Of course, also remove the related entry under /interface bridge vlan. Then in your PPPoE Server config, use interface=sfp-sfpplus1 instead of interface=br. That way, the bridge FastPath will not be involved.
Or maybe keep the port in the bridge but disable FastPath. There are two places where that can be turned off though, /interface/bridge/settings/set allow-fast-path= and /ip/settings/set allow-fast-path=.
The PPPoE server is not hardware offloaded anyway, and because you use pppoe-over-vlan-range, the VLAN filtering function of the switch chip is also not used.
FastPath was indeed causing the issue. Disabling FastPath on the bridge or global makes my configuration work. Thanks for pointing me in the right direction!
Moving sfp-sfpplus1 out of the bridge and use it directly in the PPPoE server configuration did not work.
The below configuration also works, but according to this document Layer2 misconfiguration - RouterOS - MikroTik Documentation this is not the correct way of configuration and that's the main reason I was looking for an alternative configuration.
The disadvantage of this configuration is that it doesn't use pppoe-over-vlan-range and that I need to configure a vlan interface for each PPPoE session....
So my final question is: what is the preferred/best configuration for such a PPPoE server setup (using a CCR2116)?
Maybe you can report it as a bug to MikroTik Log into Atlassian - Support, so that they can make enabling pppoe-over-vlan-range on PPPoE server automatically bypass FastPath, similar to how enabling any of these:
