BIG pppoe problems. HELP plz

franco · January 21, 2006, 9:18am

Hello,
I have a great problem.
I use MT with the version 2.9.10. Everybody dials in with pppoe. Everything runs except for a thing perfectly.
I have customers that have a Linksys WRT54G router. This dials in about pppoe.
Sometimes this equipment causes problems and tries to build up hundreds of pppoe connections and takes the MT to fall out.
I can see his Mac address, far nothing.
I can forbid to let build up several connections ??
Help please

hci · January 21, 2006, 6:05pm

In 2.8

[admin@router] interface pppoe-server server>set one-session-per-host=yes

Not sure on 2.9 release.

Matt

franco · January 21, 2006, 9:04pm

It is the problem that MT does not recognize it.
One Session is only if one logged in already not if one wants to log in first.
This has not solved my problem.
I need help urgents

franco · January 24, 2006, 3:28pm

nobody have an idea??

HarvSki · January 24, 2006, 4:14pm

Maybe you need to allow PAP etc.

franco · January 24, 2006, 6:54pm

I have activate PAP CHAP MSCHAP1 and 2 already.
This is not the problem.
Have you an other idea??

franco · January 30, 2006, 6:35pm

two day’s ago, I have the same problem again.
I need a solution.
Help me, please.

jager · January 31, 2006, 12:25am

Well, i also have a strange one…

01:21:25 pppoe,info PPPoE connection established from 00:40:F4:D9:AD:08 
01:21:25 pppoe,ppp,info <pppoe-0>: waiting for call... 
01:21:27 pppoe,ppp,info <pppoe-0>: terminating... 
01:21:27 pppoe,ppp,info <pppoe-0>: disconnected 
01:21:33 pppoe,info PPPoE connection established from 00:40:F4:D9:AD:08 
01:21:33 pppoe,ppp,info <pppoe-0>: waiting for call... 
01:21:35 pppoe,ppp,info <pppoe-0>: terminating... 
01:21:35 pppoe,ppp,info <pppoe-0>: disconnected 
01:21:41 pppoe,info PPPoE connection established from 00:40:F4:D9:AD:08 
01:21:41 pppoe,ppp,info <pppoe-0>: waiting for call... 
01:21:43 pppoe,ppp,info <pppoe-0>: terminating... 
01:21:43 pppoe,ppp,info <pppoe-0>: disconnected 
01:21:49 pppoe,info PPPoE connection established from 00:40:F4:D9:AD:08 
01:21:49 pppoe,ppp,info <pppoe-0>: waiting for call... 
01:21:51 pppoe,ppp,info <pppoe-0>: terminating... 
01:21:51 pppoe,ppp,info <pppoe-0>: disconnected

But it never crashed my Mtik…
Crashing must be caused by something else…

savage · January 31, 2006, 4:07am

Some of these, so called ‘broadband routers’ are VERY troublesome. I actually believe the WRT54G was one of the units that we had troubles with.

They simply do what they want, no questions asked. It’s not a fault with MT, it’s a fault with the hardware and some really weird incompatibility between certain PPPoE Servers. In some instances, we managed to get a few semi-stable by changing the MTU… It worked for some, for others, it didn’t.

Had it before as well, spend extensive time debugging this, and the end result was that I stoped supporting these ‘broadband routers’ on the network.

They simply cause to much trouble.

jager · January 31, 2006, 11:04am

In my case, 00:40:F4:D9:AD:08 is the only MAC address that connects every few seconds. But, it connects and DISconnects! So, it does not locks up my Mtik, just filling up the log with trash. I can live with it
But, in franco`s case, that client connects, does not disconnect, and connects again, making every time a new connection… this is really weird
Is there any possibility to ban the client by MAC?
It should help franco, at least it will fix his problem for a while… until a new strange client shows up…

savage · January 31, 2006, 11:08am

Wireless registration tables?

jager · January 31, 2006, 11:19am

In my case, I have more than 30 APs in town and surrounding villages, and VLANs are configured on our Mtik with PPPoE for almost every AP. APs are very mixed by its manufacturer. Who the hell will manually open every AP and enter the MAC?
I did not mean to ban the MAC on AP, rather on PPPoE server

savage · January 31, 2006, 11:25am

If you make a effort to just look arround in Winbox a little, you will see that you can also firewall (input, output, forward chains), based on mac address.

Go punch the mac address in there, and drop protocol=pppoe ?

It’s really not that difficult…

jager · January 31, 2006, 11:41am

Yap, you`re right, but it simply does not work
I made a rule in forward chain, in advanced typed in the MAC, and in action selected drop. In the list of available protocols, there is no pppoe, so I left it blank (all protocols).
Even then, this weird client comes every 5-6 seconds…

cmit · January 31, 2006, 11:43am

If I read your setup right, you are running the PPPoE server ON your MikroTik.
Then you better should place this MAC filter in the input chain rather than the forward chain…

Best regards,
Christian Meis

jager · January 31, 2006, 1:51pm

YES, im running PPPoE server ON Mtik.
I changed the rule to be in input, but still without luck

cmit · January 31, 2006, 1:54pm

Could you post the actual rule you have in your system?

Best regards,
Christian Meis

eflanery · January 31, 2006, 11:21pm

As a guess, the /ip firewall won’t match on this since it’s not IP, even though you can match MACs in there.

I would put the interface in a bridge group (even if it is the only one in there), run the PPPoE service on the bridge group, and block your problem MAC in /int bridge firewall (if 2.8) or /int bridge filter (if 2.9).

–Eric

jager · February 1, 2006, 12:38am

I agree with Eflanery. The /ip firewall won’t match on this since it’s not IP.
I will try to play arround with bridge group and post here the results.
Thanx for your posts and help!