Dear Normis,
Problem in short: Currently it’s not possible to Filter DHCP and PPPoE requests.
Problem in long:
currently Packet flow for inbound packets comes up first to the the PPPoE and DHCP Services and second to the Firewall Services. So a Packet never reaches any Bridge-Firewall or IP-Firewall if handled through PPPoE or DHCP.
So it’s not possible to filter, drop or mangle any PPPoE or DHCP Packet before letting them pass to the PPPoE or DHCP Server.
For my point of view it’s important for a concentrator to have this firewalling possibility, because if a PPPoe or DHCP Service gets flooded by a lot of invalid requests, we are in real trouble.
The only possibility to solve this design issue now, is having an additional ROS-Box before the PPPoE or DHCP Concentrator, which Filters this kind of traffic for L2-floodings. This is technical not possible, because of loosing PPPoE redundancy in our decentralisized design with a lot of VLANS.
Any comments & ideas are welcome!
Kind regards from Austria,
Wolfgang