I have a big 48ports managed switch, on this switch there are connected two ONT/PON zyxel adapters over their eth port, each one is equipped with 1 / 500 Gbs fiber connectivity of the same ISP and two masks of public IPs that I need for my stuffs. The ISP gived to me 2 different pppoe credentials but same name service 1GB FIBRA
Les’s say that the first one is pppoe-server-1 and the second one is pppoe-server-2
Now on this particular switch I have two routers one is a mikrotik CCR and a second one is a pfsense box. What I want is to use the
mikrotik as pppoe client for pppoe-server-1
and the
pfsense box for pppoe-server-2.
what happens is that both mikrotik and pfsense authenticates on pppoe-server-1(probably because the provider gives to me the possibility to connect to each pppoe server through same credentials). So the questions is how can I choose beetween the pppoe servers? I have to use vlans? or maybe I can call the provider and ask for changing the service name? many thanks
The optimum solution depends on the actual goal. If the goal is redundancy, you would want each client to use a different physical path, so the first thing to do is either to remove the 48-port switch from the path between the client and the ONT, or to add another (maybe smaller) one so that each client - ONT pair was connected to a different switch (and the two switches may be interconnected).
Regarding forcing the client to use a particular RAS at ISP side, the easiest way is to block pppoe-discovery responses from the unwanted server using L2 filtering, but such a solution is not maintenance-free as the ISP may change the hardware from time to time.
Normally, both servers respond the client’s PADI with a PADO, and the client chooses one of them and initiates the session towards it.
the goal is not redundancy, I need to use both the connections for different reasons, in example I need a certain scheme of public IPs, and this particular provider doesn’t gives to me more than 8 IPs per contract. I do not want to add more hardware to my scheme, can I use some sort of vlans on my switch to fisically separate the 2 onts?
There are some properties of pppoe-client, such as ac-name and service-name … but then it depends on ISP how (and if) they implement these properties on their PPPoE servers.
Anyway, either you use VLANs to tie both of your boxes to their respective WAN links, or ask ISP if you can use one of above-mentioned properties. I’m not sure how pfSense implements those properties on their PPPoE client so you may have to go with VLANs (inside your switch that is) anyway.
You can try many things, bridge filters are one possible way. IMHO blocking certain possible connections could lead towards unstable operation. Using VLANs is IMHO the right solution, it was made for such challenges …
Not the MAC address of the ONT but the MAC address of the PPPoE server. The ONT is L2-transparent for pppoe and pppoe-discovery traffic. And you need the L2 firewall, i.e. the /interface bridge filter rules.
