Hi all,
as a WISP, I’ve the following scenario at Customer’s site:
- CPE based on RB411 with ROS 3.14;
- CPE is configured in NAT Router with 3 IP addresses: static IP address on wireless interface, static IP address on eth interface, PPPoE client on wireless interface;
- static IP address on wireless interface is used for managemnet purposes;
- PPPoE assigned on wireless interface is the one used for Internet access, if PPPoE auth succeed;
- DHCP server runs on eth interface for Customer’s PC;
The above described is the “standard” configuration for Customers in NAT router. On top of that, with minor changes it is possible to build a NAT router configuration that allows PPPoE auth to pass accross the CPE, in order to allow PPPoE auth behind it. The scope of such a configuration is to give Customers the possibility to have PPPoE auth on their devices (PC, firewall, router) without giving them a pure bridge, that will cause the wireless network to be directly accessible by Customers. This is done as follows:
- creating a bridge that includes eth and wireless interface;
- adding a filter at MAC level that allows PPPoE discovery/session and drops all the other traffic;
This works perctly and allows to use a ATA or SIP phone behind the CPE to provide VoIP services without taking care of QoS on CPE: VoIP traffic is managed with its own dedicated channel (separete PPPoE atuh), different from all other traffic generated by Customer network.
There is only one problem: DHCP server on CPE. It is not possible to run the DHCP server on eth interface, it runs ONLY on bridge interface. This cause the DHCP server on each CPE to be available on the entire management network, so it cannot be used. I’ve also tried to drop DHCP discovery that reach the CPE (UDP traffic on port 67), but this doesn’t work.
Any advice on own this problem can be solved ?!?!? 
Rgds
