I decided to work through the Getting Started documentation https://help.mikrotik.com/docs/display/ROS/Getting+started and came upon this statement in the First Time Configuration, after PPPoE is setup:
But, nowhere can I find out a justification for “Further in configuration WAN interface is now pppoe-out interface, not ether1”. Many people advise on this forum to have an Interface List “WAN” and have ether1 and pppoe-out1 in it and use WAN as the interface in firewalls, NAT etc.
But, what goes wrong if I ignore this and continue with rules and settings bases on ether1? And why? Is it because of something like OOP where the ether1 interface code has been “overloaded” by the PPPoE code and so other RoS components can no longer call ether1?
Also I do have an Interface List WAN and it has both pppoe-out1 and ether1 in it, can I delete ether1?
I’m more comfortable when I understand something rather than following rote!
That is just a warning for that specific configuration, that from the point when you add pppoe inteface it is considered a WAN interface.
You add multiple interfaces to WAN list only if you have multiple wan connections. in this case ether1 is not a wan connection, it is used just as a transport interface for the pppoe, so obviously any traffic except pppoe should not be accepted on that interface.
Because the pppoe client name provided is now considered the ACTIVE INTERFACE for wan traffic, not ether1.
Similarly like on my router I have a VLAN for fiber that is the active interface.
In these cases ether1 is not that relevant in rules and should not be used, as the interface list for WAN needs only pppoe-out1 or whatever you named the interface.
Thanks for responding. This is also making sense now. I have spotted that defconf puts ether1 into the interface list WAN, but when I added pppoe-out1 to WAN, I didn’t remove ether1 from the list. I have now. I’m not sure it makes a big difference, but I like configs to be clear and understandable.
