How to block PPPOE Servers run from clients

ViREnG · April 10, 2013, 3:38pm

Hello friends
I have problems with some clients run pppoe server on their network and catch our clients pppoe packets username / password
I’m using Central PPPOE Servers and and transfer each pppoe server to second routers via EoIP Tunnel (each PPPOE Server run on each EoIP)
the below image is one of my second routers give a pppoe server from EoIP Tunnel and bridged with other external ports but one client run a pppoe server on he’s network and catch username/password of my customers.
I’m using a some filter rule on bridge filter but don’t work and can be see too on pppoe scan tools :

HOW can I Prevent this problem ? or block clients to run a pppoe server (or drop pppoe server packets from clients to router ? )

thanks

sup5 · April 10, 2013, 4:29pm

Just make sure to isolate all users. This way no firewalling is needed at all.
The process has several names:

horizon bridging
private vlan edge (PVE)
port isolation
disabled default forwarding (WLAN)

ViREnG · April 11, 2013, 12:13pm

I was disable the default forward on wlans and use below bridge filter rules for client isolation and accept my pppoe server :

[admin@MikroTik] /interface bridge filter> print
Flags: X - disabled, I - invalid, D - dynamic 
 0   chain=forward action=accept mac-protocol=pppoe 
 1   chain=forward action=accept mac-protocol=pppoe-discovery 
 2   ;;; DROP Communication
     chain=forward out-bridge=bridge1 action=drop in-bridge=bridge1

but don’t know how can I client isolation with below items :

horizon bridging

private vlan edge (PVE)

port isolation

have any example or how to prevent clients to launch a pppoe server ?
thanks