Hello everyone,
we are currently struggling with a MikroTik CR10009 as PPPoE client. The problem is: the device does not send any LCP echo requests (only once during PPPoE connection establishment) - even though we configured an keepalive-timeout of 30 (other values tried as well).
The problem is that if the BRAS would e.g crash or an access interface would restart - the session of the Mikrotik would be gone from the BRAS point of view. The Mikrotik would never realize that the PPPoE Session is gone - and never reestablish it. So sending of LCP Echo requests is an absolutely necessary feature for us.
Does someone know how to enable sending of LCP echo requests?
Best regards!
Here is the configuration:
# dec/01/2015 23:33:23 by RouterOS 6.33.2
# software id = 1UCF-96FC
#
/interface bridge
add name=bridge1
/interface pppoe-client
add add-default-route=yes allow=pap disabled=no interface=ether7 keepalive-timeout=30 max-mru=1492 max-mtu=1492 name=\
pppoe-out1 password=qacafe123 use-peer-dns=yes user=qacafe
/ip dhcp-server option
add code=1 name=option1
/ip pool
add name=pool1 ranges=192.168.1.2-192.168.1.7
/ip dhcp-server
add address-pool=pool1 disabled=no interface=bridge1 name=server1
/ipv6 dhcp-server
add disabled=no interface=bridge1 name=server1
/queue tree
add comment="Prefer SYN/ACK over everything else" name=Queue_QoS_SYN_ACK packet-mark=Mark_QoS_ACKSYN parent=pppoe-out1 \
priority=1 queue=default
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
/ip firewall connection tracking
set icmp-timeout=1m udp-timeout=2m
/ip settings
set rp-filter=strict
/ip address
add address=192.168.88.1/24 interface=ether8 network=192.168.88.0
add address=192.168.1.1/24 interface=bridge1 network=192.168.1.0
/ip cloud
set update-time=no
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1
/ip dns
set servers=202.154.101.1,202.154.101.2,3001:51a:cafe::2,3001:51a:cafe::3
/ip firewall address-list
add address=194.8.193.0/24 list=Management
/ip firewall filter
# pppoe-out1 not ready
add action=drop chain=input in-interface=pppoe-out1 log=yes src-address-list=!Management
# pppoe-out1 not ready
add chain=forward in-interface=bridge1 out-interface=pppoe-out1
# pppoe-out1 not ready
add chain=forward connection-state=established,related in-interface=pppoe-out1 out-interface=bridge1
# pppoe-out1 not ready
add action=drop chain=forward in-interface=pppoe-out1 log=yes out-interface=bridge1
/ip firewall mangle
add action=mark-packet chain=forward connection-state=established in-interface=ether5 new-packet-mark=Mark_QoS_ACKSYN \
protocol=tcp tcp-flags=ack
add action=mark-packet chain=forward connection-state=new in-interface=ether5 new-packet-mark=Mark_QoS_ACKSYN \
protocol=tcp tcp-flags=syn
/ip firewall nat
# pppoe-out1 not ready
add action=masquerade chain=srcnat out-interface=pppoe-out1 src-address=192.168.1.0/24
/ip service
set telnet disabled=yes
set ftp address=192.168.88.0/24
set www address=192.168.88.0/24
set ssh address=192.168.88.0/24
set api disabled=yes
set winbox address=192.168.88.0/24
set api-ssl disabled=yes
/ipv6 address
add address=2003:abcd::1 interface=bridge1
add address=fd00:abcd::1 interface=bridge1
/ipv6 firewall filter
# pppoe-out1 not ready
add chain=forward comment="Internes Prefix von internem Interface nach aussen zulassen" in-interface=bridge1 \
out-interface=pppoe-out1 src-address=2003:abcd::/64
# pppoe-out1 not ready
add action=reject chain=forward comment="Alle \FCbrigen Connections mit \"admin prohibited ablehnen\"" in-interface=\
bridge1 out-interface=pppoe-out1 reject-with=icmp-admin-prohibited
# pppoe-out1 not ready
add action=drop chain=input in-interface=pppoe-out1
# pppoe-out1 not ready
add chain=forward connection-state=established,related in-interface=pppoe-out1 out-interface=bridge1
# pppoe-out1 not ready
add chain=forward icmp-options=1 in-interface=pppoe-out1 out-interface=bridge1 protocol=icmpv6
# pppoe-out1 not ready
add chain=forward icmp-options=2 in-interface=pppoe-out1 out-interface=bridge1 protocol=icmpv6
# pppoe-out1 not ready
add chain=forward icmp-options=3 in-interface=pppoe-out1 out-interface=bridge1 protocol=icmpv6
# pppoe-out1 not ready
add chain=forward icmp-options=4 in-interface=pppoe-out1 out-interface=bridge1 protocol=icmpv6
# pppoe-out1 not ready
add action=drop chain=forward in-interface=pppoe-out1 out-interface=bridge1
/ipv6 nd
set [ find default=yes ] advertise-dns=yes interface=bridge1
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=meconet
/system note
set note="System information: RouterBOARD CCR1009-8G-1S, S/N xxx, SW-ID xxx-xxx"
/system routerboard settings
set cpu-frequency=1200MHz memory-frequency=1066DDR protected-routerboot=disabled