PPPoE creation and PPPoE scan

carlosdaff · September 17, 2020, 1:21pm

Hi…
I’ve created three different PPPoE server over the same interface of a MKT, as a concentrator.
But, when I run a scan on a client, I always see the same (the first) and no other, and I have problems to connect to second PPPoE server, as seems the client not see it.
Theres something wrong with it config, hat I can’t see the others?
I miss something? I followed steps to create the servers in the wiki.mikrotik manual.
Thanks in advance…

sindy · September 20, 2020, 2:04pm

Post your actual configuration to get any useful feedback.

carlosdaff · September 21, 2020, 7:02pm

This is the PPPoE server and profiles configuration

/interface pppoe-server server
add authentication=pap disabled=no interface=vlan2 max-mru=1480
max-mtu=1480 mrru=1600 one-session-per-host=yes service-name=customer1
add authentication=pap disabled=no interface=vlan2 max-mru=1480
max-mtu=1480 mrru=1600 one-session-per-host=yes service-name=customer2
add authentication=pap disabled=no interface=vlan2 max-mru=1480
max-mtu=1480 mrru=1600 one-session-per-host=yes service-name=customer3

/ppp secret
add local-address=192.168.1.1 name=customer1 profile=5M/2M remote-address=
2.2.2.2 service=pppoe
add local-address=192.168.1.1 name=customer2 profile=10Mbps/3Mbps
remote-address=2.2.2.3 service=pppoe
add local-address=192.168.1.1 name=customer3 profile=10Mbps/3Mbps
remote-address=2.2.2.4 service=pppoe

When I made a scan from Customer 3 router, I found:

interface pppoe-client scan interface=vlan2
SERVICE MAC-ADDRESS AC-NAME
customer1 74:4D:XX:XX:XX:XX RB960PGS - Central Router

tdw · September 21, 2020, 8:55pm

I would not expect binding multiple servers to the same interface to work as only one can listen to the PPPoE ethertypes, multiple servers each on a different interface is fine.

Why are your attempting to run multiple services on the same interface as any parameters can be set in the client PPP secret?

joegoldman · September 22, 2020, 12:33am

you 100% can run multiple PPPoE servers on a single downstream interface - this is precisely why ‘Service Name’ was invented - so based on which service tag was issued it’d know which PPPoE server it was for.

Why you are only seeing one, I don’t know - might have something to do with the scan tool only seeing the first PADO and reporting it, or because they all share the same MAC technically so it still see’s it as a single concentrator.

Does it actually work if you PPP on multiple clients using the difference service names and their secrets?

Is there a reason you are using service names at all? You could have a single PPPoE Server and the customers are still differentiated by their secrets so there won’t be any crossover.

I find service name only helpful in dynamic users using outside auth (like RADIUS) where you need to apply a different profile based on service type - looks like with your way you are just creating a server each and a secret each, where given its local auth you could potentially put any differences required in the secrets config.

carlosdaff · September 22, 2020, 6:47pm

Joe, I thnik too that is related to this…
“might have something to do with the scan tool only seeing the first PADO and reporting it, or because they all share the same MAC technically so it still see’s it as a single concentrator”
Anyway, tthe PPPoE are working fine, but the fisrt connection after it’s installed, it’s pretty anoying to scan and bound it.
I’ll leave the current names, as you said, to see if something change.
Thanks!

ingdaka · September 22, 2020, 6:52pm

What is the reason that you are creating more than one PPPoE Server in the same interface! There is no logical reason for me, however you will see only the one because he has priority and is in the same L2 Broadcast Domain!

sindy · September 22, 2020, 7:40pm

Packet sniffing and Wireshark are very helpful when dealing with this type of issues. If the PADI from the client doesn’t contain a name of the required service, Mikrotik responds with a single PADO, listing all the services available:

PPP-over-Ethernet Discovery
    0001 .... = Version: 1
    .... 0001 = Type: 1
    Code: Active Discovery Offer (PADO) (0x07)
    Session ID: 0x0000
    Payload Length: 64
    PPPoE Tags
        Host-Uniq: 58003c00
        AC-Name: HyperV-CHR-3
        Service-Name: service1
        Service-Name: service2
        Service-Name: service3

So it is up to the scanner how it deals with this information.

If the PADI already contains the name of the service, the Mikrotik also advertises all supported services in its PADO, but it lists the one requested in PADI at the first position.

Where logs are detailed enough, they can be even more useful because packet sniffing and Wireshark show you what has happened, but only logs can show you why it has happened. In this particular case, Mikrotik’s log explains nothing:

21:37:04 pppoe,debug,packet bridge: rcvd PADI from 00:15:5D:FC:E9:04
21:37:04 pppoe,debug,packet     session-id=0x0000
21:37:04 pppoe,debug,packet     host-uniq=0xe8003c00
21:37:04 pppoe,debug,packet     service-name=service2
21:37:04 pppoe,debug,packet bridge: sent PADO to 00:15:5D:FC:E9:04
21:37:04 pppoe,debug,packet     session-id=0x0000
21:37:04 pppoe,debug,packet     host-uniq=0xe8003c00
21:37:04 pppoe,debug,packet     ac-name=HyperV-CHR-3
21:37:04 pppoe,debug,packet     service-name=service2
21:37:04 pppoe,debug,packet     service-name=service1
21:37:04 pppoe,debug,packet     service-name=service3