PPPoE IP Addresses.

Is it possible to get more control over what address gateway and dns settings are issued to PPPoE clients? We have it setup to use a DHCP pool address but due to the way it puts the dynamic route in and gives weird gateway we are finding some issues with incomming SIP calls. Ideally we would just use all the same address settings as the DHCP server so the client is just on the local side but the way it works now it’s like it’s proxy arp to the WAN which also causes mangling/shaping issues?

Any help appreciated?

Your PPPoE server is set to use a certain PPP Profile.

In your PPP Profile you can specify what DNS server address to issue, and you can also specify what firewall filters will apply to anyone using that profile.

See if that helps.

-K

Hi, Thanks for your help but I’m sure it’s not that!

I already know what you mean but it’s not this it’s the way MT sets everything up after the PPPoE auth process takes place which we have no controll over.

You see normally a LAN user simply uses a spare IP to connect with the subnet gateway and DNS addresses too. But when using PPPoE for some reason the user gets an IP from the DHCP range but the gateway is wrong in the client and MT sets up a dynamic route and proxy-arps it which we find causes problems with SIP call routing.

All we want is to authenticate with PPPoE and just assign a regular LAN IP just like they do with normal DHCP. Does anybody know if this is possible I can’t see the reason for the dynamic route unless your proxy arping a public ip to the LAN which were not??

PPPoE does not function like you are wanting. it is a PPP protocol designed for authenticated access and routing of traffic to another network (such as a to your ISP), it is not a NAC protocol for your LAN. you should use a form of 802.1x authentication as a NAC for a LAN

Thanks.. At least I know it’s aparantly not possible!

I can’t quite see any reason why it’s not possible though technically!

As we are the ISP we ideally need to route our own block of IP’s to customers not proxy arp them from the WAN! That really only makes sense if your using NAT and trying to use an IP from the WAN side on the LAN side? We just have a block of IPs which are bridged to clients from the MT core NAS/Router and assigned by PPPoE and bandwidth etc is managed by the MT core NAS/Router.

I guess it works for most uses anyway but we find sometimes an irregular problem with SIP calls when the traffic is routed in this manner which is not a problem with the right IP settings manually set? We just like to have an automated service so ideally we do not want to give clients manual settings just a username and password and PPPoE is the best way we found to handle this from a management perspective.

Can you give a little more information on the topology?

Basically your PPPOE server is going to be a router. So you’d need to route a subnet to the PPPoE server…

I have a /22 which I’ve broke down into 4 x /24’s..

1 x /24 is for the core network devices

the other three are routed to my PPPoE servers…

So on the Core router (to upstream ISP) the routing tables look something like this:

AS 0.0.0.0/0 1.1.1.1
DAC 2.1.0.0/24
AS 2.1.1.0/24 2.1.1.254
AS 2.1.2.0/24 2.1.1.253
AS 2.1.3.0/24 2.1.1.252

And then on the PPPoE Servers we just have pools setup for their respective subnets. So each PPPoE Router has a /24 for public IP’s. We use private pools for residential users, and public pools for those who require it. We set the pools up so we have enough IP’s left over to subnet for /29’s for customers or single static /32’s..

It’s a good idea to break up your network so you have a “Core” layer where all your DNS, RADIUS, mail, and other network services reside, then you have your Distribution/Access Layer(s). Are distribution and access layers kind of overlap each other… It makes it easier to control traffic (firewall) on your network by implementing a hierarchy and keeps all the ARP and other broadcast junk away from your core services.

Anyway just a few suggestions. Once you have a good Infrastructure in place, it’s much easier to upgrade and maintain. Not to mention an increase in network stability, and scalability.

Can you give a little more information on the topology?

In most cases your PPPOE server is going to be a router. So you’d need to route a subnet to the PPPoE server…

It sounds like you have a DHCP server on the WAN port of the PPPoE Server, and you’re trying to bridge those IP’s to your subscribers connecting via PPPoE… This may be possible, as PPPoE is just a Layer2 tunneling protocol, I haven’t tried an implementation such as this, but basically you’d need to terminate the PPPoE tunnel on the CPE and bridge that interface to the ethernet port of the CPE. As long as the ports on the PPPoE server are bridged as well in theory you should have end to end layer2 connectivity through the PPPoE server to your clients. Then the client would just setup the router in DHCP mode and should get an IP address from the DHCP server.

If that’s what you’re looking for I’d then ask the question, Why do you need a PPPoE server?

This is how I do it… I have a /22 which I’ve broken down into 4 x /24’s..

1 x /24 is for the core network devices

the other three are routed to my PPPoE servers…

So on the Core router (to upstream ISP) the routing tables look something like this:

AS 0.0.0.0/0 1.1.1.1
DAC 2.1.0.0/24
AS 2.1.1.0/24 2.1.1.254
AS 2.1.2.0/24 2.1.1.253
AS 2.1.3.0/24 2.1.1.252

And then on the PPPoE Servers I just have pools setup for their respective subnets. So each PPPoE Router has a /24 for public IP’s. I use private pools for residential users, and public pools for those who require it. I set the pools up so I have enough IP’s left over to subnet for /29’s for customers or single static /32’s..

It’s a good idea to break up your network so you have a “Core” layer where all your DNS, RADIUS, mail, and other network services reside, then you have your Distribution/Access Layer(s). My distribution and access layers kind of overlap each other.. but you can further segregate traffic by splitting the two. It makes it easier to control traffic (firewall) on your network by implementing a hierarchy and keeps all the ARP and other broadcast junk away from your core services.

Anyway just a few suggestions. Once you have a good Infrastructure in place, it’s much easier to upgrade and maintain. Not to mention an increase in network stability, and scalability.

I think I mis-understood you… I thought you were trying to use PPPoE to control access to your LAN. If I understand what you need…

… then try this (and I’m assumeing you are using mikrotik for your CPE),

statically assign a IP to a pppoe account and find a /29 to route to them internally, and then on the pppoe server side:

/ip route add dst-address=x.x.x.0/29 gateway=PPPoE_ASSIGNED_STATIC_IP

then add the PPPoE client on the CPE on (presumably)wlan1, and then:

/ip address add address=x.x.x.1/29 interface=ether1

now assign an unused address of x.x.x.2/29 to your VoIP server/client whichever the case may be, and assign the default gateway of x.x.x.1

there is no proxy-arp taking place anymore, just pure routing (but access is still controlled via PPPoE)

note, just substitute appropriate values if you can’t use .0/29

Check your MTU in the PPPoE service and your customers MTU, I cut mine down to 1460 and it seemed to solve quite a few problems

I have PPPOE setup just like the manual http://www.mikrotik.com/testdocs/ros/2.9/interface/pppoe.php and have no problem with sip from any voip server, although I have no idea why it works because the ips it hands out are strange. I am working on a post about this but here is what I am having, maybe it will help you out.

All of the below are really public addresses with no nat, I just changed them for security.

Settings
ether1 IP 192.168.125.2/25
ether1 Gateway 192.168.125.1

PPPoE server is running on ether2
PPP profile has the local address of 192.168.125.2 (the same as my ether1 address)
and remote address as “pppoe-pool1” which is a pool I created

Observations
When a client connects I see in my winbox under IP-Addresses, additional addresses assigned to the customer. The address is always 192.168.125.2 , Network is the assigned address from the pool 192.168.125.xxx and the broadcast is 0.0.0.0

THIS IS MESSING WITH MY HEAD, because everything works perfectly, but looks so wrong.
Good luck.
PS I am not using MT for my edge router 192.168.125.1 – Only because I require DS3 port and never heard of MT the last time my router was rebooted three years ago.

i would change your profile ip to be something other then the .2 address used on ether1, it’ll probably work, but it could potentialy cause a conflict somehow

as far as the broadcast address, that’s because there is none on a PPP link.

other then your .2 address in the profile, everything looks normal to me.

Why do you feel there would be a problem with his .2 address? Isn’t the IP able to be anything, even exsisting bound IP’s?

I would like to know more about what the purpose of needing an IP for the PPPoE daemon is for. I don’t see the need to have one, yet it seems required. I’ve even made up IP’s just to make it happy. Assigning 1.1.1.1 just to satisfy it makes it work, and customers still get a gateway IP of themself.

What is the PPPoE server “local address” for?