Hi to all just a noob question,
I have a ZXHN F601 is a GPON Optical Network Terminal that converts sc to rj45, then I have a set of public ips provided in this way:
IP of pppoe interface: XXX.XXX.YYY.82
Subnet of 8 ips: XXX.XXX.ZZZ.40/29
Utente: user at provider.com
Password: password
Service: OF1
MTU: 1500
Autentication: CHAP
after the ONT I have an XGS1930 zyxel switch and then a mikrotik CCR1009-7G-1C-1S+ that enstablish a succesful pppoe connection, and with this I can manage the public ISP as I want.
Now my question:
This ONT has a minimal web interface, but through this(if I want) I can enstablish a successfull pppoe connection.
Well, at this point my idea would be to use the set of public ip addresses that the ISP provided to me directly into the mikrotik without doing pppoe since it is already dealt by the ONT.
The question arises from the fact that having a pfsense box in the same network attahced to the same switch, it would be convenient for me to manage 2 of these 8 ip on the mikrotik and 2 more on the pfsense box. The provider does not allow me to make multiple pppoe connections, so I can only do pppoe on one of the two routers. So the idea is to use the ONT for pppoe of both routers.
Can anyone give to me a starting point?
For the moment after pppoe on the ONT, I have tried to add one of the public ips to the address of my mikrotik XXX.XXX.ZZZ.41/29 and then I created a route to 0.0.0.0 using as gateway XXX.XXX.ZZZ.40 but it doesn’t works.
thank you so much
The subnrt of 8 IPs is routed to you via PPPoE interface. Whichever device is terminating the PPPoE will have to know where to route those IP addresses. Which is easy to do on Mikrotik, I don’t know how can it be done on ONT.
thank you for your reply.
in the ONT web ui there is only an option about dhcp release near the pppoe configuration. But maybe I can use a base mikrotik like hEx after the ONT, establish the pppoe connection and then route the subnet as you suggest to the pfsense box and the mikrotik CCR1009-7G-1C-1S+. Can you give me a point on how to route the subnet after successfully establishing the pppoe connection?
/ip route
add dst-address=XXX.XXX.YYY.ZZZ/32 gateway=<IP of CCR>
add dst-address=XXX.XXX.YYY.WWW/30 gateway=<IP of pfSense>
Both CCR and pfSense should use hEX as their gateway (probably default one).
BTW, firewall will trigger on the traffic to these IP addresses as well, be careful about it. This includes any NAT that might be configured, default config doesn’t account for such advanced setup.
I don’t think you need another device just for routing the static subnet, can well be done by CCR … unless you have some other reason for that).
If you want to use one of those addresses just for NATing some speciffic LAN stuff (either expose service over specific WAN address or use one as public address for a group of LAN hosts), you don’t have to set it to any of Mikrotik’s interfaces, just use it in NAT rules (either dst-address for DST-NAT or to-addresses for SRC-NAT).
thank you everything is clear. the reason is that the mikrotik is an hardware device that can fail and is difficoult for me to replace.the pfsense is a virtualized kvm into an ha cluster that cannot fail unless an heartquake destroys all my 5 nodes. So the idea was to use the mikrotik for basic stuffs like internet, mail, etc and use the pfsense for production services like voip, web server, our booking system, etc) but if I pppoe in the mikrotik then if mikrotik fails pfsense will fail too. it’s the way I worked in the last year but before I didn’t have a class of ip and optical interfaces.. I was with a static IP with the ISP’s ontouchable router.. so I was in a double nat environment.