I have an Fibre installer company that has given me multiple VLANS per neighborhood, each neighborhood has fibre connected to each home.
I am running an CCR1036-12G-4S with RouterOS 6.44.3
SFP2 is an fibre inter connect to the installers Extreme Switch
What I have done is:
create each vlan as the installer has given me and attached it to SFP2
created an PPPOE server for each vlan
All I am seeing on the vlans is an PPPOE Dicsovery packet being sent to the VLAN on SFP2 USers are not authenticating at all,
yet I have another installer on SFP1 that is setup the same way and users are authentication, Though they have 1 VLAN, the new installer has 21 VLANS at present
Radius Server is configured and working
Am I missing something here?.
If so, and you can see only the PADI from the clients, it is most likely that your Tx direction is broken already on the link between you and the provider or further in his network.
This is my config below for the PPPOE and VLANS, I have also attached an packet sniffer output screen shot for VLAN 2187 to show the only packets I am receiving and sending.,
Strictly speaking that’s no capture file, it is a screenshot of the sniffer output, which however shows that you do respond to the incoming PPPoE discovery frames but the client most likely doesn’t react to these responses and starts sending the requests again.
So sniff into a file, download the file and open it with Wireshark. It will tell you whether what comes from the client is always PADI (which is 99% sure to be the case as the dst-mac is a broadcast one) and what you respond is PADO. I can theoretically imagine that the client doesn’t say in PADI which service it wants to connect to although it has one configured, and then it dislikes the service name you offer in PADO because it doesn’t match its configuration, but it is quite unlikely, so I vote for an L1 or L2 error in the direction from you to the client - from dirty fiber through broken laser in your SFP to misconfiguration on fiber provider’s switches.
As the sniff shows that you try with just a single client, that one may also be broken itself.
Also your SFP may cry too loud for he sensitivity of the opposite one and the fiber attenuation.
So you’re arguing with the fiber provider and they keep telling you it’s your fault, and you wanted a second opinion ? The only way out is to connect another switch with an SFP instead of their switch and connect a PPPoE client to it (or run a PPPoE client on it if it is not just a switch). If it works, it’s their SFP or further; if it doesn’t, it’s your SFP or the fiber path.
Thanks, we been fighting for more than an month with this ISP and they keep pointing to our equipment no matter how much logs i send them proving its their side,
SO Plan of action I am taking an RB2011UiAS-Rm to our datacentre, connecting the SFP port to the CCR1036’s SFP2 and setting up an PPPOE client on that port,
If it connects then I can send the logs to our provider and proof to them its not our side,
I took the RB2011 to our datacantre, configured it with PPPOE client on SFP1 port, unplugged SFP2 on the CCR1036 which my provider was plugged into and plugged and fibre patch lead in from sfp1 to sfp2 , pppoe authentication worked, then made an VLAN on the RB2011 SFP1 that match the vlan on the CCR1036 SFP2 and put the pppoe client on that vlan, again connected with no issues,
Moved the rb2011 to the providers cabinet and plugged their fibre into the CCR1036 and into the RB2011, again all the ppoe sessions authenticated no problem,
So in the end we have confirmed the problem is on the providers side, and their IT team is now looking at it.
? The only way out is to connect another switch with an SFP instead of their switch and connect a PPPoE client to it (or run a PPPoE client on it if it is not just a switch). If it works, it’s their SFP or further; if it doesn’t, it’s your SFP or the fiber path.