I’ve have been labing this since yesterday i can’t seems to figure out how bridge horizon works on PPPoE server, The lab is so simple 1 PPPoE server with 2 PPPoe Client no switch in between the pppoe client plug straight to ether1 and ether2 of PPPoE server
I’ve try to set the horizon value to “1” in PPPoE Profile and the bridge “PPPoE”, the result is both PPPoE client still can communicate with each other. I try the bridge horizon settings in the bridge with DHCP and it’s working as expected.
I lab this up on both CHR with EVE-NG and real device same result. I also try to test this in v6.49 longterm same thing, therefore i think this is a configuration issue on my end, could someone shed some light on this?, been searching the forum but not concrete answer other than it works for them
The bridge* parameters in the PPP profile are used for BCP, they have nothing to do with IP connectivity between the server and client(s). Setting a horizon with not restrict IP traffic between the client addresses assigned from your IP pool.
From https://wiki.mikrotik.com/wiki/Manual:BCP_bridging_(PPP_tunnel_bridging) “RouterOS supports BCP (Bridge Control Protocol) for PPP, PPTP, L2TP and PPPoE interfaces. BCP allows to bridge Ethernet packets through the PPP link. Established BCP is independent part of the PPP tunnel, it is not related to any IP address of PPP interface, bridging and routing can happen at the same time independently.”
Unless you have a particular need for the Ethernet connectivity provided by BCP you should leave all of the bridge parameters unset in the PPP profile. IP isolation can be achieved by:
creating an interface list, e.g. /interface list add name=pppoeclients
specifying the list in the PPP profile with interface-list=pppoeclients
adding a firewall rulle to block forwarding between interfaces in the list /ip firewall filter add action=drop chain=forward in-interface-list=pppoeclients out-interface-list=pppoeclients
