One area of manual states:
<<< security issue: do not assign ip address to interface you will be receiving pppoe request on" >>>
another area states:
<<< Add PPP profile, called pppoe-profile where local-address will be the router’s address and clients will have an address from pppoe-pool:
/ppp profile add name=“pppoe-profile” local-address=10.1.1.1 remote-address=pppoe-pool >>>
Which is it?
Our access points have multiple Wlan and Ether1 configured in a bridge.
The PPPOE server runs on the same bridge.
The bridge has a non-routable IP assigned, and the Ether1 a public IP for remote management.
Our PPPOE “local-address” is set as the private IP of the bridge, and the “remote-address” is assigned by radius, from the same subnet as the public ip on Ether1.
WDS runs also in dynamic mode on the bridge interface.
Some clients connect via wds-slave or station-wds mode.
MT CPE have Ether1 and Wlan1 bridged, and a the bridge has a non-routable IP assigned.
PPPOE client runs on the bridge.
Radius assigns a public IP address once pppoe authentication occurs.
WDS runs also in dynamic mode on the bridge interface.
Everything seems to run fine, and clients do not have access to the Internet until PPPOE authentication occurs—as I should think it should be.
I have not tested regular AP > Station modes yet, as we like the bridge mode simplicity for assigning public IP addresses to clients.
However, upon trying to use another brand of CPE connecting as infrastructure (station) clients, the clients have access even beore the PPPOE authenticates.
Details: http://www.dslreports.com/forum/remark,16647081~mode=flat
Is our config correct, or what are we doing wrong? Any ideas?
Thanx…
SMA