PPPoE setup on a WISP network

JCHARALLA · July 3, 2020, 1:43am

Good Evening everybody!
I have a question about PPPoE, I have a router RB750r2 with ether1 connected to internet (WAN), ether3 connected to my LAN. PPPoE server is on ether5, I have wired clients connected to ether5 which have internet access using PPPoE authentication. I want to connect wireless clients over PtmP links (Access Point + CPEs) using PPPoE too. My question is: The Access Points ( Radios) must to be connected on the PPPoE server interface (ether5)? or can be connected in another interface?. If APs must be connected on PPPoE interface, APs have estatic IP? How I can access to APs from LAN (ether3)?
I hope you help me
Thanks!

ingdaka · July 3, 2020, 5:01pm

You can setup ether3 also as PPPoE server. You AP-s should be configured as bridge! And Client CPE as pppoe client

JCHARALLA · July 3, 2020, 5:23pm

Thank you for your answer, but ether3 has a DHCP server, can DHCP and PPPoe servers be on the same interface?

sindy · July 3, 2020, 8:40pm

The IP protocol (and ARP protocol) has a different ethertype than the PPPoE (and PPPoE-discovery) one, so they can coexist on the same interface, even in the same VLAN. But you likely don’t want the clients connecting to the AP to get an IP address if they ask for one using DHCP. So you can do several things to prevent this:

attach an /interface vlan to ether3 of the RB750r2 and to the uplink ethernet interfaces of the APs, attach additional dhcp clients to these /interface vlan at the APs, and then move the IP configuration (adress, DHCP server) from ether3 to the /interface vlan attached to it at the RB750r2. Once you move it, the APs will get their leases via the VLAN, and the old leases will expire. The wireless clients won’t have access to the DHCP server as they won’t tag the DHCP requests with the correct VLAN ID.
use /interface bridge filter rules at the APs, permitting only frames with mac-protocol (ethertype) pppoe and pppoe-discovery, and dropping everything else on the way from the wireless interface to the uplink ethernet one at the APs.
do none of the above, and just convert the existing DHCP leases for the APs to static ones, and then setting the DHCP server’s address-pool to static-only. This will prevent any other DHCP clients than the APs themselves from getting a lease. But in that case, you have to set the admin-mac on the bridges of the APs first, so that you wouldn’t get into trouble if the AP’s bridge eventually inherits its MAC address from a wrong member port at next reboot.
if you don’t need the APs themselves to communicate with anything in the internet, use firewall rules to prevent IPs from the DHCP range to open connections to internet. So the wireless clients will be able to get an address using DHCP, but it will be useless.

JCHARALLA · July 4, 2020, 3:38am

ether3 has a DHCP server, can DHCP and PPPoe servers be on the same interface?

The IP protocol (and ARP protocol) has a different ethertype than the PPPoE (and PPPoE-discovery) one, so they can coexist on the same interface, even in the same VLAN. But you likely don’t want the clients connecting to the AP to get an IP address if they ask for one using DHCP. So you can do several things to prevent this:

attach an /interface vlan to ether3 of the RB750r2 and to the uplink ethernet interfaces of the APs, attach additional dhcp clients to these /interface vlan at the APs, and then move the IP configuration (adress, DHCP server) from ether3 to the /interface vlan attached to it at the RB750r2. Once you move it, the APs will get their leases via the VLAN, and the old leases will expire. The wireless clients won’t have access to the DHCP server as they won’t tag the DHCP requests with the correct VLAN ID.

use /interface bridge filter rules at the APs, permitting only frames with mac-protocol (ethertype) pppoe and pppoe-discovery, and dropping everything else on the way from the wireless interface to the uplink ethernet one at the APs.

do none of the above, and just convert the existing DHCP leases for the APs to static ones, and then setting the DHCP server’s address-pool to static-only. This will prevent any other DHCP clients than the APs themselves from getting a lease. But in that case, you have to set the admin-mac on the bridges of the APs first, so that you wouldn’t get into trouble if the AP’s bridge eventually inherits its MAC address from a wrong member port at next reboot.

if you don’t need the APs themselves to communicate with anything in the internet, use firewall rules to prevent IPs from the DHCP range to open connections to internet. So the wireless clients will be able to get an address using DHCP, but it will be useless.

Thank you so much for your explanation, it was very helpful for me