Am thinking of the best policy for a PPPoE and ethernet client concentrator. I want to isolate clients as much as possible and keep the administrative effort down
Is it viable to use the same VLAN number on multiple interfaces (no bridging) and will it keep the traffic separate?
I.e. create a VLAN 100 interface on ether2 (VLAN100-2), another one ether3 (VLAN100-3), another on ether4 (VLAN100-4)
Run 3 separate PPPoE servers on VLAN100-2, VLAN100-3 and VLAN100-4
I know that PPPoE will naturally keep the traffic separate, but if 2 different clients plug a LAN port into their router (one client on Ether2, the other on Ether4) will they be able to see each other and have DHCP assignment issues etc?
Or is it best to use a separate VLAN interface for every client?
If interfaces are not bridged (or one configured as slave to another), vlan 100 on ether3 is not connected in any way to vlan 100 on ether2, so anwer to your question is no. Clients connected to different interfaces will not be able to see each other.
I DONT want clients to talk to each other, at all. I would like to keep their traffic entirely isolated to them and the router with no crosstalk at layer 2 at all. And minimal administrative effort to add new clients to routers, so this is exactly what I was hoping would be the case. Thank you
Solution for that would be private vlan, but your switch must support it. Other than that you can do router on a stick with vlan for each customer and pppoe server on each vlan.