Thought people might be interested in this. I have my clients/CB3’s connecting to my wireless. The wireless hand out a dhcp private address but does not route it. Therefore, you can connect to it with a laptop, it will give you an IP, but you cannot surf. No rules setup for that. If you them run your PPPoE connection on the laptop or router, it connects and surfing is fine. I did it this way to allow my mobile users to connect to any of my radio’s (authenticate back to one radius server) and they don’t get a "limited or no connectivity) message on the laptop. Another reason was, after connecting to the radio without dhcp and connecting to the PPPoE server, I would get dropped from time to time. It appeared to the the client dropping the connection, so I added the dhcp and the disconnects went away.
just thought you might want to know how I’m doing it
What if your client/laptop adds as a static ip address, say the ip address they had once before been assigned via pppoe—are they able to get online before/without even authenticating via pppoe?
That is problem we are having currently…and I’m not quite sure how to prevent it.
This only seems to work for laptop clients.
Mikrotik CPE can’t connect to PPPOE with these rules, AND systems behind a bridge cannot either—tried two different bridges.
I opened a support ticket with Mikrotik days ago—but no response yet.
I cannot believe with such high usage of Mikrotik, that more people are not having these problems. I have literally spent 20+ man-hours trying to get this working over the course of past few weeks. Or, do other people just not realize thet clients can get online without PPPOE authentication?@!!!
The Mikrotik manual is useless, and has so little detail on real world configurations.
Can someone post a working PPPOE config, which does not allow access prior to PPPOE, and works from laptop client in AP > Station mode, and works from a router/laptop going thru a bridge in the middle of it (MT AP > bridge > laptop), and works from a Mikrotik CPE AP > Station and/or Station WDS?
for v2.9 i’ve used these in essence.
notice, 34916 is decimal since v2.9 didnt like hexadecimal (they converted wrong) when i first wrote the rules way back when.
And this you are saying is the correct way to configure this, and it is not something we are missing/mis-configured elsewhere?
Can you give me the output of the “/interface bridge filter print” please?
I am assuming that is where you entered the rules, and not in the /ip firewall filters area…
Ah, the correct way might be something entirely different all together.
I’m just saying that in essence i used those two rules to filter out all non-pppoe traffic from being bridged.
If you add bridges between the station and the pppoe router then these rules may not apply.
Can you give me the output of the “/interface bridge filter print” please? I am assuming that is where you entered the rules, and not in the /ip firewall filters area…
Hope this works…so I can move on to other issues >
The configuration will drop any non pppoe traffic from being bridged (forwarded) through the bridge where it is applied.
This does not seem to function properly if you have a bridge (currently testing with an OSbridge and a Linksys) between the Miktrotik AP and the Client’s computer/router.
It did seem to function if a laptop was connecting wirelessly directly to the Mikrotik AP.
Mikrotik CPE seemed to work properly even without the rules in place.
Anyone else? Any ideas?
How are you doing it? (stopping access prior to PPPOE)
Also, the Windows XP system sitting on the other side of the bridges cannot PPPOE itself thru the bridge(s) it seems…it just hangs, but can connect if going directy without the bridge–(with or without the bridge establishing PPPOE itself/first)…can’t figure that one out yet…
Solution for this is to have a PPPOE Aggregation Router and one or more APs in front of that, with the APs not having a route out to the Internet directly, but rather passing traffic (EOIP) thru a tunnel to the router only, and once PPPOE occurs it goes thru the tunnel and authenticates/assigns—and then public access is enabled.
I think only that the laptop can use the ip if the outside and inside interfaces are connected to the same layer 2. You should physicaly segment your network. If you need public IPs on the inside, route them. That is the mess I have spent a year fixing for a wisp here in KS. Do not go down the road of connecting the inside and outside nics to the same switch.
HOTSPOT running along with PPPoE server both authing on radius or if you like hotspot not authing so as a block you can even have some adverts in the walled garden
