Thu Dec 03, 2015 11:15 pm
If you're using a 3011, then just disable the switch forwarding between the physical interfaces, and the customers will be isolated from each other as you want (set master = none). You don't need a virtual server to complicate things.
If you use PPPoE - build the default profile as normal, and then create a secret for each user with their IP address, bandwidth limits, etc - just as normal, and then create a separate pppoe server for each interface - you can even set each one to limit to 1 session. Reuse the default profile for all pppoe servers.
This way, there is no bridging whatsoever, so there is no way your customers can ever see each other's traffic.
If you want to only configure one pppoe server and have bridging, but keep the customers separated from each other, then use the soft bridge (create a bridge1 interface) and configure all of the etherenet interfaces to use a horizon=1 - split horizon will stop them from seeing each-other also.
This second method will consume more system resources though, which is why I recommended multiple pppoe interfaces first.