Hi all,

I have a site which shares an internet connection with 6 offices. each office must have its own PPPoE connection and the networks must be separate.

I setup 2 metarouters on 3 RB2011 (just doing DHCP and NAT) to try this out but the throughput suffers quite a bit - I need to be able to supply 30Mb/s+ but the metarouters top out arounf 26-27

Can anyone help me with this?

Many thanks,

NTB

If you're using a 3011, then just disable the switch forwarding between the physical interfaces, and the customers will be isolated from each other as you want (set master = none). You don't need a virtual server to complicate things.

If you use PPPoE - build the default profile as normal, and then create a secret for each user with their IP address, bandwidth limits, etc - just as normal, and then create a separate pppoe server for each interface - you can even set each one to limit to 1 session. Reuse the default profile for all pppoe servers.

This way, there is no bridging whatsoever, so there is no way your customers can ever see each other's traffic.

If you want to only configure one pppoe server and have bridging, but keep the customers separated from each other, then use the soft bridge (create a bridge1 interface) and configure all of the etherenet interfaces to use a horizon=1 - split horizon will stop them from seeing each-other also.

This second method will consume more system resources though, which is why I recommended multiple pppoe interfaces first.

Thanks for the reply,

I'm not sure what you mean but maybe the diagram below will explain what I'm trying to do a bit better. The Individual offices must authenticate to an existing PPPoE server so, where should PPPoE-client connections go? The offices need to have NAT DHCP, DNS etc just like an individual router.

Am I explaining this OK?

NTB
8o)

Just noticed that the bottom router should be labeled R2