Community discussions

 
Banzai007
just joined
Topic Author
Posts: 8
Joined: Fri Mar 29, 2019 1:09 pm

PPPOE Server and VLAN Issue

Sun Jun 09, 2019 6:40 pm

HI all,

I have an Fibre installer company that has given me multiple VLANS per neighborhood, each neighborhood has fibre connected to each home.
I am running an CCR1036-12G-4S with RouterOS 6.44.3
SFP2 is an fibre inter connect to the installers Extreme Switch

What I have done is:
1) create each vlan as the installer has given me and attached it to SFP2
2) created an PPPOE server for each vlan

All I am seeing on the vlans is an PPPOE Dicsovery packet being sent to the VLAN on SFP2 USers are not authenticating at all,
yet I have another installer on SFP1 that is setup the same way and users are authentication, Though they have 1 VLAN, the new installer has 21 VLANS at present
Radius Server is configured and working
Am I missing something here?.
 
sindy
Forum Guru
Forum Guru
Posts: 3809
Joined: Mon Dec 04, 2017 9:19 pm

Re: PPPOE Server and VLAN Issue

Sun Jun 09, 2019 8:36 pm

So your configuration is like below?
/interface vlan
add vlan-id=X interface=sfp2 name=vlan-X
add vlan-id=Y interface=sfp2 name=vlan-Y
add vlan-id=Z interface=sfp2 name=vlan-Z

/interface pppoe-server server
add interface=vlan-X
add interface=vlan-Y
add interface=vlan-Z
If so, and you can see only the PADI from the clients, it is most likely that your Tx direction is broken already on the link between you and the provider or further in his network.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
Banzai007
just joined
Topic Author
Posts: 8
Joined: Fri Mar 29, 2019 1:09 pm

Re: PPPOE Server and VLAN Issue

Mon Jun 10, 2019 10:14 am

HI Sindy,

This is my config below for the PPPOE and VLANS, I have also attached an packet sniffer output screen shot for VLAN 2187 to show the only packets I am receiving and sending.,,

/interface ethernet
set [ find default-name=sfp1 ] comment=SFP1 name=Break-Out
set [ find default-name=ether12 ] comment=Ether12 name=Internal
set [ find default-name=sfp2 ] advertise=1000M-full auto-negotiation=no comment=SFP2 loop-protect=off name=XXX rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether1 ] disabled=yes
set [ find default-name=ether2 ] disabled=yes
set [ find default-name=ether3 ] comment="Testing Port for inside DATACENTRE"
set [ find default-name=ether4 ] disabled=yes
set [ find default-name=ether5 ] disabled=yes
set [ find default-name=ether6 ] disabled=yes
set [ find default-name=ether7 ] disabled=yes
set [ find default-name=ether8 ] disabled=yes
set [ find default-name=ether9 ] disabled=yes
set [ find default-name=ether10 ] disabled=yes
set [ find default-name=ether11 ] disabled=yes
/interface vlan
add interface=XXX name=XXX-2037-Office vlan-id=2037
add interface=XXX name=XXX-2087 vlan-id=2087
add interface=XXX name=XXX-2138 vlan-id=2138
add interface=XXX loop-protect=off name=XXX-2187-Blaauberg vlan-id=2187
add interface=XXX name=XXX-2237 vlan-id=2237
add interface=XXX name=XXX-2287 vlan-id=2287
add interface=XXX name=XXX-2337 vlan-id=2337
add interface=XXX name=XXX-2387 vlan-id=2387
add interface=XXX name=XXX-2437 vlan-id=2437
add interface=XXX name=XXX-2487 vlan-id=2487
add interface=XXX name=XXX-2537 vlan-id=2537
add interface=XXX name=XXX-2587 vlan-id=2587
add interface=XXX name=XXX-2637 vlan-id=2637
add interface=XXX name=XXX-2687 vlan-id=2687
add interface=XXX name=XXX-2737 vlan-id=2737
add interface=XXX name=XXX-2787 vlan-id=2787
add interface=XXX name=XXX-2837 vlan-id=2837
add interface=XXX name=XXX-2887 vlan-id=2887
add interface=XXX name=XXX-2937 vlan-id=2937
add interface=XXX name=XXX-2987 vlan-id=2987
/interface pppoe-server server
add default-profile=XXX disabled=no interface=XXX-2037-Office service-name=XXX
add disabled=no interface=XXX-2087 service-name=XXX-2087
add disabled=no interface=XXX-2138 service-name=XXX-2138
add disabled=no interface=XXX-2187-Blaauberg one-session-per-host=yes service-name=XXX-2187
add disabled=no interface=XXX-2237 service-name=XXX-2237
add disabled=no interface=XXX-2287 service-name=XXX-2287
add disabled=no interface=XXX-2337 service-name=XXX-2337
add disabled=no interface=XXX-2387 service-name=XXX-2387
add disabled=no interface=XXX-2437 service-name=XXX-2437
add disabled=no interface=XXX-2487 service-name=XXX-2487
add disabled=no interface=XXX-2537 service-name=XXX-2537
add disabled=no interface=XXX-2587 service-name=XXX-2587
add disabled=no interface=XXX-2637 service-name=XXX-2637
add disabled=no interface=XXX-2687 service-name=XXX-2687
add disabled=no interface=XXX-2737 service-name=XXX-2737
add disabled=no interface=XXX-2787 service-name=XXX-2787
add disabled=no interface=XXX-2787 service-name=XXX-2787
add disabled=no interface=XXX-2837 service-name=XXX-2837
add disabled=no interface=XXX-2887 service-name=XXX-2887
add disabled=no interface=XXX-2937 service-name=XXX-2937
add disabled=no interface=XXX-2987 service-name=XXX-2987
 
sindy
Forum Guru
Forum Guru
Posts: 3809
Joined: Mon Dec 04, 2017 9:19 pm

Re: PPPOE Server and VLAN Issue

Mon Jun 10, 2019 10:56 am

no capture file attached...
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
Banzai007
just joined
Topic Author
Posts: 8
Joined: Fri Mar 29, 2019 1:09 pm

Re: PPPOE Server and VLAN Issue

Mon Jun 10, 2019 11:16 am

Applologies Sindy,

File attached,
You do not have the required permissions to view the files attached to this post.
 
sindy
Forum Guru
Forum Guru
Posts: 3809
Joined: Mon Dec 04, 2017 9:19 pm

Re: PPPOE Server and VLAN Issue

Mon Jun 10, 2019 11:37 am

Strictly speaking that's no capture file, it is a screenshot of the sniffer output, which however shows that you do respond to the incoming PPPoE discovery frames but the client most likely doesn't react to these responses and starts sending the requests again.

So sniff into a file, download the file and open it with Wireshark. It will tell you whether what comes from the client is always PADI (which is 99% sure to be the case as the dst-mac is a broadcast one) and what you respond is PADO. I can theoretically imagine that the client doesn't say in PADI which service it wants to connect to although it has one configured, and then it dislikes the service name you offer in PADO because it doesn't match its configuration, but it is quite unlikely, so I vote for an L1 or L2 error in the direction from you to the client - from dirty fiber through broken laser in your SFP to misconfiguration on fiber provider's switches.

As the sniff shows that you try with just a single client, that one may also be broken itself.

Also your SFP may cry too loud for he sensitivity of the opposite one and the fiber attenuation.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
Banzai007
just joined
Topic Author
Posts: 8
Joined: Fri Mar 29, 2019 1:09 pm

Re: PPPOE Server and VLAN Issue

Mon Jun 10, 2019 11:49 am

Thanks Sindy,

That was my thought the entire time, Thank you for ensuring my sanity remains intact,
 
sindy
Forum Guru
Forum Guru
Posts: 3809
Joined: Mon Dec 04, 2017 9:19 pm

Re: PPPOE Server and VLAN Issue

Mon Jun 10, 2019 11:56 am

So you're arguing with the fiber provider and they keep telling you it's your fault, and you wanted a second opinion :) ? The only way out is to connect another switch with an SFP instead of their switch and connect a PPPoE client to it (or run a PPPoE client on it if it is not just a switch). If it works, it's their SFP or further; if it doesn't, it's your SFP or the fiber path.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
Banzai007
just joined
Topic Author
Posts: 8
Joined: Fri Mar 29, 2019 1:09 pm

Re: PPPOE Server and VLAN Issue

Mon Jun 10, 2019 12:11 pm

Sindy,

Thanks, we been fighting for more than an month with this ISP and they keep pointing to our equipment no matter how much logs i send them proving its their side,

SO Plan of action I am taking an RB2011UiAS-Rm to our datacentre, connecting the SFP port to the CCR1036's SFP2 and setting up an PPPOE client on that port,
If it connects then I can send the logs to our provider and proof to them its not our side,
 
Banzai007
just joined
Topic Author
Posts: 8
Joined: Fri Mar 29, 2019 1:09 pm

Re: PPPOE Server and VLAN Issue

Mon Jun 10, 2019 4:23 pm

Thanks Sindy,

I took the RB2011 to our datacantre, configured it with PPPOE client on SFP1 port, unplugged SFP2 on the CCR1036 which my provider was plugged into and plugged and fibre patch lead in from sfp1 to sfp2 , pppoe authentication worked, then made an VLAN on the RB2011 SFP1 that match the vlan on the CCR1036 SFP2 and put the pppoe client on that vlan, again connected with no issues,

Moved the rb2011 to the providers cabinet and plugged their fibre into the CCR1036 and into the RB2011, again all the ppoe sessions authenticated no problem,

So in the end we have confirmed the problem is on the providers side, and their IT team is now looking at it.

Thank you for all your help Sindy!!!!

Who is online

Users browsing this forum: No registered users and 88 guests