BIG pppoe problems. HELP plz

franco · Sat Jan 21, 2006 11:18 am

Hello,
I have a great problem.
I use MT with the version 2.9.10. Everybody dials in with pppoe. Everything runs except for a thing perfectly.
I have customers that have a Linksys WRT54G router. This dials in about pppoe.
Sometimes this equipment causes problems and tries to build up hundreds of pppoe connections and takes the MT to fall out.
I can see his Mac address, far nothing.
I can forbid to let build up several connections ??
Help please

hci · Sat Jan 21, 2006 8:05 pm

In 2.8

[admin@router] interface pppoe-server server>set one-session-per-host=yes

Not sure on 2.9 release.

Matt

franco · Sat Jan 21, 2006 11:04 pm

It is the problem that MT does not recognize it.
One Session is only if one logged in already not if one wants to log in first.
This has not solved my problem.
I need help urgents

franco · Tue Jan 24, 2006 5:28 pm

nobody have an idea??

HarvSki · Tue Jan 24, 2006 6:14 pm

Maybe you need to allow PAP etc.

franco · Tue Jan 24, 2006 8:54 pm

I have activate PAP CHAP MSCHAP1 and 2 already.
This is not the problem.
Have you an other idea??

franco · Mon Jan 30, 2006 8:35 pm

two day's ago, I have the same problem again.
I need a solution.
Help me, please.

jager · Tue Jan 31, 2006 2:25 am

Well, i also have a strange one....

01:21:25 pppoe,info PPPoE connection established from 00:40:F4:D9:AD:08 
01:21:25 pppoe,ppp,info <pppoe-0>: waiting for call... 
01:21:27 pppoe,ppp,info <pppoe-0>: terminating... 
01:21:27 pppoe,ppp,info <pppoe-0>: disconnected 
01:21:33 pppoe,info PPPoE connection established from 00:40:F4:D9:AD:08 
01:21:33 pppoe,ppp,info <pppoe-0>: waiting for call... 
01:21:35 pppoe,ppp,info <pppoe-0>: terminating... 
01:21:35 pppoe,ppp,info <pppoe-0>: disconnected 
01:21:41 pppoe,info PPPoE connection established from 00:40:F4:D9:AD:08 
01:21:41 pppoe,ppp,info <pppoe-0>: waiting for call... 
01:21:43 pppoe,ppp,info <pppoe-0>: terminating... 
01:21:43 pppoe,ppp,info <pppoe-0>: disconnected 
01:21:49 pppoe,info PPPoE connection established from 00:40:F4:D9:AD:08 
01:21:49 pppoe,ppp,info <pppoe-0>: waiting for call... 
01:21:51 pppoe,ppp,info <pppoe-0>: terminating... 
01:21:51 pppoe,ppp,info <pppoe-0>: disconnected

But it never crashed my Mtik....
Crashing must be caused by something else...

savage · Tue Jan 31, 2006 6:07 am

Some of these, so called 'broadband routers' are VERY troublesome. I actually believe the WRT54G was one of the units that we had troubles with.

They simply do what they want, no questions asked. It's not a fault with MT, it's a fault with the hardware and some *really* weird incompatibility between certain PPPoE Servers. In *some* instances, we managed to get a few semi-stable by changing the MTU... It worked for some, for others, it didn't.

Had it before as well, spend extensive time debugging this, and the end result was that I stoped supporting these 'broadband routers' on the network.

They simply cause to much trouble.

jager · Tue Jan 31, 2006 1:04 pm

In my case, 00:40:F4:D9:AD:08 is the only MAC address that connects every few seconds. But, it connects and DISconnects! So, it does not locks up my Mtik, just filling up the log with trash. I can live with it

But, in franco`s case, that client connects, does not disconnect, and connects again, making every time a new connection... this is really weird

Is there any possibility to ban the client by MAC?
It should help franco, at least it will fix his problem for a while... until a new strange client shows up....

savage · Tue Jan 31, 2006 1:08 pm

Wireless registration tables?

jager · Tue Jan 31, 2006 1:19 pm

In my case, I have more than 30 APs in town and surrounding villages, and VLANs are configured on our Mtik with PPPoE for almost every AP. APs are very mixed by its manufacturer. Who the hell will manually open every AP and enter the MAC?

I did not mean to ban the MAC on AP, rather on PPPoE server

savage · Tue Jan 31, 2006 1:25 pm

If you make a effort to just look arround in Winbox a little, you will see that you can also firewall (input, output, forward chains), based on mac address.

Go punch the mac address in there, and drop protocol=pppoe ?

It's *really* not that difficult....

jager · Tue Jan 31, 2006 1:41 pm

Yap, you`re right, but it simply does not work

I made a rule in forward chain, in advanced typed in the MAC, and in action selected drop. In the list of available protocols, there is no pppoe, so I left it blank (all protocols).
Even then, this weird client comes every 5-6 seconds....

cmit · Tue Jan 31, 2006 1:43 pm

If I read your setup right, you are running the PPPoE server ON your MikroTik.
Then you better should place this MAC filter in the input chain rather than the forward chain...

Best regards,
Christian Meis

jager · Tue Jan 31, 2006 3:51 pm

YES, im running PPPoE server ON Mtik.
I changed the rule to be in input, but still without luck

cmit · Tue Jan 31, 2006 3:54 pm

Could you post the actual rule you have in your system?

Best regards,
Christian Meis

eflanery · Wed Feb 01, 2006 1:21 am

As a guess, the /ip firewall won't match on this since it's not IP, even though you can match MACs in there.

I would put the interface in a bridge group (even if it is the only one in there), run the PPPoE service on the bridge group, and block your problem MAC in /int bridge firewall (if 2.8) or /int bridge filter (if 2.9).

--Eric

jager · Wed Feb 01, 2006 2:38 am

I agree with Eflanery. The /ip firewall won't match on this since it's not IP.
I will try to play arround with bridge group and post here the results.
Thanx for your posts and help!

BIG pppoe problems. HELP plz

BIG pppoe problems. HELP plz

Who is online