Community discussions

MUM Europe 2020
 
MakroTok
just joined
Topic Author
Posts: 5
Joined: Wed Dec 04, 2019 4:36 pm

Setting up a PPPoE server on VLAN

Wed Dec 04, 2019 8:05 pm

I'm testing software which goes as an add-on on routers. These routers are special insofar as they connect to uplink only via PPPoE on VLAN7 so I cannot just attach them to a regular switch and get started. (And I don't want to use these test-devices as my main router because of possible downtime and sometimes it's not even possible because of the existing infrastructure.)
My current setup includes a RasPi acting as the PPPoE server (using rp-pppoe), because of issues with the internal NIC (for which the driver seems to have issues in conjunction VLAN tagging) it is sending traffic untagged to an VLAN7 untagged port on a managed switch.
On the same switch I have a VLAN7 tagged port where I attach the test-device.
                                        Raspi                         Switch                  DeviceToBeTested
                                 +--------------------+     +-------------------------+     +------------------+
Internet <=> RealRouter <=DHCP=> ~ WiFi               |     |       tagged port VLAN7 = <=> = PPPoE VLAN7      |
                                 |                    |     |                         |     |                  |
                                 | PPPoE-Server =>LAN = <=> = untagged port VLAN7     |     |                  |
                                 +--------------------+     +-------------------------+     +------------------+
This setup works but I would like to simplify it for fellow developers to avoid needing a managed switch and a RasPi. I'm currently trying to setup a hEX to do the job but am struggling, problems starting already with the VLAN settings. I don't need anything fancy such a radius server because for testing one user can be used for all connections. The devices to be testest just have to get online...

Questions are like:
Tagging individual interface and creating a bridge out of the tagged ones, or creating a bridge first and taggig this one?
Can I uses the PPPoE server on the bridge or do I have to configure it per interface?
How do I have to configure routing for the PPPoE clients?

I would like the result be like (being not even sure it this is a feasible approach):
                                               hEX
                                 +---------------------------------+
Internet <=> RealRouter <=DHCP=> = ether1                   ether2 = <=> Used_to_manage_the_hEX
                                 |                                 | 
                                 | PPPoE-Server => VLAN7 +- ether3 = <=> DeviceToBeTested_001
                                 |                       +- ether4 = <=> DeviceToBeTested_002
                                 |                       +- ether5 = <=> DeviceToBeTested_003
                                 +---------------------------------+ 
Another idea would be (as said not really knowing if I mix up things here) to be able to use ether2-ether5 for PPPoE if a tagged device is attached and for accessing the hEX when untagged.
This would simplify it even more because the users of this setup wouldn't have to care which port can be used for what.

Having read a lot of HowTos I might have grasped the concepts but it seems I can't get it to run.
Because I'm not really sure what is not working my next step would be to try to replace the RasPi functionality first and then try to do the same with VLANs.
The setup is NOT security relevant, VLAN is only required because of the devices to be tested.

Any help would be greatly appreciated. I can provide the current rp-pppoe configuration (from the RasPi) if this would be of any help.
 
MakroTok
just joined
Topic Author
Posts: 5
Joined: Wed Dec 04, 2019 4:36 pm

Re: Setting up a PPPoE server on VLAN  [SOLVED]

Mon Dec 09, 2019 11:41 am

After some fiddling I got it working. All LAN interfaces can be used either for PPPoE or to access the hEX to configure it.
The rules for the firewall filter are used to make the hEX reachable as a DNS server (which it was not before since the PPPoE interfaces are not regarded as LAN).
See: viewtopic.php?f=13&t=154556#p763949
/interface bridge
add arp=proxy-arp name=bridge_pppoe protocol-mode=none

/interface vlan
add interface=ether2 name=vlan7_ether2 vlan-id=7
add interface=ether3 name=vlan7_ether3 vlan-id=7
add interface=ether4 name=vlan7_ether4 vlan-id=7
add interface=ether5 name=vlan7_ether5 vlan-id=7

/ip pool
add name=pppoe-pool ranges=192.168.200.2-192.168.200.254

/ppp profile
add local-address=192.168.200.1 name=pppoe-profile remote-address=pppoe-pool

/interface bridge port
add bridge=bridge_pppoe interface=vlan7_ether2
add bridge=bridge_pppoe interface=vlan7_ether3
add bridge=bridge_pppoe interface=vlan7_ether4
add bridge=bridge_pppoe interface=vlan7_ether5

/interface pppoe-server server
add authentication=pap default-profile=pppoe-profile disabled=no interface=\
    bridge_pppoe one-session-per-host=yes service-name=TestPPPoE

/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN src-address=\
    192.168.200.0/24

/ip firewall filter
add chain=input action=accept src-address=192.168.200.0/24 protocol=tcp dst-port=53 place-before=5
add chain=input action=accept src-address=192.168.200.0/24 protocol=udp dst-port=53 place-before=5

/ppp secret
add name=testuser password=test profile=pppoe-profile service=pppoe

Who is online

Users browsing this forum: Google [Bot] and 27 guests