LinITX Blog Ubiquiti & MikroTik Wireless Networking Experts
From time to time when working with our customers and doing consultancy for them we find that specific features are commonly requested. We were able to work with MikroTik and have the PPPoE server made VLAN aware as we were able to present to MikroTik the use case for it and show that other vendors provide this functionality.
Quite commonly in the UK ISP get their customer connections delivered over Q-in-Q which each customer is in their own VLAN. This creates an issue when delivering PPPoE to a large customer base as with MikroTik as until RouterOS 7.17 the only option was to create all the customer VLANs and bridge them together and run a PPPoE server on the Bridge interface (along with Bridge Filter rules) or to create one PPPoE server per VLAN interface. Its useful to also note at this point that when adding many VLANs into a single bridge RouterOS has a limit of 1024 interfaces in a single bridge
The config below, though can be automated, using scripts, shows how much additional configuration is required to create only 10 customer VLANs inside an VLAN interface and run PPPoE server on it. This does not scale well to larger deployments. This example configuration below does not include bridge filter rules needed to prevent Layer 2 traffic between the bridge ports which in a PPPoE deployment is also needed to prevent a rogue PPPoE server being added to the network.
/interface bridge add name=bridge-pppoe3001 /interface vlan add interface=ether1 name=outer-vlan3001 vlan-id=3001 add interface=outer-vlan3001 name=outer3001-vlan1 vlan-id=1 add interface=outer-vlan3001 name=outer3001-vlan2 vlan-id=2 add interface=outer-vlan3001 name=outer3001-vlan3 vlan-id=3 add interface=outer-vlan3001 name=outer3001-vlan4 vlan-id=4 add interface=outer-vlan3001 name=outer3001-vlan5 vlan-id=5 add interface=outer-vlan3001 name=outer3001-vlan6 vlan-id=6 add interface=outer-vlan3001 name=outer3001-vlan7 vlan-id=7 add interface=outer-vlan3001 name=outer3001-vlan8 vlan-id=8 add interface=outer-vlan3001 name=outer3001-vlan9 vlan-id=9 add interface=outer-vlan3001 name=outer3001-vlan10 vlan-id=10 /interface bridge port add bridge=bridge-pppoe3001 interface=outer3001-vlan1 add bridge=bridge-pppoe3001 interface=outer3001-vlan2 add bridge=bridge-pppoe3001 interface=outer3001-vlan3 add bridge=bridge-pppoe3001 interface=outer3001-vlan4 add bridge=bridge-pppoe3001 interface=outer3001-vlan5 add bridge=bridge-pppoe3001 interface=outer3001-vlan6 add bridge=bridge-pppoe3001 interface=outer3001-vlan7 add bridge=bridge-pppoe3001 interface=outer3001-vlan8 add bridge=bridge-pppoe3001 interface=outer3001-vlan9 add bridge=bridge-pppoe3001 interface=outer3001-vlan10 /interface pppoe-server server add disabled=no interface=bridge-pppoe3001 service-name=service1
With RouterOS 7.17beta2 comes this new feature:
*) pppoe - added support for PPPoE server over 802.1Q VLANs;
This means that a PPPoE server can now run on the outer-vlan interface and be configured to run on a set range or ranges of VLANs and also does not need any additional configuration to prevent communications between interfaces.
This now simplifies the whole configuration to the below and is now scalable for VLAN traffic.
/interface vlan add interface=ether1 name=outer-vlan3001 vlan-id=3001 /interface pppoe-server server add disabled=no interface=bridge-pppoe3001 pppoe-over-vlan-range=2-1024,3001-3095 service-name=service3001
