PPPoE: The ISP’s Choice for Client Connections (and How to Set it Up)

/ Uncategorized / By
Spread the love

For Internet Service Providers (ISPs), managing thousands or even millions of client connections requires a robust and scalable solution. While simpler methods exist, many ISPs still rely on PPPoE (Point-to-Point Protocol over Ethernet) for its excellent control, billing integration, and session management capabilities.

From an ISP’s perspective, PPPoE offers:

  • Authentication: Clients must provide a username and password, ensuring only authorized users access the network.
  • Accounting: Detailed usage data (time connected, data transferred) can be logged, crucial for billing.
  • Dynamic IP Assignment: IPs can be assigned from a central pool, simplifying network management.
  • Session Management: Each client connection is a distinct session, making it easy to monitor and terminate individual users.

This post will guide you through setting up a PPPoE server on a MikroTik router (as an ISP) and then configuring a client MikroTik router to connect to it.

Part 1: Setting up the PPPoE Server (ISP Side)

Let’s assume your ISP router (MikroTik) has an interface connected to your client network (e.g., ether1-clients).

1. Create a PPPoE Server Interface: This tells the router to listen for PPPoE connection requests on a specific interface.

  • Go to PPP > PPPoE Servers.
  • Click + to add a new server.
  • Name: pppoe-server-clients (or descriptive name)
  • Interface: ether1-clients (the interface connected to your client network).
  • Default Profile: default-encryption (We’ll create a custom one next).
  • Check One Session Per Host to prevent multiple connections from a single device.

2. Create an IP Pool for Clients: This pool will assign IP addresses to your connected PPPoE clients.

  • Go to IP > Pool.
  • Click + to add a new pool.
  • Name: pppoe-client-pool
  • Addresses: 10.10.10.100-10.10.10.200 (Example range; adjust for your network).

3. Create a PPPoE Profile: Profiles define settings for client connections, such as IP addresses, DNS servers, and rate limits.

  • Go to PPP > Profiles.
  • Click + to add a new profile.
  • Name: client-profile
  • Local Address: 10.10.10.1 (This will be the gateway IP for clients)
  • Remote Address: pppoe-client-pool (Select the IP pool created earlier)
  • DNS Server: 8.8.8.8, 8.8.4.4 (Google DNS or your preferred DNS servers)
  • Rate Limit (rx/tx): 10M/10M (Optional: Set bandwidth limits for this profile. 10M for 10 Mbps.)
  • Only One: yes (Ensures only one active connection per user)
  • Optionally, you can enable Change TCP MSS to yes for better performance.

4. Create User Secrets (Client Credentials): Each client needs a unique username and password.

  • Go to PPP > Secrets.
  • Click + to add a new secret.
  • Name: client1_user
  • Password: secure_password123
  • Service: pppoe
  • Profile: client-profile

Part 2: Setting up the PPPoE Client (Client Side – MikroTik)

Now, let’s configure the client’s MikroTik router to connect to the ISP’s PPPoE server. Assume the client’s router has its WAN interface connected to the ISP’s network (e.g., ether1-wan).

1. Create a PPPoE Client Interface:

  • Go to Interfaces.
  • Click + and select PPPoE Client.
  • Name: pppoe-out1 (or descriptive name like ISP-WAN)
  • Interfaces: ether1-wan (the WAN interface connected to the ISP)
  • User: client1_user (The username created on the ISP’s server)
  • Password: secure_password123 (The password created on the ISP’s server)
  • Check Add Default Route (This makes the PPPoE connection the primary internet gateway).
  • Check Use Peer DNS (This will automatically get DNS servers from the ISP).
  • Click OK.

Once the client interface is up, it should get an IP address from the ISP’s pool, and you should see a new route in IP > Routes pointing to the internet.

Part 3: NAT for Client’s Local Network

Most client setups will involve a local network (e.g., 192.168.88.0/24) behind their MikroTik router, requiring NAT (Network Address Translation) to access the internet.

1. Add NAT Rule:

  • Go to IP > Firewall > NAT.
  • Click + to add a new rule.
  • Chain: srcnat
  • Out. Interface: pppoe-out1 (The PPPoE client interface)
  • Action: masquerade

This rule translates the private IP addresses of devices on the client’s LAN to the public IP assigned by the ISP, allowing them to browse the internet.

Buy Me a Coffee