Hi there I am trying to move everything on my wisp network over to mikrotik. I am going to put a router at every tower location with pppoe to dish out the ip's and do shaping.

First off I need to know if certain routers do not work well with pppoe. I have used cheap d-link and have had a bit of trouble with them. People are having to reset the router every little while for it to reconnect the session. Wondering if I am missing a setting somewhere, or if I should go to a different brand and model of wired and wireless router.

Secondly, at the moment, the whole network is bridged and switched. I need to place the mikrotik routers at every tower location, have the customers still work, and slowly migrate each one to pppoe. Once everyone is switched over, I can block anyone that does not use pppoe. How do I allow everyone to pass through the router, and have pppoe running while I do the switches.

Next, Is there any custom settings I should use with pppoe over wireless? I mean to tweak the performance and/or keep the uptime on the sessions better? MTU settings on the router and customer side? timeouts and idle times? things like that.

Any other suggestions would be appreciated.

Thank you.

Hi there I am trying to move everything on my wisp network over to mikrotik. I am going to put a router at every tower location with pppoe to dish out the ip's and do shaping.

That is largely what we do.

First off I need to know if certain routers do not work well with pppoe. I have used cheap d-link and have had a bit of trouble with them. People are having to reset the router every little while for it to reconnect the session. Wondering if I am missing a setting somewhere, or if I should go to a different brand and model of wired and wireless router.

Most work fine for PPPoE itself, but many have odd interactions with the various MAC-NAT methods used by common CPEs. In particular, you will want to make sure the routers include the "Host-Uniq" tag in their PADI packets.

We have generally had bad luck with Netgear and D-Link, and generally good luck with Trandnet, Sonicwall, and Linksys. It's really quite model and firmware version dependent though, so be sure to test thoroughly before deployment. Don't sell any particular CPE and router combination, until you know just what to expect.

Of course, using MT for the customer router and/or CPE dodges the issue entirely.

Secondly, at the moment, the whole network is bridged and switched. I need to place the mikrotik routers at every tower location, have the customers still work, and slowly migrate each one to pppoe. Once everyone is switched over, I can block anyone that does not use pppoe. How do I allow everyone to pass through the router, and have pppoe running while I do the switches.

You can initially use a centralised PPPoE server on your bridge, during the conversion process. Then when everyone in a particular segment is converted over, you can cut the PPPoE termination over to a local concentrator. Start by bridging your new MT aps into your network like you would a conventional AP; and once everyone on that AP is converted, break the bridge, and terminate their PPPoE at the AP.

Next, Is there any custom settings I should use with pppoe over wireless? I mean to tweak the performance and/or keep the uptime on the sessions better? MTU settings on the router and customer side? timeouts and idle times? things like that.

We have found that 1492 usually works well for the MTU, on both sides. There have been exceptional cases that needed to be handled individually, though. We usually use 10sec for a timeout, and we don't disconnect based on idle times.

You want to minimise packet-loss, and jitter, by stabilising the wireless networks as much as possible (fixed data rates, and so on).

Any other suggestions would be appreciated.

Thank you.

Keep as much of the individual users configurations in a central database as you can, doing whatever you can to avoid tying customers to a specific router/AP. Also, try to avoid eccentric configurations on your APs and routers, keep them easily reproducible. Radius is your friend.

If you can, assign IPs to as many users as possible from local pools, and announce those pools into your routing protocol as an aggregate, not as individual /32s. When a user needs a portable static IP, it is fine to announce their /32s, but try to keep those to a minimum.

--Eric

IMHO, PPPoE just confuses things. Our network is fully firewalled and NAT'td, with just simple static IP's assigned by the installer. If your CPE has the right IP and WEP key, you're on. MikroTik keeps it running smoothly with bandwidth control, and the ability to knock non-paying users offline.

Eric

Have to disagree with you there. PPPoE makes things alot simpler from managing a network standpoint. Set IP pools, let the router dish private IP's out to the people and assign a few publics. then you can walk away and let the router do the rest. The only downside I have run into is inconsistency of keeping a session open. I wish there was a way to make it more bulletproof.

Have to disagree with you there. PPPoE makes things alot simpler from managing a network standpoint. Set IP pools, let the router dish private IP's out to the people and assign a few publics. then you can walk away and let the router do the rest. The only downside I have run into is inconsistency of keeping a session open. I wish there was a way to make it more bulletproof.

You disagree with me, yet you acknowledge that you are having "inconsistency of keeping a session open". And from what i have read, you aren't the only one having trouble with PPPoE on Mikrotik. I've heard of users being dropped, problems with certain brands of routers, etc. Then I'm sure there are "social engineering issues", such as people using the wrong username/password combination, trying the wrong password too many times and getting locked out, etc.

In my opinion, without PPPoE, I can really just walk away from the customer's equipment once I've set the static IP, and basically never have to worry about them again.

Just my $0.02.

Eric

I changed over to PPPoe about 2 year ago and sure am glad that I did, with no IP address assigned to the wireless interface its a lot more complex than spoofing a mac address and putting in the right IP, also the less the customer has to set up the better ie IP addresses etc, once they have followed the PPPoe wizard and make the connection we control everything else. PPPoe also allows out users to use what ever device they want to on the network, as well as connect to any of the 10 transmitters around the city using the same user name and password.

If you ask me PPPoe is the only way to go.

IMHO, PPPoE just confuses things. Our network is fully firewalled and NAT'td, with just simple static IP's assigned by the installer. If your CPE has the right IP and WEP key, you're on. MikroTik keeps it running smoothly with bandwidth control, and the ability to knock non-paying users offline.

Eric

Ok, PPPoE has a learning curve, but what do you do about:

Customers that need a routable IP?
Customers that want to run servers?
Customers that multi-home?
Customers that connect to you from multiple directions?
Customers that need BGP?
Customers that bring their own IPs?
Customers that are ISPs in their own right?

NAT and static routing are fine (and very useful, don't get me wrong, I make use of both frequently), but neither scales well. Also, firewalling _can_ (when not done VERY carefully, and on a fine-grained basis) become quite the liability, especially if you have lawyer-minded customers.

WEP* I would outright dismiss as an access control mechanism, it is too easily defeated (either through direct cracking, or simply through dishonest customers). The only thing it is good for is the discouragment of the casual cracker, IMHO. It can help stop the clueless, but is nothing in the face of those who are determined. In addition to that, any system that depends on source MAC and/or IP addresses will be defeated by anyone, even those with very little clue, it's just too easy.

*WPA, and such, are somewhat better, but still don't protect you from bad customers.

I think it is far better to have simple configurations on network devices, and maintain the complex parts in central, well understood, safe and secure databases; than it is to configure one's network in a static, individual-config driven manner. PPPoE helps to facilitate such a design.

--Eric

Ok, PPPoE has a learning curve, but what do you do about:

Customers that need a routable IP?

No problem, Cisco PIX static rule with conduits.

Customers that want to run servers?

No problem, Cisco PIX static rule with conduits.

Customers that multi-home?

i.e. Two ISP's? Never had a problem.

Customers that connect to you from multiple directions?

Huh?

Customers that need BGP?

My customers are residential and small business. Why would they need BGP?

Customers that bring their own IPs?

My customers are residential and small business. Why would they bring their own IP's?

Customers that are ISPs in their own right?

An "in their own right ISP" wouldn't be caught dead buying bandwidth through a PPPoE connection.

NAT and static routing are fine (and very useful, don't get me wrong, I make use of both frequently), but neither scales well.

When/where did I say that I use static routes?

Also, firewalling _can_ (when not done VERY carefully, and on a fine-grained basis) become quite the liability, especially if you have lawyer-minded customers.

I simply use my firewall to provide NAT. I make no statement to my customers that my firewall guarantees security and assume no liability.

WEP* I would outright dismiss as an access control mechanism, it is too easily defeated (either through direct cracking, or simply through dishonest customers). The only thing it is good for is the discouragment of the casual cracker, IMHO. It can help stop the clueless, but is nothing in the face of those who are determined. In addition to that, any system that depends on source MAC and/or IP addresses will be defeated by anyone, even those with very little clue, it's just too easy.

Again, I disagree. I've never had a single stolen connection.

*WPA, and such, are somewhat better, but still don't protect you from bad customers.

Maybe we should agree that we disagree.

Eric

Customers that need a routable IP?

No problem, Cisco PIX static rule with conduits.

Customers that want to run servers?

No problem, Cisco PIX static rule with conduits.

That works, expensive, but good.

Customers that multi-home?

i.e. Two ISP's? Never had a problem.

Yet you NAT them, must not be doing BGP, or letting them bring their own IP space.

Oh, I see, you aren't.

Customers that connect to you from multiple directions?

Huh?

I.e. those that connect to more than one of your APs, or connect with both DSL (or somesuch) and Wireless. We have found redundant diverse load-sharing connections to be quite popular, makes the customers feel "safe", and some will pay $$$$ for that.

Customers that need BGP?

My customers are residential and small business. Why would they need BGP?

Customers that bring their own IPs?

My customers are residential and small business. Why would they bring their own IP's?

It's your market, do what works for you. We have a vast range of users around here, and go after them all.

Customers that are ISPs in their own right?

An "in their own right ISP" wouldn't be caught dead buying bandwidth through a PPPoE connection.

If it's unstable, or gives them MTU issues, as it can; then you are quite correct. If they have problems, they are quick to jump on "disreputable" protocols such as PPPoE. But most care more about how well the service works, not the specific technologies used. PPPoE is not fundamentally different from the PPP they run on T1s, and clueful users can be made to understand that.

The smaller (non-BGP) ones actually appreciate it, since they can have the same subnets delivered to them over various links, and at various locations, without any work on our part.

NAT and static routing are fine (and very useful, don't get me wrong, I make use of both frequently), but neither scales well.

When/where did I say that I use static routes?

I misconstrued "simple static IP's" as implying static routing, or at least as implying a static 'routing structure'. My bad, sorry.

Also, firewalling _can_ (when not done VERY carefully, and on a fine-grained basis) become quite the liability, especially if you have lawyer-minded customers.

I simply use my firewall to provide NAT. I make no statement to my customers that my firewall guarantees security and assume no liability.

Good, far too many providers leave things like that "in the grey".

WEP* I would outright dismiss as an access control mechanism, it is too easily defeated (either through direct cracking, or simply through dishonest customers). The only thing it is good for is the discouragment of the casual cracker, IMHO. It can help stop the clueless, but is nothing in the face of those who are determined. In addition to that, any system that depends on source MAC and/or IP addresses will be defeated by anyone, even those with very little clue, it's just too easy.

Again, I disagree. I've never had a single stolen connection.

Lucky you.

Maybe we should agree that we disagree.

Eric

Agreed.

--Eric

Going back to the Routers and thier settings. What should we be using specifically for routers. And if I can use D-Link what should I be putting in the pppoe settings for mode (always on, manual, connect-on-demand) and idle times. MTU is at 1492. I want to set them so even if a session drops, it reconnects quickly. Need the customer expirience to be pleasant.

set the pppoe server mtu's at 1450, set the d-link router "to always on", the d-link client will follow the mt pppoe server mtu settings, we have found 1450 to be most stable and even use them for our backhaul links with very good performance. PPPOE makes it simple in that when you want to change your network configuration you don't have to go to each client to change the ip addresses or gateway settings, just setup pppoe server with service name and users. EASY!

do I set the MRU the same?

we have throwen out all the d-link routers at our clients and changed to zyxel
and have no problems any more with pppoe - is is really running smooth

we changed to pppoe over 3 years ago and i am sure it was the right way to go - all the config and accounting is done in the radius database via web interface, no mor playing around on accespoints or routers....

we have throwen out all the d-link routers at our clients and changed to zyxel
and have no problems any more with pppoe - is is really running smooth

we changed to pppoe over 3 years ago and i am sure it was the right way to go - all the config and accounting is done in the radius database via web interface, no mor playing around on accespoints or routers....

Yes, but, how much did replacing all the routers cost you?

Would a Linksys wrt54gc work fine for pppoe? It has a decent price point, I can get them for 61$CAD. If they will work I am going to order 100 of them today lol.

it was worth changeing the routers - no problems any more ....
and we only use zyxel now - just a few linksys are left - they are working also after some firmwareupdates.....

we have throwen out all the d-link routers at our clients and changed to zyxel
and have no problems any more with pppoe - is is really running smooth

we changed to pppoe over 3 years ago and i am sure it was the right way to go - all the config and accounting is done in the radius database via web interface, no mor playing around on accespoints or routers....

What 'specific' problems did you have with the dlinks? We are considering switching to PPPoE but unfortunately have over 500 customers using dlinks, I'd hate to have to swap them all out. Even if we found a great deal on zyxel's for $30/router that's over $15,000.00 just to use PPPoE. We plan on doing some extensive testing, but I'd love to save some time and hear about the problems you had before going through the same...

Thanks in advance.

If I watch the session on Mikrotik, the Dlinks reconnect every littlw while (4min-10hours) and I get calls from customers saying they have no internet. Reboot the Dlink and away it goes again. The linksys on the other hand, no problems, sessions stay open for days before it reconnects.and I get no calls about them.

Thanks, that's helpful information, I can see the reason you wouldn't want to mess with the dlinks.

Which model(s) of dlink were you using or having a problem with?

Did you ever see if dlink tech support could help with that issue? Were you using the latest firmware?

Thanks for your responses.

I was using the latest firmware, was installing DI-604's. I am going to be switching to Linksys wrt54gC wireless routers for all of my installs.