[c-nsp] PPPOE Filtering
Paul Stewart
pstewart at nexicomgroup.net
Tue Dec 12 16:24:53 EST 2006
This topic came up on this list before and now I'm implementing it
tomorrow with a few surprises heheee .. never fails...
Long story short, this is for wireless site (a few access points serving
about 50 fixed wireless customers)....
The AP's don't understand VLAN'ing (Trango) but the AP's do understand
pppoe filtering. So, until earlier we figured we'd just flag the access
points to only permit PPPOE traffic. Now we find out that this is
possible but we manually must connect to each subscriber radio and do it
manually.... considering we have 500+ of them to do in the next couple
of months I was hoping for a way to filter PPP packets on the routed
interface facing the wireless access points. The interface has to have
an IP address on it still because the AP's are on the same physical
segment and must be reachable for management.
This is unlike our Motorola wireless where the gear supports VLAN for
management and we'll separate it out and run an unnumbered PPPOE
interface from our equipment towards the subscriber VLAN at that
point..;)
Thanks in advance,
Paul
-----Original Message-----
From: Robert E. Seastrom [mailto:rs at seastrom.com]
Sent: Tuesday, December 12, 2006 4:17 PM
To: Paul Stewart
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] PPPOE Filtering
"Paul Stewart" <pstewart at nexicomgroup.net> writes:
> Hi there...
>
> Simple question, hopefully I'm being dumb..;)
>
> I'm looking for a simple way in an access-list to filter out
> everything but PPPOE on a routed interface... can this be done?
> Prefer access-list method if possible...
Well, you could always take off the IP address, since PPPoE is at the
mac layer not the IP layer... which of course raises the question about
the "routed interface".
Are you sure that what you are interested in isn't actually PPPoE inside
L2TP from a LAC somewhere? That rides on UDP/1701.
---Rob
More information about the cisco-nsp
mailing list