[c-nsp] PPPOE Filtering

Paul Stewart pstewart at nexicomgroup.net
Tue Dec 12 20:00:12 EST 2006 

Hmm.... That's interesting and didn't think of that to be honest... The
routed interface actually is a subinterface going towards a switch....

How would I separate the traffic onto two subinterfaces?  It's a 2621
router and 2924 switch ...

The subinterfaces are because of various other connections into the
switch that routing is required for... The only way I could think of
doing this is with two VLAN's again which the wireless equipment doesn't
support...

What I was really hoping to find was something similar to:

Access-list 100 permit pppoe ?? :)
Access-list 100 deny ip any any

Is there a trick to do the same kind of thing?  There's only one
physical interface from the wireless coming into the switch...

Thanks,

Paul


 

-----Original Message-----
From: Robert Blayzor [mailto:rblayzor at inoc.net] 
Sent: Tuesday, December 12, 2006 7:32 PM
To: Paul Stewart
Cc: Robert E. Seastrom; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] PPPOE Filtering

Paul Stewart wrote:
> The AP's don't understand VLAN'ing (Trango) but the AP's do understand

> pppoe filtering.  So, until earlier we figured we'd just flag the 
> access points to only permit PPPOE traffic.  Now we find out that this

> is possible but we manually must connect to each subscriber radio and 
> do it manually.... considering we have 500+ of them to do in the next 
> couple of months I was hoping for a way to filter PPP packets on the 
> routed interface facing the wireless access points.  The interface has

> to have an IP address on it still because the AP's are on the same 
> physical segment and must be reachable for management.


Use two different router interfaces?  One for management, one for PPPoE
term?  Since the wireless sounds like one big bridge why not just use
another LAN port or router interface to use the numbered IP for
management while using another unnumbered router interface for PPPoE?

--
Robert Blayzor, BOFH
INOC, LLC
rblayzor\@(inoc.net|gmail.com)
PGP: 0x66F90BFC @ http://pgp.mit.edu
Key fingerprint = 6296 F715 038B 44C1 2720  292A 8580 500E 66F9 0BFC

To define recursion, we must first define recursion.

More information about the cisco-nsp mailing list