[c-nsp] PPPOE Filtering

Paul Stewart pstewart at nexicomgroup.net
Tue Dec 12 20:02:39 EST 2006


It would if I could permit pppoe and deny all on everything else...:)

If I do it via ip ranges then there's nothing to stop someone from just
putting a static address on their computer and still surfing .. And I
need to leave an IP address on the interface so that I can reach the
equipment instead...

The only other thing I could do is convert the access points to private
IP space (which is redistibuted to the rest of our network anyways)
making the access-point reachable but if a customer put their own
private IP on their computer they couldn't get any further than our
network making their connection pretty much useless...

Some users are pretty smart and if they can put their own "static"
address up, they will...;)

Take care,

Paul
 

-----Original Message-----
From: Joe Maimon [mailto:jmaimon at ttec.com] 
Sent: Tuesday, December 12, 2006 7:44 PM
To: Paul Stewart
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] PPPOE Filtering



Paul Stewart wrote:

> Hi there...
> 
> Simple question, hopefully I'm being dumb..;)
> 
> I'm looking for a simple way in an access-list to filter out 
> everything but PPPOE on a routed interface... can this be done?  
> Prefer access-list method if possible...
> 

does using an ip access list denying everything but what you want and
doing pppoe on the interface work?



More information about the cisco-nsp mailing list