<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7652.24">
<TITLE>Re: [rbak-nsp] PPPoE tunnel and Firewall</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<P><FONT SIZE=2>There are devices on the market which allow you to manipulate traffic inside PPPoE but these are generally<BR>
limited to applications such as traffic rate control (i.e P2P shaping)<BR>
<BR>
Traditionally, protecting subscribers from eachother is done where the PPP terminates, in your case, if your requirement is simple enough , you can implement this protection as an ACL on the subscriber interface of the BRAS.<BR>
<BR>
Hope this helps,<BR>
<BR>
------------------------------------------------<BR>
David Freedman<BR>
Group Network Engineering<BR>
Claranet Limited<BR>
<A HREF="http://www.clara.net">http://www.clara.net</A><BR>
<BR>
<BR>
<BR>
-----Original Message-----<BR>
From: redback-nsp-bounces@puck.nether.net on behalf of Masood Ahmad Shah<BR>
Sent: Thu 7/24/2008 21:32<BR>
To: redback-nsp@puck.nether.net<BR>
Subject: [rbak-nsp] PPPoE tunnel and Firewall<BR>
<BR>
I'm really getting confused while adding firewall for DSL subscribers. I<BR>
want to protect my PPPoE subscriber from malicious traffic. Adding a<BR>
firewall between DSLAMs and BRAS is kinda confused for me. The final<BR>
topology is going to be like<BR>
<BR>
<BR>
<BR>
<BR>
<BR>
CPEß------>DSLAMß-------àFirewallß------BRAS------->Ineternet<BR>
<BR>
<BR>
<BR>
>From CPE to BRAS is PPPoE tunnel. The question " Can firewall protect PPPoE<BR>
customers from malicious traffic while sitting in transparent mode in front<BR>
of BRAS". I wonder , firewall will skip the PPPoE tunnels traffic.<BR>
<BR>
<BR>
<BR>
If yes, than how do you guys protect BRAS internal traffic from one<BR>
subscriber to another.<BR>
<BR>
<BR>
<BR>
<BR>
<BR>
<BR>
<BR>
<BR>
<BR>
</FONT>
</P>
</BODY>
</HTML>