After learning the basics of PPPoE, we need to learn some applications of PPPoE protocol. Today, we will introduce how to use ROS to build a PPPOE server and implement operations such as dial-up authorization and bandwidth limit on Intranet machines through account management.
Step 1: Create an address pool
The so-called address pool is a dial-up IP address allocated to the customer by the server after the user dials the server. This IP address is used to achieve Internet sharing. It is assumed that the IP address segment is 10.0.0.0/24.
- [admin@MikroTik] > ip pool
- [admin@MikroTik] /ip pool> add name=pppoe ranges=10.0.0.2-10.0.0.254
- [admin@MikroTik] /ip pool> print
- # NAME RANGES
- 0 pppoe 10.0.0.2-10.0.0.254
Create an address pool named "pppoe"
Step 2 of building a PPPOE server using ROS: create a user type
The user type is a user group, which first classifies users based on bandwidth.
- [admin@MikroTik] > ppp
- [admin@MikroTik] /ppp> profile
- [admin@MikroTik] /ppp profile> print
- Flags: * - default
- 0 * name="default" use-compression=default use-vj-compression=default
- use-encryption=default only-one=default change-tcp-mss=yes
- 1 * name="default-encryption" use-compression=default
- use-vj-compression=default use-encryption=yes only-one=default
- change-tcp-mss=yes
- [admin@MikroTik] /ppp profile>
In the initial state, two default attribute types are available: "default" and "default-encryption", which are not allowed for deletion.
Assume that we need to add two user groups with bandwidth of KB and 1 Mbit/s.
- [admin@MikroTik] /ppp profile> add name=512K local-address=10.0.0.1 remote-address=pppoe dns-server=61.139.2.69 rate-limit=512K/512K only-one=yes idle-timeout=00:10:00
- [admin@MikroTik] /ppp profile> add name=1M local-address=10.0.0.1 remote-address=pppoe dns-server=61.139.2.69 rate-limit=1M/1M only-one=yes idle-timeout=00:10:00
- [admin@MikroTik] /ppp profile> print
- Flags: * - default
- 0 * name="default" use-compression=default use-vj-compression=default
- use-encryption=default only-one=default change-tcp-mss=yes
- 1 name="512K" local-address=10.0.0.1 remote-address=pppoe idle-timeout=10m
- use-compression=default use-vj-compression=default
- use-encryption=default only-one=yes change-tcp-mss=default
- rate-limit=512K/512K dns-server=61.139.2.69
- 2 name="1M" local-address=10.0.0.1 remote-address=pppoe idle-timeout=10m
- use-compression=default use-vj-compression=default
- use-encryption=default only-one=yes change-tcp-mss=default
- rate-limit=1M/1M dns-server=61.139.2.69
- 3 * name="default-encryption" use-compression=default
- use-vj-compression=default use-encryption=yes only-one=default
- change-tcp-mss=yes
Local-address refers to the server address for IP address allocation, which serves as the gateway for the customer to access the Internet after dialing, fill in the remote-address field in the address pool PPPOE created in step 1. When the customer dials, the server will assign an idle IP address from the address pool to the customer. The rate-limit bandwidth limit value, the only-one parameter is used to determine whether an account can be used by multiple customers at the same time. The idle-timeout parameter is the time after the user has no traffic, will be automatically disconnected from the server.
Step 3 of creating a PPPOE server using ROS: Create account information
Assume: Add a K account and a 1 m account
- [admin@MikroTik] /ppp profile> /
- [admin@MikroTik] > ppp secret
- [admin@MikroTik] /ppp secret> add name=111 password=111 profile=512K service=pppoe
- [admin@MikroTik] /ppp secret> add name=222 password=222 profile=1M service=pppoe
- [admin@MikroTik] /ppp secret> print
- Flags: X - disabled
- # NAME SERVICE CALLER-ID PASSWORD PROFILE REMOTE-ADDRESS
- 0 111 pppoe 111 512K
- 1 222 pppoe 222 1M
Step 4 of building a PPPOE server using ROS: Create a PPPOE Server
- [admin@MikroTik] /ppp secret>/
- [admin@MikroTik] > interface pppoe-server server
- [admin@MikroTik] /interface pppoe-server server> add service-name=pppoe interface=lan defaultdefault-profile=default-encryption one-session-per-host=yes
- [admin@MikroTik] /interface pppoe-server server> print
- Flags: X - disabled
- 0 X service-name="pppoe" interface=lan max-mtu=1480 max-mru=1480 mrru=disabled
- authentication=pap,chap,mschap1,mschap2 keepalive-timeout=10
- one-session-per-host=yes max-sessions=0
- defaultdefault-profile=default-encryption
- [admin@MikroTik] /interface pppoe-server server> enable 0
- [admin@MikroTik] /interface pppoe-server server> print
- Flags: X - disabled
- 0 service-name="pppoe" interface=lan max-mtu=1480 max-mru=1480 mrru=disabled
- authentication=pap,chap,mschap1,mschap2 keepalive-timeout=10
- one-session-per-host=yes max-sessions=0
- defaultdefault-profile=default-encryption
Explain the related parameters:
Interface specifies the Intranet Nic and provides the NIC interface of the PPPOE server, max-mtu and max-mru maximum transmission units and maximum receiving units. If some websites cannot be accessed, you can modify this parameter a little, such as 1460. Whether one-session-per-host limits the number of sessions at the same time on the host is based on the physical address. If yes, it indicates that when a new session is created, The old session will be disconnected and used with The keepalive-timeout parameter: "The default keepalive-timeout value of 10 is OK in most cases. if you set it to 0, the router will not disconnect clients until they explicitly log out or the router is restarted. to resolve this problem, the one-session-per-host property can be used"
ROS has built a PPPOE server. If you want to allow all users to access the Internet through PPPOE and do not allow users to access the Internet using static addresses, you can perform the drop operation on the ip address range 192.168.1.0/24 configured on the Intranet in ip-firewall-filter. As this operation involves the firewall function, it will be described later, this section describes how to build a PPPOE server.
If you are using winbox to connect to ROS, all the above commands can be directly pasted in the "new terminal" on the main menu of winbox.