Trying to understand the concepts of the IPoE.

[osvaldotcf]

I'm trying to understand the concepts of the IPoE.
Could you give me some more concrete example?
I need vlan on CPE of my customers?
As the customer picks up his valid ip?
If i use vlan, i shoud be use /30 IPs?

Is this a correct aprouch:
A customer has a CPE ubiquiti, configured with a VLAN, its AP has the same VLAN forming a bridge, follows, the AP connected to a Mikrotik RouterBoard acting as DHCP relay, the mikrotik is routing to the ACCEL-PPP server that is configured that will IPoE raise a vlan for that client using Freeradius information.
Should I use IP / 30?

Can you give me a more concrete explanation, thank you.

[Dmitry]

please look here http://accel-ppp.org/forum/viewtopic.ph ... =467#p1467

[osvaldotcf]

please look here http://accel-ppp.org/forum/viewtopic.ph ... =467#p1467

Excuse me.
I read the review and translate from Russian to English the link sent in review.
The Information of configuration is clear, which is not clear is the equipment involved and their roles.

The IPoE not have much information on the internet, just found a speck of information that seemed quite private from Cisco.

Could you explain in a concrete example involving an ISP wireless network?
Thank you.

[Dmitry]

sorry, I can't explain concrete example involving an ISP wireless network, I'm not ISP

I can explain you what accel IPOE is able and what is unable to do for you and how to configure it for your concrete network environment

i don't understand from your description which way Mikrotik RouterBoard is routing to accel-ppp, is it L2 or L3, or by other words is it switch or router ?
and i don't understand what do you mean by "that will IPoE raise a vlan for that client"

so please make more exact description of your environment and your vision how it should work

[osvaldotcf]

A routed network, having the following configuration:

[host1] linked to
[router (rb mikrotik as router with dhcp relay)] linked to
[accel-ppp server (IPoE)] with link to the [Internet] and [RADIUS server (freeradius)]

[host2] linked to
[router (rb mikrotik as router with dhcp relay)] linked to
[accel-ppp server (IPoE)] with link to the [Internet] and [RADIUS server (freeradius)]

The Mikrotik can send the data of dhcp option 82 to accel-ppp.

host1 and host2 linked to ports from same bridge of the RB Mikrotik.

What will happen?
The Mikrotik RB, as accel-ppp relay (IPoE), will send the configured IP on RADIUS from accel-ppp to host1 and host2?

host1 and host2 will be isolated?

Thank you and sorry for any inconvenience.

[Dmitry]

The Mikrotik RB, as accel-ppp relay (IPoE), will send the configured IP on RADIUS from accel-ppp to host1 and host2?

yes, it is
my point of vision how it works:
1. host sends DHCP Request
2. rb mikrotik relays it to accel
3. accel requests RADIUS
4. if Access-Accept then sends DHCP Ack to host via rb mikrotik

host1 and host2 will be isolated?

what do you mean by isolation ?
as i understand your customers are in separated vlans, so there is no L2 connectivity
L3 connectivity is controlled by routing rules and iptables, so it is in your hands

[osvaldotcf]

At some point of information, I understood that the accel-ppp would create VLANs as user configuration or use IP Unnumbered.

My network is routed, L3. I can not configure VLANs from CPE to the accel-ppp.

What security options the accel-ppp offer in L3 mode?
What advantages and characteristics (I know there are some) for an authenticated DHCP connected to the RADIUS as some routers offer?

In L3, the accel-ppp control authentication and shapper or anything else?

I am very grateful to you for your information.

[Dmitry]

At some point of information, I understood that the accel-ppp would create VLANs as user configuration or use IP Unnumbered.

both your statements are true, but behavior depends of context

yes, accel may brings up vlans for you, this function is called "vlan monitor", but it is utility function, to simplify your life
its function is monitoring some parent interface(s) and look if there is VLAN packets and automatically create and delete vlan interfaces
so it is useful if you have tons of vlans

IP unnumbered is supported too, in such case customer gets IP with mask, but on server side accel creates /32 route and acts as arp proxy
but it is useful in L2 environment, not sure which way it would work in L3

What security options the accel-ppp offer in L3 mode?

what do you mean by security ?
what kind of security are you expecting ?

What advantages and characteristics (I know there are some) for an authenticated DHCP connected to the RADIUS as some routers offer?

sorry, i have no info regarding such offers and what "authenticated DHCP connected to the RADIUS" means

in case of accel, usually Option 82 is identifier of customer (but it can be mac address too), so you have to construct predictable Username by extracting Option 82 data (accel provides functions for that)
then accel may request Radius to authenticate and authorize this Username or may use local chap-secrets file
Radius may provide IP address fro customer or just authenticate it and IP will be allocated from static pool
if you used PPP before, almost same things are applied to IPOE
if Radius rejects Username then customer doesn't get IP and can't work in your network
alternatively Radius may provide temporary IP, accel will put it into ipset and you can setup http redirect to some informative or login page (this is called L4 redirect)

In L3, the accel-ppp control authentication and shapper or anything else?

yes, mostly authentication and shapper