How to Create a PPPOE Server & Link It to Netpap for Management

Go to Bridge and click New.

Create a Bridge called pppoe_bridge

Step 2:Create a Pool to assign customers. #

  • Go to IP > Pools
  • Click Add New
  • Give the pool a unique name preferably lowercase one word e.g pppoepool and create an ip range e.g 192.168.67.2-192.168.67.254

Step 3 Create PPP Profile #

  • Go to PPP tab on the left panel.
  • Navigate to Profiles and click Add New Profile
  • Give it a name ,specify a local address[gateway]and remote address[ip pool you have already created]

step 4:Create PPPOE SERVER #

  • Navigate to pppoe server tab
  • Click Add New

LINK PPP TO RADIUS CLIENT #

Navigate to the secrets tab.

Click PPP Authentication & Accounting

Connect to REMOTE Radius #

  • Click Radius Tab on the left menu panel
  • Click Add New use ADDRESS and secret Provided by Netpap.
  • Set timeout to 3000
  • Ensure Service is ticked to ppp

MIKROTIK DEPLOYMENT SCRIPT #

/ip pool add name=pppoepool1 ranges=172.16.0.1-172.16.254.254
/ppp profile add name=myisp local-address=172.16.0.1 remote-address=pppoepool1 

/ppp aaa  set use-radius=yes interim-update=00:05:00

/interface pppoe-server server add  interface=bridge disabled=no keepalive-timeout=100 service-name=myisp default-profile=myisp
/radius  add  service=hotspot,ppp  address=REMOTE SERVER  secret="SECRET" timeout=00:00:03.00


/ip firewall nat add chain=dstnat protocol=tcp dst-port=80  src-address-list=Expiry-Pool action=redirect  to-ports=8080

/ip service disable telnet
/ip service disable ftp

/ip firewall filter move [/ip firewall filter add chain=forward protocol=udp port=53 src-address-list=Expiry-Pool action=accept] 1

/ip firewall filter move [/ip firewall filter add chain=forward  src-address-list=Expiry-Pool action=drop] 1

/ip proxy set enabled=yes 

/ip proxy access add   action=deny redirect=remotebillingaddress


/ip firewall filter add chain=input in-interface=ether1 protocol=tcp dst-port=8080 action=drop comment="Secure webproxy"
/ip firewall filter add chain=input in-interface=ether1 protocol=udp dst-port=53 action=drop  comment="prevent dns amplification attack"
/ip firewall filter add chain=input in-interface=ether1 protocol=tcp dst-port=53 action=drop  comment="prevent dns amplification attack"

Powered by BetterDocs