Hi all, I have a requirement to connect multiple VRFs using PPPoE credentials on different vrfs. The issue is that the PPPoE all need to be in the same VLAN and VDOM if possible.
How can this be done as I've come against duplicate VLAN ID errors when trying to set it up?
I don't think it's physically possible regardless if it's FGT or any other vendor's routers/firewalls whatever. Because PPPoE comes over Ethernet (or VLAN in your case). And that Ethernet (VLAN in your case) needs to have a credential bound to it and there is no way to differentiate if one PPPoE session attempt is A instead of B or C.
I'm assuming those three are coming from three different physical circuits/vendors (because it's impossible to do that on the same circuit from one vendor). And you must be aggregating those into your VLAN on the FGT. That design wouldn't work. You need to separate them and put them on different VLANs before coming to the FGT over one ethernet. Then you can configure those credentials on each VLAN.
Toshi
Ok Thanks. I have it working on a Cisco ISR router using the same physical interface with the PPPoE "dialers" in different VRFs. I wanted to eliminate the need for the Cisco
I think, even with Cisco, each dialer needs to be bound to different interface/vlan like below.
interface GigabitEthernet0/1.500
encapsulation dot1q 500
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/1.600
encapsulation dot1q 600
pppoe-client dial-pool-number 2
Toshi
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.