PPPoE on VLAN in multiple VRFs

b_p_m · ‎11-14-2024

Hi all, I have a requirement to connect multiple VRFs using PPPoE credentials on different vrfs. The issue is that the PPPoE all need to be in the same VLAN and VDOM if possible.

How can this be done as I've come against duplicate VLAN ID errors when trying to set it up?

Toshi_Esumi · ‎11-14-2024

I don't think it's physically possible regardless if it's FGT or any other vendor's routers/firewalls whatever. Because PPPoE comes over Ethernet (or VLAN in your case). And that Ethernet (VLAN in your case) needs to have a credential bound to it and there is no way to differentiate if one PPPoE session attempt is A instead of B or C.

I'm assuming those three are coming from three different physical circuits/vendors (because it's impossible to do that on the same circuit from one vendor). And you must be aggregating those into your VLAN on the FGT. That design wouldn't work. You need to separate them and put them on different VLANs before coming to the FGT over one ethernet. Then you can configure those credentials on each VLAN.

Toshi

b_p_m · ‎11-14-2024

Ok Thanks. I have it working on a Cisco ISR router using the same physical interface with the PPPoE "dialers" in different VRFs. I wanted to eliminate the need for the Cisco

Toshi_Esumi · ‎11-14-2024

I think, even with Cisco, each dialer needs to be bound to different interface/vlan like below.

interface GigabitEthernet0/1.500
 encapsulation dot1q 500
 pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/1.600
 encapsulation dot1q 600
 pppoe-client dial-pool-number 2

Toshi

PPPoE on VLAN in multiple VRFs

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website