Is PPPoE over VLAN possible?

technononsense · January 24, 2025, 11:24am

Hi,

I'm currently running OpenWRT in a VM. It has one dedicated ethernet port from the server, that it uses to connect to my ISPs ONT (fibre to ethernet termination point). The connection to this is PPPoE.

What I'd like to do, is put a switch between the two. I currently have a Layer 2 switch configured for various VLANs, but trying it out doesn't give me any success, so far.

So the question is: Is this possible? Is it that my config needs work or is this technically incorrect?

Borromini · January 24, 2025, 11:30am

My ISP requires a tagged connection with PPPoE, so nothing extraordinary. OpenWrt router directly behind the ONT.

You should share your config, impossible to troubleshoot without.

brada4 · January 24, 2025, 12:09pm

You just type pppoe backing device as wan.1234 and it is done. If you need to adjust MTU-s then you add Q vlan to wan and use that device as pppoe backing device.

nicefile · January 24, 2025, 12:45pm

Yes. It working for me this way. Single port is used for both LAN and WAN (via VLAN + PPPoE). Just make sure ONT is exposing same VLAN number via ethernet port as it is used on your VM

technononsense · January 24, 2025, 2:15pm

Ok cool. Sounds like a config issue on my part

Could someone take a look over my config and call out any mistakes?

Connecting the ONT directly to eth1 establishes the PPPoE connection. All good. However, connecting the ONT to my switch (config below), then using VLAN interface eth0.101 fails to connect. I've tried rebooting the ONT and the interfaces to ensure there's no impact by just swapping the cable, but no luck.

note: my PPPoE doesn't require a password.

/etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd80:76a9:2cbe::/48'

config device
	option type '8021q'
	option ifname 'eth0'
	option vid '2'
	option name 'eth0.2'
	option ipv6 '0'

config device
	option type '8021q'
	option ifname 'eth0'
	option vid '3'
	option name 'eth0.3'
	option ipv6 '0'

config interface 'Main'
	option proto 'static'
	option device 'eth0.2'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	list dns '1.1.1.1'

config interface 'IoT'
	option proto 'static'
	option device 'eth0.3'
	option ipaddr '192.168.2.1'
	option netmask '255.255.255.0'

config interface 'WAN'               # This works 
	option proto 'pppoe'
	option device 'eth1'
	option username 'notmyrealusername'
	option ipv6 'auto'

config interface 'PPPoVLANTest'      # This fails to connect
	option proto 'pppoe'
	option device 'eth0.101'
	option ipv6 'auto'
	option username 'notmyrealusername'

config device                        # VLAN interface I'm using for PPPoE via switch 
	option type '8021q'
	option ifname 'eth0'
	option vid '101'
	option name 'eth0.101'

I've tcpdump'd the eth1 interface to check for a VLAN tag on the packets from the ONT, but don't see one, and eth1 is working without one configured.

My switch is configured with VLAN101:

Port 1 connected to the ONT, configured as a untagged (aka access port). All traffic should be tagged with VLAN 101
Port 2 & 3 are connected to my servers. Both are configured as tagged for VLAN101.

tcpdumping the eth0.101 interface (when connected to the switch) shows the PPPoE PADI, but no response from the ONT.

I think it's time to figure out switch port mirroring, unless anyone can point out something in my config or logic.

mk24 · January 24, 2025, 2:31pm

Usually you'll also need to set up the host / hypervisor networking so the VLAN will switch through. Or you can let the hypervisor do the tagging to the physical port and present the virtual port as untagged. Such things are outside the scope of this forum.

technononsense · January 24, 2025, 2:58pm

Yes, that's configured already. My 'LAN' ports in OpenWRT are actually connected to a Linux bridge on the hypervisor and then trunked to my physical switch. There are no connectivity issues with the existing VLANs configured this way.

nicefile · January 24, 2025, 7:08pm

never owned managed switch (yet). But under OpenWrt interfaces must be bridged like in my setup. Then on router side wan.9 is pppoe device and wan is bridged with other ports into br-lan
below my vdsl2 modem bridge config:

config device
        option name 'dsl0.35'
        option type '8021q'
        option ifname 'dsl0'
        option vid '35'

config device
        option type '8021q'
        option ifname 'lan1'
        option vid '9'
        option name 'lan1.9'

config device
        option name 'br-wan'
        option type 'bridge'
        option mtu '1508'
        option ipv6 '0'
        list ports 'dsl0.35'
        list ports 'lan1.9'
        option multicast '0'

technononsense · January 31, 2025, 12:57pm

It turned out to be an issue with my switch. It was a d-link layer 2 that wouldn't connect. I've swapped it out for a Cisco, with the equivalent config and it worked immediately.

Thanks for the input guys

technononsense · January 31, 2025, 1:03pm

I've flagged this as the solution; It's what I first expected, but wasn't working. Now the switch is swapped out, it's how my working setup is configured.

system · February 10, 2025, 1:04pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.