PPPoE server

The PPPoE server in the LCOS can authenticate PPPoE clients, e.g., routers or clients such as PCs with an integrated PPPoE client.

Possible use cases:

• In a student residence hall, students should be allowed to install their own routers and authenticate centrally in the network at the PPPoE server; access rights and bandwidth limitations should be applied
• In an office building, multiple tenants should share a common Internet connection while using their own routers; access rights and routing rules should be defined; as cabling, for example, a fiber-optic network or an existing copper cable network can be used

In all scenarios, users should be authenticated, clearly separated from each other, and a rights concept should be enforced through rules.

PPPoE sessions can be accepted on LAN interfaces in the LCOS. PPPoE users can be authenticated via the integrated PPP user table or a RADIUS server. It is possible to first search for a user in the local PPP user table in the router and then query the RADIUS server in a second step. It is also possible to use only the local user table or only a RADIUS server (exclusive mode).

User attributes, such as the IP address or the IPv6 prefix (router advertisement and/or delegated DHCPv6 prefix), can either be taken from the local configuration or outsourced to a RADIUS server. A combination of local configuration and RADIUS is also possible, whereby attributes from the RADIUS server take precedence for the corresponding user.

For multiple users, the use of a RADIUS server is generally recommended, as it enables centralized user configuration. Both an external RADIUS server and the RADIUS server integrated in the LCOS can be used.

Access rights for individual PPPoE users can be implemented via the firewall (IPv4/IPv6).