I have a requirement for this exact same situation.
FTTP with /29 via PPPoE.
When connecting one cisco firewall, pppoe always gives one (router) address in the /29 to the outside interface, and i get a default gateway, and I can NAT the other addresses perfectly on the outside.
I want to site a second firewall along side the cisco firewall, and each have an address in my /29.
ISP offers no help or support or will even confirm if its possible. They simply don't know anything other than the router they supply, and i can't speak to a technically competent person.
If I connect a basic switch inline, PPPoE on the Cisco firewall works as usual. Adding a second firewall with IP configured in the /29 does not arp or route. I have not wiresharked, perhaps I should?
Connecting a CRS326 as PPPoE Client will authenticate and obtain the address that the firewall gets on authentication. Having other static IP addresses in the /29 on the outside of either firewall will not route to the CRS326 or to the wider internet. Nothing ARPs, and nothing routes, only the CRS326 with the PPPoE to the Internet.
I have tried with a bridge, in a VRF, and VLAN. I have struggled to find an exact config for this scenario. I'm going to try a cisco router when i can borrow a suitable device, I've more time with Cisco devices under my belt, than with Mikrotik. Would prefer to use the mikrotik I have or buy something suitable, if it isn't.
Help received with thanks.
FTTP with /29 via PPPoE.
When connecting one cisco firewall, pppoe always gives one (router) address in the /29 to the outside interface, and i get a default gateway, and I can NAT the other addresses perfectly on the outside.
I want to site a second firewall along side the cisco firewall, and each have an address in my /29.
ISP offers no help or support or will even confirm if its possible. They simply don't know anything other than the router they supply, and i can't speak to a technically competent person.
If I connect a basic switch inline, PPPoE on the Cisco firewall works as usual. Adding a second firewall with IP configured in the /29 does not arp or route. I have not wiresharked, perhaps I should?
Connecting a CRS326 as PPPoE Client will authenticate and obtain the address that the firewall gets on authentication. Having other static IP addresses in the /29 on the outside of either firewall will not route to the CRS326 or to the wider internet. Nothing ARPs, and nothing routes, only the CRS326 with the PPPoE to the Internet.
I have tried with a bridge, in a VRF, and VLAN. I have struggled to find an exact config for this scenario. I'm going to try a cisco router when i can borrow a suitable device, I've more time with Cisco devices under my belt, than with Mikrotik. Would prefer to use the mikrotik I have or buy something suitable, if it isn't.
Help received with thanks.
Statistics: Posted by TheSentridoh — Sun Mar 17, 2024 6:18 am