Static IPv4 on PPPoE

I just want to be sure, that this is correct.
My ISP gave me an IPv4 range (static) and I’ve to configure this. I have set up a PPPoE interface (pppoe3 on eth3) and I’ve also my internal lan interface (eth0). So, what I did was to set the router IP on the pppoe3 interface AND on the eth0 interface. So, both interfaces do have the same ip. Is that correct? (I know, that’s the correct way of configuring a Zyxel router, but I also know that this isn’t allowed for Cisco routers… my question now is, what’s the rule for VyOS?)

No, that is not correct.
Your LAN interface would be whatever range you want for your LAN.

For example, my PPPoE interface is 202.xx.xx.142/32 and my eth1 (LAN) interface is

Then I have a fireawll rule that NATs all traffic from the LAN to the IP address of the WAN (PPPoE interface)

I don’t use NAT… I’ve a static range for IPv4
and that’s why my pppoe3 interface has the ip 212.x.x.241 and my eth0 interface does also have the ip 212.x.x.241 … and the servers connected to the switch which is connected to eth0 are in the range 212.x.x.242 to 212.x.x.250 …

the question now is… is this ok to have the eth0 on the .241 which is the same as the pppoe3 interface or do I have to use another IP?

Hello @meiru, you definitely need to use another IP for eth0

so… then you say, a router needs 2 IPs? … an “outer” one (the routing ip towards the ISP) and an “inner” one (the one that my servers use as default gateway?) … isn’t this wasting IPs and… why would it be needed? (from an internal view point… from how routing tables work and stuff like that) … ?

if you create a bridge map a public ip to that bridge then plug in ur other router or firewall config a ip from that address space you should be fine.

You should be able to use same IP address on pppoe as on internal interface, as long as subnet masks are different. (pppoe should negotiate /32, internal you have /30 /29…)
Most ISPs will hand out a pppoe address in different range than your static range
and they will route this range to your /32 pppoe address

that’s what I have… pppoe with /32…

it’s interesting what you say, about that the pppoe is in a different range for “most” ISPs… because, all ISPs I got a pppoe connection from, did it in the way, that the first IP in the range was the IP reserved for the router :slight_smile:
maybe the practices are different from country to country?

it is my isp who i contract for time to time do GRE over IPSEC


No it is normal practice for ISPs to assign a /29 or greater to a PPPoE interface. and have the interior interface on the same as your pppoe/ dialer. All you do (in the IOS case) is set your dialer interface to assign via ipcp) and set the same on your internal interface.

From the Radius perspective, it’s just add a framed-ip-netmask VSA to your framed-ip-address to your customer’s attributes,

I too found it strange when I started working with this but from the ISPs perspective think of the alternative: maintaining a static route pointing to the prefix on your NASes with a next-hop of the CPEs /30 address? (Although looking at a customer’s IOS box I note that the dialer 1 has set itself up as /32)