Beware the Jabberwock - and PPPoE

OK. Maybe the headline is overstating the case a bit, as Point-to-Point Protocol over Ethernet (PPPoE) doesn't actually have "jaws that bite" and "claws that catch." Nevertheless, SOHO users of broadband services - and the enterprise managers who support these users - may be in for some unexpected confusion and surprises if they have to change their authentication method when accessing their favorite broadband provider.

Such happened to Steve when last week he got a proactive call (good thing) from his longtime ADSL provider advising him that he was being moved to a DSLAM that authenticated based on PPPoE rather than the Ethernet address of the attached NIC. It turns out that Steve was on a first - or maybe zeroth - generation DSLAM that was bridged. (As a further testament to the antiquity of the installation, there are two ports on the ADSL modem - one for Ethernet and one for ATM-25. And our guess is that 50% or fewer of our readers have a clue as to what ATM-25 is. And if ANYBODY is using ATM-25, please let us know and send pictures.)

As it turns out, the initial part of the cutover went fine. The tech support person who called was most helpful in reconfiguring the router for PPPoE, and the authentication seemed flawless. Further, there were some advantages to PPPoE. In the original implementation, every time a new computer (or router) was attached to the DSL modem, the service provider had to be notified of the new Ethernet address so the service would authenticate properly. This required time and trouble on the part of both Steve and the service provider. This problem was resolved, by the way, in recent years when routers were given the capability to spoof the Ethernet address to match whatever the service provider was expecting.

In a subsequent conversation with the service provider, it turns out that the move to PPPoE also had some significant advantages for the service provider and Steve. In particular, by moving to a later generation of equipment, Steve now could opt for faster (3M bit/sec downstream) or slower (roughly 256K bit/sec downstream) as opposed to the 1.5M-bit/sec-only option. Further, for many users, entering a username and password is a more friendly and familiar method of authentication than telling a device that it should advertise a fake Ethernet address to the network.

Then the fun part started, and we'll continue the story next time.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about 3M AustraliaHISNICSEC

Show Comments