D-Link DFL-1600 User Manual page 83

9.4. PPPoE 63
PPPoE interface
Since the PPPoE protocol runs PPP over Ethernet, the firewall needs to
use one of the normal Ethernet interfaces to run the PPPoE tunnel over.
Each PPPoE Tunnel is interpreted as a logical interface by the firewall,
with the same filtering, traffic shaping and configuration capabilities as
regular interfaces.
The network traffic coming from the PPPoE tunnel will be transferred to
the firewall ruleset for evaluation. The source interface of the network
traffic is referred to the name of the associated PPPoE Tunnel in the
firewall. The same is true for traffic coming from the opposite direction,
that is, going into a PPPoE tunnel. Furthermore a Route has to be defined,
so the firewall knows what IP addresses should be accepted and sent
through the PPPoE tunnel. PPPoE can use a service name to distinguish
between different servers on the same Ethernet network.
IP address information
PPPoE uses automatic IP address allocation which is similar to DHCP.
When the firewall receives this IP address information from the ISP, it
needs to store it in a network object with symbolic host/network names, in
order to establish the PPP connection.
User authentication
If user authentication is required by the ISP, we can set in the firewall the
user name and password for logging on to the PPPoE server.
Dial on demand
If dial-on-demand is enabled, the PPPoE connection will only be up when
there is traffic on the PPPoE interface. It is possible to configure how the
firewall should sense activity on the interface, either on outgoing traffic,
incoming traffic or both. Also configurable is the time to wait with no
activity before the tunnel is disconnected.
D-Link Firewalls User's Guide