Hey there! Emmanuel Corels here from Emmanuel Corels Creatives, continuing our series of straightforward MikroTik how-tos. If you’re using an ISP that requires PPPoE (Point-to-Point Protocol over Ethernet) for internet, this guide is for you. Many broadband services—especially DSL or fiber providers—use PPPoE authentication. We’ll walk you through creating a PPPoE client interface and ensuring the rest of your LAN has internet access.
Understanding PPPoE
PPPoE is a method where your router “dials” into the ISP using a username and password. Instead of getting an IP from DHCP or static configuration, the MikroTik authenticates via PPPoE and obtains a dynamic or static IP once connected.
Typical Setup:
- Ether1 connected to the ISP modem or ONT (Optical Network Terminal).
- You create a PPPoE client on Ether1 with credentials given by your ISP.
- MikroTik obtains a public IP from the ISP, then you configure NAT and DHCP for your LAN.
Step 1: Physical Connection
- Plug your ISP cable or modem into ether1 on the MikroTik.
- If you have a DSL modem in “bridge mode,” the MikroTik will directly handle the PPPoE negotiation.
- If the modem is not bridged, you may need to change its mode to “bridge” or talk to your ISP about bridging vs. router mode.
(In some cases, the modem remains in router mode and you do double NAT, but typically bridging is preferred.)
Step 2: Create the PPPoE Client Interface
- WinBox → PPP (or in newer RouterOS versions, “PPP” might be under “Interfaces” → “PPP”).
- Go to the Interfaces tab. Click the “+” and select PPPoE Client.
- Name:
pppoe-out1(common default). - Interface:
ether1(where the ISP is connected). - User: The username provided by your ISP (e.g.,
myaccount@isp.com). - Password: Your ISP password.
- Check or uncheck Add Default Route depending on whether you want this to become your primary default route (usually yes).
- Click OK or Apply.
Step 3: Verify PPPoE Connection
After clicking OK, MikroTik attempts to dial the PPPoE server on ether1:
- Look at the Status in the PPP interface list or in Interfaces → PPP → pppoe-out1.
- If all’s well, you see “Connected” with an IP address.
- Check logs under Log (or run
/log printin the CLI) for any PPPoE-related messages like “authentication failed” if something’s off.
Step 4: Basic NAT and LAN Configuration
Assuming you either have the Default Configuration from MikroTik or a simple LAN already set up, you likely have:
- A LAN bridge or a set of interfaces with an IP (e.g.,
192.168.88.1/24). - A DHCP server handing out addresses to your LAN devices.
- A src-nat rule that masquerades traffic out to your WAN.
By default, the MikroTik might have a masquerade rule referencing ether1. But now your actual WAN interface is pppoe-out1, so update or add a new NAT rule:
- IP → Firewall → NAT
- If you see an existing srcnat rule for
out-interface=ether1, change it toout-interface=pppoe-out1. Or create a new rule:- Chain:
srcnat - Out. Interface:
pppoe-out1 - Action:
masquerade
- Chain:
- Comment: “NAT for PPPoE”.
Any device on LAN that has the router as gateway (192.168.88.1) now gets NAT’d out through the PPPoE interface, providing internet access.
Step 5: Testing Internet Access
- From a LAN device (PC, phone, etc.), open a browser to confirm you can reach external sites.
- If you’re having trouble, do ping tests:
- From the MikroTik:
or just/ping 8.8.8.8 routing-table=main/ping 8.8.8.8. If replies come back, the router is online. - From a LAN PC: If you can’t ping
8.8.8.8, check your gateway and DNS settings.
- From the MikroTik:
Step 6: Tweak or Add a Default Route (If Needed)
If you didn’t check “Add Default Route” earlier, you may need to manually add it:
/ip route add dst-address=0.0.0.0/0 gateway=pppoe-out1
Or in WinBox: IP → Routes → “+” → Dst. Address = 0.0.0.0/0, Gateway = pppoe-out1. This ensures all unspecified traffic heads out through the PPPoE link.
If you already have another default route from a previous WAN, you might set the PPPoE route to distance=1 or distance=2 for fallback or priority. Usually, PPPoE is distance=1 if it’s your main connection.
Step 7: Handling Service Disconnects or Idle Timeouts
Some ISPs disconnect PPPoE sessions after a certain time:
- Keepalive Timeout: In the PPPoE client settings, you can adjust how quickly MikroTik tries to reconnect. The default typically works fine.
- Dial on Demand: If you want the link only when needed, you could set this. But most users keep the link always on.
Common Issues and Fixes
- Authentication Fail: Double-check your username/password. Some ISPs require the full email format; others do not.
- Modem Not in Bridge Mode: If the ISP device is also doing NAT, you might get double NAT or can’t obtain a PPPoE session. Ensure the modem’s bridging is correct or talk to your ISP about bridging.
- No Traffic / NAT Issues: Make sure your NAT rule references
pppoe-out1if your older setup usedether1for out-interface. - IP Conflict: Some DSL devices default to 192.168.1.1 even in partial bridging. If you see weird routes or you can only ping the modem, re-check your bridging and set the PPPoE client interface properly.
Optional: Netwatch for PPPoE Monitoring
If you want to get email or log notifications when the PPPoE link drops, you can use Tools → Netwatch to ping a stable IP (like 8.8.8.8). If it fails, run a script that logs or emails you. Check our Email Alerts guide for details on that.
Wrapping Up
That’s the gist of setting up a PPPoE client on MikroTik. Once you’re connected and NAT is configured, your LAN devices should have internet without extra fuss. PPPoE might look daunting at first, but it’s really just about:
- Creating the PPPoE client interface.
- Authenticating with your ISP.
- Masquerading your LAN traffic out that interface.
If you run into snags, re-check your modem’s bridge mode, your PPPoE credentials, and your NAT rules. Pretty soon, you’ll be zipping along the internet via PPPoE with no trouble at all.
Guided by simplicity,
Emmanuel Corels – Admin, Emmanuel Corels Creatives
