PPP Passthrough
Expert function
Swisscom recommends that this function only be configured by experienced IT specialists. Misconfigurations can lead to significant security risks.
Announcement: Phase-Out
The use of PPP Passthrough is being phased out, as the PPPoE method is considered outdated and is increasingly no longer supported by modern network infrastructure.
Recommendation: Replace this with the DMZ function or IP Passthrough in the medium term.
PPP Passthrough allows a device behind the Centro Business to establish the PPPoE connection (Point-to-Point Protocol over Ethernet) itself. The device thereby receives the public IP address directly and communicates independently with the Internet. Swisscom services (VoIP, TV) continue to run via the Centro Business.
Typical use cases
- Own firewall should manage the PPPoE session and receive the public IP directly
- Full control over the WAN connection on the own security gateway
Configure PPP Passthrough
On the Centro Business
In the router portal under Network → Passthrough:
- Enable PPP Passthrough and save
On the external gateway/firewall
Connect the device to the dedicated LAN port and configure the WAN interface:
| Parameter | Value |
|---|---|
| WAN type | PPPoE |
| PPP username | From router portal or My Swisscom Business |
| PPP password | From router portal or My Swisscom Business |
| MTU (WAN Ethernet) | 1508 (if jumbo frames supported) |
| LAN port | CB 2.0: Port 1 / CB 3.0: Port 5 |
The Swisscom network supports jumbo frames up to 1508 bytes. This allows payload (1500 bytes) + PPP header (8 bytes) to be transmitted without fragmentation.
Prerequisites
- PPP Passthrough is only available in combination with the Fixed IP option
- PPPoE login credentials required (available in the router portal or My Swisscom Business portal)
Limitations
- Internet Backup (USB dongle or toolkit) does not work
- Centro Business firewall does not apply to passthrough traffic
- BlueTV: radio and apps (Netflix, YouTube etc.) do not work
- Not available with BNS/EC-S contract
- Swisscom recommends DMZ or IP Passthrough instead
Survey on PPP Passthrough Phase-Out
In view of the phase-out, we would like to invite PPP Passthrough users to share their motivations and usage scenarios with us.
FAQ - PPP Passthrough
On which Ethernet port is PPP Passthrough activated?
- Centro Business 2.0: LAN Port 1
- Centro Business 3.0: LAN Port 5
Where can I find the PPP login credentials?
- Router portal: Visible under "Internet"
- My Swisscom Business portal: Under router settings of the respective location
- Enterprise Connect XS: In the Enterprise Connect Dashboard under location details
What is the difference between PPP Passthrough and IP Passthrough?
- PPP Passthrough: The connected device establishes the PPPoE connection itself and receives the public IP directly.
- IP Passthrough: The Centro Business establishes the connection and forwards all traffic via NAT to the device.
What MTU size should be configured?
The Swisscom network supports jumbo frames up to 1508 bytes. If the security gateway supports this, set the MTU of the WAN Ethernet interface to 1508 bytes. This avoids fragmentation and performance losses.
What can PPP Passthrough cause in the network?
- Traffic via PPP Passthrough generates entries in the Centro Business conntrack list
- The customer network must be fully managed via the external firewall
- The device is directly exposed to the Internet — appropriate security measures are mandatory
Is something missing? Give us your feedback!
Help us improve the CB Guide. Let us know what content you are missing or what we can optimise.
Send feedback