PPP-Passthrough
Expert Function
Swisscom recommends that this function only be configured by experienced IT specialists. Misconfigurations can lead to significant security risks, which can negatively affect both the customer installation and Swisscom's reputation.
Announcement
The use of PPP-Passthrough will be gradually discontinued over the next two to three years, as the PPPoE procedure is considered obsolete and is increasingly unsupported by modern network infrastructure.
Our Recommendation:
To replace the requirement in the medium term using the DMZ function or IP Passthrough.
Survey on PPP-Passthrough Phase-Out
In view of the foreseeable phase-out of this Centro Business function in combination with the commercial "Option Fixed IP Addresses" from Swisscom, we would like to invite current users of PPP-Passthrough to share their motives and use scenarios with us. The goal is to create optimal conditions for the future phase-out process and to consider the needs of our customers in the best possible way.
To the survey (German) https://forms.office.com/e/6RT64y1qDD
PPP-Passthrough is or was a function that allows PPPoE (Point-to-Point Protocol over Ethernet) connections to be passed through the Centro Business, without the router itself establishing the PPPoE connection. This means that a security gateway behind the Centro Business, such as a private router/gateway or a firewall, establishes the PPPoE connection directly.
Activate PPP-Passthrough on the Centro Business
In the router portal under the tab; Network ➜ Passthrough, switch on and save PPP-Passthrough.
Configure PPP-Passthrough on the Device
- Connect the external gateway/firewall to the Centro Business
- Configure the WAN Port on the external gateway/firewall as follows:
- Define WAN type as PPPoE
- Enter PPP-Username and PPP-Passwort
Prerequisites for PPP-Passthrough
- PPP-Passthrough is only available in combination with the Fixed IP option
- PPPoE login data required
Restrictions
- Internet Backup via USB Dongle or Toolkit does not work.
- Firewall on the Centro Business is ineffective.
- For BlueTV, radio and all apps such as Netflix, Youtube, etc. do not work.
- The function is not available with the BNS/EC-S contract.
FAQ - PPP-Passthrough
Why does Swisscom declare "PPP-Passthrough" as an expert function?
PPP-Passthrough is an expert function because it requires special technical knowledge and configurations that go beyond the basic settings. If downstream devices, such as a firewall, have not been configured 100% security-compliant, it can lead to attacks on the customer infrastructure.
TIP: We recommend ensuring the requirement with the DMZ function instead, so that failover works.
To which Ethernet port is Passthrough configured?
- On the Centro Business 2.0, PPP-Passthrough is always activated on LAN Port 1
- On the Centro Business 3.0, PPP-Passthrough is always activated on LAN Port 5
Where are the PPP login data located?
- In the Router Portal: The login data can be found on the Router Portal under "Internet".
- In the My Swisscom Business Portal: The login data is located under Router settings for the respective site.
- Enterprise Connect XS customers can find the data in the Enterprise Connect Dashboard under the site information.
What is the difference between PPP-Passthrough and a Bridge Mode?
- With PPP-Passthrough, all internet traffic is forwarded to a specific device in the network, which establishes the PPPoE connection (Point-to-Point Protocol over Ethernet). This device receives the public IP address of the router and can communicate directly with the internet. All Swisscom services such as Voip, BlueTV, etc., continue to run via the Centro Business.
- Bridge Mode: The gateway forwards the data traffic without performing routing functions, becoming a Layer 2 device. Bridge Mode is not available on the Centro Business.
What can the use of PPP-Passthrough cause?
- Important: Even if data traffic is routed through the Centro Business via PPP-Passthrough, these sessions generate entries in the Conntrack list.
- The customer network must be managed via the external firewall behind the Centro Business.
Which MTU size must be configured?
The Swisscom network and the Centro Business support Jumbo Frames up to 1508 bytes. This ensures that the payload (1500 bytes) and the PPP header (8 bytes) can be transmitted in a single packet. If the Security Gateway supports these Jumbo Frames, the MTU Size of the WAN Ethernet Interface must be set to 1508 bytes. This prevents packet fragmentation, which can lead to performance degradation.
Is something missing here? Provide feedback! pilot@swisscom.com Describe in which area what is expected or what could be improved.