As it is what is known as a "Layer 2" technology, PPPoE can only be used within a network segment, i.e. it cannot be used across IP subnets. The PPPoE connection cannot be established across network segment limits, such as via a router.
After a user logs on to the LAN (e.g. username: 'Purchasing', password: 'secret') using a specified PPPoE logon, further rights can be regulated via the firewall. This enters the PPPoE user name as a 'remote station' in the firewall. With a deny all rule, and a PPPoE rule in the following format, user Anyone can be permitted to use the Internet with Web and FTP:
- Source: Anyone
- Target: All stations
Services: WWW, FTP