One of the common feature requests that we get from WISPs already familiar with our Canopy line is the ability to Disable the Ethernet Port of the SM in situations where a customer has not paid their bill.
While this feature has not (yet) been added to the ePMP line. You can still accomplish the same goal using the built-in firewall in ePMP.
Specifically, adding the following rule under the Layer 2 Firewall will cause all ethernet traffic entering the SM to be dropped.
Additionally if you have no other Firewall Rules defined, by preloading this rule you can Enable/Disable the Ethernet port by Enabling/Disabling the Layer2 Firewall.
The robustness and flexibility of the L2/L3 Firewall in ePMP is one of its greatest strengths when handling traffic.
EDIT: For clarification, Disabling the Ethernet Port in Canopy is the ability to shut down the Ethernet Port altogether. (No traffic is passed.) Additionally there is a setting in Canopy that allows all Management Traffic to be dropped at the SM so that it is not sent down the Ethernet Interface. (User data is still passed.) Although something like this second feature could be accomplished with the L2 Firewall in ePMP, the configuration above accounts for blocking ALL traffic.