Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

FAQ
It is currently Wed Jan 18, 2017 7:40 pm


Author Message
mandrei99
Post  Post subject: Juniper SRX PPPoE configuration for RCS RDS provider in Romania  |  Posted: Fri Jan 09, 2015 8:21 am

Joined: Tue Aug 04, 2009 9:16 am
Posts: 245

Offline
 

Juniper SRX PPPoE configuration for RCS RDS provider in Romania

Juniper SRX PPPoE configuration for RCS RDS provider in Romania

Romanian ISP RCS-RDS provides very good internet connection for residential users. This services runs over fiber to home in some cases.

A Huawei modem/router/media converter is provided and configured as layer 2 device. This means that it will simply act as an ethernet switch, allowing the device behind it to perform PPPoE with ISP PPPoE server.

Juniper SRX firewall can be configured as a PPPoE client given correct ppp as well ass pppoe options under the pp0 unit 0 logical interface.

Juniper SRX pppoe configuration
Code:
[edit]
user@srx# show interfaces fe-0/0/0 
unit 0 {
    encapsulation ppp-over-ether;
}
[edit]
user@srx# show interfaces pp0
unit 0 {
    ppp-options {
        pap {
            local-name BB23453453;
            local-password "$9$parolapppoerdsREehevM/9X7NbgoHqm3/C"; ## SECRET-DATA
            passive;
        }
    }
    pppoe-options {
        underlying-interface fe-0/0/0.0;
        idle-timeout 0;
        auto-reconnect 10;
        client;
    }
    family inet {
        mtu 1492;
        negotiate-address;
    }
}


The physical interface fe-0/0/0 (fast ethernet pic 0 port 0) that carries the ppp traffic has to be configured to "ppp-over-ether" encapsulation under unit 0.
Now that pppoe interface is configured, SRX needs a static route to point out towards it. Since it is a point-to-point interface, it can be used as a next-hop. Quote juniper.net:
Quote:
next-hop address—Reach the next-hop routing device by specifying an IP address, an interface name, or an ISO network entity title (NET).

IPv4 or IPv6 address of the next hop to the destination, specified as:

IPv4 or IPv6 address of the next hop
Interface name (for point-to-point interfaces only)
address or interface-name to specify an IP address of a multipoint interface or an interface name of a point-to-point interface.


Code:
[edit]
user@srx# show routing-options
static {
    route 0.0.0.0/0 next-hop pp0.0;
}

The final step to allow SRX to pass traffic through the pppoe interface is to assign the pp0.0 interface to a security zone, I use default terminology "untrust" and allow traffic from "trust" zone to "untrust".

Code:
[edit]
user@srx# show security zones security-zone untrust
host-inbound-traffic {
    system-services {
        ike;
        ssh;
    }
}
interfaces {
    pp0.0;
}

[edit]
user@srx# # show security policies from-zone trust to-zone untrust
policy trust-to-untrust {
    match {
        source-address any;
        destination-address any;
        application any;
    }
    then {
        permit;
    }
}





Top
Display posts from previous:  Sort by  
E-mail friendPrint view

Topics related to - "Juniper SRX PPPoE configuration for RCS RDS provider in Romania"
 Topics   Author   Replies   Views   Last post 
There are no new unread posts for this topic. Juniper SRX - How to collect RSI (Request Support Information) to provide it to Juniper TAC

mandrei99

0

9381

Fri Jul 12, 2013 9:46 am

mandrei99 View the latest post

There are no new unread posts for this topic. Juniper SRX: How to access/vty on the PFE from CLI

mandrei99

0

2279

Mon Jan 26, 2015 6:39 am

mandrei99 View the latest post

There are no new unread posts for this topic. Juniper SRX cluster - How the hostname is configured

mandrei99

0

2210

Sat Jan 31, 2015 7:04 pm

mandrei99 View the latest post

There are no new unread posts for this topic. Attachment(s) Squid http(s) transparent proxy with Juniper SRX | part 1

mandrei99

0

5780

Fri May 03, 2013 4:30 pm

mandrei99 View the latest post

There are no new unread posts for this topic. Squid http(s) transparent proxy with Juniper SRX | part 2

mandrei99

0

4364

Tue May 21, 2013 5:58 am

mandrei99 View the latest post

There are no new unread posts for this topic. Attachment(s) Squid http(s) transparent proxy with Juniper SRX | part 3

mandrei99

0

4010

Fri May 24, 2013 8:32 am

mandrei99 View the latest post

There are no new unread posts for this topic. Juniper - SRX: SNMP monitoring of interface input output bytes per second

mandrei99

0

5376

Wed Oct 16, 2013 9:45 am

mandrei99 View the latest post

There are no new unread posts for this topic. How to monitor CPU usage and flow sessions via SNMP - Juniper SRX Branch - 12.1X44

mandrei99

0

7355

Tue Jun 18, 2013 6:13 pm

mandrei99 View the latest post

There are no new unread posts for this topic. Juniper Firefly (vSRX) 12.1X47 chassis cluster under Vmware ESXi5.5

mandrei99

0

8582

Sun Feb 22, 2015 9:47 pm

mandrei99 View the latest post

There are no new unread posts for this topic. Attachment(s) Juniper SRX Branch - Blocking HTTPS websites using the AppFW (application-firewall) feature - Part 1

mandrei99

0

5270

Sat Jul 27, 2013 3:48 pm

mandrei99 View the latest post

 

Who is online
Users browsing this forum: No registered users and 0 guests
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum
Jump to:  
News News Site map Site map SitemapIndex SitemapIndex RSS Feed RSS Feed Channel list Channel list


Delete all board cookies | The team | All times are UTC - 5 hours [ DST ]



phpBB SEO