Juniper SRX – Configuring PPPoE

Within this article the necessary steps required to configure PPPoE on the SRX platform are described.

Note : This configuration is based upon a) the chap authentication method b) the outside/untrust interface being fe-0/0/7.0.

Configuration

Below shows the required configuration for PPPoE.

set interfaces fe-0/0/7 unit 0 encapsulation ppp-over-ether

set interfaces pp0 unit 0 ppp-options chap default-chap-secret <PASSWORD>
set interfaces pp0 unit 0 ppp-options chap local-name <USERNAME>
set interfaces pp0 unit 0 ppp-options chap passive

set interfaces pp0 unit 0 pppoe-options underlying-interface fe-0/0/7.0
set interfaces pp0 unit 0 pppoe-options idle-timeout 0
set interfaces pp0 unit 0 pppoe-options auto-reconnect 3
set interfaces pp0 unit 0 pppoe-options client

set interfaces pp0 unit 0 family inet mtu 1492
set interfaces pp0 unit 0 family inet negotiate-address

set routing-options static route 0.0.0.0/0 next-hop pp0.0
set security zones security-zone untrust interfaces pp0.0

Troubleshooting

Statistics

The following commands are used to display ppp and pppoe statistics.

root@srx100> show ppp statistics
Session statistics from PPP process
  Total sessions: 1
    Sessions in disabled phase    : 0
    Sessions in establish phase   : 0
    Sessions in authenticate phase: 0
    Sessions in network phase     : 1
    Bundles in pending phase      : 0

root@srx100> show pppoe statistics
Active PPPoE sessions: 1
  PacketType                       Sent         Received
    PADI                              2                0
    PADO                              0                2
    PADR                              2                0
    PADS                              0                2
    PADT                              0                0
    Service name error                0                0
    AC system error                   0                0
    Generic error                     0                0
    Malformed packets                 0                0
    Unknown packets                   0                0
  Timeout
    PADI                              0
    PADO                              0
    PADR                              0

Interface Information

The following command is used to display use information for the pp0 interface.

root@srx100# run show interfaces pp0
Physical interface: pp0, Enabled, Physical link is Up
  Interface index: 128, SNMP ifIndex: 502
  Type: PPPoE, Link-level type: PPPoE, MTU: 1532
  Device flags   : Present Running
  Interface flags: Point-To-Point SNMP-Traps
  Link type      : Full-Duplex
  Link flags     : None
    Input packets : 0
    Output packets: 0

  Logical interface pp0.0 (Index 78) (SNMP ifIndex 532)
    Flags: Point-To-Point SNMP-Traps 0x0 Encapsulation: PPPoE
    PPPoE:
      State: SessionUp, Session ID: 6,
      Session AC name: Vigor2000 PPPoE, Remote MAC address: xx:xx:xx:xx:xx:xx,
      Configured AC name: None, Service name: None,
      Auto-reconnect timeout: 30 seconds, Idle timeout: Never,
      Underlying interface: fe-0/0/7.0 (Index 77)
    Input packets : 1341
    Output packets: 1153
  Keepalive settings: Interval 10 seconds, Up-count 1, Down-count 3
  Keepalive: Input: 5 (00:00:19 ago), Output: 26 (00:00:06 ago)
  LCP state: Opened
  NCP state: inet: Opened, inet6: Not-configured, iso: Not-configured, mpls: Not-configured
  CHAP state: Success
  PAP state: Closed
    Security: Zone: untrust
    Allowed host-inbound traffic : dns https ike ping ssh traceroute
    Protocol inet, MTU: 1492
      Flags: Sendbcast-pkt-to-re, User-MTU, Negotiate-Address
      Addresses, Flags: Kernel Is-Preferred Is-Primary
        Destination: x.x.x.x, Local: x.x.x.x

 

Rick Donato

Want to become an IT Security expert?

Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial