Juniper SRX防火墙的PPPoE拔号配置

SRX防火墙的PPPoE拔号配置

Juniper SRX防火墙支持PPPoE拔号，这样防火墙能够连接ADSL链路，提供给内网用户访问网络的需求。

配置拓扑如下所述：Ge-0/0/4 via PPPoE to obtian IP address

Juniper SRX240防火墙

在Juniper SRX防火墙上面设置ADSL PPPoE拔号，可以在WEB界面或者命令行下面查看PPPoE拔号接口pp0，在命令行下面的查看命令如下所示：juniper@HaoPeng# run show interfaces terse | match pp

Interface Admin Link Proto Local Remote pp0 up up

在WEB界面下，也能够看到PPPoE的拔号接口pp0

配置步聚如下所示：

第一步：选择接口ge-0/0/4作为PPPoE拔号接口的物理接口，将接口封装成PPPoE To configure PPPoE encapsulation on an Ethernet interface: juniper@HaoPeng# set interfaces ge-0/0/4 unit 0 encapsulation ppp-over-ether 第二步：配置PPPoE接口PP0.0的参数To create a PPPoE interface and configure PPPoE options:

user@host# set interfaces pp0 unit 0 pppoe-options underlying-interface ge-0/0/4.0 auto-reconnect 100 idle-timeout 100 client

第三步：配置PPPoE接口的MTU值To configure the maximum transmission unit (MTU) of the IPv4 family:

user@host# set interfaces pp0 unit 0 family inet mtu 1492

第四步：配置PPPoE接口的地址为negotiate-address To configure the PPPoE interface address:

user@host# set interfaces pp0 unit 0 family inet negotiate-address

第五步：配置PPPoE接口的PAP认证

set int pp0 unit 0 ppp-options pap default password 88888878 local-name szdigicn1@163.gd local-password 88888878 passive

注意：default password和local password都必须设置成ADSL拔号时所用的密码，local name必须是ADSL拔号时所用的用户名。

第六步：配置静态路由指向PPOE接口PP0.0

set routing-options static route 0.0.0.0/0 next-hop pp0.0

PPPoE拔号配置输出汇总如下所示：

验证PPPoE是否已经拔通，已经获得IP地址

root# run show interfaces terse | match pp

pp0 up up

pp0.0 up up

inet 219.134.120.126 --> 219.134.120.1

验证PPPoE常见命令如下所示：

show interfaces pp0

show pppoe interfaces

show pppoe version

show pppoe statistics

clear pppoe sessions

clear pppoe sta