Skip to content

Instantly share code, notes, and snippets.

@mikewebb70
Last active Sep 22, 2020
Embed
What would you like to do?
I have just check some of the ones we have configure and that are working in the field. I have attached IPOE and PPPOE configurations. I hope this helps. If you need any help with debugging please let me know.
//NBN IPOE Config
set interfaces pt-2/0/0 mtu 1452
set interfaces pt-2/0/0 vdsl-options vdsl-profile 17a
set interfaces pt-2/0/0 unit 0 family inet dhcp
set security zones security-zone untrust interfaces pt-1/0/0.0 host-inbound-traffic system-services dhcp
// NBN PPPOE
set interfaces pt-1/0/0 vdsl-options vdsl-profile 17a
set interfaces pt-1/0/0 vlan-tagging
set interfaces pt-1/0/0 unit 0 encapsulation ppp-over-ether
set interfaces pt-1/0/0 unit 0 vlan-id 2
set interfaces pp0 unit 0 pppoe-options pap local-name ---myusername---
set interfaces pp0 unit 0 pppoe-options pap local-password ---mypassword----
set interfaces pp0 unit 0 pppoe-options pap passive
set interfaces pp0 unit 0 pppoe-options underlying-interface pt-1/0/0.0
set interfaces pp0 unit 0 pppoe-options idle-timeout 0
set interfaces pp0 unit 0 pppoe-options auto-reconnect 10
set interfaces pp0 unit 0 pppoe-options client
set interfaces pp0 unit 0 family inet mtu 1492
set interfaces pp0 unit 0 family inet negotiate-address
set security zones security-zone untrust interfaces pp0.0
set routing-options static route 0.0.0.0/0 next-hop pp0.0
set routing-options static route 0.0.0.0/0 metric 100
\\Outbound NAT
set security nat source rule-set trust-to-untrust from zone trust
set security nat source rule-set trust-to-untrust to zone untrust
set security nat source rule-set trust-to-untrust rule source-nat-rule match source-address 0.0.0.0/0
set security nat source rule-set trust-to-untrust rule source-nat-rule match destination-address 0.0.0.0/0
set security nat source rule-set trust-to-untrust rule source-nat-rule then source-nat interface
\\ Interface needs to be in a zone that allows dhcp etc in.
set security zones security-zone untrust interfaces pt-2/0/0.0 host-inbound-traffic system-services dhcp
set security zones security-zone untrust interfaces pt-2/0/0.0 host-inbound-traffic system-services bootp
\\ you need to have the interface in a zone that allows dhcp and tftp in
ge-0/0/3 {
description iinetnbn;
unit 0 {
family inet {
dhcp;
}
}
}
security-zone internet {
screen untrust-screen;
interfaces {
ge-0/0/3.0 {
host-inbound-traffic {
system-services {
dhcp;
tftp;
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment