mikewebb70/SRX iiNET

## SRX iiNET


I have just check some of the ones we have configure and that are working in the field. I have attached IPOE and PPPOE configurations. I hope this helps. If you need any help with debugging please let me know.

//NBN IPOE Config

set interfaces pt-2/0/0 mtu 1452
set interfaces pt-2/0/0 vdsl-options vdsl-profile 17a
set interfaces pt-2/0/0 unit 0 family inet dhcp

set security zones security-zone untrust interfaces pt-1/0/0.0 host-inbound-traffic system-services dhcp

// NBN PPPOE

set interfaces pt-1/0/0 vdsl-options vdsl-profile 17a
set interfaces pt-1/0/0 vlan-tagging
set interfaces pt-1/0/0 unit 0 encapsulation ppp-over-ether
set interfaces pt-1/0/0 unit 0 vlan-id 2

set interfaces pp0 unit 0 ppp-options pap local-name ---myusername---
set interfaces pp0 unit 0 ppp-options pap local-password ---mypassword----
set interfaces pp0 unit 0 ppp-options pap passive
set interfaces pp0 unit 0 pppoe-options underlying-interface pt-1/0/0.0
set interfaces pp0 unit 0 pppoe-options idle-timeout 0
set interfaces pp0 unit 0 pppoe-options auto-reconnect 10
set interfaces pp0 unit 0 pppoe-options client
set interfaces pp0 unit 0 family inet mtu 1492
set interfaces pp0 unit 0 family inet negotiate-address

set security zones security-zone untrust interfaces pp0.0

set routing-options static route 0.0.0.0/0 next-hop pp0.0
set routing-options static route 0.0.0.0/0 metric 100

\\Outbound NAT

set security nat source rule-set trust-to-untrust from zone trust
set security nat source rule-set trust-to-untrust to zone untrust
set security nat source rule-set trust-to-untrust rule source-nat-rule match source-address 0.0.0.0/0
set security nat source rule-set trust-to-untrust rule source-nat-rule match destination-address 0.0.0.0/0
set security nat source rule-set trust-to-untrust rule source-nat-rule then source-nat interface
\\ Interface needs to be in a zone that allows dhcp etc in.
set security zones security-zone untrust interfaces pt-2/0/0.0 host-inbound-traffic system-services dhcp
set security zones security-zone untrust interfaces pt-2/0/0.0 host-inbound-traffic system-services bootp


\\ you need to have the interface in a zone that allows dhcp and tftp in

ge-0/0/3 {
description iinetnbn;
unit 0 {
family inet {
dhcp;
}
}
}

security-zone internet {
screen untrust-screen;
interfaces {
ge-0/0/3.0 {
host-inbound-traffic {
system-services {
dhcp;
tftp;
}
}
}


	I have just check some of the ones we have configure and that are working in the field. I have attached IPOE and PPPOE configurations. I hope this helps. If you need any help with debugging please let me know.

	//NBN IPOE Config

	set interfaces pt-2/0/0 mtu 1452
	set interfaces pt-2/0/0 vdsl-options vdsl-profile 17a
	set interfaces pt-2/0/0 unit 0 family inet dhcp

	set security zones security-zone untrust interfaces pt-1/0/0.0 host-inbound-traffic system-services dhcp

	// NBN PPPOE

	set interfaces pt-1/0/0 vdsl-options vdsl-profile 17a
	set interfaces pt-1/0/0 vlan-tagging
	set interfaces pt-1/0/0 unit 0 encapsulation ppp-over-ether
	set interfaces pt-1/0/0 unit 0 vlan-id 2

	set interfaces pp0 unit 0 ppp-options pap local-name ---myusername---
	set interfaces pp0 unit 0 ppp-options pap local-password ---mypassword----
	set interfaces pp0 unit 0 ppp-options pap passive
	set interfaces pp0 unit 0 pppoe-options underlying-interface pt-1/0/0.0
	set interfaces pp0 unit 0 pppoe-options idle-timeout 0
	set interfaces pp0 unit 0 pppoe-options auto-reconnect 10
	set interfaces pp0 unit 0 pppoe-options client
	set interfaces pp0 unit 0 family inet mtu 1492
	set interfaces pp0 unit 0 family inet negotiate-address

	set security zones security-zone untrust interfaces pp0.0

	set routing-options static route 0.0.0.0/0 next-hop pp0.0
	set routing-options static route 0.0.0.0/0 metric 100

	\\Outbound NAT

	set security nat source rule-set trust-to-untrust from zone trust
	set security nat source rule-set trust-to-untrust to zone untrust
	set security nat source rule-set trust-to-untrust rule source-nat-rule match source-address 0.0.0.0/0
	set security nat source rule-set trust-to-untrust rule source-nat-rule match destination-address 0.0.0.0/0
	set security nat source rule-set trust-to-untrust rule source-nat-rule then source-nat interface
	\\ Interface needs to be in a zone that allows dhcp etc in.
	set security zones security-zone untrust interfaces pt-2/0/0.0 host-inbound-traffic system-services dhcp
	set security zones security-zone untrust interfaces pt-2/0/0.0 host-inbound-traffic system-services bootp


	\\ you need to have the interface in a zone that allows dhcp and tftp in

	ge-0/0/3 {
	description iinetnbn;
	unit 0 {
	family inet {
	dhcp;
	}
	}
	}

	security-zone internet {
	screen untrust-screen;
	interfaces {
	ge-0/0/3.0 {
	host-inbound-traffic {
	system-services {
	dhcp;
	tftp;
	}
	}
	}