mikewebb70 · July 21, 2023 14:59
diff --git a/SRX iiNET b/SRX iiNET


 I have just check some of the ones we have configure and that are working in the field. I have attached IPOE and PPPOE configurations. I hope this helps. If you need any help with debugging please let me know.

 //NBN IPOE Config

 set interfaces pt-2/0/0 mtu 1452
 set interfaces pt-2/0/0 vdsl-options vdsl-profile 17a
 set interfaces pt-2/0/0 unit 0 family inet dhcp

 set security zones security-zone untrust interfaces pt-1/0/0.0 host-inbound-traffic system-services dhcp

 // NBN PPPOE

 set interfaces pt-1/0/0 vdsl-options vdsl-profile 17a
 set interfaces pt-1/0/0 vlan-tagging
 set interfaces pt-1/0/0 unit 0 encapsulation ppp-over-ether
 set interfaces pt-1/0/0 unit 0 vlan-id 2

 set interfaces pp0 unit 0 ppp-options pap local-name ---myusername---
 set interfaces pp0 unit 0 ppp-options pap local-password ---mypassword----
 set interfaces pp0 unit 0 ppp-options pap passive
 set interfaces pp0 unit 0 pppoe-options underlying-interface pt-1/0/0.0
 set interfaces pp0 unit 0 pppoe-options idle-timeout 0
 set interfaces pp0 unit 0 pppoe-options auto-reconnect 10
 set interfaces pp0 unit 0 pppoe-options client
 set interfaces pp0 unit 0 family inet mtu 1492
 set interfaces pp0 unit 0 family inet negotiate-address

 set security zones security-zone untrust interfaces pp0.0

 set routing-options static route 0.0.0.0/0 next-hop pp0.0
 set routing-options static route 0.0.0.0/0 metric 100

 \\Outbound NAT

 set security nat source rule-set trust-to-untrust from zone trust
 set security nat source rule-set trust-to-untrust to zone untrust
 set security nat source rule-set trust-to-untrust rule source-nat-rule match source-address 0.0.0.0/0
 set security nat source rule-set trust-to-untrust rule source-nat-rule match destination-address 0.0.0.0/0
 set security nat source rule-set trust-to-untrust rule source-nat-rule then source-nat interface
 \\ Interface needs to be in a zone that allows dhcp etc in.
 set security zones security-zone untrust interfaces pt-2/0/0.0 host-inbound-traffic system-services dhcp
 set security zones security-zone untrust interfaces pt-2/0/0.0 host-inbound-traffic system-services bootp


 \\ you need to have the interface in a zone that allows dhcp and tftp in

 ge-0/0/3 {
 description iinetnbn;
 unit 0 {
 family inet {
 dhcp;
 }
 }
 }

 security-zone internet {
 screen untrust-screen;
 interfaces {
 ge-0/0/3.0 {
 host-inbound-traffic {
 system-services {
 dhcp;
 tftp;
 }
 }
 }


	I have just check some of the ones we have configure and that are working in the field. I have attached IPOE and PPPOE configurations. I hope this helps. If you need any help with debugging please let me know.

	//NBN IPOE Config

	set interfaces pt-2/0/0 mtu 1452
	set interfaces pt-2/0/0 vdsl-options vdsl-profile 17a
	set interfaces pt-2/0/0 unit 0 family inet dhcp

	set security zones security-zone untrust interfaces pt-1/0/0.0 host-inbound-traffic system-services dhcp

	// NBN PPPOE

	set interfaces pt-1/0/0 vdsl-options vdsl-profile 17a
	set interfaces pt-1/0/0 vlan-tagging
	set interfaces pt-1/0/0 unit 0 encapsulation ppp-over-ether
	set interfaces pt-1/0/0 unit 0 vlan-id 2

	set interfaces pp0 unit 0 ppp-options pap local-name ---myusername---
	set interfaces pp0 unit 0 ppp-options pap local-password ---mypassword----
	set interfaces pp0 unit 0 ppp-options pap passive
	set interfaces pp0 unit 0 pppoe-options underlying-interface pt-1/0/0.0
	set interfaces pp0 unit 0 pppoe-options idle-timeout 0
	set interfaces pp0 unit 0 pppoe-options auto-reconnect 10
	set interfaces pp0 unit 0 pppoe-options client
	set interfaces pp0 unit 0 family inet mtu 1492
	set interfaces pp0 unit 0 family inet negotiate-address

	set security zones security-zone untrust interfaces pp0.0

	set routing-options static route 0.0.0.0/0 next-hop pp0.0
	set routing-options static route 0.0.0.0/0 metric 100

	\\Outbound NAT

	set security nat source rule-set trust-to-untrust from zone trust
	set security nat source rule-set trust-to-untrust to zone untrust
	set security nat source rule-set trust-to-untrust rule source-nat-rule match source-address 0.0.0.0/0
	set security nat source rule-set trust-to-untrust rule source-nat-rule match destination-address 0.0.0.0/0
	set security nat source rule-set trust-to-untrust rule source-nat-rule then source-nat interface
	\\ Interface needs to be in a zone that allows dhcp etc in.
	set security zones security-zone untrust interfaces pt-2/0/0.0 host-inbound-traffic system-services dhcp
	set security zones security-zone untrust interfaces pt-2/0/0.0 host-inbound-traffic system-services bootp


	\\ you need to have the interface in a zone that allows dhcp and tftp in

	ge-0/0/3 {
	description iinetnbn;
	unit 0 {
	family inet {
	dhcp;
	}
	}
	}

	security-zone internet {
	screen untrust-screen;
	interfaces {
	ge-0/0/3.0 {
	host-inbound-traffic {
	system-services {
	dhcp;
	tftp;
	}
	}
	}