Hi,
I'm trying to setup a SRX 110 for a PPPOA ADSL connection. What's confusing is that PAP does correctly autenticate, but within seconds the PPP LCP state closes:
Start of PPP session:
root> show ppp interface at-1/0/0.0 extensive
Session at-1/0/0.0, Type: PPP, Phase: Establish
LCP
State: Closed
Last started: 2013-07-29 17:49:16 UTC
Last completed: 2013-07-29 17:48:54 UTC
Negotiated options:
Magic number: 2750954172, Local MRU: 1512
Authentication: PAP
State: Closed
Last started: 2013-07-29 17:49:01 UTC
Last completed: 2013-07-29 17:48:23 UTC
IPCP
State: Closed
Last started: 2013-07-29 17:48:32 UTC
Negotiated options:
Primary DNS: 0.0.0.0, Secondary DNS: 0.0.0.0
Authentication is complete, IPCP configuration received:
root> show ppp interface at-1/0/0.0 extensive
Session at-1/0/0.0, Type: PPP, Phase: Network
LCP
State: Opened
Last started: 2013-07-29 17:49:22 UTC
Last completed: 2013-07-29 17:49:22 UTC
Negotiated options:
Authentication protocol: PAP, Magic number: 2752152801, Local MRU: 1512
Authentication: PAP
State: Success
Last started: 2013-07-29 17:49:22 UTC
Last completed: 2013-07-29 17:49:22 UTC
IPCP
State: Ack-rcvd
Last started: 2013-07-29 17:49:31 UTC
Negotiated options:
Local address: 122.148.XXX.XXX, Primary DNS: 202.136.42.222, Secondary DNS: 202.136.43.205
After 5-10 seconds the session is closed:
root> show ppp interface at-1/0/0.0 extensive
Session at-1/0/0.0, Type: PPP, Phase: Establish
LCP
State: Closed
Last started: 2013-07-29 17:49:22 UTC
Last completed: 2013-07-29 17:49:22 UTC
Negotiated options:
Magic number: 2750527610, Local MRU: 1512
Authentication: PAP
State: Closed
Last started: 2013-07-29 17:49:22 UTC
Last completed: 2013-07-29 17:49:22 UTC
IPCP
State: Closed
Last started: 2013-07-29 17:49:31 UTC
Negotiated options:
Primary DNS: 0.0.0.0, Secondary DNS: 0.0.0.0
Steps I've taken during troubleshooting;
- Changed the MTU on the at-1/0/0 interface to 1492
- Reconfigured the SRX to use PPPoE to establish a connection (PPPoE does work on another ADSL modem)
- Configured CHAP under ppp-options (PPP does authenticate, but it immediately closes)
- Ran config under JUNOS versions 11.4R1.6, 11.4R7.5, 11.4R8.4
Can anyone shed any light on how I can troubleshoot this?
Config:
root> show configuration
## Last commit: 2013-07-29 17:50:19 UTC by root
version 11.4R8.4;
system {
root-authentication {
encrypted-password "$1$BAH3Tdbk$x/CzGs2jleM4gb1ZdfRtC1"; ## SECRET-DATA
}
name-server {
208.67.222.222;
208.67.220.220;
}
services {
ssh;
telnet;
xnm-clear-text;
web-management {
http {
interface vlan.0;
}
https {
system-generated-certificate;
interface vlan.0;
}
}
dhcp {
pool 192.168.1.0/24 {
address-range low 192.168.1.2 high 192.168.1.254;
router {
192.168.1.1;
}
}
propagate-settings fe-0/0/0.0;
}
}
syslog {
archive size 100k files 3;
user * {
any emergency;
}
file messages {
any critical;
authorization info;
}
file interactive-commands {
interactive-commands error;
}
}
max-configurations-on-flash 5;
max-configuration-rollbacks 5;
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
}
interfaces {
fe-0/0/0 {
unit 0;
}
fe-0/0/1 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
fe-0/0/2 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
fe-0/0/3 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
fe-0/0/4 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
fe-0/0/5 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
fe-0/0/6 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
fe-0/0/7 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
at-1/0/0 {
encapsulation atm-pvc;
atm-options {
vpi 8;
}
dsl-options {
operating-mode auto;
}
unit 0 {
encapsulation atm-ppp-vc-mux;
vci 8.35;
ppp-options {
pap {
default-password "$9$k1dTzFcAtO36rvw8dVaZUjmT"; ## SECRET-DATA
local-name "xxx@dodo.com.au";
local-password "$9$06l4OdhSyKw87regJGU.mn/Ct1h"; ## SECRET-DATA
passive;
}
}
no-keepalives;
family inet {
negotiate-address;
}
}
}
vlan {
unit 0 {
family inet {
address 192.168.1.1/24;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop at-1/0/0.0;
}
}
protocols {
ppp {
monitor-session {
all;
}
}
stp;
}
security {
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
nat {
source {
rule-set trust-to-untrust {
from zone trust;
to zone untrust;
rule source-nat-rule {
match {
source-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
}
policies {
from-zone trust to-zone untrust {
policy trust-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone trust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
vlan.0;
}
}
security-zone untrust {
screen untrust-screen;
interfaces {
at-1/0/0.0;
}
}
}
}
vlans {
vlan-trust {
vlan-id 3;
l3-interface vlan.0;
}
}