06-07-2012 12:05 AM
I have an SSG20 with interfaces ethernet0/0 and ethernet0/1 belonging to the Untrust zone. Ethernet0/0 is connected to my first ISP supplying an ADSL connection that is configured and working properly. I have a direct Ethernet cable coming from my second ISP which I attached to the ethernet0/1 interface. I setup a new PPPoE profile with the correct username and password (double checked). I used to have the PPPoE connection linked to a TP-Link WR741ND Wireless Router which worked properly. I had the ISP reset the MAC address to match the SSG20 ethernet0/1 interface and confirmed it matches.
Interface ethernet0/1 is configured as follows:
set interface "ethernet0/1" zone "Untrust"
set pppoe name "untrust"
set pppoe name "untrust" username "username" password "password"
set pppoe name "untrust" interface ethernet0/1
I get the following messages in the SSG20 event log:
1- PPPoE session started negotiations.
2- Point-to-Point Protocol over Ethernet (PPPoE) connection failed to establish a session. Timeout PADI
I changed the MAC on the TP-Link router to match the MAC of SSG20's ethernet0/1 interface and connected it to verify the connection is still working as expected which it is.
I have attached the debug session for the SSG20 using "debug pppoe basic". I have also attached the system log and WAN settings of the TP-Link router (to show successful connection).
Any help would be appreciated. Thanks in advance.
06-09-2012 10:47 PM
PADI timeout indicates config mismatch.
Please refer the following KB article: http://kb.juniper.net/KB14951
In the debug, I see the following:
There is a mention of dst-mac not belonging to ethernet0/1.
## 2012-06-05 09:45:41 : pppoe_decap_handler: rcv a pppoe pak 0x3c892e0 (60 bytes) from interface ethernet0/1:
## 2012-06-05 09:45:41 : g_i_b_pppoe: LOOK for TRUE CTX for incoming ifp ethernet0/1
## 2012-06-05 09:45:41 : g_i_b_pppoe: FOUND FIRST CTX untrust for incoming ifp ethernet0/1
## 2012-06-05 09:45:41 : g_i_b_pppoeNLY context, RETURN ACTUAL ifp ethernet0/1 (ctx untrust) for incoming ifp ethernet0/1
## 2012-06-05 09:45:41 : pppoe_decap_handler: pak drop: dst MAC is not ethernet0/1 interface's
## 2012-06-05 09:45:41 : pppoe_fsm_reset dns_handle = 0
## 2012-06-05 09:45:41 : send_padi: about to send PADI to i/f ethernet0/1, num_attemps 0
May the mapping for MAC address is not complete yet. Please check this with your ISP.
Another thing to try is to do a SNOOP detail on the firewall (interface ethernet0/1) and check the packets.