Hi,
I am really struggling to configure the SRX110 for our ADSL BT Business Broadband (This uses PPPoA).
I have followed the guides in the KB article http://kb.juniper.net/InfoCenter/index?page=content&id=KB25400
However although the ADSL Sync light goes a steady green, it never appears to authenticate.
I have notice that when putting the password in, the SRX obfuscates or hashes the password.
When I look at the config now, there are 3 different hashed calues where the passwords would be, I was expecting to just see the same hashed value 3 times..
Has anyone any experience of setting these up in the UK on a BT ADSL line?
This is my current config (Passwords removed)
## Last changed: 2015-04-09 20:11:18 GMT
version 12.1X44-D35.5;
system {
host-name SRX110;
time-zone GMT;
root-authentication {
encrypted-password "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; ## SECRET-DATA
}
name-server {
208.67.222.222;
208.67.220.220;
}
name-resolution {
no-resolve-on-input;
}
login {
user user1 {
uid 2001;
class super-user;
authentication {
encrypted-password "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; ##
SECRET-DATA
}
}
}
services {
ssh;
telnet;
web-management {
http {
interface vlan.1;
}
https {
system-generated-certificate;
interface vlan.1;
}
session {
idle-timeout 60;
}
}
dhcp {
pool 192.168.1.0/24 {
address-range low 192.168.1.2 high 192.168.1.254;
router {
192.168.1.1;
}
}
propagate-settings pt-1/0/0;
}
}
syslog {
archive size 100k files 3;
user * {
any emergency;
}
file messages {
any critical;
authorization info;
}
file interactive-commands {
interactive-commands error;
}
}
max-configurations-on-flash 5;
max-configuration-rollbacks 5;
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
ntp {
server us.ntp.pool.org;
}
}
interfaces {
fe-0/0/1 {
unit 0 {
family ethernet-switching {
vlan {
members vlan1;
}
}
}
}
fe-0/0/2 {
unit 0 {
family ethernet-switching {
vlan {
members vlan1;
}
}
}
}
fe-0/0/3 {
unit 0 {
family ethernet-switching {
vlan {
members vlan1;
}
}
}
}
fe-0/0/4 {
unit 0 {
family ethernet-switching {
vlan {
members vlan1;
}
}
}
}
fe-0/0/5 {
unit 0 {
family ethernet-switching {
vlan {
members vlan1;
}
}
}
}
fe-0/0/6 {
unit 0 {
family ethernet-switching {
vlan {
members vlan1;
}
}
}
}
fe-0/0/7 {
unit 0 {
family ethernet-switching {
vlan {
members vlan1;
}
}
}
}
at-1/0/0 {
description ADSL;
encapsulation atm-pvc;
atm-options {
vpi 0;
}
dsl-options {
operating-mode auto;
}
unit 0 {
description PPPoA;
encapsulation atm-ppp-vc-mux;
vci 0.38;
ppp-options {
chap {
access-profile BT;
passive;
}
pap {
default-password "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; ## SE
CRET-DATA
local-name "xxxxxx8@hg7.btclick.com";
local-password "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; ## SECR
ET-DATA
passive;
}
}
family inet {
dhcp;
}
}
}
vlan {
unit 1 {
family inet {
address 192.168.1.1/24;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop at-1/0/0.0;
}
}
protocols {
stp;
}
security {
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
nat {
source {
rule-set nsw_srcnat {
from zone Internal;
to zone Internet;
rule nsw-src-interface {
match {
source-address 0.0.0.0/0;
destination-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
}
policies {
from-zone Internal to-zone Internet {
policy All_Internal_Internet {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone Internal {
interfaces {
vlan.1 {
host-inbound-traffic {
system-services {
all;
http;
https;
ssh;
telnet;
}
protocols {
all;
}
}
}
}
}
security-zone Internet {
screen untrust-screen;
}
security-zone untrust {
interfaces {
at-1/0/0.0 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
}
}
}
}
access {
profile BT {
client "B317928@hg7.btclick.com" chap-secret "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; ## SECRET-DATA
}
}
vlans {
vlan1 {
vlan-id 3;
l3-interface vlan.1;
}
}