SRX Services Gateway
SRX Services Gateway

Juniper SRX ADSL configuration for ISP's in the UK

‎10-30-2012 10:49 AM

Hello all,

 

I spent a fair amount of time getting the ADSL / VDSL interface on the SRX210 / SRX110 working for various ISP's in the UK, so I thought Id make a post about how I got it working.

 

There are 3 types of DSL I have used:

PPPOA - as far as I understand, most ADSL ISP's in the UK use this type.

PPPOE - I have configured ADSL for 2 different provides using this method.

BT Infinity  (VDSL) - BT's fibre to cabinet offering.

 

These setting will probably work for most of the world with the adjustment of the VPI/VCI settings.

 

 

PPPOA - There is no PP0 interface with this, the credentials for the ADSL account are specified in the at-1/0/0 interface:

 

    at-1/0/0 {
        encapsulation atm-pvc;
        atm-options {
            vpi 0;
        }
        dsl-options {
            operating-mode auto;
        }
        unit 0 {
            encapsulation atm-ppp-vc-mux;
            vci 0.38;
            ppp-options {
                chap {
                    default-chap-secret "adsl-password"; ## SECRET-DATA
                    local-name "user@isp.com";
                    passive;
                }
            }
            family inet {
                negotiate-address;
            }
        }
    }

 

 

 

 

PPPOE - with this, you have the AT-1/0/0 interface that simply does the modulation, and you have a PP0 interface that handles the internet session.

 

    at-1/0/0 {
        encapsulation ethernet-over-atm;
        atm-options {
            vpi 0;
        }
        dsl-options {
            operating-mode auto;
        }
        unit 0 {
            encapsulation ppp-over-ether-over-atm-llc;
            vci 0.38;
        }
    }
    pp0 {
        unit 0 {
            point-to-point;
            ppp-options {
                chap {
                    default-chap-secret "adsl-password"; ## SECRET-DATA
                    local-name "user@isp.com";
                }
            }
            pppoe-options {
                underlying-interface at-1/0/0.0;
                client;
            }
            family inet {
                negotiate-address;
            }
        }
    }


 

 

BT Infinity - This is very different i that it is VDSL rather than ADSL.

Again, this is PPPOE so you have a pp0 interface to handle the internet session

one of the most important things to know is that you must enable Vlan tagging on the pt-1/0/0 interface and tag all traffic with ID 101

 

From what I understand, Infinity 2 (up to 68 meg) uses VDSL-profile 17a whereas original infinity uses 8c.

But don't take my word for it, I am not 100% sure.

Anyway, on the SRX, you can just set it to 'auto' and it should pick it up automatically.

 

    pt-1/0/0 {

        vlan-tagging;

        vdsl-options {

            vdsl-profile auto;

        }

        unit 0 {

            encapsulation ppp-over-ether;

            vlan-id 101;

        }

    }

    pp0 {

        unit 0 {

            ppp-options {

                chap {

                    default-chap-secret "VDSL Password"; ## SECRET-DATA

                    local-name "VDSL Username";

                    passive;

                }                      

            }

            pppoe-options {

                underlying-interface pt-1/0/0.0;

                client;

            }

            family inet {

                negotiate-address;

            }

        }

    }

 

 

troubleshooting commands:

When the at  / pt interface shows as up, the modem has synced up with the DSLAM, so DSL is active on your line.

 

When the pp0 shows as up but the pp0.0 shows as down, it means its failing to create an internet session, verify VPI/VCI settings or try PPPOA method.

 

srx> show ppp statistics
Shows what stage the session is in

 

srx> show ppp interface pp0

shows what stage it managed to get to, I.E whether the LCP state is open.

 

srx> show pppoe interfaces
srx> show pppoe statistics

Will help determine if you are getting anything back from the DSLAM.

 

srx> monitor traffic interface pp0

srx> monitor traffic interface at-1/0/0

This is a packet capture, will help determine where its going wrong if yuo are getting anything back at all, auth failure etc.

 

 

Feel free to ask any questions, make any comments.

Cheers

 

 

 

13 REPLIES 13
SRX Services Gateway

Re: Juniper SRX ADSL configuration for ISP's in the UK

‎02-13-2013 06:33 AM

Very helpful. Thank you.

SRX Services Gateway

Re: Juniper SRX ADSL configuration for ISP's in the UK

‎04-08-2013 03:05 AM

Has anyone experience with SRX110 on ADSL using DHCP instead of PPP ?

 

I picked this config up from the documentation, but no success:

 

set interfaces at-1/0/0 atm-options vpi 2
set interfaces at-1/0/0 dsl-options operating-mode auto
set interfaces at-1/0/0 unit 0 encapsulation atm-snap
set interfaces at-1/0/0 unit 0 vci 2.32
set interfaces at-1/0/0 unit 0 family inet dhcp

I get link up on the ATM interface (“ADSL2plus showtime”), but I dont get an IP address...

I also tried

 

set interfaces at-1/0/0 unit 0 encapsulation ether-over-atm-llc

set interfaces at-1/0/0 unit 0 family inet dhcp update-server

 

not sure what the "update-server" does, but both don't work either.

 

Just for reference, this is a Cisco 800 router config that works nicely with DHCP-over-ADSL:

 

bridge irb
!
interface ATM0
  no ip address
  load-interval 30
  no atm ilmi-keepalive
  bridge-group 1
  pvc 2/32
  encapsulation aal5snap
!
interface BVI1
  ip address dhcp
  ip virtual-reassembly in
!
bridge 1 protocol ieee
bridge 1 route ip

 

SRX Services Gateway

Re: Juniper SRX ADSL configuration for ISP's in the UK

‎04-08-2013 04:36 AM

Hello,

Please check out this working SRX config for BE (which uses Ethernet-over-ATM encap)

 

http://beusergroup.co.uk/technotes/index.php?title=JUNOS_Config_for_BE 

 

I believe You need to replace fixed IP with "family inet dhcp" to get an IP address via DHCP.

Thanks

Alex

 

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
SRX Services Gateway

Re: Juniper SRX ADSL configuration for ISP's in the UK

‎04-08-2013 05:52 AM

Thanks Alex,

That took me one step closer -- I now see an DHCP lease:

jdgncnl@TWS-TWL-C00014> show system services dhcp client at-1/0/0.0

 Logical Interface name         at-1/0/0.0
        Hardware address        78:fe:3d:ce:ee:60
        Client status           bound
        Address obtained        89.106.162.214
        Update server           disabled
        Lease obtained at       2013-04-08 14:43:19 CEST
        Lease expires at        2013-04-08 14:48:19 CEST

DHCP options:
    Code: 1, Type: ip-address, Value: 255.255.255.255
    Name: server-identifier, Value: 89.106.162.162
    Name: router, Value: [ 89.106.162.162 ]
    Name: domain-name, Value: twsnetworks.com
    Name: name-server, Value: [ 89.106.162.2, 89.106.163.2 ]

 

But now this is odd.... the IP address does not show in the table (and nothing in the routing table):


jdgncnl@TWS-TWL-C00014> show interfaces at-1/0/0 terse
Interface               Admin Link Proto    Local                 Remote
at-1/0/0                up    up  
at-1/0/0.0              up    up   inet    
at-1/0/0.32767          up    up  

 

This is my current config:


jdgncnl@TWS-TWL-C00014> show configuration interfaces at-1/0/0
encapsulation ethernet-over-atm;
atm-options {
    vpi 2;
}
dsl-options {
    operating-mode adsl2plus;
}
unit 0 {
    encapsulation ether-over-atm-llc;
    vci 2.32;
    family inet {
        dhcp;
    }
}

Anyone any ideas ?

 

SRX Services Gateway

Re: Juniper SRX ADSL configuration for ISP's in the UK

‎04-08-2013 06:00 AM

Update: I solved the puzzle myself Smiley LOL

 

The DHCP lease was 89.106.162.214/32 and appearently the CPE router does not accept an IP lease where the default gateway (89.106.162.162) is outside of its subnet.

 

When the DHCP lease was 89.106.162.214/24 the CPE did accept the IP address and showed it in the interface table and routing table!

 

SRX Services Gateway

Re: Juniper SRX ADSL configuration for ISP's in the UK

‎06-04-2013 01:27 AM

Hi there

 

Can you help with the 'error message' below:

 

interfaces {
    pt-1/0/0 {
        vlan-tagging;
        vdsl-options {
            vdsl-profile auto;
        }
        unit 0 {
            encapsulation ppp-over-ether;
            vlan-id 101;
        }
    }
    pp0 {
        unit 0 {
            ppp-options {
                chap {
                    default-chap-secret "$9$Szwe8xZGimfzYgjqmf6/EcyrvLxNd"; ## SECRET-DATA
                    local-name "D214393@hg52.btclick.com";
                    passive;
                }
            }
            pppoe-options {
                underlying-interface pt-1/0/0.0;
                client;
            }
            family inet {
                address 81.133.95.199/32;
            }
        }
    }
}

[edit]
admin@SRX110-Oaktrees-ctr# commit check
[edit interfaces]
  'pt-1/0/0'
    INTERFACES_TYPE_VLAN_TAGGING: vlan tagging can only be specified on ethernet interfaces
error: configuration check-out failed

 

Cheers

 

SRX Services Gateway

Re: Juniper SRX ADSL configuration for ISP's in the UK

‎08-13-2013 06:59 AM

The PPPoA configuration looks ideal for what i need but have you got any details on what I need to configure for the default route?

 

I have seen other articles reference the pp0 interface for PPPoE interface but I am unsure on the PPPoA. 

 

Thanks

Scott

SRX Services Gateway

Re: Juniper SRX ADSL configuration for ISP's in the UK

‎03-04-2014 08:17 AM

Thanks for the info my pp0.0 interface now seems to be coming up but I'm not routing any traffic. it shows a 172.16.10.139 address under the interface as it does on a SSG20 behind the BT modem. Is this correct? Thanks

 

 

 

Logical interface pp0.0 (Index 81) (SNMP ifIndex 534) Flags: Point-To-Point SNMP-Traps 0x0 Encapsulation: PPPoE PPPoE: State: SessionUp, Session ID: 381, Session AC name: acc-aln6.l-buc, Remote MAC address: a0:f3:e4:35:57:2b, Configured AC name: None, Service name: None, Auto-reconnect timeout: Never, Idle timeout: Never, Underlying interface: pt-1/0/0.0 (Index 80) Input packets : 8086 Output packets: 9446 Keepalive settings: Interval 10 seconds, Up-count 1, Down-count 3 Keepalive: Input: 11 (00:02:59 ago), Output: 273 (00:00:09 ago) LCP state: Opened NCP state: inet: Opened, inet6: Not-configured, iso: Not-configured, mpls: Not-configured CHAP state: Success PAP state: Closed Security: Zone: untrust Protocol inet, MTU: 1466 Flags: Sendbcast-pkt-to-re, Negotiate-Address Addresses, Flags: Kernel Is-Preferred Is-Primary Destination: 172.16.10.139, Local: 86.157.185.207

SRX Services Gateway

Re: Juniper SRX ADSL configuration for ISP's in the UK

‎03-10-2014 01:12 AM

Hi G1

 

Can you post your config (DSL interface section, Routing options, NAT source and Security zone (untrust))?

 

To make sure that a default route is being generated, or ADSL,VDSL connections, add the following to routing-options,

 

routing-options {


    generate {
        route 0.0.0.0/0;
    }


}

SRX Services Gateway

Re: Juniper SRX ADSL configuration for ISP's in the UK

‎04-07-2014 01:43 PM

Hey all,

 

Thanks for this, got the PPPoA session working a charm thanks to these instructions. 

 

My provider has routed us a block of IP addresses separate to (and I suppose over the top of) the auto-negotiated IP on the ADSL, completely different subnet. I'm at a loss of how to set them up as the PPPoA needs to stay on auto-negotiated. Can anyone point me in the right direction?

SRX Services Gateway

Re: Juniper SRX ADSL configuration for ISP's in the UK

‎05-18-2014 03:55 PM

Hello Oli,

 

It seems a bit strange that your ISP would give you the extra IP addresses outside of your main one.

Are you sure this is the case?

Have you tried statically assigning one of the extra IP addresses directly to the ADSL interface?

The ADSL interface IP does not need to be auto-negotiated, you can statically assign an IP.

 

Normally you would just use proxy-arp to NAT the other IP's inbound.

But from what I understand, Junos by default will not Proxy arp IP addresses for which it does not have a directly connected route. And since the erxtra IP's are in a different subnet, there wouldn't be one.

 

To get around that, you would enable 'proxy-arp unrestricted' to the interface, but it seems you cannot set that on an ADSL interface.

So unfortunately, Im not really sure what to say... Have you tried just using proxy-arp?

SRX Services Gateway

Re: Juniper SRX ADSL configuration for ISP's in the UK

‎10-29-2014 07:41 AM

Hi,

 

How do I go about removing the pp0 interface?

Its currently bound to the default connection.

 

I got the at/0 interface with the right settings etc, but the srx110 I got wont show the pp0 in the interfaces section.

Would it help if I posted the config?

SRX Services Gateway

Re: Juniper SRX ADSL configuration for ISP's in the UK

‎10-29-2014 08:03 AM

  at-1/0/0 {
        mtu 1492;
        encapsulation ethernet-over-atm;
        atm-options {
            vpi 0;
        }
        dsl-options {
            operating-mode auto;
        }
        unit 0 {
            encapsulation ppp-over-ether-over-atm-llc;
            vci 0.38;
        }
    }
    pp0 {
        unit 0 {
            apply-macro Startup_Connection;
            ppp-options {
                chap {
                    default-chap-secret "$9$phAMOIhev87dwleaZDjq.hSyr8XNdbaGD";
                    local-name "user@pndsl.co.uk";
                    no-rfc2486;
                    passive;
                }
                pap {
                    local-name "user@pndsl.co.uk";
                    no-rfc2486;
                    local-password "$9$phAMOIhev87dwleaZDjq.hSyr8XNdbaGD";
                    passive;
                }
            }
            pppoe-options {
                underlying-interface at-1/0/0.0;
            }
            family inet {
                negotiate-address;
            }
        }
    }
}
routing-options {
    static {
        route 0.0.0.0/0 {
            qualified-next-hop pp0.0 {
                metric 3;
            }
        }
    }
}