I recently put in service a SRX300 running JunOs 15.1.x49-D160.2
We have CenturyLink DSL service at this location. I have their provided modem in bridge mode, the SRX is doing the PPPoE auth. We have a static IP assignment from Clink.
The issue is that I cannot seem to get the SRX to accept the static IP assignment from Clink. I spoke to one of their network engineers and he gave me a few hints during our discussion... I know they are using Radius for Auth and IP assignment. During the PPPoE auth process the SRX should be accepting the IP network, mask and route from their Radius server but doesn't.
Here is the relevant config from the SRX, this works but I get a dynamic IP assignment each time I disconnect / connect the PPPoE session, if I change the 'negotiate-address' from the 'family inet' section and specify the static IP and remote router it still auth's but no access to the Internet.
PPPoE settings that work, but only gets dynamic IP from ISP.
Text
}
interfaces {
ge-0/0/0 {
unit 0 {
description "CenturyLink Modem";
encapsulation ppp-over-ether;
}
}
pp0 {
unit 0 {
apply-macro Startup_Connection;
description CenturyLink;
ppp-options {
chap {
default-chap-secret "password";
local-name CTL1080xxxxx;
no-rfc2486;
passive;
}
}
pppoe-options {
underlying-interface ge-0/0/0.0;
idle-timeout 0;
auto-reconnect 10;
client;
}
family inet {
mtu 1492;
negotiate-address;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 {
qualified-next-hop pp0.0 {
metric 1;
}
}
}
}
Here is the 'show interfaces pp0.0' for the dynamic IP connection.
Text
mgreene@wtp-srx300> show interfaces pp0.0
Logical interface pp0.0 (Index 74) (SNMP ifIndex 535)
Description: CenturyLink
Flags: Up Point-To-Point SNMP-Traps 0x0 Encapsulation: PPPoE
PPPoE:
State: SessionUp, Session ID: 1,
Session AC name: tukw-dsl-gw71.tukw.qwest.net, Remote MAC address: 00:d0:f6:81:9b:e6,
Configured AC name: None, Service name: None,
Auto-reconnect timeout: 10 seconds, Idle timeout: Never,
Underlying interface: ge-0/0/0.0 (Index 73)
Ignore End-Of-List tag: Disable
PPP-Max-Payload tag: 1492
Input packets : 8024
Output packets: 7269
Keepalive settings: Interval 10 seconds, Up-count 1, Down-count 3
Keepalive: Input: 10 (00:00:58 ago), Output: 159 (00:00:08 ago)
LCP state: Opened
NCP state: inet: Opened, inet6: Not-configured, iso: Not-configured, mpls: Not-configured
CHAP state: Success
PAP state: Closed
Security: Zone: Internet
Protocol inet, MTU: 1492
Flags: Sendbcast-pkt-to-re, User-MTU, Negotiate-Address
Addresses, Flags: Kernel Is-Preferred Is-Primary
Destination: 216.160.93.254, Local: 65.102.118.61
If I change the line from 'negotiate-address' to: address <static ip/32>
I get auth OK, but cannot ping beyond the remote RAS, I tried the following with no change.
address <static ip/32> destination 216.160.93.254
Speaking with the Clink network engineer they use the same remote access router for dynamic and static services, and that 216.160.93.254 is the router doing the PPPoE termination.
Here is the show interfaces pp0.0 with the static IP defined in the pp0.0 configuration.
Text
mgreene@wtp-srx300> show interfaces pp0.0
Logical interface pp0.0 (Index 74) (SNMP ifIndex 535)
Description: CenturyLink
Flags: Up Point-To-Point SNMP-Traps 0x0 Encapsulation: PPPoE
PPPoE:
State: SessionUp, Session ID: 1,
Session AC name: tukw-dsl-gw71.tukw.qwest.net, Remote MAC address: 00:d0:f6:81:9b:e6,
Configured AC name: None, Service name: None,
Auto-reconnect timeout: 10 seconds, Idle timeout: Never,
Underlying interface: ge-0/0/0.0 (Index 73)
Ignore End-Of-List tag: Disable
PPP-Max-Payload tag: 1492
Input packets : 1104
Output packets: 8164
Keepalive settings: Interval 10 seconds, Up-count 1, Down-count 3
Keepalive: Input: 11 (00:06:03 ago), Output: 198 (00:00:09 ago)
LCP state: Opened
NCP state: inet: Down, inet6: Not-configured, iso: Not-configured, mpls: Not-configured
CHAP state: Success
PAP state: Closed
Security: Zone: Internet
Protocol inet, MTU: 1492
Flags: Sendbcast-pkt-to-re, Protocol-Down, User-MTU
Addresses, Flags: Dest-route-down Is-Preferred Is-Primary
Destination: 216.160.93.254, Local: 184.159.xx.xx
What am I missing?