SRX Services Gateway
Highlighted
SRX Services Gateway

Simple pppoe + vlan setup issue

‎12-04-2018 06:38 AM

Hi ,

Im trying to setup a simple pppoe + vlan install and its not working . The pppoe appears to go up / down and its not getting any IP .... I have searched the forum and pretty much tried all proposed solution but its not working . Im guessing at this point its something very obvious and im not seeing it

 

Any help appreciated

 

Thanks

 

root@srx210> show pppoe interfaces
pp0.0 Index 71
State: Session up, Session ID: 5661,
Service name: None,
Session AC name: STESPQ3502W, Configured AC name: None,
Remote MAC address: <removed from posting> ,
Session uptime: 00:00:20 ago,
Auto-reconnect timeout: 10 seconds, Idle timeout: Never,
Underlying interface: ge-0/0/0.0 Index 70
Ignore End-of-List tag: Disable

 

Then a minute later :

root@srx210> show pppoe interfaces
pp0.0 Index 71
State: Down, Session ID: None,
Service name: None,
Session AC name: None, Configured AC name: None,
Remote MAC address: 00:00:00:00:00:00,
Auto-reconnect timeout: 10 seconds, Idle timeout: Never,
Underlying interface: ge-0/0/0.0 Index 70
Ignore End-of-List tag: Disable

 

 

Snippet of config ( see attached for the full one )

interfaces {
    ge-0/0/0 {
        vlan-tagging;
        unit 0 {
            encapsulation ppp-over-ether;
            vlan-id 35;
        }

pp0 {
unit 0 {
apply-macro pppoe;
ppp-options {
pap {
local-name <hidden>;
local-password "password"; ## SECRET-DATA
passive;
}
}
pppoe-options {
underlying-interface ge-0/0/0.0;
auto-reconnect 10;
client;
idle-timeout 0;
}
family inet {
negotiate-address;
}

 

15 REPLIES 15
Highlighted
SRX Services Gateway

Re: Simple pppoe + vlan setup issue

‎12-04-2018 06:40 AM

full conf

Attachments

Highlighted
SRX Services Gateway

Re: Simple pppoe + vlan setup issue

‎12-04-2018 06:46 AM

Hi,

 

Configuration looks good. May i know the server? We may need to capture the packet to understand the reason.

 

interfaces {
ge-0/0/9 {
vlan-tagging;
unit 100 {
encapsulation ppp-over-ether;
vlan-id 100;
}
}
pp0 {
unit 100 {
ppp-options {
pap {
local-name "test@test.com";
local-password "X"
passive;
}
}
pppoe-options {
underlying-interface ge-0/0/9.100;
auto-reconnect 10;
client;
}
family inet {
primary;
negotiate-address;
}
}
}

 

Regards,

Rahul

Highlighted
SRX Services Gateway

Re: Simple pppoe + vlan setup issue

‎12-04-2018 06:48 AM

Kindly do the monitor traffic on server facing interface and share the same. 

 

Need to understand if it's LCP phase failure or NCP phase failure or Keepalive Failure or Client Initiated Termination Request or Server Initiated Termination Request.

 

Regards,
Rahul

Highlighted
SRX Services Gateway

Re: Simple pppoe + vlan setup issue

‎12-04-2018 08:59 AM

Hi Mayar ,

 

Thank for the fast response ! I dont have access to the other end , its the ISP . Anything else that can be done to troubleshoot this ? 

 

Thanks

Highlighted
SRX Services Gateway

Re: Simple pppoe + vlan setup issue

‎12-04-2018 09:06 AM

Hi,

 

You can do "monitor traffic interfac ge-0/0/0 no-resolve size 1500" to capture the control packet negotiation.


Regards,

Rahul

Highlighted
SRX Services Gateway

Re: Simple pppoe + vlan setup issue

[ Edited ]
‎12-04-2018 03:06 PM

Hi

 

The following just keep repeating itself over an over . To ensure username/pass was good, I hooked it up to a laptop setup a pppoe + vlan 35 and it worked right off without any further settings .

 

Some additional info , this is a fiber connection going into a "sfp to eth" adapter which is then hooked to the srx.

 

Any idea what is causing this ?

 

Listening on ge-0/0/0, capture size 1500 bytes

17:47:54.120124 Out PPPoE PADI [Host-Uniq UTF8] [Service-Name]
17:48:12.541949  In PPPoE PADT [ses 5881]
17:48:27.594813 Out PPPoE PADI [Host-Uniq UTF8] [Service-Name]
17:48:27.603252  In PPPoE PADO [Service-Name] [AC-Name "STESPQ3502W"] [Host-Uniq UTF8] [AC-Cookie UTF8]
17:48:27.610590 Out PPPoE PADR [Host-Uniq UTF8] [Service-Name] [AC-Name "STESPQ3502W"] [AC-Cookie UTF8]
17:48:27.740291  In PPPoE PADS [ses 5988] [Service-Name] [Host-Uniq UTF8]
17:48:27.859749 Out PPPoE  [ses 5988]LCP, Conf-Request (0x01), id 1, length 16
17:48:30.685360  In PPPoE  [ses 5988]LCP, Conf-Request (0x01), id 251, length 20
17:48:30.686984 Out PPPoE  [ses 5988]LCP, Conf-Ack (0x02), id 251, length 20
17:48:30.718533 Out PPPoE  [ses 5988]LCP, Conf-Request (0x01), id 2, length 16
17:48:33.585267  In PPPoE  [ses 5988]LCP, Conf-Request (0x01), id 251, length 20
17:48:33.586035 Out PPPoE  [ses 5988]LCP, Conf-Ack (0x02), id 251, length 20
17:48:33.648501 Out PPPoE  [ses 5988]LCP, Conf-Request (0x01), id 3, length 16
17:48:36.485299  In PPPoE  [ses 5988]LCP, Conf-Request (0x01), id 251, length 20
17:48:36.486208 Out PPPoE  [ses 5988]LCP, Conf-Ack (0x02), id 251, length 20
17:48:36.638307 Out PPPoE  [ses 5988]LCP, Conf-Request (0x01), id 4, length 16
17:48:39.582290 Out PPPoE  [ses 5988]LCP, Conf-Request (0x01), id 5, length 16
17:48:39.785053  In PPPoE  [ses 5988]LCP, Conf-Request (0x01), id 251, length 20
17:48:39.785933 Out PPPoE  [ses 5988]LCP, Conf-Ack (0x02), id 251, length 20
17:48:42.572931 Out PPPoE  [ses 5988]LCP, Conf-Request (0x01), id 6, length 16
17:48:42.784907  In PPPoE  [ses 5988]LCP, Conf-Request (0x01), id 251, length 20
17:48:42.785699 Out PPPoE  [ses 5988]LCP, Conf-Ack (0x02), id 251, length 20
17:48:45.520914 Out PPPoE  [ses 5988]LCP, Conf-Request (0x01), id 7, length 16
17:48:45.584881  In PPPoE  [ses 5988]LCP, Conf-Request (0x01), id 251, length 20
17:48:45.585656 Out PPPoE  [ses 5988]LCP, Conf-Ack (0x02), id 251, length 20
17:48:48.284812  In PPPoE  [ses 5988]LCP, Conf-Request (0x01), id 251, length 20
17:48:48.285604 Out PPPoE  [ses 5988]LCP, Conf-Ack (0x02), id 251, length 20
17:48:48.442073 Out PPPoE  [ses 5988]LCP, Conf-Request (0x01), id 8, length 16
17:48:51.285153  In PPPoE  [ses 5988]LCP, Conf-Request (0x01), id 251, length 20
17:48:51.286049 Out PPPoE  [ses 5988]LCP, Conf-Ack (0x02), id 251, length 20
17:48:51.377628 Out PPPoE  [ses 5988]LCP, Conf-Request (0x01), id 9, length 16
17:48:54.321097 Out PPPoE  [ses 5988]LCP, Conf-Request (0x01), id 10, length 16
17:48:54.484609  In PPPoE  [ses 5988]LCP, Conf-Request (0x01), id 251, length 20
17:48:54.485649 Out PPPoE  [ses 5988]LCP, Conf-Ack (0x02), id 251, length 20
17:48:57.302728 Out PPPoE  [ses 5988]LCP, Conf-Request (0x01), id 11, length 16
17:48:57.493231  In PPPoE PADT [ses 5988]
17:49:08.262781 Out PPPoE PADI [Host-Uniq UTF8] [Service-Name]
17:49:08.296200  In PPPoE PADO [Service-Name] [AC-Name "STESPQ3502W"] [Host-Uniq UTF8] [AC-Cookie UTF8]
17:49:08.296956 Out PPPoE PADR [Host-Uniq UTF8] [Service-Name] [AC-Name "STESPQ3502W"] [AC-Cookie UTF8]
17:49:08.308585  In PPPoE PADS [ses 5990] [Service-Name] [Host-Uniq UTF8]
17:49:08.357102 Out PPPoE  [ses 5990]LCP, Conf-Request (0x01), id 12, length 16
17:49:11.243039 Out PPPoE  [ses 5990]LCP, Conf-Request (0x01), id 13, length 16
17:49:11.284011  In PPPoE  [ses 5990]LCP, Conf-Request (0x01), id 244, length 20
17:49:11.284786 Out PPPoE  [ses 5990]LCP, Conf-Ack (0x02), id 244, length 20
17:49:14.084677  In PPPoE  [ses 5990]LCP, Conf-Request (0x01), id 244, length 20
17:49:14.085481 Out PPPoE  [ses 5990]LCP, Conf-Ack (0x02), id 244, length 20
17:49:14.101555 Out PPPoE  [ses 5990]LCP, Conf-Request (0x01), id 14, length 16
17:49:17.067493 Out PPPoE  [ses 5990]LCP, Conf-Request (0x01), id 15, length 16
17:49:17.184331  In PPPoE  [ses 5990]LCP, Conf-Request (0x01), id 244, length 20
17:49:17.185210 Out PPPoE  [ses 5990]LCP, Conf-Ack (0x02), id 244, length 20
17:49:19.983756  In PPPoE  [ses 5990]LCP, Conf-Request (0x01), id 244, length 20
17:49:19.984644 Out PPPoE  [ses 5990]LCP, Conf-Ack (0x02), id 244, length 20
17:49:20.007167 Out PPPoE  [ses 5990]LCP, Conf-Request (0x01), id 16, length 16

Highlighted
SRX Services Gateway

Re: Simple pppoe + vlan setup issue

‎12-04-2018 03:17 PM

Thank you for the logs. We're not even reaching LCP authentication phase. LCP Conf-ACK is not received from server.

Can you try to match configuration shared and try again? Look like LCP Conf-Req not even reaching the server,

 

interfaces {
ge-0/0/9 {
vlan-tagging;
unit 100 {
encapsulation ppp-over-ether;
vlan-id 100;
}
}
pp0 {
unit 100 {
ppp-options {
pap { 
local-name "test@test.com";
local-password "X"
passive;
}
}
pppoe-options {
underlying-interface ge-0/0/9.100;
auto-reconnect 10;
client;
}
family inet {
primary;
negotiate-address;
}
}
}

 

security {
policies {
from-zone z-1 to-zone z-1 {
policy default-allow {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
policy-rematch;
}
zones {
security-zone z-1 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
all;
}
}
}
}

 

Regards,
Rahul

 

Regards,
Rahul N

Highlighted
SRX Services Gateway

Re: Simple pppoe + vlan setup issue

‎12-04-2018 03:51 PM

Hi Mayar

 

Thanks for the blazing fast reponse ! Wish this connection would work as fast Smiley Wink

So as you can see this is a strip down version , I have changed every setting to be the same as yours and I get the same exact message.

 

Anything else we can try ???

 

Thanks

Highlighted
SRX Services Gateway

Re: Simple pppoe + vlan setup issue

‎12-05-2018 07:15 AM

So I wasted a good 6 hours on this , googling the net and playing with the conf , none of them change the output . Are there any LCP setting that could be changed ? Could this be an MTU issue ?

 

Really getting desparate as config look good

Highlighted
SRX Services Gateway

Re: Simple pppoe + vlan setup issue

‎12-05-2018 07:52 AM

You can try the same using below configuration

 

user@host# show interfaces pp0
unit 0 {
pppoe-options {
underlying-interface ge-0/0/1.0;
idle-timeout 100;
access-concentrator ispl.com;
service-name "vide0@ispl.com";
auto-reconnect 100;
client;
}
family inet {
mtu 1480;
negotiate-address;
}
Highlighted
SRX Services Gateway

Re: Simple pppoe + vlan setup issue

‎12-05-2018 08:28 AM

So I tried the following https://kb.juniper.net/InfoCenter/index?page=content&id=KB28670&cat=SRX_SERIES&actp=LIST

 

setting:  set class-of-service host-outbound-traffic ieee-802.1 default be
Magically I got the following for both CHAP/PAP ... its a step forward but its not working and I can confirm username/pass is good and since I made it work with a laptop running windows, its not expecting a defined Mac address .... 

 

For Pap

10:56:02.597612 Out PPPoE PADI [Host-Uniq UTF8] [Service-Name]
10:56:02.607285 In PPPoE PADO [Service-Name] [AC-Name "STESPQ3502W"] [Host-Uniq UTF8] [AC-Cookie UTF8]
10:56:02.608008 Out PPPoE PADR [Host-Uniq UTF8] [Service-Name] [AC-Name "STESPQ3502W"] [AC-Cookie UTF8]
10:56:02.620552 In PPPoE PADS [ses 6557] [Service-Name] [Host-Uniq UTF8]
10:56:02.717974 Out PPPoE [ses 6557]LCP, Conf-Request (0x01), id 12, length 16
10:56:02.723663 In PPPoE [ses 6557]LCP, Conf-Ack (0x02), id 12, length 16
10:56:05.710706 In PPPoE [ses 6557]LCP, Conf-Request (0x01), id 56, length 20
10:56:05.711616 Out PPPoE [ses 6557]LCP, Conf-Ack (0x02), id 56, length 20
10:56:05.740194 Out PPPoE [ses 6557]PAP, Auth-Req (0x01), id 13, Peer USERNAME, Name PASSWORD
10:56:05.764409 In PPPoE [ses 6557]PAP, Auth-NACK (0x03), id 13, Msg Access Denied
10:56:05.764656 In PPPoE [ses 6557]LCP, Term-Request (0x05), id 57, length 6
10:56:05.779661 Out PPPoE [ses 6557]LCP, Term-Ack (0x06), id 57, length 6
10:56:05.788991 In PPPoE PADT [ses 6557]

 

 

For Chap

11:02:43.340642 Out PPPoE PADI [Host-Uniq UTF8] [Service-Name]
11:02:43.376126 In PPPoE PADO [Service-Name] [AC-Name "STESPQ3502W"] [Host-Uniq UTF8] [AC-Cookie UTF8]
11:02:43.380363 Out PPPoE PADR [Host-Uniq UTF8] [Service-Name] [AC-Name "STESPQ3502W"] [AC-Cookie UTF8]
11:02:43.392257 In PPPoE PADS [ses 6562] [Service-Name] [Host-Uniq UTF8]
11:02:46.690978 In PPPoE [ses 6562]LCP, Conf-Request (0x01), id 97, length 20
11:02:48.252004 Out PPPoE [ses 6562]LCP, Conf-Request (0x01), id 1, length 16
11:02:48.260639 In PPPoE [ses 6562]LCP, Conf-Ack (0x02), id 1, length 16
11:02:49.977278 In PPPoE [ses 6562]LCP, Conf-Request (0x01), id 97, length 20
11:02:49.977928 Out PPPoE [ses 6562]LCP, Conf-Nack (0x03), id 97, length 11
11:02:49.980889 In PPPoE [ses 6562]LCP, Conf-Request (0x01), id 98, length 21
11:02:49.982116 Out PPPoE [ses 6562]LCP, Conf-Ack (0x02), id 98, length 21
11:02:50.004945 In PPPoE [ses 6562]CHAP, Challenge (0x01), id 1, Value 984c88cab73062f652726406be3f7fa8fa421839a6765221223fde2f2bb175437d7d0fb52e[|chap]
11:02:50.012883 Out PPPoE [ses 6562]CHAP, Response (0x02), id 1, Value 98c4e8b6d55d3f4b27271c6cc3c558a9, Name USERNAME
11:02:50.036045 In PPPoE [ses 6562]CHAP, Fail (0x04), id 1, Msg Access Denied
11:02:50.036306 In PPPoE [ses 6562]LCP, Term-Request (0x05), id 99, length 6
11:02:50.055422 Out PPPoE [ses 6562]LCP, Term-Ack (0x06), id 99, length 6

 

Highlighted
SRX Services Gateway

Re: Simple pppoe + vlan setup issue

[ Edited ]
‎12-05-2018 08:48 AM

The following did not work :

 

 

Will try "ignore-eol-tag" , look a bit similar to https://forums.juniper.net/t5/SRX-Services-Gateway/Problems-Completing-PPPoE-Auth-SRX-110/td-p/32133...

Highlighted
SRX Services Gateway
Solution
Accepted by topic author egawd
‎12-06-2018 04:13 AM

Re: Simple pppoe + vlan setup issue

[ Edited ]
‎12-05-2018 12:02 PM

Ok got PAP to authentificate now , I can ping google but everythig else is very slow or even not working at all ? MTU issue ??

If so how would I track this ?

 

Someone seem to have a similar problem and fixed it with

set security flow tcp-mss all-tcp mss 1350

https://forums.juniper.net/t5/SRX-Services-Gateway/SRX220H-pppoe-can-t-open-some-website/m-p/69394#M...

 

Cant test it now but will try later , any other suggestions welcome!!

 

Thanks

Highlighted
SRX Services Gateway

Re: Simple pppoe + vlan setup issue

[ Edited ]
‎09-26-2019 07:02 PM

Hi there

I have the same issue and connecte my ge-0/0/7 which is Fiber to the ISP and PPPOE is not coming up. May I have a copy of your final working configuration please?

Highlighted
SRX Services Gateway

Re: Simple pppoe + vlan setup issue

‎09-30-2019 07:54 AM

Hi ,

 

I dont use the srx anymore but here is the latest working config I got . Hope it helps

Attachments