Juniper SRX基本配置手册

Juniper SRX防火墙 基本配置手册

1 SRX防火墙的PPPoE拔号配置

Juniper SRX防火墙支持PPPoE拔号，这样防火墙能够连接ADSL链路，提供给内网用户访问网络的需求。

配置拓扑如下所示：

Ge-0/0/4 via PPPoE to obtian IP addressJuniper SRX240防火墙

在Juniper SRX防火墙上面设置ADSL PPPoE拔号，可以在WEB界面或者命令行下面查看PPPoE拔号接口pp0，在命令行下面的查看命令如下所示：

juniper@HaoPeng# run show interfaces terse | match pp

Interface Admin Link Proto Local Remote pp0 up up

在WEB界面下，也能够看到PPPoE的拔号接口pp0

配置步聚如下所示：

第一步：选择接口ge-0/0/4作为PPPoE拔号接口的物理接口，将接口封装成PPPoE To configure PPPoE encapsulation on an Ethernet interface:

juniper@HaoPeng# set interfaces ge-0/0/4 unit 0 encapsulation ppp-over-ether

第二步：配置PPPoE接口PP0.0的参数

To create a PPPoE interface and configure PPPoE options:

user@host# set interfaces pp0 unit 0 pppoe-options underlying-interface ge-0/0/4.0 auto-reconnect 100 idle-timeout 100 client

第三步：配置PPPoE接口的MTU值

To configure the maximum transmission unit (MTU) of the IPv4 family: user@host# set interfaces pp0 unit 0 family inet mtu 1492

第四步：配置PPPoE接口的地址为negotiate-address

To configure the PPPoE interface address:

user@host# set interfaces pp0 unit 0 family inet negotiate-address

第五步：配置PPPoE接口的PAP认证

set int pp0 unit 0 ppp-options pap default password 88888878 local-name szdigicn1@163.gd local-password 88888878 passive 注意：default password和local password都必须设置成ADSL拔号时所用的密码，local name必须是ADSL拔号时所用的用户名。

第六步：配置静态路由指向PPOE接口PP0.0

set routing-options static route 0.0.0.0/0 next-hop pp0.0

PPPoE拔号配置输出汇总如下所示： set interfaces ge-0/0/4 unit 0 encapsulation ppp-over-ether set interfaces pp0 unit 0 ppp-options pap default-password 88888878 set interfaces pp0 unit 0 ppp-options pap local-name \ set interfaces pp0 unit 0 ppp-options pap local-password 88888878 set interfaces pp0 unit 0 ppp-options pap passive set interfaces pp0 unit 0 pppoe-options underlying-interface ge-0/0/4.0 set interfaces pp0 unit 0 pppoe-options idle-timeout 0 set interfaces pp0 unit 0 pppoe-options auto-reconnect 2 set interfaces pp0 unit 0 pppoe-options client set interfaces pp0 unit 0 family inet mtu 1492 set interfaces pp0 unit 0 family inet negotiate-address set routing-options static route 0.0.0.0/0 next-hop pp0.0 验证PPPoE是否已经拔通，已经获得IP地址

root# run show interfaces terse | match pp pp0 up up

pp0.0 up up inet 219.134.120.126 --> 219.134.120.1

验证PPPoE常见命令如下所示： show interfaces pp0 show pppoe interfaces show pppoe version show pppoe statistics clear pppoe sessions clear pppoe sta