Knowledge Search


×
 

SRX Getting Started - ADSL Configuration Examples

  [KB15737] Show Article Properties


Summary:

This article provides ADSL configuration examples when getting started with SRX. For other topics, go to the SRX Getting Started main page.

Symptoms:

Configure ADSL.

Solution:

This section contains the following:

 

Overview

Depending on your country and service provider, configuring ADSL might require specific settings. Some providers in the same country might require different ADSL settings. When configuring ADSL, the following settings might be affected:
  • VPI
  • VCI
  • Encapsulation
For information about the common ADSL settings for service providers, see KB7796 - ADSL Settings for Various Service Providers.

NOTE: Starting with Junos OS Release 15.1X49-D10, ADSL interfaces are no longer supported on SRX300, SRX320, SRX340, SRX345, and SRX550HM devices. See Example: Configuring VDSL2 Interfaces in ADSL Mode (Detail).
 

Basic ADSL Configuration Example

The following example illustrates a configuration with the following settings:

  • ATM-over-DSL interface is at-1/0/0.
  • Encapsulation type is Ethernet over ATM on DSL logical interface.
  • ATM virtual path identifier (VPI) is 1.
  • DSL operating mode for ATM-over-ADSL interface is set to autonegotiate settings.
  • Logical interface is 0.
  • Encapsulation type for the ATM-for-ADSL logical unit is PPP over Ethernet over ATM LLC.
  • ATM virtual channel (VCI) of 32.
  • IPv4 address and prefix of 10.10.16.1/24.
    interface at-1/0/0
    description DSL;
    mtu 1496;
    encapsulation ethernet-over-atm;
    atm-options {
        vpi 1;
    }
    dsl-options {
        operating-mode auto;
    }
    unit 0 {
        description Telecom;
        encapsulation ppp-over-ether-over-atm-llc;
            vci 1.32;
            family inet {
                address 10.10.16.1/24;
            }    
    }

NOTE: If you are using encapsulation "ppp-over-ether-over-atm-llc" then it would give a commit error.Please check KB26158: [SRX]Explanation of the 'Warning: Can't configure protocol family with encapsulation ppp-over-ether-over-atm-llc' commit error for more details.

 

Complete ADSL Configuration Example

This example is a complete working configuration example using Junos Release 10.0 or later.

This example uses the following settings:

  • ADSL is the primary WAN interface in the untrust zone.
  • A 3G is the backup interface, monitoring the primary ADSL (at) interface.
  • A dialup interface (external modem) is used as a failover.
  • The at-1/0/0 and pp0.0 interfaces are in the untrust zone.
  • For pp0.0, point-to-point is configured.
  • PAP is configured,using the passive option.
  • The PPPoE underlying-interface and client options are configured.
  • All Ethernet ports are in a single VLAN group with a DHCP server providing service.
  • A default route to the DSL interface is configured.
  • Source NAT is enabled.
system {
    host-name SRX210;
    name-server {
        208.67.222.222;
        208.67.220.220;
    }
    services {
        ssh;
        telnet;
        web-management {
            http {
                interface vlan.0;
            }
            https {
                system-generated-certificate;
                interface vlan.0;
            }
        }
        dhcp {
            domain-name example.net;
            router {
                192.168.0.1;
            }
            pool 192.168.0.0/24 {
                address-range low 192.168.0.100 high 192.168.0.199;

            }
        }
    }
    syslog {
        archive size 100k files 3;
        user * {
            any emergency;
        }
        file messages {
            any critical;
            authorization info;
        }
        file interactive-commands {
            interactive-commands error;
        }
    }
    max-configurations-on-flash 5;
    max-configuration-rollbacks 5;
    license {
        autoupdate {
            url https://ae1.juniper.net/junos/key_retrieval;
        }
    }
}
interfaces {
    interface-range interfaces-trust {
        member ge-0/0/0;
        member ge-0/0/1;
        member fe-0/0/2;
        member fe-0/0/3;
        member fe-0/0/4;
        member fe-0/0/5;
        member fe-0/0/6;
        member fe-0/0/7;
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    cl-0/0/8 {
        traceoptions {
            flag all;
        }
        modem-options {
            init-command-string "AT&C1";
        }
        dialer-options {
            pool 1 priority 23;
        }
    }
    dl0 {
        unit 0 {
            family inet {
                negotiate-address;
            }
            dialer-options {
                pool 1;
                dial-string 1234;
            }
        }
    }
    at-1/0/0 {
        encapsulation ethernet-over-atm;
        atm-options {
            vpi 0;
        }
        dsl-options {
            operating-mode auto;
        }
        unit 0 {
            encapsulation ppp-over-ether-over-atm-llc;
            vci 0.35;
            backup-options {
                interface dl0.0;
            }
        }
    }
    pp0 {
        traceoptions {
            flag all;
        }
        unit 0 {
            point-to-point;
            ppp-options {
                pap {
                    default-password "$9$/Gav9u1RhrG395RNds2UDCtu1hr"; ## SECRET-DATA
                    local-name "jsmith@example.net";
                    local-password "$9$hWLceWLxdwgJWLHYDqzFSreWxd"; ## SECRET-DATA
                    passive;
                }
            }
            pppoe-options {
                underlying-interface at-1/0/0.0;
                client;
            }
            no-keepalives;
            family inet {
                negotiate-address;
            }
        }
    }
    vlan {
        unit 0 {
            family inet {
                address 192.168.0.1/24;
            }
        }
    }
}
routing-options {
    static {
        route 0.0.0.0/0 next-hop pp0.0 metric 0;
        route 0.0.0.0/0 next-hop dl0.0;
    }
}
security {
    nat {
        source {
            rule-set trust-to-untrust {
                from zone trust;
                to zone untrust;
                rule source-nat-rule {
                    match {
                        source-address 0.0.0.0/0;
                    }
                    then {
                        source-nat {
                            interface;
                        }
                    }
                }
            }
        }
    }
    screen {
        ids-option untrust-screen {
            icmp {
                ping-death;
            }
            ip {
               source-route-option;
               tear-drop;
            }
            tcp {
                syn-flood {
                    alarm-threshold 1024;
                    attack-threshold 200;
                    source-threshold 1024;
                    destination-threshold 2048;
                    timeout 20;
                }
                land;
            }
        }
    }
    zones {
        security-zone trust {
            host-inbound-traffic {
                system-services {
                    all;
                }
                protocols {
                    all;
                }
            }
            interfaces {
                vlan.0;
            }
        }
        security-zone untrust {
            screen untrust-screen;
            host-inbound-traffic {
                system-services {
                    all;
                }
            }
            interfaces {
                at-1/0/0.0;
                pp0.0;
                dl0.0;
            }
        }
    }
    policies {
        from-zone trust to-zone untrust {
            policy default-permit {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
    }
}
poe {
    interface all;
}
vlans {
    vlan-trust {
        vlan-id 3;
        l3-interface vlan.0;
    }
}
 

Technical Documentation

DSL Interfaces Feature Guide for Security Devices   See 'overview' and 'Configuration' section.

 

Verification

 

Verifying DSL Interface Configuration

 

Troubleshooting

Use the show interfaces interface_name extensive command to review state and history information for the at and pp interfaces. For example:

user@host> show interfaces at-1/0/0 extensive
user@host>
show interfaces pp0 extensive

ADSL interface modules have LEDs that show sync and traffic status. For more information, see 1-Port ADSL2+ Mini-Physical Interface Module LEDs.
 
Modification History:

2017- 10-24: Added note that ADSL is not supported from 15.1x49 and added reference link.

Related Links: