Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] How to change the preference of the static route over the connected route from PPP in ScreenOS

0

0

Article ID: KB21150 KB Last Updated: 03 Jul 2020Version: 3.0
Summary:

This article describes the procedure to change the preference of the static route over the connected route from PPP in ScreenOS.

Symptoms:

In certain cases, such as PPPoE or PPPoA, the default route is created as a connected route. However, there may be a requirement of making this route as the secondary and have another static route being preferred.

Solution:

By default, all the interfaces are part of trust-vr. Configure the PPPoE interface in untrust-vr or another custom-vr. After configuring the PPPoE, the default route here will be created in this new vr.

In trust-vr, create a default route pointing to the untrust-vr with the preference higher than the static route.

For example:

  • Eth0/1 has PPPoE configured while Eth0/2 has another ISP.
  • Eth0/2 has IP : 1.1.1.1/24 and gateway IP : 1.1.1.2
 

Configuration for Eth0/1

  1. Configure a Zone in the untrust-VR:

    Web UI
    1. Select Network > Zones > New
    2. Enter a Zone Name: custom-zone
    3. Select Virtual Router Name: [Select the virtual router untrust-vr]
    4. Click OK
    CLI
    set zone name custom-zone
    set zone custom-zone vrouter untrust-vr
    save

  2. Bind the interface eth0/1 to the new zone:

    WebUI
    1. Select: Network > Interfaces > Edit (for ethernet0/1)
    2. Select custom-zone from the Zone Name drop-down list
    3. Click Apply
    CLI
    set interface ethernet0/1 zone custom-zone
    save

     
  3. Configure PPPoE
    WebUI
    1. Select: Network > PPP > PPPoE Profile> New
    2. Enter:
      PPPoE instance: pppoe
      Bound to interface: ethernet0/1 (select)
      Username: user1
      Password: 123456
      Authentication: Any (select)
      Access Concentrator: ac-11
    3. Click OK

    CLI
    set
    pppoe name pppoe username user1 password 123456
    set pppoe name pppoe ac ac-11
    set pppoe name pppoe authentication any
    set pppoe name pppoe interface ethernet0/1

Configuration for Eth0/2
 
  1. Configuring Zone in trust-VR:

    WebUI
    1. Select: Network > Zones > New
    2. Enter
      Zone Name: Untrust
      Virtual Router Name: [Select the virtual router <trust-vr>]
    3. Click OK

    CLI
    set zone name Untrust
    set zone Untrust vrouter trust-vr
    save

  2. Bind the interface eth0/2 to the Untrust zone and assign an IP address:

    WebUI
    1. Select: Network > Interfaces > Edit (for ethernet0/2)
    2. Select Untrust from the Zone Name drop-down list
    3. Enter the IP Address/Netmask: 1.1.1.1/24
    4. Click Apply

    CLI
    set
    interface ethernet0/2 zone Untrust
    set interface ethernet0/2 ip 1.1.1.1/24
    save

Setting routes in trust-vr
  WebUI
  1. Select: Network > Routing > Destination > trust-vr New:enter the following and then click OK:
  2. Enter:
    Network Address/Netmask: 0.0.0.0/0
    Next Hop Virtual Router Name: (select); untrust-vr
    Preference: 40
    Network > Routing > Destination > trust-vr New: enter the following and then click OK:
    Network Address/Netmask: 0.0.0.0/0
    Gateway: (select)
    Interface: ethernet0/2
    Gateway IP Address: 1.1.1.2
    Preference: 20
  3. Click OK

CLI
set vrouter trust-vr route 0.0.0.0/0 vrouter untrust-vr preference 40
set vrouter trust-vr route 0.0.0.0/0 interface ethernet0/2 gateway 1.1.1.2 preference 20

Setting routes in untrust-vr

The default route in untrust-vr will automatically be created as the connected route as soon as PPPoE negotiation is done.

Modification History:
2017-12-07: Article reviewed for accuracy. Minor grammatical changes made. Article is correct and complete.
2020-07-03: Article reviewed for accuracy. No changes made. Article is correct and complete.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search