Juniper SRX VDSL configuration

Below is the minimum config you would need to get a functional VDSL connection on an SRX. The platform I am using is the old (but still supported!) SRX110H2-VA. One gotcha is the vlan-id setting on the pt- interface, a significant amount of searching was required to determine what this value should be; VLAN ID 101 is what Plusnet uses.

version 12.3X48-D105.4;

security {
    nat {
        source {
            rule-set SRCNAT {
                from zone [ INSIDE ];
                to zone OUTSIDE;
                rule NSW-SRC-INTERFACE {
                    match {
                        source-address 0.0.0.0/0;
                        destination-address 0.0.0.0/0;
                    }
                    then {
                        source-nat {
                            interface;
                        }
                    }
                }
            }
        }
    }
    policies {
        from-zone INSIDE to-zone OUTSIDE {
            policy INSIDE-to-OUTSIDE {
                match {                 
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
    }
    zones {
        security-zone OUTSIDE {
            host-inbound-traffic {
                system-services {
                    ping;
                    ntp;
                    bootp;
                    dhcp;
                }
            }
            interfaces {
                pt-1/0/0.0;
                pp0.0;
            }
        }
        security-zone INSIDE {
            interfaces {
                fe-0/0/0.0 {
                    host-inbound-traffic {
                        system-services {
                            all;
                        }
                        protocols {     
                            all;
                        }
                    }
                }
            }
        }
    }
}
interfaces {
    fe-0/0/0 {
        unit 0 {
            family inet {
                address 10.83.0.1/30;
            }
        }
    }
    pt-1/0/0 {
        vlan-tagging;
        mtu 1492;
        vdsl-options {
            vdsl-profile auto;
        }
        unit 0 {
            encapsulation ppp-over-ether;
            vlan-id 101;
        }
    }
    pp0 {
        unit 0 {
            ppp-options {
                chap {
                    default-chap-secret some_password ## SECRET-DATA
                    local-name "foo@bar.net";
                    no-rfc2486;
                    passive;
                }
            }
            pppoe-options {
                underlying-interface pt-1/0/0.0;
                idle-timeout 0;         
                auto-reconnect 10;
                client;
            }
            family inet {
                mtu 1470;
                negotiate-address;
            }
        }
    }                       
}
routing-options {
    static {
        route 0.0.0.0/0 {
            next-hop pp0.0;
            metric 0;
        }
    }
}

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: