SRX PPPoE設定
構成
トポロジー
(Internet)-------------[FW]-------------(PC)
|<----------->| |<----------->|
PPPoE Local
10.0.0.0/24 192.168.0.0/24
構成
- CiscoRT
- PPPoE-Server
- Lo0: PPPoE-ClientのGWとなるI/F
- Gi0/0: PPPoE-Clientが接続しに来る物理I/F
- PC
- Gi0/0: FWに接続するI/F
- PPPoE-Server
- SRX (PPPoE-Client)
- ge-0/0/0: PPPoE接続するWAN側I/F
- ge-0/0/1: PCを接続するLocal側のI/F
- PPPoE情報
- セグメント: 10.0.0.0/24
- PPPoE-DGW: 10.0.0.255
- 認証情報
- user: test
- pass: test
- 認証方式: chap
- IP割り当て範囲: 10.0.0.1 - 10.0.0.10
- MTU/MSS
- MTU: 1454
- MSS: 1414
PPPoE Server
設定詳細はこちら
aaa new-model aaa authentication ppp PPPoE local aaa authorization network PPPoE local username test password 0 test ip local pool PPPoE-Pool 10.0.0.1 10.0.0.10 interface Loopback0 ip address 10.0.0.255 255.255.255.255 interface Virtual-Template1 mtu 1454 ip unnumbered Loopback0 peer default ip address pool PPPoE-Pool ppp authentication chap PPPoE ppp authorization PPPoE bba-group pppoe PPPoE_Server virtual-template 1 interface GigabitEthernet0/0 pppoe enable group PPPoE_Server
FW
set interfaces ge-0/0/1 unit 0 family inet address 192.168.0.254/24 set security zones security-zone trust interfaces ge-0/0/1.0 host-inbound-traffic system-services ping set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ping
PC
interface GigabitEthernet0/0 ip address 192.168.0.10 255.255.255.0 ip route 0.0.0.0 0.0.0.0 192.168.0.254
PPPoE Client
全設定
#### PPPoE I/F set interfaces ge-0/0/0 unit 0 encapsulation ppp-over-ether set interfaces pp0 unit 0 pppoe-options underlying-interface ge-0/0/0.0 set interfaces pp0 unit 0 family inet negotiate-address set security zones security-zone untrust interfaces pp0 #### PPPoE Authentication set interfaces pp0 unit 0 ppp-options chap passive set interfaces pp0 unit 0 ppp-options chap local-name test set interfaces pp0 unit 0 ppp-options chap default-chap-secret test #### Option set interfaces pp0 unit 0 family inet mtu 1454 set interfaces pp0 unit 0 pppoe-options auto-reconnect 10 set interfaces pp0 unit 0 pppoe-options client set security flow tcp-mss all-tcp mss 1414 #### Routing set routing-options static route 0.0.0.0/0 next-hop pp0.0 #### SourceNAT set security nat source rule-set NAT_SrcIF from interface ge-0/0/1.0 set security nat source rule-set NAT_SrcIF to zone untrust set security nat source rule-set NAT_SrcIF rule NAT-RULE_SOURCE-IF match source-address 192.168.0.0/24 set security nat source rule-set NAT_SrcIF rule NAT-RULE_SOURCE-IF match application junos-icmp-ping set security nat source rule-set NAT_SrcIF rule NAT-RULE_SOURCE-IF then source-nat interface
設定詳細
##### PPPoE I/F set interfaces [I/F] unit [NO] encapsulation ppp-over-ether :I/FのモードをPPPoEとして指定 set interfaces [PP I/F] unit [NO] pppoe-options underlying-interface [I/F] :PPPoEの実I/Fとして指定 set interfaces [PP I/F] unit [NO] family inet negotiate-address :I/FのIPをPPPoEで割り当てされたものに指定 set security zones security-zone untrust interfaces [PP I/F] :PPPoEのI/Fを外部としてuntrustに指定 #### PPPoE Authentication set interfaces [PP I/F] unit [NO] ppp-options chap pasisve :認証に[chap]を指定 set interfaces [PP I/F] unit [NO] ppp-options chap local-name [USER] :認証ユーザ名の指定 set interfaces [PP I/F] unit [NO] ppp-options chap default-chap-secret [PASS] :認証PWの指定 #### Option set interfaces [PP I/F] unit [NO] family inet mtu [MTU] :PPPoE I/FのMTUを指定 set interfaces [PP I/F] unit [NO] pppoe-options auto-reconnect [Value] :切断後再接続するまでの時間 set interfaces [PP I/F] unit [NO] pppoe-options client :PPPoEをクライアントモードに指定 set security flow tcp-mss all-tcp mss [MSS] :TCP通信でのMSS値を指定 #### Routing set routing-options static route 0.0.0.0/0 next-hop [PP I/F] :デフォルトルートをPPPoEI/Fに指定 #### SourceNAT NATの設定の詳細は以下 https://ictdiary.hatenadiary.jp/entry/2025/03/19/083842
確認コマンド
show pppoe interfaces brief show interfaces terse show ppp interface pp0.0 extensive
