SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
Expand all | Collapse all

Simple pppoe + vlan setup issue

egawd

egawd12-04-2018 06:41

  • 1.  Simple pppoe + vlan setup issue

    Posted 12-04-2018 06:38

    Hi ,

    Im trying to setup a simple pppoe + vlan install and its not working . The pppoe appears to go up / down and its not getting any IP .... I have searched the forum and pretty much tried all proposed solution but its not working . Im guessing at this point its something very obvious and im not seeing it

     

    Any help appreciated

     

    Thanks

     

    root@srx210> show pppoe interfaces
    pp0.0 Index 71
    State: Session up, Session ID: 5661,
    Service name: None,
    Session AC name: STESPQ3502W, Configured AC name: None,
    Remote MAC address: <removed from posting> ,
    Session uptime: 00:00:20 ago,
    Auto-reconnect timeout: 10 seconds, Idle timeout: Never,
    Underlying interface: ge-0/0/0.0 Index 70
    Ignore End-of-List tag: Disable

     

    Then a minute later :

    root@srx210> show pppoe interfaces
    pp0.0 Index 71
    State: Down, Session ID: None,
    Service name: None,
    Session AC name: None, Configured AC name: None,
    Remote MAC address: 00:00:00:00:00:00,
    Auto-reconnect timeout: 10 seconds, Idle timeout: Never,
    Underlying interface: ge-0/0/0.0 Index 70
    Ignore End-of-List tag: Disable

     

     

    Snippet of config ( see attached for the full one )

    interfaces {
        ge-0/0/0 {
            vlan-tagging;
            unit 0 {
                encapsulation ppp-over-ether;
                vlan-id 35;
            }

    pp0 {
    unit 0 {
    apply-macro pppoe;
    ppp-options {
    pap {
    local-name <hidden>;
    local-password "password"; ## SECRET-DATA
    passive;
    }
    }
    pppoe-options {
    underlying-interface ge-0/0/0.0;
    auto-reconnect 10;
    client;
    idle-timeout 0;
    }
    family inet {
    negotiate-address;
    }

     



  • 2.  RE: Simple pppoe + vlan setup issue

    Posted 12-04-2018 06:41
      |   view attached

    full conf

    Attachment(s)

    txt
    srx210-pppoe.txt   7 KB 1 version


  • 3.  RE: Simple pppoe + vlan setup issue

     
    Posted 12-04-2018 06:47

    Hi,

     

    Configuration looks good. May i know the server? We may need to capture the packet to understand the reason.

     

    interfaces {
    ge-0/0/9 {
    vlan-tagging;
    unit 100 {
    encapsulation ppp-over-ether;
    vlan-id 100;
    }
    }
    pp0 {
    unit 100 {
    ppp-options {
    pap {
    local-name "test@test.com";
    local-password "X"
    passive;
    }
    }
    pppoe-options {
    underlying-interface ge-0/0/9.100;
    auto-reconnect 10;
    client;
    }
    family inet {
    primary;
    negotiate-address;
    }
    }
    }

     

    Regards,

    Rahul



  • 4.  RE: Simple pppoe + vlan setup issue

     
    Posted 12-04-2018 06:49

    Kindly do the monitor traffic on server facing interface and share the same. 

     

    Need to understand if it's LCP phase failure or NCP phase failure or Keepalive Failure or Client Initiated Termination Request or Server Initiated Termination Request.

     

    Regards,
    Rahul



  • 5.  RE: Simple pppoe + vlan setup issue

    Posted 12-04-2018 08:59

    Hi Mayar ,

     

    Thank for the fast response ! I dont have access to the other end , its the ISP . Anything else that can be done to troubleshoot this ? 

     

    Thanks



  • 6.  RE: Simple pppoe + vlan setup issue

     
    Posted 12-04-2018 09:06

    Hi,

     

    You can do "monitor traffic interfac ge-0/0/0 no-resolve size 1500" to capture the control packet negotiation.


    Regards,

    Rahul



  • 7.  RE: Simple pppoe + vlan setup issue

    Posted 12-04-2018 15:07

    Hi

     

    The following just keep repeating itself over an over . To ensure username/pass was good, I hooked it up to a laptop setup a pppoe + vlan 35 and it worked right off without any further settings .

     

    Some additional info , this is a fiber connection going into a "sfp to eth" adapter which is then hooked to the srx.

     

    Any idea what is causing this ?

     

    Listening on ge-0/0/0, capture size 1500 bytes

    17:47:54.120124 Out PPPoE PADI [Host-Uniq UTF8] [Service-Name]
    17:48:12.541949  In PPPoE PADT [ses 5881]
    17:48:27.594813 Out PPPoE PADI [Host-Uniq UTF8] [Service-Name]
    17:48:27.603252  In PPPoE PADO [Service-Name] [AC-Name "STESPQ3502W"] [Host-Uniq UTF8] [AC-Cookie UTF8]
    17:48:27.610590 Out PPPoE PADR [Host-Uniq UTF8] [Service-Name] [AC-Name "STESPQ3502W"] [AC-Cookie UTF8]
    17:48:27.740291  In PPPoE PADS [ses 5988] [Service-Name] [Host-Uniq UTF8]
    17:48:27.859749 Out PPPoE  [ses 5988]LCP, Conf-Request (0x01), id 1, length 16
    17:48:30.685360  In PPPoE  [ses 5988]LCP, Conf-Request (0x01), id 251, length 20
    17:48:30.686984 Out PPPoE  [ses 5988]LCP, Conf-Ack (0x02), id 251, length 20
    17:48:30.718533 Out PPPoE  [ses 5988]LCP, Conf-Request (0x01), id 2, length 16
    17:48:33.585267  In PPPoE  [ses 5988]LCP, Conf-Request (0x01), id 251, length 20
    17:48:33.586035 Out PPPoE  [ses 5988]LCP, Conf-Ack (0x02), id 251, length 20
    17:48:33.648501 Out PPPoE  [ses 5988]LCP, Conf-Request (0x01), id 3, length 16
    17:48:36.485299  In PPPoE  [ses 5988]LCP, Conf-Request (0x01), id 251, length 20
    17:48:36.486208 Out PPPoE  [ses 5988]LCP, Conf-Ack (0x02), id 251, length 20
    17:48:36.638307 Out PPPoE  [ses 5988]LCP, Conf-Request (0x01), id 4, length 16
    17:48:39.582290 Out PPPoE  [ses 5988]LCP, Conf-Request (0x01), id 5, length 16
    17:48:39.785053  In PPPoE  [ses 5988]LCP, Conf-Request (0x01), id 251, length 20
    17:48:39.785933 Out PPPoE  [ses 5988]LCP, Conf-Ack (0x02), id 251, length 20
    17:48:42.572931 Out PPPoE  [ses 5988]LCP, Conf-Request (0x01), id 6, length 16
    17:48:42.784907  In PPPoE  [ses 5988]LCP, Conf-Request (0x01), id 251, length 20
    17:48:42.785699 Out PPPoE  [ses 5988]LCP, Conf-Ack (0x02), id 251, length 20
    17:48:45.520914 Out PPPoE  [ses 5988]LCP, Conf-Request (0x01), id 7, length 16
    17:48:45.584881  In PPPoE  [ses 5988]LCP, Conf-Request (0x01), id 251, length 20
    17:48:45.585656 Out PPPoE  [ses 5988]LCP, Conf-Ack (0x02), id 251, length 20
    17:48:48.284812  In PPPoE  [ses 5988]LCP, Conf-Request (0x01), id 251, length 20
    17:48:48.285604 Out PPPoE  [ses 5988]LCP, Conf-Ack (0x02), id 251, length 20
    17:48:48.442073 Out PPPoE  [ses 5988]LCP, Conf-Request (0x01), id 8, length 16
    17:48:51.285153  In PPPoE  [ses 5988]LCP, Conf-Request (0x01), id 251, length 20
    17:48:51.286049 Out PPPoE  [ses 5988]LCP, Conf-Ack (0x02), id 251, length 20
    17:48:51.377628 Out PPPoE  [ses 5988]LCP, Conf-Request (0x01), id 9, length 16
    17:48:54.321097 Out PPPoE  [ses 5988]LCP, Conf-Request (0x01), id 10, length 16
    17:48:54.484609  In PPPoE  [ses 5988]LCP, Conf-Request (0x01), id 251, length 20
    17:48:54.485649 Out PPPoE  [ses 5988]LCP, Conf-Ack (0x02), id 251, length 20
    17:48:57.302728 Out PPPoE  [ses 5988]LCP, Conf-Request (0x01), id 11, length 16
    17:48:57.493231  In PPPoE PADT [ses 5988]
    17:49:08.262781 Out PPPoE PADI [Host-Uniq UTF8] [Service-Name]
    17:49:08.296200  In PPPoE PADO [Service-Name] [AC-Name "STESPQ3502W"] [Host-Uniq UTF8] [AC-Cookie UTF8]
    17:49:08.296956 Out PPPoE PADR [Host-Uniq UTF8] [Service-Name] [AC-Name "STESPQ3502W"] [AC-Cookie UTF8]
    17:49:08.308585  In PPPoE PADS [ses 5990] [Service-Name] [Host-Uniq UTF8]
    17:49:08.357102 Out PPPoE  [ses 5990]LCP, Conf-Request (0x01), id 12, length 16
    17:49:11.243039 Out PPPoE  [ses 5990]LCP, Conf-Request (0x01), id 13, length 16
    17:49:11.284011  In PPPoE  [ses 5990]LCP, Conf-Request (0x01), id 244, length 20
    17:49:11.284786 Out PPPoE  [ses 5990]LCP, Conf-Ack (0x02), id 244, length 20
    17:49:14.084677  In PPPoE  [ses 5990]LCP, Conf-Request (0x01), id 244, length 20
    17:49:14.085481 Out PPPoE  [ses 5990]LCP, Conf-Ack (0x02), id 244, length 20
    17:49:14.101555 Out PPPoE  [ses 5990]LCP, Conf-Request (0x01), id 14, length 16
    17:49:17.067493 Out PPPoE  [ses 5990]LCP, Conf-Request (0x01), id 15, length 16
    17:49:17.184331  In PPPoE  [ses 5990]LCP, Conf-Request (0x01), id 244, length 20
    17:49:17.185210 Out PPPoE  [ses 5990]LCP, Conf-Ack (0x02), id 244, length 20
    17:49:19.983756  In PPPoE  [ses 5990]LCP, Conf-Request (0x01), id 244, length 20
    17:49:19.984644 Out PPPoE  [ses 5990]LCP, Conf-Ack (0x02), id 244, length 20
    17:49:20.007167 Out PPPoE  [ses 5990]LCP, Conf-Request (0x01), id 16, length 16



  • 8.  RE: Simple pppoe + vlan setup issue

     
    Posted 12-04-2018 15:17

    Thank you for the logs. We're not even reaching LCP authentication phase. LCP Conf-ACK is not received from server.

    Can you try to match configuration shared and try again? Look like LCP Conf-Req not even reaching the server,

     

    interfaces {
    ge-0/0/9 {
    vlan-tagging;
    unit 100 {
    encapsulation ppp-over-ether;
    vlan-id 100;
    }
    }
    pp0 {
    unit 100 {
    ppp-options {
    pap { 
    local-name "test@test.com";
    local-password "X"
    passive;
    }
    }
    pppoe-options {
    underlying-interface ge-0/0/9.100;
    auto-reconnect 10;
    client;
    }
    family inet {
    primary;
    negotiate-address;
    }
    }
    }

     

    security {
    policies {
    from-zone z-1 to-zone z-1 {
    policy default-allow {
    match {
    source-address any;
    destination-address any;
    application any;
    }
    then {
    permit;
    }
    }
    }
    policy-rematch;
    }
    zones {
    security-zone z-1 {
    host-inbound-traffic {
    system-services {
    all;
    }
    protocols {
    all;
    }
    }
    interfaces {
    all;
    }
    }
    }
    }

     

    Regards,
    Rahul

     

    Regards,
    Rahul N



  • 9.  RE: Simple pppoe + vlan setup issue

    Posted 12-04-2018 15:52

    Hi Mayar

     

    Thanks for the blazing fast reponse ! Wish this connection would work as fast 😉

    So as you can see this is a strip down version , I have changed every setting to be the same as yours and I get the same exact message.

     

    Anything else we can try ???

     

    Thanks



  • 10.  RE: Simple pppoe + vlan setup issue

    Posted 12-05-2018 07:16

    So I wasted a good 6 hours on this , googling the net and playing with the conf , none of them change the output . Are there any LCP setting that could be changed ? Could this be an MTU issue ?

     

    Really getting desparate as config look good



  • 11.  RE: Simple pppoe + vlan setup issue

     
    Posted 12-05-2018 07:53

    You can try the same using below configuration

     

    user@host# show interfaces pp0
    unit 0 {
    pppoe-options {
    underlying-interface ge-0/0/1.0;
    idle-timeout 100;
    access-concentrator ispl.com;
    service-name "vide0@ispl.com";
    auto-reconnect 100;
    client;
    }
    family inet {
    mtu 1480;
    negotiate-address;
    }


  • 12.  RE: Simple pppoe + vlan setup issue

    Posted 12-05-2018 08:28

    So I tried the following https://kb.juniper.net/InfoCenter/index?page=content&id=KB28670&cat=SRX_SERIES&actp=LIST

     

    setting:  set class-of-service host-outbound-traffic ieee-802.1 default be
    Magically I got the following for both CHAP/PAP ... its a step forward but its not working and I can confirm username/pass is good and since I made it work with a laptop running windows, its not expecting a defined Mac address .... 

     

    For Pap

    10:56:02.597612 Out PPPoE PADI [Host-Uniq UTF8] [Service-Name]
    10:56:02.607285 In PPPoE PADO [Service-Name] [AC-Name "STESPQ3502W"] [Host-Uniq UTF8] [AC-Cookie UTF8]
    10:56:02.608008 Out PPPoE PADR [Host-Uniq UTF8] [Service-Name] [AC-Name "STESPQ3502W"] [AC-Cookie UTF8]
    10:56:02.620552 In PPPoE PADS [ses 6557] [Service-Name] [Host-Uniq UTF8]
    10:56:02.717974 Out PPPoE [ses 6557]LCP, Conf-Request (0x01), id 12, length 16
    10:56:02.723663 In PPPoE [ses 6557]LCP, Conf-Ack (0x02), id 12, length 16
    10:56:05.710706 In PPPoE [ses 6557]LCP, Conf-Request (0x01), id 56, length 20
    10:56:05.711616 Out PPPoE [ses 6557]LCP, Conf-Ack (0x02), id 56, length 20
    10:56:05.740194 Out PPPoE [ses 6557]PAP, Auth-Req (0x01), id 13, Peer USERNAME, Name PASSWORD
    10:56:05.764409 In PPPoE [ses 6557]PAP, Auth-NACK (0x03), id 13, Msg Access Denied
    10:56:05.764656 In PPPoE [ses 6557]LCP, Term-Request (0x05), id 57, length 6
    10:56:05.779661 Out PPPoE [ses 6557]LCP, Term-Ack (0x06), id 57, length 6
    10:56:05.788991 In PPPoE PADT [ses 6557]

     

     

    For Chap

    11:02:43.340642 Out PPPoE PADI [Host-Uniq UTF8] [Service-Name]
    11:02:43.376126 In PPPoE PADO [Service-Name] [AC-Name "STESPQ3502W"] [Host-Uniq UTF8] [AC-Cookie UTF8]
    11:02:43.380363 Out PPPoE PADR [Host-Uniq UTF8] [Service-Name] [AC-Name "STESPQ3502W"] [AC-Cookie UTF8]
    11:02:43.392257 In PPPoE PADS [ses 6562] [Service-Name] [Host-Uniq UTF8]
    11:02:46.690978 In PPPoE [ses 6562]LCP, Conf-Request (0x01), id 97, length 20
    11:02:48.252004 Out PPPoE [ses 6562]LCP, Conf-Request (0x01), id 1, length 16
    11:02:48.260639 In PPPoE [ses 6562]LCP, Conf-Ack (0x02), id 1, length 16
    11:02:49.977278 In PPPoE [ses 6562]LCP, Conf-Request (0x01), id 97, length 20
    11:02:49.977928 Out PPPoE [ses 6562]LCP, Conf-Nack (0x03), id 97, length 11
    11:02:49.980889 In PPPoE [ses 6562]LCP, Conf-Request (0x01), id 98, length 21
    11:02:49.982116 Out PPPoE [ses 6562]LCP, Conf-Ack (0x02), id 98, length 21
    11:02:50.004945 In PPPoE [ses 6562]CHAP, Challenge (0x01), id 1, Value 984c88cab73062f652726406be3f7fa8fa421839a6765221223fde2f2bb175437d7d0fb52e[|chap]
    11:02:50.012883 Out PPPoE [ses 6562]CHAP, Response (0x02), id 1, Value 98c4e8b6d55d3f4b27271c6cc3c558a9, Name USERNAME
    11:02:50.036045 In PPPoE [ses 6562]CHAP, Fail (0x04), id 1, Msg Access Denied
    11:02:50.036306 In PPPoE [ses 6562]LCP, Term-Request (0x05), id 99, length 6
    11:02:50.055422 Out PPPoE [ses 6562]LCP, Term-Ack (0x06), id 99, length 6

     



  • 13.  RE: Simple pppoe + vlan setup issue

    Posted 12-05-2018 08:49

    The following did not work :

     

     

    Will try "ignore-eol-tag" , look a bit similar to https://forums.juniper.net/t5/SRX-Services-Gateway/Problems-Completing-PPPoE-Auth-SRX-110/td-p/321332



  • 14.  RE: Simple pppoe + vlan setup issue
    Best Answer

    Posted 12-05-2018 12:03

    Ok got PAP to authentificate now , I can ping google but everythig else is very slow or even not working at all ? MTU issue ??

    If so how would I track this ?

     

    Someone seem to have a similar problem and fixed it with

    set security flow tcp-mss all-tcp mss 1350

    https://forums.juniper.net/t5/SRX-Services-Gateway/SRX220H-pppoe-can-t-open-some-website/m-p/69394#M7996

     

    Cant test it now but will try later , any other suggestions welcome!!

     

    Thanks



  • 15.  RE: Simple pppoe + vlan setup issue

    Posted 09-26-2019 19:03

    Hi there

    I have the same issue and connecte my ge-0/0/7 which is Fiber to the ISP and PPPOE is not coming up. May I have a copy of your final working configuration please?



  • 16.  RE: Simple pppoe + vlan setup issue

    Posted 09-30-2019 07:54

    Hi ,

     

    I dont use the srx anymore but here is the latest working config I got . Hope it helps