-
Публикации
1
-
Зарегистрирован
-
Посещение
-
Добрый день.
Очень нужна помощь форумчан.
Сабж м320 настраиваем PPPoE BRAS. PPPOE сессия успешно поднимается. Клиент получает адрес из пула. Дальше столкнулись с проблемой, pppoe клиент пингует только интерфейс xe-2/1/0 82.114.242.75, за которым дефолт роутер и более ничего не пингует. Интернета на клиенте нет.
М320 пингует внешку.
Предполагаем дело в маршрутизации, но никак не можем разобраться.
Помогите кто чем может, в тупике мы с этим девайсом.
Ниже следует конфиг:
version 12.3R6.6;
dynamic-profiles {
DS-dyn-ipv4v6-ra {
interfaces {
pp0 {
unit "$junos-interface-unit" {
ppp-options {
chap;
authentication chap;
}
pppoe-options {
underlying-interface "$junos-underlying-interface";
server;
}
keepalives interval 30;
family inet {
unnumbered-address lo0.0;
}
}
}
}
}
}
system {
host-name SCTS_m320;
domain-name ru;
time-zone Europe/Samara;
authentication-order radius;
root-authentication {
encrypted-password SV2GqfMSb6pVA; ## SECRET-DATA
}
name-server {
8.8.8.8;
#######################
services {
ftp {
connection-limit 3;
}
ssh {
root-login allow;
connection-limit 10;
}
telnet {
connection-limit 10;
}
subscriber-management {
traceoptions {
file subscriber.log size 1m;
flag all;
}
}
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file firewall {
firewall any;
}
}
commit synchronize;
auto-configuration {
traceoptions {
file autoconf.log size 1m;
flag all;
}
}
processes {
general-authentication-service {
traceoptions {
file aap_logfile_l size 2m files 20;
flag radius;
flag address-assignment;
flag user-access;
flag configuration;
flag local-authentication;
}
}
}
ntp {
server 194.149.67.129;
}
}
chassis {
redundancy {
routing-engine 0 backup;
routing-engine 1 master;
failover {
on-loss-of-keepalives;
on-disk-failure;
}
graceful-switchover;
}
fpc 1 {
power on;
}
ppp-subscriber-services enable;
}
access-profile Access-Profile;
interfaces {
traceoptions {
file interfaces.log size 5m files 3;
flag all;
}
xe-2/1/0 {
vlan-tagging;
unit 450 {
encapsulation ppp-over-ether;
vlan-id 450;
pppoe-underlying-options {
dynamic-profile DS-dyn-ipv4v6-ra;
}
}
unit 1001 {
vlan-id 1001;
family inet {
filter {
input rad;
output rad;
}
address 82.114.242.75/24;
}
}
}
fxp0 {
unit 0 {
family inet {
address 192.168.61.143/21;
}
}
}
lo0 {
unit 0 {
family inet {
filter {
input defend;
}
address 127.0.0.1/32;
address 82.114.224.1/32;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 82.114.242.2;
}
}
protocols {
ancp {
traceoptions {
file ancp_1_logfile_1 size 2m files 20;
}
}
ppp-service {
traceoptions {
file ppp-service.log size 1m;
flag all;
}
}
ppp {
traceoptions {
file ppp.log size 5m files 5;
flag all;
}
monitor-session {
all;
pp0.0;
}
}
pppoe {
traceoptions {
file pppoe.log size 5m files 5;
level all;
flag all;
}
}
}
firewall {
filter defend {
term 0 {
from {
source-address {
0.0.0.0/0;
82.114.224.0/19 except;
192.168.56.0/21 except;
}
destination-port [ ssh telnet ];
}
then {
discard;
}
}
term 1 {
from {
port ntp;
}
then {
discard;
}
}
term 2 {
then accept;
}
}
filter rad {
term 1 {
from {
address {
82.114.242.14/32;
}
}
then {
log;
syslog;
accept;
}
}
term 2 {
then accept;
}
}
}
access {
radius-server {
82.114.242.14 {
port 1812;
accounting-port 1813;
secret "$9$DKkfz9Cu1Ic9ABEhSW8"; ## SECRET-DATA
timeout 45;
retry 4;
source-address 82.114.242.75;
}
}
profile Access-Profile {
authentication-order radius;
domain-name-server {
8.8.8.8;
}
radius {
authentication-server 82.114.242.14;
accounting-server 82.114.242.14;
}
radius-server {
82.114.242.14 {
port 1812;
accounting-port 1813;
secret "$9$mTnCOBEyrvO1SeKM-d"; ## SECRET-DATA
source-address 82.114.242.75;
}
}
accounting {
order radius;
immediate-update;
update-interval 10;
statistics volume-time;
}
service {
accounting-order radius;
}
}
address-assignment {
pool default-ipv4-pool-2 {
family inet {
network 82.114.224.0/24;
range r5 {
low 82.114.224.10;
high 82.114.224.254;
}
}
}
}
}