1)選擇接口fe-0/0/1作爲PPPOE撥號接口的物理接口,並封裝成pppoe
set interfaces fe-0/0/1 unit 0 encapsulation ppp-over-ether
2)配置PPPOE接口的PP0.0參數
set interfaces pp0 unit 0 pppoe-options underlying-interface fe-0/0/1.0
set interfaces pp0 unit 0 pppoe-options idle-timeout 0
set interfaces pp0 unit 0 pppoe-options auto-reconnect 3
set interfaces pp0 unit 0 pppoe-options client
3)配置MTU與MSS
set interfaces pp0 unit 0 family inet mtu 1492
set security flow tcp-mss all-tcp mss 1350
4)配置pppoe接口的地址爲negotiate-address
set interfaces pp0 unit 0 family inet negotiate-address
5)配置PPPOE pap 認證
set interfaces pp0 unit 0 ppp-options chap default-chap-secret 12345678
set interfaces pp0 unit 0 ppp-options chap local-name [email protected]
set interfaces pp0 unit 0 ppp-options chap no-rfc2486
set interfaces pp0 unit 0 ppp-options chap passive
set interfaces pp0 unit 0 ppp-options pap default-password 12345678
set interfaces pp0 unit 0 ppp-options pap local-name [email protected]
set interfaces pp0 unit 0 ppp-options pap local-password 12345678
set interfaces pp0 unit 0 ppp-options pap passive
6)配置缺省路由
set routing-options static route 0.0.0.0/0 next-hop pp0.0
7)設置區域
set security zones security-zone untrust interfaces pp0.0
set security zones security-zone untrust interfaces fe-0/0/1.0
8)Interface based Nat 基於接口的源地址轉換
內部網段請自行更改,別全部複製。。。
set security nat source rule-set trust-to-untrust from zone trust
set security nat source rule-set trust-to-untrust to zone untrust
set security nat source rule-set trust-to-untrust rule source-nat-rule match source-address 192.168.10.0/24
set security nat source rule-set trust-to-untrust rule source-nat-rule match source-address 172.16.0.0/16
set security nat source rule-set trust-to-untrust rule source-nat-rule then source-nat interface