1)选择接口fe-0/0/1作为PPPOE拨号接口的物理接口,并封装成pppoe
set interfaces fe-0/0/1 unit 0 encapsulation ppp-over-ether
2)配置PPPOE接口的PP0.0参数
set interfaces pp0 unit 0 pppoe-options underlying-interface fe-0/0/1.0
set interfaces pp0 unit 0 pppoe-options idle-timeout 0
set interfaces pp0 unit 0 pppoe-options auto-reconnect 3
set interfaces pp0 unit 0 pppoe-options client
3)配置MTU与MSS
set interfaces pp0 unit 0 family inet mtu 1492
set security flow tcp-mss all-tcp mss 1350
4)配置pppoe接口的地址为negotiate-address
set interfaces pp0 unit 0 family inet negotiate-address
5)配置PPPOE pap 认证
set interfaces pp0 unit 0 ppp-options chap default-chap-secret 12345678
set interfaces pp0 unit 0 ppp-options chap local-name szXXXXXXXX@163.gd
set interfaces pp0 unit 0 ppp-options chap no-rfc2486
set interfaces pp0 unit 0 ppp-options chap passive
set interfaces pp0 unit 0 ppp-options pap default-password 12345678
set interfaces pp0 unit 0 ppp-options pap local-name szXXXXXXXX@163.gd
set interfaces pp0 unit 0 ppp-options pap local-password 12345678
set interfaces pp0 unit 0 ppp-options pap passive
6)配置缺省路由
set routing-options static route 0.0.0.0/0 next-hop pp0.0
7)设置区域
set security zones security-zone untrust interfaces pp0.0
set security zones security-zone untrust interfaces fe-0/0/1.0
8)Interface based Nat 基于接口的源地址转换
内部网段请自行更改,别全部复制。。。
set security nat source rule-set trust-to-untrust from zone trust
set security nat source rule-set trust-to-untrust to zone untrust
set security nat source rule-set trust-to-untrust rule source-nat-rule match source-address 192.168.10.0/24
set security nat source rule-set trust-to-untrust rule source-nat-rule match source-address 172.16.0.0/16
set security nat source rule-set trust-to-untrust rule source-nat-rule then source-nat interface
本文转自yangye1985 51CTO博客,原文链接:http://blog.51cto.com/yangye/1874180,如需转载请自行联系原作者
