{{tag>Setup Broadband Configuration Juniper Juniper_JunOS}}
====== Setting up SureVoIP Broadband on Juniper SRX Router ======
===== ADSL2+ =====
This guide will apply in general to all Juniper routers with a built-in ADSL modem.
It is assumed you require only basic NAT and the ADSL service is your only internet connection. If your requirements require a more complex set up then please consult an Authorised Juniper Partner for further advice.
Please note regarding the sample configuration below:
* Does //not// provide DHCP service to LAN
* London time zone with BST set
* Uses SureVoIP DNS servers
* Basic NAT
* IPv6 disabled
deactivate interfaces pt-1/0/0
set interfaces at-1/0/0 description "SureVoIP Business Broadband"
set interfaces at-1/0/0 encapsulation atm-pvc
set interfaces at-1/0/0 atm-options vpi 0
set interfaces at-1/0/0 unit 0 encapsulation atm-ppp-vc-mux
set interfaces at-1/0/0 unit 0 vci 0.38
set interfaces at-1/0/0 unit 0 ppp-options chap default-chap-secret "REFER TO WELCOME PACK FOR PASSWORD" # Refer to Welcome Pack
set interfaces at-1/0/0 unit 0 ppp-options chap local-name "supplied-username@example.com" # Refer to Welcome Pack
set interfaces at-1/0/0 unit 0 ppp-options chap passive
set interfaces at-1/0/0 unit 0 family inet negotiate-address
set interfaces vlan unit 0 family inet address 192.168.1.1/24
set routing-options generate route 0.0.0.0/0 # Generate default route
set system ntp server 185.8.92.8
set system ntp server 185.8.92.10
set security alg sip disable
set security nat source rule-set trust-to-untrust from zone trust
set security nat source rule-set trust-to-untrust to zone untrust
set security nat source rule-set trust-to-untrust rule source-nat-rule match source-address 0.0.0.0/0
set security nat source rule-set trust-to-untrust rule source-nat-rule then source-nat interface
set security policies from-zone trust to-zone untrust policy trust-to-untrust match source-address any
set security policies from-zone trust to-zone untrust policy trust-to-untrust match destination-address any
set security policies from-zone trust to-zone untrust policy trust-to-untrust match application any
set security policies from-zone trust to-zone untrust policy trust-to-untrust then permit
===== VDSL2 - FTTC (Fibre to the Cabinet) =====
deactivate interfaces at-1/0/0
set interfaces pt-1/0/0 vlan-tagging
set interfaces pt-1/0/0 mtu 1492
set interfaces pt-1/0/0 vdsl-options vdsl-profile auto
set interfaces pt-1/0/0 unit 0 encapsulation ppp-over-ether
set interfaces pt-1/0/0 unit 0 vlan-id 101
set interfaces pp0 unit 0 ppp-options chap default-chap-secret "REFER TO WELCOME PACK FOR PASSWORD" # Refer to Welcome Pack
set interfaces pp0 unit 0 ppp-options chap local-name "suppliedusername@example.com" # Refer to Welcome Pack
set interfaces pp0 unit 0 ppp-options chap passive
set interfaces pp0 unit 0 pppoe-options underlying-interface pt-1/0/0.0
set interfaces pp0 unit 0 pppoe-options idle-timeout 0
set interfaces pp0 unit 0 pppoe-options auto-reconnect 5
set interfaces pp0 unit 0 pppoe-options client
set interfaces pp0 unit 0 no-keepalives
set interfaces pp0 unit 0 family inet negotiate-address
set interfaces vlan unit 0 family inet address 192.168.1.1/24
set routing-options generate route 0.0.0.0/0 # Generate default route
set system ntp server 185.8.92.8
set system ntp server 185.8.92.10
set security alg sip disable
set security nat source rule-set trust-to-untrust from zone trust
set security nat source rule-set trust-to-untrust to zone untrust
set security nat source rule-set trust-to-untrust rule source-nat-rule match source-address 0.0.0.0/0
set security nat source rule-set trust-to-untrust rule source-nat-rule then source-nat interface
set security policies from-zone trust to-zone untrust policy trust-to-untrust match source-address any
set security policies from-zone trust to-zone untrust policy trust-to-untrust match destination-address any
set security policies from-zone trust to-zone untrust policy trust-to-untrust match application any
set security policies from-zone trust to-zone untrust policy trust-to-untrust then permit