1)選擇接口fe-0/0/1作為PPPOE撥号接口的實體接口,并封裝成pppoe
set interfaces fe-0/0/1 unit 0 encapsulation ppp-over-ether
2)配置PPPOE接口的PP0.0參數
set interfaces pp0 unit 0 pppoe-options underlying-interface fe-0/0/1.0
set interfaces pp0 unit 0 pppoe-options idle-timeout 0
set interfaces pp0 unit 0 pppoe-options auto-reconnect 3
set interfaces pp0 unit 0 pppoe-options client
3)配置MTU與MSS
set interfaces pp0 unit 0 family inet mtu 1492
set security flow tcp-mss all-tcp mss 1350
4)配置pppoe接口的位址為negotiate-address
set interfaces pp0 unit 0 family inet negotiate-address
5)配置PPPOE pap 認證
set interfaces pp0 unit 0 ppp-options chap default-chap-secret 12345678
set interfaces pp0 unit 0 ppp-options chap local-name [email protected]
set interfaces pp0 unit 0 ppp-options chap no-rfc2486
set interfaces pp0 unit 0 ppp-options chap passive
set interfaces pp0 unit 0 ppp-options pap default-password 12345678
set interfaces pp0 unit 0 ppp-options pap local-name [email protected]
set interfaces pp0 unit 0 ppp-options pap local-password 12345678
set interfaces pp0 unit 0 ppp-options pap passive
6)配置預設路由
set routing-options static route 0.0.0.0/0 next-hop pp0.0
7)設定區域
set security zones security-zone untrust interfaces pp0.0
set security zones security-zone untrust interfaces fe-0/0/1.0
8)Interface based Nat 基于接口的源位址轉換
内部網段請自行更改,别全部複制。。。
set security nat source rule-set trust-to-untrust from zone trust
set security nat source rule-set trust-to-untrust to zone untrust
set security nat source rule-set trust-to-untrust rule source-nat-rule match source-address 192.168.10.0/24
set security nat source rule-set trust-to-untrust rule source-nat-rule match source-address 172.16.0.0/16
set security nat source rule-set trust-to-untrust rule source-nat-rule then source-nat interface
本文轉自yangye1985 51CTO部落格,原文連結:http://blog.51cto.com/yangye/1874180,如需轉載請自行聯系原作者
![“雲管邊端”協同的邊緣計算安全防護解決方案0 引 言1 5G 及邊緣計算2 邊緣計算面臨的風險3 “雲管邊端”安全防護技術4 “雲管邊端”安全防護實踐5 結 語[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)