Feb 03

Juniper SRX and FTTN VDSL

Over the last few years, Australia has been rolling out a National Broadband Network (NBN for short). I recently moved into a new house that was connected to the NBN via Fibre to the Node (FTTN) utilising VDSL technology.

I was very excited to know that my Juniper SRX110 had a inbuilt VDSL modem! My old place had ADSL, so I was hoping to use the same modem, rather than the Huawei TPG sent me.

After spending hours and hours on it, my SRX wasn’t compatible as NBN needs Vectoring supported in the modem (G.993.5 vectoring) which I was very disappointed about, but I was able to do it with putting the Huawei into full bridge mode and bridging it on the first ethernet port using pp0.

Fast forward a few months and I circled back to it.

Turns out that vectoring is introduced in firmware (please not that in JunOS firmware and software are different things) 2.16 supports vectoring!

However, there are 2 versions of the SRX110
SRX110H-VA   <- Stops at Junos 12.1.46
SRX110H2-VA <- Expands into Junos 12.3
The firmware doesn’t seem to be available for the earlier devices. If you want to take a risk, you can read more here. I’ll eventually try this on mine, and will let you know how I go as I ended up getting a V2.

Running “show system firmware” reveals that I have the older firmware.
root@srx110> show system firmware
PIC 0          VDSLBCM        10  2.10.0              OK
I won’t detail upgrading this, but you can read some good info here A free account with Juniper will allow you to read this article which details the commands needed to upgrade the firmware.The rest of this article assumes you have version 2.16 as without vectoring, you wont even get a sync to the node.
This Whirlpool article is extremely helpful and was the basis of how I got mine working.The below config should get you online. The last stanza is the most important. This changed the priority of the LCP packets and allows you to auth with the ISP. Without that, you can get a sync, but no auth or IP.

    pt-1/0/0 {
        vdsl-options {
            vdsl-profile 17a;
        unit 0 {
            encapsulation ppp-over-ether;
            vlan-id 2;
    pp0 {
        unit 0 {
            ppp-options {
                pap {
                    local-name "REDACTED";
                    local-password "REDACTED";
            pppoe-options {
                underlying-interface pt-1/0/0.0;
                idle-timeout 0;
                auto-reconnect 10;
            family inet {
class-of-service {
    host-outbound-traffic {
        ieee-802.1 {
            default be;