SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Configuring Juniper SRX 210 for LAN routing

    Posted 01-23-2014 17:55

    Hi,

     

    I have aacquired an SRX 210 that I'm looking to put in my small network.  My LAN has mutiple network ranges - all 192.168.X.X.  I want these to be able to route traffic between each other.  I have defined all the network ranges (see below) and I've added a static default route.  Is this really all I'll need?

     

        ge-0/0/1 {
            description Internal;
            speed 1g;
            link-mode full-duplex;
            gigether-options {
                no-auto-negotiation;
            }
            unit 0 {
                family inet {
                    address 192.168.6.250/24;
                    address 192.168.7.250/24;
                    address 192.168.32.251/24;

    }
    routing-options {
        static {
            route 0.0.0.0/0 next-hop 131.XXX.XXX.XXX;
        }
    }

     

     



  • 2.  RE: Configuring Juniper SRX 210 for LAN routing

    Posted 01-23-2014 18:17

    Most likely the configuration is not what you are looking for.

     

    I would guess you have an interface towards the ISP where the default route you created needs to go.  This would be one interface that you need to configure with your ISP interface address to give you default route access to that next hop address.

     

    For you internal networks that you have on ge-0/0/0, you probably are looking for a Q tag trunk port.  What you have is three address assigned to an untagged access port.  The trunk port would have three units with the tag and addresses setup instead.

     

    You will also need security policies to permit the traffic you want on the device as well.  And a basic nat policy for internet access.

     

    You may find these two  free Day One books helpful.

     

    http://www.juniper.net/us/en/community/junos/training-certification/day-one/dynamic-services-series/deploying-srx-series/

     

    http://www.juniper.net/us/en/community/junos/training-certification/day-one/dynamic-services-series/configuring-srx-series/

     



  • 3.  RE: Configuring Juniper SRX 210 for LAN routing

    Posted 01-24-2014 03:15

    On my old allied teleysis router I use to be able to create sub vlan interfaces (not tagging).  For example I might have vlan 1-2 on 192.168.2.X and vlan 1-3 for 192.168.3.X.  Devices between these two could then communicate.  Is this possible with an SRX router?



  • 4.  RE: Configuring Juniper SRX 210 for LAN routing
    Best Answer

    Posted 01-24-2014 09:00

    Option 1 In branch SRX you can configure vlan and assign layer-3 interface to vlan to route traffic for the vlan , If a single interface for SRX is connected to layer-2 switch then make it trunk and configure interface with vlan-member with required vlans

     

    set vlan Left-Arm vlan-id 100

    set vlan Left-Arm vlan-id l3-interface vlan.100

    set vlan Right-Arm vlan-id 200

    set vlan Right-Arm vlan-id l3-interface vlan.200

    set interfaces vlan unit 100 family inet address 192.168.1.1/24

    set interface vlan unit 200 family inet address 192.168.2.1/24

    Option 2 You can configure vlan-tagging on an interface with vlan-id and ip address to a sub interface

     

    set interface vlan-tagging unit 0 vlan-id 100 family inet address 192.168.1.1/24

     

    set interface vlan-tagging unit 1 vlan-id 200 family inet address 192.168.2.1/24

     

     



  • 5.  RE: Configuring Juniper SRX 210 for LAN routing

    Posted 01-24-2014 15:31

    I assume you are connecting a single ethernet port with the switch for this setup.  So option 2 in Kashif's list above is what you want.

     

    You will need to match the vlan tag numbers you use on the SRX with the vlan tags assigned on the connected port of the switch.  This process will vary by vendor.



  • 6.  RE: Configuring Juniper SRX 210 for LAN routing

    Posted 01-24-2014 18:05
    I thought option 1 sounded more like what I wanted? I was going to use a ge-0/0/0 as my externally facing "internet port" as we have some inbound traffic that I need to allow through. And I was going to use ge-0/0/1 as my internal traffic port. This is how things are currently setup with no vlan tagging, the only vlans in the whole network are on the allied teleysis router itself. There's a lot of different switches in the network so I'd like to avoid creating vlans on all of them if possible. So for example if I had a client computer on 192.168.2.X and it wanted to go to a server on 192.168.3.X, it would first hop to 192.168.2.250 (router gateway for that network), then be routed out to the server ip on 192.168.3.X. Both networks configured on the same ge-0/0/1 interface. With option 1 from Kashif that sounds feasible? Thanks for the replies.


  • 7.  RE: Configuring Juniper SRX 210 for LAN routing

    Posted 01-25-2014 07:34

    In option 1 you are configuring a routed vlan interface inside the SRX, a virtual interface.  These are used when your vlans are all self contained and the network devices are all connected to this same device so they can route to each other.

     

    In your case you are physically connecting the SRX to your switch.  This is an 802.1Q tag trunk port.  You are able to send all three vlans on a single ethernet line but both devices can keep the vlans segregated.

     

    In option 2 the routed interface is created on the port you are connecting to your switch.

     

    This assumes you want the layer 3 gateway to be on the SRX and the connected switch is running them as layer 2 vlans.

     

    If your device is a router and you want layer 3 gateways there as well as on the SRX it becomes more complicated.

     

    But the connection between them is still the same, an 802.1Q trunk port.