SRX Services Gateway
Reply
Contributor
MR. C
Posts: 14
Registered: ‎02-14-2011
0
Accepted Solution

How do I assign multiple IP addresses from one port?

Hey everyone. Today, my company switched providers and along with this they have assigned up 5 static IP's. Currently we have only one. Is the SRX-210 able to have all these address on one port (ge-0/0/0) and forward traffic based on the particular vlan I want to assign a new external IP address? For instance, I have a data, phone system IP-PBX, and a guest internet that I want each of these to have their own public IP and rules to route traffic between the phone and data network and not allow any traffic from the guest network between the phone and data. Thank you much for any advice as I am struggling with this concept.

Distinguished Expert
keithr
Posts: 979
Registered: ‎09-10-2009
0

Re: How do I assign multiple IP addresses from one port?

The 5 static IPs from your provider are going to be within the same subnet.  You can have your SRX answer for multiple IP addresses off of a single interface, but what you're describing (separate VLANs for each address) isn't going to be possible in this scenario.  You would need to work up your design to utilize internal addressing and VLANs where necessary, but your public IPs would only be usable as NAT (source, destination, or static) to tie into your internal design.  You wouldn't base your design around the 5 public IPs.

-kr


---
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated.
Distinguished Expert
aarseniev
Posts: 1,663
Registered: ‎08-21-2009
0

Re: How do I assign multiple IP addresses from one port?

Hello,

Small correction: there is no single subnet/netmask combo which covers 5 and only 5 contiguous IPv4 addresses, let alone non-contiguous.

So what OP is most likely to end up with in his design is two subnets (1x/30 + 1x/32).

Or maybe 5x/32 :smileyhappy:

HTH

Rgds

Alex

 

___________________________________
Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Contributor
MR. C
Posts: 14
Registered: ‎02-14-2011
0

Re: How do I assign multiple IP addresses from one port?

ok so can you go into greater detail on how to accomplish this please? I am afraid that I don't understand the concept you are describing. Thanks.

Trusted Contributor
dscott
Posts: 122
Registered: ‎03-17-2011
0

Re: How do I assign multiple IP addresses from one port?

If you have static IP's with AT&T Uverse, a /29 gives the end user 5 usable IP's.  They take the highest usable IP, and use that as your default gateway address.

 

For example

108.149.208.72/29

 

108.149.208.72 -- Network ID

108.149.208.73 -- Usable IP

108.149.208.74 -- Usable IP

108.149.208.75 -- Usable IP

108.149.208.76 -- Usable IP

108.149.208.77 -- Usable IP

108.149.208.78 -- Gateway Address

108.149.208.79 -- Broadcast Address

Dustin

VCP-4/5, JNCIS-SEC, JNCIP-ENT
Distinguished Expert
keithr
Posts: 979
Registered: ‎09-10-2009
0

Re: How do I assign multiple IP addresses from one port?

[ Edited ]

aarseniev wrote:

Hello,

Small correction: there is no single subnet/netmask combo which covers 5 and only 5 contiguous IPv4 addresses


Sure there is, /29.

 

29 network bits, 3 host bits.  2^3 = 8 IP addresses.  -1 for network address (lowest), -1 for broadcast address (highest), -1 for the upstream router (default gateway) = 5 usable IP addresses.

 

:smileywink:

 

*edit -- Looks like dscott beat me to it... guess I should refresh the page next time.  :smileytongue:

-kr


---
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated.
Distinguished Expert
keithr
Posts: 979
Registered: ‎09-10-2009
0

Re: How do I assign multiple IP addresses from one port?


MR. C wrote:

ok so can you go into greater detail on how to accomplish this please? I am afraid that I don't understand the concept you are describing. Thanks.


Actually, it would be easier if we approached it from the other direction... could you describe in more detail what you're looking to accomplish, and we can help you figure out how best to design the solution?

 

It's hard to design solutions to undefined problems.  :smileywink:

-kr


---
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated.
Contributor
MR. C
Posts: 14
Registered: ‎02-14-2011
0

Re: How do I assign multiple IP addresses from one port?

ok I will try. As of right now my configuration consists of one static IP address from our old internet provider. That is my untrust zone/gateway for my LAN to the internet and all my VLAN's connect to that port for internet access (ge-0/0/0). Just recently, we switched providers (Comcast) and with our service , they provide 5 static IP's.

 

As of now I have three vlans on my network.

 

1. Data network (this has all my client PC's and Servers) ge-0/0/1

2. Phone network (this is our IP based PBX system) fe-0/0/7 and fe-0/0/6

3. Guest network (basically allows our guests to have internet access and not on our data network) fe-0/0/5

 

My goal is to setup the SRX-210 in such a way that each of these VLAN's are associated with with one static external IP a piece so I can set up port forwarding rules to a particular VLAN based on those addresses. For instance, I want POP3 IMAP and such on the data network but I need the same port forwards to the phone network that conflict with the port forwards I need on the data network (they share some of the same ports). Also I want to have routing setup so that the data and phone network can communicate to each other but the guest internet can only go to the internet and not the other VLAN's. I am running IDP on the machine as well and would like if all traffic coming in still scanned. The data network is on a 192.168.0.0/24 and the phone is on a 10.1.1.0/24 and the guest has DHCP on the router with a 192.168.2.0/24.

 

I hope this clears some things up. Thank you much for your responses and consideration!

Distinguished Expert
aarseniev
Posts: 1,663
Registered: ‎08-21-2009
0

Re: How do I assign multiple IP addresses from one port?

5 "usable IP addresses" != subnet which covers only 5 IPaddresses, no less no more

HTH

Rgds

Alex 

 

___________________________________
Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Distinguished Expert
keithr
Posts: 979
Registered: ‎09-10-2009
0

Re: How do I assign multiple IP addresses from one port?


aarseniev wrote:

5 "usable IP addresses" != subnet which covers only 5 IPaddresses, no less no more

HTH

Rgds

Alex 

 


... all I said was that the 5 IP addresses he was getting from his ISP were most likely in a single subnet.  I never said anything about non-contiguous or that the 5 IP addresses were the entire subnet.

 

Not sure why there's any contention here...

-kr


---
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated.
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.