SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Problem With Routing Inter Vlan in Juniper SRX220

    Posted 04-28-2015 11:30

    Hello, sorry for my english so bad I'm taking the google translator. I have a problem setting Ruting inter vlan in srx220

     

    1 and believes lals vlan with the commands:


    set vlans Cartera vlan-id 20
    set vlans Auditoria vlan-id 21

     

    2 create a vlan Interfas lodge layer 3

     

    set interfaces vlan unit 20 family inet address 172.16.1.33/27
    set interfaces vlan unit 21 family inet address 172.16.1.65/27

     

    3 vlan link layer 2 to layer 3 interface vlan

     

    set vlans Cartera l3-interface vlan.20
    set vlans Auditoria l3-interface vlan.21

     

    4. dont like my Interfas backbone reaching my switch so with my switch, the Interfas srx going to put it as a trunk and put a member of all vlan

                                       -> PC - vlan 20

    [SRX220] -> [EX4300]

                                       -> PC - vlan 21

    and create the vlan on the switch and assign access ports for pc, but not that rason the srx not allow routing between vlans me ....

     

    the last thing in the srx probe is realisar cisco what is known as sub interfaces, create logical drives and port vlan-tagging gave each unit with its vlan-id and ip but without success.

     

    the show vlan me up, but the ping of 20-21 pc vlan fails

    if anyone has any recommendation would appreciate thanks



  • 2.  RE: Problem With Routing Inter Vlan in Juniper SRX220
    Best Answer

     
    Posted 04-28-2015 22:41

    have you allow icmp on the interfaces in the right zones ?  If the vlan interfaces are in differrent zones you need to set

    policy to have them reach each other

     

     

    See my example below for the interfaces in two different zones.

     

    show security zones security-zone vlan20

    interfaces {
        vlan.20 {
            host-inbound-traffic {
                system-services {
                    ssh;
                    ping;
                }
            }
        }
    }

     

    show security zones security-zone vlan21

    interfaces {
        vlan.21 {
            host-inbound-traffic {
                system-services {
                    ssh;
                    ping;
                }
            }
        }
    }

     

     

    To allow traffic between the two zones you can do something like this

     

     

    show security policies from-zone vlan20 to-zone vlan21

     

    policy default-permit {
        match {
            source-address any;
            destination-address any;
            application any;
        }
        then {
            permit;
        }
    }

     

    show security policies from-zone vlan21 to-zone vlan20

     

    policy default-permit {
        match {
            source-address any;
            destination-address any;
            application any;
        }
        then {
            permit;
        }
    }

     

     

    These policy's are completely open! if you only want some traffic to be allowed you need to change them.

     

    Hope this give you some hands 🙂



  • 3.  RE: Problem With Routing Inter Vlan in Juniper SRX220

    Posted 04-30-2015 07:35

    Muhcisimas gracias....!!!! justo tu respuesta fue la acertada!!!


    Thank you very much .... !!!! Your answer was just right !!!Smiley Very Happy



  • 4.  RE: Problem With Routing Inter Vlan in Juniper SRX220

     
    Posted 04-30-2015 13:25
    You are welcome 🙂