SRX

Does anyone have a simple example (or how-to) to configure two SRX240s in a transparent mode cluster? I've done L3 clusters, but can't seem to find a beginning to end example of what an L2 cluster looks like. Any help would be appreciated.

It is very similar to the L3 cluster, only you need to use family bridge on reth interfaces instead of inet and define bridge domains:

 

For data traffic:

user@host# set interfaces reth0 redundant-ether-options redundancy-group 1

user@host# set interfaces reth0 unit 0 family bridge interface-mode access vlan-id 10

user@host# set interfaces reth1 unit 0 family bridge interface-mode access vlan-id 10

user@host# set interface ge-0/0/2 gigether-options redundant-parent reth0

user@host# set interface ge-2/0/2 gigether-options redundant-parent reth0

user@host# set interface ge-0/0/5 gigether-options redundant-parent reth1

user@host# set interface ge-2/0/5 gigether-options redundant-parent reth1

user@host# set bridge-domains test domain-type bridge vlan-id 10

For management:

user@host# set groups node0 interfaces fxp0 unit 0 family bridge interface-mode access vlan-id 20

user@host# set groups node1 interfaces fxp0 unit 0 family bridge interface-mode access vlan-id 20

user@host# set groups node0 interfaces irb unit 0 family inet address 192.168.1.1/24

user@host# set groups node1 interfaces irb unit 0 family inet address 192.168.1.2/24

user@host# set bridge-domains mgmt domain-type bridge vlan-id 20 routing-interface irb.0

user@host# set routing-options static route 0.0.0.0/0 next-hop 192.168.1.254

other configuration should be the same, unless I forgot smth:)

Almost solved....in 11.4 you cannot use fxp0 as a management interface. Not sure how to manage these devices. The configuration you provided for the management piece doesn't seem to work.

There is no fxp0 out-of-band management interface on the SRX100, SRX210, SRX220, SRX240, and SRX650 devices.

From this link:

http://www.juniper.net/techpubs/en_US/junos11.4/information-products/topic-collections/security/software-all/layer-2/index.html?topic-52748.html

In cluster on SRX240 their is the option to use ge-0/0/0 on both devices as "fxp0"  

More info howto configure in the following KB

http://kb.juniper.net/InfoCenter/index?page=content&id=KB15504&smlogin=true

configuring IPs on FXP0 is exactly what I did. It works. Juniper documentation says you can't use fxp0 for out of band management. JTAC sent me a configuration that says to configure an IP on an irb interface. Just couldn't make this work. 

please can you give me an configure how to change from access mode to trunk mode ? please ?

---

@duzgass wrote:

It is very similar to the L3 cluster, only you need to use family bridge on reth interfaces instead of inet and define bridge domains:

 

For data traffic:

user@host# set interfaces reth0 redundant-ether-options redundancy-group 1

user@host# set interfaces reth0 unit 0 family bridge interface-mode access vlan-id 10

user@host# set interfaces reth1 unit 0 family bridge interface-mode access vlan-id 10

user@host# set interface ge-0/0/2 gigether-options redundant-parent reth0

user@host# set interface ge-2/0/2 gigether-options redundant-parent reth0

user@host# set interface ge-0/0/5 gigether-options redundant-parent reth1

user@host# set interface ge-2/0/5 gigether-options redundant-parent reth1

user@host# set bridge-domains test domain-type bridge vlan-id 10

For management:

user@host# set groups node0 interfaces fxp0 unit 0 family bridge interface-mode access vlan-id 20

user@host# set groups node1 interfaces fxp0 unit 0 family bridge interface-mode access vlan-id 20

user@host# set groups node0 interfaces irb unit 0 family inet address 192.168.1.1/24

user@host# set groups node1 interfaces irb unit 0 family inet address 192.168.1.2/24

user@host# set bridge-domains mgmt domain-type bridge vlan-id 20 routing-interface irb.0

user@host# set routing-options static route 0.0.0.0/0 next-hop 192.168.1.254

other configuration should be the same, unless I forgot smth:)

---

please can you give me an configure how to change from access mode to trunk mode ? please ?

For data traffic:
user@host# set interfaces reth0 redundant-ether-options redundancy-group 1user@host# set interfaces reth0 unit 0 family bridge interface-mode access vlan-id 10

user@host# set interfaces reth1 unit 0 family bridge interface-mode access vlan-id 10

In the command you would just need to replace the word access with the word trunk and set the vlans you want the trunk port to carry . It would look something like this:

set interfaces reth1 unit 0 family bridge interface-mode trunk vlan-id-list [10-20]

Also you can use the ? anywhere you are in the Junos to see what options are available (except you won't see the hidden commands that may be too dangerous)

So for example you could do this:

set interfaces reth1 unit 0 family bridge interface-mode ?

Hope this helps

Will someone at juniper respond to this? How the hell do they want us to manage cluster oob if fxp0 can't be assigned IP in transparent mode? I'm yet to find a clear cut documentation.

I think in this case we will use the irb interface as managment interface for Branch Firewalls for High-End i think we can use the same way as L3 Cluster .

set interfaces irb unit 60 family inet address 10.1.20.250/24

set interfaces reth0 redundant-ether-options redundancy-group 1
set interfaces reth0 unit 0 family bridge interface-mode trunk
set interfaces reth0 unit 0 family bridge vlan-id-list 60

set routing-options static route 0.0.0.0/0 next-hop 10.1.20.254

set security zones security-zone TEST interfaces reth0.0

In this Case inband management .

Thanks

Mahmoud