2) Expanding question one just a bit. Lets say I want VLAN 33 to reach the initial SRX Firewall and then be able to access internet. How would one configure SwitchA -> Firewall -> EX Switch -> Firewall (top)
Why putting a switch between the two firewalls ?
It is a simulation. We often rework these simulations with our spare parts. There are often nested layers of firewalls within a corporate structure.
and why the two firewalls ? are they the same type of SRX ?
The firewalls are all 240 SRXs except for one, which is a 210. I have recently removed one of the firewalls and switches to make it simpler:
[SRX210]
|
[EX3200]
|
[SRX240]
|
[Cisco 3750]
The ex3200 in this scenario is emulating a distribution switch. SRX 210 is emulating the gateway to the internet. The uplink from the ex3200 should be subinterface. For example:
SRX210: (port ge-0/0/1 is link to EX3200)
set interfaces ge-0/0/1 unit 10 vlan-id 10 family inet address 172.19.10.1/24
EX3200: (port ge-0/0/8 is link to SRX210)
set interfaces ge-0/0/8 unit 10 vlan-id 10 family inet address 172.19.10.2/24
In essense this the router on stick using subinterfaces (not RVIs).
This leads into some of my questions.
1) How would I connect the SRX240 to the EX using a subinterface.
EX3200: (port ge-0/0/7 is link to SRX240)
set interfaces ge-0/0/7 unit 10 vlan-id 10 family inet address 172.19.10.???/24
SRX240: (port ge-0/0/15 is link to EX3200)
set interfaces ge-0/0/15 unit 10 vlan-id 10 family inet address 172.19.10.3/24
2) Can a L3 subinterface be configured to connect into a Cisco Switch How would it be configured on the Cisco and SRX 240 side. Can a native VLAN be passed through this trunked port?