Hi, customers are asking me if bridgegroup functionality is available on the the srx devices like they are used to on the ssg's. I wrote something on the subject I think maybe some people here can benefit from:
The srx does not have bridgegroups, but it does support Ethernet switching options on the chassis interfaces. One or more VLAN configs can be configured to fulfill the exact same function as a bridgegroup. To use this solution first a VLAN should be defined:
vlans {
dmz {
vlan-id 100;
l3-interface vlan.100;
}
}
Dmz is just a name for this vlan
The VLAN number is randomly chosen.
The L3-interface will be used to configured the IP settings on.
To enter this config:
set vlans dmz vlan-id 100 l3-interface vlan.100
The definition of the layer 3 interface looks like this:
interfaces {
vlan {
unit 100 {
family inet {
address 10.0.1.1/24;
}
}
}
}
The logical unit number must match the number configured for l3-interface on the vlan definition.
The IP address is just an example of course.
To enter this in the config:
set interfaces vlan unit 100 family inet address 10.0.1.1/24
All what’s left to do is add physical ports to the VLAN and you have multiple ports with one IP. In zone settings etc refer to vlan.100 as interface for this “bridgegroup”.
Adding a port to the vlan:
interfaces {
fe-0/0/2 {
unit 0 {
family ethernet-switching {
vlan {
members dmz;
}
}
}
}
To enter this in the config:
set interfaces fe-0/0/2 unit 0 family ethernet-switching vlan members dmz
Repeat this for every interface you want to add to the group or use the JUNOS copy command. If needed create more VLAN’s!
Don’t forget to commit your config and you’re ready.
Message Edited by Screenie on 09-16-2009 03:25 PM
Message Edited by Screenie on 09-16-2009 09:03 PM
best regards,
Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI
If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
