SRX

Hi,

i'ts my first post so Hello Everybody :).

I would like to ask if I can configure my srx100 as switch. I need to practice basic switching and have only srx100.

Must security zone exist? I'm not able to connect to device (RVI) without configuring zone and putting there all l3-interfaces. Will srx let mi connect to Cisco switch via trunk connection? Do I have to configure any security options to route traffic among vlans if they are in the same zone ?

Thanks in advance

Pozdrawiam

Mroofka

Hi,

you can force the device in packet mode with this config

security {
    forwarding-options {
        family {
            mpls {
                mode packet-based;
            }
        }
    }

Thiscan't be combined with zones etc since that's flow mode. So the quickest way to to get there is enter config mode in de cli and do it like this:

delete secuirty

set security forwarding-options family mpls mode packet-based

commit

After that all traffic is allowed without security policies and you can practice your switching commands.

Hi,

I asked the same quite a while ago and I was told that there was no packet mode for inet on the srx.

So the only way was to set up all interfaces within the same vlan, set ethernet switching on those interfaces, and allow traffic between the involved zone.

It's not exactly a switch but it will allow devices to communicate on the same lan.

Actually ethernet switching is more of a switch than packet mode.  SRX branch devices contain a switching chip so using ethernet switching has no CPU load while packet mode does.  The disadvantage to trunking on ethernet switching is that it has to be on unit 0 so it can only be assigned to one security zone.

mawr

Hi,

sure the ports are switched when address family ethernet-switching is put on it. But all layer 3 protocols need layer 3 secuirty settings when in flow mode. with mpls packet-mode you don't need to worry about security settings. In that way the switch is better sinulated this way.