ScreenOS Firewalls (NOT SRX)
Reply
Visitor
donvito213
Posts: 10
Registered: ‎12-01-2009
0

SSG5 set all ports on same vlan like ethernet0/0 ?

[ Edited ]

This will be my very first post and yes I'm a newbie here.

 

I have recently replaced a 1U cisco switch (catalyst 3600 series) with a SSG5 with Wifi since I want to start learning how to setup SSG firewalls. 

 

What I would like on the SSG5 is that all the physical ethernet interfaces (ethernet0/1 through ethernet 0/6) be in some sort of "same vlan" (let's call it vlan 100) like the ethernet0/0 interface (with MGT IP address configured) that has 1 uplink to another switch also on the same vlan (100). The reason I want all ports on this SSG5 to be in the same vlan is because we have a PXE and DHCP server on vlan 100 so that any PC plugged into any one of these ports from 0/1-0/6 can automatically get an IP or be able to boot via PXE for Linux kickstart OS deployment.

 

Although if this was just for basic connectivity without need for PXE OS installations, I could just enable DHCP Server on ethernet0/0 and set interface to NAT mode. This leads to another issue where I have configured wireless1 zone (192.168.2.0/24) network and enable DHCP server for wireless clients. The wireless clients just need basic connectivity to browse web but I am not having luck getting the routing working from wireless out to ethernet0/0.

 

If anything sounds confusing from above, please do not hesitate to ask me to clarify things up. :smileyhappy: Thanks in advance! :smileyhappy:

Super Contributor
Moerkholt
Posts: 169
Registered: ‎11-05-2007
0

Re: SSG5 set all ports on same vlan like ethernet0/0 ?

Hi

 

In the SSG5 you can make interfaces member of the same Bridge-Group in this way the will be in the same layer-2

Regards

Hans
JNCIS-FWV

If this worked for you then please flag my post as an "Accepted Solution" so others can benefit from it. A kudo would be nice if you think I earned it
Visitor
donvito213
Posts: 10
Registered: ‎12-01-2009
0

Re: SSG5 set all ports on same vlan like ethernet0/0 ?

Thanks for your reply Hans! Do I need to put all the interfaces in the same zone like "trust" or "untrust" etc?

Super Contributor
arizvi
Posts: 287
Registered: ‎10-21-2008
0

Re: SSG5 set all ports on same vlan like ethernet0/0 ?

Zone setting wil be based on Bgroup.  ALL interfaces inside the bgroup would havethe same zone.

Thanks

Atf

 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.