SRX

last person joined: 5 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  enhanced switching on SRX240

    Posted 09-02-2009 23:53

    Hi,

     

    I'm trying to implement fully-meshed topology using 2 SRX240H (JunOS 9.5R1.8 export) and 2 DELL PC6224 (CISCO IOS-based) switches.

    Each SRX is to be connected to each switch through trunk.

     

    That requires 2 physical interfaces one each SRX to be shared between one logical with units looking into VLANs.

    Physical must support STP (RSTP).

     

    It looks like enhanced switching is what I need, but I can't figure out how it works for SRX. All manuals Ihave found explains this for J-series with uPIMs, which is different to SRX.

     

    Any input is highly appreciated...

     

    Kind regards,

    Vladimir


    #SRX240
    #switching
    #enhanced


  • 2.  RE: enhanced switching on SRX240

    Posted 09-03-2009 00:11

    On SRX240 the 16 onboard ports are capable of operating in switch mode. You do not need to enable "enhanced-switching" on a PIM like you would for J-Series. Other than that, the configuration is similar as on J-Series (which is same as on EX Series). You need to enable interface family ethernet-switching on the interface. Then you would configure under vlan hierarchy to configure your vlan IDs, etc.

     

    -Richard



  • 3.  RE: enhanced switching on SRX240
    Best Answer

    Posted 09-03-2009 01:20

    Thank you so much, Richard!

     

    That helped me and I've ended up with the following configuration:

     

    interfaces {
        ge-0/0/0 {
            unit 0 {
                family ethernet-switching {
                    port-mode trunk;
                    vlan {
                        members [ DMZ Private Management ];
                    }
                }
            }
        }
        ge-0/0/1 {
            unit 0 {
                family ethernet-switching {
                    port-mode trunk;
                    vlan {
                        members [ DMZ Private Management ];
                    }
                }
            }
        }

        ...

        vlan {
            unit 0 {
                family inet {
                    address 202.43.4.254/24;
                }
            }
            unit 1 {
                family inet {
                    address 192.168.101.254/24;
                }
            }
            unit 2 {
                family inet {
                    address 192.168.102.254/24;
                }
            }
        }

    }

    ...

    ethernet-switching-options {
        interfaces {
            ge-0/0/0.0 {
                no-mac-learning;
            }
            ge-0/0/1.0 {
                no-mac-learning;
            }
        }
    }
    vlans {
        DMZ {
            vlan-id 43;
            l3-interface vlan.0;
        }
        Management {
            vlan-id 102;
            l3-interface vlan.2;
        }
        Private {
            vlan-id 101;
            l3-interface vlan.1;
        }
    }

     

    + security configuration.

     

    Another thing I'm not yet sure about is whether this configuration will allow me to apply filters for traffic across VLANs, but that will be my next research.

     

    Thanks again for your input!

     

     

    Cheers,

    Vladimir