SRX Services Gateway
Highlighted
SRX Services Gateway

4port HA Cluster w/ VLAN tagging Diagram?

‎04-30-2014 08:53 AM

So referencing the KB21145 instructions to create this HA cluster with only the 4 available ports, how does one setup the physical cablilng to both the WAN switch and the internal LAN switch? I would think if LAN/WAN/DMZ sub-ints are all off one physical interface, can this port be connected to the internal switch and the management links to external switch or both ports to a single internal switch?

 

Any diagram would be helpful. Thanks for your support.

 

Example:

  • LAN is in VLAN 10
  • WAN is in VLAN 11
  • DMZ-1 is in VLAN 12
  • DMZ-2 is in VLAN 13
  • etc

reth0.1=10.1.1.1 (trusted)

reth0.2=220.x.x.x (untrusted)

reth0.3=220.220.216.x (untrusted - DMZ-1)

reth0.4=220.220.217.x (untrusted - DMZ-2)

reth0.5=220.220.218.x (untrusted - DMZ-3)

reth0.6=220.220.219.x (untrusted - DMZ-4)

 

 

1 REPLY 1
Highlighted
SRX Services Gateway

Re: 4port HA Cluster w/ VLAN tagging Diagram?

‎04-30-2014 12:40 PM

hmm intresting i didnt know this could have been done.

 

The only way possible i can think is for some Juniper switches (or other switches in HA ) also running HA.

 

It would be have to be configured so if WAN/untrust was ID10  you would need to allocate 4 ports (2 on each device) the juniper would plug into each of the ports and then the switch would plug into the modem / router.

But doing this you must ensure the traffic is coming across tagged

 

You would need to do the same for the LAN as you have done for the WAN.

 

DMZ is probably easier to do with one VLAN-ID - unless you need to keep seperate for busines justification

eg DMZ would be VLAN-ID 30 you would assign it an internal ip range of 10.0.0.1/24

You would then use static nat to do a 1 to 1 mapping from the external ip to the internal ip

 

Keep the config simple..

Feedback