So referencing the KB21145 instructions to create this HA cluster with only the 4 available ports, how does one setup the physical cablilng to both the WAN switch and the internal LAN switch? I would think if LAN/WAN/DMZ sub-ints are all off one physical interface, can this port be connected to the internal switch and the management links to external switch or both ports to a single internal switch?
Any diagram would be helpful. Thanks for your support.
hmm intresting i didnt know this could have been done.
The only way possible i can think is for some Juniper switches (or other switches in HA ) also running HA.
It would be have to be configured so if WAN/untrust was ID10 you would need to allocate 4 ports (2 on each device) the juniper would plug into each of the ports and then the switch would plug into the modem / router.
But doing this you must ensure the traffic is coming across tagged
You would need to do the same for the LAN as you have done for the WAN.
DMZ is probably easier to do with one VLAN-ID - unless you need to keep seperate for busines justification
eg DMZ would be VLAN-ID 30 you would assign it an internal ip range of 10.0.0.1/24
You would then use static nat to do a 1 to 1 mapping from the external ip to the internal ip