Hi - I have an SRX 210 with ge-0/0/0 (untrust) and ge-0/0/1 (trust) configured as family inet with IP addresses assigned. There is a dhcp pool configured with the same subnet as the trust interface. Rather than using a seperate L2 switch plugged into the ge-0/0/1 port for the devices to access the srx and obtain IP addresses from the pool etc. I would like to plug directly into the fe ports. Currently when I look at the config via teh cli the fe ports are not listed but of course they are in the gui.
Please advise how I can do this and if at all possible without reconfiguring the ge-0/0/1 port as this device is in production.
So right now the IP assigned to the ge-0/0/1 interface is 10.1.1.1. There is a dhcp pool set to dish out 10.1.1.x IPs with 10.1.1.1 being the DG. Right now all communications to the lan devices are done through the ge-0/0/1 port which has a L2 switch plugged into it. I want to eliminate the switch and plug lan devices directly into the fe ports.
Right now if i plug anything into a fe port the port comes up but there is no communications to the device. Its like there is no logical link between the fe ports and ge-0/0/1.
Yes, you will need to remove the IP address from the ge interface, else you will receive a commit error. Also you need to place the vlan-interface under the same security-zone you currently have the ge interface and specify DHCP as host-inbound-traffic under that vlan-interface.
Because you mentioned that the SRX in in production, I recommend to schedule a maintenance window for this.
As workaround you could create a new subnet and use this new subnet for this migration (for the vlan-interface). Of course this involves creating a new DHCP pool for this new subnet and security-policies and NAT rules for this new subnet. Once this is done, you could unplug one PC from the switch and connect it directly to the SRX and test if everything works as expected, if so you can move the rest of the PCs. Just keep in mind that they now will be on a different subnet.
Pura Vida from Costa Rica - Mark as Resolved if it applies. Kudos are appreciated too!