SRX

last person joined: 3 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  Interface Addressing

    Posted 05-24-2012 14:27

    Hi All,

     

    I noticed in the documentation addresses are assigned directly to interfaces. For example:

     

    ge-0/0/1 {
        unit 0 {
            family inet {
                    address 172.31.0.1/16;
            }
        }
    }

    However, I know it is also possible to assign an address to a VLAN and then associate the VLAN with a physical interface. For example:

     

    vlan {
        unit 172 {
            family inet {
                address 172.31.0.1/16;
            }
        }
    }

    In regard to functionality and performance, what factors should I take into consideration before using either method?

     

    Thanks.

     

     

     


     



  • 2.  RE: Interface Addressing

    Posted 05-24-2012 14:44

    The only reason I can think of to use the vlan interface is if you want to use multiple physical ports like a switch for trunking or some other special redundancy or connecting directly to separate physical switches.

     

    Otherwise do a standard interface, you can still add vlan tagging to it if needed.

     

    Someone could correct me if I am wrong.

     

    I know on my branch systems I often create the trust zone as a vlan so I can have 3 ports all for the trust zone to connect multiple switches or to leave a port for lan troubleshooting in the wiring closet.



  • 3.  RE: Interface Addressing
    Best Answer

    Posted 05-24-2012 17:44

    SomeItGuy hit it on the head.  You use a RVI (routed VLAN interface) to create a layer-3 interface on multiple ports in the same bridge-domain (VLAN).  If the interface in question is the only interface in a particular bridge-domain, I would use a layer-3 vlan-tagged sub-inteface.  For example:

     

    single port connecting switch to firewall with multiple vlan-id's for seperate security zones:

     

    interface ge-0/0/0 {

       vlan-tagging;

       unit 10 {

          vlan-id 10;

          family inet {

             address 10.0.10.0/31;

          }

       unit 20

       {

          vlan-id 20;

          family inet {

             address 10.10.20.0/31;

          }

       }

    }

     

    The biggest difference is that a trunk port will pass all layer-2 frames (including broadcast traffic), while the routed port (as shown above) will not pass any layer-2 traffic.

     

    Ron

         



  • 4.  RE: Interface Addressing

    Posted 05-25-2012 06:03

    Hey Guys,

     

    Thanks for the clearing that up!

     

    Lee