I'm trying to NAT off a VLAN trunk directly to public static interface on an SRX-345, is that possible? Do I have to create ge-0/0/0.0 and ge-0/0/0.1 etc for each subnet or something like that, and can I do that on a trunk interface? Here's a diagram of what I'm trying to do:
Okay, I created a trunk on ge-0/0/1.0 and then created 2 VLAN's and added them as members to the trunk interface, but now where do I configure IP's for my VLAN's so that VLAN traffic has a gateway like 10.30.1.1/24 that's reachable from the trunk port traffic, since I'm not defining that on a normal inet interface and the trunk port doesn't seem like it allows multiple per-VLAN IP addresses?
Interestingly, when I started my VLAN configuration I got this message
warning: Interfaces are changed from route mode to mix mode. Please use the command request system reboot on current node or all nodes in case of HA cluster!
So wouldn't I need to somehow change ge-0/0/1.0 to be a routed interface, or am I not understanding?
If you want the ip address of these on the SRX you would change your port from family ethernet switching to family inet.
Then on each subinterface you can put the default gateway address you want.
set interfaces ge-0/0/0 flexible-vlan-tagging set interfaces ge-0/0/0 unit 1 vlan-id 10 set interfaces ge-0/0/0 unit 1 family inet address 10.10.1.1/24 set interfaces ge-0/0/0 unit 2 vlan-id 20 set interfaces ge-0/0/0 unit 2 family inet address 10.20.1.1/24
set interfaces ge-0/0/0 unit 3 vlan-id 30 set interfaces ge-0/0/0 unit 3 family inet address 10.30.1.1/24
Steve Puluka BSEET - Juniper Ambassador IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP) http://puluka.com/home
Okay, but my ge-0/0/0 is my untrust headed to public statics, my ge-0/0/1 is supposed to be the VLAN trunk, so can I add these unit X inet addresses somehow also on the trunk port too? I thought the trunk had to be set ethernet-switching only?