SRX

last person joined: 3 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  configure reth interface as turnk on SRX240 ?

    Posted 02-04-2014 05:15

    help please i have twoSRX240 i configure them as chassis cluster and this is the configuration i made 

    set version 11.4R7.5
    set groups node0 system host-name srx1
    set groups node0 interfaces fxp0 unit 0 family inet address 10.99.99.1/24
    set groups node1 system host-name srx2
    set groups node1 interfaces fxp0 unit 0 family inet address 10.99.99.2/24
    set apply-groups "${node}"
    set system host-name test-1
    set system root-authentication encrypted-password "$S6by8Pi$jnawFiIE6vCYtVe3sv2IC1"
    set system services ssh
    set system services web-management http
    set system services web-management https system-generated-certificate
    set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
    set chassis cluster reth-count 2
    set chassis cluster redundancy-group 0 node 0 priority 100
    set chassis cluster redundancy-group 0 node 1 priority 1
    set chassis cluster redundancy-group 1 node 0 priority 100
    set chassis cluster redundancy-group 1 node 1 priority 1
    set interfaces ge-0/0/3 gigether-options redundant-parent reth0
    set interfaces ge-0/0/4 gigether-options redundant-parent reth1
    set interfaces ge-5/0/3 gigether-options redundant-parent reth0
    set interfaces ge-5/0/4 gigether-options redundant-parent reth1
    set interfaces fab0 fabric-options member-interfaces ge-0/0/2
    set interfaces fab1 fabric-options member-interfaces ge-5/0/2
    set interfaces reth0 redundant-ether-options redundancy-group 1
    set interfaces reth0 unit 0 family inet address 10.10.10.200/24
    set interfaces reth1 redundant-ether-options redundancy-group 1
    set interfaces reth1 unit 0 family inet
    set security zones security-zone untrust interfaces reth0.0
    set security zones security-zone trust host-inbound-traffic system-services all
    set security zones security-zone trust host-inbound-traffic protocols all
    set security zones security-zone trust interfaces reth1.0

     i need to configure the RETH interfaces as TRUNK to connect them to EX3300 switches , any idea ? please help me ?


    #tag
    #reth
    #chassis
    #cluster
    #trunk
    #SRX240


  • 2.  RE: configure reth interface as turnk on SRX240 ?

     
    Posted 02-04-2014 05:47

    Hello.

     

    Hope this helps:

     

    set interfaces reth1 vlan-tagging
    set interfaces reth1 redundant-ether-options redundancy-group 1
    set interfaces reth1 unit 100 vlan-id 100
    set interfaces reth1 unit 100 family inet address 1.1.1.1/24
    set interfaces reth1 unit 200 vlan-id 200
    set interfaces reth1 unit 200 family inet address 2.2.2.2/24
    

     

     

     

    Regards,

    Sam



  • 3.  RE: configure reth interface as turnk on SRX240 ?

    Posted 02-04-2014 06:00

    i donot need any ip just trunk between reth interfaces on srx and trunk interfaces on ex330 switch Smiley Sad



  • 4.  RE: configure reth interface as turnk on SRX240 ?
    Best Answer

    Posted 02-04-2014 22:29

    hi ,

     

    You should enable ethernet switching on your chassis cluster and then instead of reth interface you will be able to configure the same trunk and access ports as on ex switches.

     

    Please reffer to this kb article: http://kb.juniper.net/InfoCenter/index?page=content&id=KB21422&smlogin=true

     

     



  • 5.  RE: configure reth interface as turnk on SRX240 ?

    Posted 02-06-2014 22:31

    Hi Guys

     

    im sitting with the same problem on 2 x SRX550 - I have 2 x reth interface and im useing vlan tagging. Reth0 is assigned to the untrust zone and Reth1 is assigned to the trust zone.

     

    My Boss requires me to connect to a EX on Reth0, and just TAG the VLANS (L2) on the EX. The L3 interface is actually the Reth0.650 on the FW

     

    so i Tag the port on the EX - "set interface ge-0/0/0.0 family ethernet switching vlan members VLAN650"  then i TRUNK the port the RETH0 connects to on the EX, i then run a ping to the host on ge-0/0/0 and i get no joy. the Host defualt gateway is the reth0.650. I do get an arp though for the host, but i cant ping it.

     

    My question is - with the SWFAB interfaces, once ive connected them up, do i need to then get a second pair of cables to create the actual trunk between the switch and the FW?

     

    I saw some config that looked like this - will it work? on the version ive got, (12.1) i dont see the command

     

    set inter reth0.0 family ethernet switching port mode trunk vlan member all

     

    This would be ideal

     

    Any help with this would be appreciated