SRX

Hi, customers are asking me if bridgegroup functionality is available on the the srx devices like they are used to on the ssg's. I wrote something on the subject I think maybe some people here can benefit from:

 

The srx does not have bridgegroups, but it does support Ethernet switching options on the  chassis interfaces. One or more VLAN configs can be configured to fulfill the exact same function as a bridgegroup. To use this solution first a VLAN should be defined:

 

vlans {
    dmz {
        vlan-id 100;
        l3-interface vlan.100;
    }
}

 

Dmz is just a name for this vlan
The VLAN number is randomly chosen.
The L3-interface will be used to configured the IP settings on.

 

To enter this config:

 

set vlans dmz vlan-id 100 l3-interface vlan.100

 

The definition of the layer 3 interface looks like this:

interfaces {
    vlan {
        unit 100 {
                family inet {
                address 10.0.1.1/24;
            }
        }
    }
}

The logical unit number must match the number configured for l3-interface on the vlan definition.
The IP address is just an example of course.

To enter this in the config:

 

set interfaces vlan unit 100 family inet address 10.0.1.1/24

All what’s left to do is add physical ports to the VLAN and you have multiple ports with one IP. In zone settings etc refer to vlan.100 as interface for this “bridgegroup”.

 

Adding a port to the vlan:

 

interfaces {
    fe-0/0/2 {
        unit 0 {
            family ethernet-switching {
                    vlan {
                    members dmz;
                }
            }
        }
    }

To enter this in the config:

set interfaces fe-0/0/2 unit 0 family ethernet-switching vlan members dmz

Repeat this for every interface you want to add to the group or use the JUNOS copy command. If needed create more VLAN’s!

Don’t forget to commit your config and you’re ready.

#bridgegroup
#SRX

Hey Screenie - nice, concise recap!

Thanks for your kind comment (and the kudos) Muttbarker!

Thanks for the great post Screenie! We've tweeted your post as a top #jnetkudos post on our twitter feed!

 

http://twitter.com/JNETCommunity/status/4088053739

One important item to note is that you cannot setup switching from one FPC to another.  For example, I was trying to setup switching from ge-2/0/0 (fiber) to ge-0/0/0 and back to an EX switch using vlans.  Advanced tech support caught this rather quickly, but tier 1 was unable to catch it. 

Hi,

 

One easiest (at least, for me) way to do it i s to use the interfave option of the vlans configuration to add all interfaces you need andnot to use the vlan/membes attribute of the interface.

 

It would be something like:

# show vlans
dmz {
    vlan-id 100;
    interface {
        fe-0/0/4.0;
        fe-0/0/5.0;
    }
    l3-interface vlan.1;
}

 

# show interfaces

fe-0/0/4 {
    unit 0 {
        family ethernet-switching;
    }
}
fe-0/0/5 {
    unit 0 {
        family ethernet-switching;
    }
}

 

 

Anyway, thanks for your information.

 

Regards

just a note on this -- vlan l3 interfaces have an issue on the branch srxs, they don't see or process inbound ip-multicast, so this breaks vrrp and ospf on them, at least until 9.5r3 and 9.6r3 (supposedly)