SRX

 View Only
last person joined: 20 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Transparent mode

    Posted 06-16-2017 18:27

    what is the use of bridge-domain in transparent mode ???

    is it to allow communications between different Vlans ??



  • 2.  RE: Transparent mode

     
    Posted 06-17-2017 05:55

    No, bridging-domain basically is a vlan. It's a broadcast domain.



  • 3.  RE: Transparent mode

    Posted 06-17-2017 11:49

    would you please explain why do i need it ?? because my switching experience is from cisco not juniper



  • 4.  RE: Transparent mode

    Posted 06-18-2017 07:20

    Without configuration there is no communcations in or out of any port on the SRX.  So for the ports to pass traffic between them some configuration needs to be applied.

     

    For layer 2 communications you use the bridge domain to link ports together into the same broadcast domain.  this method is required when using transparent mode.  But also an option in standard configurations.

     

    When using ethernet switching you would link the ports using the VLAN configuration method for the version of code installed either "old' style VLAN or new style ELS (enahanced layer 2 services).



  • 5.  RE: Transparent mode

    Posted 06-18-2017 11:53

    How are you Eng/ spuluka

     

    but im confusing because i can assign different vlan for each port , and assign all these Vlans in the bridge domain ::

    >> is that means that these vlans will be able to communicate with each other ???



  • 6.  RE: Transparent mode
    Best Answer

    Posted 06-18-2017 13:06 
    but im confusing because i can assign different vlan for each port , and assign all these Vlans in the bridge domain ::
>> is that means that these vlans will be able to communicate with each other ???

    Yes, that is one usage of a bridge domain.  This is more common on the MX than the SRX.

     

    An example might be multiple trunk ports bringing vlans to the MX.  these naturally have different tags as they share a trunk port to arrive on the MX.  But they come from remote services on the network that are actually in the same broadcast domain.

     

    The bridge domain on the MX contains all of the sub-interfaces with different tags.  And bridges these vlans into the same broadcast domain so they can communication layer 2.

     

    Now with transparent mode on the SRX we have a different case.  Here there can ONLY be a single broadcast domain that is layer 2 transparent to devices outside the SRX.  All interfaces on the SRX in use are put into the bridge domain so they can communicate.  

     

    The IRB interface becomes the mgmt address for the SRX.

     

    And zones are by physical interface so that security policy can be enforced for traffic that remains layer 2 throughout the SRX.