SRX

 View Only
last person joined: 15 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  cisco switch connect to SRX 650

    Posted 09-09-2019 10:14

    Hi everyone .

    I have two vlan (10,20) in cisco 2960 switch and connected one port from cisco switch to SRX 650. I configured cisco port switch as trunk .  my question is how can i make inter vlan routing in juniper SRX 650  and i want default gateway for each vlan be in the SRX 650.

    tnx



  • 2.  RE: cisco switch connect to SRX 650

    Posted 09-09-2019 10:28

    Hi Ghasisin,

     

    You can setup the interface like this.

    You only have to assign the ge-0/0/0.10 and ge-0/0/0.20 interfaces to a Security Zone and create a policy which allows traffic between the security zones

     

    interfaces {
        ge-0/0/0 {
            vlan-tagging;
            unit 10 {
                vlan-id 10;
                family inet {
                    address 192.168.10.254/24;
                }
            }
            unit 20 {
                vlan-id 20;
                family inet {
                    address 192.168.20.254/24;
                }
            }
           }

    Regards,

     

    Robbert



  • 3.  RE: cisco switch connect to SRX 650

    Posted 09-09-2019 10:59

    Hi Robert . 

    Many tnx for your respond 

    I'm new  in juniper  .  I've question about layer 2 in  juniper . why we use vlan-tagging again in juniper  , why the port is not as trunk  for accespt vlans that receive  from cisco switch ?

    is it possible to implement  port that connect from SRX 650 to switch like that ?

     

     interfaces {
    fe-0/0/0 {
    unit 0 {
    family ethernet-switching {
    port-mode trunk;
    vlan {
    members [ vlan-100 vlan-110 vlan-120 ];
    }
    }
    }
    }

     



  • 4.  RE: cisco switch connect to SRX 650

    Posted 09-09-2019 11:14

    You can also set a port (or multiple ports) to family ethernet-switching with port mode trunk and assign vlans to them

    But in my opinion it is more config to achieve the same result.

    Especially because you already have a Cisco switch.

     

    Beside of

    interfaces {
    fe-0/0/0 {
    unit 0 {
    family ethernet-switching {
    port-mode trunk;
    vlan {
    members [ vlan-100 vlan-110 vlan-120 ];
    }
    }
    }
    }

    you have to define the vlans and assign l3 interfaces to them

    vlans {
        vlan-100{
            vlan-id 100;
            l3-interface vlan.100;
        }
        vlan-110 {
            vlan-id 110;
            l3-interface vlan.110;
        }
        vlan-120 {
            vlan-id 120;
            l3-interface vlan.120;
        }
    }

    and create the interfaces themselve

    interfaces {
        vlan {
            unit 100 {
                family inet {
                    address 192.168.100.254/24;
                }
            }
            unit 110 {
                family inet {
                    address 192.168.110.254/24;
                }
            }
        }
       unit 120 {
                family inet {
                    address 192.168.120.254/24;
                }
            }
        }
    }

    Regards,

     

    Robbert



  • 5.  RE: cisco switch connect to SRX 650

    Posted 09-09-2019 11:47

    Many tnx



  • 6.  RE: cisco switch connect to SRX 650

    Posted 09-09-2019 11:25

    ghasisin,

     

    Following Robert's configuration is like configuring router-on-a-stick in the Cisco world. It will work for the purposes you explained, however you could also configure the SRX in the way you explained. In that case you need to configure the following:

     

    1. Configure the vlans on the SRX

     

     

    set vlans VLAN-10 vlan-id 10
    set vlans VLAN-20 vlan-id 20

     

     

     

    2. Create Layer 3 interfaces for those vlans

     

     

    set interfaces vlan.10 family inet address 192.168.10.1/24
    set interfaces vlan.20 family inet address 192.168.20.1/24

     

     

    3. Link the L3 interfaces to the vlans

     

     

    set vlans VLAN-10 l3-interface vlan.10
    set vlans VLAN-20 l3-interface vlan.20

     

     

    3. Configure the Trunk port towards the SRX:

     

     

    set interfaces fe-0/0/0 unit 0 family ethernet-switching port-mode trunk vlan members [ VLAN-10 VLAN-20 ]     }

     

     

     



  • 7.  RE: cisco switch connect to SRX 650
    Best Answer

    Posted 09-09-2019 11:40

    tnx robbert and lpaniagua for you responds and explanation



  • 8.  RE: cisco switch connect to SRX 650

    Posted 09-09-2019 11:42

    You are welcome ghasisin!

     



  • 9.  RE: cisco switch connect to SRX 650

    Posted 09-09-2019 12:16

    you are welcome 🙂



  • 10.  RE: cisco switch connect to SRX 650

    Posted 09-10-2019 16:00

    The configuration is correct, just dont forget to add the vlan interfaces (vlan.10 and vlan.20 in lpaniagua's example) in to a security-zone.

     



  • 11.  RE: cisco switch connect to SRX 650

    Posted 09-20-2019 08:03

    tnx