SRX

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Expand all | Collapse all

Can SRX get its WAN IP address from dhcp on a irb. fam inet address dhcp ?

Jump to Best Answer
  • 1.  Can SRX get its WAN IP address from dhcp on a irb. fam inet address dhcp ?

    Posted 11-29-2019 08:46

    Short question.
    Can an SRX get its WAN IP address from dhcp on a irb.100 fam inet address dhcp ?
    Working just fine on ge-0/0/0 . What am I missing ? Right now im back to ge-0/0/0 for the SRX uplink.

     

    #show int ge-0/0/0 | display set
    set interfaces ge-0/0/0 unit 0 family inet dhcp

    # show interfaces irb.100 | display set
    set interfaces irb unit 100 description "used to setup srx internet wan edge"
    set interfaces irb unit 100 family inet dhcp force-discover

    # show interfaces ge-0/0/1 | display set
    set interfaces ge-0/0/1 native-vlan-id 100
    set interfaces ge-0/0/1 unit 0 family ethernet-switching interface-mode trunk
    set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members [100 270 370 2000 3000]

    # show security zones security-zone trust | display set
    set security zones security-zone trust screen trust-screen
    set security zones security-zone trust host-inbound-traffic system-services all
    set security zones security-zone trust host-inbound-traffic protocols all
    set security zones security-zone trust interfaces irb.2000
    set security zones security-zone trust interfaces irb.3000
    set security zones security-zone trust interfaces irb.270
    set security zones security-zone trust interfaces irb.370
    set security zones security-zone trust application-tracking

    # show security zones security-zone untrust | display set
    set security zones security-zone untrust screen untrust-screen
    set security zones security-zone untrust host-inbound-traffic system-services ike

    set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services dhcp
    set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services https
    set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ike

    set security zones security-zone untrust interfaces irb.100 host-inbound-traffic system-services dhcp
    set security zones security-zone untrust interfaces irb.100 host-inbound-traffic system-services https
    set security zones security-zone untrust interfaces irb.100 host-inbound-traffic system-services ike

     

    Long story
    Getting my home lab setup and i'm trying to use my srx 320 that I use for a remote access vpn to HQ.
    Right now im wanting to start bulding my JNCIP ENT and SP lab up while getting a litte more SRX experiance.
    Current setup
    ISP--|home ap/router|--SRX320 < Phone/PC/Accesspoint

    Wanted setup
     
                                                  /-[home ap/router]
    ISP -[2300c]--Vlan100 |                                                                         /  Phone
                                              \ -Trunk 100,270,370,2000,3000\--[SRX320]----- Access  point but using MIST EDGE
                                                                                                                       \  PC
    My issue.. I want to trunk 100,270,370,2000,30000 to anf from the SRX. The SRX  is root for a  few vlans  in my lab. I tried this a few times  while marking native vlan-id 100 and the SRX would not get a dyn ip from my home router.

    Going to lab up is-is/ospf/bgp/igmp/ import/export filters to get read for IP level examms.
    I only mention this if anyone can offer any other advice  and understand this is ment to be a little busy of a setup.


    100 being untagged from cablemodem to home ap and SRX
    270,370 used to make adj for multi area multi AS routing protocols
    2000,3000 Company PC and Phone network so I can have resources in other parts of my house.


    #srxirbdhcp


  • 2.  RE: Can SRX get its WAN IP address from dhcp on a irb. fam inet address dhcp ?

     
    Posted 11-30-2019 01:10
    Does this work?

    del interfaces irb unit 100 family inet
    set interfaces irb unit 100 family inet dhcp-client


  • 3.  RE: Can SRX get its WAN IP address from dhcp on a irb. fam inet address dhcp ?
    Best Answer

    Posted 11-30-2019 08:17

    Thanks for the reply. It started getting its IP from the irb.100 with out any modifications..

    Im not 100% sure but it looks like the logs showed it took a while for the SRX to re init to get an address. 

     

    Now my vpn is not coming up..  I will create a new thread on that since SRX is getting its ip address via irb.100 .

     



  • 4.  RE: Can SRX get its WAN IP address from dhcp on a irb. fam inet address dhcp ?

    Posted 11-30-2019 09:59

    Digging through my logs  and time stamps.. I think irb.100 started working when i did a commit full force

     

    Also my vpn tunnel is working .. found a post on jnet srx that reminded me to update under my ike gateway

    set security ike gateway vpn-local-gw external-interface irb.100

     

    Thanks again for taking the time to read and help me out..  Now ON to my labs!!!