Tried to respond inline.
@Michael_WC wrote:
Good morning mriyaz,
Thank you for your advice. It appears configuring it so that the vlan, irb, and the port connected to the modem are all on the same network as the modem itslef then everything works. Clients get out to the internet without issue. I am going to outline the configuration below, but then I have a couple of questions. Networking is by far my forte, but I want to understand why this does/does not work a little bit better. I will say that I based a lot of my configuration of this small office on our home office which is running EX3400s and an SRX. All of the routing happens on the SRX and of course there is NATing occuring on the SRX. Perhaps my expectations were that the Modem would be able to handle the same job the SRX is doing as far as the NAT is concerned, but anyway, I will ask my questions below.
Working configuration:
Modem's local IP address - 192.168.0.1
VLAN configured with a l3-interface of 192.168.0.2
Interface ge-0/0/0 connected to the modem and set to configured VLAN
Client interfaces configured to recieve a DHCP address between 192.168.0.100 and 192.168.0.150 with a gateway of 192.168.0.1
Static route configured as 0/0 next-hop 192.168.0.1
Observations and Questions:
I tested the configuration without the static route as well and it works. I'm assuming there are no static routes needed because the client/vlan/and modem are all on the same network and thus don't need to route across networks. Is this accurate?
[ANS] No, that must be because the clients are already ARPing for the gateway and the EX is just doing plain switching and not routing in this case. So it looks at the destination MAC and forwards packets out of ge-0/0/0. That's how it must be working without the static route.
Since we are not routing within the switch given the above configuration is the irb even needed?
[ANS] You'll need the IRB if you have any other VLAN and need to allow IP communication between VLANs. Note this is independent of the fact that your other VLAN cannot get internet connectivity in this set up.
Again since everything is on the same network we're practically in "dumb switch" mode are we not? I am going to test this later today for my own curiostiy.
[ANS] Switch is doing switching based on destination MAC address, not quite "dumb" though :), I'd call a hub as "dumb".
So, I guess my question is, why is the vlan configuration not working as I expected it to? Is it a route back to the vlan that is missing because the modem doesn't know what to do with the traffic?
[ANS] If possible, on your working setup, just check if the SRX has a return route for the other internal VLANs/networks that it provides internet connectivity. I think that's the only difference here, the modem isn't smart enough to do routing back to the internal networks like an SRX.
On my main network I have 8-9 vlans with a single static route of 0/0 out to the ISPs gateway. All of the routing is happening on the SRX though, the switches just do ethernet-switching. Is this not similar to the configuration I initally had? Is there some "magic" (high tech term there) that the SRX does that it doesn't need additional configuration to route traffic back to the sending client? If I was able to define a route back to the switch from the modem (I'm assuming this would be something like 0.0.0.0/0 next-hop 192.168.0.2 for a return path from the modem to the switch if I was actually able to configure it) would that do what I was originally trying to accomplish?
[ANS] Not really, you need a route like 192.168.162.0/24 with next-hop as 192.168.0.2 (assuming internal network is 192.168.162.0/24 and 192.168.0.2 is the switch interface connecting to modem like before). It's unlikely the modem will have this capability. The reason why you're idea of 0.0.0.0/0 next-hop 192.168.0.2 is incorrect is that doesn't make sense of how the modem will not hit that route for internet traffic? Hope you get what I mean here.
As of right now, to your point mriyaz I don't think I can do multiple vlans on this switch with this modem that would allow all clients regardless of their vlan to get internet access. I may play around with my limited understanding of trunks to see if I can get something going, but since the only way to get things working so far has been to put the vlan on the same network as the modem I don't think trunking will accomplish anything.
[ANS] True, with the current setup, a flat VLAN is what you might be able to make work. Else, I think you will need an SRX in the mix like you do in the working setup :).
Thanks for all the help everyone.
Hope this helps.