SRX

 View Only
last person joined: 3 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Can SRX get its WAN IP address from dhcp on a irb. fam inet address dhcp ?

    Posted 11-29-2019 08:46

    Short question.
    Can an SRX get its WAN IP address from dhcp on a irb.100 fam inet address dhcp ?
    Working just fine on ge-0/0/0 . What am I missing ? Right now im back to ge-0/0/0 for the SRX uplink.

     

    #show int ge-0/0/0 | display set
    set interfaces ge-0/0/0 unit 0 family inet dhcp

    # show interfaces irb.100 | display set
    set interfaces irb unit 100 description "used to setup srx internet wan edge"
    set interfaces irb unit 100 family inet dhcp force-discover

    # show interfaces ge-0/0/1 | display set
    set interfaces ge-0/0/1 native-vlan-id 100
    set interfaces ge-0/0/1 unit 0 family ethernet-switching interface-mode trunk
    set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members [100 270 370 2000 3000]

    # show security zones security-zone trust | display set
    set security zones security-zone trust screen trust-screen
    set security zones security-zone trust host-inbound-traffic system-services all
    set security zones security-zone trust host-inbound-traffic protocols all
    set security zones security-zone trust interfaces irb.2000
    set security zones security-zone trust interfaces irb.3000
    set security zones security-zone trust interfaces irb.270
    set security zones security-zone trust interfaces irb.370
    set security zones security-zone trust application-tracking

    # show security zones security-zone untrust | display set
    set security zones security-zone untrust screen untrust-screen
    set security zones security-zone untrust host-inbound-traffic system-services ike

    set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services dhcp
    set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services https
    set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ike

    set security zones security-zone untrust interfaces irb.100 host-inbound-traffic system-services dhcp
    set security zones security-zone untrust interfaces irb.100 host-inbound-traffic system-services https
    set security zones security-zone untrust interfaces irb.100 host-inbound-traffic system-services ike

     

    Long story
    Getting my home lab setup and i'm trying to use my srx 320 that I use for a remote access vpn to HQ.
    Right now im wanting to start bulding my JNCIP ENT and SP lab up while getting a litte more SRX experiance.
    Current setup
    ISP--|home ap/router|--SRX320 < Phone/PC/Accesspoint

    Wanted setup
     
                                                  /-[home ap/router]
    ISP -[2300c]--Vlan100 |                                                                         /  Phone
                                              \ -Trunk 100,270,370,2000,3000\--[SRX320]----- Access  point but using MIST EDGE
                                                                                                                       \  PC
    My issue.. I want to trunk 100,270,370,2000,30000 to anf from the SRX. The SRX  is root for a  few vlans  in my lab. I tried this a few times  while marking native vlan-id 100 and the SRX would not get a dyn ip from my home router.

    Going to lab up is-is/ospf/bgp/igmp/ import/export filters to get read for IP level examms.
    I only mention this if anyone can offer any other advice  and understand this is ment to be a little busy of a setup.


    100 being untagged from cablemodem to home ap and SRX
    270,370 used to make adj for multi area multi AS routing protocols
    2000,3000 Company PC and Phone network so I can have resources in other parts of my house.


    #srxirbdhcp


  • 2.  RE: Can SRX get its WAN IP address from dhcp on a irb. fam inet address dhcp ?

     
    Posted 11-30-2019 01:10
    Does this work?

    del interfaces irb unit 100 family inet
    set interfaces irb unit 100 family inet dhcp-client


  • 3.  RE: Can SRX get its WAN IP address from dhcp on a irb. fam inet address dhcp ?
    Best Answer

    Posted 11-30-2019 08:17

    Thanks for the reply. It started getting its IP from the irb.100 with out any modifications..

    Im not 100% sure but it looks like the logs showed it took a while for the SRX to re init to get an address. 

     

    Now my vpn is not coming up..  I will create a new thread on that since SRX is getting its ip address via irb.100 .

     



  • 4.  RE: Can SRX get its WAN IP address from dhcp on a irb. fam inet address dhcp ?

    Posted 11-30-2019 09:59

    Digging through my logs  and time stamps.. I think irb.100 started working when i did a commit full force

     

    Also my vpn tunnel is working .. found a post on jnet srx that reminded me to update under my ike gateway

    set security ike gateway vpn-local-gw external-interface irb.100

     

    Thanks again for taking the time to read and help me out..  Now ON to my labs!!!