Switching

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Expand all | Collapse all

How to allow multiple VLAN traffic reach internet on EX2300 directly connected to a Xfinity gateway-router ?

This thread has been viewed 14 times
  • 1.  How to allow multiple VLAN traffic reach internet on EX2300 directly connected to a Xfinity gateway-router ?

    This message was posted by a user wishing to remain anonymous
    Posted 06-02-2022 09:55
    This message was posted by a user wishing to remain anonymous

    Hello,

    I am new to Juniper world and would like to know the answer to the following scenario:

    I have an EX-2300-C switch at home connected behind my xFi gateway (an Xfinity gateway-router device). From the xFi gateway manual i found that all ports on that xFi device are access ports (no way to make them trunk).

    My EX2300 currently has all interfaces in the default VLAN, ge-0/0/0 is physically connected to xFi gateway and has internet connectivity. ge-0/0/0 is configured as the L3 interface for routing purposes for internal traffic to go outside. What I want is to create multiple VLANs on the switch and have those VLANs reach internet. 

    How can I have multiple VLANs configured on the EX2300-C switch and they all can communicate with the internet with ge-0/0/0 physically connected to xFi gateway ? Is this ideally possible or do i need a router in between so that I can configure ge-0/0/0 as trunk port and the other end of router as trunk port and then have a port on the router configured as uplink that connects to xFi gateway?

    FYI,

    > show vlans extensive

    Routing instance: default-switch
    VLAN Name: default State: Active
    Tag: 1
    Internal index: 2, Generation Index: 2, Origin: Static
    MAC aging time: 300 seconds
    Layer 3 interface: irb.0
    VXLAN Enabled : No
    Interfaces:
    ge-0/0/1.0,untagged,access
    ge-0/0/10.0,untagged,access
    ge-0/0/11.0,untagged,access
    ge-0/0/2.0,untagged,access
    ge-0/0/3.0,untagged,access
    ge-0/0/4.0,untagged,access
    ge-0/0/5.0,untagged,access
    ge-0/0/6.0,untagged,access
    ge-0/0/7.0,untagged,access
    ge-0/0/8.0,untagged,access
    ge-0/0/9.0,untagged,access
    Number of interfaces: Tagged 0 , Untagged 11
    Total MAC count: 0

    > show configuration interfaces ge-0/0/0
    description "Uplink to Xfinity Router";
    unit 0 {
    family inet {
    address 10.0.0.200/24;
    }
    }

    > show route

    inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
    Limit/Threshold: 32768/32768 destinations
    + = Active Route, - = Last Active, * = Both

    0.0.0.0/0 *[Static/5] 4d 07:09:22
    > to 10.0.0.1 via ge-0/0/0.0
    10.0.0.0/24 *[Direct/0] 4d 07:09:22
    > via ge-0/0/0.0
    10.0.0.200/32 *[Local/0] 4d 07:09:22
    Local via ge-0/0/0.0



  • 2.  RE: How to allow multiple VLAN traffic reach internet on EX2300 directly connected to a Xfinity gateway-router ?

    Posted 06-02-2022 19:02
    ideally I would pair a SRX or some type of Firewall with your EX 2300. The  Xfinity gateway-router device doesn't really allow for tagged ( trunked) interfaces or to create L3 sub interfaces. 

    This "do i need a router in between so that I can configure ge-0/0/0 as trunk port and the other end of router as trunk port and then have a port on the router configured as uplink that connects to xFi gateway"  I would say yes. 

    TBH I have a Xfinity GW and its been a minute since I checked the options and features. 

    another route is to build a Hypervisor and load a Virtual FW and connect that your local switch.   at that point you can use an open source FW such as  PF sense. 

    lots of options out there to solve this , just need to evaluate and see which one fits your use case. 

    Victor