SRX

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  SRX as a switch with layer 3 interfaces

    Posted 9 days ago
    Hello,

    I want layer 2 traffic tagged with a 802.1q tag 100 to pass through the SRX transparently towards the device that has its layer 3 gateway IP address configured, is this possible? I am aware I can create an IRB interface and put ports into vlans, however the gateway is not built on the SRX so I do not want to use an IRB interface. Diagram below shows what I am trying to acheieve, vlan 100 is configured on the switch and SRX, then the router WAN-1 has a layer 3 sub interface with vlan 100 encapsulation where the gateway is built.

    MAC addresses are showing on port 8, but nothing on port 5, when I intiate a ping from the VPC "VLAN".



    SRX Config:
    set version 21.1R3.11
    set groups node0 system host-name SRX0_N0
    set groups node0 system services ssh max-sessions-per-connection 64
    set groups node0 system syslog file default-log-messages any info
    set groups node0 system syslog file default-log-messages structured-data
    set groups node1 system host-name SRX0_N1
    set groups node1 system services ssh max-sessions-per-connection 64
    set groups node1 system syslog file default-log-messages any info
    set groups node1 system syslog file default-log-messages structured-data
    set apply-groups "${node}"
    set system root-authentication encrypted-password "$6$iVIc6YFM$dMZhQh4dwPhHfRfOSfuQrWd/xrKlBmGaMMSZW.X7HE1i3D9geUpjgOnBms4dQjnD9Vyc2NeVirjk1QxMxd4kZ0"
    set security policies default-policy permit-all
    set security zones security-zone INTERNET interfaces ge-0/0/3.0 host-inbound-traffic system-services all
    set security zones security-zone LAN interfaces ge-0/0/7.0 host-inbound-traffic system-services all
    set security zones security-zone LAN interfaces ge-0/0/4.0 host-inbound-traffic system-services all
    set interfaces ge-0/0/3 unit 0 family inet address 192.168.1.1/30
    set interfaces ge-0/0/4 unit 0 family ethernet-switching interface-mode trunk
    set interfaces ge-0/0/4 unit 0 family ethernet-switching vlan members vlan-100
    set interfaces ge-0/0/7 unit 0 family ethernet-switching interface-mode trunk
    set interfaces ge-0/0/7 unit 0 family ethernet-switching vlan members vlan-100
    set vlans vlan-100 vlan-id 100​





  • 2.  RE: SRX as a switch with layer 3 interfaces

    Posted 2 days ago

    If you aren't wanting to use any of the firewall features, have you changed to packet mode?  This removes all need of zones and security policies.  Highly HIGHLY recommend you add a RE-Protect filter though.  

    set security forwarding-options family inet6 mode packet-based
    set security forwarding-options family mpls mode packet-based
    set security forwarding-options family iso mode packet-based