SRX

 View Only
last person joined: 4 days ago 

Ask questions and share experiences about the SRX Series.
  • 1.  Anyway to create a bridge interface?

    Posted 08-31-2009 12:46
    Can anybody tell me how to create switch ports on an SRX210? I'm basically looking for the same functionality you can do on an SSG5/20 (ScreenOS), where you would have a bgroup0 that contains all of your interfaces that make up the switchports. Any help would be apprecaited... thanks.
    #srx210
    #Configuring
    #Port
    #switch
    #bgroup0


  • 2.  RE: Anyway to create a bridge interface?
    Best Answer

    Posted 08-31-2009 20:02

    Hi Berto,

     

    L2 Transparent mode (creating bridge domain) is not supported in SRX 210. It only supported in high end SRX i.e. SRX 3400, 3600, 5600, and 5800.

     

    _Ronin 

    Message Edited by _Ronin on 08-31-2009 08:27 PM
    Message Edited by _Ronin on 08-31-2009 08:28 PM

    #Transparent


  • 3.  RE: Anyway to create a bridge interface?

    Posted 09-01-2009 13:08

    Thanks for the info Ronin.... could you by chance also take a look at my reply on this thread? I am still having issues with Dynamic VPN. I am very new to JUNOS, and this forum seems heaven sent if people like you can assist. Thanks again!

     

    http://forums.juniper.net/jnet/board/message?board.id=srx&message.id=344#M344



  • 4.  RE: Anyway to create a bridge interface?

     
    Posted 09-05-2009 07:22

    I think the discussion may have gone a bit off track..  If you're looking to do transparent mode firewalling like ScreenOS, then yes, that's only available in SRX 3000 and 5000 series.

     

    I believe, however, that you're just looking to emulate a bgroup, like an SSG.  That's actually fairly simple.  Syntax is identical to EX switches.  A ScreenOS bgroup is roughly equivalent to a JUNOS vlan+rvi (routed vlan interface).

     

    An example that will make a bgroup out of the first 4 ports on an SRX210, and assign IP 192.168.1.1/24:

     

    set int ge-0/0/0.0 family ethernet-switching 

    set int ge-0/0/1.0 family ethernet-switching

    set int fe-0/0/2.0 family ethernet-switching

    set int fe-0/0/3.0 family ethernet-switching 

    set vlans default l3-interface vlan.0

    set int vlan.0 family inet addr 192.168.1.1/24

     

    Note that you can't have both family ethernet-switching and family inet configured at the same time on the same interface.  At that point, you'll need to assign vlan.0 to a zone, just like it was a physical interface.



  • 5.  RE: Anyway to create a bridge interface?

    Posted 09-05-2009 14:16
    I thought I read somewhere only Gig ports can run in switching mode!


  • 6.  RE: Anyway to create a bridge interface?

    Posted 09-05-2009 16:24

    I just finished SRX training last week and got my brand shiny new SRX210 (it's kind of like Christmas in summer 🙂

     

    Playing with config's and this one works just great - ge&fe in a bridge group are no problem.



  • 7.  RE: Anyway to create a bridge interface?

    Posted 09-06-2009 13:17

    Smiley Very Happy Your very own 210? You lucky guy!! With IDP license? What's more to wish for?!

     

    Thank you very much for your answer, will try it soon!



  • 8.  RE: Anyway to create a bridge interface?

    Posted 09-08-2009 13:59

    I tried on J-serie PIM and on chassis ports of a srx 210. Works realy cool. Same config as a EX.