Switching

Hello all,

I was trying to configure switch options on SRX with Junos 11 and I see that access port can be configured as either family "bridge" or "ethernet-switching". Do you know what is the difference between the two?

I am a bit confused as both families seems to be doing the same. I looked through junos documentaiton, but could nor really find an answer:

fe-0/0/5 {
    unit 0 {
        family bridge {
            interface-mode access;
            vlan-id 100;
        }
    }
}



fe-0/0/5 {
    unit 0 {
        family ethernet-switching {
            port-mode access;
            vlan {
                members 100;
            }
        }

I could be wrong, but 'family ethernet-switching' is forcing your port to act like a normal switchport.  Only one logical unit can be configured on the port and it's either in trunk or access mode, to which you can make it a member of one or multiple VLANs depending on the port-mode. 

'family bridge' is used for when you want a port that has more than one logical unit, each with the same or different encapsulations.  For instance, if you have a port that has one unit with 'family inet', but you also need to bridge a specific VLAN into a switching domain on the same SRX - you use 'family bridge' to do this.  We use this in VPN scenarios, mostly.

Evt, thank you for the quick response.

I have made some test with different confiuration and observed the following:

1.It is acutally the other way round. When a port is configured in "bridge" mode, it forces the SRX device to work as a transparent switch and you can not configure any ports with "family inet". Basically all ports on the device should be in bridge mode.

2.During normal SRX device operation ports can be configured as either "inet" (routed ports) or "ethernet-switching" (switch ports).

3.You can configure vlan taggin, access and trunk ports under both "bridge" and "ethernet-switching" families.

4.EX switches do not have "bridge" family.

5.SRX Junos 10 did not have a "bridge" family, but it appeared after upgrade to Junos 12.

Nevertheless, I still do not understand why to use "bridge" mode, as "ethernet-switching" seems to be doing the same and , unlike bride allows routed interfaces. Also strange that it does not seem to be be explained in the Junos 12 documentation.

I hope someone can help

Hi ,

In SRX , if we just need Layer 2 features (Switching functionality) , we can use "family ethernet-switching" , but this locally switched traffic will not go through the flow module i,e we can not apply any of the security features like policies,nat,ipsec etc . 

SRX supports Transparent mode (Layer 2). Transparent mode provides full security services for Layer 2 bridging capabilities . Layer 2 logical interfaces are created by defining one or more logical units on a physical interface with the family address type bridge. If a physical interface has a bridge family logical interface, it cannot have any other family type in its logical interfaces

For more information, please check  Layer 2 Bridging and Switching Configuration Guide

http://www.juniper.net/techpubs/en_US/junos11.4/information-products/topic-collections/security/software-all/layer-2/index.html

Hope this helps

two years have been past, is there any change on the platform SRX?

on the SRX:

family bridge means:transparent mode, after rebooting , various security features can still be used.

family ethernet-swithing  means: a normal switch,just like EX series,none of secuity feature can be applied.

on bridge mode, IRB can used, just like MX bridge ,can offer layer3 functions; the diffluent between srx and MX is that SRX only have one bridge domain, however on MX there may be more.

on ethernet-switching, there is not layer 3 function , just like layer 2 switch.

right ? right ? pls response to me!

From my understanding, Actually both does the same thing, but just on different devices. They are both used to enable Layer 2 switching. ethernet-switching is applicable to the switches and also works on Branch SRX. family bridge is configured on the high end data center devices.