SRX

View Only

last person joined: yesterday

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

Back to discussions

Expand all | Collapse all

10g on L3, routes needed? SRX550

eugene197302-05-2024 10:18

I have an EOL srx550 with a 10g module in which I intend to connect to a windows PC. Windows ...

eugene197302-10-2024 19:27

Anybody, got ideas? ------------------------------ Adrian Aguinaga B.S.C.M. I.T.T. Tech (Construction ...

1. 10g on L3, routes needed? SRX550

0 Recommend
eugene1973
Posted 02-05-2024 10:18
| view attached

Reply Reply Privately
I have an EOL srx550 with a

10g module in which I intend

to connect to a windows PC.

Windows server in fact.

My problem is to get the 10g

module to communicate with

the network and windows PC

host via the 10g cable. The

cable should not be an issue.



The issue is the 10g module.

I tried setting family inet

and inet6 addresses on the

interface itself. This alone

did not make it pingable on

the network. I get nothing

for the ipv4(total packet

loss).

Next I tried setting

dhcp-client and dhcpv6-client

and the ping for the fe80 was

half baked(¼, ⅛) blah blah.

It said no route to host. With

that said I'm assuming that

if I set some kind of routes

it will start to work. I was

told that this setup will work

with the normal means of the

vlan being an L3 interface that

it would still work. I'm on

an internal zone only and all

interfaces including my 10g

xe-3/0/0.0 interface. I've

included nearly all protocols

but my post does not show my

complete configuration. So

completeness is not the problem.

I think that if someone could

show me how to route my 10g

module in the standard L3 setup

and get it pinging I would be

greatly appreciative. It's my

first time with this task. I

also wonder how routing to

the dhcp(v6)-client might look

too. Is there some other

concepts I'm missing?



My topology is as such.

An ISP wireless gateway->

srx300(might need match code

as in srx550)->Asus wifi

router(dns server)->Asus media

bridge(dns server)->avaya switch

stack->srx550(10g module)->

windows server .



It's more difficult to get

the 10g module pingable by

the entire network since this

is an L3 environment. My first

part of the plan is code in

each srx first. I'll worry

about the other devices later.

Also I'm unfamiliar with sfp+

and the netcard getting its

own ip addresses from dhcp.

Does it operate without ip's.

in a two port 10g netcard I

get one side that has no

configurable addressing. I

think. Gotta double check.

dhcp-local-server {

dhcpv6 {

liveness-detection {

method {

bfd {

minimum-interval 120000;

session-mode multihop;

holddown-interval 30000;

}

}

}

reconfigure {

strict;

clear-on-abort;

attempts 5;

}

overrides {

rapid-commit;

process-inform {

pool pool1;

}

delegated-pool pool2;

}

group group-for-pooling-lo {

interface lo0.0;

}

   group group-for-pooling {

interface ge-0/0/0.0;

interface vlan.1;

}

group group-for-pooling-1 {

interface ge-0/0/1.0;

}

group group-for-pooling-2 {

interface ge-0/0/2.0;

}

group group-for-pooling-3 {

interface ge-0/0/3.0;

}

group group-for-pooling-4 {

interface ge-0/0/4.0;

}

group group-for-pooling-5 {

interface ge-0/0/5.0;

}

group group-for-pooling-6 {

interface ge-0/0/6.0;

}

group group-for-pooling-7 {

interface ge-0/0/7.0;

}

group group-for-pooling-8 {

interface ge-0/0/8.0;

}

group group-for-pooling-9 {

interface ge-0/0/9.0;

}

group group-for-pooling-10g {

interface xe-3/0/0.0;

}

}

liveness-detection {

method {

bfd {

minimum-interval 120000;

session-mode multihop;

holddown-interval 30000;

}

}

}

overrides {

process-inform {

pool jweb-default-pool;

}

}

group lo {

interface lo0.0;

}

group default-group {

interface ge-0/0/0.0;

}

group jweb-default-group {

interface ge-0/0/1.0;

}

group jweb-default-group-2 {

interface ge-0/0/2.0;

}

group jweb-default-group-3 {

interface ge-0/0/3.0;

}

group jweb-default-group-4 {

interface ge-0/0/4.0;

}

group jweb-default-group-5 {

interface ge-0/0/5.0;

}

group jweb-default-group-6 {

interface ge-0/0/6.0;

}

group jweb-default-group-7 {

interface ge-0/0/7.0;

}

group jweb-default-group-8 {

interface ge-0/0/8.0;

}

group jweb-default-group-9 {

interface ge-0/0/9.0;

}

group jweb-default-group-10g {

interface xe-3/0/0.0;

}

}

Interfaces

xe-3/0/0 {

vlan-tagging;

speed 10g;

mtu 9192;

link-mode full-duplex;

media-type copper;

gigether-options {

auto-negotiation;

}

unit 0 {

vlan-id 200;

family inet {

address 192.168.1.49/32;

}

family inet6 {

address 2001:xxx:xxxx:xx:564b:8cff:fe4f:be3a/64;

address 2001:xxx:xxxx:xx::49/64;

address 2601:xxx:xxxx:xx:564b:8cff:fe4f:be3a/64;

address 2601:xxx:xxxx:xx::49/64;

address fe80::564b:8cff:fe4f:be3a/64;

}

}

}



routing-options {

I have Static(irb6 too)

routes here but none

address the xe interface.

Do I need them here for

the ip addresses of the

xe so that ping and ALL

traffic will flow to the

xe and to my windows host.

My routes here only

address the gateway and

internal routers(gates).

address-book {



I have nothing about the

xe interface and im assuming

it's not vital enough for

core traffic flow?

nat {



I have everything about my

network here but nothing

for the xe interface. I

assume that it isn't totally

required since this device

the srx is totally internal.

But since it is an interface

assigned ip address that this

might need attention. My vlan

is L3 and is primary.



zones {

security-zone Internal {

screen trust-screen;

host-inbound-traffic {

system-services {

xe-3/0/0.0 {

host-inbound-traffic {

system-services {

all;

bootp {

except;

}

finger {

except;

}

ftp {

except;

}

ident-reset {

except;

}

ike {

except;

}

lsping {

except;

}

   netconf {

except;

}

r2cp {

except;

}

reverse-ssh {

except;

}

reverse-telnet {

except;

}

rlogin {

except;

}

rsh {

except;

}

sip {

except;

}

tftp {

except;

}

xnm-clear-text {

except;

}

xnm-ssl {

except;

}

}

protocols {

all;

bgp {

except;

}

dvmrp {

except;

}

nhrp {

except;

}

pgm {

except;

}

rip {

except;

}

rsvp {

except;

}

vrrp {

except;

}

}

access {

address-assignment {

neighbor-discovery-router-advertisement pool2;

pool jweb-default-pool {

family inet {

network 192.168.1.0/24;

range jweb-default-range {

low 192.168.1.2;

high 192.168.1.254;

}

dhcp-attributes {

maximum-lease-time 86693;

domain-name hsd1.ca.comcast.net;

name-server {

75.75.75.75;

75.75.76.76;

}

router {

192.168.1.1;

192.168.1.40;

}

netbios-node-type m-node;

propagate-settings vlan.1;

option 80 flag true;

}

}

}

pool pool1 {

family inet6 {

I'm assuming that access is

not necessary, but this might

be a wise option.



vlans {

vlan1 {

vlan-id 200;

l3-interface vlan.1;

}

}

It's more difficult to get

the 10g module pingable by

the entire network since this

is an L3 environment. My first

part of the plan is code in

each srx first. I'll worry

about the other devices later.

------------------------------
Adrian Aguinaga
B.S.C.M. I.T.T. Tech
(Construction Management)
A.A.S. I.T.T. Tech
(Drafting & Design)
------------------------------
2. RE: 10g on L3, routes needed? SRX550

0 Recommend
eugene1973
Posted 02-10-2024 19:27

Reply Reply Privately
Anybody, got ideas?

------------------------------
Adrian Aguinaga
B.S.C.M. I.T.T. Tech
(Construction Management)
A.A.S. I.T.T. Tech
(Drafting & Design)
------------------------------

Original Message

SRX

10g on L3, routes needed? SRX550

eugene197302-05-2024 10:18

eugene197302-10-2024 19:27

1. 10g on L3, routes needed? SRX550

2. RE: 10g on L3, routes needed? SRX550