Switching

 View Only
last person joined: yesterday 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.
Back to discussions
Expand all | Collapse all

How to allow multiple VLAN traffic reach internet on EX2300 directly connected to a Xfinity gateway-router ?

  • 1.  How to allow multiple VLAN traffic reach internet on EX2300 directly connected to a Xfinity gateway-router ?

    This message was posted by a user wishing to remain anonymous
    Posted 06-02-2022 09:55
    This message was posted by a user wishing to remain anonymous

    Hello,

    I am new to Juniper world and would like to know the answer to the following scenario:

    I have an EX-2300-C switch at home connected behind my xFi gateway (an Xfinity gateway-router device). From the xFi gateway manual i found that all ports on that xFi device are access ports (no way to make them trunk).

    My EX2300 currently has all interfaces in the default VLAN, ge-0/0/0 is physically connected to xFi gateway and has internet connectivity. ge-0/0/0 is configured as the L3 interface for routing purposes for internal traffic to go outside. What I want is to create multiple VLANs on the switch and have those VLANs reach internet. 

    How can I have multiple VLANs configured on the EX2300-C switch and they all can communicate with the internet with ge-0/0/0 physically connected to xFi gateway ? Is this ideally possible or do i need a router in between so that I can configure ge-0/0/0 as trunk port and the other end of router as trunk port and then have a port on the router configured as uplink that connects to xFi gateway?

    FYI,

    > show vlans extensive

    Routing instance: default-switch
    VLAN Name: default State: Active
    Tag: 1
    Internal index: 2, Generation Index: 2, Origin: Static
    MAC aging time: 300 seconds
    Layer 3 interface: irb.0
    VXLAN Enabled : No
    Interfaces:
    ge-0/0/1.0,untagged,access
    ge-0/0/10.0,untagged,access
    ge-0/0/11.0,untagged,access
    ge-0/0/2.0,untagged,access
    ge-0/0/3.0,untagged,access
    ge-0/0/4.0,untagged,access
    ge-0/0/5.0,untagged,access
    ge-0/0/6.0,untagged,access
    ge-0/0/7.0,untagged,access
    ge-0/0/8.0,untagged,access
    ge-0/0/9.0,untagged,access
    Number of interfaces: Tagged 0 , Untagged 11
    Total MAC count: 0

    > show configuration interfaces ge-0/0/0
    description "Uplink to Xfinity Router";
    unit 0 {
    family inet {
    address 10.0.0.200/24;
    }
    }

    > show route

    inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
    Limit/Threshold: 32768/32768 destinations
    + = Active Route, - = Last Active, * = Both

    0.0.0.0/0 *[Static/5] 4d 07:09:22
    > to 10.0.0.1 via ge-0/0/0.0
    10.0.0.0/24 *[Direct/0] 4d 07:09:22
    > via ge-0/0/0.0
    10.0.0.200/32 *[Local/0] 4d 07:09:22
    Local via ge-0/0/0.0



  • 2.  RE: How to allow multiple VLAN traffic reach internet on EX2300 directly connected to a Xfinity gateway-router ?

    Posted 06-02-2022 19:02
    ideally I would pair a SRX or some type of Firewall with your EX 2300. The  Xfinity gateway-router device doesn't really allow for tagged ( trunked) interfaces or to create L3 sub interfaces. 

    This "do i need a router in between so that I can configure ge-0/0/0 as trunk port and the other end of router as trunk port and then have a port on the router configured as uplink that connects to xFi gateway"  I would say yes. 

    TBH I have a Xfinity GW and its been a minute since I checked the options and features. 

    another route is to build a Hypervisor and load a Virtual FW and connect that your local switch.   at that point you can use an open source FW such as  PF sense. 

    lots of options out there to solve this , just need to evaluate and see which one fits your use case. 

    Victor 
    Original Message