SRX

 View Only
last person joined: 23 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  How to assign a common gateway IP to two vlans on an SRX4100? This was easy on MX/EX, seems impossible on SRX!

    Posted 11-29-2019 05:52

    Hi,

     

    We need to assign the same gateway IP for two vlans on the same interface of an SRX4100. Also these two vlans should be isolated i.e. block layer2 (frames) going from one vlan to the other.

     

    This was relatively easy to implement on an EX/MX, but we are scratching our heads on how to do this on the SRX4100.  I mean we can't even create a bridge-domain on SRX:

    admin@srx4100# set bridge-domains?
    No valid completions
    {primary:node0}[edit]

     

    We tried different layer2 setups e.g. converting SRX interface to layer 2  trunk and allocating vlans to rib, but again we couldn't find a way to allocate a common gateway IP.

     

    Please see below an example of a working configuration done on MX/EX with common gateway 10.20.0.1/16 for vlans 111 and vlan 112:

     

    admin@MX# show bridge-domains
    BRIDGE-MULTIVLAN-CLIENTS-ACCESS {
    domain-type bridge;
    vlan-id 113;
    no-local-switching;
    interface xe-0/1/4.111;
    interface xe-0/1/4.112;
    routing-interface irb.113;

    admin@MX# show interfaces irb
    unit 113 {
    family inet {
    no-redirects;
    address 10.20.0.1/16;

     

    admin@MX# show interfaces xe-0/1/4
    vlan-tagging;
    encapsulation flexible-ethernet-services;
    unit 111 {
    encapsulation vlan-bridge;
    vlan-id 111;
    }
    unit 112 {
    encapsulation vlan-bridge;
    vlan-id 112;
    }

     

    Note that now the requirement is for two customers and effectively two vlans in our setup. For 100 customers we will need to assign 100 vlans with the same gateway IP.

    Ah and one last note, our ULL switch doesn't support private vlan, so private vlan on switch level is not an option.

     

    Any input/ideas are appreciated. Thanks!


    #SRX4100
    #bridge
    #bridge-domains
    #SRX


  • 2.  RE: How to assign a common gateway IP to two vlans on an SRX4100? This was easy on MX/EX, seems impossible on SRX!

    Posted 11-29-2019 06:59

    Unfortunately as you have seen the bridge domain feature is not implemented on the SRX.

     

    https://apps.juniper.net/feature-explorer/feature-info.html?fKey=1675&fn=Bridge%20domains%20and%20virtual%20switching

     



  • 3.  RE: How to assign a common gateway IP to two vlans on an SRX4100? This was easy on MX/EX, seems impossible on SRX!

    Posted 11-29-2019 07:10

    Thanks for clarifying!

    So no other way for achieving a common gateway for two or more vlans?



  • 4.  RE: How to assign a common gateway IP to two vlans on an SRX4100? This was easy on MX/EX, seems impossible on SRX!
    Best Answer

    Posted 11-29-2019 07:19

    The SRX is basically assuming broadcast domains equal vlans by the time they arrive.  So you would need to bridge the disparate vlans downstream of the SRX if that is where the gateway is going to exist.

     

    You could do the bridge on the downstream mx without a gateway and use the bridge vlan assignment to connect up to the SRX for the common gateway.  Assuming the path works out for that type of arrangement.

     



  • 5.  RE: How to assign a common gateway IP to two vlans on an SRX4100? This was easy on MX/EX, seems impossible on SRX!

    Posted 11-29-2019 07:41

    Thanks. This is where we are heading, utilising the MX as well.



  • 6.  RE: How to assign a common gateway IP to two vlans on an SRX4100? This was easy on MX/EX, seems impossible on SRX!

    Posted 11-29-2019 07:22
    Enable vlan tagging and configure 'family inet' on logical interfaces for each vlan and configure those interfaces in seperate routing-instances.


  • 7.  RE: How to assign a common gateway IP to two vlans on an SRX4100? This was easy on MX/EX, seems impossible on SRX!

    Posted 11-29-2019 07:40

    Yes, for a few customers/vlans it would be great, but we need to be able to accomodate many customers.