Hi,
We need to assign the same gateway IP for two vlans on the same interface of an SRX4100. Also these two vlans should be isolated i.e. block layer2 (frames) going from one vlan to the other.
This was relatively easy to implement on an EX/MX, but we are scratching our heads on how to do this on the SRX4100. I mean we can't even create a bridge-domain on SRX:
admin@srx4100# set bridge-domains?
No valid completions
{primary:node0}[edit]
We tried different layer2 setups e.g. converting SRX interface to layer 2 trunk and allocating vlans to rib, but again we couldn't find a way to allocate a common gateway IP.
Please see below an example of a working configuration done on MX/EX with common gateway 10.20.0.1/16 for vlans 111 and vlan 112:
admin@MX# show bridge-domains
BRIDGE-MULTIVLAN-CLIENTS-ACCESS {
domain-type bridge;
vlan-id 113;
no-local-switching;
interface xe-0/1/4.111;
interface xe-0/1/4.112;
routing-interface irb.113;
admin@MX# show interfaces irb
unit 113 {
family inet {
no-redirects;
address 10.20.0.1/16;
admin@MX# show interfaces xe-0/1/4
vlan-tagging;
encapsulation flexible-ethernet-services;
unit 111 {
encapsulation vlan-bridge;
vlan-id 111;
}
unit 112 {
encapsulation vlan-bridge;
vlan-id 112;
}
Note that now the requirement is for two customers and effectively two vlans in our setup. For 100 customers we will need to assign 100 vlans with the same gateway IP.
Ah and one last note, our ULL switch doesn't support private vlan, so private vlan on switch level is not an option.
Any input/ideas are appreciated. Thanks!
#SRX4100#bridge#bridge-domains#SRX