SRX

 View Only
last person joined: 4 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  How to route via a given Default Gateway by originating VLAN

     
    Posted 2 days ago

    I have 2 WAN interfaces and 2 VLANS, and wish to route VLAN1's internet traffic out of WAN1 and VLAN2 out of WAN2. How can this be achieved please?

    WAN1:  via an IP address on ge-0/0/1.0

    WAN2:  via pp0.0

    VLAN1:  l3-interface irb.1 with IP 192.168.1.1. DHCP served by a local server.

    VLAN2:  l3-interface irb.2 with IP 192.168.2.1. DHCP served by the SRX (320), using the aforementioned IP address for the gateway in the pool.



  • 2.  RE: How to route via a given Default Gateway by originating VLAN

    Posted 2 days ago

    You could place the second WAN/LAN into a virtual router that would have a separate table and security policies.  This kb has an example on how these are configured.

    https://supportportal.juniper.net/s/article/SRX-Getting-Started-Custom-Virtual-Router-Configuration-Example?language=en_US

    Since the two WAN/LAN are separate there is no need to leak routes between the primary and virtual routing instance.  Just have those interfaces assigned to the new virtual router without any contact and it runs separately.



    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------

    Original Message


  • 3.  RE: How to route via a given Default Gateway by originating VLAN

     
    Posted 2 days ago

    @spuluka Thank you Steve. For my needs, pretty simple as they are, would you say this is my best bet, in terms of 'ease' i.e. simplicity, elegance, and configuration and administrative effort, say when compared to Filter Based Forwarding?


    Original Message


  • 4.  RE: How to route via a given Default Gateway by originating VLAN

    Posted 2 days ago

    Yes, I would say that virtual router separation is easier than filter based forwarding for this use case as you want the two domains to be separate.  And the virtual router makes this straight forward and creates two separate routing and mac tables.  This creates two separate routers in the same physical box.

    The filter based forwarding is more for the option where you want to control some routing based on source addresses or other criteria and still have communications between the LANs involved.  The filters allow more specific or complex criteria to match and force the desired direction.



    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------

    Original Message