SRX

 View Only
last person joined: 6 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  SRX Cluster - Using Reth without LACP with Cisco standalone switches

    This message was posted by a user wishing to remain anonymous
    Posted 05-28-2023 07:57
    This message was posted by a user wishing to remain anonymous

    Hi,

    I have the shown design where I have Cisco core switches, two per building and there is no redundancy protocol used to cluster the physical appliances. They are sharing routes via OSPF.

    My main question is about adding the SRX clusters to each building and how to connect them in the best way-knowing that I will be using reth interfaces since we have to do it for clustering, and there is only single links from each firewall to the core. Can I use reth from the Juniper (reth0 and reth1) as shown in the topology without configuring LACP just normal L3 IP address on each reth.

    or I have to use LACP with reth interfaces always?





  • 2.  RE: SRX Cluster - Using Reth without LACP with Cisco standalone switches

    Posted 05-28-2023 12:02

    Not sure, but it looks like you are confusing reth (redundant ethernet) with ae (aggregated ethernet or port channel on Cisco).

    With reth interfaces these are configured as standard single ethernet ports.  The pair are redundant so that one and only one is passing traffic at any time depending on the failover status of the reth group on the SRX.  So with reth interfaces the two cisco side would be configured as standard access or trunk ports and there is no loop because only one is ever active.



    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------



  • 3.  RE: SRX Cluster - Using Reth without LACP with Cisco standalone switches

    This message was posted by a user wishing to remain anonymous
    Posted 05-28-2023 12:08
    This message was posted by a user wishing to remain anonymous

    fair enough, it thought so, just double checking, then I am good to go.