Hi guys,
After googling a bit I came across this post on the forums:
http://forums.juniper.net/t5/SRX-Services-Gateway/Layer-2-and-Layer-3-logical-interfaces-on-same-physical/td-p/245068
I'm having just about same setup where I need to acces 2 vlans coming to an interface where one should be routed/firewalled and second just bridged through the SRX without processing..
they make use of flexible-ethernet-services and vlan-tagging, does not tell me lot I afraid.
then they create routing-instance where they bridge the interfaces.
I created mine setup here I can then access internet(the routed vlan1) from trust zone but I cannot access internet through bridged vlan(though I get ip-adress from dhcp on another side of the firewall(another SRX)):
when testing vlan20 computer is connected to the fe7
I've tried to create a zone where I attached ge0.20 and fe7.20 but it didn't help.
I can ping hosts(and myself) on the same network but cannot access internet through another SRX which delivers dhcp to me.. 😞
here's the code:
show interfaces ge-0/0/0
vlan-tagging;
mtu 1600;
encapsulation flexible-ethernet-services;
unit 1 {
vlan-id 1;
family inet {
dhcp;
}
}
unit 20 {
encapsulation vlan-vpls;
vlan-id 20;
family vpls;
}
show interfaces fe-0/0/7
flexible-vlan-tagging;
native-vlan-id 20;
mtu 1600;
encapsulation extended-vlan-vpls;
unit 20 {
vlan-id 20;
family vpls;
}
show routing-instances
Bridge-vlan20 {
instance-type vpls;
vlan-id 20;
interface ge-0/0/0.20;
interface fe-0/0/7.20;
protocols {
vpls {
no-tunnel-services;
}
}
}
no nat/policy/zones exist for vlan20 as all processing should happen on the first SRX
Any ideas where to look and what to check?
P.S:
the TS also talks about vlan-ccc encapsulation which does not tell me much neither:
SpoilerI ended up using vlan-ccc encapsulation and interface-switch under protocols>connections.
Addition:
I cannot ping local-network on vlan20 only nic-ip