Hi,
I have a SRX 240 Cluster which is already configured and working. At present I have a 4 interfaces configured one for internet, dmz, test lan and office lan.
I have to setup vlans for datacenter.
Management vlan (mgmt) on reth4
Tenant vlans (for eg tenant16,tenant17,tenant18 and so on) on reth5
Management vlan will be trunked through 2 cisco switches and tenant vlans will be trunked through a Netgear Switch.
I have come up with the below config on my SRX 240 cluster.
set chassis cluster reth-count 9
Create redundant interface
set interfaces ge-0/0/7 gigether-options redundant-parent reth4
set interfaces ge-5/0/7 gigether-options redundant-parent reth4
set interfaces ge-0/0/8 gigether-options redundant-parent reth5
set interfaces ge-5/0/8 gigether-options redundant-parent reth5
Monitoring
set chassis cluster redundancy-group 1 interface-monitor ge-0/0/7 weight 255
set chassis cluster redundancy-group 1 interface-monitor ge-5/0/7 weight 255
set chassis cluster redundancy-group 1 interface-monitor ge-0/0/8 weight 255
set chassis cluster redundancy-group 1 interface-monitor ge-5/0/8 weight 255
set interfaces reth4 redundant-ether-options redundancy-group 1
set interfaces reth5 redundant-ether-options redundancy-group 1
set interfaces reth4 vlan-tagging
set interfaces reth4 unit 4000 vlan-id 4000
set interfaces reth4 unit 4000 family inet address 172.16.0.1/24
set security zones security-zone trust interface reth4.4000 Place the vlan created in the trust zone
set interfaces reth4.0 family ethernet-switching vlan port-mode trunk Set the interface in trunk mode to accept multiple vlans.
set interfaces reth4.0 family ethernet-switching vlan members mgmt Selecting all will allow default vlan 1 which has a hugh stp convergence.
OR
set interfaces reth4.0 family ethernet-switching vlan members all Allow all vlans (even future vlans to pass)
set interfaces reth5 vlan-tagging
set interfaces reth5 unit 16 vlan-id 16
set interfaces reth5 unit 16 family inet address 10.0.16.0/24
set interfaces reth5 unit 17 vlan-id 17
set interfaces reth5 unit 17 family inet address 10.0.17.0/24
set interfaces reth5 unit 18 vlan-id 18
set interfaces reth5 unit 18 family inet address 10.0.18.0/24
set security zones security-zone trust interface reth5.16 Place the vlan created in the trust zone
set security zones security-zone trust interface reth5.17
set security zones security-zone trust interface reth5.18
set interfaces reth5.0 family ethernet-switching vlan port-mode trunk Set the interface in trunk mode to accept multiple vlans
set interfaces reth5.0 family ethernet-switching vlan members all Allow all vlans (even future vlans to pass)
I will be configuring trunks on the Cisco and Netgear switches. I have other vlans like 3999 and 3998 on Netgear Switch which dont need to be routed.
Can anyone tell me if I am on the right track? Or do I need changes. Please help.