When you want multiple interfaces to share the same layer two domain like this you create a bridge for the vlan.
The physical interfaces are layer 2.
The layer 3 gateway is a virtual interface called irb (intgrated routing and bridging)
Only the layer 3 interface is added to the zone
sample
set interfaces irb unit 0 family inet address 192.168.168.1/24
set security zones security-zone internal interfaces irb.0
set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members vlan-internal
set interfaces ge-0/0/5 unit 0 family ethernet-switching vlan members vlan-internal
set vlans vlan-internal vlan-id 3
set vlans vlan-internal l3-interface irb.0
vlan name and id can be whatever makes sense in your environment
------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home------------------------------
Original Message:
Sent: 02-26-2021 11:47
From: SCHUYLER SANDNES
Subject: SRX220 - Configure copper ports for Network Access
Hello,
I work on various firewalls though I have not worked to much on these Juniper SRX's.
I am trying to get port GE-0/0/5 to be part of the same network as PORT GE-0/0/1 so what ever I plug into port GE-0/0/5 it gets the DHCP address from the DHCP scope 192.168.XXX.0/24, then uses 192.168.XXX.1 as its gateway and goes out internet on port GE-0/0/0. Just like a regular old router.. or what I call a Bridge Port on a another router brand I work with.
Could someone please assist me with this configuration? I believe I have all pertinent information below.
Currently I have the following configuring's on my interfaces:
dhcp {
pool 192.168.XXX.0/24 {
address-range low 192.168.XXX.2 high 192.168.XXX.100;
name-server {
8.8.8.8;
}
router {
192.168.XXX.1;
}
}
pool 192.168.YYY.0/24 {
address-range low 192.168.YYY.2 high 192.168.YYY.200;
name-server {
8.8.8.8;
}
router {
192.168.YYY.1;
}
option 156 string "ftpservers=IP_address, country=1, language=1";
}
}
}
ge-0/0/0 {
unit 0 {
family inet {
address XXX.XXX.XXX.XXX/XX; (public address)
}
}
}
ge-0/0/1 {
unit 0 {
family inet {
address 192.168.168.1/24;
}
}
}
ge-0/0/5 {
unit 0 {
family inet {
dhcp;
}
}
zones {
security-zone Internal {
interfaces {
ge-0/0/1.0 {
host-inbound-traffic {
system-services {
ping;
dhcp;
http;
https;
ssh;
telnet;
}
}
}
ge-0/0/2.0 {
host-inbound-traffic {
system-services {
ping;
}
}
}
ge-0/0/4.0;
ge-0/0/7.0;
ge-0/0/6.0;
ge-0/0/5.0;
}
}
security-zone Internet {
host-inbound-traffic {
system-services {
ike;
}
}
interfaces {
ge-1/0/0.0 {
host-inbound-traffic {
system-services {
all;
https;
}
}
}
ge-0/0/0.0;
}
}
security-zone Intercom {
interfaces {
ge-0/0/2.51 {
host-inbound-traffic {
system-services {
ping;
}
}
}
}
}
security-zone VPN;
}
}
------------------------------
SCHUYLER SANDNES
------------------------------