Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Juniper SRX and router on a stick?

Posted on 2014-01-23
4
1,181 Views
Last Modified: 2014-01-24
HI,

I have a new Juniper SRX router.  I've added multiple ip addresses to a single physical interface.  I want this to be able to route traffic between the networks.  I've attached two screenshots of the ip configuration and for the interface.

Can someone with knowledge of junos let me know if this looks correct?
juninterfaces.PNG
0
Comment
Question by:ts11
  • 2
  • 2
4 Comments
 
LVL 17

Accepted Solution

by:
pergr earned 500 total points
ID: 39806500
First of all, keep in mind that "out of the box" the SRX is a firewall - meaning "flow-based forwarding". If you want to use it as a router, you need to set it to "packet-mode".

As a firewall you would need to configure it to allow all flows.
To set it as a router, configure:

delete security
set security forwarding-options family mpls mode packet-based

commit

Next, with your configuration you have all the networks on the same VLAN (untagged). Normally, with a router on a stick you have each network prefix in its own VLAN.

Still, if you actually have all your subnets in that VLAN, you should be fine.
If not, you configure one "unit" for each vlan.
A unit is a "logical interface", and comparable with a Cisco sub-interface.

You have now "ge-0/0/1.0", which means "unit 0".

Also keep in mind, that will all networks just connected, it routes between these. Perhaps you also want a default route towards the internet.
0
 

Author Comment

by:ts11
ID: 39808103
Thanks for the reply.

Well I kind of wanted to use it as both.  Have ge-0/0/0 as my exposed interface for my public ips/internet.  Then have ge-0/0/1 purely for internal traffic.

So you're saying assign a layer 3 logical interface (in a vlan) to my interface ge-0/0/1 for each network I need to route 192.168.10.X, 192.168.5.X etc?

Yes, I have my default route set.
0
 
LVL 17

Expert Comment

by:pergr
ID: 39808270
This depends on how you have your networks and machines connected on the switch that ge-0/0/1 is connected to.

If they are all in a single VLAN then no change is needed.

However, typically you put each network in a separate VLAN in order to reduce the broadcast traffic in each VLAN.
0
 

Author Comment

by:ts11
ID: 39808300
In my network there is 4 switches (no configuration on them).  If a client pc with the ip address 192.168.10.X wants to connect to say a server on 192.168.20.X, I'd want the traffic to route to 192.168.10.250 on the SRX as the next hop, then be forward out to the server on 192.168.20.X.

I think I might do the method of configuring logical layer 3 vlan interfaces as I have quite a lot of 192.168.X networks and there would like be a lot of broadcast traffic.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Routing between two networks? 10 72
WiFi Routers with Guest Network capability 14 72
configure ASA Vlan Interface 14 70
Ping Through ASA Firewall 6 46
In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question