Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Juniper SRX and router on a stick?

Posted on 2014-01-23
4
Medium Priority
?
1,290 Views
Last Modified: 2014-01-24
HI,

I have a new Juniper SRX router.  I've added multiple ip addresses to a single physical interface.  I want this to be able to route traffic between the networks.  I've attached two screenshots of the ip configuration and for the interface.

Can someone with knowledge of junos let me know if this looks correct?
juninterfaces.PNG
0
Comment
Question by:ts11
  • 2
  • 2
4 Comments
 
LVL 17

Accepted Solution

by:
pergr earned 1500 total points
ID: 39806500
First of all, keep in mind that "out of the box" the SRX is a firewall - meaning "flow-based forwarding". If you want to use it as a router, you need to set it to "packet-mode".

As a firewall you would need to configure it to allow all flows.
To set it as a router, configure:

delete security
set security forwarding-options family mpls mode packet-based

commit

Next, with your configuration you have all the networks on the same VLAN (untagged). Normally, with a router on a stick you have each network prefix in its own VLAN.

Still, if you actually have all your subnets in that VLAN, you should be fine.
If not, you configure one "unit" for each vlan.
A unit is a "logical interface", and comparable with a Cisco sub-interface.

You have now "ge-0/0/1.0", which means "unit 0".

Also keep in mind, that will all networks just connected, it routes between these. Perhaps you also want a default route towards the internet.
0
 

Author Comment

by:ts11
ID: 39808103
Thanks for the reply.

Well I kind of wanted to use it as both.  Have ge-0/0/0 as my exposed interface for my public ips/internet.  Then have ge-0/0/1 purely for internal traffic.

So you're saying assign a layer 3 logical interface (in a vlan) to my interface ge-0/0/1 for each network I need to route 192.168.10.X, 192.168.5.X etc?

Yes, I have my default route set.
0
 
LVL 17

Expert Comment

by:pergr
ID: 39808270
This depends on how you have your networks and machines connected on the switch that ge-0/0/1 is connected to.

If they are all in a single VLAN then no change is needed.

However, typically you put each network in a separate VLAN in order to reduce the broadcast traffic in each VLAN.
0
 

Author Comment

by:ts11
ID: 39808300
In my network there is 4 switches (no configuration on them).  If a client pc with the ip address 192.168.10.X wants to connect to say a server on 192.168.20.X, I'd want the traffic to route to 192.168.10.250 on the SRX as the next hop, then be forward out to the server on 192.168.20.X.

I think I might do the method of configuring logical layer 3 vlan interfaces as I have quite a lot of 192.168.X networks and there would like be a lot of broadcast traffic.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While it is possible to put two routes in place with the secondary having a higher metric, this may not always work. In the event of a failure that does not bring down the physical interface on the router the primary route is not removed. There is a…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

927 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question