Solved

Juniper SRX and router on a stick?

Posted on 2014-01-23
4
1,207 Views
Last Modified: 2014-01-24
HI,

I have a new Juniper SRX router.  I've added multiple ip addresses to a single physical interface.  I want this to be able to route traffic between the networks.  I've attached two screenshots of the ip configuration and for the interface.

Can someone with knowledge of junos let me know if this looks correct?
juninterfaces.PNG
0
Comment
Question by:ts11
  • 2
  • 2
4 Comments
 
LVL 17

Accepted Solution

by:
pergr earned 500 total points
ID: 39806500
First of all, keep in mind that "out of the box" the SRX is a firewall - meaning "flow-based forwarding". If you want to use it as a router, you need to set it to "packet-mode".

As a firewall you would need to configure it to allow all flows.
To set it as a router, configure:

delete security
set security forwarding-options family mpls mode packet-based

commit

Next, with your configuration you have all the networks on the same VLAN (untagged). Normally, with a router on a stick you have each network prefix in its own VLAN.

Still, if you actually have all your subnets in that VLAN, you should be fine.
If not, you configure one "unit" for each vlan.
A unit is a "logical interface", and comparable with a Cisco sub-interface.

You have now "ge-0/0/1.0", which means "unit 0".

Also keep in mind, that will all networks just connected, it routes between these. Perhaps you also want a default route towards the internet.
0
 

Author Comment

by:ts11
ID: 39808103
Thanks for the reply.

Well I kind of wanted to use it as both.  Have ge-0/0/0 as my exposed interface for my public ips/internet.  Then have ge-0/0/1 purely for internal traffic.

So you're saying assign a layer 3 logical interface (in a vlan) to my interface ge-0/0/1 for each network I need to route 192.168.10.X, 192.168.5.X etc?

Yes, I have my default route set.
0
 
LVL 17

Expert Comment

by:pergr
ID: 39808270
This depends on how you have your networks and machines connected on the switch that ge-0/0/1 is connected to.

If they are all in a single VLAN then no change is needed.

However, typically you put each network in a separate VLAN in order to reduce the broadcast traffic in each VLAN.
0
 

Author Comment

by:ts11
ID: 39808300
In my network there is 4 switches (no configuration on them).  If a client pc with the ip address 192.168.10.X wants to connect to say a server on 192.168.20.X, I'd want the traffic to route to 192.168.10.250 on the SRX as the next hop, then be forward out to the server on 192.168.20.X.

I think I might do the method of configuring logical layer 3 vlan interfaces as I have quite a lot of 192.168.X networks and there would like be a lot of broadcast traffic.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Router assigned IP addresses 18 103
configure ASA Vlan Interface 14 89
SonicWall Max Connection Setting 7 39
Port Forwarding 4 52
We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question