Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Juniper SRX and router on a stick?

Posted on 2014-01-23
4
Medium Priority
?
1,263 Views
Last Modified: 2014-01-24
HI,

I have a new Juniper SRX router.  I've added multiple ip addresses to a single physical interface.  I want this to be able to route traffic between the networks.  I've attached two screenshots of the ip configuration and for the interface.

Can someone with knowledge of junos let me know if this looks correct?
juninterfaces.PNG
0
Comment
Question by:ts11
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 17

Accepted Solution

by:
pergr earned 1500 total points
ID: 39806500
First of all, keep in mind that "out of the box" the SRX is a firewall - meaning "flow-based forwarding". If you want to use it as a router, you need to set it to "packet-mode".

As a firewall you would need to configure it to allow all flows.
To set it as a router, configure:

delete security
set security forwarding-options family mpls mode packet-based

commit

Next, with your configuration you have all the networks on the same VLAN (untagged). Normally, with a router on a stick you have each network prefix in its own VLAN.

Still, if you actually have all your subnets in that VLAN, you should be fine.
If not, you configure one "unit" for each vlan.
A unit is a "logical interface", and comparable with a Cisco sub-interface.

You have now "ge-0/0/1.0", which means "unit 0".

Also keep in mind, that will all networks just connected, it routes between these. Perhaps you also want a default route towards the internet.
0
 

Author Comment

by:ts11
ID: 39808103
Thanks for the reply.

Well I kind of wanted to use it as both.  Have ge-0/0/0 as my exposed interface for my public ips/internet.  Then have ge-0/0/1 purely for internal traffic.

So you're saying assign a layer 3 logical interface (in a vlan) to my interface ge-0/0/1 for each network I need to route 192.168.10.X, 192.168.5.X etc?

Yes, I have my default route set.
0
 
LVL 17

Expert Comment

by:pergr
ID: 39808270
This depends on how you have your networks and machines connected on the switch that ge-0/0/1 is connected to.

If they are all in a single VLAN then no change is needed.

However, typically you put each network in a separate VLAN in order to reduce the broadcast traffic in each VLAN.
0
 

Author Comment

by:ts11
ID: 39808300
In my network there is 4 switches (no configuration on them).  If a client pc with the ip address 192.168.10.X wants to connect to say a server on 192.168.20.X, I'd want the traffic to route to 192.168.10.250 on the SRX as the next hop, then be forward out to the server on 192.168.20.X.

I think I might do the method of configuring logical layer 3 vlan interfaces as I have quite a lot of 192.168.X networks and there would like be a lot of broadcast traffic.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question