Solved

Juniper SRX and router on a stick?

Posted on 2014-01-23
4
1,152 Views
Last Modified: 2014-01-24
HI,

I have a new Juniper SRX router.  I've added multiple ip addresses to a single physical interface.  I want this to be able to route traffic between the networks.  I've attached two screenshots of the ip configuration and for the interface.

Can someone with knowledge of junos let me know if this looks correct?
juninterfaces.PNG
0
Comment
Question by:ts11
  • 2
  • 2
4 Comments
 
LVL 17

Accepted Solution

by:
pergr earned 500 total points
ID: 39806500
First of all, keep in mind that "out of the box" the SRX is a firewall - meaning "flow-based forwarding". If you want to use it as a router, you need to set it to "packet-mode".

As a firewall you would need to configure it to allow all flows.
To set it as a router, configure:

delete security
set security forwarding-options family mpls mode packet-based

commit

Next, with your configuration you have all the networks on the same VLAN (untagged). Normally, with a router on a stick you have each network prefix in its own VLAN.

Still, if you actually have all your subnets in that VLAN, you should be fine.
If not, you configure one "unit" for each vlan.
A unit is a "logical interface", and comparable with a Cisco sub-interface.

You have now "ge-0/0/1.0", which means "unit 0".

Also keep in mind, that will all networks just connected, it routes between these. Perhaps you also want a default route towards the internet.
0
 

Author Comment

by:ts11
ID: 39808103
Thanks for the reply.

Well I kind of wanted to use it as both.  Have ge-0/0/0 as my exposed interface for my public ips/internet.  Then have ge-0/0/1 purely for internal traffic.

So you're saying assign a layer 3 logical interface (in a vlan) to my interface ge-0/0/1 for each network I need to route 192.168.10.X, 192.168.5.X etc?

Yes, I have my default route set.
0
 
LVL 17

Expert Comment

by:pergr
ID: 39808270
This depends on how you have your networks and machines connected on the switch that ge-0/0/1 is connected to.

If they are all in a single VLAN then no change is needed.

However, typically you put each network in a separate VLAN in order to reduce the broadcast traffic in each VLAN.
0
 

Author Comment

by:ts11
ID: 39808300
In my network there is 4 switches (no configuration on them).  If a client pc with the ip address 192.168.10.X wants to connect to say a server on 192.168.20.X, I'd want the traffic to route to 192.168.10.250 on the SRX as the next hop, then be forward out to the server on 192.168.20.X.

I think I might do the method of configuring logical layer 3 vlan interfaces as I have quite a lot of 192.168.X networks and there would like be a lot of broadcast traffic.
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco 4500 - Supervisor cards and licensing 2 47
RV325 Dual Wan Router with SBS2011 6 71
Destination host unreachable 12 71
Stack Switches in IOU  web V22 6 64
New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now