Juniper InterVLAN routing with two switches and multiple VLANS

I was wondering if anyone can help me out and see if my assumptions would work or if there is a better way. Currently, I have two Juniper EX2200 L3 switches. What we want to do is have multiple VLANS on each switch and have them rout to my PAN firewall for internet. Along with having VLAN communicate with each other.

My assumption is that I would create the VLANS on each switch. I would then have a trunk between the two switches. I would then have one of the switches with the L3 interface enabled along with a default gateway to the PAN. The VLANS on the 2nd switch I assume will use the L3 interface on first switch to route out to the PAN. Is this I assume would be the best way to do this?

I would also want to create some sort of redundancy and use spanning tree.

thanks in advance guys!
LVL 3
Sid6_7Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

NetExpert Network Solutions Pte LtdTechnical SpecialistCommented:
Your assumptions are very close to the solution.

Create all VLANs( both L2 and L3) in both switches and make a trunk between switches.

Enable VRRP between these switches to provide redundancy to the users make one switch to be VRRP active(primary) and other one will be standby

If you are going to use single firewall, then connect firewall to the primary juniper switch thru L3 port.

create a default route on the switches pointing towards firewall for the internet traffic.

If you are going to have redundancy firewall, then connect backup one to the secondary switch.
Sid6_7Author Commented:
First of all thank you for the quick response.

"Create all VLANs( both L2 and L3) in both switches and make a trunk between switches."

The L3 on both switches will have the same IP address? oh wait, different IP addresses with the same default route 0.0.0.0/0 to the firewall?

"If you are going to use single firewall, then connect firewall to the primary juniper switch thru L3 port. "

Yes, for now it will be a single firewall. Would i connect the second switch L3 port to the firewall as well? Incase the first switch fails, the VRRP will then route out for the second switch users?
NetExpert Network Solutions Pte LtdTechnical SpecialistCommented:
The L3 on both switches will have the same IP address?   -- oops.. let me rephrase my statement

The L3 on both switches will have same network range and configure VRRP on both switches.

If your firewall supports vlan, then connect both primary and secondary switch into single VLAN. In this scenario, you need to have communication network between firewall to switch ip address on the VLAN instead of the port.

Then you can track the VRRP status on primary and if something happened on primary, VRRP will switchover to secondary .. traffic flow looks like users -- secondary switch -- firewall

Both primary and secondary switch will have default route to firewall; whichever switch is active that will forward data from user to Firewall
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Sid6_7Author Commented:
"If your firewall supports vlan, then connect both primary and secondary switch into single VLAN. In this scenario, you need to have communication network between firewall to switch ip address on the VLAN instead of the port."

ok. So from my understanding each switch will have a trunk port to the firewall and only the VRRP VLAN will trunk out to the firewall? Because the VLANS have L3 communication they will default route out on the VRRP VLAN. Safe to assume? Or am i confused.
NetExpert Network Solutions Pte LtdTechnical SpecialistCommented:
image.jpegI have attached the diagram for your reference

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Sid6_7Author Commented:
thank you so much!  I will try that setup today and get back here.
Sid6_7Author Commented:
Thanks for your help! Unfortunately, i just found out we need a license for the VRRP option. Would it be possible to create another default path on the 2nd switch with a different metric? Would STP help?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Switches / Hubs

From novice to tech pro — start learning today.