My current setup has an SRX with a link into an aggregation switch via a single trunk port. I would like to configure and use the other interfaces on the SRX as layer2 access ports that can be in the same vlan(s) as the ones on the trunk.
jr1.iwc.ig24# show interfaces
ge-0/0/0 {
vlan-tagging;
unit 42 {
vlan-id 42;
family inet {
address 192.168.0.1/24;
}
}
unit 191 {
vlan-id 191;
family inet {
address x.y.z.33/28;
}
}
unit 376 {
encapsulation ppp-over-ether;
vlan-id 376;
}
unit 2000 {
vlan-id 2000;
family inet;
}
}I've configured fe-0/0/0/6 as what I would think an access port on a specific vlan would look like:
fe-0/0/6 {
description "WIFI WAN - VLAN191";
unit 0 {
family ethernet-switching {
vlan {
members dot191;
}
}
}
}VLANS:
j
r1.iwc.ig24# show vlans
dot191 {
vlan-id 191;
}
dot376 {
description DSL_TESTING;
vlan-id 376;
}
dot42 {
vlan-id 42;
}I've set what I think the correct zones should be:
jr1.iwc.ig24# show security zones
security-zone LAN_TRUST {
host-inbound-traffic {
system-services {
ping;
ssh;
http;
}
}
interfaces {
ge-0/0/0.42;
}
}
security-zone WAN_UNTRUST {
host-inbound-traffic {
system-services {
ping;
}
}
interfaces {
pp0.0;
}
}
security-zone WAN_DMZ {
host-inbound-traffic {
system-services {
ping;
traceroute;
}
}
interfaces {
ge-0/0/0.191;
fe-0/0/6.0;
}
}Further trouble shooting:
When I configured l3-interface references from vlans, to vlan.X interface, my DSL worked but the vlan.42 & vlan.191 didn't come up.
interfaces {
ge-0/0/0 {
vlan-tagging;
unit 42 {
vlan-id 42;
}
unit 191 {
vlan-id 191;
}
unit 376 {
encapsulation ppp-over-ether;
vlan-id 376;
}
}
vlan {
unit 42 {
family inet {
address 192.168.42.33/27;
}
}
unit 191 {
family inet {
address 209.112.191.33/28;
}
}
}
}
vlans {
dot191 {
vlan-id 191;
l3-interface vlan.191;
}
dot376 {
description DSL_TESTING;
vlan-id 376;
}
dot42 {
vlan-id 42;
l3-interface vlan.42;
}
}# show interface terse | match vlan vlan.42 up down inet 192.168.0.1/24 vlan.191 up down inet x.y.z.33/28
Everything works well as long as it's plugged into a aggregation switch, but I would like to also utilize the ports on the SRX.
In short "How can I get ge-0/0/0.191 & fe-0/0/6.0 into the same broadcast domain?"
Thanks.
-Sean