I have a Juniper SRX220 (junos) router where I have configured vlan.1 and vlan.2 with IP 10.0.1.1/24 and 10.0.2.1/24. Now I want to route between these networks. How do I configure that in Junos? I can't figure that out from the manual and it does not work out of the box.
Asked
Active
Viewed 3,415 times
1 Answers
1
Because this is an SRX, there are a number of requirements here.
Step 1:
Define VLANS (think layer 2)
set vlans vlan1 description desktops vlan-id 1 l3-interface vlan.1
set vlans vlan2 description servers vlan-id 2 l3-interface vlan.2
Step 2:
Define L3 interfaces bound to those vlans...
set interfaces vlan unit 1 family inet address 10.0.1.1/24
set interfaces vlan unit 2 family inet addresses 10.0.2.1/24
Step 3:
Place those L3 interfaces into a zone
set security zones security-zone trust interfaces vlan.1
set security zones security-zone trust interfaces vlan.2
Step 4:
Since this is an SRX, you must create a policy permitting intra-zone traffic
set security policies from-zone trust to-zone trust policy trust-to-trust match source-address any destination-address any application any then permit
Step 5:
Set physical interfaces onto that VLAN
set interfaces ge-0/0/0 unit 0 family ethernet switching port-mode access vlan members vlan1
set interfaces ge-0/0/1 unit 0 family ethernet switching port-mode access vlan members vlan2
Step 6:
Plug devices in. Once any interface assigned to that VLAN is physically up, the VLAN interface for that VLAN will come up.
SpacemanSpiff
- 8,733
- 1
- 23
- 35
-
Thanks a million! It was step 4 and step 5 that was missing in my configuration. – rdrmntn Nov 28 '11 at 08:15
-
If you are going to use this device as just a router, you can change the default action to permit instead of drop, FYI. – SpacemanSpiff Nov 29 '11 at 05:23