Using Juniper EX3300 as a router

Question

Possible Duplicate:
Using the Juniper EX3300 Switch as a router?

So I have a Juniper EX3300 Switch. One of its uplink ports (ge-0/1/0) is connected to my ISP's router. ISP router's port address is xx.xx.xx.109. My switch's IP address is xx.xx.xx.110.

From the switch, I can ping to xx.xx.xx.109 and any other IP in the world. I mean its connected to the Internet.

I connected the port eth0 of a computer (running Ubuntu) to the port ge-0/0/0 of the switch (which in the same VLAN as ge-0/1/0). I configured the port eth0 as follows:

iface eth0 inet static
    address yy.yy.yy.208
    netmask 255.255.255.240
    gateway xx.xx.xx.110

yy.yy.yy.208 is assigned to me by the ISP. So, now I can ping to the switch (xx.xx.xx.110) from this computer. But I can not ping to either xx.xx.xx.109 (ISP router) or any other IP.

I want this computer to be connected to the Internet. What am I doing wrong?

Here are some of the configurations on my switch:

interfaces {
    ge-0/0/0 {
        unit 0 {
            family ethernet-switching;
        }
    }
    .
    .
    .
    ge-0/1/0 {
        ether-options {
            no-auto-negotiation;
            link-mode full-duplex;
            speed {
                1g;
            }
        }
        unit 0 {
            family ethernet-switching {
                port-mode access;
            }
        }
    }
    .
    .
    .
    vlan {
        unit 0 {
            family inet {
                address 10.0.1.1/24;
            }
        }
        unit 1 {
            family inet {
                address xx.xx.xx.110/30;
            }
        }
    }
}
.
.
.
routing-options {
    static {
        route 0.0.0.0/0 {
            next-hop xx.xx.xx.109;
            retain;
        }
    }
}
vlans {
    Cogent {
        vlan-id 3;
        interface {
            ge-0/1/0.0;
            ge-0/0/0.0;
            ge-0/0/1.0;
            ge-0/0/2.0;
            ge-0/0/3.0;
        }
        l3-interface vlan.1;
    }
    TFLan {
        vlan-id 2;
        interface {
            ge-0/0/5.0;
            ge-0/0/6.0;
            ge-0/0/7.0;
            ge-0/0/8.0;
            ge-0/0/9.0;
            ge-0/0/10.0;
            ge-0/0/11.0;
            ge-0/0/12.0;
            ge-0/0/13.0;
            ge-0/0/14.0;
            ge-0/0/15.0;
            ge-0/0/16.0;
            ge-0/0/17.0;
            ge-0/0/18.0;
            ge-0/0/19.0;
            ge-0/0/20.0;
            ge-0/0/21.0;
            ge-0/0/22.0;
            ge-0/0/23.0;
            ge-0/0/4.0;
        }
        l3-interface vlan.0;
    }
}

Stop reposting your question please. You cannot use the EX3300 as a NAT router, stop trying. — SpacemanSpiff, Jun 23 '12 at 22:40
@SpacemanSpiff, look carefully... the problem is not NAT for this particular issue — Mike Pennington, Jun 23 '12 at 23:26
There needs to be someone in your organization who understands IP networking. Really, there's no way around this requirement. (The most obvious problem -- how is that computer supposed to reach its gateway since its gateway is outside its subnet? It would need a gateway to reach the gateway!) — David Schwartz, Jun 24 '12 at 00:08
@MikePennington - even if he fixes the glaring subnetting issue, it's still not going to magically NAT — SpacemanSpiff, Jun 24 '12 at 02:44
@SpacemanSpiff, subnet `10.0.1.0/24` is assigned to l3-interface `vlan.0`. *His Ubuntu machine is on* **`vlan.1`** *(I know this because he said it's on `ge-0/0/0`)*. He put two different subnets (a /30 and /28) in the same vlan — Mike Pennington, Jun 24 '12 at 02:48
@SpacemanSpiff Its working now, without the need of a router. — Richard Whitman, Jun 24 '12 at 14:50
Sure... but you're probably using all public addressing, right? — SpacemanSpiff, Jun 24 '12 at 19:45

score 3 · Accepted Answer · edited Oct 07 '21 at 06:47

3

I want this computer to be connected to the internet. What am I doing wrong?

Summary info

Recalling information from the discussion in Using the Juniper EX3300 as a router:

ge-0/1/0 is assigned a public /30 address by Cogent. For sake of illustration, we will call EX3300's address on this subnet 192.0.2.109/30. Your default gateway is 192.0.2.110/30. From the configuration above, you have assigned ge-0/1/0 to vlan.1 using vlan-id 3.
ge-0/0/0 is also assigned a public IP address. For the sake of argument, this subnet is 192.0.2.208/28. ge-0/0/0's subnet is different than ge-0/1/0. The interface addressing (and a few other things) need to be fixed.

List of items to fix

You can't assign 192.0.2.208/28 to the Ubuntu server. .208 is the subnet adddress, and .223 is the broadcast address. Valid host addresses in this subnet range from 192.0.2.209 to 192.0.2.222 (it doesn't matter that I'm using RFC 5737 addresses here, the subnet math works out the same).
You need l3-interface vlan.1 for your /30 link to the Cogent router; however, you also have the Ubuntu machine in that same subnet on a /28. Now that we have established that the Ubuntu server is in a different subnet than ge-0/1/0, please follow standard internet engineering practices and assign a different vlan to that subnet. Let's call it l3 interface vlan.100 with vlan-id 100 on your EX3300. Assign 192.0.2.209/28 to your vlan.100 on the EX3300 and use it as the default gateway for this new subnet.
Even if you assigned a valid host address to your Ubuntu server (see point 1., above), that server's default gateway must be in the same subnet. Assign 192.0.2.210/28 to the Ubuntu server and make the default gateway 192.0.2.209.

Purely informational material

FYI, We also said that you cannot use private IP addresses (RFC 1918) without NAT (RFC 3022). I see that you have 10.0.1.1/24 assigned to vlan.0. Anything in 10.0.0.0/8 is RFC 1918 space. If these devices need to access the internet, you will need some form of NAT.

May I suggest:

a good book on internet routing; it's geared towards Cisco IOS, but the concepts are still very similar.
a good book on TCP/IP

Best of luck to you in this endeavor.

edited Oct 07 '21 at 06:47

Community

1

answered Jun 23 '12 at 23:00

Mike Pennington

8,266
9
41
86

I don't need the `10.0.1.1/24` devices to access Internet. OK, I did exactly what u said. I created a new `VLAN (4)` and assigned it `xx.xx.xx.209/28`. I assigned the ubuntu server `xx.xx.xx.210/28` and gateway `xx.xx.xx.209`. Now I can ping the `xx.xx.xx.209` (of course) AND `xx.xx.xx.110` (the address of `VLAN 3`). But I still can't get any further than that – Richard Whitman Jun 24 '12 at 03:00
By the way the Cogent router IP is totally different from my assigned IP range. I dont know how to say it, but only the first part of both of them is same. i.e. they both start with 38. but everything is different after that – Richard Whitman Jun 24 '12 at 03:04
Have you verified that Cogent is pointing the next-hop for their /28 routes to `192.0.2.110`? (you will need to replace my example address w/ the real address). Also, can you still ping your default gateway to Cogent from the EX3300? (I'm calling the Cogent gw `192.0.2.109/30`) – Mike Pennington Jun 24 '12 at 03:06
Yes I can ping the cogent gateway from my switch. but not from the ubuntu server. – Richard Whitman Jun 24 '12 at 03:14
If Ubuntu can ping `192.0.2.110` and Cogent cannot ping `192.0.2.209`, then it sounds like Cogent hasn't got their /28 pointed at `192.0.2.110` – Mike Pennington Jun 24 '12 at 03:16
I talked to the people at Cogent and he said that I need to create a default route for xx.xx.xx.208/28 VLAN to 192.0.2.110. – Richard Whitman Jun 24 '12 at 03:23
Ok, I can now ping to my xx.xx.xx.209 address (which is my switch) from my home network. but I can't ping to xx.xx.xx.210 (my ubuntu server). does it tell anything? – Richard Whitman Jun 24 '12 at 03:24
Here is a link to the output from traceroute, from my home network to my ubuntu server (xx.xx.xx.210)... It goes till my router (xx.xx.xx.110). [http://pastebin.com/rSVuJcWi](http://pastebin.com/rSVuJcWi) – Richard Whitman Jun 24 '12 at 03:43
Did you put an ACL on your switch? I cannot ping any of the addresses in question – Mike Pennington Jun 24 '12 at 09:23
let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/3865/discussion-between-richard-whitman-and-mike-pennington) – Richard Whitman Jun 24 '12 at 14:18

Using Juniper EX3300 as a router

1 Answers1

List of items to fix