I just purchased a used SSG5, upgraded the firmware, and now I'd like to set it up as my Firewall/DHCP/VPN. I'm new to Juniper, so please forgive any blatant missteps in terminology.
I am familiar and have done this setup with pFsense and Untangle.
Here is how I would like my LAN (trusted) interface configured
et0.2 1 10.0.0.0/24 - SSG5, cisco switch (already configured for VLAN100 and 200)
eth0.2.100 VLAN100 = 192.168.1.0/24 - secured
eth0.2.200 VLAN200 = 192.168.2.0/24 - guest
I’m having issues configuring the interfaces. Based on what I read, here is what I have:
ethernet0/0 WAN (cable modem) untrusted
ethernet0/1 WAN2 (iphone tether backup in case WAN1 goes down) untrusted
bgroup0 DHCP 10.0.0.1/24 (what is configured and lets me connect)
ethernet0/2 - 0/6 part of bgroup0
I created a bgroup0.1 sub interface and configured it to VLAN100; When I tried to also add a VLAN 100, I got a “set interface "vlan100" zone "vlan" unknown keyword vlan100”
I created bgroup0.2 and tried to have it be associated with 192.168.2.0/24 and I got the following error “ip change pre-checking failed. Interface: Illegal overlapping subnet”
Questions:
How do I configure interfaces correctly? Do I need to add VLAN interfaces? Should my sub interfaces be level 2 or 3?
I assume that after that I need to configure the DHCP servers (which should be easy)
Will I need to do anything to Tag the ports after? If so, how
Thanks again!
