[j-nsp] srx with ethernet switching and chassis clustering
Stefan Fouant
sfouant at shortestpathfirst.net
Mon Aug 1 17:31:36 EDT 2011
On 8/1/2011 4:41 PM, Jonathan Lassoff wrote:
> On Mon, Aug 1, 2011 at 12:04 AM, Richard Zheng<rzheng at gmail.com> wrote:
>> Thanks jof. I see, in production we can make other switches handle the
>> access and only use srx for firewall. So after setting up reth interface, we
>> should be able to add vlan-tagging to it, right?
>
> I believe so, but honestly I do this with multiple independent SRXes
> rather than reth interfaces. I would presume vlan-tagging will work
> with reth interfaces, but I'm not 100% sure.
Yup, reth interfaces can easily handle VLAN-tagging, and in fact can be
configured as either family inet interfaces with tagging (in which case
they will be terminating the Layer 3 for each respective VLAN), or they
can be configured as family bridge with trunking enabled in which case
the device will be operating in transparent mode (a-la bump-in-the-wire
for pure Layer 2 firewalling of the respective VLANs).
HTHs.
Stefan Fouant
JNCIE-ER, JNCIE-M, JNCIE-SEC, JNCI
Technical Trainer, Juniper Networks
http://www.shortestpathfirst.net
http://www.twitter.com/sfouant
More information about the juniper-nsp
mailing list