Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] How to configure a device for management access in transparent mode

0

0
Article ID: KB23823 KB Last Updated: 22 Dec 2016Version: 2.0 Summary:

This article explains how to configure in-band and out-of-band management access to the SRX device for transparent mode.

Solution:

The IRB interface is the only layer 3 interface when the device is configured in the transparent/bridge mode. It cannot be configured in a security zone; so all the interfaces that are in layer 2 mode will be part of a security zone. The IRB interface will use the ge-0/0/0 interface to perform the routing. It sends ARP requests via all the interfaces and will detect the interface, which gets the response for the IP configured on ge-0/0/0. This is how it communicates on layer 3.

  1. Working configuration for in-band management access of the device in transparent mode:

    CLI configuration:

    Configure IRB and the underlying interface:

    root@# show interfaces | match interfaces | display set
    set interfaces ge-0/0/1 unit 0 family bridge interface-mode access
    set interfaces ge-0/0/1 unit 0 family bridge vlan-id 2
    set interfaces irb unit 0 family inet address 1.1.1.1/24

    Configure the IRB interface to be in the transparent mode:

    root@# show bridge-domains | display set
    set bridge-domains IRB domain-type bridge
    set bridge-domains IRB vlan-id 2
    set bridge-domains IRB routing-interface irb.0
    Enable the HTTP system service for the underlying interface:
    root@# show security zones | display set
    set security zones security-zone trust interfaces ge-0/0/1.0 host-inbound-traffic system-services http
    Note: For Junos 15.1X49 and later release, configuration for IRB interface is different. Please refer to KB31147 - [SRX] Example - Configure Transparent mode on Junos 15.1X49 SRX platform


  2. Working configuration for out-of-band management access of the device in transparent mode:

    The requirement is to use ge-0/0/0 for out-of-band management. Configure ge-0/0/0 interface as family bridge:
    set interfaces ge-0/0/0 unit 0 family bridge interface-mode access
    set interfaces ge-0/0/0 unit 0 family bridge vlan-id 2

    Configure the IRB interface to be in the transparent mode:

          set bridge-domains IRB domain-type bridge
          set bridge-domains IRB vlan-id 2
          set bridge-domains IRB routing-interface irb.0

    Configure the IRB interface with the out-of-band management IP address:
    set interfaces irb unit 0 family inet address 172.22.145.190/24
    Configure the ge-0/0/0 interface under functional-zone management:
    set security zones functional-zone management interfaces ge-0/0/0.0
    host-inbound-traffic system-services all
    Configure the routing-option to add the route for the default gateway:
    set routing-option static route 0.0.0.0/0 next-hop 172.22.145.1
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search