====== Juniper SRX Layer 2 transperent mode configruration ====== SRX base on JUNOS, so SRX L2 mode will use [[http://www.juniper.net/techpubs/software/junos-security/junos-security95/junos-security-swconfig-interfaces-and-routing/understand-irb-section.html#understand-irb-section|Integrated Routing and Bridging Interfaces(aka irb)]] to work. ===== Requirements ===== * From JUNOS 11.1, Layer 2 transparent mode support is available on all SRX platforms. * SRX100, SRX210, SRX220, SRX240, and SRX650. * Before JUNOS 11.1, Only SRX3400, SRX3600, SRX5600, and SRX5800 support it. ===== Basic Config ===== interfaces { ge-0/0/0 { unit 0 { family bridge { interface-mode access; vlan-id 10; } } } ge-0/0/7 { unit 0 { family bridge { interface-mode access; vlan-id 10; } } } irb { unit 0 { family inet { address 172.27.186.63/24; } } } } routing-options { static { route 0.0.0.0/0 next-hop 172.27.186.1; } } security { policies { from-zone trust to-zone untrust { policy 1 { match { source-address any; destination-address any; application any; } then { permit; log { session-init; session-close; } } } } } log { mode stream; format sd-syslog; source-address 172.27.186.63; stream test { host { 172.27.186.57; } } } zones { security-zone untrust { interfaces { ge-0/0/0.0 { host-inbound-traffic { system-services { dhcp; tftp; all; } } } } } security-zone trust { host-inbound-traffic { system-services { all; } } interfaces { ge-0/0/7.0; } } } } bridge-domains { test { domain-type bridge; vlan-id 10; routing-interface irb.0; } }