Juniper SRX Layer 2 transperent mode configruration
SRX base on JUNOS, so SRX L2 mode will use Integrated Routing and Bridging Interfaces(aka irb) to work.
Requirements
- From JUNOS 11.1, Layer 2 transparent mode support is available on all SRX platforms.
- SRX100, SRX210, SRX220, SRX240, and SRX650.
- Before JUNOS 11.1, Only SRX3400, SRX3600, SRX5600, and SRX5800 support it.
Basic Config
interfaces {
ge-0/0/0 {
unit 0 {
family bridge {
interface-mode access;
vlan-id 10;
}
}
}
ge-0/0/7 {
unit 0 {
family bridge {
interface-mode access;
vlan-id 10;
}
}
}
irb {
unit 0 {
family inet {
address 172.27.186.63/24;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 172.27.186.1;
}
}
security {
policies {
from-zone trust to-zone untrust {
policy 1 {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
log {
session-init;
session-close;
}
}
}
}
}
log {
mode stream;
format sd-syslog;
source-address 172.27.186.63;
stream test {
host {
172.27.186.57;
}
}
}
zones {
security-zone untrust {
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
dhcp;
tftp;
all;
}
}
}
}
}
security-zone trust {
host-inbound-traffic {
system-services {
all;
}
}
interfaces {
ge-0/0/7.0;
}
}
}
}
bridge-domains {
test {
domain-type bridge;
vlan-id 10;
routing-interface irb.0;
}
}