On 8/1/2011 4:41 PM, Jonathan Lassoff wrote:
On Mon, Aug 1, 2011 at 12:04 AM, Richard Zheng<[email protected]> wrote:
Thanks jof. I see, in production we can make other switches handle the
access and only use srx for firewall. So after setting up reth interface, we
should be able to add vlan-tagging to it, right?
I believe so, but honestly I do this with multiple independent SRXes
rather than reth interfaces. I would presume vlan-tagging will work
with reth interfaces, but I'm not 100% sure.
Yup, reth interfaces can easily handle VLAN-tagging, and in fact can be
configured as either family inet interfaces with tagging (in which case
they will be terminating the Layer 3 for each respective VLAN), or they
can be configured as family bridge with trunking enabled in which case
the device will be operating in transparent mode (a-la bump-in-the-wire
for pure Layer 2 firewalling of the respective VLANs).
HTHs.
Stefan Fouant
JNCIE-ER, JNCIE-M, JNCIE-SEC, JNCI
Technical Trainer, Juniper Networks
http://www.shortestpathfirst.net
http://www.twitter.com/sfouant
_______________________________________________
juniper-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/juniper-nsp
