0

I am having trouble getting multiple IP addresses on the untrust port. I have tried a few different methods, but can't seem to get it to work. Does anyone have a good tutorial that is not easily found or if possible can type up the steps? I don't mind trying to do it through ssh, but would prefer web interface.

Thank you

 fe-0/0/0 {
    unit 0 {
        family inet {
            dhcp {
                update-server;
            }
        }
    }
}

routing-options {
    static {
        route 0.0.0.0/0 next-hop 96.11.173.81;
    }
}

Right now it's setup to receive settings from 'cable modem' through dhcp, but I think it's only getting one IP.

TheLQ
  • 983
  • 4
  • 14
  • 31
Will
  • 1
  • 2

3 Answers3

1

I don't know about through the web interface, but it's simple enough in the cli. You just set the address multiple times.

Here's the commands.

First if you ssh as root you'll need to start the cli.

# cli

Then enter config mode.

> config

Set the config.

set interfaces fe-0/0/1 description External
set interfaces fe-0/0/1 unit 0 family inet address 192.168.1.1/24
set interfaces fe-0/0/1 unit 0 family inet address 192.168.2.1/24
set security zones security-zone untrust interfaces fe-0/0/1.0

Finally save and quit.

commit and-quit

When you run show the config you'll see this:

interfaces {
    fe-0/0/1 {
        description External;
        unit 0 {
            family inet {
                address 192.168.1.1/24;
                address 192.168.2.1/24;
            }
        }
    }
security {
    zones {
        security-zone untrust {
            interfaces {
                fe-0/0/1.0;
            }
        }
    }
}

Naturally, you'll want to replace the IP's and interface names with the ones that you really want to use.

I have not taken into account any routing or security policies. You'll need to add those as well.

So just to put it more simply, the default mode is to add multiple IP addresses. Just issue the set command multiple times. In order to change an IP you have to delete the old one.

bahamat
  • 6,263
  • 24
  • 28
  • When I do this - I lose internet connectivity. Is there a common reason for that? fe-0/0/0.0 - replaced two ips with two of my five routing-options { static { route 0.0.0.0/0 next-hop xx.xx.xxx.xx; } } – Will Feb 01 '11 at 15:24
  • Until you get it set up you should be on the same subnet so that doesn't happen. I would need to see the rest of the config and need to know your computer's IP. Can you attach/post the config? Use `show conf` to get the config file. – bahamat Feb 01 '11 at 20:10
0

Typically you will set one IP and proxy-arp the rest on the interface.... ie:

set security nat proxy-arp interface ge-0/0/0 67.34.52.15/32

SpacemanSpiff
  • 8,753
  • 1
  • 24
  • 35
  • This gives me a syntax error when trying to put in the IP address. Tried ++++++++++++ set security nat proxy-arp interface fe-0/0/0 67.34.52.15/32 -- I replaced the 67 ip with one of my external ips, but not the one that was assigned to the main interface. IE, IP address #2 from my block. root@buzzlebee-dev-01# set security nat proxy-arp interface fe-0/0/0.0 96.11.173.83/32 error: syntax error: 96.11.173.83/32 – Will Feb 01 '11 at 15:44
  • You may not need to add the /32 when you input it, that may be done for you automatically. – SpacemanSpiff Feb 01 '11 at 16:12
0

There's probably a break down here with the syntax check, or a limitation of being unable to set proxy-arp while using a DHCP address.

Proxy-arp addresses need to be members of a subnet bound to the interface in question. Since you're obtaining the address using DHCP, the check portion of commit is probably flagging any address you place in a proxy-arp statement as out of bounds with the subnet configured on the interface.

You will most likely need to migrate to static addressing on your interface, as bahamat outlined.

mcmeel
  • 526
  • 2
  • 6