I've been trying to set up redundant interfaces on the Juniper SSG5 (this model has no redundant interface mode) and I'm wondering if someone can help me determine whether it's actually possible.
I've got the Juniper connected to two core switches, one (switch A) is used as the primary and the other (switch B) the backup in case the primary goes down. The Juniper is used as the gateway for internal hosts using it's eth0/0 and eth0/2 IPs. It's set up like so:
eth0/0 - switch A (WAN)
eth0/1 - switch B (WAN)
eth0/2 - switch A trunk (LAN)
eth0/3 - switch B trunk (LAN)
The two WAN links are in the Untrust zone. The trunks have identical subinterfaces in multiple zones.
Essentially I need a shared IP address between eth0/0 and eth0/1, and between eth0/2.x and eth0/3.x. For instance, both eth2.2 and eth3.2 need to accept packets on the same IP as that IP is used as a gateway for hosts in the LAN.
Using the backup interface feature (Untrust zone only) doesn't seem to be doing anything; the backup (eth0/1) interface is not using the primary (eth0/0) interface's IP or routing when the primary interface is down, even though the logs say the device has failed-over to the backup interface. Although I still need a solution for the LAN interfaces even if I can get this to work.
I'm not sure if there's a way with secondary/MIP/VIP IPs, but I haven't been able to get it to work (none of these features are designed for this purpose, though).
