0

I've got a Juniper SRX220 that I'm trying to connect between our existing network and the new networks on the Juniper side. However, no matter what static route I try and set, traffic doesn't cross between them.

What I'm trying to achieve is routing traffic from one of the wireless vlans onto the existing corporate network, but not route between the guest wireless and corporate network.

The Juniper is connected to

  • 2 x AX411 Access Points (with various working SSIDs on different sub-nets)
  • Our external internet connection

Each of the SSIDs are on different vlans, and connected to the external internet fine (i.e. zones/policies etc are working ok for the new network).

I've configured the default vlan to be 192.168.110.0 so it doesn't clash with our existing network which is 192.168.1.0.

Now, I'm trying to connect the 2 networks together via ge-0/0/6 so that I can route traffic to the 192.168.1.0 network via that interface onto our existing network.

For that, i've got the configuration:

ge-0/0/6 {
    unit 0 {
        family inet {
            address 192.168.111.1/32;
        }
    }
}

To route between the two, I thought I'd only have to add a static route:

set routing-options static route 192.168.1.0/24 next-hop 192.168.111.1

because the cable is connected from the juniper directly into a switch on the other network.

However, looking at the route information, i don't see anything referring to 192.168.1.0:

....
192.168.110.0/24   *[Direct/0] 04:45:41
                    > via vlan.0        
192.168.110.1/32   *[Local/0] 04:45:41
                      Local via vlan.0
192.168.111.1/32   *[Direct/0] 02:14:54
                    > via ge-0/0/6.0
                    [Local/0] 02:14:54
                      Local via ge-0/0/6.0

I tried adding resolve to the static route definition, and this does show the network in the route information

show route
....
192.168.1.0/24     *[Static/5] 00:01:26, metric2 0
                    > to 192.168.111.1 via ge-0/0/6.0

but the forwarding-table doesn't show anything, and I can't ping the 192.168.1.0 network.

Am i missing something fundamental here? Every example I find on adding a static route simply does it with a command similar to the one I've tried.

Mark Fisher
  • 195
  • 1
  • 9
  • Your route doesn't work because the SRX itself is 111.1... you've forwarded traffic back to yourself and therefore it doesn't need a forwarding entry for this, see my answer below to resolve your issue. – SpacemanSpiff Aug 15 '12 at 15:20

1 Answers1

0

Let's keep this straight here...

192.168.110.0/24 via VLAN.0 interface, okay, fine, you should have a bunch of ports configured as family ethernet-switching, wiht no vlan set, since this appears to be the default vlan.

Now... you've configured ge-0/0/6.0 as family inet, with the IP address 192.168.111.1/24. That interface should go to your existing gear, which will also need an interface on 192.168.111.0/24, let's say 192.168.111.2/24.

So, your static route on your SRX should be.... 192.168.1.0/24 next-hop 192.168.111.2. On the OTHER side... you will also need a static route, 192.168.110.0/24 next-hop 192.168.111.1.

Got it? When using static routes, you need them on the gear on both sides.

SpacemanSpiff
  • 8,753
  • 1
  • 24
  • 35
  • thanks for this, the routing helped piece the puzzle together. we had to switch to a vlan rather than family inet as the target router was tagging traffic with a vlan id, and this was causing the route to fail after setting up as you suggested. – Mark Fisher Aug 16 '12 at 10:14
  • alternatively... you could have done... set ge-0/0/6 vlan-tagging unit 0 vlan-id yourvlanhere family inet address blah blah, but creating another vlan and putting the port on that vlan is acceptable too, and lets you add another device to that subnet. – SpacemanSpiff Aug 16 '12 at 12:45