?? Why not? If you have more devices that need access to specific vlan zones on the SRX, and you're low on physical interfaces, why not use a switch. This can be extremely handy when bringing trunks into a VMWare server(s). I'm not sure what you're saying about especially in a cluster either - clustering of the firewalls is soley for redundancy in my situation.
If you think there are better options, I'm opened to recommendations. From: Павел Лунин [plu...@senetsy.ru] Sent: Friday, January 06, 2012 5:45 AM To: Paulhamus, Jon Cc: Ben Dale; juniper-nsp@puck.nether.net Subject: Re: [j-nsp] SRX650 cluster - ethernet switching issue BTW, never could understand people running L2 on srx650 coupled with a normal switch. Especially in srx-cluster + ex-vc. What for? 03.01.2012 16:07 пользователь "Paulhamus, Jon" <jpaulha...@iu17.org<mailto:jpaulha...@iu17.org>> написал: Thank you Ben. I did configure MSTP and saw other issues with the config, but I don't believe that I tried VSTP. I'll give that a go this coming weekend. I appreciate your input! ------------------------ -----Original Message----- From: Ben Dale [mailto:bd...@comlinx.com.au<mailto:bd...@comlinx.com.au>] Sent: Monday, January 02, 2012 5:18 AM To: Paulhamus, Jon Cc: juniper-nsp@puck.nether.net<mailto:juniper-nsp@puck.nether.net> Subject: Re: [j-nsp] SRX650 cluster - ethernet switching issue Hi John, > > My issue is that I have 2 trunk links on each firewall passing completely > different VLAN's but when I enable any form of spanning tree, I'm seeing one > of those links blocked (3 out of the 4 links get blocked by STP). I've tried > rstp, stp and mstp - all with the same issue. This is expected behaviour. Neither RSTP nor STP are VLAN-aware, so they simply see a topology containing 3 bridges (SRX, EX, EX-VC) in a loop and block the port "furtherest" from the root bridge. A simple fix would be VSTP (per-VLAN Spanning-Tree), but the SRX platform didn't support it last time I checked. You can use MSTP can solve this issue by allowing multiple forwarding topologies, but it will require specific configuration all three devices - if you simply enable it with defaults, it will behave exactly the same way as RSTP. Plenty of info on the specifics of MSTP can be found here: http://www.juniper.net/techpubs/en_US/junos9.4/topics/example/spanning-trees-ex-series-mstp-configuring.html http://kb.juniper.net/library/CUSTOMERSERVICE/technotes/8010065-001-EN.pdf Good luck! Ben _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net<mailto:juniper-nsp@puck.nether.net> https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
