06-25-2017 01:13 PM - edited 06-25-2017 01:15 PM
Hi all, I'd like to confirm that my configuration is up to networking best practices. My ISP seems to allocate IPs in a relatively weird way. Regardless, I've set up my ERX to make use of both a static IP I pay for an the public group IP the ISP gives everyone in my neighborhood.
I currently have switch0 (eth1 through 4) masq'ed to eth0.2 for internet using the static IP as allocated by my ISP. To use the group IP, clients will tag their traffic with VLAN 3, which will exit our network through eth0. I've accomplished this by creating the virtual interface switch0.3, and bridging that to eth0. While I bridged switch0.3 and eth0 through the config tree, the equivalent command(s) would be:
configure set interfaces bridge br0 set interfaces switch switch0 vif 3 bridge-group bridge br0 set interfaces interfaces ethernet eth0 bridge-group br0 commit save
TLDR (I know I can write too much, so here's a summary)
VLAN1 inside <--> eth0.2 with static IP
VLAN3 inside <--> br0 <--> VLAN1 outside with group IP
Is a bridge the most efficient/best way to do this? Anyone with more experience have any better ideas?
06-26-2017 06:42 PM
Still looking for suggestions. I think I recall reading that using bridges in most modern networks is frowned upon, being slower or less intelligent(?) than switching. Is this the case?
06-26-2017 06:54 PM - edited 06-26-2017 06:55 PM
This sounds convoluted ... and possibly outright wrong.
This is outright wrong.
If you're paying for a static, you DO NOT need to use DHCP anywhere. To be honest, you probably shouldn't be using those IPs at all, given your purchase of the static (that is - let the DHCP / random IP address go to someone else).
06-26-2017 07:02 PM - edited 06-26-2017 07:03 PM
Yeah...I know it's convoluted, but I want to set up our ERX to make use of both the IP we pay for and the group IP, to [semi-]mask some of our traffic, if we want/need.
I suppose my question wasn't about whether what I set up was necessary, but if it was the best way...is a bridge really the best way to connect a VLAN to a router that's located on the WAN interface on a different VLAN, (and in this case VLAN 1?)
06-26-2017 10:41 PM
The built in switch is VLAN-aware.
You might be able to put all interfaces on switch0, so you don't need the bridge.
The ERX will do its routing between different VLANs, and switching when staying on same VLAN.
06-27-2017 07:20 AM
The switching sounds like something I can handle...I'll investigate when I get home. As for the routing, do you know how I would set that up? It's a little beyond me, but any help would be great; I could probably figure it out, (I would enjoy firguring it out,) if you just gave me the principles of how to set it up.
Thank you again, and we'll see if this works.