CCNA

thiese are step we need config a srx 240 device work as transparent or layer 2

1- first we need connect to web GUI and config default configuration and set root password

2-interfaces >>> change switch to lyaer 2

3-reboot

4- delete all interfaces config by this command:

delete interfaces

5-now we need 2 interfaces work as bridged. we will config all interfaces step by step

Configure IRB and the underlying interface:

root@# show interfaces | match interfaces | display set
set interfaces ge-0/0/1 unit 0 family bridge interface-mode access
set interfaces ge-0/0/1 unit 0 family bridge vlan-id 2
set interfaces irb unit 0 family inet address 1.1.1.1/24

Configure the IRB interface to be in the transparent mode:

root@# show bridge-domains | display set
set bridge-domains IRB domain-type bridge
set bridge-domains IRB vlan-id 2
set bridge-domains IRB routing-interface irb.0

root@# show security zones | display set
set security zones security-zone trust interfaces ge-0/0/1.0 host-inbound-traffic system-services http

The requirement is to use ge-0/0/0 for out-of-band management. Configure ge-0/0/0 interface as family bridge:

set interfaces ge-0/0/0 unit 0 family bridge interface-mode access
set interfaces ge-0/0/0 unit 0 family bridge vlan-id 2

Configure the IRB interface with the out-of-band management IP address:

set interfaces irb unit 0 family inet address 192.168.1.1/24


Configure the ge-0/0/0 interface under functional-zone management:

set security zones functional-zone management interfaces ge-0/0/0.0
host-inbound-traffic system-services all

Configure the routing-option to add the route for the default gateway:

set routing-option static route 0.0.0.0/0 next-hop 172.16.1.1

• username test ptivilaged 15 password test

privilaged 15 have full control

line c 0-

login local

exit

• IP DHCP excluded-address vlan id

for example

IP dhcp excluded-address 192.168.1.1-

The ip address is config on interface vlan ip

• Ip dhcp pool vlan name

for example

IP DHCP pool vlan 10

network 192.168.1.0. 255.255.255.0

default-router 192.168.1.1

dns-name 8.8.8.8

domain example.com

router rip

network[network id1]

network[network id2]

..

..

..

example:

Router(config)#ip route [ip] [subnetmask]{interface or ip]

example:

Router(config)#ip route 172.16.1.1 255.255.255.0 serial 0/1/0

or

 default route:

Router(config)#ip route 0.0.0.0 0.0.0.0 [interface or ip ]

*********************************

for monitoring:

Router#show ip route

we have 2 type of Ether channel protocol:

• PAGP(port aggregation protocol),cisco
• LACP(link aggregation control protocol),IEEE 802.1 AD

• configuration on switch 1:

switch(config)#interface fastethernet 0/16

switch(config-if)#channel-protocl{PAGP|LACP}

switch(config-if)#channel-group 1 mode {on|auto|desirable}

switch(config-if)#exit

switch(config)#interface fastethernet 0/15

switch(config-if)#channel-protocl{PAGP|LACP}

switch(config-if)#channel-group 1 mode {on|auto|desirable}

switch(config-if)#exit

• configuration on switch 2:

switch(config)#interface fastethernet 0/16

switch(config-if)#channel-protocl{PAGP|LACP}

switch(config-if)#channel-group 1 mode {on|auto|desirable}

switch(config-if)#exit

switch(config)#interface fastethernet 0/15

switch(config-if)#channel-protocl{PAGP|LACP}

switch(config-if)#channel-group 1 mode {on|auto|desirable}

switch(config-if)#exit

switch(config)#interface port-channel 1

switch(config-if)#no shutdown

switch(config-if)#ip address 192.168.1.1 255.255.255.0

• NOTE:ether channel NO. must be the same in both switches

• on all access ports that we want  BPDU Guard and Port fast we will do:

switch(config-if)#spanning-tree port fast

switch(config-if)#spanning-tree bpdu-guard

• First switch:

switch(config)#no spanning-tree vlan 1 priority 4096

switch(config)#spanning -tree vlan 1 root primary

• secend switch:

switch(config)#sapnning -tree vlan 1 root secendary

• Inter VLAN routing by multilayer switch is recommended

example:

•          multilayer switch configuration:

switch(config)#vlan 2

switch(config-vlan)#exit

switch(config)#vlan 3

switch(config-vlan)#exit

switch(config)#interface fastethernet 0/1

switch(config-if)#switchport mode trunk

switch(config-if)#switchport trunk allowed vlan 2,3

switch(config-if)#exit

switch(config)#interface vlan 2

switch(config-if)#no shutdown

switch(config-if)#ip address 192.168.1.1 255.255.255.0

switch(config-if)#exit

switch(config)#interface vlan 3

switch(config-if)#no shudown

switch(config-if)#ip address 192.168.2.1 255.255.255.0

switch(config-if)#exit

switch(config)# ip routing

switch(config)#^z

switch#wr

• Now layer 2 switch configuration:

switch(config)#interface fastethernet 0/1

switch(config-if)#switchport mode trunk

switch(config-if)#switchport trunk allowed vlan 2,3

switch(config-if)#exit

switch(config)#inerface fastethernet 0/6

switch(config-if)#switchport mode access

switch(config-if)#switchport access vlan 2

switch(config-if)#exit

switch(config)#interface fastethernet 0/5

switch(config-if)#switchport mode access

switch(config-if)#switchport access vlan 3

switch(config-if)#exit

switch(config)#^z

switch#wr

Router(config)#interface fastethernet 0/0

Router(config-if)#no shutdown

Router(config-if)#exit

Router(config)#interface fastethernet 0/0.1

Router(config-if)#no shutdown

Router(config-if)#encapsulation dot1q

Router(config-if)#ip address 192.168.1.1 255.255.255.0

Router(config-if)#exit

Router(config)inerface fastethernet 0/0.2

Router(config-if)#no shutdown

Router(config-if)#encapsulation dot1q

Router(config-if)#ip address 192.168.2.1 255.255.255.0

Router(config-if)#exit

Router(config)#^z

Router#wr

• Now switch configuration:

switch(config)#inerface fastethernet 0/1

switch(config-if)#switchport mode trunk

switch(config-if)#switchport trunk allowed vlan 2,3

switch(config-if)#^z

switch#wr