Jun 24, 2012
tom
No Comments

Using Juniper EX3300 as a router

Question

So I have a Juniper EX3300 Switch. One of its uplink ports (ge-0/1/0) is connected to my ISP’s router. ISP router’s port address is xx.xx.xx.109. My switch’s IP address is xx.xx.xx.110.

From the switch, I can ping to xx.xx.xx.109 and any other IP in the world. I mean its connected to the Internet.

I connected the port eth0 of a computer (running Ubuntu) to the port ge-0/0/0 of the switch (which in the same VLAN as ge-0/1/0). I configured the port eth0 as follows:

iface eth0 inet static
    address yy.yy.yy.208
    netmask 255.255.255.240
    gateway xx.xx.xx.110

yy.yy.yy.208 is assigned to me by the ISP. So, now I can ping to the switch (xx.xx.xx.110) from this computer. But I can not ping to either xx.xx.xx.109 (ISP router) or any other IP.

I want this computer to be connected to the Internet. What am I doing wrong?

Here are some of the configurations on my switch:

interfaces {
    ge-0/0/0 {
        unit 0 {
            family ethernet-switching;
        }
    }
    .
    .
    .
    ge-0/1/0 {
        ether-options {
            no-auto-negotiation;
            link-mode full-duplex;
            speed {
                1g;
            }
        }
        unit 0 {
            family ethernet-switching {
                port-mode access;
            }
        }
    }
    .
    .
    .
    vlan {
        unit 0 {
            family inet {
                address 10.0.1.1/24;
            }
        }
        unit 1 {
            family inet {
                address xx.xx.xx.110/30;
            }
        }
    }
}
.
.
.
routing-options {
    static {
        route 0.0.0.0/0 {
            next-hop xx.xx.xx.109;
            retain;
        }
    }
}
vlans {
    Cogent {
        vlan-id 3;
        interface {
            ge-0/1/0.0;
            ge-0/0/0.0;
            ge-0/0/1.0;
            ge-0/0/2.0;
            ge-0/0/3.0;
        }
        l3-interface vlan.1;
    }
    TFLan {
        vlan-id 2;
        interface {
            ge-0/0/5.0;
            ge-0/0/6.0;
            ge-0/0/7.0;
            ge-0/0/8.0;
            ge-0/0/9.0;
            ge-0/0/10.0;
            ge-0/0/11.0;
            ge-0/0/12.0;
            ge-0/0/13.0;
            ge-0/0/14.0;
            ge-0/0/15.0;
            ge-0/0/16.0;
            ge-0/0/17.0;
            ge-0/0/18.0;
            ge-0/0/19.0;
            ge-0/0/20.0;
            ge-0/0/21.0;
            ge-0/0/22.0;
            ge-0/0/23.0;
            ge-0/0/4.0;
        }
        l3-interface vlan.0;
    }
}
Asked by Richard Whitman

Answer

I want this computer to be connected to the internet. What am I doing wrong?

Summary info

Recalling information from the discussion in Using the Juniper EX3300 as a router:

  • ge-0/1/0 is assigned a public /30 address by Cogent. For sake of illustration, we will call EX3300′s address on this subnet 192.0.2.109/30. Your default gateway is 192.0.2.110/30. From the configuration above, you have assigned ge-0/1/0 to vlan.1 using vlan-id 3.
  • ge-0/0/0 is also assigned a public IP address. For the sake of argument, this subnet is 192.0.2.208/28. ge-0/0/0‘s subnet is different than ge-0/1/0. The interface addressing (and a few other things) need to be fixed.

List of items to fix

  1. You can’t assign 192.0.2.208/28 to the Ubuntu server. .208 is the subnet adddress, and .223 is the broadcast address. Valid host addresses in this subnet range from 192.0.2.209 to 192.0.2.222 (it doesn’t matter that I’m using RFC 5737 addresses here, the subnet math works out the same).
  2. You need l3-interface vlan.1 for your /30 link to the Cogent router; however, you also have the Ubuntu machine in that same subnet on a /28. Now that we have established that the Ubuntu server is in a different subnet than ge-0/1/0, please follow standard internet engineering practices and assign a different vlan to that subnet. Let’s call it l3 interface vlan.100 with vlan-id 100 on your EX3300. Assign 192.0.2.209/28 to your vlan.100 on the EX3300 and use it as the default gateway for this new subnet.
  3. Even if you assigned a valid host address to your Ubuntu server (see point 1., above), that server’s default gateway must be in the same subnet. Assign 192.0.2.210/28 to the Ubuntu server and make the default gateway 192.0.2.209.

Purely informational material

FYI, We also said that you cannot use private IP addresses (RFC 1918) without NAT (RFC 3022). I see that you have 10.0.1.1/24 assigned to vlan.0. Anything in 10.0.0.0/8 is RFC 1918 space. If these devices need to access the internet, you will need some form of NAT.

May I suggest:

Best of luck to you in this endeavor.

Answered by Mike Pennington

Check more discussion of this question.

Related posts:

  1. How to change the ‘internal IP address’ of a Juniper SRX210H
  2. Juniper ScreenOS vlan configuration
  3. Linux Router Problem
  4. Redundant links from Router to Switches
  5. How to properly nest a wireless router behind a wired router?

Leave a comment