[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Configuring an IRB Interface

To configure an IRB interface, you first create an IRB logical interface, and then reference the interface in the bridge domain configuration. Configure a security zone to control the host-inbound traffic from systems that are directly connected to the interfaces in the zone.

Note: An IRB interface can only be configured for a bridge domain defined with a single VLAN identifier. In a previous example, bridge domain bd1 was configured with a VLAN identifier list; you would not be able to add the IRB interface to the bd1 bridge domain.

Before You Begin

For background information, read Understanding Integrated Routing and Bridging Interfaces and Understanding Firewall User Authentication in Transparent Mode.

In this example, you configure an IRB logical unit 0 with the family type inet and IP address 10.1.1.1/24, and then reference the IRB interface in the bd2 bridge domain configuration. This example also enables Web authentication on the IRB interface and actives the Web server on the device.

Note: To complete the Web authentication configuration, you will also need to define the following:

  • Access profile and password for a Web authentication client
  • Security policy that enables Web authentication for the client

Either the local database or an external authentication server can be used as the Web authentication server. For more information about configuring Web authentication, see the JUNOS Software Security Configuration Guide.

You can use either J-Web or the CLI configuration editor to configure an IRB interface.

This topic covers:

J-Web Configuration

To configure an IRB interface:

  1. Select Configuration > View and Edit > Edit Configuration.

    The Configuration page appears.

  2. Select Interfaces.
  3. In the Interface name column, select irb.
  4. Under Unit, in the Interface unit number column, click 0.
  5. Next to Family group, select Inet, and then click Configure.
  6. Next to Address, click Add new entry.
  7. In the Source box, type the address 10.1.1.1/24.
  8. Next to Web authentication, click Configure.
  9. Select the Http check box, and then click OK.
  10. Click OK to return to the Unit page.
  11. Click OK to return to the Interface page.
  12. Click OK to return to the Interfaces page.

To reference the IRB interface in a bridge domain:

  1. Select Configuration>View and Edit>Edit Configuration.

    The Configuration page appears.

  2. Select Bridge domains.
  3. Next to Domain, click bd2.
  4. In the Routing interface box, type irb.0.
  5. Click OK to return to the Configuration page.

To activate the Web server on the device:

  1. Select Configuration>View and Edit>Edit Configuration.

    The Configuration page appears.

  2. Next to System, click Configure.
  3. Next to Services, select the check box, and then click Configure.
  4. Next to Web management, click Configure.
  5. Select the Http check box, and then click OK.
  6. Click OK to return to the Services page.
  7. Click OK to return to the System page.
  8. Click OK to return to the Configuration page.

CLI Configuration

To configure an IRB interface:

user@host# set interface irb unit 0 family inet address 10.1.1.1/24 web-authentication http

To reference the IRB interface in a bridge domain:

user@host# set bridge-domains bd2 routing-interface irb.0

To activate the Web server on the device:

user@host# set system services web-management http

Related Topics


[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]