 |
Note: If you specify a VLAN identifier list in the bridge domain configuration, you cannot configure an IRB interface for the bridge domain. |
For bridge domains configured with a single VLAN identifier, you can optionally configure an integrated routing and bridging (IRB) interface for management traffic in the bridge domain. An IRB interface acts as a Layer 3 routing interface for a bridge domain.
|
Note: If you specify a VLAN identifier list in the bridge domain configuration, you cannot configure an IRB interface for the bridge domain. |
In this release, the IRB interface on the SRX services gateway does not support traffic forwarding or routing. In transparent mode, packets arriving on a Layer 2 interface that are destined for the device’s MAC address are classified as Layer 3 traffic while packets that are not destined for the device’s MAC address are classified as Layer 2 traffic. Packets destined for the device’s MAC address are sent to the IRB interface. Packets from the device’s routing engine are sent out the IRB interface.
You create an IRB logical interface in a similar manner as a Layer 3 interface, but the IRB interface does not support traffic forwarding or routing. The IRB interface cannot be assigned to a security zone; however, you can configure certain services on a per-zone basis to allow host-inbound traffic for management of the device. This allows you to control the type of traffic that can reach the device from interfaces bound to a specific zone.
|
Note: You can configure only one IRB logical interface for each bridge domain. |
To configure an IRB logical interface: