Can someone walk me through setting up a new (to me) switch?

[Tarl72]

Hi all,

I've just bought a new (quite old, actually) SRX110H2 switch that I want (need???) to set up on my existing system and add in a server. I want to add the switch as I have a number of different pieces of hardware (mainly laptops, printers, etc.,) that I want to be able to access across my systems.

 

My current system is a Windows 11 Pro system (Ryzen 9 5900X 12Core/24 Threads) 3.6GHz processor, 128GB 1333 MHz DDR4 RAM, ROG Crosshair VIII Hero WiFi motherboard, RTX3060 12GB graphics card (running 2 monitors), and 1 x 1GB and 1 x 2.5GB network ports. My server is a Viglen IX1300 Server PC running Windows 10 Pro, Intel Xeon, 8GB DDR3 RAM, RAID card running 3 x 2TB HDDs with RAID 5.

 

The switch I have is a Juniper SRX110 System Server. It's got 2GB RAM, 8 ports and a CF Card slot (2GB card arriving on Monday). Unfortunately, I have no experience setting up a server, or a switch for that matter, so I need someone to walk me through the basics of setting it up. I need to know what I can/cannot do with it, how to set up the security features, how to route my ISP router through it and things like that.

 

Is there a resource I can access that is KISS (Keep It Stupidly Simple) rated? Or is there anyone here who's willing to walk/talk me through it? I've no experience in programming/servers/switches or anything like that, I only know the basics of DOS, problem solving hardware and putting a PC together.

 

Many thanks.

[Lurick]

That's a complete branch router, that is not a switch. It's like a combo unit but on steroids (for being so old). I honestly, if you want simple, would suggest you just get a gigabit unmanaged switch. That is going to require SSH or Telnet and likely a console cable to get it setup the first time. If you want to keep it simple, don't mess with this unit, it's enterprise grade and as such is not as simple as push a couple buttons, check some boxes, and done.

If you really want to learn you're in for a steep learning curve, that's about all I can say.

 

@mynameisjuanmight be able to provide more insights as I believe he's worked(works) with Juniper gear

[RollinLower]

Do you have console access to this box?

like @Lurickmentioned, there is a bit more to this box than just a simple switch. If you hook up a serial to USB cable and run putty (windows) or minicom (Linux) you can set the baud rate to 9600 with 8N1, and it should display a terminal.

There you can check JunOS version. depending on the version, there might be slight changes in policy/configuration.

 

If you want it to be a dumb switch though,. it should be fairly simple to setup. But if you want to manage your traffic, it will get quite involved quite fast.

[Lurick]

26 minutes ago, RollinLower said:

Do you have console access to this box?

like @Lurickmentioned, there is a bit more to this box than just a simple switch. If you hook up a serial to USB cable and run putty (windows) or minicom (Linux) you can set the baud rate to 9600 with 8N1, and it should display a terminal.

There you can check JunOS version. depending on the version, there might be slight changes in policy/configuration.

 

If you want it to be a dumb switch though,. it should be fairly simple to setup. But if you want to manage your traffic, it will get quite involved quite fast.

Honestly, looking at the specs some more I don't think these ports are switched and would never act like a switch. I believe they're all routed ports with a firewall built into the box. It might have a built in switch chip (which wouldn't surprise me) but everything I see tells me they won't act like switched ports and more like L3 ports. I definitely wouldn't try to setup a firewall/gateway as a switch though.

[RollinLower]

9 minutes ago, Lurick said:

Honestly, looking at the specs some more I don't think these ports are switched and would never act like a switch. I believe they're all routed ports with a firewall built into the box. It might have a built in switch chip (which wouldn't surprise me) but everything I see tells me they won't act like switched ports and more like L3 ports. I definitely wouldn't try to setup a firewall/gateway as a switch though.

jup. Its an SRX. these boxes are meant to be security appliances/firewalls. you can configure them to be switches though but it requires some configuration.

I used to run a SRX345 at home for a while.

 

EDIT:

i feel like i should clarify how i got it working.

set protocols l2-learning global-mode switching

and then for each interface you want "in the switch"

interfaces {
          ge-X/X/X (edit this to reflect the interface number) {
                unit 0 { 
                      family ethernet-switching;
                }
          }
}

this configuration means you basically bypass all security features of the device (oof) and make it into a switch. A packet will now just travel through the switch chip and out another interface, not further into the processing of the SRX.

 

stupid config for a security device ofcourse, but perfectly suitable if you have a SRX on hand and need a switch.

[LIGISTX]

4 hours ago, Tarl72 said:

Hi all,

I've just bought a new (quite old, actually) SRX110H2 switch that I want (need???) to set up on my existing system and add in a server. I want to add the switch as I have a number of different pieces of hardware (mainly laptops, printers, etc.,) that I want to be able to access across my systems.

 

My current system is a Windows 11 Pro system (Ryzen 9 5900X 12Core/24 Threads) 3.6GHz processor, 128GB 1333 MHz DDR4 RAM, ROG Crosshair VIII Hero WiFi motherboard, RTX3060 12GB graphics card (running 2 monitors), and 1 x 1GB and 1 x 2.5GB network ports. My server is a Viglen IX1300 Server PC running Windows 10 Pro, Intel Xeon, 8GB DDR3 RAM, RAID card running 3 x 2TB HDDs with RAID 5.

 

The switch I have is a Juniper SRX110 System Server. It's got 2GB RAM, 8 ports and a CF Card slot (2GB card arriving on Monday). Unfortunately, I have no experience setting up a server, or a switch for that matter, so I need someone to walk me through the basics of setting it up. I need to know what I can/cannot do with it, how to set up the security features, how to route my ISP router through it and things like that.

 

Is there a resource I can access that is KISS (Keep It Stupidly Simple) rated? Or is there anyone here who's willing to walk/talk me through it? I've no experience in programming/servers/switches or anything like that, I only know the basics of DOS, problem solving hardware and putting a PC together.

 

Many thanks.

Is there a reason you got this specifically? Sounds like you just need a standard switch.... 

 

You don't need a fancy switch if all you need "is a switch". A 15 dollar tplink switch is going to work perfectly fine, and you won't need to fumble through trying to set that up (really... dumb it down) to work as a simple switch. 

[HanZie82]

Get this connect cables and poof it works.
https://www.amazon.com/Ethernet-Splitter-Optimization-Unmanaged-TL-SG105/dp/B00A128S24/

 

That other thing is an ancient headache thats 10 times less speedy then the one i linked.

 

 

 

 

[mynameisjuan]

21 hours ago, Lurick said:

It's like a combo unit but on steroids (for being so old). I honestly, if you want simple, would suggest you just get a gigabit unmanaged switch.

It falls under the J-series with is very old and I would agree, just pick up a cheap unmanaged gigabit switch as the SRX1xx is fast-ethernet.

 

Also @Tarl72 if you do not have a Junos image and have it backed up somewhere, you are in for a rough time. Junos is freeBSD based and does not handle sudden power loss at all. If your SRX110 loses power and does not have a partition that is being upkeeped, 99.9% of the time it will be corrupted. If this happens and you do not have a backup image, the device is a brick.

 

And no, you cannot obtain this images without a valid Juniper support contract.

 

20 hours ago, RollinLower said:

set protocols l2-learning global-mode switching

I don't believe this statement was even introduced in 12.x (latest supported revision) and is enabled by default. Just configure `interfaces fe-0/0/x unit 0 family ethernet-switching vlan members [ x ]`.

 

20 hours ago, RollinLower said:

this configuration means you basically bypass all security features of the device (oof) and make it into a switch. A packet will now just travel through the switch chip and out another interface, not further into the processing of the SRX.

Just bypassing security features for traffic being switched but you can still have some security in place via firewall filters. On the current branch SRX3xx, you can even utilize most security features with the use of secure-wire (transparent L2 firewall without putting the entire device into transparent-mode).

 

20 hours ago, RollinLower said:

stupid config for a security device ofcourse, but perfectly suitable if you have a SRX on hand and need a switch.

Not stupid at all and very common on modern branch series. Even Junos has it's enabled by default and best to keep it enabled. You do not lose anything and can still utilize all security features with the use of IRB (or VLAN on older Junos) interfaces and/or secure-wire.

 

For this use case, I would just get a cheap gig unmanaged switch because SRX110 is fast-ethernet and uses a bit more power.

 

 

[Tarl72]

On 9/10/2023 at 12:33 AM, LIGISTX said:

Is there a reason you got this specifically? Sounds like you just need a standard switch.... 

 

You don't need a fancy switch if all you need "is a switch". A 15 dollar tplink switch is going to work perfectly fine, and you won't need to fumble through trying to set that up (really... dumb it down) to work as a simple switch. 

No good reason, to be honest. I got it as a part of an on-line auction of other computer goods (leads, a radio, stuff like that), so I thought I would see if I could use it. Unfortunately I think it's a bit out of my skill set ATM, so I'll just sell it and get an 8 port TP switch (I've ordered this one: TP-Link TL-SG108S, 8 Port Gigabit Ethernet Network Switch, Ethernet Splitter, Hub, Desktop and Wall-Mounting, Sturdy Metal, Fanless, Plug and Play, Energy-Saving : Amazon.co.uk: Computers & Accessories ). Many thanks for your advice, it really helped.

[Tarl72]

These opened my eyes a bit. Thanks. I think I'm going to get a new/normal switch and sell this one!

[Tarl72]

19 hours ago, mynameisjuan said:

It falls under the J-series with is very old and I would agree, just pick up a cheap unmanaged gigabit switch as the SRX1xx is fast-ethernet.

 

Also @Tarl72 if you do not have a Junos image and have it backed up somewhere, you are in for a rough time. Junos is freeBSD based and does not handle sudden power loss at all. If your SRX110 loses power and does not have a partition that is being upkeeped, 99.9% of the time it will be corrupted. If this happens and you do not have a backup image, the device is a brick.

 

And no, you cannot obtain this images without a valid Juniper support contract.

 

I don't believe this statement was even introduced in 12.x (latest supported revision) and is enabled by default. Just configure `interfaces fe-0/0/x unit 0 family ethernet-switching vlan members [ x ]`.

 

Just bypassing security features for traffic being switched but you can still have some security in place via firewall filters. On the current branch SRX3xx, you can even utilize most security features with the use of secure-wire (transparent L2 firewall without putting the entire device into transparent-mode).

 

Not stupid at all and very common on modern branch series. Even Junos has it's enabled by default and best to keep it enabled. You do not lose anything and can still utilize all security features with the use of IRB (or VLAN on older Junos) interfaces and/or secure-wire.

 

For this use case, I would just get a cheap gig unmanaged switch because SRX110 is fast-ethernet and uses a bit more power.

 

 

Yes, I had thought about the power loss issue, I didn't state it, but I actually have 2 UPSs, one for my main PC and a smaller one for my router and switch. I haven't got to the stage of even setting it up yet, so I've not had a good look at the Janos system at all, but I did understand it had a bit of a reputation! lol

I think I'll just buy a new/dumb switch and sell this one.