[AusNOG] Juniper SRX 220 vs Cisco IOS G2 2911

Brad Peczka brad at bradpeczka.com
Thu May 1 11:15:24 EST 2014


+1 for Shane's comments.

I've found 12.1X45-D15.5 to be a buggy pile of excrement; 12.1X46 is apparently more stable.

You can also throw SRX devices into packet mode to remove the security features and make them more like an ISR... but this kinda defeats the purpose of having an all-in-one box (albeit, one without wireless).

Regards,
-Brad.
________________________________________
From: AusNOG [ausnog-bounces at lists.ausnog.net] On Behalf Of Shane Short [shane at short.id.au]
Sent: Thursday, 1 May 2014 8:56 AM
To: Chris Gibbs
Cc: AusNOG (AusNOG at lists.ausnog.net)
Subject: Re: [AusNOG] Juniper SRX 220 vs Cisco IOS G2 2911

HI Chris,

The ethernet-switching-options voip seems to be present on my SRX110 (running 12.1X46-D10.2) and I have a vague recollection of testing it once before:
[edit ethernet-switching-options voip]


The issue I think you'll have is that the 7960 series phones (at last check) don't support LLDP-MED, which is the "everyone but cisco" way of advertising voice VLANs. I can tell you that it works with the newer Java based 79XX series, but the 79[46]0s are so old now, they only speak CDP. The other consideration is the PoE. The 79[46]0 use pre-standard "Cisco Inline Power", not the standard 803.2af spec. It's worth noting I've had the EX4200's power inline power devices fine in the past, but I can't speak for the SRX series (someone else might be able to chime in here?)

I've had a friend who's run the CX111 on his SRX210 and he was quite pleased with it, apparently works as advertised on the tin.

The Sierra Wireless (now Netgear, ugh.) U320 series work on the 12.1X train, you'll just need to make sure that you get the dongle's firmware upgraded to the newest version (they made some changes to the output of some of the AT!GSTATUS commands, which JunOS now expects). I did some failover testing in a lab environment and don't have any obvious bugs to report.

All in all the SRX are a pretty good branch device, there's just a few things to be aware of. Firstly, it's a firewall device, not a router.. This seems to catch people out as they're often just looking for a packet pushing device and get frustrated having to deal with firewall zones etc. In this respect they're almost more like an ASA than a traditional 8XX router, which arguably adds more value, considering the low price point. Secondly, a fair chunk of the features you'll probably want to use are found in the 12.1X train.. This is much like the IOS T train where the focus is on adding features, sadly a little bit at the expense of stability. There's usually nothing too heinous, but I've found you need the occasional reboot here and there (and it's certainly not anything worse than I've experienced in C-land)

If you have any other questions, or you'd like me to test something out for you (I have an SRX110 here, and some Cisco IP phones) hit me off-list.

Hope this helps! :)

Kind Regards,
Shane Short

Chris Gibbs wrote:

Hi all,



I’m currently reviewing alternative options to our current all-in-one deployment for small branch sites. We currently use Cisco 2911 series with POE switch-modules, DSL and LTE modules



A typical managed branch site for us has between 2 - 6 users and we will be rolling out to around 40 sites.



I have been looking at the SRX 220 with copper SFP module for the WAN and the POE option. Looking also at CX111 with Telstra 4G USB as a backup WAN interface.



Most of the features on the cisco we run look to be supported. I'm coming unstuck when researching how to enable the "switchport voice vlan <vlan id>" command from Cisco IOS.



It appears the command in EX is "set ethernet-switching-options voip" however after reading a bit, seems to be unsupported on 12.1 in SRX code.



http://www.juniper.net/techpubs/en_US/junos12.1/information-products/topic-collections/release-notes/12.1/index.html?topic-64979.html



We are also running Cisco phones; 6945 and 7960s mainly.



I do not have any Junos experience and only have begun researching. Currently completely the Junos as a second language. I do not have any test units yet either.



Anyone have any suggestions?



If the port is configured a trunk port and I enable tagging on the phone it may work. Or set the vlan and also set a native vlan. These are the only two alternatives that popped into my mind. Would prefer however to leave the phone zero-touch.



Also, in general I’d love to hear experiences from trying to move from Cisco G2's to Juniper (or any other alternative that can offer, WAN, FW, POE, 8 switch ports, 4G in a single chassis)



I have also cross-posted this to Juniper support forums:

http://forums.juniper.net/t5/Routing/SRX-220/td-p/240474



Cheers,



Chris




[cid:part1.00050205.01060509 at short.id.au]<http://www.gosford.nsw.gov.au>



Chris Gibbs
Network and Security Engineer | Information Management & Technology
Gosford City Council
(PO Box 21)
Gosford NSW 2250
P  (02) 43258888
M  0408 222 496
E  Chris.Gibbs at gosford.nsw.gov.au<mailto:Chris.Gibbs at gosford.nsw.gov.au>







[cid:part2.05060006.02020109 at short.id.au]<http://confirmsubscription.com/h/i/A752C35C6D10F1BB>



[cid:part3.05060308.06010106 at short.id.au]<http://facebook.com/ilikemygosford>



[cid:part4.00040506.04080904 at short.id.au]<http://twitter.com/gosford_council>



gosford.nsw.gov.au<http://www.gosford.nsw.gov.au>


[cid:part5.00070204.05050405 at short.id.au]<http://thinkbeforeprinting.org/>







________________________________
The information contained in this email may be confidential.
You should only disclose, re-transmit, copy, distribute, act in reliance on or commercialise the information if you are authorised to do so. Gosford City Council does not represent, warrant or guarantee that the communication is free of errors, virus or interference.

Gosford City Council complies with the Privacy and
Personal Information Protection Act (1998). See Council's Privacy Statement<http://www.gosford.nsw.gov.au/council/privacy.html>

________________________________

_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog



More information about the AusNOG mailing list