I'm currently in the process of converting a ScreenOS configuration to a JunOS router and am a bit confused by the current configuration of two bridge groups on the old router. It's my understanding that bridge groups aim to bridge two or more interfaces as a physical bridge would. However, on the ScreenOS router, the two bridge groups only have one interface each.
Does having a bridge group with one interface serve any purpose, or can it be configured as a regular interface would? I've looked at the setup of both bgroups, and they are configured exactly the same way as the other interfaces on the router are. The only difference is that the interfaces sit under a bgroup, which to me appears to be redundant. If my understanding of this is skewed, please correct me – I'll admit that this is the first time I've had to work with bridge groups, and there seems to be little about them on the Internet for me to work with.
Best Answer
The bridge-group in ScreenOS is identical to a VLAN in Junos.
In ScreenOS you can either assign a security-zone/IP Addresses to a physical port, or alternatively, assign them to a bridge-group that contains multiple ports.
In Junos, you would assign security-zones/IP Addresses to a
vlan.xinterface which is bound to a VLAN via thel3-interfacecommand, and then multiple ports can be members of that VLAN.The reason for having a single-port bridge-group would be to allow simpler changes in the future - in ScreenOS, if you had a single L3 port in a zone, and wanted to change it to two, it would involve:
This would be a disruptive change, whereas in Junos it could be handled in a single commit.