SRX

Hello,

can someone help how to force a VLAN interface on a SRX100 to be always up.

If I connect a PC to one of the ports assigned to the VLAN it went up and I can reach the SRX's IP on that VLAN interface.

But if no PC is connected the VLAN goes down and thus the SRX's IP to not reachable till I reconnect on of the VLAN's switchports.

On Cisco's IOS you use "no autostate" for this purpose.

For example:

interface Vlan 3
 ip address 10.11.12.13 255.255.255.0
 no autostate

Is there an equivalent in JunOS ?

Thanks in advance

Steffen

Do the following...  It wastes a revenue port, but I've done this in several installations for various purposes.

Create your layer three vlan interface.

interfaces {
    vlan {
        unit 3 {
            family inet {
                address 10.11.12.13/24;
            }
        }
    }
}

Create a Layer 2 VLAN and map it to the layer 3 logical interface created above.

vlans {
    v3 {
        description LoopedUp;
        vlan-id 3;
        interface {
            ge-0/0/0.0;

        l3-interface vlan.3
         }
    }
}

On the physical interface loop it back onto itself.  There are two types depending on your port, gigabit and fastE...  EG.

set interface ge-0/0/0 gigether-options loopback

set interface fe-0/0/2 fastether-options loopback

Hello colemtb,

---

set interface ge-0/0/0 gigether-options loopback

set interface fe-0/0/2 fastether-options loopback

---

thanks, it brings up the VPN, but as you said, it wastes an interface. 😞

I hope someone will come with a better solution. So forgive me that I don't mark your hint as solution now. If JunOS lacks a better way, I'll do it later.

- Steffen

No worries man, I don't do it for the Kudos  😉

Can i add this loopback interface in ospf. so this vlan interface can be accessible from remote site via ospf protocol.

Note that as i add this interface in ospf the "show ospf interface" command not display this interface.

Hello,

You can use "loopback" interface(s) for this purpose, not necessarily Vlan.

lo0.0    in Global Route Table/inet.0

lo0.1... in Virtual Routers.

And lo0.0 can even have multiple IP@ assigned to it.

HTH

Rgds

Alex

Hi aarseniev,

---

You can use "loopback" interface(s) for this purpose, not necessarily Vlan.

lo0.0    in Global Route Table/inet.0

lo0.1... in Virtual Routers.

And lo0.0 can even have multiple IP@ assigned to it.

---

But a loopback interface is in another IP subnet then the VLAN ?!

I need the SRX's internal LAN IP address (= VLAN 3 in my case) to be allways up.

- Steffen

Hi,

in the meantime I discovered, that setting one member-port of the VLAN to loopback like suggested above was a very bad idea:

The mac addresses from PCs connected to other VLAN member port start flapping between their connected port and the port set to loopback. This causes heavy connection interruptions of those PCs.

If you use "show ethernet-switching mac-learning-log" you'll see the flapping:

...:11:03 2011  vlan_name VLAN-3-LAN mac <mac-address@port5> was deleted on fe-0/0/2.0
...:11:03 2011  vlan_name VLAN-3-LAN mac <mac-address@port5> was learned on fe-0/0/5.0
...:11:04 2011  vlan_name VLAN-3-LAN mac <mac-address@port5> was deleted on fe-0/0/5.0
...:11:04 2011  vlan_name VLAN-3-LAN mac <mac-address@port5> was learned on fe-0/0/2.0
...:11:05 2011  vlan_name VLAN-3-LAN mac <mac-address@port5> was deleted on fe-0/0/2.0
...:11:05 2011  vlan_name VLAN-3-LAN mac <mac-address@port5> was learned on fe-0/0/5.0

fe-0/0/5.0 was the port a PC is connected and fe-0/0/2.0 was the port set to loopback.

So, using a loopback interface seems not to be a method to keep a VLAN always up.

Any other suggestions?

On some IOS switches Cisco uses "n keepalive", but I couldn't find a possibility to something similar on an SRX's VLAN interface.

- Steffen

All you asked was a way to keep a VLAN up, you never specified that PCs are going to connect to it.

If you need a VLAN to stay up for NAT-ting, this is in fact a GREAT ideal, sorry to be blunt; but based on the question you asked it is a feasible response.

---

@Steffen wrote:

 

 

But a loopback interface is in another IP subnet then the VLAN ?!

I need the SRX's internal LAN IP address (= VLAN 3 in my case) to be allways up.

 

 

---

You can assign a /32 IP@ to lo0 from your internal LAN subnet.

You can even configure a broadcast (.255) or network (.0) IP@ from internal LAN on lo0.

If not broadcast/network IP and you need this address to be ARP-able from internal LAN, configure static ARP on internal VLAN interface and "publish" it

http://www.juniper.net/techpubs/en_US/junos10.4/topics/usage-guidelines/interfaces-configuring-static-arp-table-entries.html

HTH

Rgds
Alex

Nice!

As usual, great post.

Hello Alex,

---

@aarseniev wrote:

You can assign a /32 IP@ to lo0 from your internal LAN subnet.

---

First I faced the problem that you can't define a second loopack within the master routing instance ("Multiple loopback interfaces not permitted in master routing ..."), but after solving this I found that your suggestion didn't help:

The loopback interface will keep up the IP that is assigned to the Loopback interface, but the VLAN from which I borrowed the IP didn't come up.

I need the VLAN to be up so I can reach the SRX's IP within that VLAN and not another IP that might be member of that subnet.

Thanks anyway

Steffen

Hi,

I opened a JTAC case for this. They worked on this for a while and involved serval people.

But at the end the confirmed that this (keeping a VLAN state "up", if no device is connected) could not be done with JunOS.

So I have to use Cisco which support this or make a feature request to my local SE.

If there is someone out there who will need this too. Please be so kind and make a feature request yourself. Maybe one time we are enough an Juniper will do something.

- Steffen

For testing I make one of these:

http://www-tss.cisco.com/eservice/compass/common/activities/act_verikit_adapters.htm

However you need to be careful because in some situations it can cause a problem.