SRX Services Gateway
Reply
Contributor
kalsoup
Posts: 13
Registered: ‎06-04-2013
0
Accepted Solution

Only unit 0 is valid for this encapsulation + SRX

Hello Everyone,

 

Posted the same question in the ethernet switching forum as well...

 

I have an SRX that I'm trying to connect to a non-Juniper switch.

I get the 'Only unit 0 is valid for this encapsulation' error when I do a commit check.

Here's my confgiuration:

 

root# set interfaces vlan unit 70 family inet address 172.28.0.9/22
root# set vlans backbone vlan-id 70 l3-interface vlan.70

 


[edit interfaces fe-0/0/2]
root# show
unit 0 {
    family ethernet-switching {
        vlan {
            members vlan-trust;
        }
    }
}
unit 70 {
    family ethernet-switching {
        port-mode trunk;
        vlan {
            members backbone;
        }
    }
}

Does the error mean I can only use unit 0 for what I'm trying to do or is there a different encapsulation method that I have to configure?

 

Thanks in advance!

 

Distinguished Expert
aarseniev
Posts: 1,701
Registered: ‎08-21-2009
0

Re: Only unit 0 is valid for this encapsulation + SRX

Hello,

You should combine 2 VLANs under same unit 0:

 

[edit interfaces fe-0/0/2]
unit 0 {
    family ethernet-switching {
        port-mode trunk;
        vlan {
            members [ vlan-trust backbone ];
        }
    }
}

 HTH

Thanks

Alex

___________________________________
Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Contributor
ithFrederic
Posts: 18
Registered: ‎02-18-2012
0

Re: Only unit 0 is valid for this encapsulation + SRX

Indeed,

what you're probably looking for is "the other way" to do vlan tagging;

 

set interfaces fe-0/0/2 vlan-tagging

set interfaces fe-0/0/2.10 vlan-id 10

set interfaces fe-0/0/2.11 vlan-id 11

...

 

Catch: if memory serves well, you _need_ to have a vlan ID and you can't create an untagged unit. The other end should be able to provide you workarounds (i.e., tag the untagged unit to the native vlan).

 

The other option, if you're looking for routing, is indeed the solution aarseniev provided you with, then you can create a vlan.X interface and point the l3-interface under [edit vlans] to it.

 

Good luck

Contributor
kalsoup
Posts: 13
Registered: ‎06-04-2013
0

Re: Only unit 0 is valid for this encapsulation + SRX

[ Edited ]

Thanks Alex and Frederik!

 

I added both the vlans to unit 0.

All I'm trying to do is connect the SRX210 to an L2/L3 switch and communicate on a vlan that is tagged 70. I'm now able to ping the SRX210

 

SRX210----------------------vlan-70-------------------------L2/L3 switch

172.28.0.9/22                                                            172.28.0.1/22

 

Here's the relevant configuration:

 

fe-0/0/2 {
        unit 0 {
            family ethernet-switching {
                port-mode trunk;
                vlan {
                    members [ vlan-trust backbone ]

 

unit 70 {
            family inet {
                address 172.28.0.9/22;

}

 

routing-options {
    static {
        route 0.0.0.0/0 next-hop 172.28.0.1;
    }

 

zones {
        security-zone trust {
            host-inbound-traffic {
                system-services {
                    all;
                }
                protocols {
                    all;
                }

          }
            interfaces {
                vlan.0;
                vlan.70;
                fe-0/0/2.0;
            }
        }

 

vlans {
    backbone {
        vlan-id 70;
        interface {
            fe-0/0/2.0;
        }
        l3-interface vlan.70;
    }

 

I can see that the arp table has been populated as well.

 

root# run show arp
MAC Address       Address         Name                      Interface           Flags
00:04:96:1d:70:f0 172.28.0.1      172.28.0.1                vlan.70             none

 

All this is good, but I'm not satisfied with having to use unit 0 under fe0/0/2. It would in my opinion be cleaner to create a unit 70 for vlan-id 70, unit 100 for vlan-id 100, etc. Or am I just getting confused with concepts from other vendors?

 

Thanks!

Distinguished Expert
aarseniev
Posts: 1,701
Registered: ‎08-21-2009

Re: Only unit 0 is valid for this encapsulation + SRX

Hello there,

Glad to be of help.

I don't know which vendors You have in mind, but "1 unit = 1 vlan-id" concept is also used on Juniper SRX (and EX, and M/T series etc) when plain L3 routed subinterfaces are required. If You don't need L2 switching for Your "vlan-trust" VLAN then You can use both unit 0 and unit 70 on fe-0/0/2, by assigning IP addresses directly under "fe-0/0/2 unit <> family inet", and not on RVI.

HTH

Thanks

Alex

 

___________________________________
Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Contributor
kalsoup
Posts: 13
Registered: ‎06-04-2013
0

Re: Only unit 0 is valid for this encapsulation + SRX

Thanks for clearing that up, helps a lot.

Appreciate it!!

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.