SRX

last person joined: 20 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  SRX 3400 AE lag options

    Posted 06-10-2011 11:15

    I am looking for a recommended config on using LAG groups in trunk mode and if that's even possible.  I would like to have this SRX feed a 2Gb Southbound channel to start with.

     

    So far I have set two interfaces in 802.3ad with ae1

     

    The issue I am running into is "bridge family cannot be configured in route mode or for an interface with inet family"

     

    Thanks.

     

     



  • 2.  RE: SRX 3400 AE lag options

    Posted 06-11-2011 00:09

    Is your box running in transparent (L2) mode or in L3 mode?

    Can you post your config here? Looks like you are trying to mix modes and this is not supported.



  • 3.  RE: SRX 3400 AE lag options

    Posted 06-13-2011 06:08

    I have the SRX in L3 mode and yes I was trying to mix modes.  Still very new to SRX series and I am currently evaluating a unit as a replacement to an ASA.  

     

    Are most designs utilizing two 1Gb Southbound connections and allowing a routing protocol to load balance?  I have a traffic shaper that will be inline between this SRX and the L3 switch so I can do per-flow QoS etc.

     

    Thanks.



  • 4.  RE: SRX 3400 AE lag options
    Best Answer

    Posted 06-13-2011 06:40

    Hi

    It depends on what you want to acheive and how your load-balancer works.
    You can do L3 load balancing or create an aggreate interface. The
    example commands of creating LAG are

    set chassis aggregated-devices ethernet device-count 2
    (creates ae0 and ae1)

    set interfaces ae0 vlan-tagging

    set interfaces ae0 unit 100 vlan-id 100 family inet address 10.100.0.1/24
    <same for other vlans>

    set interfaces ge-0/0/7 gigether-options 802.3ad ae0
    <same for other interfaces in LAG - use whatever interfaces you have>

    set security zones security-zone <zone> interfaces ae0.100
    <same for other subinterfaces>

    But do not use family bridge together with routing mode here, it will not work.



  • 5.  RE: SRX 3400 AE lag options

    Posted 06-13-2011 11:08

    This is what I am looking to accomplish, I appreciate the configuration steps.  



  • 6.  RE: SRX 3400 AE lag options

    Posted 06-13-2011 12:54

    Not to drag this thread out any longer but I am also looking for any suggestions with AE and 4200 switches.  I would like to keep the design of using tagged AE sub interfaces so I can create multiple guest/dmz zones.

     

    A design I am working on is setting the ae0 interface on the EX to a trunk and creating several vlan interfaces.  Am I way off target with this approach?

     

    EX 4200 Config Below

     

    show interfaces ge-0/0/2

    ether-options {

        802.3ad ae0;

    }

     

     

     

    show interfaces ae0

    unit 0 {  

     family ethernet-switching {    

       port-mode trunk;

            vlan {  

             members srx-trusted;  

         } 

       }

    }

     

    show intefaces vlan

    unit 100 {

    family inet {

    address 172.16.0.2/28

     

    SRX Config so far

     

    show interfaces ae0

    vlan-tagging;

    unit 100 {

        vlan-id 100;

        family inet {

            address 172.16.0.1/28;

        }

    }

     



  • 7.  RE: SRX 3400 AE lag options

    Posted 06-13-2011 13:07

    Hi

     

    Your config of EX looks good, but do you want to use it as a pure L2 switch or route taffic between vlans on it?

     

    In case of pure L2, vlan interface configuration may not be needed at all. Just create access or trunk ports and assign them vlans.

     

    In case of L3, you create a vlan interface (e.g. vlan.100) and then, in the definition of vlan, you should add

     

    set vlans vlan_100_name l3-interface vlan.100

     

    This will enable routing from vlan to other vlan as well as management on the ip of vlan interface.