SRX Services Gateway
Reply
Super Contributor
cryptochrome
Posts: 496
Registered: ‎03-29-2008
0
Accepted Solution

What's the SRX equivalent to SSG subinterfaces?

Hi,

 

coming from a ScreenOS perspective... what is the equivalent to ScreenOS subinterfaces (vlan tagged interfaces like ethernet0/0.1) on SRX? How do I configure this?

 

I figure it's done by using the built in switching, but that doesn't seem to be available when clustering is enabled on branch SRX?

 

 

Twitter: @cryptochrome
--------------------------------
plus.google.com/11635909860
Distinguished Expert
keithr
Posts: 979
Registered: ‎09-10-2009

Re: What's the SRX equivalent to SSG subinterfaces?

Hi cryptochrome,

 

Junos calls these "units."

 

You can do it a couple ways, but if you've got clustering enabled you can only do it with switching mode if you're using Junos 11.1 or newer and only on SRX240 and SRX650 devices (currently).

 

The "non-switching" way to do it, which works in clusters, is by setting units on your reth interfaces, and enabling VLAN tagging.  Here is an example:

 

reth0 {
    vlan-tagging;
    redundant-ether-options {
        redundancy-group 1;
    }
    unit 18 {
        vlan-id 18;
        family inet {
            address 192.168.18.1/24;
        }
    }
    unit 400 {
        vlan-id 400;
        family inet {
            address 10.255.4.1/24;
        }
    }
}

 

-kr


---
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated.
Super Contributor
cryptochrome
Posts: 496
Registered: ‎03-29-2008
0

Re: What's the SRX equivalent to SSG subinterfaces?

[ Edited ]

Sorry for the late response here Keith. I've only seen this now. Thanks for your help!

 

Just one more question about this: When you say VLAN tagging you mean dot1q?

 

 

Twitter: @cryptochrome
--------------------------------
plus.google.com/11635909860
Distinguished Expert
keithr
Posts: 979
Registered: ‎09-10-2009

Re: What's the SRX equivalent to SSG subinterfaces?


cryptochrome wrote:

Just one more question about this: When you say VLAN tagging you mean dot1q?


Yes... VLAN tagging means 802.1Q VLAN tags.  That's the only way you will be able to carry multiple VLANs to a single physical interface.

-kr


---
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated.
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.