SRX Services Gateway
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
CaskStrength
New User
CaskStrength
Posts: 2
Registered: ‎03-02-2011
0

dot1q Trunk Port configuration options

Options

‎03-02-2011 10:36 PM

I am working on installing an SRX240 in place of an old Cisco 7102 (IOS 12.0) and a PIX.  The 7104 is connected via ATT Opteman on FE0/0.1  

 

Here is the current configuration:

 

interface FastEthernet0/1

 no ip address

 no ip directed-broadcast

 duplex full

 speed 100

!

interface FastEthernet0/1.1

 description OptEMan Uplink

 bandwidth 20000

 encapsulation dot1Q 169

 ip address a.b.c.e 255.255.255.248

 no ip directed-broadcast  

 

I am unsure of the best method to configure this interface in JUNOS as wanted some opinions or advice.  I'm thinking I have two options, however I haven't installed yet so I might only have one.

 

option one:

set interface ge-3/0/0 vlan-tagging

set interface ge-3/0/0 unit 0 proxy-arp

set interface ge-3/0/0 unit 0 vlan-id 169

set interface ge-3/0/0 unit 0 family inet address a.b.c.d/29

set vlans Opteman vlan-id 169

 

option two:

set interface ge-3/0/0 unit 0 family ethernet-switching port-mode trunk

set interface ge-3/0/0 unit 0 family ethernet-switching vlan member 169

set interface vlan unit 1 family inet address a.b.c.d/29

set vlans Opteman vlan-id 169

set vland Opteman l3-interface vlan.1

 

Any thoughts?

Message 1 of 5 (1,596 Views)
 
Reply
Duga
Contributor
Duga
Posts: 50
Registered: ‎10-11-2010
0

Re: dot1q Trunk Port configuration options

Options

‎03-03-2011 02:20 AM

Hi,

 

In my opinion, using proxy-arp doesn't make sense in your situation.

You will only use one main IP on your connection.

 

In a general point of view, solution 2 is more consistent.

So, I would use solution 2.

 

Message 2 of 5 (1,583 Views)
 
Reply
Recognized Expert
Recognized Expert
dfex
Posts: 415
Registered: ‎04-17-2008
0

Re: dot1q Trunk Port configuration options

[ Edited ]
Options

‎03-05-2011 03:47 AM - edited ‎03-05-2011 03:47 AM

If you're only installing a single SRX, then either will be fine - as the previous poster said though, there is no need for proxy-arp, unless you intend to do some destination NAT to IPs that aren't assigned to fe-0/0/7.

 

The only caveat with using the family ethernet-switching method is that you currently it isn't supported when using HA cluster.  If you're not using HA, then this won't matter, and I believe switching in HA mode will be supported in JUNOS 11.1 anyway.

 

 

Ben Dale
JNCIP-ENT, JNCIP-SP, JNCIE-SEC #64
Juniper Ambassador
Follow me @labelswitcher
Message 3 of 5 (1,526 Views)
 
Reply
CaskStrength
New User
CaskStrength
Posts: 2
Registered: ‎03-02-2011
0

Re: dot1q Trunk Port configuration options

Options

‎03-08-2011 09:26 AM

I used this configuration during the cutover and everything worked perfectly.  I went with the proxy-arp setting due to having lots of static nat and destination nat settings.  I'm not sure if it was required, but it worked.  

 

    ge-3/0/0 {

        vlan-tagging; 

        unit 0 { 

            description ATTOpteMan;

            proxy-arp;

            vlan-id 169;

            family inet {

                address x.x.x.x/29;

            }

        }

    }

 

Question - Is the proxy-arp statement on the interface required to have proxy-arp statements under NAT for the same interface?

Message 4 of 5 (1,435 Views)
 
Reply
Recognized Expert
Recognized Expert
dfex
Posts: 415
Registered: ‎04-17-2008
0

Re: dot1q Trunk Port configuration options

Options

‎03-10-2011 04:24 AM

No, in fact I think by enabling it on your interface, your interface will reply on behalf of ANY routable address behind your SRX.  Keeping it confined to just the Dest-NAT config will lock it down to just that IP

Ben Dale
JNCIP-ENT, JNCIP-SP, JNCIE-SEC #64
Juniper Ambassador
Follow me @labelswitcher
Message 5 of 5 (1,364 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.