SRX Services Gateway
Reply
Trusted Contributor
mwdmeyer
Posts: 184
Registered: ‎03-11-2008
0
Accepted Solution

vlans on SRX

[ Edited ]

I'm in the process of setting up a 2xSRX240 cluster and everything seems to be working fine so far but I want to confirm the way I've setup the VLAN trunk.

 

The following configuration seems to work but I don't know if I should change it to look like the config in this post:

http://forums.juniper.net/t5/SRX-Services-Gateway/enhanced-switching-on-SRX240/m-p/25396#M370

 

 

interfaces {
ge-0/0/8 {
gigether-options {
redundant-parent reth1;
}
}
ge-5/0/8 {
gigether-options {
redundant-parent reth1;
}
}
reth1 {
vlan-tagging;
redundant-ether-options {
redundancy-group 2;
}
unit 2 {
vlan-id 2;
family inet {
address x.x.x.x/30
}
}
unit 3 {
vlan-id 3;
family inet {
address 172.19.1.1/24;
}
}
}
}

 

 

Super Contributor
mnarine
Posts: 179
Registered: ‎10-03-2009
0

Re: vlans on SRX

Since you have a cluster, the way you have it is fine.  You can also do it the way in the link provided but you can only have 1 port.  A single SRX can do ethernet switching but in a cluster this feature is not available.

Trusted Contributor
mwdmeyer
Posts: 184
Registered: ‎03-11-2008
0

Re: vlans on SRX

Hi mnarine,

 

Thanks for the quick reply. So let me get this right:

 

With the configuration in link I posted I could connect/use multiple ports for ethernet switching, but only if I'm not using a cluster?

 

And the current configuration I am using limits me to using a single port (again because I'm in a cluser I can only use one anyway)?

Super Contributor
mnarine
Posts: 179
Registered: ‎10-03-2009

Re: vlans on SRX

Hi,

 

Yes, you are correct on both counts.  There is a limitation right now with clustering.  I *think* Juniper will fix this in the future so you can use ethernet switching on the SRX in cluster mode.

Trusted Contributor
mwdmeyer
Posts: 184
Registered: ‎03-11-2008
0

Re: vlans on SRX

Great thanks for your time and help!

BB
Contributor
BB
Posts: 28
Registered: ‎12-14-2007
0

Re: vlans on SRX

Hi,

 

good to know about these.

 

Now I'm planning an SRX-650 cluster and like to know how to configure if it's possible a vlan-tagged reth interface with native-vlan.

I have the following:

set interfaces reth3 vlan-tagging
set interfaces reth3 redundant-ether-options redundancy-group 1
set interfaces reth3 unit 0 family inet address 192.168.168.100/24
set interfaces reth3 unit 3 vlan-id 169
set interfaces reth3 unit 3 family inet address 192.168.169.200/24
set interfaces reth3 unit 10 vlan-id 170
set interfaces reth3 unit 10 family inet address 192.168.170.200/24
set interfaces reth3 unit 15 vlan-id 11
set interfaces reth3 unit 15 family inet address 192.168.11.200/24

And I like to have a fouth ip on this interface untagged.

 

Is it possible?

 

Regards, Balázs

Visitor
Lili
Posts: 3
Registered: ‎05-28-2010
0

Re: vlans on SRX

[ Edited ]

Hi,

 

I am in the same situation that you are. I have 2 SRX650 working in an active/passive cluster and 2 subnets going to a loadbalancer. I managed to make this work by tagging the interface with these 2 vlans:

 

set interfaces reth3 vlan-tagging

set interfaces reth3 redundant-ether-options redundancy-group 1

set interfaces reth3 unit 0 vlan-id 31

set interfaces reth3 unit 0 family inet address 10.15.22.2/24

set interfaces reth3 unit 1 vlan-id 32

set interfaces reth3 unit 1 family inet address 10.15.23.2/24

 

However, for ease of management, I would like to have flexible vlan tagging so that I could have vlan 31 untagged on reth3 and vlan 32 tagged on the same interface.

Have you managed to do it ?

 

I saw on the documentation that flexible-vlan-tagging enabled this feature, however, this command does not exist for reth interfaces, only for physical interfaces. 

Does anybody know a work around? or is it still not possible for now (I am running 10.1R1.8 version - the current latest version)?

 

Any help would be greatly appreciated.

 

Lili. 

 

BB
Contributor
BB
Posts: 28
Registered: ‎12-14-2007
0

Re: vlans on SRX

NO

 

Finally I used another interface for this.

 

BB

Visitor
Lili
Posts: 3
Registered: ‎05-28-2010
0

Re: vlans on SRX

No, you didn't succeed or no you know for a fact that this is not possible?

 

Thanks for your help. If anyone can give me some hints on how to proceed, that would be great.

 

Thanks 

 

Lili

tty
Visitor
tty
Posts: 6
Registered: ‎08-07-2010
0

Re: vlans on SRX

I have the exact same problem using 10.2R3.10. There is a general company LAN which is not tagged, and we have recently decided to add "guest" access to the internet without any connectivity to the company LAN. Using the existing Ethernet infrastructure, VLANs are the obvious solution.

 

While I could send traffic both from the general LAN and the "guest" VLAN to our SRX210 reth with added tags, I would prefer to have tags added only for the "guest" VLAN and simply direct untagged traffic to a "default" logical interface. The annoying thing is that the gig ethernet interfaces used for the reth allow flexible-vlan-tagging, while the reth does not. Even more vexing is that the native-vlan-id option is THERE, can be SET, but fails on commit with an error message that is apparently completely out of place in a reth context where neither of the mentioned options can be enabled.

 

Unless I'm missing something, there's an option here that has no effect except for breaking your configuration. Shouldn't it be a simple matter of checking for flexible-vlan-tagging support in the child interfaces and then handing the frames off to the child interface's protocol stack for tagging?

 

It would be nice if support for flexible-vlan-tagging could be added to reth, depending on corresponding support in the redundant children - or the confusing native-vlan-id option with the even more confusing error message removed.

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.