SSL VPN
Reply
Contributor
netadmin
Posts: 32
Registered: ‎07-08-2008
0

802.1Q tagged VLANs on the internal port

Does anyone out there ever configured VLAN tagging on the internal port of the SA-4000 running 6.1R2? Does the internal port support tagging so that I can connect it to a tagged switchport?

 

Thanks 

Recognized Expert
kenlars
Posts: 420
Registered: ‎03-24-2008

Re: 802.1Q tagged VLANs on the internal port

I've configured 802.1Q on the internal port of a SA6000 running 6.0r5.  Check out p. 600 of the admin guide.  If you have some specific questions, maybe I can help.
Contributor
netadmin
Posts: 32
Registered: ‎07-08-2008
0

Re: 802.1Q tagged VLANs on the internal port

Do you have to have an IVS license to do VLAN tagging? I notice that on version 6.0/6.1 there is VLAN menu but not on version 5.5 and therefore it supports it under version 6.1.

 

Thanks 

Recognized Expert
kenlars
Posts: 420
Registered: ‎03-24-2008
0

Re: 802.1Q tagged VLANs on the internal port

Sure looks that way, though I don't think you need to define IVSs to use VLANs.  I have a SA2000 and a SA6000 both running 6.0r5.  The SA6000 is licensed for IVS; the SA2000 is not.  VLANs do not show up on the menu on the SA2000.
Moderator
zanyterp
Posts: 2,300
Registered: ‎11-19-2007
0

Re: 802.1Q tagged VLANs on the internal port

The root VLAN (internal default) cannot be tagged; however you can send other traffic to other VLANs tagged successfully.
Contributor
netadmin
Posts: 32
Registered: ‎07-08-2008
0

Re: 802.1Q tagged VLANs on the internal port

Thank you for the info. Would you mind point me to any reference on how to do it? I just wanted to put any authenticated user with ip subnet 192.168.240.20.0/24 tagged with, for example, VLAN-ID=111, and subnet 192.168.250.0/24 with VLAN-ID=112.

 

 

Thank you and greatly appreciated.

 

 

Recognized Expert
kenlars
Posts: 420
Registered: ‎03-24-2008
0

Re: 802.1Q tagged VLANs on the internal port

Assignment to VLANs is done on a role basis.  So, you need to do the following -

  1. Create the VLANs
  2. Create two roles and figure out how you are going to do role-mapping for the realm
  3. For each role, assign the VLAN in the VLAN/Source IP tab of the General setting for the role
  4. For each role, define NC Connection profiles which assign the appropriate address pool
Contributor
netadmin
Posts: 32
Registered: ‎07-08-2008
0

Re: 802.1Q tagged VLANs on the internal port

Thanks for the info. But how do you connect the SA400 Internal Port(which can not be tagged per your last post) to the tagged switchport on the other end? Thanks.
Recognized Expert
kenlars
Posts: 420
Registered: ‎03-24-2008
0

Re: 802.1Q tagged VLANs on the internal port

I'm not a switch expert, but what I remember is that the switch had an ability to tag untagged data coming from the Juniper, or to treat it like it was tagged with a "default" VLAN tag. 
Contributor
netadmin
Posts: 32
Registered: ‎07-08-2008
0

Re: 802.1Q tagged VLANs on the internal port

Thanks again for your patience. The internal port of SA4000 does not support tagging but it can send packet OUT with tagging information, is it right? If it is, how does the internal port process the returning packet(will have tagging info) IN to it ?

 

Thank you 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.