Ethernet Switching
Highlighted
Ethernet Switching

EX3400 Junos: 18.1R1.9 trunk port set up

‎03-07-2019 03:30 PM

Hello,

 

I am trying to set up an EX3400 switch. I'm running: Junos: 18.1R1.9

I have not worked with VLANs or switches much at all, but I'm comfortable with basic firewall support and server side networking. If this is not posted to the correct forum, please point me to where I should post this.

 

I am able to configure VLANs, and ping from one VLAN to the other.

My goal is to set up ge-0/0/0 as a trunk port, with a firewall connected to it.

The other ports will be configured for different VLANs. The VLANs should not be able to talk to each other, but the firewall should be able to see the traffic from all VLANs coming across the ge-0/0/0 interface.

 

I have come across numerous examples of similar configurations but they don't seem to work on this switch for various reasons.

 

I don't have the firewall here, so I am using two workstations.

 

Here is an example of a simple configuration that sets up vlans and allows them to talk to each other, as a test:

 

[edit interfaces ge-0/0/4 unit 0]
set description “Sales server port”
set family ethernet-switching vlan members blue
exit

[edit interfaces ge-0/0/6 unit 0]
set description “Sales wireless access point port”
set family ethernet-switching vlan members blue
exit

[edit interfaces ge-0/0/0 unit 0]
set description “Firewall port”
set family ethernet-switching vlan members red
exit

[edit interfaces ge-0/0/2 unit 0]
set description “Support wireless access point port”
set family ethernet-switching vlan members red
exit

Configure VLANs and IRB:
[edit vlans]
set blue vlan-id 100
set red vlan-id 200
exit

[edit interfaces]
set irb unit 100 family inet address 192.168.2.1/24
set irb unit 200 family inet address 192.168.3.1/24
exit

[edit vlans]

set blue l3-interface irb.100
set red l3-interface irb.200

commit

 

I tried to set up ge-0/0/0 as a trunk port:

[edit interfaces ge-0/0/0]

 

set unit 0 family ethernet-switching interface-mode trunk

set unit 0 family ethernet-switching vlan members all

commit

 

This commit succeeds. however, when I connect to this interface, the route does not show as active, and the device does not show up in the arp table.

I figured once I get all VLANs talking to the "firewall" port, I can shut off routing between VLANs.

I can not seem to find a working example for port trunking for the EX3400.

I've tried resetting to factory default and starting from scratch multiple times but the other configurations I'm trying either will not commit for various reasons or the switch does not support the commands in the examples given, as far as I can tell.

 

I just need a simple example of trunking for the EX3400,

 

Any advice /suggestions welcome,

2 REPLIES 2
Highlighted
Ethernet Switching

Re: EX3400 Junos: 18.1R1.9 trunk port set up

‎03-07-2019 06:08 PM

Hi Simon,

 

The configuration you need is ELS style configuration for trunk port, and what you have posted should work, for reference:

https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/getting-started-els.html

 

Please confirm the ge-0/0/0 lists for all the ports using CLI command "show vlans" and note that the ARP entry for the device will show up on the irb.  So if you look for an ARP Entry, look for IPs learnt on irb.100 and irb.200 from the output of CLI command "show arp no-resolve".

 

In this case, I suspect there is either an issue with the IP/subnet mask assignment of the device or any firewall filter blocking traffic.  Could you please check and share the IP/mask of the device connected on ge-0/0/0?

 

Also check for any filters applied on loopback interface that's inadvertently blocking communication to the IRB.

 

Hope this helps.

 

Regards,
-r.

--------------------------------------------------

If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated :).

 

 

Highlighted
Ethernet Switching

Re: EX3400 Junos: 18.1R1.9 trunk port set up

‎03-07-2019 07:28 PM

@Simon.Tyler wrote:

Hello,

......

I don't have the firewall here, so I am using two workstations.

....

This commit succeeds. however, when I connect to this interface, the route does not show as active, and the device does not show up in the arp table.

 

What device is connected to the trunk port? is it a firewall or workstation? As per your post you are using workstations. Since it is a trunk port, vlan-tagging should be enabled on firewall or workstation. By default workstation will not support vlan-tagging. If it is supported enable vlan-tagging on workstation and assign ip address and then try to ping it from switch and arp-table will be populated.

 


 

Thanks,
Nellikka
JNCIE x3 (SEC #321; SP #2839; ENT #790)
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
Feedback