Ethernet Switching
Highlighted
Ethernet Switching

SRX345 global trans mode to switch mode

[ Edited ]
‎10-25-2016 03:29 AM

Hello Juniper community!
  Im new here so let me say Hello!

I am lack of information about configuration IRB interface on SRX345.

I read in other topic on this forum  that i need to change l2-learning global-mode to switching with this command:  set protocols l2-learning global-mode..

 

Configuration:

-version 15.1X49-D45;

-SRX's are configured now on default-mode (transparent-mode)

-SRX345 are in CHASSIS CLUSTER

-(most problematic thing) I dont have possibility to connect to them physically. Im connected to them by SSH - so i can not change config without 'commit confirmed' option. For obvious reason.

 

And questions (problems) that i have are:

1. When i change global mode  to   switching-mode  after reboot i will be able to connect to them without problem?

Is it changing routing or something that can cut me off after reboot?

 

2. Will 'commit confirmed' option still be in config after reboot?

 

Thanks in advance!

Some config:

 

show interfaces irb
unit 614 {
family inet {
address 10.118.228.1/26;
}
}

 

show vlans

dmz_614 {
vlan-id 614;
l3-interface irb.614;
}

 

show security zones:

security-zone dmz_614 {
host-inbound-traffic {
system-services {
ping;
ssh;
}
}
interfaces {
irb.614;
}
}

 

BR//

Bukem 

 

2 REPLIES 2
Highlighted
Ethernet Switching

Re: SRX345 global trans mode to switch mode

‎10-25-2016 04:32 AM

Not an SRX expert by any stretch of the imagination but without IRB how are you connecting via SSH to the SRX to start with, is it via FXP0?  If yes, then I believe (for sure?) that changing l2-learning global-mode should have no affect on your ability to reach the SRX after the reboot.

 

2nd if you want to use commit confirmed within a SRX cluster you must be in config exclusive to start with.  Otherwise the standby node will rollback even after a commit is entered on the master node.  In this situation you would need to perform a cluster conf-sync

 

https://www.juniper.net/techpubs/en_US/junos15.1x49-d40/topics/reference/command-summary/request-cha...

 

Hope this may help.  Again I am not an expert for SRX.

Highlighted
Ethernet Switching

Re: SRX345 global trans mode to switch mode

[ Edited ]
‎10-25-2016 05:39 AM

Thanks for Your reply - im connecting to SRX  via lo0 interface will this change anything? I just need to be 110% sure that global-mode change will not cutt me off..


And im only one person who do changes (login) to cluster. So im always in exclusive mode.

Im just scared about cutting off connection to SRX after reboot and havent tool to rollback.

 

PLease let me write more information about issue that I have:

Problem is that we cant connect/ping/tracert  our irb.614 interface gw from outside (reth5 interface with p2p subnet in untrust zone)  As You can see with lo0 there isnt problem with that. 

irb.614 is up and every physical interface member  dmz_614 zone is up too.

 

 

 

Feedback