I'm trying to set up a trunk between an SRX and an EX with the SRX acting as a sort of "router on a stick" (i.e. both subinterfaces on the trunk are configured for family inet and are routed ports). Here is the SRX side config:
vlan-tagging;
unit 0 {
vlan-id 12;
family inet {
address 192.168.195.21/30;
}
}
unit 1 {
vlan-id 13;
family inet {
address 192.168.195.25/29;
}
}
And here is the EX side config (ge-0/0/15)
native-vlan-id 12;
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members all;
}
}
}
vlans {
TEST1 {
vlan-id 12;
l3-interface irb.0;
}
TEST2 {
vlan-id 13;
}
}
Notice the native-vlan-id is set, because I also have this:
dot1x {
authenticator {
authentication-profile-name WIRED_AUTH;
interface {
ge-0/0/15.0 {
disable;
}
all {
supplicant multiple;
retries 3;
transmit-period 10;
reauthentication 7200;
server-timeout 10;
maximum-requests 3;
}
}
}
}
Dot1x is configured, but it's explicitly disabled for port ge-0/0/15 (the trunk port back to the SRX). But, apparently I need to set the native-VLAN, because I get this message if I don't:
[edit interfaces ge-0/0/15 unit 0 family ethernet-switching interface-mode]
'interface-mode trunk'
Must configure native-vlan-id but no flexible-vlan-tagging for dot1x enabled port
error: commit failed: (statements constraint check failed)
Now, it seems like the logical thing to do would be just set up a native VLAN on the SRX, but it appears that I can't do that with a routed-port on the SRX:
[edit interfaces ge-0/0/1 native-vlan-id]
'native-vlan-id 12'
native-vlan-id can be specified with flexible-vlan-tagging mode or with interface-mode trunk
So, what's the right way to do this? I'd rather not set up the SRX port for ethernet-switching and need to configure IRB ports if I can avoid it, but I'm not sure how to get around this.