Ethernet Switching
Highlighted
Ethernet Switching

stacked-vlan-tagging and Q-in-Q with SRX240 and EX3300

[ Edited ]
‎06-14-2019 06:35 PM

Hello experts,

 

I have the topology that is shown in the attachment.

topology.JPG

 

I configured the SRX240 to enable stacked-vlan-tagging and Dual tagged but I have no connectivity between the PC and the SRX240. Below the configuration

SRX240H

lab> show configuration interfaces ge-0/0/1
description "INTERFACE QINQ";
stacked-vlan-tagging;
mtu 9000;
unit 117 {
    description "SUB-INTERFAZ S-VLAN 1100 C-VLAN 700";
    vlan-tags outer 0x8100.1100 inner 0x8100.700;
    family inet {
        mtu 1500;
        address 10.10.10.10/24;
    }
}

EX3300

lab@SW02> show configuration interfaces ge-0/0/9
mtu 9216;
unit 0 {
    family ethernet-switching;
}

{master:0}
lab@SW02> show configuration interfaces ge-0/0/43
mtu 9216;
unit 0 {
    family ethernet-switching {
        port-mode trunk;
        vlan {
            members vlan1100;
        }
    }
}

lab@SW02> show configuration vlans vlan1100
description "2da S-VLAN";
vlan-id 1100;
interface {
    ge-0/0/9.0;
}
dot1q-tunneling {
    customer-vlans [ 2-4094 native ];
}

The PC adds the C-VLAN tag id 700

The PC does not have conectivity with the SRX240. The Q-in-Q in the EX3300 is working well and it has a valid license to use QinQ, morover it was working with a M320. I think the problem is SRX240.

 

Could you help me please?

 

Thanks in advance

dannriag
6 REPLIES 6
Ethernet Switching

Re: stacked-vlan-tagging and Q-in-Q with SRX240 and EX3300

‎06-14-2019 07:24 PM

Hi danny,

 

Please check the following and try to flip VLAN assignment method just to be sure that's not acting up:
a) On EX: 
show vlans vlan1100 extensive
delete vlans vlan1100 interface ge-0/0/9.0
set interfaces ge-0/0/9.0 family ethernet-switching members vlan vlan100

 

b) On SRX, are you receiving packets initiated from the PC, say ARP? Can do this with a firewall filter to count packets on ingress or perhaps "monitor traffic interface ge-0/0/1 no-resolve".

 

Hope this helps.

 

Regards,
-r.

--------------------------------------------------

If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated Smiley Happy.

Ethernet Switching

Re: stacked-vlan-tagging and Q-in-Q with SRX240 and EX3300

‎06-14-2019 09:41 PM

Hello

 

I flipped VLAN assignment as you suggested me but the behavior is the same.

On SRX. I configured a firewall filter as shown the KB11709 but it does not create the file.

 

On EX, I can see both mac address (PC and SRX) but they do not have conectivity.

 

 

 

 

 

dannriag
Ethernet Switching

Re: stacked-vlan-tagging and Q-in-Q with SRX240 and EX3300

‎06-17-2019 07:32 PM

Hi Danny,

 

Please confirm if you have "set ethernet-switching-options dot1q-tunneling ether-type 0x8100" on the EX.

 

Also, please try another technique to narrow down if the packets reach the SRX.  Like apply an ingree FW filter on ge-0/0/1 counting the interesting traffic or "monitor traffic interface ge-0/0/1" (if traffic is destined to the SRX itself).

 

Hope this helps.

 

Regards,
-r.

--------------------------------------------------

If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated Smiley Happy.

Ethernet Switching
Solution
Accepted by topic author dannyriano@gmail.com
‎06-28-2019 05:39 AM

Re: stacked-vlan-tagging and Q-in-Q with SRX240 and EX3300

‎06-19-2019 07:58 AM

Hello

 

I found this:
"...

The outer tag VLAN ID range is from 1 through 511 for normal interfaces, and from 512 through 4094 for VLAN CCC or VLAN VPLS interfaces. The inner tag is not restricted.

..." -

https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/interfaces-configuring-d...

I think that is the reason why the SRX240 does not work. I changed the S-VLAN from 1100 to 444 and stacked-vlan-tagging to flexible-vlan-tagging, finally it works. I did not know it

SRX240 config:

 

lab> show configuration interfaces ge-0/0/1
description "INTERFACE QINQ";
flexible-vlan-tagging;
mtu 9000;
unit 117 {
    description "SUB-INTERFAZ S-VLAN 1100 C-VLAN 700";
    vlan-tags outer 0x8100.444 inner 0x8100.700;
    family inet {
        mtu 1500;
        address 10.10.10.10/24;
    }
}

 

 

dannriag
Ethernet Switching

Re: stacked-vlan-tagging and Q-in-Q with SRX240 and EX3300

‎06-19-2019 08:18 AM

Good rule of thumb - what applies specifically to MX, often also applies to SRX.  Just a general rule, but I believe much more right than wrong.  One difference area might be L2 with Branch SRX, which has no real MX equivalent. 

 

HTH

Ethernet Switching

Re: stacked-vlan-tagging and Q-in-Q with SRX240 and EX3300

‎06-28-2019 05:40 AM

Thanks for your help

dannriag