Junos
Highlighted
Junos

Flexible-vlan-tagging on multiple ports

‎09-08-2019 12:18 PM

Hi Guys,

 

I have a little bit of a challenge.
On this moment i have 1 port (let say port 0/0/0) configured as flexible-vlan-tagging
This is because my network is untagged but my Wifi AP's are tagged.
Works great but now i want to achieve the following.

 

I want to expand this 1 port to 2 ports

So actually a little switch with the Untagged / Tagged Inet Units onto it.

I cannot get this done.

 

I can make a little switchgroup (let say port 0/0/1, 0/0/2, 0/0/3) and hardwire port 0/0/0 to 0/0/1 so i have the Inet units on the switch.

 

But i think this is not the most beautiful solution. I also lose 2 ports

 

I already tried something with vlan interfaces and vlans but then i have to give up a vlan-id and that is the problem. Except my AP's

my devices accept no tags.

 

As far as i know Flexible-vlan-tagging is only available on ethernet devices.

 

Below is a snippet of my current config.

 

interfaces {
    fe-0/0/7 {
        flexible-vlan-tagging;
        native-vlan-id 2;
        unit 0 {
            vlan-id 2;
            family inet {
                address 192.168.2.254/24;
            }
        }
        unit 10 {
            vlan-id 10;
            family inet {
                address 192.168.10.254/24;
            }
        }
       }
}

Below is a piece of config what isn't working

 

interfaces {
    interface-range switch {
        member-range fe-0/0/4 to fe-0/0/7;
        unit 0 {
            family ethernet-switching {
                port-mode trunk;
                vlan {
                    members [ default kids ];
                }
            }
        }
    }
    vlan {
        unit 1 {
            family inet {
                address 192.168.2.254/24;
            }
        }
        unit 10 {
            family inet {
                address 192.168.10.254/24;
            }
        }
    }
}
security {
    zones {
        security-zone Data {
            host-inbound-traffic {
                system-services {
                    ping;
                }
            }
            interfaces {
                vlan.1;
            }
        }
    }
}
vlans {
    default {
        vlan-id 1;
        l3-interface vlan.1;
    }
    kids {
        vlan-id 10;
        l3-interface vlan.10;
    }
}

I hope somebody can put me in the right direction.

 

Regards,

 

Robbert

6 REPLIES 6
Junos

Re: Flexible-vlan-tagging on multiple ports

‎09-12-2019 01:43 PM

Hi,

 

Your problem is not very clear to me, kindly rephrase it.

//Regards

AD

 

Junos

Re: Flexible-vlan-tagging on multiple ports

‎09-12-2019 02:09 PM

Hi Adwivedi,

 

I have an SRX240

my environment accept no vlan tags except for my AP's

They are connected on the same wiring.

So i have to use flexible-vlan-tagging

 

When i just have 1 port for example ge-0/0/0 i can set flexible-vlan-tagging and native-vlan

So everything without any tag is on the native vlan and everything with a tag is on the corresponding vlan.

 

So actually i want this

 

interfaces {
    ge-0/0/0 {
        flexible-vlan-tagging;
        native-vlan-id 2;
        unit 0 {
            vlan-id 2;
            family inet {
                address 192.168.2.254/24;
            }
        }
        unit 10 {
            vlan-id 10;
            family inet {
                address 192.168.10.254/24;
            }
        }
       }
}

but i want it reachable over multiple ports (ge-0/0/0 and ge-0/0/1)

So actually i want to create a little switch of 2 ports and assign this config to it.

 

What i have working now as a workaround is

 

port ge-0/0/0 configured as above

port ge-0/0/1, ge-0/0/2 and ge-0/0/3 as family ethernet-switching

a short patchcable between ge-0/0/0 and ge-0/0/1

 

so port ge-0/0/2 and port ge-0/0/3 can reach the untagged and tagged vlans because it is just a little switch.

 

But now i throw away 2 ports so i want to get rid of the patchcable.

 

 

Junos

Re: Flexible-vlan-tagging on multiple ports

‎09-12-2019 04:51 PM

Hi Robbert

 I see in the modified configuration that you are missing the native-vlan-tagging and the use of vlan 1 instead of 2. Is that expected? Please refer to the below doc for an IRB based configuration

https://www.juniper.net/documentation/en_US/release-independent/solutions/information-products/pathw...

 

Regards

 

Junos

Re: Flexible-vlan-tagging on multiple ports

‎09-13-2019 01:42 AM

 Hi Shijot,

 

I don't really understand what you mean with "I see in the modified configuration that you are missing the native-vlan-tagging and the use of vlan 1 instead of 2. Is that expected?"

What block of code are you referring to?

 

I will take a look to irb again but i already tried to achieve this with an irb interface and a vlan interface.
The problem is that flexible-vlan-tagging is not allowed on vlan or irb interfaces.

 

Maybe i don't have to use flexible-vlan-tagging at all but that is how i achieved it now.

Is there another way to mix the use of vlan tags and untagged traffic on the same interface.

 

Regards,

 

Robbert

Junos

Re: Flexible-vlan-tagging on multiple ports

‎09-13-2019 12:05 PM

Hi Robert

Vlan tagging on the irb is not needed. Please refer "Routing Traffic between VLANs" in the doc below

https://www.juniper.net/documentation/en_US/release-independent/solutions/information-products/pathw...

 

I was earlier referring to the native-vlan-id in the configuration below

interfaces {
    fe-0/0/7 {
        flexible-vlan-tagging;
        native-vlan-id 2; <<<<<<<<
        unit 0 {
            vlan-id 2;

  If this is correctly addressed, please check the security policy also.

Junos

Re: Flexible-vlan-tagging on multiple ports

‎09-13-2019 12:31 PM

Hi Shijot,

 

It has nothing to do with policy's for now.

I can't even commit my config when i'm trying something else with flexible-vlan-tagging in combination with irb or vlan interfaces.

 

It is in theory really simple what i want to achieve.

I want the config as below but on multiple ports on the srx.

So the srx is actually a little switch with some l3 adresses on it.

 

I could connect a switch to port ge-0/0/0 to achieve the same but i don't want to use an extra switch because i have plenty of free ports on the SRX

 

I also could make a little interfacegroup of type ethernet-switching and connect a cable from ge-0/0/0 to that interfacegroup but then i'm losing 2 ports.

 

I just want this config on 2 or more ports Smiley Wink

It would be really simple if all my traffic was tagged but unfortunately it isn't what makes it more difficult in my opinion.

 

interfaces {
    ge-0/0/0 {
        flexible-vlan-tagging;
        native-vlan-id 2;
        unit 0 {
            vlan-id 2;
            family inet {
                address 192.168.2.254/24;
            }
        }
        unit 10 {
            vlan-id 10;
            family inet {
                address 192.168.10.254/24;
            }
        }
       }
}

Attached a image how i fixed it for now

ge-0/0/0 is the interface configured as above

ge-0/0/4 ge-0/0/5 ge-0/0/6 ge-0/0/7 is configured as below

 

interface-range switch {
    member-range ge-0/0/4 to ge-0/0/7;
    unit 0 {
        family ethernet-switching;
    }
}

so with the little patchcable port ge-0/0/4 ge-0/0/5 ge-0/0/6 ge-0/0/7 is connected to port ge-0/0/0

 

This is the situation i want to have but without the little patchcable Smiley Wink

 

I hope this clarify my problem.

 

Regards,

 

Robbert

Attachments