Junos
Junos

Multiple vlan interface on single reth on 240B

‎08-05-2018 11:22 AM

Hi Experts,

 

Need urgent help, i tried configuring multiple vlan tags on a single reth, it didn't worked. Configuration got committed but i wasn't getting input packets, though output packets were visible. Ping etc not working so had to revert back changes.
The requirement is to consolidate multiple firewall-switch connections on a single physical interface which is mapped on reth0, firewall cluster is in active-standby. Switch side (a Cisco) is a trunk port with tagged vlans. I tried using following configuration to map 2 vlan-interfaces on reth0, but no luck.

 

set interfaces ge-0/0/3 gigether-options redundant-parent reth0
set interfaces ge-5/0/3 gigether-options redundant-parent reth0
set interfaces reth0 vlan-tagging
set interfaces reth0 redundant-ether-options redundancy-group 1
set interfaces reth0 unit 3087 vlan-id 3087

set interfaces reth0 unit 3086 vlan-id 3086

set interfaces reth0 unit 3087 family inet address 165.136.X.X/29

set interfaces reth0 unit 3086 family inet address 172.197.X.X/29
set vlans ABC vlan-id 3087

set vlans XYZ vlan-id 3086
set security zones security-zone ABC interfaces reth0.3087

set security zones security-zone ABC interfaces reth0.3086

 

Thanks...!!!!

7 REPLIES 7
Junos

Re: Multiple vlan interface on single reth on 240B

‎08-05-2018 01:08 PM

Your interface configuration is correct (though I suppose you mean for your example to say set security zones security-zone XYZ interfaces reth0.3086 and not ABC)

 

No inbound traffic could be a number of things:

1. Missing security policies on the srx

2. Misconfigured trunk vs access or missing vlans on Cisco side

 

A topology diagram as well as output would be helpful

show chassis cluster status

show int reth0 extensive

show configuration security

 

 

Highlighted
Junos

Re: Multiple vlan interface on single reth on 240B

‎08-05-2018 07:47 PM

Thanks for quick response. Yes its just copy paste iteration will recheck and confirm.

Junos

Re: Multiple vlan interface on single reth on 240B

3 weeks ago

Hello, what is the configuration for security zone "ABC"

Junos

Re: Multiple vlan interface on single reth on 240B

3 weeks ago

Sharad, when you say, it didnt work, what exactly is not working , no traffic on both vlans 3086 and 3087. 

Junos

Re: Multiple vlan interface on single reth on 240B

3 weeks ago

were you able to ping from Cisco switch side to the gateway Ips of these two vlans

set interfaces reth0 unit 3087 family inet address 165.136.X.X/29

set interfaces reth0 unit 3086 family inet address 172.197.X.X/29

Junos

Re: Multiple vlan interface on single reth on 240B

3 weeks ago

I assume SRX is gateway for the switch. if yes, how is rouitng configured on SRX

Junos

Re: Multiple vlan interface on single reth on 240B

3 weeks ago

Intrazone policy for security Zone "ABC" should be there