SRX 240B Cluster Physical Interface to Vlan Sub-interface migration implications
I am trying to change the configuration of an old SRX240B running on version JUNOS Software Release [12.1X46-D40.2].
Its is an active-standby cluster , where IP is currently assigned on reth interfaces mapped to physical interfaces. We want to move the ip configuration from physical interface to vlan sub-interfaces.
I have already prepared the configuration for the activity but i am not sure what implications it will have on the associated zones, nat and policies of the physical interfaces, will they need to be changed as well.
Thanks in advance...!!!
Backup of existing config and new config script attached with actual ips removed.
for quick response, so the resultant config should be like below ? And as you already stated nothing else need to be altered and their wont be any implications.
set interface reth0 vlan-tagging set interfaces reth0 redundant-ether-options redundancy-group 1 set interfaces reth0 unit 10 vlan-id 10 -----------------------> Where 10 is vlan tag number set interfaces reth0 unit 10 family inet address 'X.X.X.X/24' delete security zones security-zone MDMZ interfaces reth0.0 set security zones security-zone MDMZ interfaces reth0.10
Need 1 more help, i tried configuring multiple vlan tags on a single reth, it didn't worked. Configuration got committed but i wasn't getting input packets, though output packets were visible. Ping etc not working The requirement is to consolidate multiple firewall-switch connections on a single firewall interface, firewall cluster is in active-standby. Switch side (a Cisco) is a trunk port with tagged vlans. I tried using following config but no luck.
set interfaces ge-0/0/3 gigether-options redundant-parent reth0 set interfaces ge-5/0/3 gigether-options redundant-parent reth0 set interfaces reth0 vlan-tagging set interfaces reth0 redundant-ether-options redundancy-group 1 set interfaces reth0 unit 3087 vlan-id 3087
set interfaces reth0 unit 3086 vlan-id 3086
set interfaces reth0 unit 3087 family inet address 165.136.X.X/29
set interfaces reth0 unit 3086 family inet address 172.197.X.X/29 set vlans ABC vlan-id 3087
set vlans XYZ vlan-id 3086 set security zones security-zone ABC interfaces reth0.3087
set security zones security-zone ABC interfaces reth0.3086