Junos
Junos

SRX 240B Cluster Physical Interface to Vlan Sub-interface migration implications

‎06-29-2018 05:08 AM

Hello Experts,

 

I am trying to change the configuration of an old SRX240B running on version JUNOS Software Release [12.1X46-D40.2].

Its is an active-standby cluster , where IP is currently assigned on reth interfaces mapped to physical interfaces. We want to move the ip configuration from physical interface to vlan sub-interfaces. 

I have already prepared the configuration for the activity but i am not sure what implications it will have on the associated zones, nat and policies of the physical interfaces, will they need to be changed as well.

Thanks in advance...!!!

 

Backup of existing config and new config script attached with actual ips removed.

Attachments

5 REPLIES 5
Junos

Re: SRX 240B Cluster Physical Interface to Vlan Sub-interface migration implications

‎06-29-2018 07:01 AM

You will have to unassign reth0.0 and reth2.0 from security zones and assign reth0.x, reth0.y, reth2.x and reth2.y.

NAT and security policies are not affected.

Regards, Wojtek

Junos

Re: SRX 240B Cluster Physical Interface to Vlan Sub-interface migration implications

‎06-29-2018 09:12 AM

Thanks Wojtek,

 

for quick response, so the resultant config should be like below ? And as you already stated nothing else need to be altered and their wont be any implications.

 

set interface reth0 vlan-tagging
set interfaces reth0 redundant-ether-options redundancy-group 1
set interfaces reth0 unit 10 vlan-id 10 -----------------------> Where 10 is vlan tag number
set interfaces reth0 unit 10 family inet address 'X.X.X.X/24'
delete security zones security-zone MDMZ interfaces reth0.0
set security zones security-zone MDMZ interfaces reth0.10

Junos
Solution
Accepted by topic author Sharad Pandey
‎06-30-2018 10:30 PM

Re: SRX 240B Cluster Physical Interface to Vlan Sub-interface migration implications

‎06-29-2018 11:36 AM

Yes.

 

Regards, Wojtek

Junos

Re: SRX 240B Cluster Physical Interface to Vlan Sub-interface migration implications

‎06-30-2018 10:31 PM

Thanks and really appreciate your efforts to help verify the config and its implications.

Highlighted
Junos

Re: SRX 240B Cluster Physical Interface to Vlan Sub-interface migration implications

‎08-01-2018 12:28 AM

Hi Wdudys/Experts,

 

Need 1 more help, i tried configuring multiple vlan tags on a single reth, it didn't worked. Configuration got committed but i wasn't getting input packets, though output packets were visible. Ping etc not working
The requirement is to consolidate multiple firewall-switch connections on a single firewall interface, firewall cluster is in active-standby. Switch side (a Cisco) is a trunk port with tagged vlans. I tried using following config but no luck.

 

set interfaces ge-0/0/3 gigether-options redundant-parent reth0
set interfaces ge-5/0/3 gigether-options redundant-parent reth0
set interfaces reth0 vlan-tagging
set interfaces reth0 redundant-ether-options redundancy-group 1
set interfaces reth0 unit 3087 vlan-id 3087

set interfaces reth0 unit 3086 vlan-id 3086

set interfaces reth0 unit 3087 family inet address 165.136.X.X/29

set interfaces reth0 unit 3086 family inet address 172.197.X.X/29
set vlans ABC vlan-id 3087

set vlans XYZ vlan-id 3086
set security zones security-zone ABC interfaces reth0.3087

set security zones security-zone ABC interfaces reth0.3086

 

Thanks...!!!