SRX

Hello guys,

 

i'm a beginner in juniper (screenOS and Junos) and i'm now converting a screenOS config to junos 11.4 config (cluster).

 

in the screenOS the ethernet0/0 has an ip address and contains some vlan:

set interface ethernet0/0 ip 192.168.1.4/24
set interface ethernet0/0 nat
set interface ethernet0/0.2 ip 10.87.32.4/29
set interface ethernet0/0.2 route
set interface ethernet0/0.3 ip 10.88.30.1/29
set interface ethernet0/0.3 route

 

i want to do the same in junos, when i add the vlans it's ok but when i want to attribute an ip address to the reth0 the junos shows an error:

 

(i tested set interfaces reth0 unit 0 family inet @ip and

 set interfaces reth0 unit 0 vlan-id 0

 set interfaces reth0 unit 0 family iner address @ip)

 

below the rth0 config:

 

set interfaces reth0 vlan-tagging
set interfaces reth0 redundant-ether-options redundancy-group 1
set interfaces reth0 unit 20 vlan-id 20
set interfaces reth0 unit 20 family inet address 10.104.40.33/27
set interfaces reth0 unit 30 vlan-id 30
set interfaces reth0 unit 30 family inet address 10.104.40.94/27
set interfaces reth0 unit 134 vlan-id 134
set interfaces reth0 unit 134 family inet address 10.87.134.86/29

 

Thank you for your support,

 

Kind Regards.

Commands look good to me. What errors are you getting? Did you already add the physical interfaces to your redundant ethernet interface like this, for example?
# set interfaces ge-0/0/6 gigether-options redundant-parent reth0

Thank you very much for your reply.

 

Yes i added the phyiscals interfaces to the redundancy group.

 

please see below the error:

 

1 when i add this command : set interfaces reth0 unit 0 vlan-id 0 family inet address @ip

 

the error is : [edit interfaces reth0]
  'unit 0'
    vlan-id 0 is reserved onreth interface
error: configuration check-out failed

 

2 - when i add this command : set interfaces reth0 unit 0 family inet address @ip

 

'unit 0'
     VLAN-ID must be specified on tagged ethernet interfaces
error: configuration check-out failed

Hello,

 

Please don't assign VLAN-ID 0 as its reserved one.

Try with any other VLAN ID and it should work.

 

 

-Sarab

 

===================================================================================
Pls click the button "Accept as Solution" if my post helped to solve your problem

Hello sarab

 

thank you for your reply.

 

i'm translating the config from screenOS, so i can't make any change.

 

if you see my previuos post, you will know that the ethernet0/0 has an ip address.

 

How can i do the same in junos?

 

BR,

Hi,

 

Corresponding Netscreen config , doesn't contain any vlan tag on e0/0

 

set interface ethernet0/0 ip 192.168.1.4/24
set interface ethernet0/0 nat

 

So you can assign an IP directly on reth0 unit 0 , without assigning it to any vlan.

 

Regards

Sarab

 

===================================================================================
Pls click the button "Accept as Solution" if my post helped to solve your problem

Hi

 

when i try this, i got this error:

 

'unit 0'
     VLAN-ID must be specified on tagged ethernet interfaces
error: configuration check-out failed

hello.

 

it takes a bit more to have both untagged and tagged traffic using the same physical interface.

 

If you upgrade to 12.1X44 or later, and if it's a branch srx, you can use flexible-vlan-tagging (though i'm not sure if it'll work on reth interface):

 

Replace VLAN 3333 with whatever is the actual native vlan # on the switch.

 

[edit interfaces ge-0/0/0]
flexible-vlan-tagging;
native-vlan-id 3333;
unit 3333 {
    vlan-id 3333;
    family inet {
        address 192.168.1.4/24;
    }
}
unit 20 {
    vlan-id 20;
    family inet {
        address 10.104.40.33/27;
    }
}
unit 30 {
    vlan-id 30;
    family inet {
        address 10.104.40.94/27;
    }
}
unit 134 {
    vlan-id 134;
    family inet {
        address 10.87.134.86/29;
    }
}

 

Otherwise, you'll have to configure the interface for ethernet-switching:

 

[edit interfaces ge-0/0/0]
unit 0 {
    family ethernet-switching {
        port-mode trunk;
        vlan {
            members [ VLAN3333 VLAN20 VLAN30 VLAN134 ];
        }
        native-vlan-id VLAN3333;
    }
}

[edit interfaces vlan]
unit 3333 {
    family inet {
        address 192.168.1.4/24;
    }
}
unit 20 {
    family inet {
        address 10.104.40.33/27;
    }
}
unit 30 {
    family inet {
        address 10.104.40.94/27;
    }
}
unit 134 {
    family inet {
        address 10.87.134.86/29;
    }
}


[edit vlans]
VLAN20 {
    vlan-id 20;
    l3-interface vlan.20;
}
VLAN30 {
    vlan-id 30;
    l3-interface vlan.30;
}
VLAN134 {
    vlan-id 134;
    l3-interface vlan.134;
}
VLAN3333 {
    vlan-id 3333;
    l3-interface vlan.3333;
}

 

 

Let us know if this works for you.

 

Regards,

Sam

Pls delete the vlan tagging command for reth 0 and then try to configure up on it.

Commit will succeed.

I missed that part. Sarab is correct. You cannot assign vlan-id 0. 0 is reserved by the system and it use 0 to represent its untagged vlan for internal communications. So you need to delete the vlan-id 0 from the interface reth0 and use another vlan-id as shown.

If I understand your requirement correctly, you want one subinterface not to tag on L2 and others to add VLAN-tag to traffic.

 

reth0.0 - no vlan tag

reth0.20 - vlan-id 20

reth0.30 - vlan-tag 30

 

In this case you can use native vlan-id

It is supported from 12.1X44 on SRX branch

http://kb.juniper.net/InfoCenter/index?page=content&id=KB14586&smlogin=true

 

I hope this helps.

 

hello,

 

thank you all for your replies.

 

My problem is the customer won't change anything to the config (switch & routers). we will migrate to a 2*SRX3600 with 11.4 junos.

 

now they have a netscreen in cluster. and the pyhisycals interfaces have ip addresses like a wrote in my previous posts.and i don"t see how i could do the same in junos for the reth0

 

BR,

Hello.

I think we all assumed you were going with a branch SRX.

Unfortunately, with SRX3400 (high end SRX) a port must be either configured as an ACCESS port or TAGGED port.

As of yet, having both untagged and tagged VLANs on the same interface is not supported. I'm REALLY hoping juniper will fix this in the future.

So, unfortunately, if the customer is to migrate to srx3400, they will need to change all the VLANs on reth0 to tagged/trunked.

Regards
Sam

Hi,

 

thank you very much for your reply.

 

it's clear to me now. i spent a lot of time finding an answer, i thought i'm in another world 🙂

 

 

BR,

Actually Juniper does have a feature like that. You can can check out "tagged-access-mode" with native-vlan-id. I do not remember which device it is supported on, but it allows similar functionality for Access ports as you would get for trunk ports with native-vlan-id. If my memoryserves me right it is supported on the SRX, again, you can verify but really sweet option not discussed publicly.