SRX Services Gateway
Highlighted
SRX Services Gateway

SRX 240 Cluster Inter-Vlan Routing

[ Edited ]
‎11-17-2014 02:25 PM

Hi dear all , i want to create inter-vlan routing on reth interfaces 

 

Can Anybody help me

Please Give me an example Configuration

I will inform that Junos Version 12.1X44

 

 

Thanks In advance

Regards Razmik

 

 

7 REPLIES 7
Highlighted
SRX Services Gateway

Re: SRX 240 Cluster Inter-Vlan Routing

‎11-17-2014 08:32 PM

Do you have a sample topology diagram ??

 

 

Thanks,

Suraj

Thanks,
Suraj
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too
Highlighted
SRX Services Gateway

Re: SRX 240 Cluster Inter-Vlan Routing

‎11-17-2014 10:30 PM

No 

 

 

 

set interfaces  vlan-tagging

 

set interfaces  unit 10 vlan-id 10

set interface  unit 10 family inet address x.x.x.x/x

set interfaces  unit 20 vlan-id 20

set interface  unit 20 family inet address x.x.x.x/x

set interfaces  unit 30 vlan-id 30

set interface  unit 30 family inet address x.x.x.x/x

 

 

Highlighted
SRX Services Gateway

Re: SRX 240 Cluster Inter-Vlan Routing

‎11-17-2014 10:41 PM

 

yes you can Razmik don't forget to put the interfaces in the right Security zone and set some rules to accept / allow traffic between the "vlans"

 

Set security zone security-zone vlan10  interfaces reth5.10 host-inbound-traffic system-services ping

Set security zone security-zone vlan20  interfaces reth5.20 host-inbound-traffic system-services ping

Set security zone security-zone vlan30  interfaces reth5.30 host-inbound-traffic system-services ping

 

 

then some policy to allow traffic from vlan10 to vlan20 ( the policy below accepts all traffic between the (zones)vlans!!!!

 

set security policies from-zone vlan10 to-zone vlan20 policy allow_all match source-address any

set security policies from-zone vlan10 to-zone vlan20 policy allow_all match destination-address any

set security policies from-zone vlan10 to-zone vlan20 policy allow_all match application any

set security policies from-zone vlan10 to-zone vlan20 policy allow_all then permit

 

Policy from vlan20 to vlan10

set security policies from-zone vlan20 to-zone vlan10 policy allow_all match source-address any

set security policies from-zone vlan20 to-zone vlan10 policy allow_all match destination-address any

set security policies from-zone vlan20 to-zone vlan10 policy allow_all match application any

set security policies from-zone vlan20 to-zone vlan10 policy allow_all then permit

 

 

hope this helps a bit!

Marc



-----------------------------------------------------------------
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too
-----------------------------------------------------------------
Highlighted
SRX Services Gateway

Re: SRX 240 Cluster Inter-Vlan Routing

‎11-18-2014 07:05 AM

When I set this got this error message can anybody help me ?

 

root@srx# set interfaces reth5 vlan-tagging

{secondary:node1}[edit]
root@srx# commit
[edit interfaces reth5]
  'unit 0'
     VLAN-ID must be specified on tagged ethernet interfaces
error: configuration check-out failed

Highlighted
SRX Services Gateway

Re: SRX 240 Cluster Inter-Vlan Routing

‎11-18-2014 07:09 AM

Hello.

 

"unit 0" is not allowed when the interface is configured for vlan-tagging.

 

Can you delete it?

 

can you provide output of "show interface reth5 | display set"?

 

Regards,

Sam

Highlighted
SRX Services Gateway

Re: SRX 240 Cluster Inter-Vlan Routing

‎11-18-2014 07:24 AM

{secondary:node1}[edit]
root@srx# show interfaces reth5
redundant-ether-options {
    redundancy-group 5;

}

 

 

 

and this is a config

 

set interfaces reth5 vlan-tagging

set interfaces reth5 unit 10 vlan-id 10

set interface reth5 unit 10 family inet address 192.168.100.1/29

 

Thanks In advance

Highlighted
SRX Services Gateway

Re: SRX 240 Cluster Inter-Vlan Routing

‎11-18-2014 07:30 AM

Hmmm.  The interface configuration looks fine.

 

I have a question regarding the redundancy-group #.

 

Do you actually have "redundancy-group 5" configured under "chassis cluster"?

 

If you're doing Active-Passive, then I would put all the reth interfaces as part of redundancy-group 1.

 

Sam

Feedback