SRX

Hello all, 

I am losing my mind here trying to figure out what I am doing wrong with this config. I am off-site from the device and am attempting to do some testing of different configurations and routing between devices. I have only made a few physical connections, and was hoping to be able to use VLAN interfaces as subinterfaces on one of the physical ports so that I could have multiple logically separate subnets. 

I have tried using different unit numbers, and tried flexible vlan tagging but nothing seems to work. I have read probably 100 forum posts and articles that seem to have about 5 different ways of doing this and none of them seem to work, plus most aren't dealing with packet-mode and feel there is a bit of a disconnect in the support from one mode to another. 

I have the physical all set up as a point to point link, but I would like to create another on the same physical port, tagged with VLAN 100 while leaving the below on Unit 0 as untagged. 

I would like to place 172.20.20.1/30 on VLAN 100 on ge-0/0/2

ge-0/0/2 {
unit 0 {
family inet {
address 12.12.12.181/30;

Any ideas? 

Hello,

---

@frontdist wrote:

would like to create another on the same physical port, tagged with VLAN 100 while leaving the below on Unit 0 as untagged. 

 

I would like to place 172.20.20.1/30 on VLAN 100 on ge-0/0/2

 

ge-0/0/2 {
unit 0 {
family inet {
address 12.12.12.181/30;

 

Any ideas? 

 

---

Yes. Try the following config snippet:

    ge-0/0/2 {
        flexible-vlan-tagging;
        native-vlan-id 1;
        unit 0 {
            vlan-id 1;
            family inet {
                address 12.12.12.181/30;
            }
        }
        unit 100 {
            vlan-id 100;
            family inet {
               address 172.20.20.1/30;
	   }
        }
    }

HTH

Thx
Alex

I have done the following: 

ge-0/0/2 {
flexible-vlan-tagging;
native-vlan-id 1;
unit 0 {
vlan-id 1;
family inet {
address 12.12.12.181/30;
}
}
unit 100 {
vlan-id 100;
family inet {
address 172.20.20.1/30;
}
}

I can now ping 172.20.20.2 (the other end on vlan 100), however I can no longer ping 12.12.12.182 which is on the same interface as 172.20.20.2 on the other device? 

When I remove the VLAN information, I can once again ping 12.12.12.182 address. 

I have also added multiple additional VLAN's and untis to the same interface and every one of them is able to ping with the exception of the network that is on the physical interface. 

I have also moved the network that was on the unit 0 native vlan to a tagged vlan under another unit, replicated the configuration at the far end device (a sonicwall) and was able to get it to work. 

It seems I am missing something with the ability to combine tagged and untagged on the same port. This becomes a problem if the far end device doesn't support features on a subinterface and only on a physical interface. As a workaround one could throw a switch in the middle to strip or add tagging as required, but I feel like on a device like this I should be able to make it work as I intend. 

Ok, so apparently there was a change in the default configuration with the newer firmware vs the older firmware and the switching. 

When I ran: 

set protocols l2-learning global-mode switching

It began to work... There are a million question on the board here about VLAN implementations, so I hope like hell that this helps someone else.