SRX

last person joined: 19 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Trunk Port on SRX240 - Physical Interface UP UP, VLAN Down

    Posted 03-13-2019 08:57

    Hi All, 

     

    Following this guide: https://www.juniper.net/us/en/local/pdf/app-notes/3500196-en.pdf (starting on page 22), I've been trying to configure a trunk port on my SRX240 that is directly connected to my server. 

     

    I have configured everything according to the other trunk ports I've got working correctly (however, all on the EX series) and it does not seem to be working on on my SRX. These are all RVI's and I can confirm they are assigned to the correct security zone and VRF, there are security policies in place, and the server is configured correctly. 

     

    My physical interface is up:

     

    ge-0/0/1                up    up
ge-0/0/1.0              up    up

    VLANs are down:

    Interface               Admin Link Proto    Local                 Remote
vlan                    up    up
vlan.1                  up    down inet     10.200.200.254/24
vlan.2                  up    down inet     1.1.1.1/24

    Interface is not showing up in ethernet-switching interfaces:

    0> show ethernet-switching interfaces

    Interface config:

     

    unit 0 {
    family ethernet-switching {
        port-mode trunk;
        vlan {
            members [ vlan-lab-a vlan-lab-b ];
        }
    }
}

    VLAN configs:

     

    unit 1 {
    family inet {
        address 10.200.200.254/24;
    }
}
unit 2 {
    family inet {
        address 1.1.1.1/24;
    }
}

    vlan-lab-a {
    vlan-id 3966;
    l3-interface vlan.1;
}
vlan-lab-b {
    vlan-id 3967;
    l3-interface vlan.2;
}

    Security zones:

    host-inbound-traffic {
    system-services {
        all;
    }
    protocols {
        all;
    }
}
interfaces {
    ge-0/0/1.0;
    vlan.1;
    vlan.2;
}

    At this point I'm not sure where to go. 

     



  • 2.  RE: Trunk Port on SRX240 - Physical Interface UP UP, VLAN Down

    Posted 03-13-2019 09:22

    Hi,

     

    I believe the configuration looks fine, except for ge-0/0/1.0 that doesnt need to be configured in a security-zone.

     

    Based on the fact that the config is ok, could you try the following:

     

    • try using different vlan-ids, maybe 10 and 20 instead to 3966 and 3967.
    • provide the version running in your SRX.
    • try deleting and re-adding the configuration
    • try a "commit full" command, its hidden.
    • check "show spanning-tree interface" command

     



  • 3.  RE: Trunk Port on SRX240 - Physical Interface UP UP, VLAN Down

    Posted 03-13-2019 09:39

    Thanks for the response. 

     

    Tried the different vlan-ids, commit full, deleting and re-adding, same result. 

     

    Spanning tree is not enabled on this device.

     

    The version is 12.1X46-D40.2  (very behind on recommendations I know). 

     

     



  • 4.  RE: Trunk Port on SRX240 - Physical Interface UP UP, VLAN Down
    Best Answer

    Posted 03-13-2019 13:19

    I've found a temporary workaround. Configured the VLANs directly on the interfaces and tag each sub interface:

     

    vlan-tagging;
unit 22 {
    vlan-id 22;
    family inet {
        address 10.200.200.254/24;
    }
}
unit 23 {
    vlan-id 23;
    family inet {
        address 1.1.1.1/24;
    }
}

     

    Not ideal, and will prevent any future expansion. But as it stands, this isn't exactly high priority and will have to do. 

     

    Thanks