SRX

Hi,

coming from a ScreenOS perspective... what is the equivalent to ScreenOS subinterfaces (vlan tagged interfaces like ethernet0/0.1) on SRX? How do I configure this?

I figure it's done by using the built in switching, but that doesn't seem to be available when clustering is enabled on branch SRX?

Hi cryptochrome,

Junos calls these "units."

You can do it a couple ways, but if you've got clustering enabled you can only do it with switching mode if you're using Junos 11.1 or newer and only on SRX240 and SRX650 devices (currently).

The "non-switching" way to do it, which works in clusters, is by setting units on your reth interfaces, and enabling VLAN tagging.  Here is an example:

reth0 {
    vlan-tagging;
    redundant-ether-options {
        redundancy-group 1;
    }
    unit 18 {
        vlan-id 18;
        family inet {
            address 192.168.18.1/24;
        }
    }
    unit 400 {
        vlan-id 400;
        family inet {
            address 10.255.4.1/24;
        }
    }
}

Sorry for the late response here Keith. I've only seen this now. Thanks for your help!

Just one more question about this: When you say VLAN tagging you mean dot1q?

---

@cryptochrome wrote:

Just one more question about this: When you say VLAN tagging you mean dot1q?

---

Yes... VLAN tagging means 802.1Q VLAN tags.  That's the only way you will be able to carry multiple VLANs to a single physical interface.