Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  I want to change the Interface of a zone from 1G to 10G port

    Posted 03-27-2019 03:32

    Dear All,

     

    I have a ISG-2000 in production, and need to move a tagged interface for zone ABC tagged under interface "ethernet4/2.826" to a 10G port. How can I do this with minimum service affect?

    The Zone currently has vrouter, Address elements, Group Address elements and Policies defined.

    What is the easiet way i can achive this?

    Basically beed to change from interface "ethernet4/2.826" to ethernet2/2.826 for example... retaining all the configuration related to this zone?

    Regards,

    Riz


    #Interfacechangeonexistingzone


  • 2.  RE: I want to change the Interface of a zone from 1G to 10G port

    Posted 03-27-2019 04:25
    Hi Rizwan,

    I understand that you want to move the interface from interface "ethernet4/2.826" to ethernet2/2.826 , ZONE , security policy , vrouters etc remains same.

    1: First you can ceate another interface on the Eth4/2 with the same tag as you have on the Eth4/2 . You don’t need to delete exiting one.;

    e.g: set interface ethernet2/2.826 tag 826 zone "ABC”

    2: Now you need to delete the IP from the exiting one and need to add the same IP on the newly created sub-interface. This should disrupt the services for few minutes, if everything works as expected . You can also connect ethernet2/2.826 first to make sure physical link is coming up or not, and configure the interrace management services ( Ping , SSH telnet etc) accordingly.


    Thanks and Regards
    Vikas Singh


  • 3.  RE: I want to change the Interface of a zone from 1G to 10G port

    Posted 03-27-2019 05:29

    Dear Vikas,

     

    Thank you so much for your reply, I beleive this will work fine as explained... My only concern is, will the system accept same VLAN 826 on two different interfaces?

     

    If so then as suggested, I can define the interface ethernet2/2.826 under zone ABC, and then do the following associated configurations, like services, snmp, and routes as a cutover (maintenance window with a glitch):

     

    set interface "ethernet2/2.826" tag 826 zone "ABC"
    set interface ethernet2/2.826 ip a.b.c.d/29
    set interface ethernet2/2.826 route
    set interface ethernet2/2.826 ip manageable
    set interface ethernet2/2.826 manage ping
    set interface ethernet2/2.826 manage ssh
    set interface ethernet2/2.826 manage telnet
    set interface ethernet2/2.826 manage snmp
    set interface ethernet2/2.826 manage ssl
    set interface ethernet2/2.826 manage web
    set route a.b.c.d/16 interface ethernet2/2.826 gateway w.x.y.z
    set route e.f.g.h/32 interface ethernet2/2.826 gateway w.x.y.z
    set route i.j.k.l/32 interface ethernet2/2.826 gateway w.x.y.z

     

    Thanks once again...

    Best Regards,

    Rizwan.

     



  • 4.  RE: I want to change the Interface of a zone from 1G to 10G port
    Best Answer

    Posted 03-27-2019 05:46
    Yes, system should allow to have two subinterfces with the same VLAN. Same can be configured in my LAB , see below :

    set interface "ethernet0/1.1" tag 5 zone "DMZ"
    set interface ethernet0/1.1 ip 192.168.1.1/30
    set interface "ethernet2/0.1" tag 5 zone "DMZ"

    However, it will not allow to configure the same subnet IP or same IP on two sub interfaces , So you will need to delete the IP from the exiting interface then it will allow you to add on the another one



    Thanks and Regards
    Vikas Singh


  • 5.  RE: I want to change the Interface of a zone from 1G to 10G port

    Posted 03-27-2019 07:11

    Dear Vikas,

     

    Thank you so much for your support, it is very clear now...

     

    Best regards,

     

    Rizwan.