can L3VPN run on J series enhance services? I 've configured by follow below
but never can reach by ping in routing instance l3vpn.
I can't put the interface by member of vrf onto security zone trust
interface .
interfaces {
ge-0/0/0 {
vlan-tagging;
unit 0 {
vlan-id 2;
family inet {
address 192.168.10.1/24;
}
}
unit 10 {
vlan-id 10;
family inet {
address 20.20.20.1/24;
}
}
unit 20 {
vlan-id 20;
family inet {
address 40.40.40.1/24;
}
}
}
ls-0/0/0 {
unit 1 {
family inet {
address 192.168.1.2/30;
}
family mpls;
}
}
ge-0/0/1 {
unit 0 {
family inet {
address 192.168.0.10/24;
}
}
}
ge-0/0/2 {
unit 0;
}
e1-4/0/0 {
clocking external;
e1-options {
framing unframed;
}
unit 0 {
family mlppp {
bundle ls-0/0/0.1;
}
}
}
e1-4/0/1 {
clocking external;
e1-options {
framing unframed;
}
unit 0 {
family mlppp {
bundle ls-0/0/0.1;
}
}
}
lo0 {
unit 0 {
family inet {
address 1.1.1.2/32;
}
}
}
vlan {
unit 10 {
family inet {
address 10.10.10.250/24;
}
}
}
}
routing-options {
autonomous-system 65000;
}
protocols {
mpls {
interface ls-0/0/0.1;
}
bgp {
group intern {
type internal;
local-address 1.1.1.2;
family inet-vpn {
unicast;
}
neighbor 1.1.1.1;
}
}
ospf {
area 0.0.0.0 {
interface lo0.0;
interface ls-0/0/0.1;
}
}
ldp {
interface ls-0/0/0.1;
}
}
security {
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
queue-size 2000; ## Warning: 'queue-size' is deprecated
timeout 20;
}
land;
}
}
}
zones {
security-zone trust {
tcp-rst;
interfaces {
ls-0/0/0.1 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
ge-0/0/0.10 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
ge-0/0/0.20 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
ge-0/0/2.0 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
lo0.0 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
}
}
security-zone untrust {
screen untrust-screen;
}
}
policies {
from-zone trust to-zone trust {
policy default-permit {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone trust to-zone untrust {
policy default-permit {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone untrust to-zone trust {
policy default-deny {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
}
routing-instances {
l3vpn {
instance-type vrf;
interface vlan.10;
interface ge-0/0/1.0;
route-distinguisher 65000:1;
vrf-target target:65000:1;
vrf-table-label;
}
}
vlans {
vlan10 {
vlan-id 10;
l3-interface vlan.10;
}
}
Thanks for your help before
~Samin