[j-nsp] Basic VLAN setup on a J2320
Morten Isaksen
misak at misak.dk
Thu Apr 8 06:05:19 EDT 2010
Hi!
I am tryng to setup a vlan on a trunk port on 2 J2320 but I have some
problems to get it to work. The two J2320 are connected to each other
on ge-0/0/3. I can ping the local ip address on vlan 12 but not the ip
address on the other router.
tcpdump -n -i ge-0/0/3 show no traffic at all on the interface on both routers.
Can you please help
The 2 configurations are here:
## Last commit: 2010-04-08 16:58:02 UTC by root
version 9.2R1.10;
system {
host-name bgp-1;
root-authentication {
encrypted-password XXX;
}
services {
ssh;
telnet;
web-management {
http {
interface ge-0/0/0.0;
}
}
}
syslog {
file messages {
any any;
}
}
}
chassis {
fpc 0 {
pic 0 {
ethernet {
pic-mode enhanced-switching;
}
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 192.168.1.1/24;
address 10.253.254.101/24;
}
}
}
ge-0/0/3 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members [ bgp lan wan ];
}
}
}
}
vlan {
unit 10 {
family inet {
address 10.253.253.202/24;
}
}
unit 11 {
family inet {
address 178.21.248.2/26;
}
}
unit 12 {
family inet {
address 178.21.250.1/30;
}
}
}
}
security {
zones {
security-zone trust {
tcp-rst;
host-inbound-traffic {
system-services {
any-service;
}
protocols {
all;
}
}
interfaces {
all;
}
}
security-zone vlan.12 {
host-inbound-traffic {
system-services {
ping;
}
}
}
}
policies {
default-policy {
permit-all;
}
}
alg {
dns disable;
ftp disable;
h323 disable;
mgcp disable;
msrpc disable;
sunrpc disable;
real disable;
rsh disable;
rtsp disable;
sccp disable;
sip disable;
sql disable;
talk disable;
tftp disable;
pptp disable;
}
forwarding-options {
family {
inet6 {
mode packet-based;
}
iso {
mode packet-based;
}
}
}
flow {
allow-dns-reply;
tcp-session {
no-syn-check;
no-syn-check-in-tunnel;
no-sequence-check;
}
}
}
vlans {
bgp {
vlan-id 12;
interface {
ge-0/0/3.0;
}
l3-interface vlan.12;
}
lan {
vlan-id 10;
interface {
ge-0/0/3.0;
}
l3-interface vlan.10;
}
wan {
vlan-id 11;
interface {
ge-0/0/3.0;
}
l3-interface vlan.11;
}
}
## Last commit: 2010-04-08 17:23:12 UTC by root
version 9.2R1.10;
system {
root-authentication {
encrypted-password XXX;
}
services {
ssh;
telnet;
web-management {
http {
interface ge-0/0/0.0;
}
}
}
syslog {
file messages {
any any;
}
}
}
chassis {
fpc 0 {
pic 0 {
ethernet {
pic-mode enhanced-switching;
}
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 10.253.254.102/24;
}
}
}
ge-0/0/3 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members bgp;
}
}
}
}
vlan {
unit 12 {
family inet {
address 178.21.250.2/30;
}
}
}
}
security {
zones {
security-zone trust {
tcp-rst;
host-inbound-traffic {
system-services {
any-service;
}
protocols {
all;
}
}
interfaces {
all;
}
}
}
policies {
default-policy {
permit-all;
}
}
alg {
dns disable;
ftp disable;
h323 disable;
mgcp disable;
msrpc disable;
sunrpc disable;
real disable;
rsh disable;
rtsp disable;
sccp disable;
sip disable;
sql disable;
talk disable;
tftp disable;
pptp disable;
}
forwarding-options {
family {
inet6 {
mode packet-based;
}
iso {
mode packet-based;
}
}
}
flow {
allow-dns-reply;
tcp-session {
no-syn-check;
no-syn-check-in-tunnel;
no-sequence-check;
}
}
}
vlans {
bgp {
vlan-id 12;
interface {
ge-0/0/3.0;
}
l3-interface vlan.12;
}
}
--
Morten Isaksen
More information about the juniper-nsp
mailing list