[j-nsp] Basic VLAN setup on a J2320
Chris Kawchuk
juniperdude at gmail.com
Thu Apr 8 09:23:39 EDT 2010
Do not include the "ge-0/0/3" in each of your VLAN statements; as that designates that port to be an access port per se.
You just need to have this:
vlans {
bgp {
vlan-id 12;
l3-interface vlan.12;
}
lan {
vlan-id 10;
l3-interface vlan.10;
}
wan {
vlan-id 11;
l3-interface vlan.11;
}
}
JunOS assumes that you have some trunk ports... somewhere... (as you have declared under the [interfaces ge-0/0/3] stanza) for these VLANs if there's no "untagged ports" associated with them.
Regards,
- Chris.
On 2010-04-08, at 4:05 AM, Morten Isaksen wrote:
> Hi!
>
> I am tryng to setup a vlan on a trunk port on 2 J2320 but I have some
> problems to get it to work. The two J2320 are connected to each other
> on ge-0/0/3. I can ping the local ip address on vlan 12 but not the ip
> address on the other router.
>
> tcpdump -n -i ge-0/0/3 show no traffic at all on the interface on both routers.
>
> Can you please help
>
> The 2 configurations are here:
>
> ## Last commit: 2010-04-08 16:58:02 UTC by root
> version 9.2R1.10;
> system {
> host-name bgp-1;
> root-authentication {
> encrypted-password XXX;
> }
> services {
> ssh;
> telnet;
> web-management {
> http {
> interface ge-0/0/0.0;
> }
> }
> }
> syslog {
> file messages {
> any any;
> }
> }
> }
> chassis {
> fpc 0 {
> pic 0 {
> ethernet {
> pic-mode enhanced-switching;
> }
> }
> }
> }
> interfaces {
> ge-0/0/0 {
> unit 0 {
> family inet {
> address 192.168.1.1/24;
> address 10.253.254.101/24;
> }
> }
> }
> ge-0/0/3 {
> unit 0 {
> family ethernet-switching {
> port-mode trunk;
> vlan {
> members [ bgp lan wan ];
> }
> }
> }
> }
> vlan {
> unit 10 {
> family inet {
> address 10.253.253.202/24;
> }
> }
> unit 11 {
> family inet {
> address 178.21.248.2/26;
> }
> }
> unit 12 {
> family inet {
> address 178.21.250.1/30;
> }
> }
> }
> }
> security {
> zones {
> security-zone trust {
> tcp-rst;
> host-inbound-traffic {
> system-services {
> any-service;
> }
> protocols {
> all;
> }
> }
> interfaces {
> all;
> }
> }
> security-zone vlan.12 {
> host-inbound-traffic {
> system-services {
> ping;
> }
> }
> }
> }
> policies {
> default-policy {
> permit-all;
> }
> }
> alg {
> dns disable;
> ftp disable;
> h323 disable;
> mgcp disable;
> msrpc disable;
> sunrpc disable;
> real disable;
> rsh disable;
> rtsp disable;
> sccp disable;
> sip disable;
> sql disable;
> talk disable;
> tftp disable;
> pptp disable;
> }
> forwarding-options {
> family {
> inet6 {
> mode packet-based;
> }
> iso {
> mode packet-based;
> }
> }
> }
> flow {
> allow-dns-reply;
> tcp-session {
> no-syn-check;
> no-syn-check-in-tunnel;
> no-sequence-check;
> }
> }
> }
> vlans {
> bgp {
> vlan-id 12;
> interface {
> ge-0/0/3.0;
> }
> l3-interface vlan.12;
> }
> lan {
> vlan-id 10;
> interface {
> ge-0/0/3.0;
> }
> l3-interface vlan.10;
> }
> wan {
> vlan-id 11;
> interface {
> ge-0/0/3.0;
> }
> l3-interface vlan.11;
> }
> }
>
> ## Last commit: 2010-04-08 17:23:12 UTC by root
> version 9.2R1.10;
> system {
> root-authentication {
> encrypted-password XXX;
> }
> services {
> ssh;
> telnet;
> web-management {
> http {
> interface ge-0/0/0.0;
> }
> }
> }
> syslog {
> file messages {
> any any;
> }
> }
> }
> chassis {
> fpc 0 {
> pic 0 {
> ethernet {
> pic-mode enhanced-switching;
> }
> }
> }
> }
> interfaces {
> ge-0/0/0 {
> unit 0 {
> family inet {
> address 10.253.254.102/24;
> }
> }
> }
> ge-0/0/3 {
> unit 0 {
> family ethernet-switching {
> port-mode trunk;
> vlan {
> members bgp;
> }
> }
> }
> }
> vlan {
> unit 12 {
> family inet {
> address 178.21.250.2/30;
> }
> }
> }
> }
> security {
> zones {
> security-zone trust {
> tcp-rst;
> host-inbound-traffic {
> system-services {
> any-service;
> }
> protocols {
> all;
> }
> }
> interfaces {
> all;
> }
> }
> }
> policies {
> default-policy {
> permit-all;
> }
> }
> alg {
> dns disable;
> ftp disable;
> h323 disable;
> mgcp disable;
> msrpc disable;
> sunrpc disable;
> real disable;
> rsh disable;
> rtsp disable;
> sccp disable;
> sip disable;
> sql disable;
> talk disable;
> tftp disable;
> pptp disable;
> }
> forwarding-options {
> family {
> inet6 {
> mode packet-based;
> }
> iso {
> mode packet-based;
> }
> }
> }
> flow {
> allow-dns-reply;
> tcp-session {
> no-syn-check;
> no-syn-check-in-tunnel;
> no-sequence-check;
> }
> }
> }
> vlans {
> bgp {
> vlan-id 12;
> interface {
> ge-0/0/3.0;
> }
> l3-interface vlan.12;
> }
> }
>
>
>
>
> --
> Morten Isaksen
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list