[j-nsp] Basic VLAN setup on a J2320
Morten Isaksen
misak at misak.dk
Thu Apr 8 09:32:37 EDT 2010
If I delete the interface section in the vlan stanza then the vlan is down.
/Morten
On Thu, Apr 8, 2010 at 3:23 PM, Chris Kawchuk <juniperdude at gmail.com> wrote:
> Do not include the "ge-0/0/3" in each of your VLAN statements; as that designates that port to be an access port per se.
>
> You just need to have this:
>
> vlans {
> bgp {
> vlan-id 12;
> l3-interface vlan.12;
> }
> lan {
> vlan-id 10;
> l3-interface vlan.10;
> }
> wan {
> vlan-id 11;
> l3-interface vlan.11;
> }
> }
>
> JunOS assumes that you have some trunk ports... somewhere... (as you have declared under the [interfaces ge-0/0/3] stanza) for these VLANs if there's no "untagged ports" associated with them.
>
> Regards,
>
> - Chris.
>
>
>
>
> On 2010-04-08, at 4:05 AM, Morten Isaksen wrote:
>
>> Hi!
>>
>> I am tryng to setup a vlan on a trunk port on 2 J2320 but I have some
>> problems to get it to work. The two J2320 are connected to each other
>> on ge-0/0/3. I can ping the local ip address on vlan 12 but not the ip
>> address on the other router.
>>
>> tcpdump -n -i ge-0/0/3 show no traffic at all on the interface on both routers.
>>
>> Can you please help
>>
>> The 2 configurations are here:
>>
>> ## Last commit: 2010-04-08 16:58:02 UTC by root
>> version 9.2R1.10;
>> system {
>> host-name bgp-1;
>> root-authentication {
>> encrypted-password XXX;
>> }
>> services {
>> ssh;
>> telnet;
>> web-management {
>> http {
>> interface ge-0/0/0.0;
>> }
>> }
>> }
>> syslog {
>> file messages {
>> any any;
>> }
>> }
>> }
>> chassis {
>> fpc 0 {
>> pic 0 {
>> ethernet {
>> pic-mode enhanced-switching;
>> }
>> }
>> }
>> }
>> interfaces {
>> ge-0/0/0 {
>> unit 0 {
>> family inet {
>> address 192.168.1.1/24;
>> address 10.253.254.101/24;
>> }
>> }
>> }
>> ge-0/0/3 {
>> unit 0 {
>> family ethernet-switching {
>> port-mode trunk;
>> vlan {
>> members [ bgp lan wan ];
>> }
>> }
>> }
>> }
>> vlan {
>> unit 10 {
>> family inet {
>> address 10.253.253.202/24;
>> }
>> }
>> unit 11 {
>> family inet {
>> address 178.21.248.2/26;
>> }
>> }
>> unit 12 {
>> family inet {
>> address 178.21.250.1/30;
>> }
>> }
>> }
>> }
>> security {
>> zones {
>> security-zone trust {
>> tcp-rst;
>> host-inbound-traffic {
>> system-services {
>> any-service;
>> }
>> protocols {
>> all;
>> }
>> }
>> interfaces {
>> all;
>> }
>> }
>> security-zone vlan.12 {
>> host-inbound-traffic {
>> system-services {
>> ping;
>> }
>> }
>> }
>> }
>> policies {
>> default-policy {
>> permit-all;
>> }
>> }
>> alg {
>> dns disable;
>> ftp disable;
>> h323 disable;
>> mgcp disable;
>> msrpc disable;
>> sunrpc disable;
>> real disable;
>> rsh disable;
>> rtsp disable;
>> sccp disable;
>> sip disable;
>> sql disable;
>> talk disable;
>> tftp disable;
>> pptp disable;
>> }
>> forwarding-options {
>> family {
>> inet6 {
>> mode packet-based;
>> }
>> iso {
>> mode packet-based;
>> }
>> }
>> }
>> flow {
>> allow-dns-reply;
>> tcp-session {
>> no-syn-check;
>> no-syn-check-in-tunnel;
>> no-sequence-check;
>> }
>> }
>> }
>> vlans {
>> bgp {
>> vlan-id 12;
>> interface {
>> ge-0/0/3.0;
>> }
>> l3-interface vlan.12;
>> }
>> lan {
>> vlan-id 10;
>> interface {
>> ge-0/0/3.0;
>> }
>> l3-interface vlan.10;
>> }
>> wan {
>> vlan-id 11;
>> interface {
>> ge-0/0/3.0;
>> }
>> l3-interface vlan.11;
>> }
>> }
>>
>> ## Last commit: 2010-04-08 17:23:12 UTC by root
>> version 9.2R1.10;
>> system {
>> root-authentication {
>> encrypted-password XXX;
>> }
>> services {
>> ssh;
>> telnet;
>> web-management {
>> http {
>> interface ge-0/0/0.0;
>> }
>> }
>> }
>> syslog {
>> file messages {
>> any any;
>> }
>> }
>> }
>> chassis {
>> fpc 0 {
>> pic 0 {
>> ethernet {
>> pic-mode enhanced-switching;
>> }
>> }
>> }
>> }
>> interfaces {
>> ge-0/0/0 {
>> unit 0 {
>> family inet {
>> address 10.253.254.102/24;
>> }
>> }
>> }
>> ge-0/0/3 {
>> unit 0 {
>> family ethernet-switching {
>> port-mode trunk;
>> vlan {
>> members bgp;
>> }
>> }
>> }
>> }
>> vlan {
>> unit 12 {
>> family inet {
>> address 178.21.250.2/30;
>> }
>> }
>> }
>> }
>> security {
>> zones {
>> security-zone trust {
>> tcp-rst;
>> host-inbound-traffic {
>> system-services {
>> any-service;
>> }
>> protocols {
>> all;
>> }
>> }
>> interfaces {
>> all;
>> }
>> }
>> }
>> policies {
>> default-policy {
>> permit-all;
>> }
>> }
>> alg {
>> dns disable;
>> ftp disable;
>> h323 disable;
>> mgcp disable;
>> msrpc disable;
>> sunrpc disable;
>> real disable;
>> rsh disable;
>> rtsp disable;
>> sccp disable;
>> sip disable;
>> sql disable;
>> talk disable;
>> tftp disable;
>> pptp disable;
>> }
>> forwarding-options {
>> family {
>> inet6 {
>> mode packet-based;
>> }
>> iso {
>> mode packet-based;
>> }
>> }
>> }
>> flow {
>> allow-dns-reply;
>> tcp-session {
>> no-syn-check;
>> no-syn-check-in-tunnel;
>> no-sequence-check;
>> }
>> }
>> }
>> vlans {
>> bgp {
>> vlan-id 12;
>> interface {
>> ge-0/0/3.0;
>> }
>> l3-interface vlan.12;
>> }
>> }
>>
>>
>>
>>
>> --
>> Morten Isaksen
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
--
Morten Isaksen
More information about the juniper-nsp
mailing list