[j-nsp] Layer 2 feature on srx
Tim Eberhard
xmin0s at gmail.com
Mon Apr 9 08:17:27 EDT 2012
Off the cuff..Looks to me like you're missing your bridge domain-type.
Sadly this doesn't produce any kind of errors when you attempt to
commit.
set bridge-domains <name> domain-type bridge.
Additionally I noticed you're using two different vlans. As long as
traffic is flowing across a single vlan you'll be fine. If they need
to go from vlan 100 to 200 you'll need to do a vlan rewrite.
Hope this helps,
-Tim Eberhard
On Mon, Apr 9, 2012 at 7:06 AM, bruno <bruno.juniper at gmail.com> wrote:
> i am running 11.4R1.6
> root at R1# run show version
> Hostname: R1
> Model: srx210h
> JUNOS Software Release [11.4R1.6]
>
>
>
> ------------------
> Best Regards,
> Bruno
>
>
>
>
>
>
>
>
>
> ------------------ Original ------------------
> From: "Tom Storey"<tom at snnap.net>;
> Date: Mon, Apr 9, 2012 07:56 PM
> To: "bruno"<bruno.juniper at gmail.com>;
> Cc: "juniper-nsp"<juniper-nsp at puck.nether.net>;
> Subject: Re: [j-nsp] Layer 2 feature on srx
>
>
> What software are you running on your SRX's?
>
> The only reason I ask is that I am running 10.4R4.5 on an SRX100, and
> this is how I do my VLANs (SRX is in flow mode, but does that really
> matter to L2??):
>
> interfaces {
> fe-0/0/1 {
> description "** Trunk to esxi1";
> unit 0 {
> family ethernet-switching {
> port-mode trunk;
> vlan {
> members all;
> }
> native-vlan-id 1;
> }
> }
> }
> fe-0/0/4 {
> description "** Console server";
> unit 0 {
> family ethernet-switching {
> vlan {
> members VLAN11-MGMT;
> }
> }
> }
> }
> vlan {
> unit 10 {
> family inet {
> address 172.25.144.65/26;
> }
> family inet6 {
> address 2001:xxxx:yyyy:1::/64 {
> eui-64;
> }
> }
> }
> unit 11 {
> family inet {
> address 172.25.144.17/28;
> }
> }
> }
> }
> vlans {
> VLAN10-LAN {
> vlan-id 10;
> l3-interface vlan.10;
> }
> VLAN11-MGMT {
> vlan-id 11;
> l3-interface vlan.11;
> }
> }
>
> The primary difference seems to be that I use "vlans" instead of
> "bridge-domains" at the bottom, and the "vlan" interface instead of
> "irb".
>
> Ive also successfully trunked VLANs to/from a HP switch using this
> configuration.
>
> Tom
>
>
> On 9 April 2012 10:05, bruno <bruno.juniper at gmail.com> wrote:
>> hello expert,
>> i use two srx210h to test some Layer 2 networking features on MX Series routers. the topo is very simple
>> PC1---SRX1----SRX2----PC2. the link in srx1---srx2 is set to trunk mode. PC1 and PC2 is belong to vlan 100. PC1 can't ping PC2.
>>
>>
>> interfaces {
>> ge-0/0/1 {
>> description TO-SRX2;
>> vlan-tagging;
>> unit 0 {
>> family bridge {
>> interface-mode trunk;
>> vlan-id-list [ 100 200 ];
>> }
>> }
>> }
>> fe-0/0/4 {
>> unit 0 {
>> family bridge {
>> interface-mode access;
>> vlan-id 100;
>> }
>> }
>> }
>> irb {
>> unit 100 {
>> description "GW For VLAN 100";
>> family inet {
>> address 100.1.1.254/24;
>> }
>> }
>> unit 200 {
>> description "GW For VLAN 200";
>> family inet {
>> address 200.1.1.254/24;
>> }
>> }
>> }
>> }
>> security {
>> forwarding-options {
>> family {
>> mpls {
>> mode packet-based;
>> }
>> }
>> }
>> }
>> bridge-domains {
>> vlan_100 {
>> vlan-id 100;
>> routing-interface irb.100;
>> }
>> vlan_200 {
>> vlan-id 200;
>> routing-interface irb.200;
>> }
>> }
>>
>>
>>
>> ------------------
>> Best Regards,
>> Bruno
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list