[j-nsp] SRX650 - Failover - reth TRUNK with: vlan L2 mode transparent, and vlan L3

Thu May 31 08:06:21 EDT 2012

I can't try this command because it's not accepted.

======================================
{primary:node0}[edit interfaces reth0]
xyz at AS-SRX650-01# set encapsulation ?
Possible completions:
   ether-vpls-ppp             Ethernet VPLS over PPP (bridging) device
   ethernet-bridge            Ethernet layer-2 bridging
   ethernet-ccc               Ethernet cross-connect
   ethernet-vpls              Ethernet virtual private LAN service
   extended-frame-relay-ccc   Any Frame Relay DLCI for cross-connect
   extended-frame-relay-tcc   Any Frame Relay DLCI for translational cross-connect
   extended-vlan-bridge       VLAN layer-2 bridging
   extended-vlan-ccc          Nonstandard TPID tagging for a cross-connect
   extended-vlan-vpls         Extended VLAN virtual private LAN service
   frame-relay-port-ccc       Frame Relay port encapsulation for a cross-connect
   vlan-ccc                   802.1q tagging for a cross-connect
   vlan-vpls                  VLAN virtual private LAN service
{primary:node0}[edit interfaces reth0]

I give you the simple config which I can save. It's simply, but it's not working. I can't ping from inside (reth1.200) until outside (reth0.200) accross the SRX650.
========================================
     reth0 {
         description "TRUNK vers RAP";
         vlan-tagging;
         redundant-ether-options {
             redundancy-group 1;
         }
         unit 200 {
             vlan-id 200;
         }
         unit 954 {
             vlan-id 954;
             family inet {
                 address 195.221.127.158/30;
             }
         }
     }
     reth1 {
         description "TRUNK vers INSIDE";
         vlan-tagging;
         redundant-ether-options {
             redundancy-group 1;
         }
         unit 100 {
             vlan-id 100;
             family inet {
                 address 10.1.4.2/29;
             }
         }
         unit 200 {
             description INTER-SITES;
             vlan-id 200;
         }
     }
security {
     policies {
         from-zone INTER-SITE to-zone INTER-SITE {
             policy allow-test {
                 match {
                     source-address any;
                     destination-address any;
                     application any;
                 }
                 then {
                     permit;
                 }
             }
         }
     }
     zones {
         security-zone INTER-SITE {
             host-inbound-traffic {
                 system-services {
                     all;
                 }
                 protocols {
                     all;
                 }
             }
             interfaces {
                 reth0.200;
                 reth1.200;
             }
         }
======================================

Thanks for your help !

Roland DROUAL

Try adding:

set interfaces reth0 encapsulation flexible-ethernet-services

Le 30/05/2012 21:04, Chris Kawchuk a écrit :
> reth0 {
>      encapsulation flexible-ethernet-services;
> }
>
> .. I believe. (havent tested this)
>
> If not, just make a vlan 954 and do a "vlan.954 family inet x.x.x.x/30" interface into the VLAN. Works the same.
>
> - CK.
>
>
> On 2012-05-31, at 1:27 AM, roland DROUAL wrote:
>
>> Hello the list,
>>
>> I have 2 SRX650 in failover mode
>> There is reth0 in mode trunk, with vlan 954 and vlan 200     - (reth0 is the interface outside)
>> There is reth1 in mode trunk, with vlan 100 and vlan 200     - (reth1 is the interface inside)
>>
>> I try to have a vlan 200 in layer 2 mode transparent accross the SRX in failover mode.
>> Is it possible to have a redundant interface as trunk link, with  1 vlan with an @IP, and 1 vlan in transparent mode.
>>
>>
>> I give you my config:
>> ===============
>> reth0 {
>>     description "TRUNK vers RAP";
>>     vlan-tagging;
>>     redundant-ether-options {
>>         redundancy-group 1;
>>     }
>>     unit 200 {
>>         family bridge {
>>             interface-mode trunk;
>>             vlan-id-list 200;
>>         }
>>     }
>>     unit 954 {
>>         vlan-id 954;
>>         family inet {
>>             address 195.221.127.158/30;
>>         }
>>     }
>> }
>> reth1 {
>>     description "802.1Q vers INTER-CO_INSIDE";
>>     vlan-tagging;
>>     redundant-ether-options {
>>         redundancy-group 1;
>>     }
>>     unit 100 {
>>         vlan-id 100;
>>         family inet {
>>             address 10.1.4.2/29;
>>         }
>>     }
>>     unit 200 {
>>         description INTER-SITES;
>>         family bridge {
>>             interface-mode trunk;
>>             vlan-id-list 200;
>>         }
>>     }
>> }
>> ========================
>> When I try to save :
>>
>> xyz at AS-SRX650-01# commit
>> [edit interfaces reth0]
>>   'unit 954'
>>     Inet family cannot be configured in transparent mode or for an interface with bridge family
>> error: configuration check-out failed
>> ========================
>>
>> Can you help me to have a link trunk with vlan 200 and vlan 954?
>>
>> Thanks for your help.
>>
>> Roland DROUAL
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>