[j-nsp] SRX650 - Failover - reth TRUNK with: vlan L2 mode transparent, and vlan L3
Per Granath
per.granath at gcc.com.cy
Thu May 31 10:05:27 EDT 2012
Flexible Ethernet services should be supported since 10.1.
http://www.juniper.net/techpubs/en_US/junos10.1/information-products/topic-collections/release-notes/10.1/topic-42298.html
It should allow you to mix, at least, 'inet' and 'vlan-vpls' on the interface.
Not sure if it will allow 'bridge', but in theory you could use vpls instead (if that works for cluster).
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-
> bounces at puck.nether.net] On Behalf Of roland DROUAL
> Sent: Thursday, May 31, 2012 3:06 PM
> To: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] SRX650 - Failover - reth TRUNK with: vlan L2 mode
> transparent, and vlan L3
>
> I can't try this command because it's not accepted.
>
> ======================================
> {primary:node0}[edit interfaces reth0]
> xyz at AS-SRX650-01# set encapsulation ?
> Possible completions:
> ether-vpls-ppp Ethernet VPLS over PPP (bridging) device
> ethernet-bridge Ethernet layer-2 bridging
> ethernet-ccc Ethernet cross-connect
> ethernet-vpls Ethernet virtual private LAN service
> extended-frame-relay-ccc Any Frame Relay DLCI for cross-connect
> extended-frame-relay-tcc Any Frame Relay DLCI for translational cross-
> connect
> extended-vlan-bridge VLAN layer-2 bridging
> extended-vlan-ccc Nonstandard TPID tagging for a cross-connect
> extended-vlan-vpls Extended VLAN virtual private LAN service
> frame-relay-port-ccc Frame Relay port encapsulation for a cross-connect
> vlan-ccc 802.1q tagging for a cross-connect
> vlan-vpls VLAN virtual private LAN service
> {primary:node0}[edit interfaces reth0]
>
> I give you the simple config which I can save. It's simply, but it's not working. I
> can't ping from inside (reth1.200) until outside (reth0.200) accross the
> SRX650.
> ========================================
> reth0 {
> description "TRUNK vers RAP";
> vlan-tagging;
> redundant-ether-options {
> redundancy-group 1;
> }
> unit 200 {
> vlan-id 200;
> }
> unit 954 {
> vlan-id 954;
> family inet {
> address 195.221.127.158/30;
> }
> }
> }
> reth1 {
> description "TRUNK vers INSIDE";
> vlan-tagging;
> redundant-ether-options {
> redundancy-group 1;
> }
> unit 100 {
> vlan-id 100;
> family inet {
> address 10.1.4.2/29;
> }
> }
> unit 200 {
> description INTER-SITES;
> vlan-id 200;
> }
> }
> security {
> policies {
> from-zone INTER-SITE to-zone INTER-SITE {
> policy allow-test {
> match {
> source-address any;
> destination-address any;
> application any;
> }
> then {
> permit;
> }
> }
> }
> }
> zones {
> security-zone INTER-SITE {
> host-inbound-traffic {
> system-services {
> all;
> }
> protocols {
> all;
> }
> }
> interfaces {
> reth0.200;
> reth1.200;
> }
> }
> ======================================
>
> Thanks for your help !
>
> Roland DROUAL
>
>
> Try adding:
>
> set interfaces reth0 encapsulation flexible-ethernet-services
>
>
> Le 30/05/2012 21:04, Chris Kawchuk a écrit :
> > reth0 {
> > encapsulation flexible-ethernet-services; }
> >
> > .. I believe. (havent tested this)
> >
> > If not, just make a vlan 954 and do a "vlan.954 family inet x.x.x.x/30"
> interface into the VLAN. Works the same.
> >
> > - CK.
> >
> >
> > On 2012-05-31, at 1:27 AM, roland DROUAL wrote:
> >
> >> Hello the list,
> >>
> >> I have 2 SRX650 in failover mode
> >> There is reth0 in mode trunk, with vlan 954 and vlan 200 - (reth0 is the
> interface outside)
> >> There is reth1 in mode trunk, with vlan 100 and vlan 200 - (reth1 is the
> interface inside)
> >>
> >> I try to have a vlan 200 in layer 2 mode transparent accross the SRX in
> failover mode.
> >> Is it possible to have a redundant interface as trunk link, with 1 vlan with
> an @IP, and 1 vlan in transparent mode.
> >>
> >>
> >> I give you my config:
> >> ===============
> >> reth0 {
> >> description "TRUNK vers RAP";
> >> vlan-tagging;
> >> redundant-ether-options {
> >> redundancy-group 1;
> >> }
> >> unit 200 {
> >> family bridge {
> >> interface-mode trunk;
> >> vlan-id-list 200;
> >> }
> >> }
> >> unit 954 {
> >> vlan-id 954;
> >> family inet {
> >> address 195.221.127.158/30;
> >> }
> >> }
> >> }
> >> reth1 {
> >> description "802.1Q vers INTER-CO_INSIDE";
> >> vlan-tagging;
> >> redundant-ether-options {
> >> redundancy-group 1;
> >> }
> >> unit 100 {
> >> vlan-id 100;
> >> family inet {
> >> address 10.1.4.2/29;
> >> }
> >> }
> >> unit 200 {
> >> description INTER-SITES;
> >> family bridge {
> >> interface-mode trunk;
> >> vlan-id-list 200;
> >> }
> >> }
> >> }
> >> ========================
> >> When I try to save :
> >>
> >> xyz at AS-SRX650-01# commit
> >> [edit interfaces reth0]
> >> 'unit 954'
> >> Inet family cannot be configured in transparent mode or for an
> >> interface with bridge family
> >> error: configuration check-out failed ========================
> >>
> >> Can you help me to have a link trunk with vlan 200 and vlan 954?
> >>
> >> Thanks for your help.
> >>
> >> Roland DROUAL
> >>
> >> _______________________________________________
> >> juniper-nsp mailing list juniper-nsp at puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list