[j-nsp] SRX650 - Failover - reth TRUNK with: vlan L2 mode transparent, and vlan L3
Tim Eberhard
xmin0s at gmail.com
Thu May 31 12:37:58 EDT 2012
I can tell you with certainty that if you try to configure bridge
(which required a reboot). If any other families other than bridge are
configured it will error out upon commit. Flexible ethernet services
does not include bridge. As of today mixed mode does not work on any
SRX series device.
I hope this clears things up,
-Tim Eberhard
On Thu, May 31, 2012 at 9:05 AM, Per Granath <per.granath at gcc.com.cy> wrote:
> Flexible Ethernet services should be supported since 10.1.
> http://www.juniper.net/techpubs/en_US/junos10.1/information-products/topic-collections/release-notes/10.1/topic-42298.html
>
> It should allow you to mix, at least, 'inet' and 'vlan-vpls' on the interface.
> Not sure if it will allow 'bridge', but in theory you could use vpls instead (if that works for cluster).
>
>> -----Original Message-----
>> From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-
>> bounces at puck.nether.net] On Behalf Of roland DROUAL
>> Sent: Thursday, May 31, 2012 3:06 PM
>> To: juniper-nsp at puck.nether.net
>> Subject: Re: [j-nsp] SRX650 - Failover - reth TRUNK with: vlan L2 mode
>> transparent, and vlan L3
>>
>> I can't try this command because it's not accepted.
>>
>> ======================================
>> {primary:node0}[edit interfaces reth0]
>> xyz at AS-SRX650-01# set encapsulation ?
>> Possible completions:
>> ether-vpls-ppp Ethernet VPLS over PPP (bridging) device
>> ethernet-bridge Ethernet layer-2 bridging
>> ethernet-ccc Ethernet cross-connect
>> ethernet-vpls Ethernet virtual private LAN service
>> extended-frame-relay-ccc Any Frame Relay DLCI for cross-connect
>> extended-frame-relay-tcc Any Frame Relay DLCI for translational cross-
>> connect
>> extended-vlan-bridge VLAN layer-2 bridging
>> extended-vlan-ccc Nonstandard TPID tagging for a cross-connect
>> extended-vlan-vpls Extended VLAN virtual private LAN service
>> frame-relay-port-ccc Frame Relay port encapsulation for a cross-connect
>> vlan-ccc 802.1q tagging for a cross-connect
>> vlan-vpls VLAN virtual private LAN service
>> {primary:node0}[edit interfaces reth0]
>>
>> I give you the simple config which I can save. It's simply, but it's not working. I
>> can't ping from inside (reth1.200) until outside (reth0.200) accross the
>> SRX650.
>> ========================================
>> reth0 {
>> description "TRUNK vers RAP";
>> vlan-tagging;
>> redundant-ether-options {
>> redundancy-group 1;
>> }
>> unit 200 {
>> vlan-id 200;
>> }
>> unit 954 {
>> vlan-id 954;
>> family inet {
>> address 195.221.127.158/30;
>> }
>> }
>> }
>> reth1 {
>> description "TRUNK vers INSIDE";
>> vlan-tagging;
>> redundant-ether-options {
>> redundancy-group 1;
>> }
>> unit 100 {
>> vlan-id 100;
>> family inet {
>> address 10.1.4.2/29;
>> }
>> }
>> unit 200 {
>> description INTER-SITES;
>> vlan-id 200;
>> }
>> }
>> security {
>> policies {
>> from-zone INTER-SITE to-zone INTER-SITE {
>> policy allow-test {
>> match {
>> source-address any;
>> destination-address any;
>> application any;
>> }
>> then {
>> permit;
>> }
>> }
>> }
>> }
>> zones {
>> security-zone INTER-SITE {
>> host-inbound-traffic {
>> system-services {
>> all;
>> }
>> protocols {
>> all;
>> }
>> }
>> interfaces {
>> reth0.200;
>> reth1.200;
>> }
>> }
>> ======================================
>>
>> Thanks for your help !
>>
>> Roland DROUAL
>>
>>
>> Try adding:
>>
>> set interfaces reth0 encapsulation flexible-ethernet-services
>>
>>
>> Le 30/05/2012 21:04, Chris Kawchuk a écrit :
>> > reth0 {
>> > encapsulation flexible-ethernet-services; }
>> >
>> > .. I believe. (havent tested this)
>> >
>> > If not, just make a vlan 954 and do a "vlan.954 family inet x.x.x.x/30"
>> interface into the VLAN. Works the same.
>> >
>> > - CK.
>> >
>> >
>> > On 2012-05-31, at 1:27 AM, roland DROUAL wrote:
>> >
>> >> Hello the list,
>> >>
>> >> I have 2 SRX650 in failover mode
>> >> There is reth0 in mode trunk, with vlan 954 and vlan 200 - (reth0 is the
>> interface outside)
>> >> There is reth1 in mode trunk, with vlan 100 and vlan 200 - (reth1 is the
>> interface inside)
>> >>
>> >> I try to have a vlan 200 in layer 2 mode transparent accross the SRX in
>> failover mode.
>> >> Is it possible to have a redundant interface as trunk link, with 1 vlan with
>> an @IP, and 1 vlan in transparent mode.
>> >>
>> >>
>> >> I give you my config:
>> >> ===============
>> >> reth0 {
>> >> description "TRUNK vers RAP";
>> >> vlan-tagging;
>> >> redundant-ether-options {
>> >> redundancy-group 1;
>> >> }
>> >> unit 200 {
>> >> family bridge {
>> >> interface-mode trunk;
>> >> vlan-id-list 200;
>> >> }
>> >> }
>> >> unit 954 {
>> >> vlan-id 954;
>> >> family inet {
>> >> address 195.221.127.158/30;
>> >> }
>> >> }
>> >> }
>> >> reth1 {
>> >> description "802.1Q vers INTER-CO_INSIDE";
>> >> vlan-tagging;
>> >> redundant-ether-options {
>> >> redundancy-group 1;
>> >> }
>> >> unit 100 {
>> >> vlan-id 100;
>> >> family inet {
>> >> address 10.1.4.2/29;
>> >> }
>> >> }
>> >> unit 200 {
>> >> description INTER-SITES;
>> >> family bridge {
>> >> interface-mode trunk;
>> >> vlan-id-list 200;
>> >> }
>> >> }
>> >> }
>> >> ========================
>> >> When I try to save :
>> >>
>> >> xyz at AS-SRX650-01# commit
>> >> [edit interfaces reth0]
>> >> 'unit 954'
>> >> Inet family cannot be configured in transparent mode or for an
>> >> interface with bridge family
>> >> error: configuration check-out failed ========================
>> >>
>> >> Can you help me to have a link trunk with vlan 200 and vlan 954?
>> >>
>> >> Thanks for your help.
>> >>
>> >> Roland DROUAL
>> >>
>> >> _______________________________________________
>> >> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> >> https://puck.nether.net/mailman/listinfo/juniper-nsp
>> >
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list