[j-nsp] SRX650 - Failover - reth TRUNK with: vlan L2 mode transparent, and vlan L3 = Closed Case
roland DROUAL
roland.droual at paris.iufm.fr
Thu May 31 13:51:30 EDT 2012
CLOSED CASE
In fact, it seems we can't config a trunk link with a interface vlan
layer 3 and a interface vlan layer 2.
The SRX650 can't accept the mixed mode.
Either you route your interfaces vlan layer 3 in the trunk link,
either you bridge your interfaces vlan layer 2 in the trunk link.
The SRX doesn't accept the hybrid mode for a trunk link.
So I decided to get up my Inter-site vlan in the SRX (from the EX4200)
in layer 3 mode
I obtain:
============================
reth0 {
description "TRUNK vers RAP";
vlan-tagging;
redundant-ether-options {
redundancy-group 1;
}
unit 200 {
vlan-id 200;
family inet {
address 10.1.3.1/29;
}
}
unit 954 {
vlan-id 954;
family inet {
address 195.221.127.158/30;
}
}
}
reth1 {
description "INTER-CO_INSIDE";
vlan-tagging;
redundant-ether-options {
redundancy-group 1;
}
unit 100 {
vlan-id 100;
family inet {
address 10.1.4.2/29;
}
}
}
=====================
Thanks to everybody
Best regards
Roland DROUAL
Le 31/05/2012 18:37, Tim Eberhard a écrit :
> I can tell you with certainty that if you try to configure bridge
> (which required a reboot). If any other families other than bridge are
> configured it will error out upon commit. Flexible ethernet services
> does not include bridge. As of today mixed mode does not work on any
> SRX series device.
>
> I hope this clears things up,
> -Tim Eberhard
>
> On Thu, May 31, 2012 at 9:05 AM, Per Granath<per.granath at gcc.com.cy> wrote:
>> Flexible Ethernet services should be supported since 10.1.
>> http://www.juniper.net/techpubs/en_US/junos10.1/information-products/topic-collections/release-notes/10.1/topic-42298.html
>>
>> It should allow you to mix, at least, 'inet' and 'vlan-vpls' on the interface.
>> Not sure if it will allow 'bridge', but in theory you could use vpls instead (if that works for cluster).
>>
>>> -----Original Message-----
>>> From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-
>>> bounces at puck.nether.net] On Behalf Of roland DROUAL
>>> Sent: Thursday, May 31, 2012 3:06 PM
>>> To: juniper-nsp at puck.nether.net
>>> Subject: Re: [j-nsp] SRX650 - Failover - reth TRUNK with: vlan L2 mode
>>> transparent, and vlan L3
>>>
>>> I can't try this command because it's not accepted.
>>>
>>> ======================================
>>> {primary:node0}[edit interfaces reth0]
>>> xyz at AS-SRX650-01# set encapsulation ?
>>> Possible completions:
>>> ether-vpls-ppp Ethernet VPLS over PPP (bridging) device
>>> ethernet-bridge Ethernet layer-2 bridging
>>> ethernet-ccc Ethernet cross-connect
>>> ethernet-vpls Ethernet virtual private LAN service
>>> extended-frame-relay-ccc Any Frame Relay DLCI for cross-connect
>>> extended-frame-relay-tcc Any Frame Relay DLCI for translational cross-
>>> connect
>>> extended-vlan-bridge VLAN layer-2 bridging
>>> extended-vlan-ccc Nonstandard TPID tagging for a cross-connect
>>> extended-vlan-vpls Extended VLAN virtual private LAN service
>>> frame-relay-port-ccc Frame Relay port encapsulation for a cross-connect
>>> vlan-ccc 802.1q tagging for a cross-connect
>>> vlan-vpls VLAN virtual private LAN service
>>> {primary:node0}[edit interfaces reth0]
>>>
>>> I give you the simple config which I can save. It's simply, but it's not working. I
>>> can't ping from inside (reth1.200) until outside (reth0.200) accross the
>>> SRX650.
>>> ========================================
>>> reth0 {
>>> description "TRUNK vers RAP";
>>> vlan-tagging;
>>> redundant-ether-options {
>>> redundancy-group 1;
>>> }
>>> unit 200 {
>>> vlan-id 200;
>>> }
>>> unit 954 {
>>> vlan-id 954;
>>> family inet {
>>> address 195.221.127.158/30;
>>> }
>>> }
>>> }
>>> reth1 {
>>> description "TRUNK vers INSIDE";
>>> vlan-tagging;
>>> redundant-ether-options {
>>> redundancy-group 1;
>>> }
>>> unit 100 {
>>> vlan-id 100;
>>> family inet {
>>> address 10.1.4.2/29;
>>> }
>>> }
>>> unit 200 {
>>> description INTER-SITES;
>>> vlan-id 200;
>>> }
>>> }
>>> security {
>>> policies {
>>> from-zone INTER-SITE to-zone INTER-SITE {
>>> policy allow-test {
>>> match {
>>> source-address any;
>>> destination-address any;
>>> application any;
>>> }
>>> then {
>>> permit;
>>> }
>>> }
>>> }
>>> }
>>> zones {
>>> security-zone INTER-SITE {
>>> host-inbound-traffic {
>>> system-services {
>>> all;
>>> }
>>> protocols {
>>> all;
>>> }
>>> }
>>> interfaces {
>>> reth0.200;
>>> reth1.200;
>>> }
>>> }
>>> ======================================
>>>
>>> Thanks for your help !
>>>
>>> Roland DROUAL
>>>
>>>
>>> Try adding:
>>>
>>> set interfaces reth0 encapsulation flexible-ethernet-services
>>>
>>>
>>> Le 30/05/2012 21:04, Chris Kawchuk a écrit :
>>>> reth0 {
>>>> encapsulation flexible-ethernet-services; }
>>>>
>>>> .. I believe. (havent tested this)
>>>>
>>>> If not, just make a vlan 954 and do a "vlan.954 family inet x.x.x.x/30"
>>> interface into the VLAN. Works the same.
>>>> - CK.
>>>>
>>>>
>>>> On 2012-05-31, at 1:27 AM, roland DROUAL wrote:
>>>>
>>>>> Hello the list,
>>>>>
>>>>> I have 2 SRX650 in failover mode
>>>>> There is reth0 in mode trunk, with vlan 954 and vlan 200 - (reth0 is the
>>> interface outside)
>>>>> There is reth1 in mode trunk, with vlan 100 and vlan 200 - (reth1 is the
>>> interface inside)
>>>>> I try to have a vlan 200 in layer 2 mode transparent accross the SRX in
>>> failover mode.
>>>>> Is it possible to have a redundant interface as trunk link, with 1 vlan with
>>> an @IP, and 1 vlan in transparent mode.
>>>>>
>>>>> I give you my config:
>>>>> ===============
>>>>> reth0 {
>>>>> description "TRUNK vers RAP";
>>>>> vlan-tagging;
>>>>> redundant-ether-options {
>>>>> redundancy-group 1;
>>>>> }
>>>>> unit 200 {
>>>>> family bridge {
>>>>> interface-mode trunk;
>>>>> vlan-id-list 200;
>>>>> }
>>>>> }
>>>>> unit 954 {
>>>>> vlan-id 954;
>>>>> family inet {
>>>>> address 195.221.127.158/30;
>>>>> }
>>>>> }
>>>>> }
>>>>> reth1 {
>>>>> description "802.1Q vers INTER-CO_INSIDE";
>>>>> vlan-tagging;
>>>>> redundant-ether-options {
>>>>> redundancy-group 1;
>>>>> }
>>>>> unit 100 {
>>>>> vlan-id 100;
>>>>> family inet {
>>>>> address 10.1.4.2/29;
>>>>> }
>>>>> }
>>>>> unit 200 {
>>>>> description INTER-SITES;
>>>>> family bridge {
>>>>> interface-mode trunk;
>>>>> vlan-id-list 200;
>>>>> }
>>>>> }
>>>>> }
>>>>> ========================
>>>>> When I try to save :
>>>>>
>>>>> xyz at AS-SRX650-01# commit
>>>>> [edit interfaces reth0]
>>>>> 'unit 954'
>>>>> Inet family cannot be configured in transparent mode or for an
>>>>> interface with bridge family
>>>>> error: configuration check-out failed ========================
>>>>>
>>>>> Can you help me to have a link trunk with vlan 200 and vlan 954?
>>>>>
>>>>> Thanks for your help.
>>>>>
>>>>> Roland DROUAL
>>>>>
>>>>> _______________________________________________
>>>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>>>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>> _______________________________________________
>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list