[j-nsp] SRX with CX111 int to vlan
Aaron Dewell
aaron.dewell at gmail.com
Tue Mar 12 21:44:42 EDT 2013
Quick question for you all (I'm sure I'm doing something dumb here).
I had this working config:
routing-instances {
ISP {
instance-type virtual-router;
interface ge-0/0/0.0;
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
dhcp;
}
}
}
}
security {
zones {
security-zone Untrust {
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
dhcp;
ping;
ike;
}
}
}
}
}
}
That was working. Now I want to be able to get to the CX111's management VLAN, so I changed it to this:
routing-instances {
ISP {
instance-type virtual-router;
interface vlan.10;
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members cx111-mgmt;
}
native-vlan-id cx111-internet;
}
}
}
vlan {
unit 10 {
family inet {
dhcp;
}
}
unit 3900 {
family inet {
address 192.168.0.2/24;
}
}
}
}
security {
zones {
security-zone Untrust {
interfaces {
vlan.10 {
host-inbound-traffic {
dhcp;
ping;
ike;
}
}
}
}
}
}
vlans {
cx111-internet {
vlan-id 10;
l3-interface vlan.10;
}
cx111-mgmt {
vlan-id 3900;
l3-interface vlan.3900;
}
}
And yes, I just wrote that out. :-) So if it's less than perfect syntax, that's why. Anyway, you get the idea. vlan.3900 will be in a zone, but my immediate concern is no longer getting a DHCP address from the CX111 (this time on vlan.10 instead of ge-0/0/0.0).
Does anyone see anything quick that I did wrong here?
Thanks!
Aaron
More information about the juniper-nsp
mailing list