[j-nsp] SRX with CX111 int to vlan
Aaron Dewell
aaron.dewell at gmail.com
Tue Mar 12 23:06:23 EDT 2013
On Mar 12, 2013, at 7:44 PM, Aaron Dewell wrote:
>
> Quick question for you all (I'm sure I'm doing something dumb here).
>
> I had this working config:
> […]
>
>
> That was working. Now I want to be able to get to the CX111's management VLAN, so I changed it to this:
>
> […]
>
> And yes, I just wrote that out. :-) So if it's less than perfect syntax, that's why. Anyway, you get the idea. vlan.3900 will be in a zone, but my immediate concern is no longer getting a DHCP address from the CX111 (this time on vlan.10 instead of ge-0/0/0.0).
>
> Does anyone see anything quick that I did wrong here?
>
> Thanks!
>
> Aaron
Replying to myself, here's the exact show | compare:
[edit interfaces ge-0/0/0 unit 0]
- family inet {
- dhcp;
- }
+ family ethernet-switching {
+ port-mode trunk;
+ vlan {
+ members cx111-mgmt;
+ }
+ native-vlan-id cx111-internet;
+ }
[edit interfaces vlan]
+ unit 10 {
+ description "CX111 Backup internet for IPSec Tunnel";
+ family inet {
+ dhcp;
+ }
+ }
+ unit 3900 {
+ description "CX111 management VLAN";
+ family inet {
+ address 192.168.0.2/24;
+ }
+ }
[edit security ike gateway Backup]
- external-interface ge-0/0/0.0;
+ external-interface vlan.10;
[edit security zones security-zone Untrust interfaces]
+ vlan.10 {
+ host-inbound-traffic {
+ system-services {
+ ping;
+ ike;
+ dhcp;
+ }
+ }
+ }
- ge-0/0/0.0 {
- host-inbound-traffic {
- system-services {
- ping;
- ike;
- dhcp;
- }
- }
- }
[edit routing-instances ISP]
- interface ge-0/0/0.0;
+ interface vlan.10;
[edit vlans]
+ cx111-internet {
+ vlan-id 10;
+ l3-interface vlan.10;
+ }
+ cx111-mgmt {
+ vlan-id 3900;
+ l3-interface vlan.3900;
+ }
More information about the juniper-nsp
mailing list