[j-nsp] SRX100B L3 VLAN Interface Issue

Tue Dec 20 14:09:25 EST 2016

I figured it out after checking /var/log/messages and seeing this:
rpd[1712]: WARNING: Ethernet-switching interface fe-0/0/0.0 detected in the
routing instance 'priv-blah' configuration. This configuration will cause
traffic to be dropped

I forgot this would happen and set up a new security zone called
l2-priv-blah and allowed full communication between it and trust-priv-blah
in the security policies, then removed fe-0/0/0 from the trust-priv-blah
security zone and the priv-blah routing instance. Worked great.

Matt Freitag
Network Engineer I
Information Technology
Michigan Technological University
(906) 487-3696 <%28906%29%20487-3696>
https://www.mtu.edu/
https://www.it.mtu.edu/

On Tue, Dec 20, 2016 at 1:43 PM, Matt Freitag <mlfreita at mtu.edu> wrote:

> All, I have an SRX100B on Junos 12.1X46-D40.2. It's configured as a remote
> end of a site-to-site VPN. The site-to-site VPN works fine as verified by
> show security ike security-associations.
>
> I'm having trouble with a layer 3 VLAN interface in a separate routing
> instance from the normal one. The interface is named vlan.224.
>
> "show vlans" shows no physical interfaces in VLAN 224 even though
> fe-0/0/0.0 is a configured member of the VLAN.
>
> The layer 3 interface won't advertise its presence to the rest of the
> network through OSPF because the logical interface is down because there
> aren't any interfaces assigned to the VLAN.
>
> Even though there are interfaces assigned to the VLAN why does it think
> there are no interfaces assigned to the VLAN?
>
> I already have a ticket with TAC and reached out to my SE but wondered if
> the community has any insights or suggestions. I have a hunch that this is
> happening because the sort of thing I'm trying is not allowed.
>
> Thank you for your time.
>
> Here is a brief config snippet illustrating how interfaces and VLANs
> should be set up and the output of "show interfaces vlan terse" and "show
> vlans":
>
> interfaces {
>     fe-0/0/0 {
>         unit 0 {
>             family ethernet-switching {
>                 port-mode access;
>                 vlan {
>                     members vlan0224;
>                 }
>             }
>         }
>     }
>     vlan {
>         unit 224 {
>             family inet {
>                 address priv-network/22;
>             }
>         }
>     }
> }
> vlans {
>     vlan0224 {
>         vlan-id 224;
>         interface {
>             fe-0/0/0.0;
>         }
>         l3-interface vlan.224;
>     }
> }
>
> mlfreita at srx> show interfaces vlan terse
> Interface               Admin Link Proto    Local                 Remote
> vlan                    up    up
> vlan.224                up    down inet     priv-network/22
>
> mlfreita at srx> show vlans
> Name           Tag     Interfaces
> default        1
>                        None
> vlan0224       224
>                        None
>
> Matt Freitag
> Network Engineer I
> Information Technology
> Michigan Technological University
> (906) 487-3696 <%28906%29%20487-3696>
> https://www.mtu.edu/
> https://www.it.mtu.edu/
>