I can't try this command because it's not accepted.
======================================
{primary:node0}[edit interfaces reth0]
xyz@AS-SRX650-01# set encapsulation ?
Possible completions:
ether-vpls-ppp Ethernet VPLS over PPP (bridging) device
ethernet-bridge Ethernet layer-2 bridging
ethernet-ccc Ethernet cross-connect
ethernet-vpls Ethernet virtual private LAN service
extended-frame-relay-ccc Any Frame Relay DLCI for cross-connect
extended-frame-relay-tcc Any Frame Relay DLCI for translational
cross-connect
extended-vlan-bridge VLAN layer-2 bridging
extended-vlan-ccc Nonstandard TPID tagging for a cross-connect
extended-vlan-vpls Extended VLAN virtual private LAN service
frame-relay-port-ccc Frame Relay port encapsulation for a cross-connect
vlan-ccc 802.1q tagging for a cross-connect
vlan-vpls VLAN virtual private LAN service
{primary:node0}[edit interfaces reth0]
I give you the simple config which I can save. It's simply, but it's not
working. I can't ping from inside (reth1.200) until outside (reth0.200) accross
the SRX650.
========================================
reth0 {
description "TRUNK vers RAP";
vlan-tagging;
redundant-ether-options {
redundancy-group 1;
}
unit 200 {
vlan-id 200;
}
unit 954 {
vlan-id 954;
family inet {
address 195.221.127.158/30;
}
}
}
reth1 {
description "TRUNK vers INSIDE";
vlan-tagging;
redundant-ether-options {
redundancy-group 1;
}
unit 100 {
vlan-id 100;
family inet {
address 10.1.4.2/29;
}
}
unit 200 {
description INTER-SITES;
vlan-id 200;
}
}
security {
policies {
from-zone INTER-SITE to-zone INTER-SITE {
policy allow-test {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone INTER-SITE {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
reth0.200;
reth1.200;
}
}
======================================
Thanks for your help !
Roland DROUAL
Try adding:
set interfaces reth0 encapsulation flexible-ethernet-services
Le 30/05/2012 21:04, Chris Kawchuk a écrit :
reth0 {
encapsulation flexible-ethernet-services;
}
.. I believe. (havent tested this)
If not, just make a vlan 954 and do a "vlan.954 family inet x.x.x.x/30"
interface into the VLAN. Works the same.
- CK.
On 2012-05-31, at 1:27 AM, roland DROUAL wrote:
Hello the list,
I have 2 SRX650 in failover mode
There is reth0 in mode trunk, with vlan 954 and vlan 200 - (reth0 is the
interface outside)
There is reth1 in mode trunk, with vlan 100 and vlan 200 - (reth1 is the
interface inside)
I try to have a vlan 200 in layer 2 mode transparent accross the SRX in
failover mode.
Is it possible to have a redundant interface as trunk link, with 1 vlan with
an @IP, and 1 vlan in transparent mode.
I give you my config:
===============
reth0 {
description "TRUNK vers RAP";
vlan-tagging;
redundant-ether-options {
redundancy-group 1;
}
unit 200 {
family bridge {
interface-mode trunk;
vlan-id-list 200;
}
}
unit 954 {
vlan-id 954;
family inet {
address 195.221.127.158/30;
}
}
}
reth1 {
description "802.1Q vers INTER-CO_INSIDE";
vlan-tagging;
redundant-ether-options {
redundancy-group 1;
}
unit 100 {
vlan-id 100;
family inet {
address 10.1.4.2/29;
}
}
unit 200 {
description INTER-SITES;
family bridge {
interface-mode trunk;
vlan-id-list 200;
}
}
}
========================
When I try to save :
xyz@AS-SRX650-01# commit
[edit interfaces reth0]
'unit 954'
Inet family cannot be configured in transparent mode or for an interface
with bridge family
error: configuration check-out failed
========================
Can you help me to have a link trunk with vlan 200 and vlan 954?
Thanks for your help.
Roland DROUAL
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
