Quick question for you all (I'm sure I'm doing something dumb here). I had this working config:
routing-instances {
ISP {
instance-type virtual-router;
interface ge-0/0/0.0;
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
dhcp;
}
}
}
}
security {
zones {
security-zone Untrust {
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
dhcp;
ping;
ike;
}
}
}
}
}
}
That was working. Now I want to be able to get to the CX111's management VLAN,
so I changed it to this:
routing-instances {
ISP {
instance-type virtual-router;
interface vlan.10;
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members cx111-mgmt;
}
native-vlan-id cx111-internet;
}
}
}
vlan {
unit 10 {
family inet {
dhcp;
}
}
unit 3900 {
family inet {
address 192.168.0.2/24;
}
}
}
}
security {
zones {
security-zone Untrust {
interfaces {
vlan.10 {
host-inbound-traffic {
dhcp;
ping;
ike;
}
}
}
}
}
}
vlans {
cx111-internet {
vlan-id 10;
l3-interface vlan.10;
}
cx111-mgmt {
vlan-id 3900;
l3-interface vlan.3900;
}
}
And yes, I just wrote that out. :-) So if it's less than perfect syntax,
that's why. Anyway, you get the idea. vlan.3900 will be in a zone, but my
immediate concern is no longer getting a DHCP address from the CX111 (this time
on vlan.10 instead of ge-0/0/0.0).
Does anyone see anything quick that I did wrong here?
Thanks!
Aaron
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
