Re: [j-nsp] SRX650 - Failover - reth TRUNK with: vlan L2 mode transparent, and vlan L3
Try adding:
set interfaces reth0 encapsulation flexible-ethernet-services
I try to have a vlan 200 in layer 2 mode transparent accross the SRX in
failover
mode.
Is it possible to have a redundant interface as trunk link, with 1 vlan with
an
@IP, and 1 vlan in transparent mode.
I give you my config:
===
reth0 {
description TRUNK vers RAP;
vlan-tagging;
redundant-ether-options {
redundancy-group 1;
}
unit 200 {
family bridge {
interface-mode trunk;
vlan-id-list 200;
}
}
unit 954 {
vlan-id 954;
family inet {
address 195.221.127.158/30;
}
}
}
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] SRX650 - Failover - reth TRUNK with: vlan L2 mode transparent, and vlan L3
I can't try this command because it's not accepted.
==
{primary:node0}[edit interfaces reth0]
xyz@AS-SRX650-01# set encapsulation ?
Possible completions:
ether-vpls-ppp Ethernet VPLS over PPP (bridging) device
ethernet-bridgeEthernet layer-2 bridging
ethernet-ccc Ethernet cross-connect
ethernet-vpls Ethernet virtual private LAN service
extended-frame-relay-ccc Any Frame Relay DLCI for cross-connect
extended-frame-relay-tcc Any Frame Relay DLCI for translational
cross-connect
extended-vlan-bridge VLAN layer-2 bridging
extended-vlan-ccc Nonstandard TPID tagging for a cross-connect
extended-vlan-vpls Extended VLAN virtual private LAN service
frame-relay-port-ccc Frame Relay port encapsulation for a cross-connect
vlan-ccc 802.1q tagging for a cross-connect
vlan-vpls VLAN virtual private LAN service
{primary:node0}[edit interfaces reth0]
I give you the simple config which I can save. It's simply, but it's not
working. I can't ping from inside (reth1.200) until outside (reth0.200) accross
the SRX650.
reth0 {
description TRUNK vers RAP;
vlan-tagging;
redundant-ether-options {
redundancy-group 1;
}
unit 200 {
vlan-id 200;
}
unit 954 {
vlan-id 954;
family inet {
address 195.221.127.158/30;
}
}
}
reth1 {
description TRUNK vers INSIDE;
vlan-tagging;
redundant-ether-options {
redundancy-group 1;
}
unit 100 {
vlan-id 100;
family inet {
address 10.1.4.2/29;
}
}
unit 200 {
description INTER-SITES;
vlan-id 200;
}
}
security {
policies {
from-zone INTER-SITE to-zone INTER-SITE {
policy allow-test {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone INTER-SITE {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
reth0.200;
reth1.200;
}
}
==
Thanks for your help !
Roland DROUAL
Try adding:
set interfaces reth0 encapsulation flexible-ethernet-services
Le 30/05/2012 21:04, Chris Kawchuk a écrit :
reth0 {
encapsulation flexible-ethernet-services;
}
.. I believe. (havent tested this)
If not, just make a vlan 954 and do a vlan.954 family inet x.x.x.x/30
interface into the VLAN. Works the same.
- CK.
On 2012-05-31, at 1:27 AM, roland DROUAL wrote:
Hello the list,
I have 2 SRX650 in failover mode
There is reth0 in mode trunk, with vlan 954 and vlan 200 - (reth0 is the
interface outside)
There is reth1 in mode trunk, with vlan 100 and vlan 200 - (reth1 is the
interface inside)
I try to have a vlan 200 in layer 2 mode transparent accross the SRX in
failover mode.
Is it possible to have a redundant interface as trunk link, with 1 vlan with
an @IP, and 1 vlan in transparent mode.
I give you my config:
===
reth0 {
description TRUNK vers RAP;
vlan-tagging;
redundant-ether-options {
redundancy-group 1;
}
unit 200 {
family bridge {
interface-mode trunk;
vlan-id-list 200;
}
}
unit 954 {
vlan-id 954;
family inet {
address 195.221.127.158/30;
}
}
}
reth1 {
description 802.1Q vers INTER-CO_INSIDE;
vlan-tagging;
redundant-ether-options {
redundancy-group 1;
}
unit 100 {
vlan-id 100;
family inet {
address 10.1.4.2/29;
}
}
unit 200 {
description INTER-SITES;
family bridge {
interface-mode trunk;
vlan-id-list 200;
}
}
}
When I try to save :
xyz@AS-SRX650-01# commit
[edit interfaces reth0]
'unit 954'
Inet family cannot be configured in transparent mode or for an interface
with bridge family
error: configuration check-out failed
Can you help me to have a link trunk with vlan 200 and vlan 954?
Thanks for your help.
Roland DROUAL
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list
Re: [j-nsp] SRX650 - Failover - reth TRUNK with: vlan L2 mode transparent, and vlan L3
Mixed mode is not supported on an srx.
For a layer 3 ip you have to use an irb interface. This is non-routable so it
may not be what you're looking for. It's used for management of the device
typically. At best it's an ip to ping.
On May 31, 2012, at 12:59 AM, Per Granath per.gran...@gcc.com.cy wrote:
Try adding:
set interfaces reth0 encapsulation flexible-ethernet-services
I try to have a vlan 200 in layer 2 mode transparent accross the SRX in
failover
mode.
Is it possible to have a redundant interface as trunk link, with 1 vlan
with an
@IP, and 1 vlan in transparent mode.
I give you my config:
===
reth0 {
description TRUNK vers RAP;
vlan-tagging;
redundant-ether-options {
redundancy-group 1;
}
unit 200 {
family bridge {
interface-mode trunk;
vlan-id-list 200;
}
}
unit 954 {
vlan-id 954;
family inet {
address 195.221.127.158/30;
}
}
}
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] SRX650 - Failover - reth TRUNK with: vlan L2 mode transparent, and vlan L3
Flexible Ethernet services should be supported since 10.1.
http://www.juniper.net/techpubs/en_US/junos10.1/information-products/topic-collections/release-notes/10.1/topic-42298.html
It should allow you to mix, at least, 'inet' and 'vlan-vpls' on the interface.
Not sure if it will allow 'bridge', but in theory you could use vpls instead
(if that works for cluster).
-Original Message-
From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-
boun...@puck.nether.net] On Behalf Of roland DROUAL
Sent: Thursday, May 31, 2012 3:06 PM
To: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] SRX650 - Failover - reth TRUNK with: vlan L2 mode
transparent, and vlan L3
I can't try this command because it's not accepted.
==
{primary:node0}[edit interfaces reth0]
xyz@AS-SRX650-01# set encapsulation ?
Possible completions:
ether-vpls-ppp Ethernet VPLS over PPP (bridging) device
ethernet-bridgeEthernet layer-2 bridging
ethernet-ccc Ethernet cross-connect
ethernet-vpls Ethernet virtual private LAN service
extended-frame-relay-ccc Any Frame Relay DLCI for cross-connect
extended-frame-relay-tcc Any Frame Relay DLCI for translational cross-
connect
extended-vlan-bridge VLAN layer-2 bridging
extended-vlan-ccc Nonstandard TPID tagging for a cross-connect
extended-vlan-vpls Extended VLAN virtual private LAN service
frame-relay-port-ccc Frame Relay port encapsulation for a
cross-connect
vlan-ccc 802.1q tagging for a cross-connect
vlan-vpls VLAN virtual private LAN service
{primary:node0}[edit interfaces reth0]
I give you the simple config which I can save. It's simply, but it's not
working. I
can't ping from inside (reth1.200) until outside (reth0.200) accross the
SRX650.
reth0 {
description TRUNK vers RAP;
vlan-tagging;
redundant-ether-options {
redundancy-group 1;
}
unit 200 {
vlan-id 200;
}
unit 954 {
vlan-id 954;
family inet {
address 195.221.127.158/30;
}
}
}
reth1 {
description TRUNK vers INSIDE;
vlan-tagging;
redundant-ether-options {
redundancy-group 1;
}
unit 100 {
vlan-id 100;
family inet {
address 10.1.4.2/29;
}
}
unit 200 {
description INTER-SITES;
vlan-id 200;
}
}
security {
policies {
from-zone INTER-SITE to-zone INTER-SITE {
policy allow-test {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone INTER-SITE {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
reth0.200;
reth1.200;
}
}
==
Thanks for your help !
Roland DROUAL
Try adding:
set interfaces reth0 encapsulation flexible-ethernet-services
Le 30/05/2012 21:04, Chris Kawchuk a écrit :
reth0 {
encapsulation flexible-ethernet-services; }
.. I believe. (havent tested this)
If not, just make a vlan 954 and do a vlan.954 family inet x.x.x.x/30
interface into the VLAN. Works the same.
- CK.
On 2012-05-31, at 1:27 AM, roland DROUAL wrote:
Hello the list,
I have 2 SRX650 in failover mode
There is reth0 in mode trunk, with vlan 954 and vlan 200 - (reth0 is
the
interface outside)
There is reth1 in mode trunk, with vlan 100 and vlan 200 - (reth1 is
the
interface inside)
I try to have a vlan 200 in layer 2 mode transparent accross the SRX in
failover mode.
Is it possible to have a redundant interface as trunk link, with 1 vlan
with
an @IP, and 1 vlan in transparent mode.
I give you my config:
===
reth0 {
description TRUNK vers RAP;
vlan-tagging;
redundant-ether-options {
redundancy-group 1;
}
unit 200 {
family bridge {
interface-mode trunk;
vlan-id-list 200;
}
}
unit 954 {
vlan-id 954;
family inet {
address 195.221.127.158/30;
}
}
}
reth1 {
description 802.1Q vers INTER-CO_INSIDE
Re: [j-nsp] SRX650 - Failover - reth TRUNK with: vlan L2 mode transparent, and vlan L3
I can tell you with certainty that if you try to configure bridge
(which required a reboot). If any other families other than bridge are
configured it will error out upon commit. Flexible ethernet services
does not include bridge. As of today mixed mode does not work on any
SRX series device.
I hope this clears things up,
-Tim Eberhard
On Thu, May 31, 2012 at 9:05 AM, Per Granath per.gran...@gcc.com.cy wrote:
Flexible Ethernet services should be supported since 10.1.
http://www.juniper.net/techpubs/en_US/junos10.1/information-products/topic-collections/release-notes/10.1/topic-42298.html
It should allow you to mix, at least, 'inet' and 'vlan-vpls' on the interface.
Not sure if it will allow 'bridge', but in theory you could use vpls instead
(if that works for cluster).
-Original Message-
From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-
boun...@puck.nether.net] On Behalf Of roland DROUAL
Sent: Thursday, May 31, 2012 3:06 PM
To: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] SRX650 - Failover - reth TRUNK with: vlan L2 mode
transparent, and vlan L3
I can't try this command because it's not accepted.
==
{primary:node0}[edit interfaces reth0]
xyz@AS-SRX650-01# set encapsulation ?
Possible completions:
ether-vpls-ppp Ethernet VPLS over PPP (bridging) device
ethernet-bridge Ethernet layer-2 bridging
ethernet-ccc Ethernet cross-connect
ethernet-vpls Ethernet virtual private LAN service
extended-frame-relay-ccc Any Frame Relay DLCI for cross-connect
extended-frame-relay-tcc Any Frame Relay DLCI for translational cross-
connect
extended-vlan-bridge VLAN layer-2 bridging
extended-vlan-ccc Nonstandard TPID tagging for a cross-connect
extended-vlan-vpls Extended VLAN virtual private LAN service
frame-relay-port-ccc Frame Relay port encapsulation for a
cross-connect
vlan-ccc 802.1q tagging for a cross-connect
vlan-vpls VLAN virtual private LAN service
{primary:node0}[edit interfaces reth0]
I give you the simple config which I can save. It's simply, but it's not
working. I
can't ping from inside (reth1.200) until outside (reth0.200) accross the
SRX650.
reth0 {
description TRUNK vers RAP;
vlan-tagging;
redundant-ether-options {
redundancy-group 1;
}
unit 200 {
vlan-id 200;
}
unit 954 {
vlan-id 954;
family inet {
address 195.221.127.158/30;
}
}
}
reth1 {
description TRUNK vers INSIDE;
vlan-tagging;
redundant-ether-options {
redundancy-group 1;
}
unit 100 {
vlan-id 100;
family inet {
address 10.1.4.2/29;
}
}
unit 200 {
description INTER-SITES;
vlan-id 200;
}
}
security {
policies {
from-zone INTER-SITE to-zone INTER-SITE {
policy allow-test {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone INTER-SITE {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
reth0.200;
reth1.200;
}
}
==
Thanks for your help !
Roland DROUAL
Try adding:
set interfaces reth0 encapsulation flexible-ethernet-services
Le 30/05/2012 21:04, Chris Kawchuk a écrit :
reth0 {
encapsulation flexible-ethernet-services; }
.. I believe. (havent tested this)
If not, just make a vlan 954 and do a vlan.954 family inet x.x.x.x/30
interface into the VLAN. Works the same.
- CK.
On 2012-05-31, at 1:27 AM, roland DROUAL wrote:
Hello the list,
I have 2 SRX650 in failover mode
There is reth0 in mode trunk, with vlan 954 and vlan 200 - (reth0 is
the
interface outside)
There is reth1 in mode trunk, with vlan 100 and vlan 200 - (reth1 is
the
interface inside)
I try to have a vlan 200 in layer 2 mode transparent accross the SRX in
failover mode.
Is it possible to have a redundant interface as trunk link, with 1 vlan
with
an @IP, and 1 vlan in transparent mode.
I give you my config:
===
reth0 {
description TRUNK vers RAP
Re: [j-nsp] SRX650 - Failover - reth TRUNK with: vlan L2 mode transparent, and vlan L3 = Closed Case
CLOSED CASE
In fact, it seems we can't config a trunk link with a interface vlan
layer 3 and a interface vlan layer 2.
The SRX650 can't accept the mixed mode.
Either you route your interfaces vlan layer 3 in the trunk link,
either you bridge your interfaces vlan layer 2 in the trunk link.
The SRX doesn't accept the hybrid mode for a trunk link.
So I decided to get up my Inter-site vlan in the SRX (from the EX4200)
in layer 3 mode
I obtain:
reth0 {
description TRUNK vers RAP;
vlan-tagging;
redundant-ether-options {
redundancy-group 1;
}
unit 200 {
vlan-id 200;
family inet {
address 10.1.3.1/29;
}
}
unit 954 {
vlan-id 954;
family inet {
address 195.221.127.158/30;
}
}
}
reth1 {
description INTER-CO_INSIDE;
vlan-tagging;
redundant-ether-options {
redundancy-group 1;
}
unit 100 {
vlan-id 100;
family inet {
address 10.1.4.2/29;
}
}
}
=
Thanks to everybody
Best regards
Roland DROUAL
Le 31/05/2012 18:37, Tim Eberhard a écrit :
I can tell you with certainty that if you try to configure bridge
(which required a reboot). If any other families other than bridge are
configured it will error out upon commit. Flexible ethernet services
does not include bridge. As of today mixed mode does not work on any
SRX series device.
I hope this clears things up,
-Tim Eberhard
On Thu, May 31, 2012 at 9:05 AM, Per Granathper.gran...@gcc.com.cy wrote:
Flexible Ethernet services should be supported since 10.1.
http://www.juniper.net/techpubs/en_US/junos10.1/information-products/topic-collections/release-notes/10.1/topic-42298.html
It should allow you to mix, at least, 'inet' and 'vlan-vpls' on the interface.
Not sure if it will allow 'bridge', but in theory you could use vpls instead
(if that works for cluster).
-Original Message-
From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-
boun...@puck.nether.net] On Behalf Of roland DROUAL
Sent: Thursday, May 31, 2012 3:06 PM
To: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] SRX650 - Failover - reth TRUNK with: vlan L2 mode
transparent, and vlan L3
I can't try this command because it's not accepted.
==
{primary:node0}[edit interfaces reth0]
xyz@AS-SRX650-01# set encapsulation ?
Possible completions:
ether-vpls-ppp Ethernet VPLS over PPP (bridging) device
ethernet-bridgeEthernet layer-2 bridging
ethernet-ccc Ethernet cross-connect
ethernet-vpls Ethernet virtual private LAN service
extended-frame-relay-ccc Any Frame Relay DLCI for cross-connect
extended-frame-relay-tcc Any Frame Relay DLCI for translational cross-
connect
extended-vlan-bridge VLAN layer-2 bridging
extended-vlan-ccc Nonstandard TPID tagging for a cross-connect
extended-vlan-vpls Extended VLAN virtual private LAN service
frame-relay-port-ccc Frame Relay port encapsulation for a
cross-connect
vlan-ccc 802.1q tagging for a cross-connect
vlan-vpls VLAN virtual private LAN service
{primary:node0}[edit interfaces reth0]
I give you the simple config which I can save. It's simply, but it's not
working. I
can't ping from inside (reth1.200) until outside (reth0.200) accross the
SRX650.
reth0 {
description TRUNK vers RAP;
vlan-tagging;
redundant-ether-options {
redundancy-group 1;
}
unit 200 {
vlan-id 200;
}
unit 954 {
vlan-id 954;
family inet {
address 195.221.127.158/30;
}
}
}
reth1 {
description TRUNK vers INSIDE;
vlan-tagging;
redundant-ether-options {
redundancy-group 1;
}
unit 100 {
vlan-id 100;
family inet {
address 10.1.4.2/29;
}
}
unit 200 {
description INTER-SITES;
vlan-id 200;
}
}
security {
policies {
from-zone INTER-SITE to-zone INTER-SITE {
policy allow-test {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone INTER-SITE {
host-inbound-traffic {
system-services {
all
[j-nsp] SRX650 - Failover - reth TRUNK with: vlan L2 mode transparent, and vlan L3
Hello the list,
I have 2 SRX650 in failover mode
There is reth0 in mode trunk, with vlan 954 and vlan 200 - (reth0 is
the interface outside)
There is reth1 in mode trunk, with vlan 100 and vlan 200 - (reth1 is
the interface inside)
I try to have a vlan 200 in layer 2 mode transparent accross the SRX in
failover mode.
Is it possible to have a redundant interface as trunk link, with 1 vlan
with an @IP, and 1 vlan in transparent mode.
I give you my config:
===
reth0 {
description TRUNK vers RAP;
vlan-tagging;
redundant-ether-options {
redundancy-group 1;
}
unit 200 {
family bridge {
interface-mode trunk;
vlan-id-list 200;
}
}
unit 954 {
vlan-id 954;
family inet {
address 195.221.127.158/30;
}
}
}
reth1 {
description 802.1Q vers INTER-CO_INSIDE;
vlan-tagging;
redundant-ether-options {
redundancy-group 1;
}
unit 100 {
vlan-id 100;
family inet {
address 10.1.4.2/29;
}
}
unit 200 {
description INTER-SITES;
family bridge {
interface-mode trunk;
vlan-id-list 200;
}
}
}
When I try to save :
xyz@AS-SRX650-01# commit
[edit interfaces reth0]
'unit 954'
Inet family cannot be configured in transparent mode or for an
interface with bridge family
error: configuration check-out failed
Can you help me to have a link trunk with vlan 200 and vlan 954?
Thanks for your help.
Roland DROUAL
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
