SRX

 View Only
last person joined: 12 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  SRX1500 Transparent Mode - VLAN1

    Posted 11-13-2021 10:08
    We have been trying to deploy SRX1500 in transparent mode. We are facing issue with VLAN 1. 

    We have been using the default VLAN i.e. VLAN 1 for some significant communication and cant remove it overnight. In transparent mode, we are not able to pass the VLAN 1 traffic through the firewall. Several configurations have been tried.

    Is there any limitation as such that we cant use VLAN 1 with SXR transparent mode.

    Saif

    ------------------------------
    saifuddin miyaji
    ------------------------------


  • 2.  RE: SRX1500 Transparent Mode - VLAN1

    Posted 11-18-2021 05:38
    My recollection is that with transparent mode all interfaces are the same vlan and tags are no longer relevant.  This just becomes a bump in the wire allowing rules within that vlan.

    Can you share the document you used to configure transparent mode.

    Then the specific traffic failure that is happening between ports.

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------



  • 3.  RE: SRX1500 Transparent Mode - VLAN1

    Posted 11-18-2021 09:48
    Im following this document:
    [SRX] Example Configuration - LACP on Layer 2 transparent mode Chassis Cluster - Juniper Networks

    I believe vlan tagging is indeed necessary for proper identification of tags and headers for forwarding the frames. Other VLANs are working fine but not VLAN 1. Someone on the forum advised to use keyword "default" for naming of VLAN 1 but that didnt work either.

    Regards
    Saif

    ------------------------------
    saifuddin miyaji
    ------------------------------



  • 4.  RE: SRX1500 Transparent Mode - VLAN1

    Posted 11-30-2021 12:17
    Can I ask you to share the config part regarding the vlans and the interfaces, that your vlan needs to pass?
    If you don't want to share that openly, just DM me :)

    ------------------------------
    Christian Scholz
    Juniper Networks Ambassador | JNCIE-SEC #374
    Mail: chs@ip4.de
    Blog: jncie.eu | Twitter: @chsjuniper | YT-Channel: netchron
    ------------------------------



  • 5.  RE: SRX1500 Transparent Mode - VLAN1

    Posted 11-30-2021 13:34
    Might be slightly off topic but I am trying to create a vlan DATA with a tag of vlan-id 1 but fails since VLAN 1 is reserved. Wish there was a work around. 



    SRX1500# commit
    [edit vlans]
    'DATA'
    VLAN 1 is a reserved vlan. This vlan cannot be configured by user.
    [edit vlans]
    Failed to parse vlan hierarchy completely
    error: configuration check-out failed

    SRX1500# run show vlans

    Routing instance VLAN name Tag Interfaces
    default-switch VOICE 2        ge-0/0/1.0
    default-switch default 1

    ------------------------------
    JIM BACKER
    ------------------------------