Switching

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Expand all | Collapse all

stacked-vlan-tagging and Q-in-Q with SRX240 and EX3300

Jump to Best Answer
  • 1.  stacked-vlan-tagging and Q-in-Q with SRX240 and EX3300

    Posted 06-14-2019 18:35

    Hello experts,

     

    I have the topology that is shown in the attachment.

    topology.JPG

     

    I configured the SRX240 to enable stacked-vlan-tagging and Dual tagged but I have no connectivity between the PC and the SRX240. Below the configuration

    SRX240H

    lab> show configuration interfaces ge-0/0/1
    description "INTERFACE QINQ";
    stacked-vlan-tagging;
    mtu 9000;
    unit 117 {
        description "SUB-INTERFAZ S-VLAN 1100 C-VLAN 700";
        vlan-tags outer 0x8100.1100 inner 0x8100.700;
        family inet {
            mtu 1500;
            address 10.10.10.10/24;
        }
    }
    

    EX3300

    lab@SW02> show configuration interfaces ge-0/0/9
    mtu 9216;
    unit 0 {
        family ethernet-switching;
    }
    
    {master:0}
    lab@SW02> show configuration interfaces ge-0/0/43
    mtu 9216;
    unit 0 {
        family ethernet-switching {
            port-mode trunk;
            vlan {
                members vlan1100;
            }
        }
    }
    
    lab@SW02> show configuration vlans vlan1100
    description "2da S-VLAN";
    vlan-id 1100;
    interface {
        ge-0/0/9.0;
    }
    dot1q-tunneling {
        customer-vlans [ 2-4094 native ];
    }
    
    

    The PC adds the C-VLAN tag id 700

    The PC does not have conectivity with the SRX240. The Q-in-Q in the EX3300 is working well and it has a valid license to use QinQ, morover it was working with a M320. I think the problem is SRX240.

     

    Could you help me please?

     

    Thanks in advance


    #EX3300
    #q-in-q
    #SRX
    #SRX240


  • 2.  RE: stacked-vlan-tagging and Q-in-Q with SRX240 and EX3300

     
    Posted 06-14-2019 19:25

    Hi danny,

     

    Please check the following and try to flip VLAN assignment method just to be sure that's not acting up:
    a) On EX: 
    show vlans vlan1100 extensive
    delete vlans vlan1100 interface ge-0/0/9.0
    set interfaces ge-0/0/9.0 family ethernet-switching members vlan vlan100

     

    b) On SRX, are you receiving packets initiated from the PC, say ARP? Can do this with a firewall filter to count packets on ingress or perhaps "monitor traffic interface ge-0/0/1 no-resolve".

     

    Hope this helps.

     

    Regards,
    -r.

    --------------------------------------------------

    If this solves your problem, please mark this post as "Accepted Solution."
    Kudos are always appreciated :).



  • 3.  RE: stacked-vlan-tagging and Q-in-Q with SRX240 and EX3300

    Posted 06-28-2019 05:41

    Thanks for your help



  • 4.  RE: stacked-vlan-tagging and Q-in-Q with SRX240 and EX3300

    Posted 06-14-2019 21:41

    Hello

     

    I flipped VLAN assignment as you suggested me but the behavior is the same.

    On SRX. I configured a firewall filter as shown the KB11709 but it does not create the file.

     

    On EX, I can see both mac address (PC and SRX) but they do not have conectivity.

     

     

     

     

     



  • 5.  RE: stacked-vlan-tagging and Q-in-Q with SRX240 and EX3300
    Best Answer

    Posted 06-19-2019 07:59

    Hello

     

    I found this:
    "...

    The outer tag VLAN ID range is from 1 through 511 for normal interfaces, and from 512 through 4094 for VLAN CCC or VLAN VPLS interfaces. The inner tag is not restricted.

    ..." -

    https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/interfaces-configuring-dual-vlan-tags.html

    I think that is the reason why the SRX240 does not work. I changed the S-VLAN from 1100 to 444 and stacked-vlan-tagging to flexible-vlan-tagging, finally it works. I did not know it

    SRX240 config:

     

    lab> show configuration interfaces ge-0/0/1
    description "INTERFACE QINQ";
    flexible-vlan-tagging;
    mtu 9000;
    unit 117 {
        description "SUB-INTERFAZ S-VLAN 1100 C-VLAN 700";
        vlan-tags outer 0x8100.444 inner 0x8100.700;
        family inet {
            mtu 1500;
            address 10.10.10.10/24;
        }
    }

     

     



  • 6.  RE: stacked-vlan-tagging and Q-in-Q with SRX240 and EX3300

     
    Posted 06-17-2019 19:33

    Hi Danny,

     

    Please confirm if you have "set ethernet-switching-options dot1q-tunneling ether-type 0x8100" on the EX.

     

    Also, please try another technique to narrow down if the packets reach the SRX.  Like apply an ingree FW filter on ge-0/0/1 counting the interesting traffic or "monitor traffic interface ge-0/0/1" (if traffic is destined to the SRX itself).

     

    Hope this helps.

     

    Regards,
    -r.

    --------------------------------------------------

    If this solves your problem, please mark this post as "Accepted Solution."
    Kudos are always appreciated :).



  • 7.  RE: stacked-vlan-tagging and Q-in-Q with SRX240 and EX3300

     
    Posted 06-19-2019 08:19

    Good rule of thumb - what applies specifically to MX, often also applies to SRX.  Just a general rule, but I believe much more right than wrong.  One difference area might be L2 with Branch SRX, which has no real MX equivalent. 

     

    HTH