Switching

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Expand all | Collapse all

Management access to EX4200 not working

  • 1.  Management access to EX4200 not working

    Posted 17 days ago
    Hi,
    In one of our lab, I have only one vlan available 10.33.45.0/24. I configured the vlan on all interfaces(almost), and also try to use the ip address inside this vlan for management access but failed.

    Here is my config:
    set vlans Lab vlan-id 345
    set interfaces interface-range SCOPE member ge-0/0/[0-46]

    set interfaces interface-range SCOPE unit 0 family ethernet-switching vlan members Lab
    set interfaces vlan unit 345 family inet address 10.33.45.8/24

    set routing-options static route 0.0.0.0/0 next-hop 10.33.45.1

    set system services ssh

    Every devices connecting port ge-0/0/[0-46] can communicate with other vlans outside of the lab, but I can't ping or ssh to 10.33.45.8.

    I know if I have two vlans I can use the trunk:
    set interfaces vlan unit 346 description NETMGMT-3

    set interfaces vlan unit 346 family inet address 10.33.46.8/24
    set vlans NETMGMT-3 vlan-id 346

    set vlans NETMGMT-3 l3-interface vlan.346

    But with only one vlan, what's my options here?

    And one more question, which one is the management port here? Maybe I can use it to access the switch?
    ge-0/1/0 {
    unit 0 {
    family ethernet-switching;
    }
    }
    xe-0/1/0 {
    unit 0 {
    family ethernet-switching;
    }
    }
    ge-0/1/1 {
    unit 0 {
    family ethernet-switching;
    }
    }
    xe-0/1/1 {
    unit 0 {
    family ethernet-switching;
    }
    }
    ge-0/1/2 {
    unit 0 {
    family ethernet-switching;
    }
    }
    xe-0/1/2 {
    unit 0 {
    family ethernet-switching;
    }
    }
    ge-0/1/3 {
    unit 0 {
    family ethernet-switching;
    }
    }

    Thanks in advance for all your help!

    ------------------------------
    KEITH GAO
    ------------------------------


  • 2.  RE: Management access to EX4200 not working

     
    Posted 17 days ago
    Hi,

    You can have a routable vlan interface (RVI) in each vlan.  The only thing i can see missing is you need to add your vlan.345 RVI in your vlan LAB then you should be able to ping it if you plug a test machine into one of the access ports in that range.  To make sure your interfaces are configured correctly as trunk or access mode and the correct vlan use the command "show ethernet-switching interfaces" and it will show you each interface and what vlans is configured. The last part of your post those interfaces would be in the default vlan and not the vlan.345.


  • 3.  RE: Management access to EX4200 not working

    Posted 17 days ago
    Thank you MFB, your suggestion is really helpful! I try to follow KB11000 [EX] How to configure routed VLAN interfaces (RVI) for inter VLAN routing on an EX switch but run into some issues.
    SUMMARY:

    This article provides information on how to create a routed VLAN interface (RVI) for inter VLAN routing.

    SYMPTOMS:

    How to create a routed VLAN interface (RVI) for inter VLAN routing.

    SOLUTION:

    To create inter VLAN routing by using routed VLAN interfaces (RVI), perform the following procedure:

    1. Create a layer 2 VLAN:
      root# set vlans <vlan-name> vlan-id <vlan-id> (1..4094)>
    2. Create a logical layer 3 VLAN interface:
      root# set interfaces vlan unit <unit# (0..16385)> family inet address <ip address/mask>
    3. Link the layer 2 VLAN to the layer 3 VLAN interface:
      root# set vlans <vlan-name> l3-interface vlan.<unit# mentioned above>
      

    Note:Repeat the above procedure for all of the logical VLANs on the switch.

    My config:
    set vlans HW-Lab vlan-id 345
    set interfaces vlan unit 345 family inet address 10.33.45.8/24
    set vlans HW-Lab l3-interface vlan.345
    created the following vlans:
    vlans {
    HW-Lab {
    vlan-id 345;
    l3-interface vlan.345;
    }
    }
    But when I try to create trunk
    set interfaces ae11 enable

    set interfaces ae11 unit 345 family ethernet-switching port-mode trunk

    set interfaces ae11 unit 345 family ethernet-switching vlan members 345

    when I try to commit, it caused errors:
    root# commit
    [edit vlans HW-Lab l3-interface]
    'l3-interface vlan.0'
    Interface must already be defined under [edit interfaces]
    error: commit failed: (statements constraint check failed)

    root# edit vlans

    {master:0}[edit vlans]
    root# show
    HW-Lab {
    vlan-id 345;
    ##
    ## Warning: Interface must already be defined under [edit interfaces]
    ##
    l3-interface vlan.0;
    }

    not sure why vlan.345 become vlan.0, and is quite confusing. And earlier when I try 
    set vlans HW-Lab l3-interface vlan.0

    it won't allow me to do that either.

    Thanks again everyone for your input, really appreciated!











    ------------------------------
    KEITH GAO
    ------------------------------



  • 4.  RE: Management access to EX4200 not working

     
    Posted 10 days ago
    I think you might need to remove an old vlan.0 configuration from your vlan in addition to creating the new one
    delete vlans HW-Lab l3-interface vlan.0

    You can confirm any other place that might exist in the config throwing the error.
    show configuration |  match vlan.0 | display set


    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------



  • 5.  RE: Management access to EX4200 not working

    Posted 9 days ago
    Thanks Steve!

    You are correct. Actually only with the following vlan config make it works:

    set vlans HW-Lab vlan-id 345
    set interfaces vlan unit 345 family inet address 10.33.45.8/24
    set vlans HW-Lab l3-interface vlan.345

    set interfaces interface-range SCOPE member ge-0/0/[0-46]
    set interfaces interface-range SCOPE unit 0 family ethernet-switching vlan members HW-Lab
    set routing-options static route 0.0.0.0/0 next-hop 10.33.45.1
    set system service SSH

    Now I can ssh to 10.33.45.8 from other network.

    Thanks everyone!

    ------------------------------
    KEITH GAO
    ------------------------------