Switching

 View Only
last person joined: 3 days ago 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.
  • 1.  Management access to EX4200 not working

    Posted 09-28-2021 13:19
    Hi,
    In one of our lab, I have only one vlan available 10.33.45.0/24. I configured the vlan on all interfaces(almost), and also try to use the ip address inside this vlan for management access but failed.

    Here is my config:
    set vlans Lab vlan-id 345
    set interfaces interface-range SCOPE member ge-0/0/[0-46]

    set interfaces interface-range SCOPE unit 0 family ethernet-switching vlan members Lab
    set interfaces vlan unit 345 family inet address 10.33.45.8/24

    set routing-options static route 0.0.0.0/0 next-hop 10.33.45.1

    set system services ssh

    Every devices connecting port ge-0/0/[0-46] can communicate with other vlans outside of the lab, but I can't ping or ssh to 10.33.45.8.

    I know if I have two vlans I can use the trunk:
    set interfaces vlan unit 346 description NETMGMT-3

    set interfaces vlan unit 346 family inet address 10.33.46.8/24
    set vlans NETMGMT-3 vlan-id 346

    set vlans NETMGMT-3 l3-interface vlan.346

    But with only one vlan, what's my options here?

    And one more question, which one is the management port here? Maybe I can use it to access the switch?
    ge-0/1/0 {
    unit 0 {
    family ethernet-switching;
    }
    }
    xe-0/1/0 {
    unit 0 {
    family ethernet-switching;
    }
    }
    ge-0/1/1 {
    unit 0 {
    family ethernet-switching;
    }
    }
    xe-0/1/1 {
    unit 0 {
    family ethernet-switching;
    }
    }
    ge-0/1/2 {
    unit 0 {
    family ethernet-switching;
    }
    }
    xe-0/1/2 {
    unit 0 {
    family ethernet-switching;
    }
    }
    ge-0/1/3 {
    unit 0 {
    family ethernet-switching;
    }
    }

    Thanks in advance for all your help!

    ------------------------------
    KEITH GAO
    ------------------------------


  • 2.  RE: Management access to EX4200 not working

     
    Posted 09-28-2021 14:57
    Hi,

    You can have a routable vlan interface (RVI) in each vlan.  The only thing i can see missing is you need to add your vlan.345 RVI in your vlan LAB then you should be able to ping it if you plug a test machine into one of the access ports in that range.  To make sure your interfaces are configured correctly as trunk or access mode and the correct vlan use the command "show ethernet-switching interfaces" and it will show you each interface and what vlans is configured. The last part of your post those interfaces would be in the default vlan and not the vlan.345.


  • 3.  RE: Management access to EX4200 not working

    Posted 09-28-2021 18:55
    Thank you MFB, your suggestion is really helpful! I try to follow KB11000 [EX] How to configure routed VLAN interfaces (RVI) for inter VLAN routing on an EX switch but run into some issues.
    SUMMARY:

    This article provides information on how to create a routed VLAN interface (RVI) for inter VLAN routing.

    SYMPTOMS:

    How to create a routed VLAN interface (RVI) for inter VLAN routing.

    SOLUTION:

    To create inter VLAN routing by using routed VLAN interfaces (RVI), perform the following procedure:

    1. Create a layer 2 VLAN:
      root# set vlans <vlan-name> vlan-id <vlan-id> (1..4094)>
    2. Create a logical layer 3 VLAN interface:
      root# set interfaces vlan unit <unit# (0..16385)> family inet address <ip address/mask>
    3. Link the layer 2 VLAN to the layer 3 VLAN interface:
      root# set vlans <vlan-name> l3-interface vlan.<unit# mentioned above>
      

    Note:Repeat the above procedure for all of the logical VLANs on the switch.

    My config:
    set vlans HW-Lab vlan-id 345
    set interfaces vlan unit 345 family inet address 10.33.45.8/24
    set vlans HW-Lab l3-interface vlan.345
    created the following vlans:
    vlans {
    HW-Lab {
    vlan-id 345;
    l3-interface vlan.345;
    }
    }
    But when I try to create trunk
    set interfaces ae11 enable

    set interfaces ae11 unit 345 family ethernet-switching port-mode trunk

    set interfaces ae11 unit 345 family ethernet-switching vlan members 345

    when I try to commit, it caused errors:
    root# commit
    [edit vlans HW-Lab l3-interface]
    'l3-interface vlan.0'
    Interface must already be defined under [edit interfaces]
    error: commit failed: (statements constraint check failed)

    root# edit vlans

    {master:0}[edit vlans]
    root# show
    HW-Lab {
    vlan-id 345;
    ##
    ## Warning: Interface must already be defined under [edit interfaces]
    ##
    l3-interface vlan.0;
    }

    not sure why vlan.345 become vlan.0, and is quite confusing. And earlier when I try 
    set vlans HW-Lab l3-interface vlan.0

    it won't allow me to do that either.

    Thanks again everyone for your input, really appreciated!











    ------------------------------
    KEITH GAO
    ------------------------------



  • 4.  RE: Management access to EX4200 not working

    Posted 10-06-2021 05:50
    I think you might need to remove an old vlan.0 configuration from your vlan in addition to creating the new one
    delete vlans HW-Lab l3-interface vlan.0

    You can confirm any other place that might exist in the config throwing the error.
    show configuration |  match vlan.0 | display set


    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------



  • 5.  RE: Management access to EX4200 not working

    Posted 10-06-2021 17:55
    Thanks Steve!

    You are correct. Actually only with the following vlan config make it works:

    set vlans HW-Lab vlan-id 345
    set interfaces vlan unit 345 family inet address 10.33.45.8/24
    set vlans HW-Lab l3-interface vlan.345

    set interfaces interface-range SCOPE member ge-0/0/[0-46]
    set interfaces interface-range SCOPE unit 0 family ethernet-switching vlan members HW-Lab
    set routing-options static route 0.0.0.0/0 next-hop 10.33.45.1
    set system service SSH

    Now I can ssh to 10.33.45.8 from other network.

    Thanks everyone!

    ------------------------------
    KEITH GAO
    ------------------------------