Hello Guys,
On my srx i have a reth interface configured with vlan-tagging for multiple vlans and i want to enable OSPF. What is best practice to do this. Is it wise to add only reth1 in ospf area 0, or do i need to add each of the interfaces (reth1.10, reth1.20 and reth1.30) in the vlan for them to begin sending and responding to OSPF hello packets. Please se below a snippet configuration. Can someone verify my configuration.
thanks
Snippet configuration:reth1 {
description "ospf on reth interface";
vlan-tagging;
redundant-ether-options {
redundancy-group 1;
lacp {
active;
periodic slow;
}
}
unit 10 {
description "test10";
vlan-id 10;
family inet {
address 192.168.10.0/24;
}
}
unit 20 {
description "test20";
vlan-id 20;
family inet {
address 192.168.20.0/24;
}
}
unit 30 {
description "test30";
vlan-id 30;
family inet {
address 192.168.30.0/24;
}
set interfaces ge-0/0/8 gigether-options redundant-parent reth1
set interfaces ge-0/0/8 description "towards switch1"
set interfaces ge-5/0/8 gigether-options redundant-parent reth1
set interfaces ge-5/0/8 description "towards switch2"
set security zones security-zone test10 host-inbound-traffic protocols all
set security zones security-zone test10 host-inbound-traffic system-services all
set security zones security-zone test20 host-inbound-traffic protocols all
set security zones security-zone test20 host-inbound-traffic system-services all
set security zones security-zone test30 host-inbound-traffic protocols all
set security zones security-zone test30 host-inbound-traffic system-services all
set protocols ospf export ospf-export
set routing-options router-id 172.22.104.1
set protocols ospf area 0.0.0.0 interface reth1 authentication md5 1 key ******set protocols ospf area 0.0.0.0 interface ge-0/0/8 authentication md5 1 key ******set protocols ospf area 0.0.0.0 interface ge-5/0/8 authentication md5 1 key ******or
set protocols ospf area 0.0.0.0 interface reth1.10 authentication md5 1 key ******set protocols ospf area 0.0.0.0 interface reth1.20 authentication md5 1 key ******set protocols ospf area 0.0.0.0 interface reth1.30 authentication md5 1 key ******set protocols ospf area 0.0.0.0 interface ge-0/0/8 authentication md5 1 key ******set protocols ospf area 0.0.0.0 interface ge-5/0/8 authentication md5 1 key ******
set policy-options policy-statement ospf-export term backoffice from route-filter 10.0.0.0/8 exact
set policy-options policy-statement ospf-export term backoffice from route-filter 172.16.0.0/12 exact
set policy-options policy-statement ospf-export term backoffice from route-filter 192.168.0.0/16 exact
set policy-options policy-statement ospf-export term backoffice then accept
set policy-options policy-statement ospf-export term direct from protocol direct
set policy-options policy-statement ospf-export term direct then accept
set policy-options policy-statement ospf-export term static from protocol static
set policy-options policy-statement ospf-export term static then accept
set routing-options rib inet.0 static route 0.0.0.0/0 next-hop 31.56.56.23 no-readvertise
Regards,
Sul