I am trying to change the configuration of an old SRX240B running on version JUNOS Software Release [12.1X46-D40.2].
Its is an active-standby cluster , where IP is currently assigned on reth interfaces mapped to physical interfaces. We want to move the ip configuration from physical interface to vlan sub-interfaces.
I have already prepared the configuration for the activity but i am not sure what implications it will have on the associated zones, nat and policies of the physical interfaces, will they need to be changed as well.
Thanks in advance...!!!
Backup of existing config and new config script attached with actual ips removed.
You will have to unassign reth0.0 and reth2.0 from security zones and assign reth0.x, reth0.y, reth2.x and reth2.y.
NAT and security policies are not affected.
for quick response, so the resultant config should be like below ? And as you already stated nothing else need to be altered and their wont be any implications.
set interface reth0 vlan-taggingset interfaces reth0 redundant-ether-options redundancy-group 1set interfaces reth0 unit 10 vlan-id 10 -----------------------> Where 10 is vlan tag numberset interfaces reth0 unit 10 family inet address 'X.X.X.X/24'delete security zones security-zone MDMZ interfaces reth0.0set security zones security-zone MDMZ interfaces reth0.10
Thanks and really appreciate your efforts to help verify the config and its implications.
Need 1 more help, i tried configuring multiple vlan tags on a single reth, it didn't worked. Configuration got committed but i wasn't getting input packets, though output packets were visible. Ping etc not workingThe requirement is to consolidate multiple firewall-switch connections on a single firewall interface, firewall cluster is in active-standby. Switch side (a Cisco) is a trunk port with tagged vlans. I tried using following config but no luck.
set interfaces ge-0/0/3 gigether-options redundant-parent reth0set interfaces ge-5/0/3 gigether-options redundant-parent reth0set interfaces reth0 vlan-taggingset interfaces reth0 redundant-ether-options redundancy-group 1set interfaces reth0 unit 3087 vlan-id 3087
set interfaces reth0 unit 3086 vlan-id 3086
set interfaces reth0 unit 3087 family inet address 165.136.X.X/29
set interfaces reth0 unit 3086 family inet address 172.197.X.X/29set vlans ABC vlan-id 3087
set vlans XYZ vlan-id 3086set security zones security-zone ABC interfaces reth0.3087
set security zones security-zone ABC interfaces reth0.3086