Junos OS

Expand all | Collapse all

SRX 240B Cluster Physical Interface to Vlan Sub-interface migration implications

Jump to Best Answer
  • 1.  SRX 240B Cluster Physical Interface to Vlan Sub-interface migration implications

    Posted 06-29-2018 05:09

    Hello Experts,

     

    I am trying to change the configuration of an old SRX240B running on version JUNOS Software Release [12.1X46-D40.2].

    Its is an active-standby cluster , where IP is currently assigned on reth interfaces mapped to physical interfaces. We want to move the ip configuration from physical interface to vlan sub-interfaces. 

    I have already prepared the configuration for the activity but i am not sure what implications it will have on the associated zones, nat and policies of the physical interfaces, will they need to be changed as well.

    Thanks in advance...!!!

     

    Backup of existing config and new config script attached with actual ips removed.


    #SRX
    #cluster
    #subinterface

    Attachment(s)



  • 2.  RE: SRX 240B Cluster Physical Interface to Vlan Sub-interface migration implications

     
    Posted 06-29-2018 07:02

    You will have to unassign reth0.0 and reth2.0 from security zones and assign reth0.x, reth0.y, reth2.x and reth2.y.

    NAT and security policies are not affected.

    Regards, Wojtek



  • 3.  RE: SRX 240B Cluster Physical Interface to Vlan Sub-interface migration implications

    Posted 06-29-2018 09:12

    Thanks Wojtek,

     

    for quick response, so the resultant config should be like below ? And as you already stated nothing else need to be altered and their wont be any implications.

     

    set interface reth0 vlan-tagging
    set interfaces reth0 redundant-ether-options redundancy-group 1
    set interfaces reth0 unit 10 vlan-id 10 -----------------------> Where 10 is vlan tag number
    set interfaces reth0 unit 10 family inet address 'X.X.X.X/24'
    delete security zones security-zone MDMZ interfaces reth0.0
    set security zones security-zone MDMZ interfaces reth0.10



  • 4.  RE: SRX 240B Cluster Physical Interface to Vlan Sub-interface migration implications
    Best Answer

     
    Posted 06-29-2018 11:36

    Yes.

     

    Regards, Wojtek



  • 5.  RE: SRX 240B Cluster Physical Interface to Vlan Sub-interface migration implications

    Posted 06-30-2018 22:31

    Thanks and really appreciate your efforts to help verify the config and its implications.



  • 6.  RE: SRX 240B Cluster Physical Interface to Vlan Sub-interface migration implications

    Posted 08-01-2018 00:28

    Hi Wdudys/Experts,

     

    Need 1 more help, i tried configuring multiple vlan tags on a single reth, it didn't worked. Configuration got committed but i wasn't getting input packets, though output packets were visible. Ping etc not working
    The requirement is to consolidate multiple firewall-switch connections on a single firewall interface, firewall cluster is in active-standby. Switch side (a Cisco) is a trunk port with tagged vlans. I tried using following config but no luck.

     

    set interfaces ge-0/0/3 gigether-options redundant-parent reth0
    set interfaces ge-5/0/3 gigether-options redundant-parent reth0
    set interfaces reth0 vlan-tagging
    set interfaces reth0 redundant-ether-options redundancy-group 1
    set interfaces reth0 unit 3087 vlan-id 3087

    set interfaces reth0 unit 3086 vlan-id 3086

    set interfaces reth0 unit 3087 family inet address 165.136.X.X/29

    set interfaces reth0 unit 3086 family inet address 172.197.X.X/29
    set vlans ABC vlan-id 3087

    set vlans XYZ vlan-id 3086
    set security zones security-zone ABC interfaces reth0.3087

    set security zones security-zone ABC interfaces reth0.3086

     

    Thanks...!!!