Junos OS

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Expand all | Collapse all

EX2300-C Help with Vlan.0

  • 1.  EX2300-C Help with Vlan.0

    Posted 06-17-2021 10:04
    Hello everyone,

    I'm trying to mimic the configuration I have on a 2200-C switch that recently lost all POE.  I previously used Ezsetup to get the GUI working,  the rest was fairly easy.  Setting up the new one has not been the same experience. One sticking point is the old switch has an l3-interface vlan.0 statement  for the management vlan and I don't know how create it on the new switch.  Under vlans, the new switch says the default vlan-id is 1 and the l3-interface is irb.0.

    I have a couple of vlans, one port set up as a trunk for all and then an access port that is just for me to test out accessing the management IP.  I have a static route going to our firewall, which does all of our routing. I'm unable to access this switch from the network, and have been configuring  it with Putty via the console port.  I"m obviously missing something, and I was hoping someone here could help.

    Thanks!

    ------------------------------
    Alan Alan
    ------------------------------


  • 2.  RE: EX2300-C Help with Vlan.0

    Posted 06-17-2021 13:02
    I saw it mentioned somewhere that I need to forget about vlan.0 and use irb instead. However, when I enter "set vlans default l3-interface irb.0, it tells me that there is an error in parsing bridge domains/vlans. 

    irb cannot be associated with mutliple domains/instances.

    I deleted the vlan.0 and changed it to irb.0

    ------------------------------
    Alan Alan
    ------------------------------



  • 3.  RE: EX2300-C Help with Vlan.0

    Posted 06-18-2021 11:18
    Hi Alan,
    Correct, based on JUNOS version and such you may not use vlan interfaces, but rather irb interfaces. And you cannot associate an irb interface with multiple L2 vlans. The l3 interface should exist on the l2 vlan that your upstream l3 gateway is using for that vlan.

    It sounds like you're doing in-band management using a data port not the management port (me0 on the 2300).

    So you'll need to have an irb interface that you assign the ip information to, add that as the l3-interface to the vlan, and set the static route. Something like these stanzas in your config:
    vlans {
        default {
            vlan-id 1;
            l3-interface irb.0;
        }
    }
    
    interfaces
       irb {
            unit 0 {
                family inet {
                    address 10.0.255.100/24;
                }
            }
       }
    }
    
    routing-options {
        nonstop-routing;
        static {
            route 0.0.0.0/0 next-hop 10.0.255.1;
        }
    }
    ​

    As a best practice, I don't use VLAN 1 or irb.0. If you want you could post some of your config here and we could provide specific info back.

    ------------------------------
    ALLYN CROWE
    ------------------------------



  • 4.  RE: EX2300-C Help with Vlan.0

    Posted 06-21-2021 11:11
    Thanks for your help. I'll try this now.

    ------------------------------
    Alan Alan
    ------------------------------



  • 5.  RE: EX2300-C Help with Vlan.0

    Posted 06-21-2021 13:25
    Okay, so I limped along until I thought I was home free with the Jweb, but on Firefox it just tells me that the session has expired and to click okay to redirect the page each time I log into it. Once I I click okay, it says it cannot find the application package.

    On Chrome, it just refused to come up at all.

    A quick Google search told me that I need to download the Jweb software, but when I go to the support page, it won't allow me to do it. No idea how to get past this. This switch was recently RMAd to me, so I can prove ownership.

    So I contacted Juniper, and they added software downloads to my profile, and I was able to install a software update via USB (very painful; kept saying no space).  I now have a JWeb that acts in a diminished capacity, and it tells me that I need to update it in order to use it. It also says that it has no internet connectivity. I can ping from the switch to every gateway address in my office.  Looks like I'm going to need some help figuring out why it doesn't want to connect to the outside though.  I only have one port 0 set up at the moment.




    ------------------------------
    Alan Alan
    ------------------------------



  • 6.  RE: EX2300-C Help with Vlan.0

    Posted 06-21-2021 18:55
      |   view attached
    See config. Firewall handles routing.

    ------------------------------
    Alan Alan
    ------------------------------

    Attachment(s)

    txt
    config.txt   5 KB 1 version


  • 7.  RE: EX2300-C Help with Vlan.0

    Posted 06-22-2021 10:35
    I don't use J-Web so no real ideas there.

    Looking at the config it looks good for ge-0/0/0 . You might add a native vlan statement in case you have some un-tagged (i've seen some strange behavior at times):
    set interface ge-0/0/0 native-vlan-id 1

    And if you can ping up to your firewall and also across it then everything should be good to go? what happens if you ping 8.8.8.8? 

    You don't have a name server set so if you're trying to reach things on the internet that could be the issue. You can add google's here (or replace with your preferred)
    set system name-server 8.8.8.8​


    ------------------------------
    ALLYN CROWE
    ------------------------------



  • 8.  RE: EX2300-C Help with Vlan.0

    Posted 06-22-2021 10:43
    Also, if you're trying to use another port you'll need to set the config on one. Only ge-0/0/0 is configured. So something like:
    set interface ge-0/0/1 unit-0 family ethernet-switching vlan members wireless;​


    ------------------------------
    ALLYN CROWE
    ------------------------------



  • 9.  RE: EX2300-C Help with Vlan.0

    Posted 06-22-2021 11:02
    Thanks for your help. Ironically, I usually stick with the command line as well.. on cisco stuff, but this feels completely different.   One last question, and I will be set.  I set the root password, but it only seems to work when I use the GUI. If I attempt to ssh to the switch, it never accepts that password.  However, if I connect to it via Putty, it works just fine.  Is this normal ?

    ------------------------------
    Alan Alan
    ------------------------------



  • 10.  RE: EX2300-C Help with Vlan.0

    Posted 06-22-2021 11:20
    Coming from the world of Cisco, JUNOS is definitely different. But I found once I got used to it that I love it. From version control in the config to multiple ways to set config statements (set commands are like Cisco, but you can also edit at specific layers and paste in the overall config. A couple of resources that may help you get to know the JUNOS CLI a little better:
    https://www.juniper.net/documentation/jnbooks/us/en/day-one-books (especially the JUNOS for IOS engineers)
    https://learningportal.juniper.net/juniper/user_activity_info.aspx?id=12371 (this is a free learning direct from Juniper)
    https://www.networkfuntimes.com/new-series-a-guide-to-junos-for-ios-engineers/ (great blog by Chris Parker i.e. networkfuntimes)

    Specific to your root login question, you can only ssh as root if you set a specific command ( set system services ssh root-login allow ). You're better off using the user you have defined as that will drop you straight into the junos cli instead of the Linux cli. Much like you don't ssh to a Linux server as root, unless you have a specific reason you shouldn't on JUNOS.

    ------------------------------
    ALLYN CROWE
    ------------------------------



  • 11.  RE: EX2300-C Help with Vlan.0

    Posted 06-22-2021 12:31
    Thanks for all of your help with this. I'm up and running like before.  I'll make sure to check out the training so recommended. I"m going to need it.

    -Alan

    ------------------------------
    Alan Alan
    ------------------------------