As an add on, I have now tried the following:
vMX:
set interfaces ge-0/0/5 hierarchical-scheduler implicit-hierarchy
set interfaces ge-0/0/5 flexible-vlan-tagging
set interfaces ge-0/0/5 encapsulation flexible-ethernet-services
set interfaces ge-0/0/5 unit 0 family bridge interface-mode trunk
set interfaces ge-0/0/5 unit 0 family bridge vlan-id 99
set interfaces irb unit 99 family inet address 192.168.99.1/30
set bridge-domains test domain-type bridge
set bridge-domains test vlan-id 99
set bridge-domains test routing-interface irb.99
vSRX: - Don't think vSRX supports "switching" mode so cannot use IRB interfaces :(
set interfaces ge-0/0/5 description to-leeds-pe
set interfaces ge-0/0/5 vlan-tagging
set interfaces ge-0/0/5 unit 99 vlan-id 99
set interfaces ge-0/0/5 unit 99 family inet address 192.168.99.2/30
set security zones security-zone trust host-inbound-traffic system-services all
set security zones security-zone trust host-inbound-traffic protocols all
set security zones security-zone trust interfaces ge-0/0/5.99
set security policies from-zone trust to-zone trust policy default-permit match source-address any
set security policies from-zone trust to-zone trust policy default-permit match destination-address any
set security policies from-zone trust to-zone trust policy default-permit match application any
set security policies from-zone trust to-zone trust policy default-permit then permit
Cannot ping the MX from SRX or the other way around..... I will try a couple more things but thought I may get a couple of pointers here :)
Could be that it is vSRX and vMX.... who knows
------------------------------
Clive
------------------------------
Original Message:
Sent: 02-12-2021 02:57
From: Clive Gwyther
Subject: VLAN to MX
I am trying to configure the following:
Customer A / Customer B --> ge-0/0/0/ge-0/0/3 SRX ge-0/0/5 --> MX ge-0/0/5 (Routing will take place at this point).
So, the SRX is NTE for Customers but only we manage it so, from a customers perspective the Gateway for them will be on the MX making the SRX Transparent. But I configure up an irb interface for the management from the MX to the SRX. Here are the VLANs
VLAN 10 - Customer-A
VLAN 20 - Customer-B
VLAN 99 - Management
When configuring Q-in-Q I can configure the MX interface as follows and all works fine:
set interfaces ge-0/0/5 unit 10 description Customer-A
set interfaces ge-0/0/5 unit 10 vlan-tags outer 300
set interfaces ge-0/0/5 unit 10 vlan-tags inner 10
set interfaces ge-0/0/5 unit 10 ip address 172.16.16.2/30
set interfaces ge-0/0/5 unit 99 description NTE-Management
set interfaces ge-0/0/5 unit 99 vlan-tags outer 500
set interfaces ge-0/0/5 unit 99 vlan-tags inner 99
set interfaces ge-0/0/5 unit 99 family inet address 192.168.99.2/30 - opposing NTE IRB Interface will be addressed as 192.168.99.1/30
set interfaces ge-0/0/5 unit 20 description Customer-B
set interfaces ge-0/0/5 unit 20 vlan-tags outer 300
set interfaces ge-0/0/5 unit 20 vlan-tags inner 10
set interfaces ge-0/0/5 unit 20 ip address 10.10.10.2/30
However, I do not have a downstream ISP in between now and therefore cannot strip an S-Tag so I need to make the MX Interface capable of receiving multiple VLANs (Trunked) and be routed directly from the MX and I cannot get that working. Any ideas anyone?
------------------------------
Clive Gwyther
------------------------------