Junos OS

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about Junos OS.
  • 1.  VLAN to MX

    Posted 02-12-2021 02:58
    I am trying  to configure the following:

    Customer A / Customer B  --> ge-0/0/0/ge-0/0/3 SRX ge-0/0/5 --> MX ge-0/0/5 (Routing will take place at this point).

    So, the SRX is NTE for Customers but only we manage it so, from a customers perspective the Gateway for them will be on the MX making the SRX Transparent. But I configure up an irb interface for the management from the MX to the SRX. Here are the VLANs

    VLAN 10 - Customer-A
    VLAN 20 - Customer-B
    VLAN 99 - Management

    When configuring Q-in-Q I can configure the MX interface as follows and all works fine:

    set interfaces ge-0/0/5 unit 10 description Customer-A
    set interfaces ge-0/0/5 unit 10 vlan-tags outer 300
    set interfaces ge-0/0/5 unit 10 vlan-tags inner 10
    set interfaces ge-0/0/5 unit 10 ip address 172.16.16.2/30
    set interfaces ge-0/0/5 unit 99 description NTE-Management
    set interfaces ge-0/0/5 unit 99 vlan-tags outer 500
    set interfaces ge-0/0/5 unit 99 vlan-tags inner 99
    set interfaces ge-0/0/5 unit 99 family inet address 192.168.99.2/30 - opposing NTE IRB Interface will be addressed as 192.168.99.1/30
    set interfaces ge-0/0/5 unit 20 description Customer-B
    set interfaces ge-0/0/5 unit 20 vlan-tags outer 300
    set interfaces ge-0/0/5 unit 20 vlan-tags inner 10
    set interfaces ge-0/0/5 unit 20 ip address 10.10.10.2/30

    However, I do not have a downstream ISP in between now and therefore cannot strip an S-Tag so I need to make the MX Interface capable of receiving multiple VLANs (Trunked) and be routed directly from the MX and I cannot get that working. Any ideas anyone?

    ------------------------------
    Clive Gwyther
    ------------------------------


  • 2.  RE: VLAN to MX

    Posted 02-12-2021 06:56
    As an add on, I have now tried the following:

    vMX:
    set interfaces ge-0/0/5 hierarchical-scheduler implicit-hierarchy
    set interfaces ge-0/0/5 flexible-vlan-tagging
    set interfaces ge-0/0/5 encapsulation flexible-ethernet-services
    set interfaces ge-0/0/5 unit 0 family bridge interface-mode trunk
    set interfaces ge-0/0/5 unit 0 family bridge vlan-id 99
    set interfaces irb unit 99 family inet address 192.168.99.1/30
    set bridge-domains test domain-type bridge
    set bridge-domains test vlan-id 99
    set bridge-domains test routing-interface irb.99

    vSRX: - Don't think vSRX supports "switching" mode so cannot use IRB interfaces :(
    set interfaces ge-0/0/5 description to-leeds-pe
    set interfaces ge-0/0/5 vlan-tagging
    set interfaces ge-0/0/5 unit 99 vlan-id 99
    set interfaces ge-0/0/5 unit 99 family inet address 192.168.99.2/30
    set security zones security-zone trust host-inbound-traffic system-services all
    set security zones security-zone trust host-inbound-traffic protocols all
    set security zones security-zone trust interfaces ge-0/0/5.99
    set security policies from-zone trust to-zone trust policy default-permit match source-address any
    set security policies from-zone trust to-zone trust policy default-permit match destination-address any
    set security policies from-zone trust to-zone trust policy default-permit match application any
    set security policies from-zone trust to-zone trust policy default-permit then permit

    Cannot ping the MX from SRX or the other way around..... I will try a couple more things but thought I may get a couple of pointers here :)

    Could be that it is vSRX and vMX.... who knows





    ------------------------------
    Clive
    ------------------------------