Although it's been taught that the Junos doesn't have a native vlan (i.e. unlike its competitor Cisco) --- I've noticed that there is a "VLAN-ID 3" present on several Branch series SRX devices (such as 100B and 210 model).
I understand that there are security policies/zones present by default on the branch series, but why does Juniper claim there isn't a default/native VLAN ... if "VLAN-ID 3" exists in the configuration??? That's incredibly confusing, and if anyone can clarify I'd be greatly appreciative.
I reckon you should see this with factory default loaded configuration.
This should be sample configuration for quick start usage of SRX appliance.
When you delete factory default configuration, you should not see any vlan id(it is not the case in Cisco)
Well it is really a semantics issue. The native vlan came out of the Cisco world. In the world of Juniper there is no native vlan. There are "default" configurations for all of the various Juniper devices. The default config for a branch SRX incudes a vlan labeled "trust" with the vlan-id 3.
So it is a vlan that is explicity defined in the "default" configuration for that box. In other Juniper device the default config does not inlcude any defined VLANS.
In the world of Cisco the native VLAN is just there on box, always. Hope that provides clarification for you.
Clear and concise. Exact answer I was looking for. Thanks for speedy post.
A Cisco "native VLAN" is the VLAN which is carried untagged over an 802.1q trunk. By default, it is enabled, and is VLAN 1.
With Junos, if you want an untagged VLAN on an 802.1q trunk, you need to specify native-vlan-id, and there's no particular default VLAN ID for that.
The EX seriies switch do not have a default vlan-id (at lest not shown when you run the command >show vlans. The branch SRX on the other hand, the default configuration has a default vlan-id of 1. Canyou post the out[uts from the SRX that show the deault vlan-id 3? All the systems will have internal interfaces, policers, and posibly vlans for internal communication within the device itself which should not be confused with user options.
can you show the output of >show vlans default from at least two of the devices?
Actually ... the Branch series SRX does in fact ship with VLAN-ID 3 ... not vlan-id 1.
Muttbarker has provided clarity on this in his post above. Please refer to it for the acceptable solution.
Please don't take offense, as words can be very flat, even condescending at times. I just wanted to make sure all were informed of the correct solution. I've also politely posted the code of a factory config below ... so you can see where vlan-id 3 is defined (see highlighted).
root# show | display setset version 11.2R4.3set system autoinstallation delete-upon-commitset system autoinstallation traceoptions level verboseset system autoinstallation traceoptions flag allset system autoinstallation interfaces fe-0/0/0 bootpset system root-authentication encrypted-password "$1$2fLcMAQt$.HfDeZumIFt7RfaJkHKA4."set system name-server 188.8.131.52set system name-server 184.108.40.206set system services sshset system services telnetset system services xnm-clear-textset system services web-management http interface vlan.0set system services web-management https system-generated-certificateset system services web-management https interface vlan.0set system services dhcp router 192.168.1.1set system services dhcp pool 192.168.1.0/24 address-range low 192.168.1.2set system services dhcp pool 192.168.1.0/24 address-range high 192.168.1.254set system services dhcp propagate-settings fe-0/0/0.0set system syslog archive size 100kset system syslog archive files 3set system syslog user * any emergencyset system syslog file messages any criticalset system syslog file messages authorization infoset system syslog file interactive-commands interactive-commands errorset system max-configurations-on-flash 5set system max-configuration-rollbacks 5set system license autoupdate url https://ae1.juniper.net/junos/key_retrievalset interfaces fe-0/0/0 unit 0set interfaces fe-0/0/1 unit 0 family ethernet-switching vlan members vlan-trustset interfaces fe-0/0/2 unit 0 family ethernet-switching vlan members vlan-trustset interfaces fe-0/0/3 unit 0 family ethernet-switching vlan members vlan-trustset interfaces fe-0/0/4 unit 0 family ethernet-switching vlan members vlan-trustset interfaces fe-0/0/5 unit 0 family ethernet-switching vlan members vlan-trustset interfaces fe-0/0/6 unit 0 family ethernet-switching vlan members vlan-trustset interfaces fe-0/0/7 unit 0 family ethernet-switching vlan members vlan-trustset interfaces vlan unit 0 family inet address 192.168.1.1/24set protocols stpset security screen ids-option untrust-screen icmp ping-deathset security screen ids-option untrust-screen ip source-route-optionset security screen ids-option untrust-screen ip tear-dropset security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048set security screen ids-option untrust-screen tcp syn-flood timeout 20set security screen ids-option untrust-screen tcp landset security nat source rule-set trust-to-untrust from zone trustset security nat source rule-set trust-to-untrust to zone untrustset security nat source rule-set trust-to-untrust rule source-nat-rule match source-address 0.0.0.0/0set security nat source rule-set trust-to-untrust rule source-nat-rule then source-nat interfaceset security policies from-zone trust to-zone untrust policy trust-to-untrust match source-address anyset security policies from-zone trust to-zone untrust policy trust-to-untrust match destination-address anyset security policies from-zone trust to-zone untrust policy trust-to-untrust match application anyset security policies from-zone trust to-zone untrust policy trust-to-untrust then permitset security zones security-zone trust host-inbound-traffic system-services allset security zones security-zone trust host-inbound-traffic protocols allset security zones security-zone trust interfaces vlan.0set security zones security-zone untrust screen untrust-screenset security zones security-zone untrust interfaces fe-0/0/0.0 host-inbound-traffic system-services dhcpset security zones security-zone untrust interfaces fe-0/0/0.0 host-inbound-traffic system-services tftpset vlans vlan-trust vlan-id 3set vlans vlan-trust l3-interface vlan.0