SRX

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about the SRX Series.
Expand all | Collapse all

SRX300 series VLAN interface

Regalis

Regalis06-10-2016 02:21

Erdem

Erdem10-15-2016 12:00

  • 1.  SRX300 series VLAN interface

     
    Posted 06-09-2016 06:35

    I have been configuring an SRX320 for the first time.

    [edit vlans]
    root@lab-01# run show version
    Hostname: lab-01
    Model: srx320
    Junos: 15.1X49-D45
    JUNOS Software Release [15.1X49-D45]

     

    I noticed that under a vlan I am unable to to put a vlan L3 interface on it. 

    [edit vlans]
    root@lab-01# set v-100 l3-interface vlan.100
    error: l3-interface: 'vlan.100': Only IRB interface is supported, e.g. irb.10

    [edit vlans]
    root@lab-01# show
    v-100 {
    vlan-id 100;
    }

    As you can see it refuses to add it. I tried using a IRB interface instead but this is not routable as stated in this link:

     

    http://www.juniper.net/documentation/en_US/junos12.3x48/topics/concept/security-mixed-mode-understanding.html

     

    How do you get a L3 interface onto a VLAN on the SRX300 series?

     

     



  • 2.  RE: SRX300 series VLAN interface

    Posted 06-09-2016 07:51

    Hello,

     

     

    I would like to inform you that starting from version 15.1X+ the vlan interface is no longer supported on SRX and instead irb interface will be used for the same purpose.

     

    You can use the following online converter tool to convert the configruation from the old configuration to the new supported configuration.

    https://www.juniper.net/customers/support/configtools/elstranslator/index.jsp 

     

    Or you can refer the below example for your configuration :-

     

    root@SRX320-Pro# show interfaces
    ge-0/0/0 {
    unit 0 {
    family ethernet-switching {
    interface-mode access;
    vlan {
    members mgmt;
    }
    }
    }
    }
    irb {
    unit 100 {
    family inet {
    address 10.219.33.8/26;
    }
    }
    }

    root@SRX320-Pro# show vlans
    mgmt {
    vlan-id 100;
    l3-interface irb.100;
    }

     

    You need to use irb interface in a zone for allowing the host-inbound traffic.
    Also When you configure a device as Ethernet switch , the mode changes to mix mode and during commit a warning will be seen for a reboot so you need to also reboot the SRX for this configuration to take effect.

     

    If nothing from the above works then refer the following document which is for EX series device but will be same for the SRX 320 device.

    https://www.juniper.net/techpubs/en_US/junos12.3/information-products/topic-collections/ex9200/software-all/getting-started-els.pdf

     

    Thanks,
    Pulkit Bhandari

    Please mark my response as Solution Accepted if it Helps, Kudos are Appreciated too. Smiley Happy



  • 3.  RE: SRX300 series VLAN interface

     
    Posted 06-09-2016 09:02

    Thanks for the response. I had already configured all those things, please see below:

     


    [edit]
    root@hen-fw-01# show vlans
    v-100 {
    vlan-id 100;
    l3-interface irb.100;
    }

    [edit]
    root@hen-fw-01# show interfaces ge-0/0/1
    unit 0 {
    family ethernet-switching {
    vlan {
    members v-100;
    }
    }
    }

    [edit]
    root@hen-fw-01# show interfaces irb
    description "LAN RVI";
    unit 100 {
    family inet {
    address 10.1.1.1/24;
    }
    }

     

    root@hen-fw-01# show security zones security-zone trust
    host-inbound-traffic {
    system-services {
    dhcp;
    ping;
    traceroute;
    bootp;
    }
    }
    interfaces {
    irb.100;
    }

     

    It does not work.



  • 4.  RE: SRX300 series VLAN interface

    Posted 06-09-2016 09:22

    Be sure to put the SRX300 into switching mode as well:  http://www.juniper.net/techpubs/en_US/junos15.1x49-d40/topics/concept/security-layer2-bridging-switching-overview.html

     

    By default SRX300 is in transparent bridging mode, which sends all the L2 traffic through the network processor.  By changing to switching mode it uses the L2 switch chip to forward L2 traffic at line-rate & only punts the L3 (IP) traffic up to the NP.

     

    HtH.

     

     -Blake


    #SRX300switching


  • 5.  RE: SRX300 series VLAN interface

     
    Posted 06-10-2016 00:07

    Hi,

     

    Unfortunately still not working.

     

    [edit]
    root@lab-fw-01# show protocols
    l2-learning {
    global-mode switching;
    }

     

    Thanks



  • 6.  RE: SRX300 series VLAN interface

    Posted 06-10-2016 00:48

    Hello,

     

     

    Have you rebooted the SRX after configuring the IRB interface.

     

    If not then please reboot it and check if it works becasue When we configure a device as Ethernet switch , the mode changes to mix mode and during commit a warning will be seen for a reboot so we need to also reboot the SRX for this configuration to take effect.

     

    Thanks,
    Pulkit Bhandari

    Please mark my response as Solution Accepted if it Helps, Kudos are Appreciated too. Smiley Happy



  • 7.  RE: SRX300 series VLAN interface

     
    Posted 06-10-2016 02:21

    Yes I have rebooted.



  • 8.  RE: SRX300 series VLAN interface
    Best Answer

    Posted 06-11-2016 03:20

    Hi Regalis,

     

    Make sure that all the physical interfaces which are configured under this vlan are up.

    There is a known issue that irb interface does not work when one of vlan members is down and will be fixed in upcoming relases, moreover LACP is not supported till 15.1X49-D45 , so make sure these config are not present on SRX.

     

    Regards

    Hemant

     



  • 9.  RE: SRX300 series VLAN interface

     
    Posted 06-13-2016 02:28

    I am glad this is a known issue - thought I was going mad. A pretty serious bug to be released in the first place though!

     

    I will check this out tomorrow and I will confirm.

     

    Do you know when these fixes will be released?

     

    Thanks



  • 10.  RE: SRX300 series VLAN interface

    Posted 06-13-2016 04:29