Switching

Expand all | Collapse all

stacked-vlan-tagging and Q-in-Q with SRX240 and EX3300

Jump to Best Answer
  • 1.  stacked-vlan-tagging and Q-in-Q with SRX240 and EX3300

    Posted 06-14-2019 18:35

    Hello experts,

     

    I have the topology that is shown in the attachment.

    topology.JPG

     

    I configured the SRX240 to enable stacked-vlan-tagging and Dual tagged but I have no connectivity between the PC and the SRX240. Below the configuration

    SRX240H

    lab> show configuration interfaces ge-0/0/1
    description "INTERFACE QINQ";
    stacked-vlan-tagging;
    mtu 9000;
    unit 117 {
        description "SUB-INTERFAZ S-VLAN 1100 C-VLAN 700";
        vlan-tags outer 0x8100.1100 inner 0x8100.700;
        family inet {
            mtu 1500;
            address 10.10.10.10/24;
        }
    }
    

    EX3300

    lab@SW02> show configuration interfaces ge-0/0/9
    mtu 9216;
    unit 0 {
        family ethernet-switching;
    }
    
    {master:0}
    lab@SW02> show configuration interfaces ge-0/0/43
    mtu 9216;
    unit 0 {
        family ethernet-switching {
            port-mode trunk;
            vlan {
                members vlan1100;
            }
        }
    }
    
    lab@SW02> show configuration vlans vlan1100
    description "2da S-VLAN";
    vlan-id 1100;
    interface {
        ge-0/0/9.0;
    }
    dot1q-tunneling {
        customer-vlans [ 2-4094 native ];
    }
    
    

    The PC adds the C-VLAN tag id 700

    The PC does not have conectivity with the SRX240. The Q-in-Q in the EX3300 is working well and it has a valid license to use QinQ, morover it was working with a M320. I think the problem is SRX240.

     

    Could you help me please?

     

    Thanks in advance


    #EX3300
    #q-in-q
    #SRX
    #SRX240


  • 2.  RE: stacked-vlan-tagging and Q-in-Q with SRX240 and EX3300

     
    Posted 06-14-2019 19:25

    Hi danny,

     

    Please check the following and try to flip VLAN assignment method just to be sure that's not acting up:
    a) On EX: 
    show vlans vlan1100 extensive
    delete vlans vlan1100 interface ge-0/0/9.0
    set interfaces ge-0/0/9.0 family ethernet-switching members vlan vlan100

     

    b) On SRX, are you receiving packets initiated from the PC, say ARP? Can do this with a firewall filter to count packets on ingress or perhaps "monitor traffic interface ge-0/0/1 no-resolve".

     

    Hope this helps.

     

    Regards,
    -r.

    --------------------------------------------------

    If this solves your problem, please mark this post as "Accepted Solution."
    Kudos are always appreciated :).



  • 3.  RE: stacked-vlan-tagging and Q-in-Q with SRX240 and EX3300

    Posted 06-14-2019 21:41

    Hello

     

    I flipped VLAN assignment as you suggested me but the behavior is the same.

    On SRX. I configured a firewall filter as shown the KB11709 but it does not create the file.

     

    On EX, I can see both mac address (PC and SRX) but they do not have conectivity.

     

     

     

     

     



  • 4.  RE: stacked-vlan-tagging and Q-in-Q with SRX240 and EX3300

     
    Posted 06-17-2019 19:33

    Hi Danny,

     

    Please confirm if you have "set ethernet-switching-options dot1q-tunneling ether-type 0x8100" on the EX.

     

    Also, please try another technique to narrow down if the packets reach the SRX.  Like apply an ingree FW filter on ge-0/0/1 counting the interesting traffic or "monitor traffic interface ge-0/0/1" (if traffic is destined to the SRX itself).

     

    Hope this helps.

     

    Regards,
    -r.

    --------------------------------------------------

    If this solves your problem, please mark this post as "Accepted Solution."
    Kudos are always appreciated :).



  • 5.  RE: stacked-vlan-tagging and Q-in-Q with SRX240 and EX3300
    Best Answer

    Posted 06-19-2019 07:59

    Hello

     

    I found this:
    "...

    The outer tag VLAN ID range is from 1 through 511 for normal interfaces, and from 512 through 4094 for VLAN CCC or VLAN VPLS interfaces. The inner tag is not restricted.

    ..." -

    https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/interfaces-configuring-dual-vlan-tags.html

    I think that is the reason why the SRX240 does not work. I changed the S-VLAN from 1100 to 444 and stacked-vlan-tagging to flexible-vlan-tagging, finally it works. I did not know it

    SRX240 config:

     

    lab> show configuration interfaces ge-0/0/1
    description "INTERFACE QINQ";
    flexible-vlan-tagging;
    mtu 9000;
    unit 117 {
        description "SUB-INTERFAZ S-VLAN 1100 C-VLAN 700";
        vlan-tags outer 0x8100.444 inner 0x8100.700;
        family inet {
            mtu 1500;
            address 10.10.10.10/24;
        }
    }

     

     



  • 6.  RE: stacked-vlan-tagging and Q-in-Q with SRX240 and EX3300

     
    Posted 06-19-2019 08:19

    Good rule of thumb - what applies specifically to MX, often also applies to SRX.  Just a general rule, but I believe much more right than wrong.  One difference area might be L2 with Branch SRX, which has no real MX equivalent. 

     

    HTH



  • 7.  RE: stacked-vlan-tagging and Q-in-Q with SRX240 and EX3300

    Posted 06-28-2019 05:41

    Thanks for your help