Switching

I've got a new EX4200 and an SSG-140. I need to create several VLANs that must be able to talk to each other over L3. The default route of the EX4200 should be the SSG-140, which will be connected to the ge-0/0/23 port on the EX4200 and to the trust 0/0 port on the SSG. The default route for the SSG will be the ISP gateway. One VLAN on the EX4200 will require DHCP, and from this VLAN I would like to be able to get to the SSG to perform management.

Is this configuration possible? I think I need to configure the ge-0/0/23 (uplink) interface with VLAN tagging and use trunk mode. I have this configured so far so that the EX4200 can ping the SSG, and vice versa. What I'm usure about it how to configure the l3 VLAN routing so the vlans can pass traffic to each other, and also have one of those VLANs route to the SSG for management.

Any hints?

Hi timd

By default everythings you want to do is possible on the EX4200.

L3 routing is done and activated by default (it's a L3 switch , that to say a router and not a firewall!)

You will have to do a configuration like this one:

Assuming that the ip default gateway on your SSG is 10.0.0.2

set interfaces ge-0/0/23 unit 0 family ethernet-switching port-mode trunk

set interfaces ge-0/0/23 unit 0 family ethernet-switching vlan members toto
set interfaces ge-0/0/23 unit 0 family ethernet-switching vlan members titi

set interfaces vlan unit 1 family inet address 10.0.0.1/24
set interfaces vlan unit 2 family inet address 20.0.0.1/24

set routing-options static route 0.0.0.0/0 next-hop 10.0.0.2

set vlans titi vlan-id 20
set vlans titi l3-interface vlan.2
set vlans toto vlan-id 10
set vlans toto l3-interface vlan.1

You can read some examples in this document also:

http://junos.juniper.net/content/Resources/!Rebranded_Resources/Deploying%20EX-series%20Switches%20in%20Branch%20Offices.pdf

If you have a drawing of your test-bed that would be simplier to help you , but I think you've got here a good view of a simple config.

HTH

Alain

Alain:

Thanks for the reply. I have a basic configuration as you supplied - my setup was very similar, so I guess I'm doing something right - but I have the problem where I cannot ping the SSG from the EX4200 or vice versa. The interface on the SSG is 0/0 and I created a sub-interface with VLAN 1, IP 10.250.5.1/27. The corresponding l3 interface on the EX4200 is 10.250.5.30/27. Here is the config on the 4200:

# EX4200
# Create a trunk port to SSG eth0/0.1
set interfaces ge-0/0/23 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/23 unit 0 family ethernet-switching vlan members uplink
set interfaces ge-0/0/23 unit 0 family ethernet-switching vlan members servers
set interfaces ge-0/0/23 unit 0 family ethernet-switching vlan members pcs
set interfaces ge-0/0/23 unit 0 family ethernet-switching vlan members mgmt

# Create the RVI L3 subinterfaces for the VLANs
## Default vlan - can be used for managing unit. 192.168.254.1 is SSG
set interfaces vlan unit 0 family inet address 192.168.254.254/24
set interfaces vlan unit 1 family inet address 10.250.5.30/27
set interfaces vlan unit 2 family inet address 10.5.0.1/24
set interfaces vlan unit 5 family inet address 10.5.4.1/23
set interfaces vlan unit 100 family inet address 10.100.0.2/24
# Set up in-band management interface using loopback
set interfaces lo0.0 family inet address 10.100.0.1/32

set routing-options static route 0.0.0.0/0 next-hop 10.250.5.1

set vlans default vlan-id 0
set vlans default l3-interface vlan.0
set vlans uplink vlan-id 1
set vlans uplink l3-interface vlan.1
set vlans servers vlan-id 2
set vlans servers l3-interface vlan.2
set vlans pcs vlan-id 5
set vlans pcs l3-interface vlan.5
set vlans mgmt vlan-id 100
set vlans mgmt l3-interface vlan.100

# Add interfaces to the vlan as members (untagged)
set vlans pcs interface ge-0/0/0.0
set vlans pcs interface ge-0/0/1.0
set vlans pcs interface ge-0/0/2.0
set vlans pcs interface ge-0/0/3.0
set vlans pcs interface ge-0/0/4.0
set vlans pcs interface ge-0/0/5.0
set vlans pcs interface ge-0/0/6.0
set vlans pcs interface ge-0/0/7.0
set vlans pcs interface ge-0/0/8.0
set vlans pcs interface ge-0/0/9.0
set vlans servers interface ge-0/0/10.0
set vlans servers interface ge-0/0/11.0
set vlans servers interface ge-0/0/12.0


edit system services dhcp pool 10.5.4.0/23
set address-range low 10.5.4.25 high 10.5.5.240
set router 10.5.4.1
set domain-name foobar.com
set name-server 10.5.0.21
set name-server 192.168.1.2

Any ideas?

Hi Timd,

Are you already turn on "ping enable" at SSG interface ?

Yes, I am.

I figured out the problem. I had two issues. The first, I needed to add the native-vlan-id '1' to the uplink interface (ge-0/0/23.0). Once I did this, pings started working between the SSG and EX4200.

Then it got weird. On the pcs VLAN, they would not get DHCP addresses. I couldn't ping across VLANs either. After confirming everything was right in the config, I reset the switch to the factory and recreated my config from scratch. After that, everything is now working perfectly.