Screen OS

 View Only
last person joined: 11 months ago 

This is a legacy community with limited Juniper monitoring.
  • 1.  NetScreen -- vlan retagging

    Posted 09-01-2009 05:41

    Hi All,

    I am experiencing some problems to configure a NetScreen 5200 FW (ScreenOS=6.2.0r3a.0) to act as a "vlan-retagger".

    I consider only a one-to-one vlan mapping and I do not need to have multiple vsys.

    did someone know if there is a documentation that address this issue ?

    I have already checked the user guide. unfortunately, exemples (in chapter 3 - depicted in page 71, 72 and 73) seems to be incomplete.

    I will appreciate any help ;(

     

    many thanks in advance.

     

    rgds

    --

     


    #Transparent
    #retagging
    #vlan


  • 2.  RE: NetScreen -- vlan retagging

    Posted 09-01-2009 12:18

    Vlan retagging only supports in Transparent Mode.

    Unfortunately I am unable to find the complete doc with example , but I think it is good to start with that doc.

     

    Thanks

    Atif



  • 3.  RE: NetScreen -- vlan retagging

    Posted 09-02-2009 07:07

    Hi,

     

    thank you Atif for you presence...

    I have fixed "partially" this issue...

     

    both FW ports are running in Transparent Mode.

    below is a partial view of my lab topology:

     

                                                               +------------+

     towards L3SW (port A)   <-------------|  ns5200  |------------->  towards L3SW (port B)

                                                               +------------+

     

    L3SW is my layer 3 switch

     

    when configuring the remote ports of my L3SW  as "trunk links" ---> it does not work

    when I configure these remote ports in "access mode" ---> it works

     

    the thing is that I need to configure these links as "trunk" because I will use mutiple vlans over each physical link

    so the question is: how to put local ports (of the FW) in "trunk mode" ?

    I already tried the command  "set interface vlan1 vlan trunk ". but it was rejected by the FW. Below is the output :

     

    ns5200-> set interface vlan1 vlan trunk can't set vlan trunk if there is any user define vlanID set ns5200->  

     

    any idea ?

     

    thank you in advance 😉

     

    rgds

    --

     

     



  • 4.  RE: NetScreen -- vlan retagging

    Posted 09-02-2009 10:29

    Vlan can be as the Trunk or the retagger not at the same time.

    Can you please confirm that you are trying to use both at the same time ?

     

    Thanks

    Atif



  • 5.  RE: NetScreen -- vlan retagging

    Posted 09-02-2009 22:23

    Hi,

     

    your are right Atif. I am using the FW as a "vlan retagger" but in the other hand I need to configure the remote ports (on my L3SW) as "trunk links" because I need to send multiple vlans on each physical port.

    this is why, I have tried to use the command "set interface vlan1 vlan trunk".

     

    I don't know if a netscreen device (running in Transparent Mode and acting as a "vlan retagger") can handle multiple vlans on the same physical ports ? If it is possible to do such configurations, could you advise how ?

     

    many thanks in advance 😞

     

    rgds

    --



  • 6.  RE: NetScreen -- vlan retagging

    Posted 09-03-2009 11:48

    Firewall can be used as the Trunk or the Vlan-retagger  and cannot be used both  at the same time

     

    Thanks

    Atif



  • 7.  RE: NetScreen -- vlan retagging

    Posted 09-03-2009 13:26

    Thank you (very much) Atif for your help 🙂

     

    situation is clear now

     

    Have a nice week-end.

     

    rgds

    --



  • 8.  RE: NetScreen -- vlan retagging
    Best Answer

    Posted 09-03-2009 13:30

    Good.

     

    Thanks

    Atif

    If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.

     



  • 9.  RE: NetScreen -- vlan retagging

    Posted 09-04-2009 01:21

    Hi Atif,

     

    I am sorry Atif to asking you again... but just to be sure !

    I want to avoid any confusion about the term "trunk"...

     

     

    ethernet2/1 <---[ns5200] ---> ethernet2/2

     

    I have the following :

     - both ports e2/1 & e2/2 are running in Transparent mode (they belongs to 2 differents Layer 2 security zones)

     - I have configured the FW to act as a vlan-retagger between VLAN a (present on e2/1) and VLAN b (present on e2/2)

     

    my the question is :

     - Is it true that:

        + If I keep both interfaces running in Transparent mode (ports affected to Layer 2 security zones), then

        + If I add VLAN c (on e2/1)  and VLAN d (on e2/2) --> I can not do vlan-retagging anymore ?

     

    Would you like to confirm this assertion ?

     

    Many thanks in advance.

     

     rgds

    --