Jump to content


bridge layer2 vlans srx


  • Please log in to reply
No replies to this topic

#1 Grub3r

Grub3r

    Newbie

  • Members
  • Pip
  • 4 posts

Posted 12 July 2015 - 10:52 PM

Hi guys,

after posting at official forums and haven't been able to resolve the issue I'd like to ask for some help here!  cry.gif

the requirement is to bridge a vlan(vlan20) which is coming on one physical interface to another physical interface(access/trunk) it does not matter..

here's copy-paste from the official forums:

 

 

Hi guys,
 
After googling a bit I came across this post on the forums:
http://forums.junipe...ces-on-same-phy...
 
I'm having just about same setup where I need to acces 2 vlans coming to an interface where one should be routed/firewalled and second just bridged through the SRX without processing..
 
they make use of flexible-ethernet-services and vlan-tagging, does not tell me lot I afraid.
then they create routing-instance where they bridge the interfaces.
 
I created mine setup here I can then access internet(the routed vlan1) from trust zone but I cannot access internet through bridged vlan(though I get ip-adress from dhcp on another side of the firewall(another SRX)):
 
when testing vlan20 computer is connected to the fe7
I've tried to create a zone where I attached ge0.20 and fe7.20 but it didn't help.
I can ping hosts(and myself) on the same network but cannot access internet through another SRX which delivers dhcp to me.. Smiley Sad
 
here's the code:
show interfaces ge-0/0/0
vlan-tagging;
mtu 1600;
encapsulation flexible-ethernet-services;
unit 1 {
    vlan-id 1;
    family inet {
        dhcp;
    }
}
unit 20 {
    encapsulation vlan-vpls;
    vlan-id 20;
    family vpls;
}
 
show interfaces fe-0/0/7
flexible-vlan-tagging;
native-vlan-id 20;
mtu 1600;
encapsulation extended-vlan-vpls;
unit 20 {
    vlan-id 20;
    family vpls;
}
 
show routing-instances
Bridge-vlan20 {
    instance-type vpls;
    vlan-id 20;
    interface ge-0/0/0.20;
    interface fe-0/0/7.20;
    protocols {
        vpls {
            no-tunnel-services;
        }
    }
}
no nat/policy/zones exist for vlan20 as all processing should happen on the first SRX

 

is this at all possible to achieve?
I've seen other examples on ACX but this does not work on SRX..
https://ivorde.com/j...ess-interfaces/:

show interfaces ge-0/0/0
##
## Warning: Only compatible with vpls vlan encapsulations or no encapsulation
##
flexible-vlan-tagging;
mtu 1600;
encapsulation flexible-ethernet-services;
unit 12 {
    vlan-id 12;
    family inet {
        dhcp;
    }
}
unit 20 {
    encapsulation vlan-bridge;
    vlan-id 20;
    family vpls;
    ##
    ## Warning: family bridge and rest of the families are mutually exclusive
    ##
    family bridge;

  • 0





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users