After the epic that was STP, just a quickie today on a couple of points I recently came across when setting up a trunk between a Cisco switch and SRX.
The trunk will trunk VLANs 1,5 and 8. VLAN 1 is native on the Cisco
The Cisco side setup..
interface GigabitEthernet0/1
switchport trunk allowed vlan 1,5,8
switchport mode trunk
I had to create VLAN 1 on the SRX and not coincidentally the first point I want to make is about the use of VLAN 1 on the SRX.
[edit]
root# set vlans vlan-engineering vlan-id 1 l3-interface vlan.1
[edit]
root# commit
[edit vlans]
'vlan-engineering'
Non default VLANs cannot have vlan-id 1
error: configuration check-out failed
[edit]
root# rollback
load complete
[edit]
root# set vlans default vlan-id 1 l3-interface vlan.1
[edit]
root# commit
commit complete
[edit]
root#
Got that? VLAN 1 must be named default!
vlans {
default {
vlan-id 1;
l3-interface vlan.1;
}
The other point I want to make today is on the use of the native VLAN on the trunk.
Now we know that VLAN 1 is the native on the Cisco side..
SWITCH2#sh interfaces trunk
Port Mode Encapsulation Status Native vlan
Gi0/1 on 802.1q trunking 1
Port Vlans allowed on trunk
Gi0/1 1,5,8
Port Vlans allowed and active in management domain
Gi0/1 1,5,8
Port Vlans in spanning tree forwarding state and not pruned
Gi0/1 1,5,8
Here was my first attempt at configuring the SRX side of the trunk..
ge-0/0/1 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members [ default vlan-int vlan-ext ];
}
}
}
}
A not completely unreasonable attempt I think.
Checking the trunk on the SRX side..
blogger@AUFWNSW042> show ethernet-switching interfaces
Interface State VLAN members Tag Tagging Blocking
ge-0/0/1.0 up default 1 tagged unblocked
vlan-ext 5 tagged unblocked
vlan-int 8 tagged unblocked
No good - says VLAN 1 is tagged. As its the native VLAN we want it untagged to match the Cisco side.
Ok, lets tell the SRX VLAN 1 must be the native VLAN..
set interfaces ge-0/0/1.0 family ethernet-switching native-vlan-id 1
Check again..
blogger@AUFWNSW042> show ethernet-switching interfaces
Interface State VLAN members Tag Tagging Blocking
ge-0/0/1.0 up default 1 untagged unblocked
default 1 tagged unblocked
vlan-ext 5 tagged unblocked
vlan-int 8 tagged unblocked
VLAN 1 tagged and untagged at the same time..interesting.
Lets delete VLAN 1 fron the trunk..
delete interfaces ge-0/0/1.0 family ethernet-switching vlan members default
Checking again..
blogger@AUFWNSW042> show ethernet-switching interfaces
Interface State VLAN members Tag Tagging Blocking
ge-0/0/1.0 up default 1 untagged unblocked
vlan-ext 5 tagged unblocked
vlan-int 8 tagged unblocked
That's got it! VLAN 1 is now just there as the untagged VLAN on that interface which is what we want to match the Cisco.
So the lesson is the untagged VLAN should not be configured as a trunk member.
Here is the working SRX side trunk config.
ge-0/0/1 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members [ vlan-int vlan-ext ];
}
native-vlan-id 1;
}
}
}
A slightly more detailed look at the SRX side..
blogger@AUFWNSW042> show ethernet-switching interfaces detail ge-0/0/1.0
Interface: ge-0/0/1.0, Index: 71, State: up, Port mode: Trunk
Native vlan: default
Ether type for the interface: 0x8100
VLAN membership:
default, 802.1Q Tag: 1, untagged, unblocked
vlan-ext, 802.1Q Tag: 5, tagged, unblocked
vlan-int, 802.1Q Tag: 8, tagged, unblocked
Number of MACs learned on IFL: 5
Model: srx210he
JUNOS Software Release [12.1R6.5]
No comments:
New comments are not allowed.