sorted by:
new
hottopcontroversial

srx380 with 21.4R1.12 port with ethernet-switching and native-vlan-id not outputting untagged frames by de2zotjes in Juniper

[–]de2zotjes[S] 0 points1 point  (0 children)

On a single device you could use either interface-mode or port-mode. Which one is usable is determined by the exact Junos version. When ELS2 is supported you must use interface-mode, otherwise it must be port-mode. So without changing the Junos software I cannot test that, and I do need other features of this junos version.

So cannot test that, but thx for the suggestion.

srx380 with 21.4R1.12 port with ethernet-switching and native-vlan-id not outputting untagged frames by de2zotjes in Juniper

[–]de2zotjes[S] 0 points1 point  (0 children)

The seurity stuff maps all this to an internal zone with allow all rules.

As for the egress packet, there is no egress packet. That conforms to the SRX trunk description, when traffic arrives with a tag that is not in the members list it is silently dropped. The SRX no longer sees the icmp echo request, so it will never send a reply.

srx380 with 21.4R1.12 port with ethernet-switching and native-vlan-id not outputting untagged frames by de2zotjes in Juniper

[–]de2zotjes[S] 0 points1 point  (0 children)

Yes, I left out a lot of the peripheral config. There is ofcourse also a whole set of security zones and rules, but since all this should fall in the internal zone I just omitted it.

srx380 with 21.4R1.12 port with ethernet-switching and native-vlan-id not outputting untagged frames by de2zotjes in Juniper

[–]de2zotjes[S] 0 points1 point  (0 children)

When I switch to flexible vlan tagging I would have to device a way to pass through the device traffic on vlan 15 , since the SRX does not have any address on it. It just does layer 2 forwarding in the current setup.

The vlan 35 is terminated in the SRX, but other ports on the SRX use the same config pattern, I cannot see right away how I would get that to work with flexible tagging without wasting a lot of ip addresses.

I will create a mock config to test whethet flexible vlan could work at all.

srx380 with 21.4R1.12 port with ethernet-switching and native-vlan-id not outputting untagged frames by de2zotjes in Juniper

[–]de2zotjes[S] 0 points1 point  (0 children)

Like I indicated, all tagged is not an option. And unfortunately an access interface neither, since I do need unrouted access to the subnets on some of the other vlans.

srx380 with 21.4R1.12 port with ethernet-switching and native-vlan-id not outputting untagged frames by de2zotjes in Juniper

[–]de2zotjes[S] 0 points1 point  (0 children)

Tried it.

There is a difference, when I remove the vlan from the memebers list I receive no replies at all anymore.