Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] VLAN re-tagging or re-writing in SRX Chassis Cluster

0

0

Article ID: KB23733 KB Last Updated: 27 Apr 2012Version: 1.0
Summary:
This article provides information on how to configure VLAN Re-tagging on the Chassis Cluster, which is running in the bridging mode. 
Symptoms:
 To re-tag the packets from Vlan 100 to Vlan 200 ingressing into Reth0. Once these packets are re-tagged, they will be sent out over Reth1.
Cause:
 
Solution:



chassis {
    cluster {
        reth-count 8;
        redundancy-group 0 {
            node 0 priority 200;
            node 1 priority 100;
        }
        redundancy-group 1 {
            node 1 priority 100;
            node 0 priority 200;
        }
    }
}
interfaces {
    ge-4/0/1 {
        gigether-options {
            redundant-parent reth0;
        }
    }
    ge-4/0/2 {
        gigether-options {
            redundant-parent reth1;
        }
    }
    ge-16/0/1 {
        gigether-options {
            redundant-parent reth0;
        }
    }
    ge-16/0/2 {
        gigether-options {
            redundant-parent reth1;
        }
    }
    fab0 {
        fabric-options {
            member-interfaces {
                ge-4/0/0;
            }
        }
    }
    fab1 {
        fabric-options {
            member-interfaces {
                ge-16/0/0;
            }
        }
    }
    reth0 {
        redundant-ether-options {
            redundancy-group 1;
        }
        unit 0 {
            family bridge {
                interface-mode trunk;
                vlan-id-list 200;
vlan-rewrite {
translate 100 200;
}
} } } reth1 { redundant-ether-options { redundancy-group 1; } unit 0 { family bridge { interface-mode trunk; vlan-id-list 200;
} } } } security { policies { default-policy { permit-all; } } zones { security-zone reth0 { interfaces { reth0.0; } } security-zone reth1 { interfaces { reth1.0; } } } } bridge-domains { v200 { domain-type bridge; vlan-id 200; } }
  • Packet comes in via Reth0 with VLAN 100 and gets translated to VLAN 200. Once translated, it can be sent out via Reth1.

  • This mechanism works in the reverse direction as well. If a packet comes into Reth1 with VLAN 200 and wants to go out via Reth0, the VLAN will be reverse translated from VLAN 200 to VLAN 100; prior to being sent out via Reth0.

  • Security Policies and Security Zone will be defined normally, as they should be, even with the L3 mode.

  • The default policy is permit-all, which is present just for the sake of simplicity.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search