Knowledge Search


×
 

[SRX] How to switch to Transparent Mode (L2 Mode) using J-Web

  [KB29803] Show Article Properties


Summary:

This article explains how to enable L2 mode using J-Web.

Symptoms:

Is there a way to set up L2 mode from J-Web?

Solution:

To configure the device to swtich from J-Web, perform the following J-Web steps. This example will configure the SRX to switch from L3 mode to L2 mode. 

  1. Select Configure > Interfaces > Ports.
  2. Click the Switch to L2 Mode button.


  3.       

  4. The Switch to L2 Mode window will pop up.
  5. Caution:
    In chassis cluster mode, the pop up will not appear.
    This is seen in J-Web access to the fxp0 interface and reth interfaces.
    After the  “Switch to L2 Mode” button is selected, the chassis will automatically reboot and it will be switched to L2 mode.


  6. Enter Management IP (with subnet mask) and click OK.

  7.       

  8. The Confirm window will pop up. Click Yes if you are ready to switch the device to L2 mode.


  9.       

    Note: This action will reboot the device, and the following config will be changed after the reboot:

    • Delete inet, inet6 interface ip.

    • Delete original management interface associated to web-management access.

    • Deactivate inet, inet6, iso, and ethernet-switching interfaces.

    • Create bridge-domain with routing-interface irb.0 with vlan-id.

    • Create irb.0 interface with original management ip.

    • Create irb.0 interface as web-management interface.

  10. Information window will pop up. Click OK.

  11.     

    Note: After the reboot, a new web access session is necessary with a new browser window.

Verification

Select Configure > Interfaces > Ports to verify that the L2 mode configuration is applied properly.

    


Example : Configuration Comparison Between Before and After

=> Before (Running L3 Mode)
set version 12.1X44-D40.5
set system root-authentication encrypted-password "$1$.8xrrBVX$cQbafkb3fDP3ouH7AmQPI."
set system services web-management http interface fe-0/0/7.0
set system services web-management https system-generated-certificate
set system services web-management https interface fe-0/0/7.0
set interfaces fe-0/0/6 unit 0 family inet address 110.1.1.1/24
set interfaces fe-0/0/7 unit 0 family inet address 172.27.117.123/23
set routing-options static route 0.0.0.0/0 next-hop 172.27.116.1
set security zones security-zone TRUST interfaces fe-0/0/6.0 host-inbound-traffic system-services all
set security zones security-zone TRUST interfaces fe-0/0/7.0 host-inbound-traffic system-services all


=> After Change to L2 Mode
set version 12.1X44-D40.5
set system root-authentication encrypted-password "$1$.8xrrBVX$cQbafkb3fDP3ouH7AmQPI."
set system services web-management http interface irb.0
set system services web-management https system-generated-certificate
set system services web-management https interface irb.0
set interfaces fe-0/0/6 unit 0 family inet address 110.1.1.1/24
deactivate interfaces fe-0/0/6 unit 0 family inet
set interfaces fe-0/0/6 unit 0 family iso
deactivate interfaces fe-0/0/6 unit 0 family iso
set interfaces fe-0/0/6 unit 0 family inet6
deactivate interfaces fe-0/0/6 unit 0 family inet6
deactivate interfaces fe-0/0/6 unit 0 family ethernet-switching
set interfaces fe-0/0/7 unit 0 family inet
deactivate interfaces fe-0/0/7 unit 0 family inet
set interfaces fe-0/0/7 unit 0 family iso
deactivate interfaces fe-0/0/7 unit 0 family iso
set interfaces fe-0/0/7 unit 0 family inet6
deactivate interfaces fe-0/0/7 unit 0 family inet6
set interfaces fe-0/0/7 unit 0 family bridge interface-mode access
set interfaces fe-0/0/7 unit 0 family bridge vlan-id 5
deactivate interfaces fe-0/0/7 unit 0 family ethernet-switching
set interfaces irb unit 0 family inet address 172.27.117.123/23
set routing-options static route 0.0.0.0/0 next-hop 172.27.116.1
set protocols gvrp
deactivate protocols gvrp
deactivate protocols stp
deactivate protocols rstp
deactivate protocols mstp
set security zones security-zone TRUST interfaces fe-0/0/7.0 host-inbound-traffic system-services all
set security zones security-zone TRUST interfaces fe-0/0/6.0 host-inbound-traffic system-services all
set bridge-domains mgmt_domain vlan-id 5
set bridge-domains mgmt_domain routing-interface irb.0

 
Related Links: