Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] Example Configuration - VLAN tag rewrite in SRX L2 mode (switching and transparent mode)

0

0

Article ID: KB32245 KB Last Updated: 07 Dec 2017Version: 1.0
Summary:

This article provides an example for how to configure SRX to translate VLAN ID.

Symptoms:

SRX has two kinds of L2 modes:

  1. Switching mode
  2. Transparent mode.

Supported VLAN rewrite configurations are different depending on L2 mode.​

Configuration suite using SRX devices for L2 topology:

 

Solution:

Transparent mode:

Related Document: Understanding VLAN Retagging​
The following configuration example only works for transparent mode.
 

Configuration:

set interfaces ge-0/0/1 unit 0 family ethernet-switching interface-mode trunk
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members 200
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan-rewrite translate 100 200
set interfaces ge-0/0/2 unit 0 family ethernet-switching interface-mode trunk
set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members 200

set protocols l2-learning global-mode transparent-bridge


Note: Security zone and security policy configuration are also needed to communicate between both devices.
 

Verification:

There are two options (vlan-id and interface) to check rewrite statistics.
root> show ethernet-switching rewrite statistics vlan-id 100
  VLAN Rewrite Statistics:
  Interface   From-Vlan   To-Vlan    Ingress     Egress
  =========   =========   =======    =======     =======
  ge-0/0/0       100        200      2           2

root> show ethernet-switching rewrite statistics interface ge-0/0/0
  VLAN Rewrite Statistics:
  Interface   From-Vlan   To-Vlan    Ingress     Egress
  =========   =========   =======    =======     =======
  ge-0/0/0       100        200      2           2

 

Switching mode:

Related Document: ​Stacking and Rewriting Gigabit Ethernet VLAN Tags​
The following configuration example only works for switching mode.

Configuration:

set interfaces ge-0/0/1 flexible-vlan-tagging
set interfaces ge-0/0/1 encapsulation extended-vlan-bridge
set interfaces ge-0/0/1 unit 0 vlan-id 100
set interfaces ge-0/0/1 unit 0 input-vlan-map swap
set interfaces ge-0/0/1 unit 0 input-vlan-map tag-protocol-id 0x8100
set interfaces ge-0/0/1 unit 0 input-vlan-map vlan-id 200
set interfaces ge-0/0/1 unit 0 output-vlan-map swap
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members 200

set interfaces ge-0/0/2 unit 0 family ethernet-switching interface-mode trunk
set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members 200

set protocols l2-learning global-mode switching


Note: In switching mode, no security zone and policies are needed to communicate between devices in the same L2 domain.
 

Verification:

There is no command to see rewrite statistics but the command, 'show interface' can be used to check VLAN mapping.

root> show interfaces ge-0/0/1.0
  Logical interface ge-0/0/1.0 (Index 73) (SNMP ifIndex 535)
    Flags: Up SNMP-Traps 0x0 VLAN-Tag [ 0x8100.100 ] In(swap 0x8100.200) Out(swap .100)  Encapsulation: Extended-VLAN-Bridge
    Input packets : 0
    Output packets: 0
    Security: Zone: Null
    Protocol eth-switch, MTU: 1522
 
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search