Knowledge Search


×
 

[SRX] Example Configuration - VLAN tag rewrite in SRX L2 mode (switching and transparent mode)

  [KB32245] Show Article Properties


Summary:

This article provides an example for how to configure SRX to translate VLAN ID.

Symptoms:

SRX has two kinds of L2 modes:

  1. Switching mode
  2. Transparent mode.

Supported VLAN rewrite configurations are different depending on L2 mode.​

Configuration suite using SRX devices for L2 topology:

 

Solution:

Transparent mode:

Related Document: Understanding VLAN Retagging​
The following configuration example only works for transparent mode.
 

Configuration:

set interfaces ge-0/0/1 unit 0 family ethernet-switching interface-mode trunk
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members 200
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan-rewrite translate 100 200
set interfaces ge-0/0/2 unit 0 family ethernet-switching interface-mode trunk
set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members 200

set protocols l2-learning global-mode transparent-bridge


Note: Security zone and security policy configuration are also needed to communicate between both devices.
 

Verification:

There are two options (vlan-id and interface) to check rewrite statistics.
root> show ethernet-switching rewrite statistics vlan-id 100
  VLAN Rewrite Statistics:
  Interface   From-Vlan   To-Vlan    Ingress     Egress
  =========   =========   =======    =======     =======
  ge-0/0/0       100        200      2           2

root> show ethernet-switching rewrite statistics interface ge-0/0/0
  VLAN Rewrite Statistics:
  Interface   From-Vlan   To-Vlan    Ingress     Egress
  =========   =========   =======    =======     =======
  ge-0/0/0       100        200      2           2

 

Switching mode:

Related Document: ​Stacking and Rewriting Gigabit Ethernet VLAN Tags​
The following configuration example only works for switching mode.

Configuration:

set interfaces ge-0/0/1 flexible-vlan-tagging
set interfaces ge-0/0/1 encapsulation extended-vlan-bridge
set interfaces ge-0/0/1 unit 0 vlan-id 100
set interfaces ge-0/0/1 unit 0 input-vlan-map swap
set interfaces ge-0/0/1 unit 0 input-vlan-map tag-protocol-id 0x8100
set interfaces ge-0/0/1 unit 0 input-vlan-map vlan-id 200
set interfaces ge-0/0/1 unit 0 output-vlan-map swap
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members 200

set interfaces ge-0/0/2 unit 0 family ethernet-switching interface-mode trunk
set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members 200

set protocols l2-learning global-mode switching


Note: In switching mode, no security zone and policies are needed to communicate between devices in the same L2 domain.
 

Verification:

There is no command to see rewrite statistics but the command, 'show interface' can be used to check VLAN mapping.

root> show interfaces ge-0/0/1.0
  Logical interface ge-0/0/1.0 (Index 73) (SNMP ifIndex 535)
    Flags: Up SNMP-Traps 0x0 VLAN-Tag [ 0x8100.100 ] In(swap 0x8100.200) Out(swap .100)  Encapsulation: Extended-VLAN-Bridge
    Input packets : 0
    Output packets: 0
    Security: Zone: Null
    Protocol eth-switch, MTU: 1522
 
Related Links: