Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Problems with Aggregate and Aggregate Subinterfaces in the same Zone

0

0

Article ID: KB8401 KB Last Updated: 22 Jun 2010Version: 3.0
Summary:
Environment:
  • Trying to add a sub-interface to an Aggregate interface. 
  • NetScreen-5200 is connected to a Nortel Passport 8600 core switch
Symptoms:
When configuring VLAN tag on the switch, traffic to the untrust fails
Solution:
Configuring an Aggregate and a subinterface of the same Aggregate interface is not supported.  You need to configure all aggregates as sub-interfaces.

When the NetScreen is configured with Aggregate interfaces, everything works fine.  However, when a subinterface is configured, traffic will fail immediately after the VLAN tag is configured on the switch.  The scenario here is the following:

Interfaces e2/3 and e2/4 are bound to interface Aggregate1.  Traffic flows through fine with this scenario.  If you create an aggregate1.1, with a tag 1000, everything is fine.  However, configure the switch port to use VLAN tag 1000, and all traffic drops.

The supported configuration is to use either the Aggregate1 interface, or use all aggregate subinterfaces, but not both.  Set the aggregate1 interface to 0.0.0.0, and bind it to the null zone.  Then, configure aggregate1.1 and aggregate1.2 as needed.

Example:
set interface id 110 "aggregate1" zone "Null"
set interface ethernet2/3 aggregate aggregate1
set interface ethernet2/4 aggregate aggregate1
set interface "aggregate1.1" tag 1000 zone "Untrust"
set interface "aggregate1.2" tag 2000 zone "Untrust"
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search