Re: vxlan L3 gateway best way to reach rest of the network?

January 31, 2019, 3:29 am

≫ Next: Re: Juniper EX4550 uses IP of neighbor port as the Source during ping directly connected remote peer

≪ Previous: Re: vxlan L3 gateway best way to reach rest of the network?

Hi Niklas,

Do you mean the clients within the DC to reach the outside? Then you just host the clients behind the leafs and use any protocol (OSPF will do the job) and redistribute any outside routes (or simply default route) from PE on your gateway (Spine). On the Spines, need a routing-instance where you advertise the L3 interfaces (say IRBs?) for connectivity to the end devices of the DC.

Assuming any other outside IP clients that need connectivity to the DC have connectivity to your PE, above should get you connectivity to such clients into the DC and vice-versa.

Hope this helps.

-r.

--------------------------------------------------

If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated Smiley Happy

↧

Re: Juniper EX4550 uses IP of neighbor port as the Source during ping directly connected remote peer

January 31, 2019, 4:19 am

≫ Next: Re: How to configuration storm-control EX2200 and EX2300

≪ Previous: Re: vxlan L3 gateway best way to reach rest of the network?

Thanks a lot.

↧

Re: How to configuration storm-control EX2200 and EX2300

January 31, 2019, 7:00 am

≫ Next: Re: How to configuration storm-control EX2200 and EX2300

≪ Previous: Re: Juniper EX4550 uses IP of neighbor port as the Source during ping directly connected remote peer

Hello there;

Thank you very much, my problem is solved and I have completed the configuration. I wish you good work.

Respects

↧

Re: How to configuration storm-control EX2200 and EX2300

January 31, 2019, 8:16 am

≫ Next: ge-0/1/0 interface vlan configured but showing up in default vlan instead

≪ Previous: Re: How to configuration storm-control EX2200 and EX2300

You're welcome Ahmet, wish you the same.

If possible, please mark the most useful post as "Accepted Solution" so anyone reading can easily hop to the right solution.

Thanks.

Regards,

-r.

↧

ge-0/1/0 interface vlan configured but showing up in default vlan instead

January 31, 2019, 11:43 am

≫ Next: Re: ge-0/1/0 interface vlan configured but showing up in default vlan instead

≪ Previous: Re: How to configuration storm-control EX2200 and EX2300

vlans - Guest

vlans - Data

Active firewall 192.168.1.25 - LAN interface 1/7 connects to Cisco 2960 gi-1/0/25

Passive firewall 192.168.1.26 - LAN interface 1/7 connects to ex2200 ge-0/1/0 interface

Cisco 2960 gi-1/0/25 - setup as access vlan member is DATA

Juniper ex2200 ge-0/1/0- setup as access vlan member is DATA. switched to trunk with native vlan-id DATA in config below.

Topology attached.

show vlan command attached

We have a small network flat network in a remote office. We have 1 Cisco 2960 and 1 Juniper EX2200. interface gi-1/0/28 and interface ge-0/1/3 are setup as trunk with native vlan-id DATA. traffic is flowing between the switches. We just installed PA-820 firewalls in HA. when we failover we lose the site completely behind the firewall. When looking at the switch the arp is not updating to point to the correct MAC and interface to route the traffic between the Cisco and Juniper. Both Mac tables are incorrect. When i run a show vlan on the ex2200 i am seeing that ge-0/1/0 is showing up on the default vlan and not the DATA vlan. The traffic from the PA-820 1/7 interface is untagged as well.

How can i fix this so that interface shows in the DATA vlan and not the default so the failover works with our Firewall?

EX2200 config

interfaces {
interface-range Production {
member-range ge-0/0/0 to ge-0/0/22;
description "EDSA Shanghai DATA";
unit 0 {
family ethernet-switching {
port-mode trunk;
native-vlan-id DATA;
}
}
}
ge-0/0/0 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/3 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/4 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/5 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/6 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/7 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/8 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/9 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/10 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/11 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/12 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/13 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/14 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/15 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/16 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/17 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/18 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/19 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/20 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/21 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/22 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/23 {
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members GUEST;
}
}
}
}
ge-0/1/0 {
description "BOTTOM PA820 192.168.1.26 INT1/7 UPLINK";
unit 0 {
family ethernet-switching {
port-mode trunk;
native-vlan-id DATA;
}
}
}
ge-0/1/1 {
unit 0 {
family ethernet-switching;
}
}
ge-0/1/2 {
description "EDSA Trunk to Cisco C2960";
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members GUEST;
}
native-vlan-id DATA;
}
}
}
ge-0/1/3 {
description "EDSA Trunk to Cisco C2960";
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members GUEST;
}
native-vlan-id DATA;
}
}
}
ae0 {
unit 0;
}
me0 {
unit 0 {
family inet;
}
}
vlan {
unit 0 {
family inet;
}
unit 1 {
family inet {
address 192.168.1.14/24;
}
}
}
}
forwarding-options {
helpers {
bootp {
interface {
vlan.1;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 192.168.1.1;
}
}
protocols {
rstp;
lldp {
interface all;
}
lldp-med {
interface all;
}
}
ethernet-switching-options {
voip;
storm-control {
interface all;
}
}
vlans {
DATA {
description "Default Cisco VLAN";
vlan-id 1;
l3-interface vlan.1;
}
GUEST {
description "GuestNet VLAN";
vlan-id 3;
}
}
poe {
interface all;
} Juniper forum post show vlan command.PNG Juniper forum post topology.PNG

↧

Re: ge-0/1/0 interface vlan configured but showing up in default vlan instead

January 31, 2019, 5:06 pm

≫ Next: Re: ge-0/1/0 interface vlan configured but showing up in default vlan instead

≪ Previous: ge-0/1/0 interface vlan configured but showing up in default vlan instead

Seems ge-0/1/0 is missing "

vlan members DATA

under family ethernet-switching?

ge-0/1/0 { description "BOTTOM PA820 192.168.1.26 INT1/7 UPLINK";

unit 0 {

family ethernet-switching {

port-mode trunk;

native-vlan-id DATA; } } }

↧

Re: ge-0/1/0 interface vlan configured but showing up in default vlan instead

February 1, 2019, 6:33 am

≫ Next: Re: ge-0/1/0 interface vlan configured but showing up in default vlan instead

≪ Previous: Re: ge-0/1/0 interface vlan configured but showing up in default vlan instead

i tried the following:

added as vlan member and removed native vlan-id: DATA

set interfaces ge-0/1/0 description "BOTTOM PA820 192.168.1.26 INT1/7 UPLINK"
set interfaces ge-0/1/0 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/1/0 unit 0 family ethernet-switching vlan members DATA

commited but the ge-0/1/0 interface still shows up in the default vlan and not the DATA vlan.

added as vlan member and left native vlan-id: DATA

set interfaces ge-0/1/0 unit 0 family ethernet-switching native-vlan-id DATA

commited but the ge-0/1/0 interface still shows up in the default vlan and not the DATA vlan.

↧

Re: ge-0/1/0 interface vlan configured but showing up in default vlan instead

February 1, 2019, 2:07 pm

≫ Next: Re: ge-0/1/0 interface vlan configured but showing up in default vlan instead

≪ Previous: Re: ge-0/1/0 interface vlan configured but showing up in default vlan instead

Try this combination.

set interfaces ge-0/1/0 description "BOTTOM PA820 192.168.1.26 INT1/7 UPLINK"
set interfaces ge-0/1/0 unit 0 family ethernet-switching port-mode trunk

set interfaces ge-0/1/0 unit 0 family ethernet-switching native-vlan-id DATA

set vlans DATA interface ge-0/1/0.0

Curious why this is a trunk port if there is only one untagged vlan. If that is all you want an access port would be more normal.

↧

Re: ge-0/1/0 interface vlan configured but showing up in default vlan instead

February 3, 2019, 8:50 pm

≫ Next: ERPS Ring with a EX4200 Virtual Chassis

≪ Previous: Re: ge-0/1/0 interface vlan configured but showing up in default vlan instead

I reverted back to an access port with vlan member DATA. I also used the set vlans DATA interface GE-0/1/0.0 command.

Next, i ran show vlans and show Ethernet switching interfaces commands.
Interface ge-0/1/0 is still showing Up in the vlan default and not the vlan DATA and committed.

↧

ERPS Ring with a EX4200 Virtual Chassis

February 3, 2019, 10:21 pm

≫ Next: Re: ge-0/1/0 interface vlan configured but showing up in default vlan instead

≪ Previous: Re: ge-0/1/0 interface vlan configured but showing up in default vlan instead

Hi,

How did you manage the ERPS switches using the irb / vlan interfaces ? I didnt use the builtin management port on EX4300

↧

Re: ge-0/1/0 interface vlan configured but showing up in default vlan instead

February 4, 2019, 1:45 am

≫ Next: Re: ge-0/1/0 interface vlan configured but showing up in default vlan instead

≪ Previous: ERPS Ring with a EX4200 Virtual Chassis

Hi RKEB,

Is there group config applied somewhere that's putting the interface in default VLAN? Please check "show configuration interfaces ge-0/1/0 | display inheritance".
If not, this might be worth sending over to JTAC.

Hope this helps.

Regards,
-r.

--------------------------------------------------

If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated Smiley Happy

↧

Re: ge-0/1/0 interface vlan configured but showing up in default vlan instead

February 4, 2019, 3:08 am

≫ Next: Re: Juniper EX3400 software upgrade not possible

≪ Previous: Re: ge-0/1/0 interface vlan configured but showing up in default vlan instead

Agree there has to be some residual configuration you don't want here. I assume you are not using the default vlan. Is this still in the configuration:

show vlans default

Looking for groups

show groups

See if groups are applied to the interface

show configuration interface ge-0/1/0 | display inheritance

↧

Re: Juniper EX3400 software upgrade not possible

February 4, 2019, 4:44 pm

≫ Next: QinQ configuration cli option errors

≪ Previous: Re: ge-0/1/0 interface vlan configured but showing up in default vlan instead

Still an issue for me under 18.4R1-S1. Was able to install by moving the installation package to /mfs and using

request system software add /mfs/junos-arm-32-18.4R1-S1.1.tgz no-copy no-validate force unlink reboot

↧

QinQ configuration cli option errors

February 5, 2019, 4:10 pm

≫ Next: How do configure QinQ scenario where customer-1 and customer-2 use same C vlan numbers (different S Vlans but using same physical link to sites)

≪ Previous: Re: Juniper EX3400 software upgrade not possible

We are trying to configure dot1Q config on EX4300, but cli options seems to be missing.

EFL license is installed and version is 13.2X51-D35.3

Follow we guide

https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/qinq-tunneling-ex-series-cli.html

#set vlans VLAN-3512 dot1?

No valid completions

;#set vlans VLAN-3512 dot1q-tunneling

syntax error.

↧

How do configure QinQ scenario where customer-1 and customer-2 use same C vlan numbers (different S Vlans but using same physical link to sites)

February 5, 2019, 4:30 pm

≫ Next: Re: QinQ configuration cli option errors

≪ Previous: QinQ configuration cli option errors

How do we concieve config following scenario in EX4300

Customer 1 Port ge-0/0/17 - Vlan 1588

Port ge-0/0/18- Vlan 500, 502

Customer 2 Port ge-0/0/19 - Vlan 1588

Port ge-0/0/20 - Vlan 500, 502

Note: customer 1 and 2 use same customer vlan number, but they come in different port.

Customer 1 extended to Site 1, send out in QinQ outer tag 3512

Customer 2 extended to Site 2, send out in QinQ outer tag 3513

Note: Site 1 and 2 can use different outer tag, but they are extended through same service provider so same port or physical link.

will config below work?

Site 1

SVLAN
=====
set vlans 3512 interface ge-0/0/17.3512
set interfaces ge-0/0/17 flexible-vlan-tagging
set interfaces ge-0/0/17 native-vlan-id 3512
set interfaces ge-0/0/17 encapsulation extended-vlan-bridge
set interfaces ge-0/0/17 unit 3512 vlan-id 3512
set interfaces ge-0/0/17 mtu 1504

Site 2

SVLAN
=====
set vlans 3513 interface ge-0/0/17.3513
set interfaces ge-0/0/17 flexible-vlan-tagging
set interfaces ge-0/0/17 native-vlan-id 3513
set interfaces ge-0/0/17 encapsulation extended-vlan-bridge
set interfaces ge-0/0/17 unit 3513 vlan-id 3513
set interfaces ge-0/0/17 mtu 1504

C-VLAN for site 1
=====

set vlans 3512 interface ge-0/0/18.3512
set interfaces ge-0/0/18 flexible-vlan-tagging
set interfaces ge-0/0/18 encapsulation extended-vlan-bridge
set interfaces ge-0/0/18 unit 3512 vlan-id-list 1588
set interfaces ge-0/0/18 unit 3512 input-vlan-map push
set interfaces ge-0/0/18 unit 3512 output-vlan-map pop
set interfaces ge-0/0/18 mtu 1504

set vlans 3512 interface ge-0/0/19.3512
set interfaces ge-0/0/19 flexible-vlan-tagging
set interfaces ge-0/0/19 encapsulation extended-vlan-bridge
set interfaces ge-0/0/19 unit 3512 vlan-id-list 500 520
set interfaces ge-0/0/19 unit 3512 input-vlan-map push
set interfaces ge-0/0/19 unit 3512 output-vlan-map pop
set interfaces ge-0/0/19 mtu 1504

C-VLAN for site 2
=====

set vlans 3513 interface ge-0/0/20.3513
set interfaces ge-0/0/20 flexible-vlan-tagging
set interfaces ge-0/0/20 encapsulation extended-vlan-bridge
set interfaces ge-0/0/20 unit 3513 vlan-id-list 1588
set interfaces ge-0/0/20 unit 3513 input-vlan-map push
set interfaces ge-0/0/20 unit 3513 output-vlan-map pop
set interfaces ge-0/0/20 mtu 1504

set vlans 3513 interface ge-0/0/21.3513
set interfaces ge-0/0/21 flexible-vlan-tagging
set interfaces ge-0/0/21 encapsulation extended-vlan-bridge
set interfaces ge-0/0/21 unit 3512 vlan-id-list 500 520
set interfaces ge-0/0/21 unit 3512 input-vlan-map push
set interfaces ge-0/0/21 unit 3512 output-vlan-map pop
set interfaces ge-0/0/19 mtu 1504

thks

↧

Re: QinQ configuration cli option errors

February 5, 2019, 7:04 pm

≫ Next: LACP hashing algorithm on EX4300

≪ Previous: How do configure QinQ scenario where customer-1 and customer-2 use same C vlan numbers (different S Vlans but using same physical link to sites)

Hi Dees_sing,

For ELS software, the format has changed a bit.
Like we need to enable "flexible-vlan-tagging and encapsulation "extended-vlan-bridge on interface" instead of "dot1q-tunnelling on vlans".
Also "enable tag-protocol-id under interfaces/ether-options/ethernet-switch-profile hierarchy" instead of "ethernet-switching-options and dot1q-tunnelling". Please refer these links:

https://www.juniper.net/documentation/en_US/junos/topics/topic-map/layer-2-understanding.html#id-changes-to-the-dot1qtunneling-statement (Refer the sections "Changes to Configuring VLANs" and "Changes to the dot1q-tunneling Statement")
https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/qinq-tunneling-qfx-series-els.html

Hope this helps.

Regards,
-r.

--------------------------------------------------

If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated Smiley Happy

↧

LACP hashing algorithm on EX4300

February 5, 2019, 7:48 pm

≫ Next: Re: LACP hashing algorithm on EX4300

≪ Previous: Re: QinQ configuration cli option errors

I would like to configure LACP hashing algorithm on EX4300. There's no systax for configuring on version 18.1R2.6. Can you give me a configuration template or explain me that it can configure hash algorithm for both of source IP and destination IP, source MAC and destination MAC, source TCP and destination UDP

Thank you

↧

Re: LACP hashing algorithm on EX4300

February 5, 2019, 8:18 pm

≫ Next: Re: How do configure QinQ scenario where customer-1 and customer-2 use same C vlan numbers (different S Vlans but using same physical link to sites)

≪ Previous: LACP hashing algorithm on EX4300

EX4300 and QFX5100 hashing algorithms are detailed here:

https://kb.juniper.net/InfoCenter/index?page=content&id=KB28946

I don't believe they are user-configurable.

↧

Re: How do configure QinQ scenario where customer-1 and customer-2 use same C vlan numbers (different S Vlans but using same physical link to sites)

February 6, 2019, 2:48 am

≫ Next: EX 3300 virtual chassis with 6 switches

≪ Previous: Re: LACP hashing algorithm on EX4300

I am not sure I follow your scenario. But if you are asking if only the outer service tag is used during transport of the traffic between the push on the ingress port and pop on the egress port of the q-in-q service. That would be yes, only the service tag is read so the overlap is not an issue unless/until the s tag is popped.

↧

EX 3300 virtual chassis with 6 switches

February 6, 2019, 5:23 am

≫ Next: QFX5100 - mixing families

≪ Previous: Re: How do configure QinQ scenario where customer-1 and customer-2 use same C vlan numbers (different S Vlans but using same physical link to sites)

Does anybody have a diagram of how to connect 6 x EX 3300 in VC ? Setup of VC would be another step. Thank you

↧