EX4300 / PulseSecure Gateway Internal Port Native VLAN

Hi all,

we currently facing following scenario.

We try to implement two PulseSecure Gateways in a High-Availibilty-Setup.
(Maybe some of you already have some experiences with the devices. Pulse was once owned by Juniper and the PulseSecure Gateways was onced known as Juniper MAG`s).

So we have two datacenters. In each datacenter we run a virtual chassis of 3 EX4300 in each datacenter.

An aggregated interface which is configured as trunk via DWDM-Line connects the both datacenters.
A PulseSecure Gateway should be deployed per datacenter and the both PulseSeucreGateways should form a cluster and run HA.

PulseSecureGateway = PSA

PSANODE0---EX4300===DWDM===EX4300---PSANODE1

The problem we are currently facing is:

The PSAs have 3 ports: Internal / External / Mgmt

The Issue we now have is with the INternal-Port.

The Internal-Port is used for device-related services, like establishing HA, send AUTH-Requests, query DNS ....

These traffic is configured wihtin the "native" Internal-Port and the traffic also always send untagged.

But also, you can configure VLAN-Interfaces upon the INternal Interface, like customer traffic, and these traffic of course is tagged.

So, you have one pyhsical cabel, but you send and receive tagged and untagged traffic at the same time over it.

So, in my understandig, we need to set the native-vlan-statament.

Like I mention, some system services are send untagged via internal port. these are for example auth-request, or also DNS-Queries.

My DNS-Server is reachable via VLANXY. The DNS-Server is a virtual machine and the hypervisor is connected via trunk to the network.

So, lets assume, the VLAN in which my DNS-Server is located is VLAN25. The VLAn25 of course is a productive VLAN in which many servers and devices are located.

So I end up with the question. Can I now set on this specific port, which connects the EX4300 to the PSA INternal Port, the native vlan to 25.

Could this lead to issues in my productive vlan25 ?

For exmaple:

ge-0/0/31 {
description "psanode0";
native-vlan-id 25;
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members [ 5 10 15 25 ];
}
}
}
}

As I mentioned, keed in mind. The vlan25 already exists and it is a productive vlan, in which many devices are already located and running.

So the important question for me: Will there be issues / anomalies or something like this, when I akctivate native-vlan statement.

Thanks to you all, Christoph.