SRX Trunk

After the epic that was STP, just a quickie today on a couple of points I recently came across when setting up a trunk between a Cisco switch and SRX.

The trunk will trunk VLANs 1,5 and 8. VLAN 1 is native on the Cisco

The Cisco side setup.. 


interface GigabitEthernet0/1
 switchport trunk allowed vlan 1,5,8
 switchport mode trunk


I had to create VLAN 1 on the SRX and not coincidentally the first point I want to make is about the use of VLAN 1 on the SRX.

[edit]
root# set vlans vlan-engineering vlan-id 1 l3-interface vlan.1

[edit]
root# commit
[edit vlans]
  'vlan-engineering'
    Non default VLANs cannot have vlan-id 1
error
: configuration check-out failed

[edit]
root# rollback
load complete

[edit]
root# set vlans default vlan-id 1 l3-interface vlan.1

[edit]
root# commit                                            
commit complete

[edit]
root#


Got that? VLAN 1 must be named default! 

vlans {
    default {
        vlan-id 1;
        l3-interface vlan.1;
    }


The other point I want to make today is on the use of the native VLAN on the trunk.
Now we know that VLAN 1 is the native on the Cisco side..


SWITCH2#sh interfaces trunk

Port        Mode             Encapsulation  Status        Native vlan
Gi0/1       on               802.1q         trunking      1

Port        Vlans allowed on trunk
Gi0/1       1,5,8

Port        Vlans allowed and active in management domain
Gi0/1       1,5,8

Port        Vlans in spanning tree forwarding state and not pruned
Gi0/1       1,5,8


Here was my first attempt at configuring the SRX side of the trunk..

ge-0/0/1 {
    unit 0 {
        family ethernet-switching {
            port-mode trunk;
            vlan {
                members [ default vlan-int vlan-ext ];
            }
        }
    }
}


A not completely unreasonable attempt I think.
Checking the trunk on the SRX side..


blogger@AUFWNSW042> show ethernet-switching interfaces
Interface    State  VLAN members        Tag   Tagging  Blocking
ge-0/0/1.0   up     default             1     tagged   unblocked
                    vlan-ext            5     tagged   unblocked
                    vlan-int            8     tagged   unblocked


No good - says VLAN 1 is tagged. As its the native VLAN we want it untagged to match the Cisco side.

Ok, lets tell the SRX VLAN 1 must be the native VLAN..

set interfaces ge-0/0/1.0 family ethernet-switching native-vlan-id 1

Check again..

blogger@AUFWNSW042> show ethernet-switching interfaces       
Interface    State  VLAN members        Tag   Tagging  Blocking
ge-0/0/1.0   up     default             1     untagged unblocked
                    default             1     tagged   unblocked
                    vlan-ext            5     tagged   unblocked
                    vlan-int            8     tagged   unblocked


VLAN 1 tagged and untagged at the same time..interesting.
Lets delete VLAN 1 fron the trunk..


delete interfaces ge-0/0/1.0 family ethernet-switching vlan members default

Checking again..

blogger@AUFWNSW042> show ethernet-switching interfaces          
Interface    State  VLAN members        Tag   Tagging  Blocking
ge-0/0/1.0   up     default             1     untagged unblocked
                    vlan-ext            5     tagged   unblocked
                    vlan-int            8     tagged   unblocked


That's got it! VLAN 1 is now just there as the untagged VLAN on that interface which is what we want to match the Cisco.

So the lesson is the untagged VLAN should not be configured as a trunk member.


Here is the working SRX side trunk config.


ge-0/0/1 {
    unit 0 {
        family ethernet-switching {
            port-mode trunk;
            vlan {
                members [ vlan-int vlan-ext ];
            }
            native-vlan-id 1;
        }
    }
}


A slightly more detailed look at the SRX side..

blogger@AUFWNSW042> show ethernet-switching interfaces detail ge-0/0/1.0
Interface: ge-0/0/1.0, Index: 71, State: up, Port mode: Trunk
Native vlan: default
Ether type for the interface: 0x8100
VLAN membership:
    default, 802.1Q Tag: 1, untagged, unblocked
    vlan-ext, 802.1Q Tag: 5, tagged, unblocked
    vlan-int, 802.1Q Tag: 8, tagged, unblocked
Number of MACs learned on IFL: 5
 

Model: srx210he
JUNOS Software Release [12.1R6.5]

No comments: