Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Peterv01

Pages: [1]
1
SRX Platform and J-series / Re: Cluster SRX and two isp's
« on: September 20, 2016, 01:30:28 pm »
Hey... some lines of the goal fell off :-(
Let me rephrase the goal:

We want to route vpn traffic to switch port 8 (ISP 2), while sending all other traffic (internet) via switchport 1(ISP 2)
But we can only use one WAN interface: ge-0/0/0
We would like to remain the transparent current part as is, but use vlan tagging for the vpn-traffic to ISP1, so that it's send out of port 8.

What is the best solution and how/what lines?

2
SRX Platform and J-series / Re: Cluster SRX and two isp's
« on: September 20, 2016, 06:10:18 am »
Something like this maybe???
============
set interfaces reth0.0 unit 0 family ethernet-switching port-mode trunk
set interfaces reth0.0 unit 0 family ethernet-switching vlan members 110
set interfaces reth0.0 family ethernet-switching native-vlan-id 10
set interfaces reth0.0 vlan-id 10 family inet address 87.87.1.250/29
============

3
SRX Platform and J-series / Re: Cluster SRX and two isp's
« on: September 20, 2016, 05:34:49 am »
cluster attached to 2 switches (EX), having only one isp. Port ge-0/0/0 atatched to reth0.0

With this I meant:
We have a cluster with 2 SRX firewalls.
Port ge-0/0/0 (reth0.0) from these FW's are attached to port 2 of the EX switches (WAN)
On one of the switches only one ISP is atatched (port 1)

4
SRX Platform and J-series / Cluster SRX and two isp's
« on: September 20, 2016, 05:30:21 am »
Just need a push in the right direction...

Current situation: cluster attached to 2 switches (EX), having only one isp. Port ge-0/0/0 atatched to reth0.0
interfaces {
    ge-0/0/0 {
        gigether-options {
            redundant-parent reth0;
        }
    }

reth0 {
        redundant-ether-options {
            redundancy-group 1;
        }
        unit 0 {
            family inet {
                address 87.87.1.250/29;
            }
        }
    }
route 0.0.0.0/0 next-hop 87.87.1.249;

Goal: 2 SRX's in a cluster, each connected on their own switch; port ge-0/0/0 (reth 0.0) to switch-port 2.

Problem...
We preferrably do not(!) want to change the configuration part for the current line, meaning: we want to leave reth0.0 intact, because
all zones are linked to this interface.

I really have no idea how to approach this...
Anyone any idea what command lines to enter or at least give me a start?

Note
We don not have free ports on the firewalls anymore...

5
Switches / Re: Delete an interface-range how...
« on: September 01, 2016, 08:24:30 am »
As always... it can't be difficult one would expect... and indeed, it isn't....found it!  :-D

'#delete interfaces interface-range wifi'       (so without the rest of the line shown in the set line)

This automatically also deletes the lines underneath them...

6
Switches / Delete an interface-range how...
« on: August 31, 2016, 05:00:53 pm »
*config on a ex2200*
set interfaces interface-range office member-range ge-0/0/0 to ge-0/0/3
set interfaces interface-range office unit 0 family ethernet-switching port-mode access
set interfaces interface-range office unit 0 family ethernet-switching vlan members 200
set interfaces interface-range old member-range ge-0/0/4 to ge-0/0/5
set interfaces interface-range old unit 0 family ethernet-switching port-mode access
set interfaces interface-range old unit 0 family ethernet-switching vlan members 800
set interfaces interface-range video member-range ge-0/0/8 to ge-0/0/10
set interfaces interface-range video unit 0 family ethernet-switching port-mode access
set interfaces interface-range video unit 0 family ethernet-switching vlan members 900
set interfaces interface-range wifi member-range ge-0/0/6 to ge-0/0/7
set interfaces interface-range wifi unit 0 family ethernet-switching port-mode trunk
set interfaces interface-range wifi unit 0 family ethernet-switching vlan members 700
set interfaces interface-range wifi unit 0 family ethernet-switching vlan members 710
set interfaces interface-range wifi unit 0 family ethernet-switching vlan members 720
set interfaces interface-range wifi unit 0 family ethernet-switching native-vlan-id 730
set interfaces ge-0/0/0 unit 0 family ethernet-switching
set interfaces ge-0/0/1 unit 0 family ethernet-switching
set interfaces ge-0/0/2 unit 0 family ethernet-switching
set interfaces ge-0/0/3 unit 0 family ethernet-switching
set interfaces ge-0/0/4 unit 0 family ethernet-switching
set interfaces ge-0/0/5 unit 0 family ethernet-switching
set interfaces ge-0/0/6 unit 0 family ethernet-switching
set interfaces ge-0/0/7 unit 0 family ethernet-switching
set interfaces ge-0/0/8 unit 0 family ethernet-switching
set interfaces ge-0/0/9 unit 0 family ethernet-switching
set interfaces ge-0/0/10 unit 0 family ethernet-switching
set interfaces ge-0/0/11 unit 0 family ethernet-switching port-mode access
set interfaces ge-0/0/11 unit 0 family ethernet-switching vlan members network-management
set interfaces ge-0/1/0 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/1/0 unit 0 family ethernet-switching vlan members all
set interfaces ge-0/1/1 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/1/1 unit 0 family ethernet-switching vlan members all
set interfaces lo0 unit 0 family inet address 127.0.0.1/32
set interfaces vlan unit 10 family inet address 10.120.31.6/24
+
set vlans inhabits-vlan vlan-id 100
set vlans office-ict vlan-id 200
set vlans suppliers vlan-id 800
set vlans network-management vlan-id 10
set vlans network-management l3-interface vlan.10
set vlans old vlan-id 600
set vlans voice vlan-id 500
set vlans video vlan-id 900
set vlans wifi-1-public vlan-id 700
set vlans wifi-2-ka vlan-id 710
set vlans wifi-ap vlan-id 730
set vlans wifi-inhabits vlan-id 720

*goal*
On customer request I need to replace this vlan interface-range:
  set interfaces interface-range wifi member-range ge-0/0/6 to ge-0/0/7
for:
set interfaces interface-range voice member-range ge-0/0/6 to ge-0/0/7

*problem*
When I delete the line interfaces interface-range wifi member-range ge-0/0/6 to ge-0/0/7
it gives me an error...
Even when I first remove all lines of the wifi underneath and delete the final line "interfaces interface-range wifi member-range ge-0/0/6 to ge-0/0/7" it keeps giving me the same error.

What is the best way to achieve this goal without errors?

Error:
something like: 'wifi is(has?) not a valid member'

Pages: [1]