an Interface Cannot Have Both Family Ethernet-switching and Vlan-tagging Configured
Interface Configuration Examples
A walkthrough of configuration examples, starting with basic examples and then getting into a few more circuitous configurations, volition help to put this into perspective. The order of the walkthrough uses the following configuration examples:
-
Gigabit Ethernet interfaces
-
Gigabit Ethernet with VLAN tagging
-
T1 interface with Cisco HDLC
-
Series interface with PPP
-
Serial interface with Frame Relay
-
DSL
-
MLPPP
-
Aggregated Ethernet interfaces
-
GRE Tunnel Interfaces
Initially, nosotros volition utilize a step-by-step approach to establish the configuration fundamentals. Then the walkthrough volition movement toward configuration results that build on the fundamentals and get advanced. One time you grasp the fundamentals, you lot should be able to follow the advanced configurations. At the stop of this section, nosotros will discuss the utilise of the Virtual Router Redundancy Protocol (VRRP).
Gigabit Ethernet Interface
Start, let's build an interface on router Lager that connects directly to router Ale over the ge-0/0/0 interface.
Cheque the status of the ge-0/0/0 interface by issuing a bear witness interfaces ge-0/0/0 terse control. Junos interfaces are automatically "enabled" when the physical connection is wired:
root@Lager> testify interfaces terse ge-0/0/0 Interface Admin Link Proto Local Remote ge-0/0/0 up upwardly Note
If an interface needs to be administratively disabled, event the set interfaces <interface proper noun> disable control.
The interface appears to exist physically upward, then side by side, configure the interface to allow IP traffic to menstruation equally well equally add together an IP address. Begin by inbound configuration mode, dropping downwards to the hierarchy of the interface, and configuring the right family and local IP address:
root@Lager>configureEntering configuration mode [edit] root@Lager#edit interfaces ge-0/0/0[edit interfaces ge-0/0/0] root@Lager#set unit 0 family unit inet address 10.x.20.122/24
Since this is a non-VLAN-tagged Ethernet interface, unit of measurement 0 must be used when configuring the logical properties of family inet.
Likewise, note that Junos requires a mask for every IP accost in the classless interdomain routing (CIDR) "slash" notation. An absence of the mask can atomic number 82 to the less desirable result of configuring a /32 subnet on your interface. (Expect for other Junos address problems in Interface Troubleshooting.)
Verify the configuration and activate the changes past issuing a commit and-quit control:
[edit interfaces ge-0/0/0] root@Lager#showunit 0 { family inet { accost ten.x.20.122/24; } } [edit interfaces ge-0/0/0] root@Lager#commit and-quitcommit complete Exiting configuration manner
Verify the status of the interface. Note that the condition now includes the logical portion as well equally the concrete portion of the interface:
root@Lager> show interfaces terse ge-0/0/0 Interface Admin Link Proto Local Remote ge-0/0/0 up upward ge-0/0/0.0 up upwardly inet 10.10.xx.122/24 Lastly, test connectivity by issuing a ping command toward the other end of the link of Ale:
root@Lager> ping 10.10.20.121 PING 10.x.20.121 (10.x.20.121): 56 data bytes 64 bytes from 10.x.20.121: icmp_seq=0 ttl=64 fourth dimension=7.758 ms 64 bytes from x.10.20.121: icmp_seq=one ttl=64 time=10.394 ms ^C --- 10.10.20.121 ping statistics --- two packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max/stddev = 7.758/nine.076/ten.394/ane.318 ms Annotation
Detect the Ctrl-C sequence used to break out of the ping command. Junos will send an endless number of pings unless a suspension is issued or a specific number of ping packets are specified with the count command.
root@Lager> ping 10.x.20.121 count 3 PING ten.x.twenty.121 (x.10.20.121): 56 data bytes 64 bytes from 10.10.20.121: icmp_seq=0 ttl=64 time=16.822 ms 64 bytes from 10.10.20.121: icmp_seq=1 ttl=64 time=20.382 ms 64 bytes from ten.10.20.121: icmp_seq=ii ttl=64 fourth dimension=10.370 ms --- 10.10.xx.121 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max/stddev = 10.370/15.858/20.382/4.144 ms
Gigabit Ethernet with VLAN Tagging
Continuing with our example, let's add together VLAN tagging between Lager and Ale, which is already configured with a VLAN ID of 100. The outset step is to enable VLAN tagging on the physical interface of Lager:
root@Lager>configureEntering configuration way [edit] root@Lager#edit interfaces ge-0/0/0[edit interfaces ge-0/0/0] root@Lager#prepare vlan-tagging
Next, add a VLAN ID of 100 on logical unit 0:
[edit interfaces ge-0/0/0] root@Lager#gear up unit 0 vlan-id 100[edit interfaces ge-0/0/0] root@Lager#showvlan-tagging; unit of measurement 0 { vlan-id 100; family inet { accost 10.x.twenty.122/24; } }
Note
Juniper routers do non accept a default VLAN, every bit every VLAN must exist explicitly configured. Many switches utilize a default VLAN of 1, so make sure y'all explicitly configure a vlan-id of 1 on the router for connectivity.
Although this is a valid configuration on unit 0, the best practice is to always keep the same unit number as the VLAN tag, so let's change the unit number with the rename command:
[edit interfaces ge-0/0/0] root@Lager#rename unit 0 to unit of measurement 100[edit interfaces ge-0/0/0] root@Lager#showvlan-tagging; unit 100 { vlan-id 100; family inet { accost 10.10.20.122/24; } }
Lastly, actuate the changes, verify the interface condition, and test connectivity:
[edit interfaces ge-0/0/0] root@Lager#top[edit] root@Lager#commitcommit consummate [edit] root@Lager#run evidence interfaces terse ge-0/0/0Interface Admin Link Proto Local Remote ge-0/0/0 up up ge-0/0/0.100 upward up inet ten.ten.20.122/24 [edit] root@Lager#run ping x.ten.xx.121 count 1PING 10.10.xx.121 (10.10.20.121): 56 information bytes 64 bytes from 10.ten.20.121: icmp_seq=0 ttl=64 time=46.668 ms --- 10.ten.20.121 ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max/stddev = 46.668/46.668/46.668/0.000 ms [edit] root@Lager#run show interfaces terse ge-0/0/0Interface Admin Link Proto Local Remote ge-0/0/0 up up
Notation
Notice the use of the command run to consequence the operational mode control ping in configuration mode.
As well notice the utilise of the height command prior to the commit command. In some cases a commit tin can be issued merely from the top. Using tiptop will save fourth dimension otherwise spent issuing multiple commit commands.
T1 Interface with Cisco HDLC Encapsulation
The T1 interface is the nigh popular basic concrete layer protocol used past the Digital Indicate level 1 (DS1) multiplexing method in N America. For signal-to-point interfaces on Juniper Networks routers, the default Layer 2 encapsulation is PPP, which differs from many other vendors' default behavior. To speedily interoperate with those vendors, change the encapsulation to the default setting, which is commonly Cisco HDLC. Since nosotros already showed the step-by-step configuration in the previous configuration, we show here only the issue of adding the right encapsulation:
t1-ii/0/two { encapsulation cisco-hdlc; unit 0 { family unit inet { address 10.200.viii.9/30; } } } Annotation
An inquiring mind may wonder why the encapsulation has the discussion cisco in it. Is there a non-Cisco HDLC? Every bit a matter of fact, there is! At that place is a standard HDLC protocol (ISO 13239), used in protocols such equally X.25 and SDLC. The original specification did not have multiprotocol support, and so Cisco decided to create its ain version with this back up with unlike header fields and definitions. Although this protocol is officially proprietary, the workings are open up and have been implemented by many different router vendors.
Serial Interface with PPP
A series interface tin can come up in a diverseness of unlike physical forms, such every bit V.35, X.21, and EIA-530. The choice of physical media oft depends on geographical location; V.35 is the near common pick in the United States and Europe, and X.21 is more mutual in Japan. Regardless of concrete media, all serial interfaces have the same idea of defining a data circuit-terminating equipment (DCE) device and a data terminal equipment (DTE) device. The DTE device is the end unit that receives data encoding, clocking, and signal conversion from the DCE device. In modern communications, the DCE device oftentimes takes the course of a channel service unit/data service unit (CSU/DSU) or a modem; however, when connecting two routers in a back-to-back fashion, one of the routers takes the role of a DCE.
Router Ale and router Bock have a back-to-back serial connection using Five.35 with the default encapsulation of PPP. Normally, a router will default to DTE manner, but in this case, Ale is automatically chosen as the DCE based on the detection of a DCE cable. You lot can observe this detection in the Local style field of the prove interfaces command:
root@ale# run prove interfaces se-i/0/0 all-encompassing | discover "series media" Serial media information: Line protocol: 5.35 Resync history: Sync loss count: 0 Data signal: Rx Clock: Not Detected Control signals: Local mode: DCE To DTE: CTS: up, DCD: up, DSR: upwards From DTE: DTR: upward, RTS: up DCE loopback override: Off Clocking mode: loop-timed Loopback: none Tx clock: not-invert Line encoding: nrz Since one of the roles of the DCE is to provide clocking to the DTE, an internal clocking mode needs to be configured on Ale. This allows Ale to generate a clocking signal toward Bock using the internal clock with a default clock rate of 8 MHz:
[edit interfaces] root@ale# show se-1/0/0 series-options { clocking-mode internal; } unit 0 { family inet { address 172.xvi.1.1/30; } } Bock has no clocking mode configured and takes the default clock way of loop-timed, which takes the transmitted clock from Ale. Bock could too take been configured for DCE mode, which would take the same issue in this case. Hither is the Bock configuration:
[edit interfaces se-1/0/one] root@Bock# show unit 0 { family inet { accost 172.xvi.1.two/30; } } You can verify the local way, clocking mode, and clock charge per unit on Bock past using the evidence interfaces command:
[edit interfaces se-1/0/1] root@Bock# run show interfaces se-one/0/1 all-encompassing | find "series media" Serial media information: Line protocol: v.35 Resync history: Sync loss count: 0 Data point: Rx Clock: OK Control signals: Local style: DTE To DCE: DTR: up, RTS: up From DCE: CTS: upwardly, DCD: up, DSR: up Clocking mode: loop-timed Clock rate: 8.0 MHz Loopback: none Tx clock: non-invert Line encoding: nrz Notation
Clocking tin can often be a confusing topic for many users. For back-to-back router connections, Juniper fabricated it simple by allowing multiple different clocking modes to be configured and yet "practice the right thing." The just combinations that will not work for dorsum-to-dorsum connections are the DCE in loop mode and the DTE in loop or DCE mode. However, when connecting to a CSU/DSU or a modem, proper care must be taken to configure the right clock fashion.
Series Interface with Frame Relay
Frame Relay is a Layer 2 encapsulation that enables the connection of your LAN via a WAN connection to a Frame Relay node. Frame Relay creates a tunnel called a permanent virtual circuit (PVC) over a private or leased line to provide connectivity to other sites over the Internet service provider's (ISP's) infrastructure. With the emergence of DSL and IP-based networks, Frame Relay is non often seen anymore, except in rural areas as a cheaper, "always on" connection.
To establish a Frame Relay connection with the Frame Relay node, the proper encapsulation of frame-relay (RFC 1490) must exist configured as well every bit the local circuit identifier for the PVC represented past the logical belongings of a dlci number:
se-1/0/0 { encapsulation frame-relay; unit 645 { clarification "to R3"; dlci 645; family unit inet { accost 172.17.24.130/30; } } } The router can likewise back up back-to-back router connections past configuring i router to operate in DCE mode or past turning off keepalives on each router. If keepalives are disabled, the router will not look for any local management messages to enable that interface. Also, turning keepalives off can assist in troubleshooting by allowing for loopback testing, which we'll discuss later in this chapter.
ADSL Using PPPoE over ATM
DSL is i of the more popular connection media for both companies and consumers considering the local service is provided via a normal phone line with a DSL modem. This connection terminates at the telco digital subscriber line admission multiplexer (DSLAM), a device that concentrates multiple DSL connections together. Some J-series routers have support for ATM over asymmetrical digital subscriber line (ADSL)—Addendum A for DSL over POTS or Annex B for DSL over ISDN—and symmetric high-speed digital subscriber line (SHDSL) configurations that allow them to act as the DSL modem at the customer site. The interfaces announced to exist ATM connections merely exercise not support native ATM, only the utilize of ATM over a DSL connection.
Router PBR has an ADSL Annex A PIM installed in slot 6 and will act as a client to the DSLAM. This connectedness is using Point-to-Point Protocol over Ethernet (PPPoE) over ATM for the DSL connection, which requires that 2 unlike interfaces be configured. The first interface that is configured is the physical ATM interface of at-half dozen/0/0. To configure the interface, the ATM virtual path and virtual aqueduct identities must be the same values that are provisioned at the DSLAM. The rest of the parameters can be learned from the DSLAM by setting an operating mode of car. Since PBR will exist using PPPoE, the encapsulation must be configured at both the physical and the logical layers:
[edit] doug@PBR# show interfaces at-vi/0/0 { encapsulation ethernet-over-atm; atm-options { vpi 0; } dsl-options { operating-mode machine; } unit 0 { encapsulation ppp-over-ether-over-atm-llc; vci 0.39; } } The next interface that must exist configured is the PPPoE internal router interface. This interface maps the physical interface where PPPoE will be running, sets the access server'southward name and underlying service to be requested, and sets an IP address. The IP address tin be learned automatically from the access server by specifying the negotiate-accost command, equally seen in the configuration of PBR that follows, or past setting the IP address to be static:
pp0 { unit 0 { pppoe-options { underlying-interface at-6/0/0.0; access-concentrator mgmgrand; service-name "pppserv@mgmgrand"; auto-reconnect 5; } family inet { negotiate-address } } } } You tin can verify the correct operation of the PPPoE negotiation by issuing the show pppoe interfaces command:
[edit] doug@PBR# run show pppoe interfaces pp0.0 Index 68 Country: Session up, Session ID: 4, Service name: pppserv@mgmgrand, Configured AC proper noun: mgmgrand, Session Air-conditioning name: mgmgrand, Air-conditioning MAC address: 00:05:85:ca:7a:a8, Session uptime: 00:22:43 ago, Auto-reconnect timeout: v seconds, Idle timeout: Never, Underlying interface: at-half dozen/0/0.0 Index 66
MLPPP
To incrementally increase the speed of individual PPP links without adding speed to the concrete interfaces, the Multilink Point-to-Betoken Protocol (MLPPP) was created under RFC 1990. This is substantially a "software" bond of multiple physical PPP interfaces to grade one larger logical link, called a bundle. Junos allows for up to eight physical interfaces to exist assigned to a parcel.
To support MLPPP on any Juniper Networks router, the router must back up this special service. This back up could be in the course of an additional hardware Moving picture on an M-serial router, or it could inherit software support on other Juniper routers.
The first step is to configure the pseudolink service interface, which takes the class of lsq-0/0/0 on J-series, MX, and SRX routers, or an ml, lsq, or ls interface on an M-series router, depending on the PIC blazon. This interface volition take yet characteristics of a normal PPP interface, such equally an IP address, but will have a logical encapsulation of multilink-ppp. This is configured at the logical layer of the interface to allow multiple bundles and types of bundles on the same router past configuring multiple unit numbers. As shown here, the package is assigned to logical unit 0:
lsq-0/0/0 { unit 0 { encapsulation multilink-ppp; family inet { address 172.8.17.30/30; } } } Adjacent, configure the physical interfaces to link the newly created link service interface. In the following example, interfaces se-1/0/0 and se-i/0/1 are linked to the logical bundle unit 0 on the ls-0/0/0 interface:
se-1/0/0 { unit 0 { family unit mlppp { bundle lsq-0/0/0.0; } } } se-1/0/ane { unit 0 { family mlppp { bundle lsq-0/0/0.0; } } } To verify the status, issue the show interfaces terse control. Notice that both the serial interfaces and the link service interfaces are tracked. The link service will be in the up land every bit long as one of the physical interfaces is likewise in the up state. Y'all tin change this by configuring the minimum-links number control under the link service interface. This control sets the number of physical links that must exist in the upwardly state for the packet to be labeled upward:
root@Bock# run show interfaces terse | lucifer "se|lsq-" lsq-0/0/0 upwardly upwardly lsq-0/0/0.0 upwardly up inet 172.17.eight.30/30 se-ane/0/0 up upwards se-ane/0/0.0 up upwards mlppp lsq-0/0/0.0 se-1/0/one upwards up se-ane/0/one.0 upwardly upwardly mlppp lsq-0/0/0.0 Note
Notice the use of an "or" argument in the friction match criteria. The utilise of quotes and the pipe symbol denotes an or argument for the match, looking for lines that comprise either se or lsq-.
Aggregated Ethernet
The IEEE 802.3ad standard defines a means to bundle multiple Ethernet interfaces into an aggregate grouping. Traffic is passed over all members of the group in a load-balancing organisation. The link aggregation command protocol (LACP) can be added to monitor the bundle, allowing interfaces to be added or subtracted from the bundle without loss of traffic.
The use of 802.3ad allows multiple connections between a router and a switch without the possibility of a broadcast tempest. This improves performance and has a quicker recovery time than using a spanning tree protocol.
The configuration of 802.3ad has 3 parts: setting the chassis parameters, the aggregate interface, and the participating interfaces. The chassis parameters define the total number of aggregate interfaces that will exist attack the router. In this example, we are installing only a single aggregate interface:
root@Lager> show configuration chassis aggregated-devices { ethernet { device-count ane; } } The aggregate interface uses an internal interface type of ae0. This interface carries the logical interface backdrop for the interface—in this case, the IP address for the bundle:
root@Lager> show configuration interfaces ae0 unit 0 { family inet { address four.4.four.ane/24; } } Finally the participating interfaces are added to the configuration. Upwards to 10 Ethernet interfaces tin can be added to an aggregate bundle. These interfaces can be in any location on the router:
root@Lager>prove configuration interfaces ge-0/0/iigigether-options { 802.3ad ae0; } root@Lager>show configuration interfaces ge-0/0/3gigether-options { 802.3ad ae0; }
Once the configuration is entered and committed, the ae0 interface is monitored every bit any other interface on the router. The show interfaces ae0 command shows the interface's bandwidth and status. The show interface terse command shows the addresses of the aggregate interface and the bundle of the aggregated Ethernet interfaces:
root@Lager>show interfaces ae0Concrete interface: ae0, Enabled, Physical link is Upwardly Interface index: 146, SNMP ifIndex: 142 Link-level blazon: Ethernet, MTU: 1514, Speed:2000mbps, BPDU Error: None, MAC-REWRITE Fault: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Disabled, Minimum links needed: ane, Minimum bandwidth needed: 0 Device flags : Present Running Interface flags: SNMP-Traps Internal: 0x4000 root@Lager>testify interfaces terse | match "ge-|ae0".... ge-0/0/two up upward ge-0/0/two.0 upwardly up aenet --> ae0.0 ge-0/0/iii upwardly up ge-0/0/iii.0 up up aenet --> ae0.0 ae0 up up ae0.0 up up inet iv.4.4.1/24
GRE
Generic Routing Encapsulation (GRE) is a tunneling protocol that enables the send of a variety of Layer iii protocols. The tunnel created past GRE was designed to exist "stateless" with no monitoring of the tunnel endpoint. GRE tunnels are used for a variety of applications, including providing fill-in links, transporting non-IP protocols over an IP network, and connecting "islands" of IP networks.
To create a GRE tunnel on a Juniper Networks router, the router must exist equipped with Layer two service capabilities, which are native in the J-series, MX, and SRX routers and are available via a hardware PIC in an Chiliad-series router. When these services are enabled on a router, a pseudointerface chosen gr is created. The interface must exist configured with the source IP address for the GRE packets, the destination of the tunnel, and the families of protocols that volition be carried in the protocol. The GRE tunnel configured in the following case is conveying IP traffic and is using a source IP address of ten.20.1.38 and a destination of 172.66.xiii.1. An IP address for the gr-0/0/0 interface is not required but could be useful for management purposes:
gr-0/0/0 { unit of measurement 0 { tunnel { source x.twenty.1.38; destination 172.66.13.1; } family inet } } Note
It is important not to mistake the internal gre interface with the gr interface on the router. The gre interface is used by the router internally and should not be configured to create GRE tunnels.
The terminal piece is mapping actual traffic for utilise by the GRE tunnel. This is accomplished in a diverseness of methods depending on the type of traffic entering the GRE tunnel. Common mapping examples for IP include creating a static route with a next-upwardly of the gr interface or even running a routing protocol such as Open up Shortest Path Beginning (OSPF) over the interface!
VRRP
Everyone using a PC for Internet surfing, music downloads, or gaming uses IP as the network protocol. The PC will have an IP address assigned also as a default gateway accost to accomplish any destinations that are non on the local subnet. In the following lawmaking snippet, a PC is using an IP address of 10.70.129.36 with a mask of 255.255.255.0 and a default gateway of ten.70.129.1:
Microsoft Windows [Version six.0.6002] Copyright <c> 2006 Microsoft Corporation C:\Documents and Settings\Douglas Marschke> ipconfig Ethernet adapter Local Area Connectedness iii: Connection-specific DNS Suffix . : european union-af.regus.local IP Address. . . . . . . . . . . . : 10.seventy.129.36 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : ten.lxx.129.1 This default gateway address is either statically defined by the user or learned via the Dynamic Host Configuration Protocol (DHCP) process. Regardless of the method, the default gateway will exist used as the next hop address for the default road that will be created to reach remote destinations:
Microsoft Windows [Version 6.0.6002] Copyright <c> 2006 Microsoft Corporation C:\Documents and Settings\Douglas Marschke> netstat -r Route Table ================================================================ Interface List 0x1 ......................... MS TCP Loopback interface 0x2 ...00 12 f0 ac 46 d5 ..... Intel(R) PRO/Wireless 2200BG Network Connection - Packet Scheduler Miniport 0x3 ...00 12 3f 12 d7 59 ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport 0x20005 ...00 ff e8 25 91 85 ..... Juniper Network Connect Virtual Adapter ================================================================ Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.seventy.129.1 10.70.129.36 20 10.seventy.129.0 255.255.255.0 x.seventy.129.36 ten.lxx.129.36 20 ten.seventy.129.36 255.255.255.255 127.0.0.1 127.0.0.1 20 10.255.255.255 255.255.255.255 10.70.129.36 10.seventy.129.36 20 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 i 224.0.0.0 240.0.0.0 10.70.129.36 10.70.129.36 20 255.255.255.255 255.255.255.255 10.70.129.36 x.70.129.36 1 255.255.255.255 255.255.255.255 10.70.129.36 two 1 255.255.255.255 255.255.255.255 10.70.129.36 20005 1 Default Gateway: 10.70.129.1 ============================================================== Persistent Routes: None If the default gateway was a single device and that device failed, a PC would not be able to reach destinations outside the local subnet. In a fault-tolerant network, it would exist ideal to have a fill-in gateway device, without having to modify the configuration on the PC, as well as being able to load-share with multiple PCs on the LAN.
VRRP was created to eliminate unmarried points of behavior that are inherent to static default routed networks. VRRP creates a logical grouping of multiple physical routers to a "virtual" router that volition exist used as the default gateway for end hosts. This allows the PC to always maintain the aforementioned gateway accost even if the physical gateway has changed (see Effigy iv-16). The routers that are part of the aforementioned VRRP logical grouping volition share this "virtual" IP address equally well as a "virtual" media admission control (MAC) accost. Essentially VRRP describes an ballot protocol to maintain ownership of this virtual IP (VIP) address and MAC address. One router in the VRRP group will be the main router, which controls this VIP address unless a failure occurs that results in a release of that buying. This failure causes another router to claim ownership of the VIP by issuing a VRRP bulletin and a gratuitous Address Resolution Protocol (ARP) to merits the virtual MAC address. One time a router becomes the master, information technology will periodically advertise VRRP messages to indicate its overall wellness and reachability.
When configuring VRRP for the get-go time on a Juniper Networks router, information technology can seem like locating the configuration is similar to trying to detect a needle in a haystack. The configuration volition be within the logical property and will be configured after the family inet address. A VRRP group value (1–255) is assigned on every router that needs to exist role of the virtual router. As well, a VIP address is assigned that the hosts will utilise as their gateway accost. This could be an address endemic by one of the routers in the group or an address taken out of the address block owned by the LAN. Lastly, a priority value can be configured to change the default value of 100, which is used to elect the principal router of the VRRP group. The router with the highest priority value becomes the master for that group; if the priorities are equal, the tiebreaker goes to the highest local LAN IP address:
lab@LAGER# bear witness interfaces ge-0/0/ane { vlan-tagging; speed 100m; link-mode full-duplex; unit 1115 { description LAGER-to-ALE; vlan-id 1115; family inet { address 10.forty.1.2/24 { vrrp-group one { virtual-address x.40.1.200; priority 200; } } } } 
Figure 4-16. VRRP example
Verify the operation of VRRP with the show vrrp summary command. Router Lager is the primary for group 1 because it has a college priority:
[edit interfaces ge-0/0/i] lab@LAGER# run testify vrrp summary Interface Country Group VR state VR Fashion Type Address ge-0/0/1.0 upward 1 master Agile lcl iv.four.four.1 vip 4.iv.4.100 Note
Priority values range from 0–255; however, only values 1–254 are configurable. Priority 0 is reserved for the master router to issue an immediate release of mastership. A priority of 255 is used if the VIP is an actual interface IP that is owned past that router.
Some other option that tin can exist configured is the ability to track the interface priority settings. If an interface goes downwardly, the advertised priority will be subtracted by a configured value. This could result in a new master router for the virtual router. This is very useful to ensure upstream reachability. In the example on Lager, a T1 interface is beingness tracked. If this interface goes downwards, 150 volition be subtracted from the configured priority of 200:
lab@LAGER# evidence interfaces ge-0/0/1 { vlan-tagging; unit 1115 { description LAGER-to-ALE; vlan-id 1115; family inet { address 10.twoscore.one.2/24 { vrrp-group 1 { virtual-accost 10.forty.1.200; priority 200; runway { interface t1-2/0/ii.0 priority-cost 150; } } } } } You can force an interface failure by administratively disabling the T1 interface:
lab@LAGER# top prepare interfaces t1-2/0/2 disable [edit] lab@LAGER# commit commit complete The result of this failure is a mastership change, as Lager is now the backup router:
[edit] lab@LAGER#run show vrrp summaryInterface State Grouping VR state VR Way Type Address ge-0/0/1.0 up 1fill-inActive lcl four.four.4.ane vip four.4.four.100
Discover in the evidence vrrp track command that Lager has a configured (cfg) priority value of 200, just a priority of fifty is currently being used because we've subtracted the cost of 150 from the downed T1 interface:
lab@LAGER# run show vrrp track Track Int State Speed VRRP Int Grouping VR State Current prio t1-2/0/2.0 down 0 ge-0/0/1.0 1 backup fifty The default behavior of VRRP is to use preemption, which causes a router with a higher priority to become the chief at whatsoever fourth dimension. When Lager'south T1 interface is reenabled, information technology will again go the primary for the virtual router:
[edit] lab@LAGER#rollback 1load complete [edit] lab@LAGER#commitcommit complete [edit] lab@LAGER#run show vrrp trackRails Int State Speed VRRP Int Group VR State Current prio se-1/0/0.0 upwardly 16384k ge-0/0/3.0 1master200
Since preemption could cause a temporary disruption in the network, a no-preempt command can also exist configured.
Lastly, according to RFC 3768, "A VRRP router SHOULD not forrard packets addressed to the VIP Accost(es) it becomes Principal for if it is not the owner." That means if we take an IP address that is not endemic by whatsoever router and is only an address from the subnet that was used every bit the VIP, operational issues may appear. The most common event is not existence able to ping the virtual address. In the case just examined, 10.40.1.200 was the VIP address chosen out of the x.xl.1/24 subnet, but it was not really configured on either Lager or Ale. Juniper routers permit you to break this rule past configuring the accept-data command to allow the master router to reply to the VIP address. This will let testing to occur toward the VIP; all the same, care must be taken to avoid unnecessary traffic on the LAN.
Source: https://www.oreilly.com/library/view/junos-enterprise-routing/9781449309633/ch04s04.html
0 Response to "an Interface Cannot Have Both Family Ethernet-switching and Vlan-tagging Configured"
Enviar um comentário