Juniper SRX300 Layer 2 Issues

I am going to make this as short as possible. I purchased an SRX300 to replace my SRX100 firewall. The one I noticed right out of the box was each interface was in routed interface. Unlike the older branch models (SRX1xy, SRX2xy, etc) the ports were in switching mode.

Also, the JunOS version is at 15.1X49-D45 In my case, I need these ports to do switching and not routing. Therefore, I went ahead and modified my SRX100 config to match the new SRX300. When I commit, the box barked at me stating something along this lines.

from-zone (trust) and to-zone (untrust) must be both L2 or L3 zones.
error: configuration check-out failed

I had no idea what it meant, so I removed my security policies and tried to commit again then I got this. It makes sense because the newer boxes uses irb interfaces now instead of vlan.

error: l3-interface: 'vlan.11': Only IRB interface is supported, e.g. irb.10

I replaced all vlan interfaces with irb interfaces then commit check then I got this.

error: interface-unit: 'irb.11': This interface cannot be configured in a zone
error: statement creation failed: irb.11

At this point, I have no idea what was happening. The box is not letting me to commit. Therefore, I fired up Chrome and went to Juniper release notes page for the 15.1X49-D45 that I currently have. I scrolled down to page 10, the layer 2 features, and found this paragraphs.

Support forenhancedLayer2transparentbridgemodeandswitchingmode—Starting with Junos OS Release 15.1X49-D40, the enhanced Layer 2 transparent bridge mode and switching mode features are supported on SRX300, SRX320, SRX340, SRX345, and SRX550M devices.

Use the set protocols l2-learning global-mode (transparent-bridge | switching) command to switch between the Layer 2 transparent bridge mode and switching mode. After switching the mode, you must reboot the device for the configuration to take effect. The layer 2 protocols supported in switching mode is Link Aggregation Control Protocol (LACP).

• LACP is not supported on SRX300 and SRX320 devices.
• LACP is not supported in transparent bridge mode.

The command set protocols l2-learning global-mode switching is the answer to my problems. However, it does not support LACP. I checked the newer versions’ release notes, and found the newer JunOS version support LACP. I upgraded the SRX300 and used the mentioned command. Everything works.

Oh! Before I forget, the set protocols l2-learning global-mode  will require for you to reboot the SRX.




About networkshinobi

This blog is about the things I learned about computers and networking to help me to remember them as I push further my studies. I created this blog to help myself to continue my education; and if you find this blog helpful for your studies, that is great. That is one of the reasons why I made this blog, to share my interest and knowledge. Also, all the entries/posts I made are based on my views, opinion and for educational purposes only. If you see some mistakes, feel free to drop some comments. I would appreciate all the helpful comments. Thanks
