2

I have a Juniper EX3300 switch in a data center. And I have connected one of the uplink ports (ge-0/1/0) to my ISP's router. I want to configure it so that all the devices connected to ports in the same VLAN as ge-0/1/0 can access the Internet. I have done some research, and I haven't gotten anywhere really.

I have configured the interface as follows:

ge-0/1/0 {
    ether-options {                 
        no-auto-negotiation;
        link-mode full-duplex;
        speed {
            1g;
        }
    }
    unit 0 {
        family inet {
            address xx.xx.xx.xx/32;
        }
    }
}

where xx.xx.xx.xx is the "Customer Router Port IP" assigned by my ISP.

When I try to commit, I get the following error: 

Interface ge-0/1/0.0 not enabled for switching

Can some one tell me what is the right way to configure it?

Richard Whitman
  • 137
  • 1
  • 4
  • 8

1 Answers1

4

It is unclear whether you want topology A or B below (I think you need B, but your question seems to ask for A)

          Vlan10           Vlan10
A) [Users]----------[EX330]----------[ISP]
                   x.x.x.x/zz

          Vlan10           Vlan11
B) [Users]----------[EX330]---------------------------[ISP]
              y.y.y.y/24  xx.xx.xx.109/30     .110/30

A)
This is a flat layer2 vlan, and all your computers must be addressed on a subnet from the ISP. Vlan-10 is used for all your machines and they set their default-gateway to x.x.x.x.

I'm not sure why you're using a /32 mask in your question. It's unlikely that you want to do this, since it means you proxy-arp for all destinations. Work with your provider to understand what your actual netmask should be (I'm assuming zz, below)

delete interfaces ge-0/1/0 unit 0
delete interfaces ge-0/1/0
delete interfaces ge-0/1/1 unit 0
delete interfaces ge-0/1/1
set vlans vlan-10 vlan-id 10
set vlans vlan-10 interface ge-0/1/0
set vlans vlan-10 interface ge-0/1/1
set interfaces ge-0/1/0 unit 0 family ethernet-switching port-mode access
set interfaces ge-0/1/1 unit 0 family ethernet-switching port-mode access
set interfaces vlan unit 10 family inet address x.x.x.x/zz
set routing-options static route 0.0.0.0/0 next-hop xx.xx.xx.110

B)
This involves two different vlans: 10 and 11. Vlan-10 is used for all your servers and they set their default-gateway to y.y.y.y.

delete interfaces ge-0/1/0 unit 0
delete interfaces ge-0/1/0
delete interfaces ge-0/1/1 unit 0
delete interfaces ge-0/1/1
set vlans vlan-10 vlan-id 10
set vlans vlan-11 vlan-id 11
set vlans vlan-10 interface ge-0/1/0
set vlans vlan-11 interface ge-0/1/1
set interfaces ge-0/1/0 unit 0 family ethernet-switching port-mode access
set interfaces ge-0/1/1 unit 0 family ethernet-switching port-mode access
set interfaces vlan unit 11 family inet address xx.xx.xx.109/30
set interfaces vlan unit 10 family inet address y.y.y.y/zz
set routing-options static route 0.0.0.0/0 next-hop xx.xx.xx.110

Add as many ports as you need for servers in Vlan-11. Solution B must use some form of NAT if you don't have enough public address space from your provider to include both subnets for Vlan10 and Vlan11

Mike Pennington
  • 8,266
  • 9
  • 41
  • 86
  • I added this information to my answer... please see above. Since you gave away so much information about your IP addresses and configuration publicly, be sure you lock down ssh access to this EX3300 with a tight acl ASAP on IPs that can ssh to it. – Mike Pennington Jun 22 '12 at 19:31
  • I'm almost positive the EX3300 does not support NAT. You could use it as a router, but not to share IP addressing. Go grab an SRX100, they're pretty cheap. – SpacemanSpiff Jun 22 '12 at 19:41
  • Those were my typos... now fixed – Mike Pennington Jun 22 '12 at 19:44
  • Remove the /30 from the end of the static route entry, the /30 should only be on your interface, and the destination next-hop should be your peer at the ISP. – SpacemanSpiff Jun 22 '12 at 19:47
  • @RichardWhitman, did you get your EX3300 up and operational? – Mike Pennington Jun 22 '12 at 20:41
  • Hey Mike, no, not yet. I am calling the people at the data center/ISP to make sure everything else is fine. I could not ping the ISP router. – Richard Whitman Jun 22 '12 at 20:48
  • It showed that the link is up. But, when I called the ISP's support, they said that it shows the link is down on their side. So, I think something else is wrong here. – Richard Whitman Jun 22 '12 at 20:52
  • are you seeing ARP entries (`show arp`) / FDB entries (`show ethernet-switching table`) on the ISP uplink on your EX3300 switch? Also, be sure your physical cabling matches the configuration. Check to see whether they are using dot1q trunk or untagged ('access') vlan encapsulation on their side. Finally, it's not uncommon for datacenter folks to leave a fiber loop somewhere in a long run; that could explain why you're seeing up and they're seeing down. – Mike Pennington Jun 22 '12 at 21:13
  • no there are no ARP/FDB entries for the uplink interface. If the physical cabling was a mismatch, wouldn't the interface show as down? This is what I get from `show interface ge-0/1/0`: `Physical interface: ge-0/1/0, Enabled, Physical link is Up` – Richard Whitman Jun 22 '12 at 21:19
  • Consider the possibility that a cable tech left a loop facing your EX3300 switch... your link would be up and their side down. Also, if you pasted my answer verbatim, it assumes **`ge-0/1/1`** is the ISP uplink. You just showed me link status for `ge-0/1/0`. – Mike Pennington Jun 22 '12 at 21:46
  • 1
    ok. turns out that my BGIC was single mode. They replaced it with a MMF one, and now its working. I can ping the ISP router. Thanks everyone! – Richard Whitman Jun 22 '12 at 21:55