O'Reilly logo

Junos Security by James Quinn, Timothy Eberhard, Patricio Giecco, Brad Woodberg, Rob Cameron

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Transparent Mode Commands and Troubleshooting

Troubleshooting issues in transparent mode are almost identical to troubleshooting Layer 3, with a few exceptions which are the focus here. First, this section lists some of the useful commands in Layer 2 that you should be aware of, and then we will work our way through a step-by-step troubleshooting plan.

The next few commands are unique to transparent mode. We will cover the rest of the steps in Transparent Mode Troubleshooting Steps.

The show bridge domain Command

The show bridge domain command lists all of the active bridge domains on the device, along with the associated VLANs and interfaces for those domains. If you are experiencing an issue where traffic isn’t flowing, you should check this out first to make sure you have the correct interface, VLAN, and bridge domain configuration.

root@SRX3400-1> show bridge domain

Routing instance     Bridge domain        VLAN ID     Interfaces
default-switch       L2-VLAN-10           10
                                                      ge-0/0/1.0
                                                      ge-0/0/3.10
default-switch       L2-VLAN-20           20
                                                      ge-0/0/2.0
                                                      ge-0/0/4.20
default-switch       L2-VLAN-30           30
                                                      ge-0/0/3.30
default-switch       L2-VLAN-40           40
                                                      ge-0/0/3.40
default-switch       L2-VLAN-50           50
                                                      ge-0/0/4.50
default-switch       L2-VLAN-60           60
                                                      ge-0/0/4.60

The show bridge mac-table Command

The show bridge mac-table command is important for looking at the bridge MAC learning table. If you do not see the MAC addresses for the hosts in the correct bridge domain on the correct interface of this output, either the SRX is not seeing the MAC addresses at all (check ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required