Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

can't set ethernet1 zone to v1-trust 1

Status
Not open for further replies.
Oh

Oh

IS-IT--Management
Jun 24, 2002
92
JP
Hi. I'm newbie in netscreen. i try to config my 5GT to working in transparent mode. I follow the guide. But when I run command "set interface ethernet1 zone v1-trust", I cannot change it. The only zone selection is "trust". Can somebody help me? Thanks
 
Sort by date Sort by votes
In command line interface, you can get help by '?', e.g.,
Code: 
set interface ?
all available interfaces will be shown
Code: 
set interface trust zone ?
all available zones in trust interface will be shown. AFAIK, NS-5GT has no default interface named ethernet1.
 
Upvote 0 Downvote
the result of 'set interface ?'
ethernet1
ethernet2
ethernet3
serial
tunnel
loopback
vlan1

the result of 'get zone'
name default-IF
trust --- ethernet3
untrust -- ethernet1
...
v1-trust -- null
v1-untrust -- v1-trust

how can I make it working? thanks
 
Upvote 0 Downvote
What's your firewall model? i only have little experience of NS-5GT.
 
Upvote 0 Downvote
The model is NS-5GT. It's doesn't like what said in configuration documentation.
 
Upvote 0 Downvote
Yes. I followed this doc. but I cann't run it in my 5GT.
 
Upvote 0 Downvote
If this is an out of the box Screen then do the following, as the boxes are hierarchical. Hence as you have 192.168.1.1/24 as the default ip address on e1, e1 is bound to zone trust, you must first remove the ip before you can alter zone.

NS5GT>unset int e1 ip
NS5GT>set int e1 zone v1-trust
NS5GT>set int e3 zone v1-untrust

and you should get a message stating you are running pure L2-Mode.

Have fun with the Netscreen oop Juniper NetScreen.

Kind regards

Njetscreamer
 
Upvote 0 Downvote
Oh,

sorry my mistake,

you need to be in trust untrust mode first so you need to

5gt> exec port trust-untrust

allow it to reboot and follow the last post.

Kind regards

Njetscreamer
 
Upvote 0 Downvote
That works! Thanks a lot. I remember set it working as trust-untrust mode in WEB but I don't know why it still working in Extended mode. Thank you, Njetscreamer!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
283
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
301
Johnkite
Johnkite
Russtoleum
  • Locked
  • Question
Windows client can't connect to sonicwall l2tp server
Replies
0
Views
85
Russtoleum
Russtoleum
gbayi_omo
  • Locked
  • Question
Cisco ASA 5505 not allowing access to highest security zone
Replies
0
Views
75
gbayi_omo
gbayi_omo
Garbear
  • Locked
  • Question
TZ190 VPN Connection works but can't ping some IP's on either side
Replies
0
Views
65
Garbear
Garbear

Part and Inventory Search

Sponsor

Back
Top