While creating the logical statement for the second circuit with same VLAN tag of 210, an error is displayed:
------- Pod10# conf interface ethernet 1/1 logical Inside2 ingress-vlan-tag 210 %CONF-ERR: Invalid value Detail: Same ingress-vlan-tag already used in logical Inside ------
In case of VSX, if the same VLAN ID is used for two different interfaces using the same base template circuit, then the second one will not be created successfully on the chassis once the configuration is pushed, even if they are created in different Virual Systems.
The XOS functionality does not allow two logical interfaces with the same VLAN tags to be attached to the same NPM interface, to ensure that the incoming traffic matching the specified VLAN tag is directed to the correct circuit via the logical interface matching the VLAN tag.
The VSX VLAN circuits are attached to the same physical interface to which the base template circuit is attached, and only one template circuit is attached to a physical (NPM) interface. Using different VLAN IDs when using a specific template circuit will prevent this issue.
1. Use a different VLAN ID for the circuits attached to the same physical interfaces.
2. Circuits with same VLAN ID can be attached to different physical interfaces.
3. In case of VSX, where the VLAN tags are assigned as per the VLAN IDs selected within the VS in the Check Point Management GUI, please use different VLAN IDs when using the same base template circuit in two different Virtual Systems.
Imported Document ID: 000023885
Subscribing will provide email updates when this Article is updated. Login is required.