Ethernet Switching
Reply
Contributor
zvitins
Posts: 132
Registered: ‎12-04-2009
0

Cann't access EX2200 switch

Hi all,

I have 4 EX2200 switches and I have problem with one of them - the management network is not working.
All 4 swutches are configured equal, only IP is different.
After reboot for few days all is fine.

 

JUNOS 11.1R6.4

show configuration vlans mgmt     
vlan-id 3;
l3-interface vlan.3;
...

show configuration interfaces vlan unit 3 
family inet {
    address 10.14.0.14/16;
}
...

show configuration interfaces ge-0/0/47 
unit 0 {
    family ethernet-switching {
        port-mode access;
        vlan {
            members mgmt;
        }
    }
}

 

Everything look's fine

 

show vlans 
Name           Tag     Interfaces
mgmt           3      
                       ge-0/0/47.0*

show interfaces terse 
ge-0/0/47               up    up  
ge-0/0/47.0             up    up   eth-switch

vlan.3                  up    up   inet     10.14.0.13/16  

 

But from this switch I can not see any ARP in local network.

How can I found the reason of this problem?

 

I tried to disable/enable vlan and ge-0/0/47 interface - no changes.

 

Thanks

Recognized Expert
NateK
Posts: 233
Registered: ‎02-03-2009
0

Re: Cann't access EX2200 switch

You trying to do in-band management or out of band management?

 

In-band would be something like:

 

set interfaces vlan unit 0 family inet address <IP address>/<subnet>
set vlans default l3-interface vlan.0

 

Out of band would be the following:

 

set interfaces me0 unit 0 family inet address <address>/<subnet>

 

You should not need to assign a special port on the switch to your mgmt VLAN, should just need a trunked VLAN port that the mgmt VLAN is a member of.

 

Can you post up your configuration?

Contributor
zvitins
Posts: 132
Registered: ‎12-04-2009
0

Re: Cann't access EX2200 switch

[ Edited ]

Hello,

 

Configuration are below:

 

set version 11.1R6.4
set system services ssh root-login deny
set system services ssh protocol-version v2
set system services telnet
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any

set chassis aggregated-devices ethernet device-count 1
set chassis alarm management-ethernet link-down ignore
set interfaces interface-range int-net member-range ge-0/0/2 to ge-0/0/46
set interfaces interface-range int-net description int-network
set interfaces interface-range int-net unit 0 family ethernet-switching port-mode access
set interfaces interface-range int-net unit 0 family ethernet-switching vlan members vlan_5
set interfaces ge-0/0/0 ether-options speed 1g
set interfaces ge-0/0/0 ether-options 802.3ad ae0
set interfaces ge-0/0/1 ether-options speed 1g
set interfaces ge-0/0/1 ether-options 802.3ad ae0
set interfaces ge-0/0/2 unit 0 family ethernet-switching
...
set interfaces ge-0/0/46 unit 0 family ethernet-switching
set interfaces ge-0/0/47 unit 0 family ethernet-switching port-mode access
set interfaces ge-0/0/47 unit 0 family ethernet-switching vlan members mgmt
set interfaces ge-0/1/0 unit 0 family ethernet-switching
set interfaces ge-0/1/1 unit 0 family ethernet-switching
set interfaces ge-0/1/2 unit 0 family ethernet-switching
set interfaces ge-0/1/3 unit 0 family ethernet-switching
set interfaces ae0 aggregated-ether-options minimum-links 1
set interfaces ae0 aggregated-ether-options link-speed 1g
set interfaces ae0 unit 0 family ethernet-switching port-mode trunk
set interfaces ae0 unit 0 family ethernet-switching vlan members vlan_5
set interfaces me0 unit 0 family inet
set interfaces vlan unit 0 family inet
set interfaces vlan unit 3 family inet address 10.14.0.13/16
set snmp health-monitor interval 300
set snmp health-monitor rising-threshold 80
set snmp health-monitor falling-threshold 70
set protocols igmp-snooping vlan all
set protocols rstp
set protocols lldp interface all
set protocols lldp-med interface all
set ethernet-switching-options storm-control interface all
set vlans default l3-interface vlan.0
set vlans mgmt vlan-id 3
set vlans mgmt l3-interface vlan.3
set vlans vlan_5 vlan-id 5

 

Thanks

 

Visitor
pierricklevesque
Posts: 3
Registered: ‎11-03-2011
0

Re: Cann't access EX2200 switch

HI,

 

I am currently facing same issue with one brand new EX4500 and one EX2200, i cannot ssh, telnet, http, https access through me0 however exactlty same config is running fine for other same model switches.

 

for information very basic config is as below

 

Would be interested to know if anybody has an idea?

 

Thank you very much in advance for your support.

 

Best regards

 

Pierrick Levesque

 

root@ALBNL2SWCDMZ002# show | display set
set version 10.2R1.8
set system host-name ALBNL2SWCDMZ002
set system root-authentication encrypted-password "$1$HQ1kDiog$81eLKg4WeAB4JyWD40kzJ0"
set system login user admin uid 2001
set system login user admin class super-user
set system login user admin authentication encrypted-password "$1$e8UteAZR$BupGaaoE3dj.c/mXH7At1."
set system services ssh protocol-version v2
set system services telnet
set system services netconf ssh
set system services web-management http
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces xe-0/0/0 unit 0 family ethernet-switching
set interfaces xe-0/0/1 unit 0 family ethernet-switching

set interfaces me0 unit 0 family inet address 10.2.1.5/24
set routing-options static route 0.0.0.0/0 next-hop 10.2.1.1
set protocols igmp-snooping vlan all
set protocols rstp
set protocols lldp interface all
set protocols lldp-med interface all   
set ethernet-switching-options storm-control interface all

 

Recognized Expert
NateK
Posts: 233
Registered: ‎02-03-2009
0

Re: Cann't access EX2200 switch

The configuration looks correct to me:

 

  • me0 has an IP address
  • Route for next-hop from management network

One thing I have noticed about EX switches is that if you do not have any active ports on the switch (i.e. sitting in a room with nothing connected to it) you will be unable to ping the mgmt interface from the switch itself.

 

I have seen this for sure on in-band mgmt interface configuration, not sure if this impacts an OOB mgmt interface or not.

 

If you hop into the shell on the switch what do you get when you run 'netstat -an| grep 22' or 'netstat -an | grep 80' ?

 

Can you ping the management interface?

 

I do know that HTTP/HTTPS use an argument to define the interfaces that they listen on:

 

set system services web-management https interface me0 system-generated-certificate

 

If you are trying to SSH in as root you will be unable to without this:

 

set services ssh protocol-allow v2 root-login allow

 

SSHv2 is preferred over SSHv1 due to some potential security weaknesses in SSHv1.

 

Can you connect to the me0 interface from the 10.2.1.0/24 subnet vs outside of that subnet?

 

 

 

 

 

Visitor
pierricklevesque
Posts: 3
Registered: ‎11-03-2011
0

Re: Cann't access EX2200 switch

Dear NateK,

 

thank you for your recommndation,

 

yes i have a laptop on the back of the management port i can ping yes, but no ssh, no telnet, no http.

 

Indeed these are brand new switches, i have no active ports enable on the switch

I will go back to DC today and add the followings:

 

set system services web-management https interface me0 system-generated-certificate
set services ssh protocol-allow v2 root-login allow

 

I will let you know

 

Best regards

 

Pierrick Levesque

 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.