Switching

i have a ex-4200 connected to a J2350. I have /30 address configured on each side. I see arp on each side on the corret interface but no ping response.

 

Ex-4200

root@r1> show configuration interfaces ge-0/0/1
unit 0 {
    family inet {
        address 10.0.4.14/30;
    }
}

{master:0}

 

root@r1> show arp
MAC Address       Address         Name                      Interface     Flags
00:22:83:87:9e:80 10.0.4.13       10.0.4.13                 ge-0/0/1.0    none

 

J-2350

root@r3# show interfaces ge-0/0/0   
unit 0 {
    family inet {
        address 10.0.4.13/30;
    }
}

[edit]

root@r3# run show arp
MAC Address       Address         Name                      Interface     Flags
00:23:9c:18:bc:01 10.0.4.14       10.0.4.14                 ge-0/0/0.0    none

 

i have no idea why i can't ping across this link. There are no filters applied. anybody has any ideas? Could it be related to flow based software for j series. it came with some firewall config but i deleted the entire security section

What version of JUNOS are you running? After 9.4 JUNOS and JUNOS ES router code is bundled so by default the router comes up in a security context. Deletion of the security section could be the cause of your problem.

i'm running 9.5. . it doesn't make a difference if its in there or not..same results no ping

Did you assign interfaces to a security zone on the router ? Did you allow host inbound traffic service ping on interface or zone level? By default config this isn't allowed!

no I did not. I thought by deleting the security config, it'll allow everything. It'll be kind of ridiculous if I have to do this on a router, it's not a firewall. I'll give it a shot though or downgrade to 9.3

adding interface and allow pings works..is there junos for j series without this security crap?

As I mentioned after 9.4 JUNOS now has a single code train that includes all of the firewall capability in it. It is also enabled "out of the box" - hence Screenie's post about turning on the appropriate rules.

 

You can however run the JUNOS code in what is known as "routing context" - that builds out a basic configuration that allows the router to function effectively as just a "router" - here is a link to the documentation on how to do so.

 

http://www.juniper.net/techpubs/software/junos-security/junos-security95/junos-security-admin-guide/factory-defaults-secure-context-to-router-context-section.html

 

Good luck - this drove me crazy the first time I got a box running JUNOS-ES and I could not ping to it - understand the frustration - but this will allow you to use it as a router and then if you desire to turn on security if it ever becomes of value to you.

thanks all

Hi All,

 

If we change to "routing context", can we run routnig protocols, BGP, OSPF? I read on wiki that if you delete the securtiy to make it packet based, then the j-series doesn't allow routing protocols to run and it becomes a basic IP router that is useless. Perhaps deleteing the security is different to actually changing to routing context?

 

Regards

Dinesh

 

Yes you can run routing protocols when you are not in security mode.

It appears the latest version of packet-based JUNOS for the J-series is 9.3R4.4

 

It can be found here (assuming you have a software support login for JUNOS): 

http://www.juniper.net/support/csc/swdist-domestic/9.3/#sw

 

v9.4 and up for J-series is flow-based which means it is JUNOS with Enhanced Services, which has the built in security/firewall code. 

This is essentially the same code the SRX branch boxes use.   Good luck.

 

-=]NSG[=-

#JUNOS
#packet-based