I am trying to add a new vlan, "vlan57" to my J2320 router. I believe I completed the configuration, but am unable to ping the virtual interface on the router or get through the router to the connected switch.
J2320---------port mode trunk ae0------------EX42000-----------------end device
Vlan57
192.168.57.1 192.168.57.2 192.168.57.5/24
Vlan52
192.168.52.1 192.168.52.3 192.168.52.14/22
When I ping the virtual interface on the router, it returns a, "Destination net unreachable".
When I ping the virtual interface on the switch from a different subnet I get TTL exced limit.
If I ping from a server to the switch on the same subnet I get IMCP reply messages.
If I ping from a server to the router I get "Destination net unreachable".
If I look at the router's ARP table I do not see an entry for my switch 57.2 or my server 57.5
Yes I realize I am setting up router on a stick when I could just use the EX4200 for routing between vlans. Stupid, I know, but the so called senior network guy here is not the brightest. So good network design aside I still need to fix the routing issue. I have setup other vlans that worked just fine in the past on the same router, however I don't know what is different this time. While trouble shooting this I found that in my routing table shows the route is rejected. I then double checked my security settings and as far as I can tell those are correct as well. Below are some outputs from my router. I am trouble shooting vlan57, 192.168.57.1/24
JUNOS Software Release [12.1R2.9]
root@# run show route
inet.0: 16 destinations, 16 routes (16 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Static/5] 2d 16:12:38
> to 192.168.32.1 via ge-0/0/0.0
192.168.32.0/24 *[Direct/0] 2d 16:12:38
> via ge-0/0/0.0
192.168.32.4/32 *[Local/0] 2d 16:12:41
Local via ge-0/0/0.0
192.168.36.0/24 *[Direct/0] 2d 16:12:31
> via ge-1/0/0.0
192.168.36.1/32 *[Local/0] 2d 16:12:35
Local via ge-1/0/0.0
192.168.40.0/22 *[Direct/0] 2d 16:12:29
> via vlan.40
192.168.40.1/32 *[Local/0] 2d 16:12:49
Local via vlan.40
192.168.44.0/22 *[Direct/0] 2d 16:12:29
> via vlan.44
192.168.44.1/32 *[Local/0] 2d 16:12:49
Local via vlan.44
192.168.52.0/22 *[Direct/0] 2d 16:12:29
> via vlan.52
192.168.52.1/32 *[Local/0] 2d 16:12:49
Local via vlan.52
192.168.56.0/24 *[Direct/0] 2d 16:12:32
> via ge-1/0/1.0
192.168.56.1/32 *[Local/0] 2d 16:12:35
Local via ge-1/0/1.0
192.168.57.1/32 *[Local/0] 2d 16:12:35
Reject <I don' t know why this route is being rejected?
root@# run show interfaces vlan terse
Interface Admin Link Proto Local Remote
vlan up up
vlan.5 up down inet 192.168.60.1/24
vlan.40 up up inet 192.168.40.1/22
vlan.44 up up inet 192.168.44.1/22
vlan.52 up up inet 192.168.52.1/22
vlan.57 up up inet < I don't know why the IP for this isn't showing up?
vlan.58 up down inet
root@# show interfaces vlan
...
unit 57 {
family inet {
address 192.168.57.1/24;
root@# show vlans
...
vlan57 {
vlan-id 57;
l3-interface vlan.57;
root@# show interfaces ae0
aggregated-ether-options {
minimum-links 2;
link-speed 1g;
}
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members [ vlan40 vlan44 vlan52 vlan57 ];
}
}
}
root@> show security zones
Security zone: trust
Send reset for non-SYN session TCP packets: On
Policy configurable: Yes
Interfaces bound: 14
Interfaces:
ae0.0
ge-0/0/0.0
ge-1/0/0.0
ge-1/0/1.0
ge-1/0/2.0
ge-1/0/3.0
ge-1/0/4.0
ge-1/0/5.0
vlan.40
vlan.44
vlan.5
vlan.52
vlan.57
root@# show security zones security-zone trust
tcp-rst;
interfaces {
...
vlan.57 {
host-inbound-traffic {
system-services {
ping;
}
protocols {
ospf;
}
}
}
root@> show security policies
Default policy: deny-all
From zone: trust, To zone: trust
Policy: default-permit, State: enabled, Index: 4, Scope Policy: 0, Sequence number: 1
Source addresses: any
Destination addresses: any
Applications: any
Action: permit
From zone: trust, To zone: untrust
Policy: default-permit, State: enabled, Index: 5, Scope Policy: 0, Sequence number: 1
Source addresses: any
Destination addresses: any
Applications: any
Action: permit
From zone: untrust, To zone: trust
Policy: default-deny, State: enabled, Index: 6, Scope Policy: 0, Sequence number: 1
Source addresses: any
Destination addresses: any
Applications: any
Action: deny
Any ideas?
Thanks for your help
Peter
JNCIA, CCENT