Hi
I am having some fun trying to get my SRX240(h2) to properly communicate over multiple vlans on one of the agregate interfaces. ae0 works absolutely fine, but ae1 point blank refuses to pass traffic to/from the l3 ether- interaces.
I have a bad feelign it is related to the backend switches (Dell powerconnects) but one works fine.
When configured like below even machiens on the same subnet/vlan and the 94.x.x.x range won't even get a mac address via arp. it's weird.
Aggegate interface configuration:
chassis {
aggregated-devices {
ethernet {
device-count 2;
}
}
}
ae0 {
description "Office LACP Interface";
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members [ Office Office-Media ];
}
native-vlan-id 1;
}
}
}
ae1 {
description "DMZ LACP Interface";
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members DMZ-Public;
}
native-vlan-id 1;
}
}
}
vlan interfaces:
vlan {
unit 20 {
family inet {
address 192.168.3.250/22;
}
}
unit 40 {
family inet {
address 10.10.3.254/24;
}
}
unit 1010 {
family inet {
address 94.31.14.78/28;
}
}
}
Vlans:
DMZ-Public {
description "Public DMZ Range";
vlan-id 1010;
l3-interface vlan.1010;
}
Office {
description "192.168 internal network";
vlan-id 20;
l3-interface vlan.20;
}
Office-Media {
description "Streaming media vlan";
vlan-id 40;
l3-interface vlan.40;
}
default;
And the corresponding LAG's on our switchstack:
<<< This one Works >>>
show running-config interface port-channel 3
description 'SRX-240-A Uplink'
switchport mode general
switchport general pvid 20
switchport general allowed vlan add 20,40 tagged
<<< this one doesn't >>>
description 'SRX Firewall DMZ Uplink'
switchport mode general
switchport general pvid 1010
switchport general allowed vlan add 1010 tagged
Any bright ideas, or have I managed to overlook some basic configuration ?
Thanks in advance.