Hmm, something wired is happening now.
My topology:
192.168.1.3 can ping 8.8.8.8 (google's DNS)
192.168.1.3 can ping 192.168.1.1 (JSRX)
192.168.1.3 can ping 172.16.254.197
192.168.1.1 (JSRX) can ping 8.8.8.8
192.168.1.1 (JSRX) can ping 192.168.1.3
192.168.1.1 (JSRX) can ping 172.16.254.197
192.168.1.1 (JSRX) can ping 172.16.1.197
192.168.1.3 cant ping 172.16.1.197 (nothing ...)
172.16.254.197 cant ping 192.168.1.3 (destination host unreachable)
My JSRX config is the standard config, I only added this configuration to the out of the box config:
set vlans MANAGEMENT vlan-id 254
set vlans TRUNKSRX vlan-id 2
run show vlans
set vlans MANAGEMENT l3-interface vlan.254
set vlans TRUNKSRX l3-interface vlan.2
set interfaces ge-0/0/1 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members MANAGEMENT
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members TRUNKSRX
set interfaces vlan unit 254 family inet address 172.16.254.254/24
set interfaces vlan unit 2 family inet address 172.16.1.1/24
set security zones security-zone trust interfaces vlan.254
set security zones security-zone trust interfaces vlan.2
set security policies from-zone trust to-zone trust policy default-permit match source-address any
set security policies from-zone trust to-zone trust policy default-permit match destination-address any
set security policies from-zone trust to-zone trust policy default-permit match application any
set security policies from-zone trust to-zone trust policy default-permit then permit
commit confirmed
Switch is configured properly:
VLAN Name Ports Type Authorization
----- --------------- ------------- ----- -------------
2 vlan2 1/g17-1/g20, Static Required
1/g24
VLAN Name Ports Type Authorization
----- --------------- ------------- ----- -------------
254 vlan254 1/g13-1/g20, Static Required
1/g23-1/g24
Will adding
ip route 0.0.0.0 172.16.254.254
on the switch be a solution?