SRX

last person joined: 3 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Interface stops sending traffic

    Posted 04-08-2015 02:44

    Hello gentlemen,

    I'm using SRX240 for a while and faced new issue, which I can not understand and explain. Any advice much appreciated.

    We have 2 interfaces:

    > show configuration interfaces ge-0/0/9 
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members cisco;
}

> show configuration interfaces ge-0/0/15 
unit 0 {
description MANAGEMENT;
family ethernet-switching {
port-mode access;
vlan {
members server;
}

     

     

    And some vlans:

    cisco {
description cisco;
vlan-id 5;
l3-interface vlan.3;
}

server {
description "vlan 50";
vlan-id 50;
l3-interface vlan.0;
}

     Both interfaces are connected to cisco switch, both ports are in access mode, one in vlan 5 and one in vlan 50.

    If we enable only one (any) interface everything is good, but if enable both of them, interface in vlan 50 stops sending anything to the port. It's receiving packets, but not sending anything. On cisco mac address from interface in vlan 50 just dissapeares. When we disable on cisco interface in vlan 5 - mac address from vlan 50 appeares again.

     

    I'm not sure which diagnostic output should be analized, but "show interface *" doesn't look weird.

    Please help! 

     

    Thanks in advance.



  • 2.  RE: Interface stops sending traffic

     
    Posted 04-08-2015 10:00

    Do you have 'rstp' enabled on your SRX, by any chance?  If so, it's quite possible that you are experiencing an STP port blockage.



  • 3.  RE: Interface stops sending traffic
    Best Answer

     
    Posted 04-08-2015 10:53

    Smells like some stp problem or a loop somewhere, Are both interfaces connected to the same cisco switch ? why don't you put them both on a "trunked" interface ?

     

    My best guess their is something with stp going on in your network



  • 4.  RE: Interface stops sending traffic

    Posted 04-08-2015 14:19

    Yeah guys, thank you so much! That's really STP issue. Port was blocked due to receiving BPDUs. As I understand that happens because another SRX device, configured with VRRP and mirrored configuration, is sending BPDUs from its access ports. I don't see any loops here, because both access ports are in different vlans, but I'm really afraid to disable STP on almost production device. Is there any way to troubleshoot that issue? Configure ports as trunks is awesome idea, but I have no permission to change it right now... (