SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  No ping between two srx

    Posted 07-22-2014 09:32

    Hello!

     help to find configuration errors?

    There is no ping between srx100 and srx650.

     

    ( from 192.168.4.229 to 192.168.4.230)

    Though, to my mind all configurations are correct.

     

    F1.png

     

     

     

    SRX100

    [edit]
admin@test3.epc1# show interfaces fe-0/0/1 
vlan-tagging;
unit 444 {
    vlan-id 444;
    family inet {
        address 10.10.10.4/24;
    }
}
unit 4011 {
    vlan-id 4011;
    family inet {
        address 192.168.4.229/30;
    }
}

[edit]
admin@test3.epc1# edit security zones security-zone Trust 

[edit security zones security-zone Trust]
admin@test3.epc1# show 
host-inbound-traffic {
    system-services {
        all;
    }
    protocols {
        all;
    }
}
interfaces {
    fe-0/0/1.4011;

     SRX650

    {primary:node0}[edit]
admin@fw1.ekt10.epc1# show interfaces reth6 
vlan-tagging;
redundant-ether-options {
    redundancy-group 1;
}
unit 4010 {
    vlan-id 4010;
    family inet {
        address 192.168.4.226/30;
    }
}
unit 4011 {
    vlan-id 4011;
    family inet {
        address 192.168.4.230/30;
    }
}



{primary:node0}[edit security zones security-zone UntrustKSPD]
admin@fw1.ekt10.epc1# show 

host-inbound-traffic {
    system-services {
        all;                            
    }
    protocols {
        all;
    }
}
interfaces {
    reth6.4010;
    reth6.4011;
}

     EX2200

    {master:0}[edit interfaces]
admin# show 
ge-0/0/10 {
    mtu 9216;
    unit 0 {
        family ethernet-switching;
    }
}
ge-0/0/15 {
    unit 0 {
        family ethernet-switching {
            port-mode trunk;
            vlan {
                members vlan70;
            }
        }
    }
}
ge-0/0/20 {
    unit 0 {
        family ethernet-switching {
            port-mode trunk;
            vlan {
                members [ vlan4010 vlan4011 ];
            }
        }
    }
}
ge-0/0/21 {
    unit 0 {
        family ethernet-switching {
            port-mode trunk;
            vlan {
                members [ vlan4010 vlan4011 vlan3 vlan11 vlan12 vlan13 vlan444 ];
            }
        }
    }
}
ge-0/0/22 {
    unit 0 {
        family ethernet-switching {
            port-mode trunk;
            vlan {
                members vlan444;
            }
        }
    }
}
ge-0/0/23 {
    unit 0 {
        family ethernet-switching {
            port-mode trunk;            
            vlan {
                members [ vlan444 vlan4011 vlan4010 ];
            }
        }
    }
}
ge-1/0/10 {
    mtu 9216;
    unit 0 {
        family ethernet-switching;
    }
}
vlan {
    unit 70 {
        family inet {
            address 172.30.2.33/27;
        }
    }
    unit 444 {
        family inet {
            address 10.10.10.2/24;
        }
    }
    unit 4010 {
        family inet;
    }
}

    unknown command.
    admin# show vlans
    SRX-interconnect {
     vlan-id 4093;
     interface {
     ge-0/0/10.0;
     ge-1/0/10.0;
     }
    }
    vlan-name {
     l3-interface vlan.4010;
    }
    vlan1 {
     vlan-id 1;
    }
    vlan11 {
     vlan-id 11;
    }
    vlan12 {
     vlan-id 12;
    }
    vlan13 {
     vlan-id 13;
    }
    vlan3 {
     vlan-id 3;
    }
    vlan4010 {
     vlan-id 4010;
    }
    vlan4011 {
     vlan-id 4011;
    }
    vlan444 {
     vlan-id 444;
     l3-interface vlan.444;
    }
    vlan50 {

     



  • 2.  RE: No ping between two srx

    Posted 07-22-2014 09:54

    Hi,

     

    Your configuration is simple and straight forward, should work.

     

    Most probably it is physical problem. Are you sure ge-0/0/20 on the switch connected to the primary node in the cluster SRX650 for redundancy-group 1

     

    for example

    > show chassis cluster status
    Cluster ID: 1
    Node                  Priority          Status    Preempt  Manual failover

    Redundancy group: 0 , Failover count: 1
        node0                   254         primary        no       no  
        node1                   250         secondary      no       no  

    Redundancy group: 1 , Failover count: 3
        node0                   254         primary        yes      no  
        node1                   250         secondary      yes      no  

    so ge-0/0/20 should be connected to node0 to make it work.

     

    If so you can terminate l3 interface on the switch and try to test from switch to each SRX to isolate the problem, it supposed to be physical issue

     



  • 3.  RE: No ping between two srx

    Posted 07-22-2014 10:23

    I have created l3 -interface on EX2200.  There is no ping , as before.

    therefore, switch is directly connected to passive SRX ??? ( as you suggested)

     

    Though, perhaps it is important. EX2200 in Chassis Virtual now. Maybe Primary Srx connected to ge-1/0/20 ?



  • 4.  RE: No ping between two srx
    Best Answer

    Posted 07-22-2014 10:27

    If it is not working so might be connected to secondary node.

     

    Try to copy same config for port ge-0/0/20 to ge-1/0/20. config should be identical anyway

     

     



  • 5.  RE: No ping between two srx

    Posted 07-22-2014 10:35

    rename interfaces ge-0/0/20 to ge-1/0/21.

    Pings follow well !!!

    Thanks.