SRX

Hi all

Another weird problem with the enclosed config is that anyone on our .140 vlan (i.e. 172.16.140.33) can't seem to contact our SRX (i.e. when we tracert it doesn't hit the SRX or any further)

Config enclosed. Routing is done on our Layer 3 switch. Any ideas?

Kind regards,

Richard

Attachment(s)

Config for juniper forum.txt   13 KB 1 version

Can you provide below information?

1. source-ip of the machine.

2. Ip-address that you tracert to

3. gateway configured in machine

regards,

Raveen

Hi,

1. Source IP - 172.16.140.33

2. IP Address - 8.8.8.8 - hits the default gateway (172.16.140.1) then goes no further

3. Gateway 172.16.140.1

SRX IP  172.16.1.228

Route added on core switch ... 

ip route 0.0.0.0 0.0.0.0 172.16.1.228

It all works from the servers VLAN which is 172.16.1.*

Cheers 🙂

Rich

1. Are you able see route to 172.16.1.228 for 8.8.8.8 sourced from 172.16.140.33?

2. Are you able to ping 172.16.1.228 sourced from 172.16.140.33 ?

Regards,

Raveen

Also what is the vlan configured on the switch-port that is connected to SRX?

Regards,

Raveen

Hi Raveen

No to all your questions.

The switchport the SRX is plugged into is tagged with vlan 20 which is the 172.16.1.* range

The SRX is not doing any of the routing

Cheers

In SRX configuration attached by you displays vlan1 to be with id 3

vlans {
    vlan1 {
        vlan-id 3;
        l3-interface vlan.1;
    }
}

Regards,

Raveen

When you are not able to ping SRX IP from your L3 switch, to me, it appears to be issue in routing packets to SRX.

I dont think SRX is the problem here.

Regards,

Raveen

Hi sorry I can ping the SRX from the core switch...

So should I change the vlan id to 20. Could you maybe edit that code to what it should be for me please?

Hello,

Since machien-ip, gateway and SRX IP-Address are all in same subnet, you need to have them assigned to same vlan.

Verify below and update the results:

1. switch-port to which machine is connected to is in valn.20

2. Interface of L3-Switch that is connected to SRX is in vlan.20

3. Modify configuration of SRX to have vlan-id 20 for vlan1

    - set vlans vlan1 vlan-id 20

Regards,

Raveen

Yep, all changed and still not working (did last night)

They are in different VLANs i.e. machines that are not working are not in vlan.20 but in vlan 140 but the servers which are in vlan 20 work!

Thanks for all your help so far 🙂

Could you provide a network diagram with interface/vlan/IP marked correctly and tell what is working and what is not?

Hi Raveen

Many thanks for your assistance

I have now solved the problem and the problem was simply that I had to add another route in

 route 172.16.0.0/16 next-hop 172.16.1.4;

Have a good weekend

All the IPs are in same subnet and same vlan;not sure why route is needed.

Anyways, glad it is working for you!