SRX Services Gateway
Reply
Contributor
ronni
Posts: 12
Registered: ‎11-24-2011
0

VLAN not working

Hi,

 

I'm guite new to Junos and have this SRX100 that I'm playing around with.

 

I have made a small network with some VLAN's and zones and tries to configure a Linux server with some virtual machines. The host is member of one vlan (services) and the guest is/should be member of another vlan (dmz).

I've created a VLAN interface on the guest system but it doesn't work.

 

I can ping from the SRX to the guest IP address but not from the guest to the SRX IP address; this is tagged.

I can ping from the host to the SRX IP address and from the SRX to the host IP address; this is untagged.

I can ping from my laptop in VLAN UA to the host in VLAN services (untagged), but not to the guest in VLAN dmz (tagged).

 

I've tried to disable all local firewalls on both the host and guest Linux and, as you can see, tried to open as much as possible in the SRX security and zones. I've also tried to create the VLAN interface on the host system, to eliminate some virtual network stuff to be the problem, and the problem is the same; ping from SRX to VLAN interface is ok, but not the other way around.

I've tried to tcpdump/wireshark the traffic and can see the packets being sent, theres some ARP requests and answers, but no answers to the pings; SSH dont work either.

I can't the the 802.1Q tag in the ethernet frames in wireshark.

 

If I try to ping from the SRX to the host, but with the source address from another RVI it don't work; only when using the RVI in the same VLAN it works.

 

Anyone have some suggestions?

 

It's the interface fe-0/0/7 where the server(s) is connected.

Contributor
ronni
Posts: 12
Registered: ‎11-24-2011
0

Re: VLAN not working

I made a similar setup on a Cisco 1800 with two SVI and same vlans and IP addresses - no changes made to the linux host.

In this setup I can ping the SRX from the host using both the tagged and untagged interface.

 

When making a wireshark dump the frames contains the 802.1Q tags when pinging the SRX using the tagged interface.

Contributor
ronni
Posts: 12
Registered: ‎11-24-2011
0

Re: VLAN not working

I tried to reconfigure the interface vlan membership etc. and now I have the 802.1Q VLAN tag but the result is the same; I can ping from SRX to both host addresses but only from the untagged interface on the host to the SRX.

Contributor
ronni
Posts: 12
Registered: ‎11-24-2011
0

Re: VLAN not working

Problem solved.

 

Turned out to be asymmetric routing at the linux host :-P

 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.