SRX

dear all,

we have issues with unable to built SRX3600 bridge LAG to Cisco LACP, the brief diagram as below.


                       | (gi0/1)  --------------------------(ge-1/0/0)  |
Cisco SW     | (gi0/2)  --------------------------(ge-1/0/1)  | SRX3600 

                       | (gi0/3)  --------------------------(ge-1/0/2)  |

                       | (gi0/4)  --------------------------(ge-1/0/3)  |

configuration as below:

Cisco SW side:

config ter
int range gi0/1, gi0/2, gi0/3, gi0/4

description Po8 to SRX3600
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
channel-protocol lacp
channel-group 8 mode active
end

SRX3600 side

set chassis aggregated-devices ethernet device-count 1
set interfaces ge-1/0/0 gigether-options 802.3ad ae0
set interfaces ge-1/0/1 gigether-options 802.3ad ae0
set interfaces ge-1/0/2 gigether-options 802.3ad ae0
set interfaces ge-1/0/3 gigether-options 802.3ad ae0

set interfaces ae0 vlan-tagging
set interfaces ae0 native-vlan-id 1
set interfaces ae0 aggregated-ether-options minimum-links 1
set interfaces ae0 unit 0 family bridge interface-mode trunk
set interfaces ae0 unit 0 family bridge vlan-id-list 2
set interfaces ae0 unit 0 family bridge vlan-id-list 121
*************
the issue is, it looks the configuration is correct, however, both cisco side and juniper Port-Channel 8 and ae0 is not up. anyone can help, thank you very much in advance. or anyone can provide confioguration for me based on above diagram. thank you! 

You're missing the LACP configuration on the SRX side:

set interfaces ae0 aggregated-ether-options lacp active

 Should be right after that.

Hope this helps

hello dfex,

in fact, i have tried many methods to make it works.

set interfaces ae0 aggregated-ether-options lacp active

i have make such statement also, it also shows down, however, it's strange that finally i managed to make it workswith below combantion.
1) SRX side
without  statement "set interfaces ae0 aggregated-ether-options lacp active"
2)Cisco Switch side.
channel-group 8 mode on  (the channel-group mde MUST be on, if using passive/active is not working)

however, accoridng to SRX document and other users in forum, SRX should be active and Cisco should be active/passive too, on mode should not recommanded to use. and after use on mode, i found strange cisco side etherchanel.

#show etherchannel summary

Group  Port-channel  Protocol    Ports
------+-------------+-----------+-----------------------------------------------
8      Po8(SU)          -        Gi8/1(P)    Gi8/13(P)   Gi8/25(P)
                                 Gi8/37(P)

the protocol filed is blank, it should be LACP, looks strange, any ideas?  thank you!

If you have LACP configured on the Cisco side, then you definitely need it configured on the Juniper side.  I tend to use Active mode for both devices and have never hit any issues.

Just for a laugh, enable LACP on the Juniper side and add the following statement:

set interfaces ae0 aggregated-ether-options link-speed 1g

reather strange... once use LACP, it never works. any ideas?  thank you!

SRX3600 side (never works with lacp, once without lacp, it works perfectly!)

root@SRX3600-1# show interfaces ae0
description "LAG - ge-1/0/0 ge-1/0/1 ge-2/0/0 ge-2/0/1";
vlan-tagging;
native-vlan-id 1;
mtu 9192;
aggregated-ether-options {
    flow-control;

    lacp active;
    minimum-links 1;
    link-speed 1g;
}
unit 0 {
    family bridge {
        interface-mode trunk;
        vlan-id-list [ 2 1 ];
    }
}




Cisco Side
interface Port-channel8
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport nonegotiate
 mtu 9000
 speed 1000
 duplex full
end

(config-if-range)#do sh int po8
Port-channel8 is down, line protocol is down (notconnect)
  Hardware is EtherChannel, address is 0023.eb4b.913c (bia 0023.eb4b.913c)
  MTU 9000 bytes, BW 10000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 0/255, rxload 0/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 1000Mb/s
  input flow-control is off, output flow-control is off
  ARP type: ARPA, ARP Timeout 04:00:00

On the cisco side, turn LACP back on:

int po8
channel-protocol lacp
channel-group 8 mode active

 Also, try using family ethernet-switching on the SRX side.  I think bridge and ethernet-switching are the same, but this is what I use and I know it works.

yes, i have turn the channel-group mode active on both cisco and srx3600 side, but once it's active, both side is down.

and however, if cisco side channel-group mode s on and delete the ae0 aggreation-option lacp active in srx side, then both side is up and running perfectly.

i am running in bridge mode, it doesn't have a option of ethernet-switching...

it looks so strange...

Ah!  Sorry I didn't realise you were running in L2/Transparent mode.  LACP is not supported when you run this way, so you'll have to stick with the static LAG you have working.  This is documented here: Ethernet Link Aggregation

Sorry for the confusion : )