Ethernet Switching
Ethernet Switching

EX-2200 Can't ping RVI interface itself from hosts belonging to other vlan

[ Edited ]
‎01-19-2018 05:25 AM

Maybe I'm new in Juniper Network and you'll find a fast resolution for this issue.

But, following my past experience in networking and security, this problem still strange for me :-)

 

SIMPLIFY LAB ENVIRONMENT:

EX-2200 ->trunk -> SRX-110

On the EX-2200 I've two vlans:

- CONTACT

- DATA

On the SRX-110 I've one vlan:

- CONTACT

 

PROBLEM:

I've one PC connected to EX-2200 in access to DATA vlan.
The problem is that PC is able to ping RVI_DATA but not RVI_CONTACT! something if routing on the EX should be disabled or security policy on EX are involved*... BUT ... From the SRX itself, if I try to ping the PC, IS WORKING WELL!

*Security policy on the EX as far as I read shoudn't be put in place...is not one SRX.

- Why I'm not able to ping the other RVI interface?! [here... I really don't know wky...]

- Why I'm not able to ping the SRX? [maybe something wrong on the security zone configuration?!]

 

CONFIGURATION EXTRACT:

EX-2200:

interfaces {
ge-0/0/0 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members all;

 

vlan {
unit 10 {
description CONTACT_VLAN_AND_MANAGEMENT;
family inet {
address 10.10.10.254/24;
}
unit 30 {
family inet {
address 10.30.30.1/24;

 

routing-options {
static {
route 0.0.0.0/0 next-hop 10.10.10.1;

 

 

vlans {
CONTACT-MGMT {
vlan-id 10;
l3-interface vlan.10;
}
DATA {
vlan-id 30;
l3-interface vlan.30;

 

SRX:

interfaces {
fe-0/0/0 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members all;

 

vlan {
unit 10 {
family inet {
address 10.10.10.1/24;

 

zones {
security-zone CONTACT-INSIDE {
description "Contact inside to HQ internal";
interfaces {
vlan.10 {
host-inbound-traffic {
system-services {
all;

 

vlans {
vlan-10 {
vlan-id 10;
l3-interface vlan.10;

 

PC

10.30.30.33

255.255.255.0

10.30.30.1 gw

 

 WHY I'M NOT ABLE TO PING 10.10.10.254 OR 10.10.10.1?

1 REPLY 1
Highlighted
Ethernet Switching
Solution
Accepted by topic author alfaromeo
‎01-19-2018 06:26 AM

Re: EX-2200 Can't ping RVI interface itself from hosts belonging to other vlan

‎01-19-2018 06:25 AM

PROBLEM SOLVED

 

Configuration was correct. It was some IP overlapping in my system that will cover the same ip addressing used on my lab. :-P