SRX100 Not learning mac addresses

‎12-18-2014 12:10 PM

I'm new to JunOS and trying to figure out why my newly installed SRX100 seems to be sending too much data to my endpoints. I ran a wireshark on one end and saw a ton of unicast traffic that was for a device on another member of the same ethernet-switch group.


Here's my interface config.

> show configuration interfaces
fe-0/0/0 { unit 0 { family inet { address; } } } fe-0/0/1 { unit 0 { family ethernet-switching { port-mode access; vlan { members vlan1; } } } } fe-0/0/2 { unit 0 { family ethernet-switching { port-mode access; vlan { members vlan1; } } } } fe-0/0/3 { unit 0 { family ethernet-switching { vlan { members vlan1; } } } } fe-0/0/4 { unit 0 { family ethernet-switching { vlan { members vlan1; } } } } lo0 { unit 0 { family inet { primary; address; } } } vlan { unit 0 { family inet { address; address;

> show configuration vlans
vlan1 {
vlan-id 3;
l3-interface vlan.0;


When I look at the ARP table, I see a ton of addresses for this vlan.


> show arp | match vlan.0
dc:9f:db:02:90:43              vlan.0              none
dc:9f:db:02:90:56              vlan.0              none
dc:9f:db:62:02:2d              vlan.0              none
dc:9f:db:02:91:13              vlan.0              none
dc:9f:db:6a:c2:53              vlan.0              none
dc:9f:db:0e:dc:90              vlan.0              none
00:27:22:4c:8f:9f              vlan.0              none
24:a4:3c:44:2a:28              vlan.0              none
dc:9f:db:34:ba:b9              vlan.0              none
24:a4:3c:44:25:33              vlan.0              none
dc:9f:db:32:a3:ca              vlan.0              none
dc:9f:db:02:90:c3              vlan.0              none
dc:9f:db:02:90:36              vlan.0              none
dc:9f:db:36:80:be              vlan.0              none
dc:9f:db:36:81:52              vlan.0              none
00:10:e7:74:8a:d3              vlan.0              none
00:10:e7:44:32:a6              vlan.0              none
00:10:e7:44:c5:91              vlan.0              none
00:10:e7:a4:b0:e1              vlan.0              none
0a:00:3e:b0:fa:cd              vlan.0              none
00:10:e7:44:5f:73              vlan.0              none
00:10:e7:44:69:cc              vlan.0              none
00:10:e7:44:35:01              vlan.0              none
00:10:e7:a4:88:f3              vlan.0              none
00:10:e7:a4:88:46              vlan.0              none
00:10:e7:64:2a:2e              vlan.0              none
00:10:e7:44:41:1b              vlan.0              none
00:10:e7:74:b1:73              vlan.0              none
00:10:e7:64:1d:4c              vlan.0              none
00:10:e7:a4:b6:25              vlan.0              none
00:10:e7:44:69:45              vlan.0              none
00:10:e7:e4:1a:22              vlan.0              none
00:10:e7:a4:89:01              vlan.0              none
00:10:e7:a4:a5:b9              vlan.0              none
00:10:e7:a4:a5:e1              vlan.0              none
00:10:e7:a4:b3:85              vlan.0              none
00:10:e7:74:8a:95              vlan.0              none
00:10:e7:c4:10:bb              vlan.0              none
00:10:e7:64:df:78              vlan.0              none
00:10:e7:44:31:95              vlan.0              none
00:10:e7:44:6c:0a              vlan.0              none
00:10:e7:44:5d:b8              vlan.0              none
00:10:e7:44:69:23              vlan.0              none
00:10:e7:54:36:c3              vlan.0              none
00:10:e7:44:41:f7              vlan.0              none
00:10:e7:14:04:6a              vlan.0              none
00:10:e7:44:6e:90              vlan.0              none
00:10:e7:44:8e:aa              vlan.0              none
00:10:e7:a4:b3:fe              vlan.0              none
00:10:e7:e4:1a:73              vlan.0              none
00:10:e7:64:de:a9              vlan.0              none
00:10:e7:44:c6:12              vlan.0              none
00:10:e7:64:20:3e              vlan.0              none
00:10:e7:54:36:95              vlan.0              none
00:10:e7:44:2f:35              vlan.0              none
00:10:e7:14:51:e5              vlan.0              none
00:10:e7:44:69:8f              vlan.0              none
00:10:e7:64:a7:db              vlan.0              none
00:10:e7:44:22:c7              vlan.0              none
00:10:e7:44:60:9c              vlan.0              none
00:10:e7:44:37:45              vlan.0              none
00:10:e7:64:f3:7b              vlan.0              none
00:10:e7:54:17:27              vlan.0              none
00:10:e7:44:5d:b6              vlan.0              none
00:10:e7:44:6e:56              vlan.0              none
00:10:e7:74:fe:d2              vlan.0              none
00:10:e7:74:fe:ed              vlan.0              none
00:10:e7:64:2a:5b              vlan.0              none
00:10:e7:e4:1a:17              vlan.0              none
00:10:e7:a4:a8:b7              vlan.0              none
00:10:e7:a4:a6:e1              vlan.0              none
0a:00:3e:b0:fc:14              vlan.0              none
0a:00:3e:b0:f4:65              vlan.0              none
0a:00:3e:b0:f4:e4              vlan.0              none
00:10:e7:44:ba:da              vlan.0              none


But when I look at the ethernet-switching table, I see nothing.

> show ethernet-switching table
Ethernet-switching table: 2 entries, 0 learned, 0 persistent entries
  VLAN	            MAC address       Type         Age Interfaces
  vlan1             *                 Flood          - All-members
  vlan1             3c:61:04:d7:0c:08 Static         - Router

> show ethernet-switching mac-learning-log
Thu Dec 11 17:31:33 2014 vlan_name vlan1 mac 3c:61:04:d7:0c:08 was added
Thu Dec 11 17:31:53 2014 vlan_name vlan1 mac 00:00:00:00:00:00 was added
Fri Dec 12 22:29:24 2014 vlan_name vlan1 mac 00:00:00:00:00:00 was deleted
Fri Dec 12 22:58:44 2014 vlan_name vlan1 mac 00:00:00:00:00:00 was added

No new entries in the mac-learining log between the 12th and today, the 18th.


This leads me to believe that this vlan is acting more like a hub since it doesn't know which port any MAC address is on. is this why I'm seeing unwanted data on my interfaces? How can I troubleshoot why mac-learning isn't working?



Re: SRX100 Not learning mac addresses

‎12-18-2014 06:06 PM

I downgraded my test router to 12.1X44-D15.5 and it is now working. I'll be trying the same on production tonight.