Routing

I have the following setup:

Broadband to SRX100 to EX2300

The SRX builds a VPN tunnel to the HUB, that works as 192.168.201.1/24

The idea is to have several vlans on the EX2300 in the 10.12.x.0/24 range, where x is the vlan number.

The switch is set to 192.168.201.10/24

I cannot ping the 10.12.9.254 gateway from the SRX.

What am I missing here.?

 

SRX-100

set version 12.1X44-D35.5
set system host-name vpnloaner01
set system time-zone EST
set system root-authentication encrypted-password "SECRET"
set system name-server 10.10.10.10
set system name-server 10.20.10.10
set system name-server 64.105.202.138
set system name-server 64.105.199.74
set system name-resolution no-resolve-on-input
set system login user admin full-name Administrator
set system login user admin uid 2000
set system login user admin class super-user
set system login user admin authentication encrypted-password "SECRET"
set system services ssh
set system services telnet
set system services web-management https system-generated-certificate
set system services web-management https interface vlan.1
set system services web-management https interface fe-0/0/0.0
set system services web-management session idle-timeout 60
set system services dhcp option 161 string wyse.masseyservices.com
set system services dhcp option 186 string wyse.masseyservices.com
set system services dhcp pool 192.168.201.0/24 address-range low 192.168.201.50
set system services dhcp pool 192.168.201.0/24 address-range high 192.168.201.249
set system services dhcp pool 192.168.201.0/24 router 192.168.201.1
set system services dhcp propagate-settings fe-0/0/0
set system syslog archive size 100k
set system syslog archive files 3
set system syslog user * any emergency
set system syslog file messages any critical
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands error
set system max-configurations-on-flash 5
set system max-configuration-rollbacks 5
set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
set system ntp server us.ntp.pool.org
set interfaces fe-0/0/0 unit 0 family inet dhcp
set interfaces fe-0/0/1 unit 0 family ethernet-switching vlan members vlan1
set interfaces fe-0/0/2 unit 0 family ethernet-switching vlan members vlan1
set interfaces fe-0/0/3 unit 0 family ethernet-switching vlan members vlan1
set interfaces fe-0/0/4 unit 0 family ethernet-switching vlan members vlan1
set interfaces fe-0/0/5 unit 0 family ethernet-switching vlan members vlan1
set interfaces fe-0/0/6 unit 0 family ethernet-switching vlan members vlan1
set interfaces fe-0/0/7 unit 0 family ethernet-switching vlan members vlan1
set interfaces st0 unit 0 family inet address 192.168.200.201/24
set interfaces vlan unit 1 family inet address 192.168.201.1/24


set routing-options static route 192.168.200.0/24 next-hop st0.0
set routing-options static route 10.10.0.0/16 next-hop st0.0


set vlans vlan1 vlan-id 3
set vlans vlan1 l3-interface vlan.1

EX2300-48P

admin@EX-VPNLOANER01> show configuration |display set |no-more
set version 15.1X53-D56
set groups ezqos-voip class-of-service classifiers dscp ezqos-dscp-classifier import default
set groups ezqos-voip class-of-service classifiers dscp ezqos-dscp-classifier forwarding-class ezqos-voice-fc loss-priority low code-points 101110
set groups ezqos-voip class-of-service classifiers dscp ezqos-dscp-classifier forwarding-class ezqos-control-fc loss-priority low code-points 110000
set groups ezqos-voip class-of-service classifiers dscp ezqos-dscp-classifier forwarding-class ezqos-control-fc loss-priority low code-points 011000
set groups ezqos-voip class-of-service classifiers dscp ezqos-dscp-classifier forwarding-class ezqos-control-fc loss-priority low code-points 011010
set groups ezqos-voip class-of-service classifiers dscp ezqos-dscp-classifier forwarding-class ezqos-control-fc loss-priority low code-points 111000
set groups ezqos-voip class-of-service classifiers dscp ezqos-dscp-classifier forwarding-class ezqos-video-fc loss-priority low code-points 100010
set groups ezqos-voip class-of-service forwarding-classes class ezqos-best-effort queue-num 0
set groups ezqos-voip class-of-service forwarding-classes class ezqos-video-fc queue-num 4
set groups ezqos-voip class-of-service forwarding-classes class ezqos-voice-fc queue-num 5
set groups ezqos-voip class-of-service forwarding-classes class ezqos-control-fc queue-num 7
set groups ezqos-voip class-of-service scheduler-maps ezqos-voip-sched-maps forwarding-class ezqos-voice-fc scheduler ezqos-voice-scheduler
set groups ezqos-voip class-of-service scheduler-maps ezqos-voip-sched-maps forwarding-class ezqos-control-fc scheduler ezqos-control-scheduler
set groups ezqos-voip class-of-service scheduler-maps ezqos-voip-sched-maps forwarding-class ezqos-video-fc scheduler ezqos-video-scheduler
set groups ezqos-voip class-of-service scheduler-maps ezqos-voip-sched-maps forwarding-class ezqos-best-effort scheduler ezqos-data-scheduler
set groups ezqos-voip class-of-service schedulers ezqos-voice-scheduler buffer-size percent 20
set groups ezqos-voip class-of-service schedulers ezqos-voice-scheduler priority strict-high
set groups ezqos-voip class-of-service schedulers ezqos-control-scheduler buffer-size percent 10
set groups ezqos-voip class-of-service schedulers ezqos-control-scheduler priority strict-high
set groups ezqos-voip class-of-service schedulers ezqos-video-scheduler transmit-rate percent 70
set groups ezqos-voip class-of-service schedulers ezqos-video-scheduler buffer-size percent 20
set groups ezqos-voip class-of-service schedulers ezqos-video-scheduler priority low
set groups ezqos-voip class-of-service schedulers ezqos-data-scheduler transmit-rate percent 30
set groups ezqos-voip class-of-service schedulers ezqos-data-scheduler buffer-size percent 50
set groups ezqos-voip class-of-service schedulers ezqos-data-scheduler priority low
set apply-groups ezqos-voip
set system host-name EX-VPNLOANER01
set system root-authentication encrypted-password "SECRET"
set system login user admin uid 2000
set system login user admin class super-user
set system login user admin authentication encrypted-password "SECRET"
set system services ssh protocol-version v2
set system services telnet
set system services netconf ssh
set system services web-management http
set system services dhcp traceoptions file dhcp_logfile
set system services dhcp traceoptions level all
set system services dhcp traceoptions flag all
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set chassis alarm management-ethernet link-down ignore
set chassis auto-image-upgrade
set interfaces ge-0/0/0 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members default
set interfaces ge-0/0/1 unit 0 family ethernet-switching
set interfaces ge-0/0/2 unit 0 family ethernet-switching
set interfaces ge-0/0/3 unit 0 family ethernet-switching
set interfaces ge-0/0/4 unit 0 family ethernet-switching
set interfaces ge-0/0/5 unit 0 family ethernet-switching
set interfaces ge-0/0/6 unit 0 family ethernet-switching
set interfaces ge-0/0/7 unit 0 family ethernet-switching
set interfaces ge-0/0/8 unit 0 family ethernet-switching
set interfaces ge-0/0/9 unit 0 family ethernet-switching
set interfaces ge-0/0/10 unit 0 family ethernet-switching
set interfaces ge-0/0/11 unit 0 family ethernet-switching
set interfaces ge-0/1/0 unit 0 family ethernet-switching
set interfaces ge-0/1/1 unit 0 family ethernet-switching
set interfaces irb unit 0 family inet address 192.168.201.10/24
set interfaces irb unit 1 family inet address 10.12.9.254/24
set snmp community Public authorization read-only
set routing-options static route 0.0.0.0/0 next-hop 192.168.201.1
set protocols lldp interface all
set protocols lldp-med interface all
set protocols igmp-snooping vlan all
set class-of-service interfaces ge-* scheduler-map ezqos-voip-sched-maps
set class-of-service interfaces ge-* unit * classifiers dscp ezqos-dscp-classifier
set class-of-service interfaces ge-* unit * rewrite-rules dscp default
set vlans NETWORK-9 description NETWORK-9
set vlans NETWORK-9 vlan-id 9
set vlans NETWORK-9 l3-interface irb.1
set vlans default vlan-id 1
set vlans default l3-interface irb.0
set poe interface all

Which physical interface has connected between SRX and EX?

 

If you are planning to configure multiple VLANs then you would need to convert that interface to trunk (as you are configuring IRBs/interface-VLAN). 

 

Also, I don't think your irb.1  is UP as the VLAN is not associated to any of the physical interfaces (unless you missed pasting config here). 

 

Also, why are you routing st0 subnet through st0.0 interface?

Couple of things you may check as follows. On EX 2300 side.. 1. The interfaces connected to SRX 100 is part of vlan 9 ..verify this. 2. From EX 2300, i assume that you are able to ping your own ip (10.12.9.254). 3. The interfaces connected between SRX and EX is not trunk. On SRX 100 side 1. First interface connecting to EX 2300 is up and able to ping self ip.. 2. Check the duplex and speed of the connecting interfaces. 2. you are also able to ping EX 2300 switch ip (192.168.201.10) from SRX 100. 3. Configure the static reverse route to 10.12.9.0/24 and point it towards the 192.168.201.10. If you are doing above steps correct, you will be able to reach the 10.12.9.254 segment. Pl accept this as solution if it resolved your issue. Kudos will be appreciated if you think i have earned..

The st0.0 is the vpn that goes back to corporate SRX240.

 

The SRX100 --> fe-0/0/1  --> ge-0/0/0 EX2300

I cannot ping the 9.245 from the SRX to the EX.

Will change the ports to trunk, and see if I can make it work.

Lets try again, this is a new config, similiar to what I need, but less vlans in the EX.

Corporate  <-->  SRX-fe-0/0/0  <--> SRX-fe-0/0/1 or fe-0/0/3 <--> EX ge-0/0/0 or ge-0/0/2  

The VPN is over st0.0 to corporate.

The trunk fe-0/0/3  and ge-0/0/2 will not pass traffic.

The access port passes traffic to and from the SRX - EX

 

I am unable to ping the vlan 9 NETWORK-9

 

I will include the whole config of both SRX and EX. and some traceroutes and pings.

 

THIS IS THE SRX




admin@test> show configuration |display set |no-more
set version 10.4R10.8
set system host-name test
set system time-zone EST
set system root-authentication encrypted-password "SECRET"
set system name-server 10.10.10.10
set system name-server 10.20.10.10
set system name-resolution no-resolve-on-input
set system login user admin full-name Administrator
set system login user admin uid 2000
set system login user admin class super-user
set system login user admin authentication encrypted-password "SECRET"
set system services ssh
set system services telnet
set system services web-management https system-generated-certificate
set system services web-management https interface vlan.1
set system services web-management https interface fe-0/0/0.0
set system services web-management session idle-timeout 60
set system services dhcp pool 192.168.201.0/24 address-range low 192.168.201.50
set system services dhcp pool 192.168.201.0/24 address-range high 192.168.201.249
set system services dhcp pool 192.168.201.0/24 router 192.168.201.1
set system services dhcp propagate-settings fe-0/0/0
set system syslog archive size 100k
set system syslog archive files 3
set system syslog user * any emergency
set system syslog file messages any critical
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands error
set system max-configurations-on-flash 5
set system max-configuration-rollbacks 5
set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
set system ntp server us.ntp.pool.org
set interfaces fe-0/0/0 unit 0 family inet dhcp
set interfaces fe-0/0/1 unit 0 family ethernet-switching vlan members vlan1
set interfaces fe-0/0/2 unit 0 family ethernet-switching vlan members vlan1
set interfaces fe-0/0/3 unit 0 family ethernet-switching port-mode trunk
set interfaces fe-0/0/3 unit 0 family ethernet-switching vlan members all
set interfaces fe-0/0/4 unit 0 family ethernet-switching vlan members vlan1
set interfaces fe-0/0/5 unit 0 family ethernet-switching vlan members vlan1
set interfaces fe-0/0/6 unit 0 family ethernet-switching vlan members vlan1
set interfaces fe-0/0/7 unit 0 family ethernet-switching vlan members vlan1
set interfaces st0 unit 0 family inet address 192.168.200.201/24
set interfaces vlan unit 1 family inet address 192.168.201.1/24
set snmp description test
set snmp community Public authorization read-only
set routing-options static route 192.168.200.0/24 next-hop st0.0
set routing-options static route 10.0.0.0/8 next-hop st0.0
set routing-options static route 10.12.0.0/16 next-hop 192.168.201.10
set protocols stp
set security ike policy ike_pol_vpnloaner01 mode aggressive
set security ike policy ike_pol_vpnloaner01 proposal-set standard
set security ike policy ike_pol_vpnloaner01 pre-shared-key ascii-text "SECRET"
set security ike gateway gw_vpnloaner01 ike-policy ike_pol_vpnloaner01
set security ike gateway gw_vpnloaner01 address 75.112.77.34
set security ike gateway gw_vpnloaner01 local-identity hostname vpnloaner01
set security ike gateway gw_vpnloaner01 external-interface fe-0/0/0.0
set security ipsec policy ipsec_pol_vpnloaner01 perfect-forward-secrecy keys group1
set security ipsec policy ipsec_pol_vpnloaner01 proposal-set standard
set security ipsec vpn vpnloaner01 bind-interface st0.0
set security ipsec vpn vpnloaner01 ike gateway gw_vpnloaner01
set security ipsec vpn vpnloaner01 ike ipsec-policy ipsec_pol_vpnloaner01
set security ipsec vpn vpnloaner01 establish-tunnels immediately
set security nat source rule-set nsw_srcnat from zone Internal
set security nat source rule-set nsw_srcnat to zone Internet
set security nat source rule-set nsw_srcnat rule nsw-src-interface match source-address 0.0.0.0/0
set security nat source rule-set nsw_srcnat rule nsw-src-interface match destination-address 0.0.0.0/0
set security nat source rule-set nsw_srcnat rule nsw-src-interface then source-nat interface
set security screen ids-option untrust-screen icmp ping-death
set security screen ids-option untrust-screen ip source-route-option
set security screen ids-option untrust-screen ip tear-drop
set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200
set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048
set security screen ids-option untrust-screen tcp syn-flood timeout 20
set security screen ids-option untrust-screen tcp land
set security zones security-zone Internal address-book address addr_192_168_201_0_24 192.168.201.0/24
set security zones security-zone Internal host-inbound-traffic system-services all
set security zones security-zone Internal interfaces vlan.1 host-inbound-traffic system-services ping
set security zones security-zone Internal interfaces vlan.1 host-inbound-traffic system-services dhcp
set security zones security-zone Internal interfaces vlan.1 host-inbound-traffic system-services http
set security zones security-zone Internal interfaces vlan.1 host-inbound-traffic system-services https
set security zones security-zone Internal interfaces vlan.1 host-inbound-traffic system-services ssh
set security zones security-zone Internal interfaces vlan.1 host-inbound-traffic system-services telnet
set security zones security-zone Internal interfaces vlan.1 host-inbound-traffic system-services snmp
set security zones security-zone Internet address-book address addr_192_168_0_0_16 192.168.0.0/16
set security zones security-zone Internet address-book address addr_10_0_0_0_8 10.0.0.0/8
set security zones security-zone Internet address-book address addr_192_168_200_0_24 192.168.200.0/24
set security zones security-zone Internet host-inbound-traffic system-services ike
set security zones security-zone Internet interfaces fe-0/0/0.0 host-inbound-traffic system-services ping
set security zones security-zone Internet interfaces fe-0/0/0.0 host-inbound-traffic system-services dhcp
set security zones security-zone Internet interfaces fe-0/0/0.0 host-inbound-traffic system-services https
set security zones security-zone Internet interfaces fe-0/0/0.0 host-inbound-traffic system-services ssh
set security zones security-zone Internet interfaces fe-0/0/0.0 host-inbound-traffic system-services ike
set security zones security-zone Internet interfaces fe-0/0/0.0 host-inbound-traffic system-services snmp
set security zones security-zone Internet interfaces st0.0 host-inbound-traffic system-services https
set security zones security-zone Internet interfaces st0.0 host-inbound-traffic system-services ping
set security zones security-zone Internet interfaces st0.0 host-inbound-traffic system-services ike
set security zones security-zone Internet interfaces st0.0 host-inbound-traffic system-services ssh
set security zones security-zone Internet interfaces st0.0 host-inbound-traffic system-services snmp
set security policies from-zone Internal to-zone Internet policy All_Internal_Internet match source-address any
set security policies from-zone Internal to-zone Internet policy All_Internal_Internet match destination-address any
set security policies from-zone Internal to-zone Internet policy All_Internal_Internet match application any
set security policies from-zone Internal to-zone Internet policy All_Internal_Internet then permit
set security policies from-zone Internal to-zone Internet policy policy_out_vpnloaner01 match source-address addr_192_168_201_0_24
set security policies from-zone Internal to-zone Internet policy policy_out_vpnloaner01 match destination-address addr_192_168_200_0_24
set security policies from-zone Internal to-zone Internet policy policy_out_vpnloaner01 match application any
set security policies from-zone Internal to-zone Internet policy policy_out_vpnloaner01 then permit
set security policies from-zone Internet to-zone Internal policy policy_in_vpnloaner01 match source-address addr_10_0_0_0_8
set security policies from-zone Internet to-zone Internal policy policy_in_vpnloaner01 match source-address addr_192_168_0_0_16
set security policies from-zone Internet to-zone Internal policy policy_in_vpnloaner01 match destination-address addr_192_168_201_0_24
set security policies from-zone Internet to-zone Internal policy policy_in_vpnloaner01 match application any
set security policies from-zone Internet to-zone Internal policy policy_in_vpnloaner01 then permit
set vlans NETWORK-9 description NETWORK-9
set vlans NETWORK-9 vlan-id 9
set vlans vlan1 vlan-id 3
set vlans vlan1 l3-interface vlan.1

admin@test>

THIS IS THE EX



{master:0}
root@EX-test> show configuration |display set |no-more
set version 12.3R6.6
set groups ezqos-voip class-of-service classifiers dscp ezqos-dscp-classifier import default
set groups ezqos-voip class-of-service classifiers dscp ezqos-dscp-classifier forwarding-class ezqos-voice-fc loss-priority low code-points 101110
set groups ezqos-voip class-of-service classifiers dscp ezqos-dscp-classifier forwarding-class ezqos-control-fc loss-priority low code-points 110000
set groups ezqos-voip class-of-service classifiers dscp ezqos-dscp-classifier forwarding-class ezqos-control-fc loss-priority low code-points 011000
set groups ezqos-voip class-of-service classifiers dscp ezqos-dscp-classifier forwarding-class ezqos-control-fc loss-priority low code-points 011010
set groups ezqos-voip class-of-service classifiers dscp ezqos-dscp-classifier forwarding-class ezqos-control-fc loss-priority low code-points 111000
set groups ezqos-voip class-of-service classifiers dscp ezqos-dscp-classifier forwarding-class ezqos-video-fc loss-priority low code-points 100010
set groups ezqos-voip class-of-service forwarding-classes class ezqos-best-effort queue-num 0
set groups ezqos-voip class-of-service forwarding-classes class ezqos-video-fc queue-num 4
set groups ezqos-voip class-of-service forwarding-classes class ezqos-voice-fc queue-num 5
set groups ezqos-voip class-of-service forwarding-classes class ezqos-control-fc queue-num 7
set groups ezqos-voip class-of-service scheduler-maps ezqos-voip-sched-maps forwarding-class ezqos-voice-fc scheduler ezqos-voice-scheduler
set groups ezqos-voip class-of-service scheduler-maps ezqos-voip-sched-maps forwarding-class ezqos-control-fc scheduler ezqos-control-scheduler
set groups ezqos-voip class-of-service scheduler-maps ezqos-voip-sched-maps forwarding-class ezqos-video-fc scheduler ezqos-video-scheduler
set groups ezqos-voip class-of-service scheduler-maps ezqos-voip-sched-maps forwarding-class ezqos-best-effort scheduler ezqos-data-scheduler
set groups ezqos-voip class-of-service schedulers ezqos-voice-scheduler buffer-size percent 20
set groups ezqos-voip class-of-service schedulers ezqos-voice-scheduler priority strict-high
set groups ezqos-voip class-of-service schedulers ezqos-control-scheduler buffer-size percent 10
set groups ezqos-voip class-of-service schedulers ezqos-control-scheduler priority strict-high
set groups ezqos-voip class-of-service schedulers ezqos-video-scheduler transmit-rate percent 70
set groups ezqos-voip class-of-service schedulers ezqos-video-scheduler buffer-size percent 20
set groups ezqos-voip class-of-service schedulers ezqos-video-scheduler priority low
set groups ezqos-voip class-of-service schedulers ezqos-data-scheduler transmit-rate percent 30
set groups ezqos-voip class-of-service schedulers ezqos-data-scheduler buffer-size percent 50
set groups ezqos-voip class-of-service schedulers ezqos-data-scheduler priority low
set apply-groups ezqos-voip
set system host-name EX-test
set system root-authentication encrypted-password "SECRET"
set system login user admin uid 2000
set system login user admin class super-user
set system login user admin authentication encrypted-password "SECRET"
set system services ssh protocol-version v2
set system services ssh max-sessions-per-connection 32
set system services telnet
set system services netconf ssh
set system services web-management http
set system services dhcp traceoptions file dhcp_logfile
set system services dhcp traceoptions level all
set system services dhcp traceoptions flag all
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system syslog file default-log-messages any any
set system syslog file default-log-messages match "(requested 'commit' operation)|(copying configuration to juniper.save)|(commit complete)|ifAdminStatus|(FRU power)|(FRU removal)|(FRU insertion)|(link UP)|transitioned|Transferred|transfer-file|(license add)|(license delete)|(package -X update)|(package -X delete)|(FRU Online)|(FRU Offline)|(plugged in)|(unplugged)|cm_device|(Master Unchanged, Members Changed)|(Master Changed, Members Changed)|(Master Detected, Members Changed)|(vc add)|(vc delete)|(Master detected)|(Master changed)|(Backup detected)|(Backup changed)|(interface vcp-)|(AIS_DATA_AVAILABLE)"
set system syslog file default-log-messages structured-data
set chassis alarm management-ethernet link-down ignore
set chassis auto-image-upgrade
set interfaces ge-0/0/0 unit 0 family ethernet-switching
set interfaces ge-0/0/1 unit 0 family ethernet-switching
set interfaces ge-0/0/2 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/2 unit 0 family ethernet-switching native-vlan-id default
set interfaces ge-0/0/3 unit 0 family ethernet-switching
set interfaces ge-0/0/4 unit 0 family ethernet-switching
set interfaces ge-0/0/5 unit 0 family ethernet-switching
set interfaces ge-0/0/6 unit 0 family ethernet-switching
set interfaces ge-0/0/7 unit 0 family ethernet-switching
set interfaces ge-0/0/8 unit 0 family ethernet-switching
set interfaces ge-0/0/9 unit 0 family ethernet-switching
set interfaces ge-0/0/10 unit 0 family ethernet-switching
set interfaces ge-0/0/11 unit 0 family ethernet-switching
set interfaces ge-0/1/0 unit 0 family ethernet-switching
set interfaces ge-0/1/1 unit 0 family ethernet-switching
set interfaces vlan unit 0 family inet address 192.168.201.10/24
set interfaces vlan unit 1 family inet address 10.12.9.254/24
set interfaces vlan unit 2 family inet address 10.12.21.254/24
set snmp community Public authorization read-only
set snmp trap-group space targets 10.11.9.6
set routing-options static route 0.0.0.0/0 next-hop 192.168.201.1
set routing-options static route 10.10.0.0/16 next-hop 192.168.201.1
set protocols igmp-snooping vlan all
set protocols rstp
set protocols lldp interface all
set protocols lldp-med interface all
set class-of-service interfaces ge-* scheduler-map ezqos-voip-sched-maps
set class-of-service interfaces ge-* unit * classifiers dscp ezqos-dscp-classifier
set class-of-service interfaces ge-* unit * rewrite-rules dscp default
set ethernet-switching-options voip
set ethernet-switching-options storm-control interface all
set vlans NETWORK-9 description NETWORK-9
set vlans NETWORK-9 vlan-id 9
set vlans NETWORK-9 l3-interface vlan.1
set vlans UC-QUADS description "UC-QUADS Voice Traffic"
set vlans UC-QUADS vlan-id 21
set vlans UC-QUADS l3-interface vlan.2
set vlans default l3-interface vlan.0
set poe interface all

{master:0}
root@EX-test>

 

 

FROM SRX;

admin@test> ping 192.168.201.10
PING 192.168.201.10 (192.168.201.10): 56 data bytes
64 bytes from 192.168.201.10: icmp_seq=0 ttl=64 time=4.146 ms
64 bytes from 192.168.201.10: icmp_seq=1 ttl=64 time=3.705 ms
64 bytes from 192.168.201.10: icmp_seq=2 ttl=64 time=3.583 ms
^C
--- 192.168.201.10 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 3.583/3.811/4.146/0.242 ms

admin@test> ping 10.12.9.254
PING 10.12.9.254 (10.12.9.254): 56 data bytes
36 bytes from 10.12.9.254: Destination Host Unreachable
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 13b5   0 0000  40  01 c940 192.168.201.1  10.12.9.254

36 bytes from 10.12.9.254: Destination Host Unreachable
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 13b8   0 0000  40  01 c93d 192.168.201.1  10.12.9.254

36 bytes from 10.12.9.254: Destination Host Unreachable
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 13bb   0 0000  40  01 c93a 192.168.201.1  10.12.9.254

^C
--- 10.12.9.254 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss

admin@test> traceroute 10.12.9.254
traceroute to 10.12.9.254 (10.12.9.254), 30 hops max, 40 byte packets
 1  10.12.9.254 (10.12.9.254)  4.115 ms  3.816 ms  4.006 ms
 2  10.12.9.254 (10.12.9.254)  10.510 ms !H  4.644 ms !H  4.449 ms !H

admin@test>

FROM EX

{master:0}
root@EX-test> ping 192.168.201.1
PING 192.168.201.1 (192.168.201.1): 56 data bytes
64 bytes from 192.168.201.1: icmp_seq=0 ttl=64 time=2.762 ms
64 bytes from 192.168.201.1: icmp_seq=1 ttl=64 time=2.826 ms
64 bytes from 192.168.201.1: icmp_seq=2 ttl=64 time=2.255 ms
^C
--- 192.168.201.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.255/2.614/2.826/0.255 ms

{master:0}
root@EX-test> ping 10.12.9.254
PING 10.12.9.254 (10.12.9.254): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host
ping: sendto: No route to host
^C
--- 10.12.9.254 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss

{master:0}

 

 

On SRX you are missing

set vlans NETWORK-9 l3-interface vlan.9
set interfaces vlan.9 family inet address 10.12.9.x/24
set security zones security-zone Internal interfaces vlan.9 host-inbound-traffic system-services ping

On EX you are missing

set interfaces ge-0/0/2.0 family ethernet-switching vlan members all

Regards, Wojtek

For the trunk ports to pass the traffic RVI should be up on EX switch..

Note that, irb.1 (vlan 9) is not up..which is pointing to the fact that RVI is not up.

 

add following config on EX..

set interfaces ge-0/0/2 unit 0 family ethernet-switching port-mode trunk

set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members all

set interfaces ge-0/0/2 unit 0 family ethernet-switching native-vlan-id default

************************************************************************************************************

Accept it as an solution if it resolved your issue. Kudos would be appreciated if you think i have earned it..

Made some additions to the vlan.1 in the EX, changed it to vlan.9 and used the SRX as the gateway. I am able to get to the EX via 10.12.9.10.

Will work on getting the correct vlans enabled,   thanks for the help