SRX

last person joined: 2 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Lacp ethernet cahnnel

    Posted 07-08-2018 01:47

    i want to configure Ethernet Channel between SRX1400 and Cisco Switch 4500, i did the following configuration but still Ethernet Channel not working properly:

     

    SRX1400:

    chassis {
    aggregated-devices {
    ethernet {
    device-count 5;
    policies {


    from-zone untrust to-zone trust10 {
    policy untrust-to-trust10 {
    match {
    source-address any;
    destination-address any;
    application any;
    }
    then {
    permit;
    }
    }
    }
    from-zone trust10 to-zone untrust {
    policy trust10-to-untrust {
    match {
    source-address any;
    destination-address any;
    application any;
    }
    then {
    permit;
    }
    }
    }
    }
    zones {

    security-zone trust10 {
    host-inbound-traffic {
    system-services {
    all;
    }
    }
    interfaces {
    ge-0/0/6.2;
    ge-0/0/6.10;
    ge-0/0/6.8;

    }
    security-zone untrust {
    interfaces {
    ae0.2 {
    host-inbound-traffic {
    system-services {
    all;
    }
    }
    }
    ae0.8 {
    host-inbound-traffic {
    system-services {
    all;
    }
    }
    }
    ae0.10 {
    host-inbound-traffic {
    system-services {
    all;
    }
    }
    }
    }
    }
    }
    }
    interfaces {
    ge-0/0/2 {
    gigether-options {
    802.3ad ae0;
    }
    }
    ge-0/0/3 {
    gigether-options {
    802.3ad ae0;
    }
    }
    ge-0/0/4 {
    gigether-options {
    802.3ad ae0;
    }
    }
    ge-0/0/5 {
    gigether-options {
    802.3ad ae0;
    }
    }
    ge-0/0/6 {
    vlan-tagging;
    unit 2 {
    family bridge {
    interface-mode trunk;
    vlan-id-list 2;
    }
    }
    unit 8 {
    family bridge {
    interface-mode trunk;
    vlan-id-list 8;
    }
    }
    unit 10 {
    family bridge {
    interface-mode trunk;
    vlan-id-list 10;
    }
    }

    ae0 {
    vlan-tagging;
    aggregated-ether-options {
    lacp {
    active;
    }
    }
    unit 2 {
    family bridge {
    interface-mode trunk;
    vlan-id-list 2;
    }
    }
    unit 8 {
    family bridge {
    interface-mode trunk;
    vlan-id-list 8;
    }
    }
    unit 10 {
    family bridge {
    interface-mode trunk;
    vlan-id-list 10;
    }
    }
    }
    irb {

    unit 2 {
    family inet {
    address 10.2.0.222/16;


    unit 8 {
    family inet {
    address 10.8.0.10/16;
    }
    }
    unit 10 {
    family inet {
    address 10.10.10.10/16;
    }

    }
    bridge-domains {

    vlan10 {
    domain-type bridge;
    vlan-id 10;
    routing-interface irb.10;
    }

    vlan2 {
    domain-type bridge;
    vlan-id 2;
    routing-interface irb.2;
    }

    }
    vlan8 {
    domain-type bridge;
    vlan-id 8;
    routing-interface irb.8;
    }
    vlan9 {
    domain-type bridge;
    vlan-id 9;
    routing-interface irb.0;
    }

    Cisco 4500:

     

    interface Port-channel1
    switchport
    switchport trunk encapsulation dot1q
    switchport mode trunk

    interface GigabitEthernet3/15
    switchport trunk encapsulation dot1q
    switchport mode trunk
    duplex full
    channel-protocol lacp
    channel-group 1 mode active
    !
    interface GigabitEthernet3/16
    switchport trunk encapsulation dot1q
    switchport mode trunk
    duplex full
    channel-protocol lacp
    channel-group 1 mode active

     

     

    admin@CIG-HQ# run show lacp interfaces
    Aggregated interface: ae0
    LACP state: Role Exp Def Dist Col Syn Aggr Timeout Activity
    ge-0/0/2 Actor No Yes No No No Yes Fast Active
    ge-0/0/2 Partner No Yes No No No Yes Fast Passive
    ge-0/0/3 Actor No Yes No No No Yes Fast Active
    ge-0/0/3 Partner No Yes No No No Yes Fast Passive
    ge-0/0/4 Actor No Yes No No No Yes Fast Active
    ge-0/0/4 Partner No Yes No No No Yes Fast Passive
    ge-0/0/5 Actor No Yes No No No Yes Fast Active
    ge-0/0/5 Partner No Yes No No No Yes Fast Passive
    LACP protocol: Receive State Transmit State Mux State
    ge-0/0/2 Defaulted Fast periodic Detached
    ge-0/0/3 Defaulted Fast periodic Detached
    ge-0/0/4 Port disabled No periodic Detached
    ge-0/0/5 Port disabled No periodic Detached  

     

    admin@CIG-HQ# run show lacp statistics interfaces ae0
    Aggregated interface: ae0
    LACP Statistics: LACP Rx LACP Tx Unknown Rx Illegal Rx
    ge-0/0/2 0 5789 0 0
    ge-0/0/3 0 3611 0 0
    ge-0/0/4 0 0 0 0
    ge-0/0/5 0 0 0 0

     


    #SRX
    #ethernetchannel
    #LACP
    #cisco
    #SRX1400


  • 2.  RE: Lacp ethernet cahnnel

    Posted 07-08-2018 02:33

    Hello,

    Please see a working config here

    https://forums.juniper.net/t5/Ethernet-Switching/LACP-Link-Aggregation-between-Cisco-and-Juniper-A-Dark-Art/td-p/134715

    HTH

    Thx

    Alex



  • 3.  RE: Lacp ethernet cahnnel

    Posted 07-08-2018 03:38

    thx 4 reply, while i have same but i use bridge mode, advice



  • 4.  RE: Lacp ethernet cahnnel

    Posted 07-08-2018 04:15

    Hi there,

     

    @Mar0 wrote:

    thx 4 reply, while i have same 

    No, You don't. You are missing "switchport nonegotiate" on CSCO side.

     

    @Mar0 wrote:

    but i use bridge mode,

    "family bridge" is the 1:1 replacement for "family ethernet-switching" for SRX starting in JUNOS 15.1, AFAIK.

     

    @Mar0 
    , advice

    CSCO recommends doing all Etherchannel config when links are shutdown 

    https://www.cisco.com/c/en/us/support/docs/switches/catalyst-2900-xl-series-switches/24044-172.html#port

    Configure the interfaces to be used in port channeling in administratively shut down mode.

    https://learningnetwork.cisco.com/thread/27331

    1/ bring down the Portchannel and member links on CSCO side 

    2/  add "switchport nonegotiate" on CSCO side

    3/ bring up Portchannel and member links on CSCO side 

    HTH

    Thx
    Alex



  • 5.  RE: Lacp ethernet cahnnel
    Best Answer

    Posted 07-08-2018 06:24

     Can u give Download Link while in Official Juniper Website had only Old version (12.xx)? (i think its a last version for srx1400)

    @aarseniev wrote:

    Hi there,

     

    @Mar0 wrote:

    thx 4 reply, while i have same 

    No, You don't. You are missing "switchport nonegotiate" on CSCO side.

     

    @Mar0 wrote:

    but i use bridge mode,

    "family bridge" is the 1:1 replacement for "family ethernet-switching" for SRX starting in JUNOS 15.1, AFAIK.

     

    @Mar0 
    , advice

    CSCO recommends doing all Etherchannel config when links are shutdown 

    https://www.cisco.com/c/en/us/support/docs/switches/catalyst-2900-xl-series-switches/24044-172.html#port

    Configure the interfaces to be used in port channeling in administratively shut down mode.

    https://learningnetwork.cisco.com/thread/27331

    1/ bring down the Portchannel and member links on CSCO side 

    2/  add "switchport nonegotiate" on CSCO side

    3/ bring up Portchannel and member links on CSCO side 

    HTH

    Thx
    Alex

    "family bridge" is the 1:1 replacement for "family ethernet-switching" for SRX starting in JUNOS 15.1, AFAIK

     

     



  • 6.  RE: Lacp ethernet cahnnel

    Posted 07-08-2018 07:00

    Hello,

    I did not pay enough attention to Your SRX model which is SRX1400, apologies for that.

    Of course, this model is EOL and the last supported release is 12.3X48.

    The LACP support for SRX L2 transparent mode on branch SRX models came in 15.1X49-D80

    https://www.juniper.net/documentation/en_US/junos/information-products/topic-collections/release-notes/15.1x49-d80/topic-118582.html

    Before that, You have to use static LAG as mentioned in

    https://kb.juniper.net/InfoCenter/index?page=content&id=KB21421&actp=METADATA

    HTH

    Thx

    Alex