SRX Services Gateway
SRX Services Gateway

Lacp ethernet cahnnel

‎07-08-2018 01:46 AM

i want to configure Ethernet Channel between SRX1400 and Cisco Switch 4500, i did the following configuration but still Ethernet Channel not working properly:

 

SRX1400:

chassis {
aggregated-devices {
ethernet {
device-count 5;
policies {


from-zone untrust to-zone trust10 {
policy untrust-to-trust10 {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone trust10 to-zone untrust {
policy trust10-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {

security-zone trust10 {
host-inbound-traffic {
system-services {
all;
}
}
interfaces {
ge-0/0/6.2;
ge-0/0/6.10;
ge-0/0/6.8;

}
security-zone untrust {
interfaces {
ae0.2 {
host-inbound-traffic {
system-services {
all;
}
}
}
ae0.8 {
host-inbound-traffic {
system-services {
all;
}
}
}
ae0.10 {
host-inbound-traffic {
system-services {
all;
}
}
}
}
}
}
}
interfaces {
ge-0/0/2 {
gigether-options {
802.3ad ae0;
}
}
ge-0/0/3 {
gigether-options {
802.3ad ae0;
}
}
ge-0/0/4 {
gigether-options {
802.3ad ae0;
}
}
ge-0/0/5 {
gigether-options {
802.3ad ae0;
}
}
ge-0/0/6 {
vlan-tagging;
unit 2 {
family bridge {
interface-mode trunk;
vlan-id-list 2;
}
}
unit 8 {
family bridge {
interface-mode trunk;
vlan-id-list 8;
}
}
unit 10 {
family bridge {
interface-mode trunk;
vlan-id-list 10;
}
}

ae0 {
vlan-tagging;
aggregated-ether-options {
lacp {
active;
}
}
unit 2 {
family bridge {
interface-mode trunk;
vlan-id-list 2;
}
}
unit 8 {
family bridge {
interface-mode trunk;
vlan-id-list 8;
}
}
unit 10 {
family bridge {
interface-mode trunk;
vlan-id-list 10;
}
}
}
irb {

unit 2 {
family inet {
address 10.2.0.222/16;


unit 8 {
family inet {
address 10.8.0.10/16;
}
}
unit 10 {
family inet {
address 10.10.10.10/16;
}

}
bridge-domains {

vlan10 {
domain-type bridge;
vlan-id 10;
routing-interface irb.10;
}

vlan2 {
domain-type bridge;
vlan-id 2;
routing-interface irb.2;
}

}
vlan8 {
domain-type bridge;
vlan-id 8;
routing-interface irb.8;
}
vlan9 {
domain-type bridge;
vlan-id 9;
routing-interface irb.0;
}

Cisco 4500:

 

interface Port-channel1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk

interface GigabitEthernet3/15
switchport trunk encapsulation dot1q
switchport mode trunk
duplex full
channel-protocol lacp
channel-group 1 mode active
!
interface GigabitEthernet3/16
switchport trunk encapsulation dot1q
switchport mode trunk
duplex full
channel-protocol lacp
channel-group 1 mode active

 

 

admin@CIG-HQ# run show lacp interfaces
Aggregated interface: ae0
LACP state: Role Exp Def Dist Col Syn Aggr Timeout Activity
ge-0/0/2 Actor No Yes No No No Yes Fast Active
ge-0/0/2 Partner No Yes No No No Yes Fast Passive
ge-0/0/3 Actor No Yes No No No Yes Fast Active
ge-0/0/3 Partner No Yes No No No Yes Fast Passive
ge-0/0/4 Actor No Yes No No No Yes Fast Active
ge-0/0/4 Partner No Yes No No No Yes Fast Passive
ge-0/0/5 Actor No Yes No No No Yes Fast Active
ge-0/0/5 Partner No Yes No No No Yes Fast Passive
LACP protocol: Receive State Transmit State Mux State
ge-0/0/2 Defaulted Fast periodic Detached
ge-0/0/3 Defaulted Fast periodic Detached
ge-0/0/4 Port disabled No periodic Detached
ge-0/0/5 Port disabled No periodic Detached  

 

admin@CIG-HQ# run show lacp statistics interfaces ae0
Aggregated interface: ae0
LACP Statistics: LACP Rx LACP Tx Unknown Rx Illegal Rx
ge-0/0/2 0 5789 0 0
ge-0/0/3 0 3611 0 0
ge-0/0/4 0 0 0 0
ge-0/0/5 0 0 0 0

 

5 REPLIES 5
SRX Services Gateway

Re: Lacp ethernet cahnnel

‎07-08-2018 02:33 AM

Hello,

Please see a working config here

https://forums.juniper.net/t5/Ethernet-Switching/LACP-Link-Aggregation-between-Cisco-and-Juniper-A-D...

HTH

Thx

Alex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
SRX Services Gateway

Re: Lacp ethernet cahnnel

‎07-08-2018 03:38 AM

thx 4 reply, while i have same but i use bridge mode, advice

SRX Services Gateway

Re: Lacp ethernet cahnnel

[ Edited ]
‎07-08-2018 04:15 AM

Hi there,

 


@Mar0 wrote:

thx 4 reply, while i have same 


No, You don't. You are missing "switchport nonegotiate" on CSCO side.

 


@Mar0 wrote:

but i use bridge mode,


"family bridge" is the 1:1 replacement for "family ethernet-switching" for SRX starting in JUNOS 15.1, AFAIK.

 


@Mar0 
, advice

CSCO recommends doing all Etherchannel config when links are shutdown 

https://www.cisco.com/c/en/us/support/docs/switches/catalyst-2900-xl-series-switches/24044-172.html#...

Configure the interfaces to be used in port channeling in administratively shut down mode.

https://learningnetwork.cisco.com/thread/27331

1/ bring down the Portchannel and member links on CSCO side 

2/  add "switchport nonegotiate" on CSCO side

3/ bring up Portchannel and member links on CSCO side 

HTH

Thx
Alex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
SRX Services Gateway
Solution
Accepted by topic author Mar0
‎07-29-2018 01:42 AM

Re: Lacp ethernet cahnnel

[ Edited ]
‎07-08-2018 06:24 AM

 Can u give Download Link while in Official Juniper Website had only Old version (12.xx)? (i think its a last version for srx1400)


@aarseniev wrote:

Hi there,

 


@Mar0 wrote:

thx 4 reply, while i have same 


No, You don't. You are missing "switchport nonegotiate" on CSCO side.

 


@Mar0 wrote:

but i use bridge mode,


"family bridge" is the 1:1 replacement for "family ethernet-switching" for SRX starting in JUNOS 15.1, AFAIK.

 


@Mar0 
, advice

CSCO recommends doing all Etherchannel config when links are shutdown 

https://www.cisco.com/c/en/us/support/docs/switches/catalyst-2900-xl-series-switches/24044-172.html#...

Configure the interfaces to be used in port channeling in administratively shut down mode.

https://learningnetwork.cisco.com/thread/27331

1/ bring down the Portchannel and member links on CSCO side 

2/  add "switchport nonegotiate" on CSCO side

3/ bring up Portchannel and member links on CSCO side 

HTH

Thx
Alex



"family bridge" is the 1:1 replacement for "family ethernet-switching" for SRX starting in JUNOS 15.1, AFAIK

 

 

Highlighted
SRX Services Gateway

Re: Lacp ethernet cahnnel

[ Edited ]
‎07-08-2018 07:00 AM

Hello,

I did not pay enough attention to Your SRX model which is SRX1400, apologies for that.

Of course, this model is EOL and the last supported release is 12.3X48.

The LACP support for SRX L2 transparent mode on branch SRX models came in 15.1X49-D80

https://www.juniper.net/documentation/en_US/junos/information-products/topic-collections/release-not...

Before that, You have to use static LAG as mentioned in

https://kb.juniper.net/InfoCenter/index?page=content&id=KB21421&actp=METADATA

HTH

Thx

Alex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !