SRX Services Gateway
SRX Services Gateway

Port channel between juniper and cisco switch

‎11-18-2019 04:31 AM

Hello 

 

What is the correct way to create port-channel between Juniper Srx5400 and for example cisco 2960x?

 

i have read that ethernet-switching is not supported on srx 4100 and higher but most demo configs go that route.

 

 

7 REPLIES 7
SRX Services Gateway

Re: Port channel between juniper and cisco switch

‎11-18-2019 04:49 AM

Can you please share the diagram of the infrastructure you want to create? L2/L3? Standalone/Cluster SRX?



If this worked for you please flag my post as an "Accepted Solution" so others can benefit.
SRX Services Gateway

Re: Port channel between juniper and cisco switch

[ Edited ]
‎11-18-2019 04:58 AM

Edit:

Litle config snipped:

 

    ge-0/0/0 {
        unit 0 {
            family inet {
                address 192.168.1.4/29 {
                    vrrp-group 2 {
                        virtual-address 192.168.1.2;
                        priority 200;
                        accept-data;
                        authentication-type md5;
                        authentication-key "xxx"; ## SECRET-DATA
                    }
                }
            }
        }
    }
    ge-0/0/2 {
        enable;
        vlan-tagging;
        unit 202 {
            vlan-id 202;
            family inet {
                address 192.168.3.254/24 {
                    vrrp-group 1 {
                        virtual-address 192.168.3.1;
                        priority 200;
                        accept-data;
                        authentication-type md5;
                        authentication-key "xxx"; ## SECRET-DATA
                    }
                }
            }
        }
    }

How could i make above config work with more then one interface. Example ge-0/0/0 + ge-0/0/1 | ge-0/0/2  + ge-0/0/3

 

Currently ge-0/0/0 and ge-0/0/2 are connected to cisco switch. For redundancy and more capacity i would like to use multiple links (port channel)

 

SRX Services Gateway

Re: Port channel between juniper and cisco switch

‎11-18-2019 09:27 AM

Hi,

You need to use reth interface for redundancy. I'm pasting similer configuration for reth interface but not tested in LAB. It will help you in guiding.

set interfaces ge-0/0/0 gigether-options redundant-parent reth0
set interfaces ge-0/0/2 gigether-options redundant-parent reth0
set interfaces irb unit 202 family inet address 192.168.1.254/24
set interfaces reth0 vlan-tagging
set interfaces reth0 redundant-ether-options redundancy-group 1
set interfaces reth0 redundant-ether-options lacp active
set interfaces reth0 redundant-ether-options lacp periodic slow
set interfaces reth0 unit 0 family ethernet-switching interface-mode trunk
set interfaces reth0 unit 0 family ethernet-switching vlan members vlan202
set vlans vlan202 vlan-id 202
set vlans vlan202 l3-interface irb.202



If this worked for you please flag my post as an "Accepted Solution" so others can benefit.
SRX Services Gateway

Re: Port channel between juniper and cisco switch

‎11-18-2019 10:48 PM

Hello,

 

Is the above example ment for chassi cluster ? Currently i am running only one router and i would like to attach 2 switches that are redundant. But if possible use both at the same time, if not then switch over to other when first fails. Dirty solution would be to script interface enable/disable when sw1 fails, but surely there is somthing that can create simple portchannel to switch.

SRX Services Gateway
Solution
Accepted by topic author Egert
‎11-19-2019 01:24 AM

Re: Port channel between juniper and cisco switch

[ Edited ]
‎11-18-2019 11:21 PM

Hi, Egert

 

In Junos an Aggregated-Ethernet (ae) interface is the same thing as a port-channel in Cisco. An ae interface is just a bundle of physical interfaces; this bundle can be a group of L2 (family ethernet-switching) or L3 (family inet) interfaces. As you mentioned, ethernet-switching is not supported in high end SRX, however you can configure a L3 interface with sub-interfaces that will understand vlan-tagging.

 

Based on the provided configuration I can see that you have two L3 interfaces (one with vlan-tagging) acting as VRRP gateways and you mentioned that you dont have a chassis cluster. The steps you will need to follow are:

 

1. Enable, at least, 1 ae interaface:

 

user@host# set chassis aggregated-devices ethernet device-count 1

 

Ref: https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/device-co...

 

2. Create an ae interface (ae0) by bundling ge-0/0/0 and ge-0/0/2:

 

user@host# set interfaces ge-0/0/0 gigether-options 802.3ad ae0 
user@host# set interfaces ge-0/0/2 gigether-options 802.3ad ae0

 

Ref: https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-interface-config-aggrega...

 

3. Configure ae0 with subinterfaces using vlan-tagging (Router-on-a-stick):

 

user@host# set interfaces ae0 vlan-tagging
user@host# set interfaces ae0 unit 202 vlan-id 202 user@host# set interfaces ae0 unit 202 family inet address 192.168.3.254/24 vrrp-group 1 virtual-address 192.168.3.1 priority 200 user@host# set interfaces ae0 unit 202 family inet address 192.168.3.254/24 vrrp-group 1 accept-data authentication-type md5 authentication-key [password]

user@host# set interfaces ae0 unit 205 vlan-id 205
user@host# set interfaces ae0 unit 205 family inet address 192.168.1.4/29 vrrp-group 2 virtual-address 192.168.1.2 priority 200
user@host# set interfaces ae0 unit 205 family inet address 192.168.3.254/24 vrrp-group 1 accept-data authentication-type md5 authentication-key [password] Follow the same format to configure other sub-units and note they have to have their own vlan-ids.

 

With above configuration you just need to make sure that your switch also has a L2 port-channel created acting as a trunk port and passing the vlan-ids created on the sun-units (202 and 205).

 

Remember that ge-0/0/0 and ge-0/0/2 are currently part of a security-zone; you will need to include ae0.202 and ae0.205 within those security-zones as well.

 

I really hope this was the information you were looking for. Please mark my comment as "Solution" if it applies.

 

SRX Services Gateway

Re: Port channel between juniper and cisco switch

‎11-19-2019 01:27 AM

Thanks, that was exactly what i needed. i made 2 ae interfaces [ ae0 (g0,g1) / ae1 (g2,g3) ] same in switch side. Now i have two working port channels.

 

 

SRX Services Gateway

Re: Port channel between juniper and cisco switch

‎11-19-2019 04:47 PM

nice! Im glad it worked