SRX Services Gateway
Highlighted
SRX Services Gateway

SRX300 to Adtran Trunk Issue

[ Edited ]
‎05-24-2020 07:27 AM

I am trying to setup a trunk from a SRX 300 to Adtran switch after a device failure.  The Adtran switch is performing layer 3 for the network.  When I enable trunk mode between the devices I am unable to ping between the devices. (srx 192.168.1.1 - adtran 192.168.1.2). My configuration is attached. 

 

Note:  I have tried with and without native-vlan-id 1

 

ge-0/0/5 {
native-vlan-id 1;
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members [ home security school yard sound ];
}
}
}

 

Config:


}
services {
ssh;
netconf {
ssh;
}
dhcp-local-server {
group jdhcp-group {
interface irb.0;
}
}
web-management {
https {
system-generated-certificate;
}
}
}
time-zone UTC;
name-server {
8.8.8.8;
8.8.4.4;
}
syslog {
archive size 100k files 3;
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
max-configurations-on-flash 5;
max-configuration-rollbacks 5;
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
}
security {
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
nat {
source {
rule-set trust-to-untrust {
from zone trust;
to zone untrust;
rule source-nat-rule {
match {
source-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
}
policies {
from-zone trust to-zone trust {
policy trust-to-trust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone trust to-zone untrust {
policy trust-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
log {
session-init;
session-close;
}
}
}
}
}
zones {
functional-zone management {
interfaces {
ge-0/0/4.0 {
host-inbound-traffic {
system-services {
https;
ping;
ssh;
}
}
}
}
}
security-zone trust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
irb.0;
}
}
security-zone untrust {
screen untrust-screen;
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
dhcp;
tftp;
https;

}
}
}
ge-0/0/7.0 {
host-inbound-traffic {
system-services {
dhcp;
tftp;
}
}
}
}
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 10.10.1.1/24;
}
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/3 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/4 {
unit 0 {
family inet {
address 192.168.100.1/24;
}
}
}
ge-0/0/5 {
native-vlan-id 1;
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members [ home security school yard sound ];
}
}
}
}
ge-0/0/6 {
unit 0;
}
ge-0/0/7 {
unit 0 {
family inet {
dhcp {
update-server;
}
}
}
}
irb {
unit 0 {
family inet {
address 192.168.1.1/24;
}
}
}
}
access {
address-assignment {
pool junosDHCPPool {
family inet {
network 192.168.1.0/24;
range junosDHCPPool_range {
low 192.168.1.2;
high 192.168.1.254;
}
dhcp-attributes {
router {
192.168.1.1;
}
propagate-settings ge-0/0/0.0;
}
}
}
}
}
vlans {
home {
vlan-id 7;
}
default {
vlan-id 1;
}
school {
vlan-id 2;
}
security {
vlan-id 4;
}
Yard {
vlan-id 5;
}
sound {
vlan-id 6;
}
vlan-trust {
vlan-id 192;
l3-interface irb.0;
}
}
protocols {
l2-learning {
global-mode switching;
}
rstp {
interface all;
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 10.10.10.1;
}
}

4 REPLIES 4
Highlighted
SRX Services Gateway

Re: SRX300 to Adtran Trunk Issue

‎05-24-2020 08:12 AM

Looks like the interface and subnet of interest is vlan-trust and irb.0 but this vlan is not included on the trunk port you highlight.

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Highlighted
SRX Services Gateway

Re: SRX300 to Adtran Trunk Issue

‎05-24-2020 08:43 AM

I made the configuration change but still have the issue.

 

ge-0/0/5 {
native-vlan-id 1;
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members [ home security school yard sound vlan-trust ];
}
}
}

}

 

Highlighted
SRX Services Gateway

Re: SRX300 to Adtran Trunk Issue

‎05-25-2020 07:14 AM

After more troubleshooting I found that I can ping the switch(192.168.1.2) from the firewall (192.168.1.1) but cannot ping the firewall from the switch.  Also should the firewall return an interface if I run the "show interfaces trunk" (invalid interface type)?  

 

interface config:

native-vlan-id 1;

unit 0 {

    family ethernet-switching {

        interface-mode trunk;

        vlan {

            members [ school security sign church sound vlan-trust test ];

        }

    }

}

 

 

Highlighted
SRX Services Gateway

Re: SRX300 to Adtran Trunk Issue

‎05-26-2020 02:58 AM

show interfaces trunk is not a valid command that is why you are getting the error message.  You can use the ? mark at any point in commands or partial commands to see valid completions.

 

Can you confirm the vlan id for the 192.168.1.0/24 subnet on the Adtran is also set to 192 matching your configuration on the SRX.

 

I also notice you have the untagged native vlan id of 1 on the trunk port but do not have any interfaces assigned to this vlan configured on the SRX.  Where is this traffic suppose to connect?

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home