ScreenOS Firewalls (NOT SRX)
Highlighted
ScreenOS Firewalls (NOT SRX)

SSG20 to Cisco 1800 on SFP Mini Physical Interface Module

‎05-09-2010 01:43 PM

 Hi All

 

I'm having a problem trying to connect the above devices.

 

I have installed a JJXM-1SFP-S 1 port Mini Physical Interface Module into an SSG20, but when I try connect it to a Cisco 1800, I cannot get the line protocol to come up on the 1800. The SSG20 shows UP. Is there something I am doing wrong with the sfp module ? I had configured the sfp at 100/full as requested by the MPLS provider, ip with /29 and created new zone and assigned the SFP to it, but no joy.

 

I had to connect the SSG to the 1800 for a customer... the 1800 is terminating an MPLS network. I connected the 1800 to port e0/0 on the SSG to see if the it was the Cisco device using same config as above, and it came up no problem.  The temporary port e0/0 is set aside for a future use in the coming weeks so I cannot leave the 1800 terminated to it 

 

I also have several other sites to configure using the same sfp modules, connecting to a range of Cisco devices, ME3400's, 1800's etc.

 

If anyone has any ideas I would be very grateful if you could pass them on.

 

Thanks in advance

Mooey

 

I have several 

 

3 REPLIES 3
Highlighted
ScreenOS Firewalls (NOT SRX)

Re: SSG20 to Cisco 1800 on SFP Mini Physical Interface Module

‎05-09-2010 07:37 PM

Make sure the port you are connecting to on the Cisco 1800 is set to 100 full and NOT auto.

 

See KB13384

 

Link negotiation properties for SSG Gig fiber interfaces on PIM's: JXM-1SFP-S, JXU-6GE-SFP-S, JXU-1SFP-S

 

Summary:

This article contains information about link negotiation issues that might arise when interconnecting SSGs with 3rd party devices using 1Gbps fiber interfaces with part numbers JXM-1SFP-S, JXU-6GE-SFP-S, or JXU-1SFP-S . It also contains configuration suggestions in order to work around the problem.

Problem or Goal:

When interconnecting SSG devices using one of the interface cards listed above with 3rd party devices it could happen that the link doesn't come up. On the SSG side the link is UP but on the other side link is DOWN.

Solution:

The interface cards JXM-1SFP-S, JXU-6GE-SFP-S, JXU-1SFP-S do not support auto negotiation as per IEEE 802.3 standard for 1000Base-X interfaces.  The behavior is the same for any ScreenOS version up to version 6.2. Therefore it's necessary to disable auto negotiation options in the 3rd party device otherwise it will consider that auto negotiation failed and won't bring the link UP.

The duplex mode needs to be set to "Full" and auto negotiation needs to be disabled.

With ScreenOS 6.3 and later this problem can be solved by enabling auto negotiation with the command "set interface ethx/y phy auto".
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Highlighted
ScreenOS Firewalls (NOT SRX)

Re: SSG20 to Cisco 1800 on SFP Mini Physical Interface Module

‎05-11-2010 05:34 PM

Steve

 

DO you know if there is any way to step the SFP modules down to 100/Full. The vendor equipment I am connecting to is in fact all only 10/100 capable, hence the links won't come up.

 

Also, have you ever encountered the below problem(I will put up a seperate post on this forum also. Basically, when I installed one of the SPF modules into an SSG20 and powered it up, it kept stopping after the image was loaded:

 

Done.

 

Juniper Networks, Inc
SSG5/SSG20 System Software
Copyright, 1997-2006

Version 6.1.0r5.0
Load Manufacture Information ... Done

Initialize FBTL 0........ Done
Load NVRAM Information ... (6.1.0)Done
Install module init vectors
---- switch reset time (ms): 10 ----

 

I tried another card and had the same problem, yet the card worked in the adjacent slot and other SSG20's. I tried to reset the unit via the RESET switch on the back, but had no luck.

 

Thanks in advance for any assistance

 

Mooey

 

Highlighted
ScreenOS Firewalls (NOT SRX)

Re: SSG20 to Cisco 1800 on SFP Mini Physical Interface Module

‎05-12-2010 03:46 AM

This sounds like a hardware problem.  I'd suggest you open a case with JTAC.  I think you'll need a replacement.

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home