ScreenOS Firewalls (NOT SRX)
Highlighted
ScreenOS Firewalls (NOT SRX)

ScreenOS - SSG20 to Cisco switch trunk

‎10-12-2011 06:15 AM

Hi, I'm trying to establish a trunk between SSG20 and Cisco 2950. I have a trunk port on my cisco allowing VLANs 100,990.

My subinterfaces on the Juniper are:

set zone id 109 "VLAN990"
set zone id 100 "VLAN100"
set interface ethernet0/4.1 tag 100 zone "VLAN100"
set interface ethernet0/4.1 ip 10.10.10.1/24
set interface ethernet0/4.1 route
set interface ethernet0/4.2 tag 990 zone "VLAN990"
set interface ethernet0/4.2 ip 172.30.0.1/23
set interface ethernet0/4.2 route
However, the trunk doesn't appear to be working as I can't PING IPs on the either side of the network, i.e from Juniper I can't see IPs on the Cisco side and vice versa.

- full config is attached

 

Attachments

2 REPLIES 2
Highlighted
ScreenOS Firewalls (NOT SRX)

Re: ScreenOS - SSG20 to Cisco switch trunk

‎10-14-2011 03:50 PM

You interface tagging configuration looks correct.  But I don't see any policies setup for your two associated zones.  If you are not sourcing the ping from the same zone to the same zone it will be blocked without a policy setup for it.  You will need to create the trust to vlan100 or vlan990 policy to allow the traffic.

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Highlighted
ScreenOS Firewalls (NOT SRX)

Re: ScreenOS - SSG20 to Cisco switch trunk

[ Edited ]
‎10-15-2011 04:30 AM

Also if you want to ping the SSG interfaces you need to allow it by following command:

set interface eth0/4.1 manage ping

set interface eth0/4.2 manage ping

 

Also setting ping allowed globally is a good idea when setting up new things, you can always remove it lateron.

set policy global top any-ipv4 any-ipv4 ping permit log

 

Also if your routing is not setup correctly at this point you might want to test the ping from SSG cli to Cisco:

ping 10.10.10.2 from eth0/4.1 (Of course assuming 10.10.10.2 is Cisco) :-)

Regards,
Tero S