SRX

I am migrating from an SRX200 to a SRX300 and I have everything up and working except for the trunk port to my wireless access point (Ruckus). I'm not finding a way to get the access point to come up.  I can plug back into the OLD SRX200 and everything works fine.

I have the following configured items:

set interfaces ge-0/0/4 description "Ruckus AP"
set interfaces ge-0/0/4 unit 0 description "Ruckus AP"

set interfaces ge-0/0/4 native-vlan-id 4
set interfaces ge-0/0/4 unit 0 family ethernet-switching interface-mode trunk
set interfaces ge-0/0/4 unit 0 family ethernet-switching inner-vlan members vlan-Guest
set interfaces ge-0/0/4 unit 0 family ethernet-switching inner-vlan members vlan-worstations

set vlans vlan-Guest vlan-id 200
set vlans vlan-Guest l3-interface irb.200
set vlans vlan-worstations vlan-id 4
set vlans vlan-worstations l3-interface irb.4

set access address-assignment pool guestwifi family inet network 192.168.200.0/24
set access address-assignment pool guestwifi family inet range guest-range low 192.168.200.100
set access address-assignment pool guestwifi family inet range guest-range high 192.168.200.199
set access address-assignment pool guestwifi family inet dhcp-attributes domain-name ****.com
set access address-assignment pool guestwifi family inet dhcp-attributes name-server 8.8.8.8
set access address-assignment pool guestwifi family inet dhcp-attributes router 192.168.200.1
set access address-assignment pool guestwifi family inet dhcp-attributes propagate-settings irb.200

set security zones security-zone Guest-Wireless interfaces irb.200 host-inbound-traffic system-services ping
set security zones security-zone Guest-Wireless interfaces irb.200 host-inbound-traffic system-services dhcp

set security zones security-zone workstations interfaces irb.4 host-inbound-traffic system-services all

~~~~~~~~~~~~~~~~~~~~~~

.irb200 is only on interface ge-0/0/4 so it is up/down
Anyone have any ideas?

hello ,

Can you confirm if you are getting  any ARP entry on your IRB interface .  Also can you share your JUNOS running in SRX300  .

We did have couple of IRB related issues , which is fixed in  15.1X49-D75 . So kindly upgrade to D75 and check if you see the same issue . 

Model: srx300
Junos: 15.1X49-D45
JUNOS Software Release [15.1X49-D45]

There are no ARP entries for Irb.200 nor any on interface ge-0/0/4

Attachment(s)

SRX300_ww.txt   23 KB 1 version

Hello ,

Can you try to remove the native VLAN on ge-0/0/4 and check :

set interfaces ge-0/0/4 native-vlan-id 4

Also if possible try  upgrading the device to D70 or D75 . 

I have tried without the native vlan before to the same end.

I will upgrade to the latest version and try again when I am able.
Will keep you posted.

Did you set the l2 learning to switching mode?

set protocols l2-learning global-mode switching

By default, it is set to transparent bridge in the version of Junos you are running.

IRB's were not stable on SRX300 series before 15.1X49-D50 and there were issues with JDHCP on irb's until 15.1X49-D60, so please upgrade before debugging futher.

Please remember the set protocols l2-learning global-mode switching as mentioned by rselbert and reboot afterwards.

Regarding your trunk interface i'm not sure if it's an issue as well but just use "vlan member" instead of "inner-vlan" like this example:

set interfaces ge-0/0/1 unit 0 family ethernet-switching interface-mode trunk
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members guest
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members internal

upgraded to  version 15.1X49-D75.5;
Have made sure that global l2-learning is on switch mode - comparing the rollback it looks like it was already.

Corrected the Inner vlan to member:    "Thank you jonashuge!"
set interfaces ge-0/0/4 unit 0 family ethernet-switching vlan members vlan-Guest
set interfaces ge-0/0/4 unit 0 family ethernet-switching vlan members vlan-worstations

I've made some changes as the main office DHCP server resides with the irb.4 group and provides the dhcp for the office wireless and the SRX gives the dhcp for guest wifi.   Both of which are member of the Trunk port ge-0/0/4.

Thank you for your assistance everyone.  I don't have a Lab where I can test so unfortunetly I have to schedule down time to see if the changes works.

Upgrading to the latest verson solved most of the problems I was seeing.

To point to the lan dhcp serverl used for the corporat enivonment I used the following:

set forwarding-options dhcp-relay server-group FFFFdhcp {DHCP server IP4 address}
set forwarding-options dhcp-relay active-server-group FFFFdhcp
set forwarding-options dhcp-relay group FFFFdhcp interface irb.4

 Hello ,

Can you also share  the outputs of :

> show interface terse | no-more

> show arp no-resolve | match irb

Interface               Admin Link Proto    Local                 Remote
ge-0/0/0                up    down
ge-0/0/0.0              up    down inet   
gr-0/0/0                up    up
ip-0/0/0                up    up
lsq-0/0/0               up    up
lt-0/0/0                up    up
mt-0/0/0                up    up
sp-0/0/0                up    up
sp-0/0/0.0              up    up   inet
                                   inet6
sp-0/0/0.16383          up    up   inet     10.0.0.1            --> 10.0.0.16
                                            10.0.0.6            --> 0/0
                                            128.0.0.1           --> 128.0.1.16
                                            128.0.0.6           --> 0/0
ge-0/0/1                up    up
ge-0/0/1.0              up    up   eth-switch
ge-0/0/2                up    down
ge-0/0/2.0              up    down eth-switch
ge-0/0/3                up    down
ge-0/0/3.0              up    down eth-switch
ge-0/0/4                up    up
ge-0/0/4.0              up    up   eth-switch
ge-0/0/5                up    up
ge-0/0/5.0              up    up   inet    
ge-0/0/6                up    down
ge-0/0/6.0              up    down eth-switch
ge-0/0/7                up    down
gre                     up    up
ipip                    up    up
irb                     up    up
irb.0                   up    up   inet     192.168.1.1/24
irb.2                   up    up   inet     192.168.2.254/24
irb.4                   up    up   inet     192.168.4.1/24
irb.5                   up    up   inet     192.168.5.1/24
irb.6                   up    up   inet     192.168.6.1/24
irb.200                 up    down inet     192.168.200.1/24
lo0                     up    up
lo0.0                   up    up   inet     127.0.0.1           --> 0/0
lo0.16384               up    up   inet     127.0.0.1           --> 0/0
lo0.16385               up    up   inet     10.0.0.1            --> 0/0
                                            10.0.0.16           --> 0/0
                                            128.0.0.1           --> 0/0
                                            128.0.0.4           --> 0/0
                                            128.0.1.16          --> 0/0
lo0.32768               up    up
lsi                     up    up
mtun                    up    up
pimd                    up    up
pime                    up    up
pp0                     up    up
ppd0                    up    up
ppe0                    up    up
st0                     up    up
st0.0                   up    up
tap                     up    up
vlan                    up    down
vtep                    up    up
~~~~~~~~~~~~~~~~~~~~~~~~~

00:50:56:9e:65:76 192.168.2.1     irb.2 [ge-0/0/1.0]       none
00:50:56:9e:55:4c 192.168.2.2     irb.2 [ge-0/0/1.0]       none
00:01:e6:b3:ba:21 192.168.2.11    irb.2 [ge-0/0/1.0]       none
00:21:9b:09:60:7b 192.168.2.16    irb.2 [ge-0/0/1.0]       none
00:50:56:9e:2c:c6 192.168.2.32    irb.2 [ge-0/0/1.0]       none
00:50:56:9e:6e:9f 192.168.2.35    irb.2 [ge-0/0/1.0]       none
3c:d9:2b:0f:97:b2 192.168.2.40    irb.2 [ge-0/0/1.0]       none
00:1f:29:24:2a:18 192.168.2.41    irb.2 [ge-0/0/1.0]       none
00:50:56:9e:21:69 192.168.2.220   irb.2 [ge-0/0/1.0]       none
00:50:56:9e:55:4f 192.168.2.238   irb.2 [ge-0/0/1.0]       none
00:50:56:9e:12:a3 192.168.2.246   irb.2 [ge-0/0/1.0]       none
e4:11:5b:ed:ca:7c 192.168.2.248   irb.2 [ge-0/0/1.0]       none
e4:11:5b:ec:8d:98 192.168.2.249   irb.2 [ge-0/0/1.0]       none
3c:d9:2b:73:2d:20 192.168.4.77    irb.4 [ge-0/0/1.0]       none
a4:1f:72:65:a3:7d 192.168.4.86    irb.4 [ge-0/0/1.0]       none
50:65:f3:b7:b4:f6 192.168.4.91    irb.4 [ge-0/0/1.0]       none
6c:62:6d:da:da:d8 192.168.4.94    irb.4 [ge-0/0/1.0]       none
78:45:c4:22:0f:11 192.168.4.102   irb.4 [ge-0/0/1.0]       none
c8:1f:66:22:36:c0 192.168.4.107   irb.4 [ge-0/0/1.0]       none
00:07:63:66:02:c4 192.168.4.125   irb.4 [ge-0/0/1.0]       none
8c:89:a5:0c:5f:b4 192.168.4.241   irb.4 [ge-0/0/1.0]       none
00:0b:94:20:59:13 192.168.4.251   irb.4 [ge-0/0/1.0]       none
f0:1c:2d:5d:88:01 192.168.6.2     irb.6 [ge-0/0/1.0]       none