SRX

Hi, guys thanks for help and your time i have a SG-300-10(Cisco Crap) and i want to migrate to my SRX220H, but when i change the data line to the SRX220 i can ping the IP 10.10.2.25 in the VLAN 100 Interface ge-6, but from the cisco(crap) i can ping the ip 10.10.2.25

Cisco Configuration:

interface vlan 1
ip address 10.0.1 255.255.255.0
no ip address dhcp
!
interface vlan 5
name SITE_A
ip address 192.168.1.2 255.255.255.0
!
interface vlan 10
name SITE_B
ip address 172.16.31.55 255.255.255.0
!
interface vlan 100
name REMOTE_NET_A
ip address 10.10.2.26 255.255.255.252
!
interface gigabitethernet1
switchport trunk native vlan 5
!
interface gigabitethernet2
switchport trunk native vlan 5
!
interface gigabitethernet3
switchport trunk native vlan 5
!
interface gigabitethernet4
switchport trunk native vlan 10
!
interface gigabitethernet5
switchport trunk native vlan 10
!
interface gigabitethernet6
switchport trunk native vlan 10
!
interface gigabitethernet7
switchport trunk native vlan 10
!
interface gigabitethernet10
switchport mode access
switchport access vlan 100
!
ip default-gateway 10.10.2.25

SRX220

interfaces {
    ge-0/0/1 {
        unit 0 {
            family ethernet-switching {
                port-mode trunk;
                vlan {
                    members SITE_A;
                }
            }
        }
    }
    ge-0/0/2 {
        unit 0 {
            family ethernet-switching {
                port-mode trunk;
                vlan {
                    members SITE_A;
                }
            }
        }
    }
    ge-0/0/4 {
        unit 0 {
            family ethernet-switching {
                port-mode trunk;
                vlan {
                    members SITE_B;
                }
            }
        }
    }
    ge-0/0/5 {
        unit 0 {
            family ethernet-switching {
                port-mode trunk;
                vlan {
                    members SITE_B;
                }
            }
        }
    }
    ge-0/0/6 {
        speed 1g;
        link-mode full-duplex;
        gigether-options {
            auto-negotiation;
        }
        unit 0 {
            family ethernet-switching {
                port-mode access;
                vlan {
                    members REMOTE_NET_A;
                }
            }
        }
    }
    ge-0/0/7 {
        unit 0 {
            family inet {
                address 10.0.0.1/24;
            }
        }
    }
    vlan {
        unit 5 {
            proxy-arp;
            family inet {
                address 192.168.1.2/24;
            }
        }
        unit 10 {
            proxy-arp;
            family inet {
                address 172.16.31.55/24;
            }
        }
        unit 100 {
            proxy-arp;
            family inet {
                address 10.10.2.26/24;
            }
        }
    }
}
routing-options {
    static {
        route 192.168.15.0/24 next-hop 192.168.1.254;
    }
}
protocols {
    vstp {
        vlan 10;
        vlan 100;
        vlan 5;
    }
}
security {
    screen {
        ids-option untrust-screen {
            icmp {
                ping-death;
            }
            ip {
                source-route-option;
                tear-drop;
            }
            tcp {
                syn-flood {
                    alarm-threshold 1024;
                    attack-threshold 200;
                    source-threshold 1024;
                    destination-threshold 2048;
                    timeout 20;
                }
                land;
            }
        }
    }
    zones {
        security-zone Internal {
            interfaces {
                ge-0/0/7.0 {
                    host-inbound-traffic {
                        system-services {
                            ping;
                            http;
                            https;
                            ssh;
                            telnet;
                        }
                    }
                }
            }
        }
    }
}
vlans {
    SITE_A {
        vlan-id 5;
        l3-interface vlan.5;
    }
    SITE_B {
        vlan-id 10;
        l3-interface vlan.10;
    }
    REMOTE_NET_A {
        vlan-id 100;
        l3-interface vlan.100;
    }
}

in my SRX the interfce ge-6 is the interface 10 on the cisco(crap)

You have to configure the L3 interfaces of vlan 5, 10 and 100 to security zones and allow host-inbound-traffic (if required).

set security zones security-zone SITE_A interfaces vlan.5
set security zones security-zone SITE_A host-inbound-traffic system-services ping
set security zones security-zone SITE_B interfaces vlan.10
set security zones security-zone SITE_B host-inbound-traffic system-services ping
set security zones security-zone REMOTE_NET_A interfaces vlan.100
set security zones security-zone REMOTE_NET_A host-inbound-traffic system-services ping

thanks for your time and help!

Hi argonzalez,

The configuration for vlan 100 and interface ge-0/0/6 is correct, you just need to add the L3 interface of vlan 100 (vlan.100) to a security-zone. For example:

set security zones security-zones [ZONE_NAME] interface vlan.100

After setting this, try again and if it doesnt work, please share the following commands:

> show interfaces extensive vlan.100 | find security

> show arp interface vlan.100

And let us know whats the device connected to ge-0/0/6 fo the SRX.

Pura Vida!, Thanks for your time and help