I just bought SRX 100 and deleted all the default config.
Please consider the following set up:
Cisco R1 f1 22.214.171.124---------126.96.36.199 f0/0/0 SRX
Cisco R1 and SRX should talk using dot q tag 10
R1 can not ping 188.8.131.52 because SRX does not respond to R1's ARP request for 184.108.40.206:
root> show configuration | display setset version 11.4R7.5set system root-authentication encrypted-password "$1$K8pkQCB3$PMhEh2V68NzABTnuUWOiv0"set system services sshset system services telnetset system services xnm-clear-textset system services web-management http interface vlan.0set system services web-management https system-generated-certificateset system services web-management https interface vlan.0set system syslog archive size 100kset system syslog archive files 3set system syslog user * any emergencyset system syslog file messages any criticalset system syslog file messages authorization infoset system syslog file interactive-commands interactive-commands errorset system max-configurations-on-flash 5set system max-configuration-rollbacks 5set system license autoupdate url https://ae1.juniper.net/junos/key_retrievalset interfaces fe-0/0/0 vlan-taggingset interfaces fe-0/0/0 unit 0 vlan-id 20set interfaces fe-0/0/0 unit 0 family inet address 220.127.116.11/24set interfaces fe-0/0/0 unit 10 vlan-id 10set interfaces fe-0/0/0 unit 10 family inet address 18.104.22.168/24set interfaces fe-0/0/1 unit 0set interfaces fe-0/0/2 unit 0set interfaces fe-0/0/3 unit 0set interfaces fe-0/0/4 unit 0set interfaces fe-0/0/5 unit 0set interfaces fe-0/0/6 unit 0set interfaces fe-0/0/7 unit 0set security screen ids-option untrust-screen icmp ping-deathset security screen ids-option untrust-screen ip source-route-optionset security screen ids-option untrust-screen ip tear-dropset security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048set security screen ids-option untrust-screen tcp syn-flood timeout 20set security screen ids-option untrust-screen tcp landset security zones security-zone TRUST interfaces fe-0/0/0.10 host-inbound-traffic system-services allset security zones security-zone TRUST interfaces fe-0/0/0.10 host-inbound-traffic protocols allset security zones security-zone TRUST interfaces fe-0/0/0.0
what am i missing?
R1 port is in access mode or trunk mode?
According to the pcap the arp request is tagged.
SRX100 uses 10/100 interfaces--is the link negotiated correctly?
What does 'monitor traffic interface fe-0/0/0.10' show on the srx during the ping attempt?
R1 port is subinterface which expects dot1q tag from SRX.
This is what I see on capture.
1) SRX sends traffic as untagged out of f0/0/0 even though we have configured it with vlan-tagging which is why R1 ignores the traffic as there is no tag
I dont see an issue with config. Try a reboot of SRX, if that dont fix try upgrade to any latest versions like 12.1X46 or 12.3X48 as 11.4 is very old.