I have a config that is becoming frustrating as i think i'm missing something obvious. Summary is that I have a number of VLANs that are trunked to a SRX340 that i've configured IRB interfaces and assigned IP addresses and everything is working as expected, with the SRX able to ping across all of the VLANs with no issues as the HP trunks the VLANs across on the interface attached to the SRX.
This means that when i'm connected into the SRX via SSH i can ping devices on all VLANs. Devices on the VLANs are able to access the Internet fine, but we cannot route between VLANs when using the SRX as the gateway.
Now, when i plug into the switch I can ping the switch, ping the SRX on the IP that is assigned to the IRB but cannot ping any other IRB interfaces or anything on any other VLAN. The intention is to have the SRX be the gateway for the inter vlan routing so we can restrict traffic.
I setup the IRBs into a separate Zone each and then a Security Policy to allow all traffic between Zones, but i cant ping across and cant see any hit counters increasing for the Security Policies.Config is attached, any thoughts would be great.
Is your SRX in switching mode?
Check the output of show ethernet-switching global information it should say switching instead of Transparent bridge.In transparent mode, irb to irb communication is not possible. user@SRX300# run show ethernet-switching global-informationGlobal Configuration:MAC aging interval : 300MAC learning : EnabledMAC statistics : DisabledMAC limit Count : 16383MAC limit hit : DisabledMAC packet action drop : DisabledLE aging time : 1200LE VLAN aging time : 1200Global Mode : SwitchingRegards,