Switching

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  Trouble connecting a juniper switch to a cisco 6509

    Posted 09-11-2009 08:10

    Basic layout is this. Servers/users reside behind a juniper switch which is attached to a 6509. The 6509 has a Firewall blade in it. The Firewall blade has VLANS defined in it for the servers and users behind the juniper switch. The juniper switch ports g0/1/0.0 and g1/1/0.0 should connect via trunk port to the 6509 gi6/6. We do not manage the juniper gear and had to request the configuration of it. We cannot ping the server devices from our side nor can they ping the gateway. The trunk appears to be up but I don't know if something on the juniper is misconfigured. Any assistance would be appreciated. If you need the full juniper config I can email it to you but it is too long to fit in this post.

     

    The sh int gi6/6:

     

    JKDLSW01#sh int gi6/6
    GigabitEthernet6/6 is up, line protocol is up (connected)
      Hardware is C6k 1000Mb 802.3, address is 0015.2b68.a5cd (bia 0015.2b68.a5cd)
      Description: 1 gig 14th floor (firewalled) juniper router

      MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
          reliability 255/255, txload 1/255, rxload 1/255
      Encapsulation ARPA, loopback not set
      Keepalive set (10 sec)
      Full-duplex, 1000Mb/s, media type is SX
      input flow-control is off, output flow-control is on
      Clock mode is auto
      ARP type: ARPA, ARP Timeout 04:00:00
      Last input never, output 00:00:52, output hang never
      Last clearing of "show interface" counters never
      Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0
      Queueing strategy: fifo
      Output queue: 0/40 (size/max)
      5 minute input rate 0 bits/sec, 0 packets/sec
      5 minute output rate 0 bits/sec, 0 packets/sec
         4403 packets input, 1042939 bytes, 0 no buffer
         Received 3055 broadcasts (3054 multicasts)
         0 runts, 0 giants, 0 throttles
         0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
         0 watchdog, 0 multicast, 0 pause input
         0 input packets with dribble condition detected
         81360 packets output, 6266573 bytes, 0 underruns
         0 output errors, 0 collisions, 3 interface resets
         0 babbles, 0 late collision, 0 deferred
         0 lost carrier, 0 no carrier, 0 PAUSE output
         0 output buffer failures, 0 output buffers swapped out

     

    The cisco gi6/6 is configured:

     

    interface GigabitEthernet6/6
     description 1 gig 14th floor (firewalled) juniper router

     switchport
     switchport trunk encapsulation dot1q
     switchport trunk allowed vlan 723,725,728-730,739,752-755
     no ip address
     speed nonegotiate

     

    The junipers configuration is:

     

    protocols {
        igmp-snooping {
            vlan all;
        }
        lldp {
            interface all;
        }
        lldp-med {
            interface all;
        }
        rstp {
            bridge-priority 60k;
        }

        ge-0/1/0 {
            mtu 1500;
            ether-options {
                link-mode full-duplex;
                speed {
                    1g;
                }
            }
            unit 0 {
                family ethernet-switching {
                    port-mode trunk;
                    vlan {
                        members [ Back Front Middle dev_back dev_front dev_user ];
                    }
                }
            }
        }

        ge-1/1/0 {
            mtu 1500;
            ether-options {
                link-mode full-duplex;
                speed {
                    1g;
                }
            }
            unit 0 {
                family ethernet-switching {
                    port-mode trunk;
                    vlan {
                        members [ Back Front Middle dev_back dev_front dev_user ];
                    }
                }
            }
        }

    vlans {
        Back {
            vlan-id 730;
        }
        Front {
            vlan-id 728;
        }
        Middle {
            vlan-id 729;
        }
        dev_back {
            vlan-id 755;
        }
        dev_front {
            vlan-id 753;
        }
        dev_user {
            vlan-id 754;
        }



  • 2.  RE: Trouble connecting a juniper switch to a cisco 6509

    Posted 09-11-2009 10:41

     Hi,

     

    if the server MAC address is VIP MAC (multicast MAC which I think is the case) then you have to disable IGMP snooping or these VLAN. Otherwise entire traffic to Multicast MAC would be dropped.

     

    If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it. 

     

    Kind Regards

    Michael Pergament



  • 3.  RE: Trouble connecting a juniper switch to a cisco 6509
    Best Answer

    Posted 09-11-2009 11:02

    I personally miss the

    switchport mode trunk

    statement under your Cisco IF config ..

     

    Cheers,

     

    Axel

     

     



  • 4.  RE: Trouble connecting a juniper switch to a cisco 6509

    Posted 09-11-2009 12:53

    Axel,

    Nice catch there on the missing configuration. That did bring the trunk up but shortly afterwards they lost all connectivity through their vlans. I suspect a loop, but I had to remove most of the vlans off this testing port since their main connectivity was affected.Strangely,  the other side tells me that nothing is plugged into the juniper gear except the 2 gig interfaces back to the 6509, so I am not sure why their floor went down.

     

    The cisco config looks like this:

    interface GigabitEthernet6/6
     description 1 gig COT 14th floor (firewalled) juniper router supported by COT
     switchport
     switchport trunk encapsulation dot1q
     switchport trunk allowed vlan 752-755

     switchport mode trunk

     no ip address
     speed nonegotiate
    end

     

    Message Edited by JohnD on 09-11-2009 12:55 PM


  • 5.  RE: Trouble connecting a juniper switch to a cisco 6509

    Posted 09-12-2009 02:25

    John,

     

    I have to ask a few questions to fully understand this problem:

    - Are the IF Ge-1/1/0 and Ge0/1/0 both connected to the Cisco?

    if yes: this could be a spanning-tree issue: Solution:

    a) use LACP-Aggregate on Juniper and Etherchannel LACP on Cisco

     

     Here is a link, that might be useful:

    http://networktest.com/jnpriop/

     

    I tested the Interop with Cisco VSS and Juniper Ex 4200er ...

    You have to be aware of the VLAN1 Spanning-Tree issue. That means: if you are using PVST+ on the Cisco (which is the default), than the Cisco has to be root in VLAN1. Otherwise it isn't working. Also use the native vlan on the trunk links wisely 🙂

    Of course you can use MST ....

     

    Cheers,

     

    Axel


    #etherchannel
    #interop
    #cisco
    #LACP


  • 6.  RE: Trouble connecting a juniper switch to a cisco 6509

    Posted 09-17-2009 13:37

    Yes I believe that PVST is the issue. I found the juniper article that addresses this. Thanks Alex_D you have been spot on.

     

    http://kb.juniper.net/index?page=content&id=KB15138&actp=RSS