Switching

Expand all | Collapse all

EX-2200 Can't ping RVI interface itself from hosts belonging to other vlan

Jump to Best Answer
  • 1.  EX-2200 Can't ping RVI interface itself from hosts belonging to other vlan

    Posted 01-19-2018 05:25

    Maybe I'm new in Juniper Network and you'll find a fast resolution for this issue.

    But, following my past experience in networking and security, this problem still strange for me 🙂

     

    SIMPLIFY LAB ENVIRONMENT:

    EX-2200 ->trunk -> SRX-110

    On the EX-2200 I've two vlans:

    - CONTACT

    - DATA

    On the SRX-110 I've one vlan:

    - CONTACT

     

    PROBLEM:

    I've one PC connected to EX-2200 in access to DATA vlan.
    The problem is that PC is able to ping RVI_DATA but not RVI_CONTACT! something if routing on the EX should be disabled or security policy on EX are involved*... BUT ... From the SRX itself, if I try to ping the PC, IS WORKING WELL!

    *Security policy on the EX as far as I read shoudn't be put in place...is not one SRX.

    - Why I'm not able to ping the other RVI interface?! [here... I really don't know wky...]

    - Why I'm not able to ping the SRX? [maybe something wrong on the security zone configuration?!]

     

    CONFIGURATION EXTRACT:

    EX-2200:

    interfaces {
    ge-0/0/0 {
    unit 0 {
    family ethernet-switching {
    port-mode trunk;
    vlan {
    members all;

     

    vlan {
    unit 10 {
    description CONTACT_VLAN_AND_MANAGEMENT;
    family inet {
    address 10.10.10.254/24;
    }
    unit 30 {
    family inet {
    address 10.30.30.1/24;

     

    routing-options {
    static {
    route 0.0.0.0/0 next-hop 10.10.10.1;

     

     

    vlans {
    CONTACT-MGMT {
    vlan-id 10;
    l3-interface vlan.10;
    }
    DATA {
    vlan-id 30;
    l3-interface vlan.30;

     

    SRX:

    interfaces {
    fe-0/0/0 {
    unit 0 {
    family ethernet-switching {
    port-mode trunk;
    vlan {
    members all;

     

    vlan {
    unit 10 {
    family inet {
    address 10.10.10.1/24;

     

    zones {
    security-zone CONTACT-INSIDE {
    description "Contact inside to HQ internal";
    interfaces {
    vlan.10 {
    host-inbound-traffic {
    system-services {
    all;

     

    vlans {
    vlan-10 {
    vlan-id 10;
    l3-interface vlan.10;

     

    PC

    10.30.30.33

    255.255.255.0

    10.30.30.1 gw

     

     WHY I'M NOT ABLE TO PING 10.10.10.254 OR 10.10.10.1?


    #SRX
    #RVI
    #routinginsideex
    #routing
    #ex2200
    #rvirouting


  • 2.  RE: EX-2200 Can't ping RVI interface itself from hosts belonging to other vlan
    Best Answer

    Posted 01-19-2018 06:26

    PROBLEM SOLVED

     

    Configuration was correct. It was some IP overlapping in my system that will cover the same ip addressing used on my lab. 😛