Switching

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Expand all | Collapse all

EX-2200 Can't ping RVI interface itself from hosts belonging to other vlan

Jump to Best Answer
This thread has been viewed 2 times
  • 1.  EX-2200 Can't ping RVI interface itself from hosts belonging to other vlan

    Posted 01-19-2018 05:25

    Maybe I'm new in Juniper Network and you'll find a fast resolution for this issue.

    But, following my past experience in networking and security, this problem still strange for me 🙂

     

    SIMPLIFY LAB ENVIRONMENT:

    EX-2200 ->trunk -> SRX-110

    On the EX-2200 I've two vlans:

    - CONTACT

    - DATA

    On the SRX-110 I've one vlan:

    - CONTACT

     

    PROBLEM:

    I've one PC connected to EX-2200 in access to DATA vlan.
    The problem is that PC is able to ping RVI_DATA but not RVI_CONTACT! something if routing on the EX should be disabled or security policy on EX are involved*... BUT ... From the SRX itself, if I try to ping the PC, IS WORKING WELL!

    *Security policy on the EX as far as I read shoudn't be put in place...is not one SRX.

    - Why I'm not able to ping the other RVI interface?! [here... I really don't know wky...]

    - Why I'm not able to ping the SRX? [maybe something wrong on the security zone configuration?!]

     

    CONFIGURATION EXTRACT:

    EX-2200:

    interfaces {
    ge-0/0/0 {
    unit 0 {
    family ethernet-switching {
    port-mode trunk;
    vlan {
    members all;

     

    vlan {
    unit 10 {
    description CONTACT_VLAN_AND_MANAGEMENT;
    family inet {
    address 10.10.10.254/24;
    }
    unit 30 {
    family inet {
    address 10.30.30.1/24;

     

    routing-options {
    static {
    route 0.0.0.0/0 next-hop 10.10.10.1;

     

     

    vlans {
    CONTACT-MGMT {
    vlan-id 10;
    l3-interface vlan.10;
    }
    DATA {
    vlan-id 30;
    l3-interface vlan.30;

     

    SRX:

    interfaces {
    fe-0/0/0 {
    unit 0 {
    family ethernet-switching {
    port-mode trunk;
    vlan {
    members all;

     

    vlan {
    unit 10 {
    family inet {
    address 10.10.10.1/24;

     

    zones {
    security-zone CONTACT-INSIDE {
    description "Contact inside to HQ internal";
    interfaces {
    vlan.10 {
    host-inbound-traffic {
    system-services {
    all;

     

    vlans {
    vlan-10 {
    vlan-id 10;
    l3-interface vlan.10;

     

    PC

    10.30.30.33

    255.255.255.0

    10.30.30.1 gw

     

     WHY I'M NOT ABLE TO PING 10.10.10.254 OR 10.10.10.1?


    #SRX
    #RVI
    #routinginsideex
    #routing
    #ex2200
    #rvirouting


  • 2.  RE: EX-2200 Can't ping RVI interface itself from hosts belonging to other vlan
    Best Answer

    Posted 01-19-2018 06:26

    PROBLEM SOLVED

     

    Configuration was correct. It was some IP overlapping in my system that will cover the same ip addressing used on my lab. 😛