Switching

 View Only
last person joined: 22 hours ago 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.

  • 1.  Cant ping across switchs on managment IP.

    Posted 05-16-2018 23:46
      |   view attached

    Hi All,

     

    setup looks like this:

    SW2.....>SW1......>SRX (attached detailed diagram to this post.)

     

    using IRB.60 on both switches and mngt vlan is setup with trunk ports addedd. i have the gateway for the mngt subnet on SRX interface 15 set as pure l3 interface (0/15 family inet address xx ). tried to use vlan interface on the SRX but couldnt make it work. 

     

    SW1 pings both SRX and SW2 and vice versa.

     

    SRX and SW2 cant ping each other, SRX resolves the ARP for SW2 but SW2 cant resolve the SRP for SRX. could it be that SW1 isnt passing traffic on MNGT vlan over to the SRX? 

     

     

    Apreciate suggestions.

    Lish.

    Attachment(s)

    pdf
    diangram-switches.pdf   40 KB 1 version


  • 2.  RE: Cant ping across switchs on managment IP.

    Posted 05-17-2018 04:08

    What does the routing table on sw2 look like?

     

    show route

     

    I suspect you need a default route from sw2 pointing to sw1 installed.

     



  • 3.  RE: Cant ping across switchs on managment IP.

    Posted 05-18-2018 00:14

    Hi Steve,

     

    put default route in SW2, still ping failing. show route from all three devices:

    SW2:

    sh route

    0.0.0.0/0          *[Static/5] 00:09:33
                    > to 10.2.2.10 via irb.60
10.2.2.0/24        *[Direct/0] 1d 19:23:26
                    > via irb.60
10.2.2.20/32       *[Local/0] 1d 19:23:26
                      Local via irb.60

    root@GROUNDFLOOR_EX_SWITCH# run show arp
    MAC Address Address Name Interface Flags
    c0:42:d0:f8:36:00 10.2.2.10 10.2.2.10 irb.60 [ge-0/1/0.0] none

    root@GROUNDFLOOR_EX_SWITCH> show ethernet-switching table vlan-id 60
     MANAGEMENT c0:42:d0:f8:36:00 D - ge-0/1/0.0 0 0

    ...........Ping to  SRX failing.......

    {master:0}
    root@GROUNDFLOOR_EX_SWITCH> ping 10.2.2.1
    PING 10.2.2.1 (10.2.2.1): 56 data bytes
    ^C
    --- 10.2.2.1 ping statistics ---
    3 packets transmitted, 0 packets received, 100% packet loss

    {master:0}

    SW1:

    root@IBM_BLADE_EX# run show route 
10.2.2.0/24        *[Direct/0] 01:08:36
                    > via irb.60
10.2.2.10/32       *[Local/0] 1d 19:52:19
                      Local via irb.60

    .............ARP entries...............................................
    root@IBM_BLADE_EX# run show arp
    MAC Address Address Name Interface Flags
    2c:21:72:c5:54:8f 10.2.2.1 10.2.2.1 irb.60 [ge-0/0/47.0] none
    c0:42:d0:f8:23:e0 10.2.2.20 10.2.2.20 irb.60 [ge-0/1/0.0] none
    Total entries: 2

    .....................Ethernet-swthc-table entries...............................
    root@IBM_BLADE_EX# run show ethernet-switching table vlan-id 60
     MANAGEMENT 2c:21:72:c5:54:8f D - ge-0/0/47.0 0 0
     MANAGEMENT c0:42:d0:f8:23:e0 D - ge-0/1/0.0 0 0

    SRX:

    root@SP-LAN-FIREWALL> show route 
10.2.2.0/24        *[Direct/0] 1d 19:47:38
                    > via ge-0/0/15.0
10.2.2.1/32        *[Local/0] 1d 19:47:55
                      Local via ge-0/0/15.0

    ..................ARP entries........................................

    root@SP-LAN-FIREWALL> show arp
    MAC Address Address Name Interface Flags
    c0:42:d0:f8:36:00 10.2.2.10 10.2.2.10 ge-0/0/15.0 none
    c0:42:d0:f8:23:e0 10.2.2.20 10.2.2.20 ge-0/0/15.0 none

    ................ping to SW2 failing........

    root@SP-LAN-FIREWALL> ping 10.2.2.20
    PING 10.2.2.20 (10.2.2.20): 56 data bytes
    ^C
    --- 10.2.2.20 ping statistics ---
    3 packets transmitted, 0 packets received, 100% packet loss

    root@SP-LAN-FIREWALL>
    .

    Regards,

    Lish.



  • 4.  RE: Cant ping across switchs on managment IP.

    Posted 05-19-2018 06:37

    From the output it looks like the SRX is 10.2.2.1 and serves as the default gateway for the subnet.

     

    If so, this route should point to 10.2.2.1 not 10.2.2.10

    0.0.0.0/0          *[Static/5] 00:09:33
                    > to 10.2.2.10 via irb.60

     



  • 5.  RE: Cant ping across switchs on managment IP.

    Posted 05-20-2018 22:15
      |   view attached

    Hi Steve,

     

    Done so. still not pinging. looking at the diagram i have attached now, how else could i manage this swtiches? is this design of cascading the swithes violating some switchig or routing rule?, some times if i put static route for SW2 at the SRX usig N/hop as SW1, i get ICMP redirect from SW1 when i ping from SRX.

     Appreacate if there could be another way i could manage the swithes from the SRX while still having them under one subnet. 

     

    Regards,

    Lish. 

    Attachment(s)

    pdf
    diagram.pdf   19 KB 1 version


  • 6.  RE: Cant ping across switchs on managment IP.
    Best Answer

    Posted 05-21-2018 03:04

    The daisy chain is unusual but still should work.  Often a single switch will connect to the firewall and the other downstream switches connect back to this as a aggregation point.

     

    Looking closer at your output I see the sw1 seems to be missing a default route which would also point to the SRX.  All the switches should have that same default route.

     



  • 7.  RE: Cant ping across switchs on managment IP.

    Posted 05-22-2018 02:41

    Hi Steve,

     

    Figured out the problem. it was security zone configs on the SRX. had to add vlan.60 interface under trust zone.

    can ping all the switches now.

     

    thanks for your effort and time.

     

    Regards,

    lish.