Switching

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  Can't perform Ping between Juniper SRX and Cisco Nexus

    Posted 12-31-2021 05:32
    Hi Team,

    I need your support.
    Refer to below image I can't perform between Nexus and SRX.

    Nexus are into VPC domain mode and SRX in cluster mode (Without secondary node for the moment).
    Create routing instance and zone from SRX side and VRF from Nexus side.
    Zone 01 : Backup-1 interface reth0.1001 (Vlan 1001)
    Zone 02: Backup-2 interface reth0.2001 (Vlan 2001)

    SRX ge0/0/1 and ge0/0/2 have Reth0 as parent interface with:
    reth0.1001 (Vlan 1001) IP address 10.128.10.254/24  -  10.128.10.1/24 from Nexus VRF side = Ping doesn't work
    reth0.2001 (Vlan 2001) IP Address 10.128.20.254/24  -  10.128.20.1/24 from Nexus VRF side = Ping doesn't work

    All ping service are openned in each zone and I created Global Policy and Default Policy with Permit Action.
    Please see as attachment Nexus and SRX configuration. 

    I don't know what's wrong.


    ------------------------------
    WYA ABU
    ------------------------------

    Attachment(s)

    txt
    SRX Config.txt   2 KB 1 version
    txt
    Nexus Config.txt   1 KB 1 version


  • 2.  RE: Can't perform Ping between Juniper SRX and Cisco Nexus

     
    Posted 12-31-2021 05:37
    It looks like you are trying to configure a LAG but have used redundant either instead on the Junos side.

    You need to configure aggregated ethernet ae interfaces instead of reth interfaces.

    https://www.juniper.net/documentation/en_US/junos/topics/example/chassis-cluster-lag-lacp-configuring-cli.html

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------



  • 3.  RE: Can't perform Ping between Juniper SRX and Cisco Nexus

    Posted 01-01-2022 09:24
    Hi Steve,

    Based  on the links below we can configure LACP on RETH interface too.
    I think that PING issue could be configuration problem. 
    I permit Global Policy and Default Policy too. But same issue. 
    May b eI have to permit intra zone policy. 
    Have you check my configuration file ?

    https://www.juniper.net/documentation/us/en/software/junos/chassis-cluster-security-devices/topics/topic-map/security-chassis-cluster-redundant-ethernet-lag-interfaces.html

    https://kb.juniper.net/InfoCenter/index?page=content&id=KB22474&cat=switch_products&actp=LIST

    " The Link Aggregation Control Protocol (LACP) provides additional functionality for LAGs. LACP is supported in standalone deployments, where aggregated Ethernet interfaces are supported, and in chassis cluster deployments, where aggregated Ethernet interfaces and redundant Ethernet interfaces are supported simultaneously.
    You configure LACP on a redundant Ethernet interface by setting the LACP mode for the parent link with the lacp statement. The LACP mode can be off (the default), active, or passive. "


    ------------------------------
    WYA ABU
    ------------------------------



  • 4.  RE: Can't perform Ping between Juniper SRX and Cisco Nexus

     
    Posted 01-01-2022 09:28
    Sorry that I was not clear.  The issue is NOT LACP at all.

    There are two different IEEE standards, both can use LACP options.
    Aggregated ethernet  
    Redundant ethernet

    When you configure Cisco port channel this is the IEEE aggregated ethernet. 
    The Junos matching configuration is ae interfaces.

    Junos reth interfaces are the implementation of the redundant ethernet standard not the aggregated one.

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------