Routing

Expand all | Collapse all

SRX100 & EX2300 routing issue

Jump to Best Answer
  • 1.  SRX100 & EX2300 routing issue

    Posted 10-26-2017 17:30

    I have the following setup:

    Broadband to SRX100 to EX2300

    The SRX builds a VPN tunnel to the HUB, that works as 192.168.201.1/24

    The idea is to have several vlans on the EX2300 in the 10.12.x.0/24 range, where x is the vlan number.

    The switch is set to 192.168.201.10/24

    I cannot ping the 10.12.9.254 gateway from the SRX.

    What am I missing here.?

     

    SRX-100
    
    set version 12.1X44-D35.5
    set system host-name vpnloaner01
    set system time-zone EST
    set system root-authentication encrypted-password "SECRET"
    set system name-server 10.10.10.10
    set system name-server 10.20.10.10
    set system name-server 64.105.202.138
    set system name-server 64.105.199.74
    set system name-resolution no-resolve-on-input
    set system login user admin full-name Administrator
    set system login user admin uid 2000
    set system login user admin class super-user
    set system login user admin authentication encrypted-password "SECRET"
    set system services ssh
    set system services telnet
    set system services web-management https system-generated-certificate
    set system services web-management https interface vlan.1
    set system services web-management https interface fe-0/0/0.0
    set system services web-management session idle-timeout 60
    set system services dhcp option 161 string wyse.masseyservices.com
    set system services dhcp option 186 string wyse.masseyservices.com
    set system services dhcp pool 192.168.201.0/24 address-range low 192.168.201.50
    set system services dhcp pool 192.168.201.0/24 address-range high 192.168.201.249
    set system services dhcp pool 192.168.201.0/24 router 192.168.201.1
    set system services dhcp propagate-settings fe-0/0/0
    set system syslog archive size 100k
    set system syslog archive files 3
    set system syslog user * any emergency
    set system syslog file messages any critical
    set system syslog file messages authorization info
    set system syslog file interactive-commands interactive-commands error
    set system max-configurations-on-flash 5
    set system max-configuration-rollbacks 5
    set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
    set system ntp server us.ntp.pool.org
    set interfaces fe-0/0/0 unit 0 family inet dhcp
    set interfaces fe-0/0/1 unit 0 family ethernet-switching vlan members vlan1
    set interfaces fe-0/0/2 unit 0 family ethernet-switching vlan members vlan1
    set interfaces fe-0/0/3 unit 0 family ethernet-switching vlan members vlan1
    set interfaces fe-0/0/4 unit 0 family ethernet-switching vlan members vlan1
    set interfaces fe-0/0/5 unit 0 family ethernet-switching vlan members vlan1
    set interfaces fe-0/0/6 unit 0 family ethernet-switching vlan members vlan1
    set interfaces fe-0/0/7 unit 0 family ethernet-switching vlan members vlan1
    set interfaces st0 unit 0 family inet address 192.168.200.201/24
    set interfaces vlan unit 1 family inet address 192.168.201.1/24
    
    
    set routing-options static route 192.168.200.0/24 next-hop st0.0
    set routing-options static route 10.10.0.0/16 next-hop st0.0
    
    
    set vlans vlan1 vlan-id 3
    set vlans vlan1 l3-interface vlan.1
    
    EX2300-48P
    
    admin@EX-VPNLOANER01> show configuration |display set |no-more
    set version 15.1X53-D56
    set groups ezqos-voip class-of-service classifiers dscp ezqos-dscp-classifier import default
    set groups ezqos-voip class-of-service classifiers dscp ezqos-dscp-classifier forwarding-class ezqos-voice-fc loss-priority low code-points 101110
    set groups ezqos-voip class-of-service classifiers dscp ezqos-dscp-classifier forwarding-class ezqos-control-fc loss-priority low code-points 110000
    set groups ezqos-voip class-of-service classifiers dscp ezqos-dscp-classifier forwarding-class ezqos-control-fc loss-priority low code-points 011000
    set groups ezqos-voip class-of-service classifiers dscp ezqos-dscp-classifier forwarding-class ezqos-control-fc loss-priority low code-points 011010
    set groups ezqos-voip class-of-service classifiers dscp ezqos-dscp-classifier forwarding-class ezqos-control-fc loss-priority low code-points 111000
    set groups ezqos-voip class-of-service classifiers dscp ezqos-dscp-classifier forwarding-class ezqos-video-fc loss-priority low code-points 100010
    set groups ezqos-voip class-of-service forwarding-classes class ezqos-best-effort queue-num 0
    set groups ezqos-voip class-of-service forwarding-classes class ezqos-video-fc queue-num 4
    set groups ezqos-voip class-of-service forwarding-classes class ezqos-voice-fc queue-num 5
    set groups ezqos-voip class-of-service forwarding-classes class ezqos-control-fc queue-num 7
    set groups ezqos-voip class-of-service scheduler-maps ezqos-voip-sched-maps forwarding-class ezqos-voice-fc scheduler ezqos-voice-scheduler
    set groups ezqos-voip class-of-service scheduler-maps ezqos-voip-sched-maps forwarding-class ezqos-control-fc scheduler ezqos-control-scheduler
    set groups ezqos-voip class-of-service scheduler-maps ezqos-voip-sched-maps forwarding-class ezqos-video-fc scheduler ezqos-video-scheduler
    set groups ezqos-voip class-of-service scheduler-maps ezqos-voip-sched-maps forwarding-class ezqos-best-effort scheduler ezqos-data-scheduler
    set groups ezqos-voip class-of-service schedulers ezqos-voice-scheduler buffer-size percent 20
    set groups ezqos-voip class-of-service schedulers ezqos-voice-scheduler priority strict-high
    set groups ezqos-voip class-of-service schedulers ezqos-control-scheduler buffer-size percent 10
    set groups ezqos-voip class-of-service schedulers ezqos-control-scheduler priority strict-high
    set groups ezqos-voip class-of-service schedulers ezqos-video-scheduler transmit-rate percent 70
    set groups ezqos-voip class-of-service schedulers ezqos-video-scheduler buffer-size percent 20
    set groups ezqos-voip class-of-service schedulers ezqos-video-scheduler priority low
    set groups ezqos-voip class-of-service schedulers ezqos-data-scheduler transmit-rate percent 30
    set groups ezqos-voip class-of-service schedulers ezqos-data-scheduler buffer-size percent 50
    set groups ezqos-voip class-of-service schedulers ezqos-data-scheduler priority low
    set apply-groups ezqos-voip
    set system host-name EX-VPNLOANER01
    set system root-authentication encrypted-password "SECRET"
    set system login user admin uid 2000
    set system login user admin class super-user
    set system login user admin authentication encrypted-password "SECRET"
    set system services ssh protocol-version v2
    set system services telnet
    set system services netconf ssh
    set system services web-management http
    set system services dhcp traceoptions file dhcp_logfile
    set system services dhcp traceoptions level all
    set system services dhcp traceoptions flag all
    set system syslog user * any emergency
    set system syslog file messages any notice
    set system syslog file messages authorization info
    set system syslog file interactive-commands interactive-commands any
    set chassis alarm management-ethernet link-down ignore
    set chassis auto-image-upgrade
    set interfaces ge-0/0/0 unit 0 family ethernet-switching interface-mode access
    set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members default
    set interfaces ge-0/0/1 unit 0 family ethernet-switching
    set interfaces ge-0/0/2 unit 0 family ethernet-switching
    set interfaces ge-0/0/3 unit 0 family ethernet-switching
    set interfaces ge-0/0/4 unit 0 family ethernet-switching
    set interfaces ge-0/0/5 unit 0 family ethernet-switching
    set interfaces ge-0/0/6 unit 0 family ethernet-switching
    set interfaces ge-0/0/7 unit 0 family ethernet-switching
    set interfaces ge-0/0/8 unit 0 family ethernet-switching
    set interfaces ge-0/0/9 unit 0 family ethernet-switching
    set interfaces ge-0/0/10 unit 0 family ethernet-switching
    set interfaces ge-0/0/11 unit 0 family ethernet-switching
    set interfaces ge-0/1/0 unit 0 family ethernet-switching
    set interfaces ge-0/1/1 unit 0 family ethernet-switching
    set interfaces irb unit 0 family inet address 192.168.201.10/24
    set interfaces irb unit 1 family inet address 10.12.9.254/24
    set snmp community Public authorization read-only
    set routing-options static route 0.0.0.0/0 next-hop 192.168.201.1
    set protocols lldp interface all
    set protocols lldp-med interface all
    set protocols igmp-snooping vlan all
    set class-of-service interfaces ge-* scheduler-map ezqos-voip-sched-maps
    set class-of-service interfaces ge-* unit * classifiers dscp ezqos-dscp-classifier
    set class-of-service interfaces ge-* unit * rewrite-rules dscp default
    set vlans NETWORK-9 description NETWORK-9
    set vlans NETWORK-9 vlan-id 9
    set vlans NETWORK-9 l3-interface irb.1
    set vlans default vlan-id 1
    set vlans default l3-interface irb.0
    set poe interface all
    


  • 2.  RE: SRX100 & EX2300 routing issue

    Posted 10-26-2017 20:00

    Which physical interface has connected between SRX and EX?

     

    If you are planning to configure multiple VLANs then you would need to convert that interface to trunk (as you are configuring IRBs/interface-VLAN). 

     

    Also, I don't think your irb.1  is UP as the VLAN is not associated to any of the physical interfaces (unless you missed pasting config here). 

     

    Also, why are you routing st0 subnet through st0.0 interface?



  • 3.  RE: SRX100 & EX2300 routing issue

    Posted 10-26-2017 21:18
    Couple of things you may check as follows. On EX 2300 side.. 1. The interfaces connected to SRX 100 is part of vlan 9 ..verify this. 2. From EX 2300, i assume that you are able to ping your own ip (10.12.9.254). 3. The interfaces connected between SRX and EX is not trunk. On SRX 100 side 1. First interface connecting to EX 2300 is up and able to ping self ip.. 2. Check the duplex and speed of the connecting interfaces. 2. you are also able to ping EX 2300 switch ip (192.168.201.10) from SRX 100. 3. Configure the static reverse route to 10.12.9.0/24 and point it towards the 192.168.201.10. If you are doing above steps correct, you will be able to reach the 10.12.9.254 segment. Pl accept this as solution if it resolved your issue. Kudos will be appreciated if you think i have earned..


  • 4.  RE: SRX100 & EX2300 routing issue

    Posted 10-27-2017 07:09

    The st0.0 is the vpn that goes back to corporate SRX240.

     

    The SRX100 --> fe-0/0/1  --> ge-0/0/0 EX2300

    I cannot ping the 9.245 from the SRX to the EX.

    Will change the ports to trunk, and see if I can make it work.



  • 5.  RE: SRX100 & EX2300 routing issue

    Posted 10-27-2017 11:17

    Lets try again, this is a new config, similiar to what I need, but less vlans in the EX.

    Corporate  <-->  SRX-fe-0/0/0  <--> SRX-fe-0/0/1 or fe-0/0/3 <--> EX ge-0/0/0 or ge-0/0/2  

    The VPN is over st0.0 to corporate.

    The trunk fe-0/0/3  and ge-0/0/2 will not pass traffic.

    The access port passes traffic to and from the SRX - EX

     

    I am unable to ping the vlan 9 NETWORK-9

     

    I will include the whole config of both SRX and EX. and some traceroutes and pings.

     

    THIS IS THE SRX
    
    
    
    
    admin@test> show configuration |display set |no-more
    set version 10.4R10.8
    set system host-name test
    set system time-zone EST
    set system root-authentication encrypted-password "SECRET"
    set system name-server 10.10.10.10
    set system name-server 10.20.10.10
    set system name-resolution no-resolve-on-input
    set system login user admin full-name Administrator
    set system login user admin uid 2000
    set system login user admin class super-user
    set system login user admin authentication encrypted-password "SECRET"
    set system services ssh
    set system services telnet
    set system services web-management https system-generated-certificate
    set system services web-management https interface vlan.1
    set system services web-management https interface fe-0/0/0.0
    set system services web-management session idle-timeout 60
    set system services dhcp pool 192.168.201.0/24 address-range low 192.168.201.50
    set system services dhcp pool 192.168.201.0/24 address-range high 192.168.201.249
    set system services dhcp pool 192.168.201.0/24 router 192.168.201.1
    set system services dhcp propagate-settings fe-0/0/0
    set system syslog archive size 100k
    set system syslog archive files 3
    set system syslog user * any emergency
    set system syslog file messages any critical
    set system syslog file messages authorization info
    set system syslog file interactive-commands interactive-commands error
    set system max-configurations-on-flash 5
    set system max-configuration-rollbacks 5
    set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
    set system ntp server us.ntp.pool.org
    set interfaces fe-0/0/0 unit 0 family inet dhcp
    set interfaces fe-0/0/1 unit 0 family ethernet-switching vlan members vlan1
    set interfaces fe-0/0/2 unit 0 family ethernet-switching vlan members vlan1
    set interfaces fe-0/0/3 unit 0 family ethernet-switching port-mode trunk
    set interfaces fe-0/0/3 unit 0 family ethernet-switching vlan members all
    set interfaces fe-0/0/4 unit 0 family ethernet-switching vlan members vlan1
    set interfaces fe-0/0/5 unit 0 family ethernet-switching vlan members vlan1
    set interfaces fe-0/0/6 unit 0 family ethernet-switching vlan members vlan1
    set interfaces fe-0/0/7 unit 0 family ethernet-switching vlan members vlan1
    set interfaces st0 unit 0 family inet address 192.168.200.201/24
    set interfaces vlan unit 1 family inet address 192.168.201.1/24
    set snmp description test
    set snmp community Public authorization read-only
    set routing-options static route 192.168.200.0/24 next-hop st0.0
    set routing-options static route 10.0.0.0/8 next-hop st0.0
    set routing-options static route 10.12.0.0/16 next-hop 192.168.201.10
    set protocols stp
    set security ike policy ike_pol_vpnloaner01 mode aggressive
    set security ike policy ike_pol_vpnloaner01 proposal-set standard
    set security ike policy ike_pol_vpnloaner01 pre-shared-key ascii-text "SECRET"
    set security ike gateway gw_vpnloaner01 ike-policy ike_pol_vpnloaner01
    set security ike gateway gw_vpnloaner01 address 75.112.77.34
    set security ike gateway gw_vpnloaner01 local-identity hostname vpnloaner01
    set security ike gateway gw_vpnloaner01 external-interface fe-0/0/0.0
    set security ipsec policy ipsec_pol_vpnloaner01 perfect-forward-secrecy keys group1
    set security ipsec policy ipsec_pol_vpnloaner01 proposal-set standard
    set security ipsec vpn vpnloaner01 bind-interface st0.0
    set security ipsec vpn vpnloaner01 ike gateway gw_vpnloaner01
    set security ipsec vpn vpnloaner01 ike ipsec-policy ipsec_pol_vpnloaner01
    set security ipsec vpn vpnloaner01 establish-tunnels immediately
    set security nat source rule-set nsw_srcnat from zone Internal
    set security nat source rule-set nsw_srcnat to zone Internet
    set security nat source rule-set nsw_srcnat rule nsw-src-interface match source-address 0.0.0.0/0
    set security nat source rule-set nsw_srcnat rule nsw-src-interface match destination-address 0.0.0.0/0
    set security nat source rule-set nsw_srcnat rule nsw-src-interface then source-nat interface
    set security screen ids-option untrust-screen icmp ping-death
    set security screen ids-option untrust-screen ip source-route-option
    set security screen ids-option untrust-screen ip tear-drop
    set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024
    set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200
    set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024
    set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048
    set security screen ids-option untrust-screen tcp syn-flood timeout 20
    set security screen ids-option untrust-screen tcp land
    set security zones security-zone Internal address-book address addr_192_168_201_0_24 192.168.201.0/24
    set security zones security-zone Internal host-inbound-traffic system-services all
    set security zones security-zone Internal interfaces vlan.1 host-inbound-traffic system-services ping
    set security zones security-zone Internal interfaces vlan.1 host-inbound-traffic system-services dhcp
    set security zones security-zone Internal interfaces vlan.1 host-inbound-traffic system-services http
    set security zones security-zone Internal interfaces vlan.1 host-inbound-traffic system-services https
    set security zones security-zone Internal interfaces vlan.1 host-inbound-traffic system-services ssh
    set security zones security-zone Internal interfaces vlan.1 host-inbound-traffic system-services telnet
    set security zones security-zone Internal interfaces vlan.1 host-inbound-traffic system-services snmp
    set security zones security-zone Internet address-book address addr_192_168_0_0_16 192.168.0.0/16
    set security zones security-zone Internet address-book address addr_10_0_0_0_8 10.0.0.0/8
    set security zones security-zone Internet address-book address addr_192_168_200_0_24 192.168.200.0/24
    set security zones security-zone Internet host-inbound-traffic system-services ike
    set security zones security-zone Internet interfaces fe-0/0/0.0 host-inbound-traffic system-services ping
    set security zones security-zone Internet interfaces fe-0/0/0.0 host-inbound-traffic system-services dhcp
    set security zones security-zone Internet interfaces fe-0/0/0.0 host-inbound-traffic system-services https
    set security zones security-zone Internet interfaces fe-0/0/0.0 host-inbound-traffic system-services ssh
    set security zones security-zone Internet interfaces fe-0/0/0.0 host-inbound-traffic system-services ike
    set security zones security-zone Internet interfaces fe-0/0/0.0 host-inbound-traffic system-services snmp
    set security zones security-zone Internet interfaces st0.0 host-inbound-traffic system-services https
    set security zones security-zone Internet interfaces st0.0 host-inbound-traffic system-services ping
    set security zones security-zone Internet interfaces st0.0 host-inbound-traffic system-services ike
    set security zones security-zone Internet interfaces st0.0 host-inbound-traffic system-services ssh
    set security zones security-zone Internet interfaces st0.0 host-inbound-traffic system-services snmp
    set security policies from-zone Internal to-zone Internet policy All_Internal_Internet match source-address any
    set security policies from-zone Internal to-zone Internet policy All_Internal_Internet match destination-address any
    set security policies from-zone Internal to-zone Internet policy All_Internal_Internet match application any
    set security policies from-zone Internal to-zone Internet policy All_Internal_Internet then permit
    set security policies from-zone Internal to-zone Internet policy policy_out_vpnloaner01 match source-address addr_192_168_201_0_24
    set security policies from-zone Internal to-zone Internet policy policy_out_vpnloaner01 match destination-address addr_192_168_200_0_24
    set security policies from-zone Internal to-zone Internet policy policy_out_vpnloaner01 match application any
    set security policies from-zone Internal to-zone Internet policy policy_out_vpnloaner01 then permit
    set security policies from-zone Internet to-zone Internal policy policy_in_vpnloaner01 match source-address addr_10_0_0_0_8
    set security policies from-zone Internet to-zone Internal policy policy_in_vpnloaner01 match source-address addr_192_168_0_0_16
    set security policies from-zone Internet to-zone Internal policy policy_in_vpnloaner01 match destination-address addr_192_168_201_0_24
    set security policies from-zone Internet to-zone Internal policy policy_in_vpnloaner01 match application any
    set security policies from-zone Internet to-zone Internal policy policy_in_vpnloaner01 then permit
    set vlans NETWORK-9 description NETWORK-9
    set vlans NETWORK-9 vlan-id 9
    set vlans vlan1 vlan-id 3
    set vlans vlan1 l3-interface vlan.1
    
    admin@test>
    
    THIS IS THE EX
    
    
    
    {master:0}
    root@EX-test> show configuration |display set |no-more
    set version 12.3R6.6
    set groups ezqos-voip class-of-service classifiers dscp ezqos-dscp-classifier import default
    set groups ezqos-voip class-of-service classifiers dscp ezqos-dscp-classifier forwarding-class ezqos-voice-fc loss-priority low code-points 101110
    set groups ezqos-voip class-of-service classifiers dscp ezqos-dscp-classifier forwarding-class ezqos-control-fc loss-priority low code-points 110000
    set groups ezqos-voip class-of-service classifiers dscp ezqos-dscp-classifier forwarding-class ezqos-control-fc loss-priority low code-points 011000
    set groups ezqos-voip class-of-service classifiers dscp ezqos-dscp-classifier forwarding-class ezqos-control-fc loss-priority low code-points 011010
    set groups ezqos-voip class-of-service classifiers dscp ezqos-dscp-classifier forwarding-class ezqos-control-fc loss-priority low code-points 111000
    set groups ezqos-voip class-of-service classifiers dscp ezqos-dscp-classifier forwarding-class ezqos-video-fc loss-priority low code-points 100010
    set groups ezqos-voip class-of-service forwarding-classes class ezqos-best-effort queue-num 0
    set groups ezqos-voip class-of-service forwarding-classes class ezqos-video-fc queue-num 4
    set groups ezqos-voip class-of-service forwarding-classes class ezqos-voice-fc queue-num 5
    set groups ezqos-voip class-of-service forwarding-classes class ezqos-control-fc queue-num 7
    set groups ezqos-voip class-of-service scheduler-maps ezqos-voip-sched-maps forwarding-class ezqos-voice-fc scheduler ezqos-voice-scheduler
    set groups ezqos-voip class-of-service scheduler-maps ezqos-voip-sched-maps forwarding-class ezqos-control-fc scheduler ezqos-control-scheduler
    set groups ezqos-voip class-of-service scheduler-maps ezqos-voip-sched-maps forwarding-class ezqos-video-fc scheduler ezqos-video-scheduler
    set groups ezqos-voip class-of-service scheduler-maps ezqos-voip-sched-maps forwarding-class ezqos-best-effort scheduler ezqos-data-scheduler
    set groups ezqos-voip class-of-service schedulers ezqos-voice-scheduler buffer-size percent 20
    set groups ezqos-voip class-of-service schedulers ezqos-voice-scheduler priority strict-high
    set groups ezqos-voip class-of-service schedulers ezqos-control-scheduler buffer-size percent 10
    set groups ezqos-voip class-of-service schedulers ezqos-control-scheduler priority strict-high
    set groups ezqos-voip class-of-service schedulers ezqos-video-scheduler transmit-rate percent 70
    set groups ezqos-voip class-of-service schedulers ezqos-video-scheduler buffer-size percent 20
    set groups ezqos-voip class-of-service schedulers ezqos-video-scheduler priority low
    set groups ezqos-voip class-of-service schedulers ezqos-data-scheduler transmit-rate percent 30
    set groups ezqos-voip class-of-service schedulers ezqos-data-scheduler buffer-size percent 50
    set groups ezqos-voip class-of-service schedulers ezqos-data-scheduler priority low
    set apply-groups ezqos-voip
    set system host-name EX-test
    set system root-authentication encrypted-password "SECRET"
    set system login user admin uid 2000
    set system login user admin class super-user
    set system login user admin authentication encrypted-password "SECRET"
    set system services ssh protocol-version v2
    set system services ssh max-sessions-per-connection 32
    set system services telnet
    set system services netconf ssh
    set system services web-management http
    set system services dhcp traceoptions file dhcp_logfile
    set system services dhcp traceoptions level all
    set system services dhcp traceoptions flag all
    set system syslog user * any emergency
    set system syslog file messages any notice
    set system syslog file messages authorization info
    set system syslog file interactive-commands interactive-commands any
    set system syslog file default-log-messages any any
    set system syslog file default-log-messages match "(requested 'commit' operation)|(copying configuration to juniper.save)|(commit complete)|ifAdminStatus|(FRU power)|(FRU removal)|(FRU insertion)|(link UP)|transitioned|Transferred|transfer-file|(license add)|(license delete)|(package -X update)|(package -X delete)|(FRU Online)|(FRU Offline)|(plugged in)|(unplugged)|cm_device|(Master Unchanged, Members Changed)|(Master Changed, Members Changed)|(Master Detected, Members Changed)|(vc add)|(vc delete)|(Master detected)|(Master changed)|(Backup detected)|(Backup changed)|(interface vcp-)|(AIS_DATA_AVAILABLE)"
    set system syslog file default-log-messages structured-data
    set chassis alarm management-ethernet link-down ignore
    set chassis auto-image-upgrade
    set interfaces ge-0/0/0 unit 0 family ethernet-switching
    set interfaces ge-0/0/1 unit 0 family ethernet-switching
    set interfaces ge-0/0/2 unit 0 family ethernet-switching port-mode trunk
    set interfaces ge-0/0/2 unit 0 family ethernet-switching native-vlan-id default
    set interfaces ge-0/0/3 unit 0 family ethernet-switching
    set interfaces ge-0/0/4 unit 0 family ethernet-switching
    set interfaces ge-0/0/5 unit 0 family ethernet-switching
    set interfaces ge-0/0/6 unit 0 family ethernet-switching
    set interfaces ge-0/0/7 unit 0 family ethernet-switching
    set interfaces ge-0/0/8 unit 0 family ethernet-switching
    set interfaces ge-0/0/9 unit 0 family ethernet-switching
    set interfaces ge-0/0/10 unit 0 family ethernet-switching
    set interfaces ge-0/0/11 unit 0 family ethernet-switching
    set interfaces ge-0/1/0 unit 0 family ethernet-switching
    set interfaces ge-0/1/1 unit 0 family ethernet-switching
    set interfaces vlan unit 0 family inet address 192.168.201.10/24
    set interfaces vlan unit 1 family inet address 10.12.9.254/24
    set interfaces vlan unit 2 family inet address 10.12.21.254/24
    set snmp community Public authorization read-only
    set snmp trap-group space targets 10.11.9.6
    set routing-options static route 0.0.0.0/0 next-hop 192.168.201.1
    set routing-options static route 10.10.0.0/16 next-hop 192.168.201.1
    set protocols igmp-snooping vlan all
    set protocols rstp
    set protocols lldp interface all
    set protocols lldp-med interface all
    set class-of-service interfaces ge-* scheduler-map ezqos-voip-sched-maps
    set class-of-service interfaces ge-* unit * classifiers dscp ezqos-dscp-classifier
    set class-of-service interfaces ge-* unit * rewrite-rules dscp default
    set ethernet-switching-options voip
    set ethernet-switching-options storm-control interface all
    set vlans NETWORK-9 description NETWORK-9
    set vlans NETWORK-9 vlan-id 9
    set vlans NETWORK-9 l3-interface vlan.1
    set vlans UC-QUADS description "UC-QUADS Voice Traffic"
    set vlans UC-QUADS vlan-id 21
    set vlans UC-QUADS l3-interface vlan.2
    set vlans default l3-interface vlan.0
    set poe interface all
    
    {master:0}
    root@EX-test>
    

     

     

    FROM SRX;

    admin@test> ping 192.168.201.10
    PING 192.168.201.10 (192.168.201.10): 56 data bytes
    64 bytes from 192.168.201.10: icmp_seq=0 ttl=64 time=4.146 ms
    64 bytes from 192.168.201.10: icmp_seq=1 ttl=64 time=3.705 ms
    64 bytes from 192.168.201.10: icmp_seq=2 ttl=64 time=3.583 ms
    ^C
    --- 192.168.201.10 ping statistics ---
    3 packets transmitted, 3 packets received, 0% packet loss
    round-trip min/avg/max/stddev = 3.583/3.811/4.146/0.242 ms
    
    admin@test> ping 10.12.9.254
    PING 10.12.9.254 (10.12.9.254): 56 data bytes
    36 bytes from 10.12.9.254: Destination Host Unreachable
    Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
     4  5  00 0054 13b5   0 0000  40  01 c940 192.168.201.1  10.12.9.254
    
    36 bytes from 10.12.9.254: Destination Host Unreachable
    Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
     4  5  00 0054 13b8   0 0000  40  01 c93d 192.168.201.1  10.12.9.254
    
    36 bytes from 10.12.9.254: Destination Host Unreachable
    Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
     4  5  00 0054 13bb   0 0000  40  01 c93a 192.168.201.1  10.12.9.254
    
    ^C
    --- 10.12.9.254 ping statistics ---
    3 packets transmitted, 0 packets received, 100% packet loss
    
    admin@test> traceroute 10.12.9.254
    traceroute to 10.12.9.254 (10.12.9.254), 30 hops max, 40 byte packets
     1  10.12.9.254 (10.12.9.254)  4.115 ms  3.816 ms  4.006 ms
     2  10.12.9.254 (10.12.9.254)  10.510 ms !H  4.644 ms !H  4.449 ms !H
    
    admin@test>
    

    FROM EX

    {master:0}
    root@EX-test> ping 192.168.201.1
    PING 192.168.201.1 (192.168.201.1): 56 data bytes
    64 bytes from 192.168.201.1: icmp_seq=0 ttl=64 time=2.762 ms
    64 bytes from 192.168.201.1: icmp_seq=1 ttl=64 time=2.826 ms
    64 bytes from 192.168.201.1: icmp_seq=2 ttl=64 time=2.255 ms
    ^C
    --- 192.168.201.1 ping statistics ---
    3 packets transmitted, 3 packets received, 0% packet loss
    round-trip min/avg/max/stddev = 2.255/2.614/2.826/0.255 ms
    
    {master:0}
    root@EX-test> ping 10.12.9.254
    PING 10.12.9.254 (10.12.9.254): 56 data bytes
    ping: sendto: No route to host
    ping: sendto: No route to host
    ping: sendto: No route to host
    ^C
    --- 10.12.9.254 ping statistics ---
    3 packets transmitted, 0 packets received, 100% packet loss
    
    {master:0}
    

     

     



  • 6.  RE: SRX100 & EX2300 routing issue

     
    Posted 10-27-2017 14:06

    On SRX you are missing

    set vlans NETWORK-9 l3-interface vlan.9
    set interfaces vlan.9 family inet address 10.12.9.x/24
    set security zones security-zone Internal interfaces vlan.9 host-inbound-traffic system-services ping

    On EX you are missing

    set interfaces ge-0/0/2.0 family ethernet-switching vlan members all
    


    Regards, Wojtek



  • 7.  RE: SRX100 & EX2300 routing issue
    Best Answer

    Posted 10-27-2017 18:41

    For the trunk ports to pass the traffic RVI should be up on EX switch..

    Note that, irb.1 (vlan 9) is not up..which is pointing to the fact that RVI is not up.

     

    add following config on EX..

    set interfaces ge-0/0/2 unit 0 family ethernet-switching port-mode trunk

    set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members all

    set interfaces ge-0/0/2 unit 0 family ethernet-switching native-vlan-id default

    ************************************************************************************************************

    Accept it as an solution if it resolved your issue. Kudos would be appreciated if you think i have earned it..



  • 8.  RE: SRX100 & EX2300 routing issue

    Posted 10-28-2017 15:29

    Made some additions to the vlan.1 in the EX, changed it to vlan.9 and used the SRX as the gateway. I am able to get to the EX via 10.12.9.10.

    Will work on getting the correct vlans enabled,   thanks for the help