These are system services on the SRX what i was referring to was the host inbound services for the reth interfaces that defined for S2 and S3 for eg
set security zones security-zone ABC interface ge-0/0/xx host-inbound-traffic system-services all
set security zones security-zone ABC interface ge-0/0/xx host-inbound-traffic protocol icmp
Where security zone ABC is configured with the reth interfaces corresponding to S2 and S3 that are connected to ge-0/0 interfaces on the SRX. You may want to enable trace options on the interface to check the traffic. If you have JTAC support may want to open a ticket with them for trace options. If you have any access to the switch it may be worth checking if the switch is configured correctly to route traffic via SRX.
------------------------------
ANKUR
------------------------------
Original Message:
Sent: 09-20-2022 04:18
From: DAN RAWLINGS
Subject: SRX345 ingle RETH to multiple EX switch stacks
Hi Ankur,
sorry for the delay, been a long weekend here in the UK
i can ping SS1 but not 2 and 3
here is an output of the services -
set system services ssh root-login deny
set system services ssh protocol-version v2
set system services ssh client-alive-count-max 10
set system services ssh client-alive-interval 180
set system services ssh rate-limit 15
set system services netconf ssh
set system services dhcp-local-server requested-ip-interface-match
set routing-instances LOCAL-PRIVATE system services dhcp-local-server group CLIENT interface reth0.33 upto reth0.224
set routing-instances NCG-MGMT-ON-NET system services dhcp-local-server group CLIENT interface reth0.10
set routing-instances WIFI-MGMT system services dhcp-local-server group CLIENT interface reth0.5
Hope this helps
thanks
Dan
------------------------------
DAN RAWLINGS
Original Message:
Sent: 09-16-2022 14:48
From: ANKUR V
Subject: SRX345 ingle RETH to multiple EX switch stacks
Can you ping the switch stacks from the SRX or from its interfaces? or SSH from SRX into the Switch? Are host inbound services defined as well?
------------------------------
ANKUR
Original Message:
Sent: 09-16-2022 12:32
From: DAN RAWLINGS
Subject: SRX345 ingle RETH to multiple EX switch stacks
Thanks for the reply Ankur
all interfaces are attributed to reth0 - its literally the DHCP not binding and the switch is not available via mgmt / ping.
here are some checks from the SRX to aide
node0> show interfaces terse | match /8
ge-0/0/8 up up
ge-0/0/8.5 up up aenet --> reth0.5
ge-0/0/8.10 up up aenet --> reth0.10
ge-0/0/8.33 up up aenet --> reth0.33
ge-0/0/8.34 up up aenet --> reth0.34
ge-0/0/8.32767 up up aenet --> reth0.32767
ge-5/0/8 up up
ge-5/0/8.5 up up aenet --> reth0.5
ge-5/0/8.10 up up aenet --> reth0.10
ge-5/0/8.33 up up aenet --> reth0.33
ge-5/0/8.34 up up aenet --> reth0.34
ge-5/0/8.32767 up up aenet --> reth0.32767
{primary:node0}
node0> show interfaces terse | match reth0
ge-0/0/2.5 up up aenet --> reth0.5
ge-0/0/2.10 up up aenet --> reth0.10
ge-0/0/2.33 up up aenet --> reth0.33
ge-0/0/2.34 up up aenet --> reth0.34
ge-0/0/2.32767 up up aenet --> reth0.32767
ge-0/0/8.5 up up aenet --> reth0.5
ge-0/0/8.10 up up aenet --> reth0.10
ge-0/0/8.33 up up aenet --> reth0.33
ge-0/0/8.34 up up aenet --> reth0.34
ge-0/0/8.32767 up up aenet --> reth0.32767
ge-5/0/2.5 up up aenet --> reth0.5
ge-5/0/2.10 up up aenet --> reth0.10
ge-5/0/2.33 up up aenet --> reth0.33
ge-5/0/2.34 up up aenet --> reth0.34
ge-5/0/2.32767 up up aenet --> reth0.32767
ge-5/0/8.5 up up aenet --> reth0.5
ge-5/0/8.10 up up aenet --> reth0.10
ge-5/0/8.33 up up aenet --> reth0.33
ge-5/0/8.34 up up aenet --> reth0.34
ge-5/0/8.32767 up up aenet --> reth0.32767
reth0 up up
reth0.5 up up inet 10.80.5.1/24
reth0.10 up up inet 10.80.10.1/24
reth0.33 up up inet 10.80.33.1/24
reth0.34 up up inet 10.80.34.1/24
reth0.32767 up up
{primary:node0}
node0> show configuration interfaces reth0.33
description ***Corp***;
vlan-id 33;
family inet {
address 10.xx.33.1/24;
}
{primary:node0}
node0> show arp interface reth0.33
{primary:node0}
node0> show chassis mac-addresses
node0:
--------------------------------------------------------------------------
MAC address information:
Public base address 58:xx:xx:xx:xx:01
Public count 126
Private base address 58:xx:xx:xx:xx:7f
Private count 1
node1:
--------------------------------------------------------------------------
MAC address information:
Public base address 58:xx:xx:xx:xx:01
Public count 126
Private base address 58:xx:xx:xx:xx:7f
Private count 1
{primary:node0}
node0> show lldp neighbors
Local Interface Parent Interface Chassis Id Port info System Name
ge-5/0/8 reth0 28:xx:xx:xx:xx:80 ge-1/1/0.0 asw1..gb
ge-0/0/8 reth0 28:xx:xx:xx:xx:80 ge-0/1/0.0 asw1..gb
ge-0/0/2 reth0 80:xx:xx:xx:xx:00 ***CSRX1.N0-RETH0*** csw1..gb
ge-0/0/3 reth1 80:xx:xx:xx:xx:00 ***CSRX1.N0-RETH1*** csw1..gb
ge-5/0/2 reth0 80:xx:xx:xx:xx:00 ***CSRX1.N1-RETH0*** csw1..gb
ge-5/0/3 reth1 80:xx:xx:xx:xx:00 ***CSRX1.N1-RETH1*** csw1..gb
DHCP config is good as we are receiving on the originally connected stack.
Any further suggestions?
Regards
Dan
------------------------------
DAN RAWLINGS
Original Message:
Sent: 09-16-2022 12:04
From: ANKUR V
Subject: SRX345 ingle RETH to multiple EX switch stacks
You can add multiple switch stacks under a single RETH. Physical configuration goes on the physical interface, along with the association to an reth. Logical interface configuration goes under interface reth, along with the association to a failover redundancy group. Are you propagating dhcp pool to the corresponding logical reth interfaces as well? Do a " show interface terse" and validate if all the physical interfaces are in the reth as intended
------------------------------
ANKUR
Original Message:
Sent: 09-16-2022 06:57
From: DAN RAWLINGS
Subject: SRX345 ingle RETH to multiple EX switch stacks
Good afternoon all,
I have a scenario where my SRX cluster is the DHCP server for my site.
SS1 (Switch stack) is currently in RETH0. DHCP is working.
i would like to add SS2 and SS3 to RETH0. When i do this, i see them as prt of RETH0 however, DHCP does not work.
Am i allowed multiple switch stacks under a single RETH?
Diagram below
Thanks all
------------------------------
DAN RAWLINGS
------------------------------