Hi, guys thanks for help and your time i have a SG-300-10(Cisco Crap) and i want to migrate to my SRX220H, but when i change the data line to the SRX220 i can ping the IP 10.10.2.25 in the VLAN 100 Interface ge-6, but from the cisco(crap) i can ping the ip 10.10.2.25
Cisco Configuration:
interface vlan 1
ip address 10.0.1 255.255.255.0
no ip address dhcp
!
interface vlan 5
name SITE_A
ip address 192.168.1.2 255.255.255.0
!
interface vlan 10
name SITE_B
ip address 172.16.31.55 255.255.255.0
!
interface vlan 100
name REMOTE_NET_A
ip address 10.10.2.26 255.255.255.252
!
interface gigabitethernet1
switchport trunk native vlan 5
!
interface gigabitethernet2
switchport trunk native vlan 5
!
interface gigabitethernet3
switchport trunk native vlan 5
!
interface gigabitethernet4
switchport trunk native vlan 10
!
interface gigabitethernet5
switchport trunk native vlan 10
!
interface gigabitethernet6
switchport trunk native vlan 10
!
interface gigabitethernet7
switchport trunk native vlan 10
!
interface gigabitethernet10
switchport mode access
switchport access vlan 100
!
ip default-gateway 10.10.2.25
SRX220
interfaces {
ge-0/0/1 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members SITE_A;
}
}
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members SITE_A;
}
}
}
}
ge-0/0/4 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members SITE_B;
}
}
}
}
ge-0/0/5 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members SITE_B;
}
}
}
}
ge-0/0/6 {
speed 1g;
link-mode full-duplex;
gigether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members REMOTE_NET_A;
}
}
}
}
ge-0/0/7 {
unit 0 {
family inet {
address 10.0.0.1/24;
}
}
}
vlan {
unit 5 {
proxy-arp;
family inet {
address 192.168.1.2/24;
}
}
unit 10 {
proxy-arp;
family inet {
address 172.16.31.55/24;
}
}
unit 100 {
proxy-arp;
family inet {
address 10.10.2.26/24;
}
}
}
}
routing-options {
static {
route 192.168.15.0/24 next-hop 192.168.1.254;
}
}
protocols {
vstp {
vlan 10;
vlan 100;
vlan 5;
}
}
security {
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
zones {
security-zone Internal {
interfaces {
ge-0/0/7.0 {
host-inbound-traffic {
system-services {
ping;
http;
https;
ssh;
telnet;
}
}
}
}
}
}
}
vlans {
SITE_A {
vlan-id 5;
l3-interface vlan.5;
}
SITE_B {
vlan-id 10;
l3-interface vlan.10;
}
REMOTE_NET_A {
vlan-id 100;
l3-interface vlan.100;
}
}
in my SRX the interfce ge-6 is the interface 10 on the cisco(crap)