@lpaniagua , I'm having a similar issue with my setup. I've tried this two different ways.
Setup 1: Reth0 = redundancy group 1, lacp active/periodic fast, unit 0 family inet address X.X.X.4, interfaces xe-0/0/16 & xe-7/0/16
Reth1 = redundancy group 1, lacp active/periodic fast, unit 0 family inet address X.X.X.5, interfaces xe-0/0/17 & xe-7/0/17
They are connected to a pair of cisco nexus switches on port channels that are vpc peered.
Everything looked like it was working but when a PC on SW2 tried to reach the SRX I wasn't getting a response. So I changed it to:
Setup 2: Reth0 = redundancy group 1, lacp active/periodic fast, unit 0 family inet address X.X.X.4, interfaces xe-0/0/16 & xe-7/0/16 & xe-0/0/17 & xe-7/0/17.
With setup 2, I was getting the same outcome. The cisco POs are just access ports in vlan 1500. I'm using hsrp on vlan 1500. So SW1 vlan 1500 SVI is .2, SW2 vlan 1500 SVI .3 and hsrp is .1. Any PC on SW1 works just fine with no issues. It's just traffic on SW2 that gets lost.
I only went with reths because my SRXs are clustered and I wanted to build the most robust connection between the Junipers and Ciscos. If my current setup can be fixed great. If not, if I'm going about this all wrong then so be it. But what is the best way to build this?
------------------------------
CHRIS COUTURE
------------------------------
Original Message:
Sent: 11-18-2019 23:21
From: lpaniagua
Subject: Port channel between juniper and cisco switch
Hi, Egert
In Junos an Aggregated-Ethernet (ae) interface is the same thing as a port-channel in Cisco. An ae interface is just a bundle of physical interfaces; this bundle can be a group of L2 (family ethernet-switching) or L3 (family inet) interfaces. As you mentioned, ethernet-switching is not supported in high end SRX, however you can configure a L3 interface with sub-interfaces that will understand vlan-tagging.
Based on the provided configuration I can see that you have two L3 interfaces (one with vlan-tagging) acting as VRRP gateways and you mentioned that you dont have a chassis cluster. The steps you will need to follow are:
1. Enable, at least, 1 ae interaface:
user@host# set chassis aggregated-devices ethernet device-count 1
Ref: https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/device-count-edit-chassis.html
2. Create an ae interface (ae0) by bundling ge-0/0/0 and ge-0/0/2:
user@host# set interfaces ge-0/0/0 gigether-options 802.3ad ae0 user@host# set interfaces ge-0/0/2 gigether-options 802.3ad ae0
Ref: https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-interface-config-aggregated-ethernet.html#id-deleting-aggregated-ethernet-interface
3. Configure ae0 with subinterfaces using vlan-tagging (Router-on-a-stick):
user@host# set interfaces ae0 vlan-tagging
user@host# set interfaces ae0 unit 202 vlan-id 202user@host# set interfaces ae0 unit 202 family inet address 192.168.3.254/24 vrrp-group 1 virtual-address 192.168.3.1 priority 200user@host# set interfaces ae0 unit 202 family inet address 192.168.3.254/24 vrrp-group 1 accept-data authentication-type md5 authentication-key [password]
user@host# set interfaces ae0 unit 205 vlan-id 205
user@host# set interfaces ae0 unit 205 family inet address 192.168.1.4/29 vrrp-group 2 virtual-address 192.168.1.2 priority 200
user@host# set interfaces ae0 unit 205 family inet address 192.168.3.254/24 vrrp-group 1 accept-data authentication-type md5 authentication-key [password]Follow the same format to configure other sub-units and note they have to have their own vlan-ids.
With above configuration you just need to make sure that your switch also has a L2 port-channel created acting as a trunk port and passing the vlan-ids created on the sun-units (202 and 205).
Remember that ge-0/0/0 and ge-0/0/2 are currently part of a security-zone; you will need to include ae0.202 and ae0.205 within those security-zones as well.
I really hope this was the information you were looking for. Please mark my comment as "Solution" if it applies.