SRX

 View Only
last person joined: 5 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  SRX irb.1 interface is not pinging

    Posted 06-06-2023 06:50

    Hi all,

    We are using SRX340 and we configured vlans and irb interface for the same and we are passing the vlan through the aggregated ethernet to the L2 switch. But the irb.1 interface link  was in down status, physical interface and lacp links are active.we tried to configure a new vlan and assigned to the interface but that vlan also in down state.

    Here i am pasting the Vlan configuration ;

    root@MMCS-DUMAD# run show interfaces terse irb*
    Interface               Admin Link Proto    Local                 Remote
    irb                              up          up
    irb.0                          up    down inet     192.168.2.1/24
    irb.2                         up    up   inet     10.6.7.1/24
    irb.102                   up    down inet     10.2.7.1/24

    ge-0/0/0                up    up
    ge-0/0/0.0              up    up   aenet    --> ae0.0
    ge-0/0/1                up    up
    ge-0/0/1.0              up    up   aenet    --> ae0.0

    root@MMCS-DUMAD# run show interfaces terse ae*
    Interface               Admin Link Proto    Local                 Remote
    ae0                     up    up
    ae0.0                   up    up   eth-switch
    ae1                     up    up
    ae1.0                   up    up   eth-switch


    [edit]
    root@MMCS-DUMAD# run ping 10.2.7.1
    PING 10.2.7.1 (10.2.7.1): 56 data bytes
    ping: sendto: No route to host
    ping: sendto: No route to host
    ping: sendto: No route to host
    ping: sendto: No route to host
    ^C
    --- 10.2.7.1 ping statistics ---
    4 packets transmitted, 0 packets received, 100% packet loss


    root@MMCS-DUMAD# run show configuration | display set | no-more
    set version 20.2R3-S2.5

    set security zones security-zone trust interfaces irb.0
    set security zones security-zone trust interfaces irb.1
    set security zones security-zone trust interfaces irb.2
    set interfaces ge-0/0/0 gigether-options 802.3ad ae0
    set interfaces ge-0/0/1 gigether-options 802.3ad ae0
    set interfaces ge-0/0/4 gigether-options 802.3ad ae1
    set interfaces ge-0/0/5 gigether-options 802.3ad ae1

    set interfaces ae0 aggregated-ether-options lacp active
    set interfaces ae0 unit 0 family ethernet-switching vlan members RTU-SCADA
    set interfaces ae1 aggregated-ether-options lacp active
    set interfaces ae1 unit 0 family ethernet-switching vlan members MGMT-Backup

    set interfaces irb unit 0 family inet address 192.168.2.1/24
    set interfaces irb unit 2 family inet address 10.6.7.1/24
    set interfaces irb unit 102 family inet address 10.2.7.1/24

    set vlans MGMT-Backup vlan-id 106
    set vlans MGMT-Backup l3-interface irb.2
    set vlans RTU-SCADA vlan-id 102
    set vlans RTU-SCADA l3-interface irb.102
    set vlans vlan-trust vlan-id 3
    set vlans vlan-trust l3-interface irb.0

    Thanks in advance



    ------------------------------
    MUTHU PANDII
    ------------------------------



  • 2.  RE: SRX irb.1 interface is not pinging

    Posted 06-06-2023 07:04

    For an virtual irb interface to come up/up one of the physical interfaces in the same vlan must be up/up. 

    Same for ae interfaces they will not come to up/up without a physical interface being up/up

    I don't see any other interfaces assigned to the vlan-trust above.  Which are assigned there and what is their status?



    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------



  • 3.  RE: SRX irb.1 interface is not pinging

    Posted 06-06-2023 10:58

    Ge-0/0/0 and Ge-0/0/1 are the physical interfaces of ae0.0 and the physical interfaces are up.

    ae0.0 interface was mapped to the vlan 102 and the l-3 interface was irb.102 which is down.

    physical interfaces status are up and ae interface also up but the irb.102 interface was still down only

    .



    ------------------------------
    MUTHU PANDII
    ------------------------------



  • 4.  RE: SRX irb.1 interface is not pinging

    Posted 06-07-2023 07:07

    Sorry, I was looking at the wrong vlan.

    So irb.102 is up/up in the status above.  So the reason ping is not working will have to do with the default source address for the ping on the switch and the reachability of the vlan itself from there.

    If you have a dedicated mgmt interface setup that would be the default source.  I think if none is in place it defaults to the lowest ip address configured.

    Or you can just specify a source address in the ping command for what you want to test reachability from with the ip of the vlan you want to be sure can communicate with irb.102



    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------