Log in to ask questions, share your expertise, or stay connected to content you value. Don’t have a login? Learn how to become a member.
We are using SRX340 and we configured vlans and irb interface for the same and we are passing the vlan through the aggregated ethernet to the L2 switch. But the irb.1 interface link was in down status, physical interface and lacp links are active.we tried to configure a new vlan and assigned to the interface but that vlan also in down state.
Here i am pasting the Vlan configuration ;
root@MMCS-DUMAD# run show interfaces terse irb*Interface Admin Link Proto Local Remoteirb up upirb.0 up down inet 192.168.2.1/24irb.2 up up inet 10.6.7.1/24irb.102 up down inet 10.2.7.1/24
ge-0/0/0 up upge-0/0/0.0 up up aenet --> ae0.0ge-0/0/1 up upge-0/0/1.0 up up aenet --> ae0.0
root@MMCS-DUMAD# run show interfaces terse ae*Interface Admin Link Proto Local Remoteae0 up upae0.0 up up eth-switchae1 up upae1.0 up up eth-switch
root@MMCS-DUMAD# run ping 10.2.7.1PING 10.2.7.1 (10.2.7.1): 56 data bytesping: sendto: No route to hostping: sendto: No route to hostping: sendto: No route to hostping: sendto: No route to host^C--- 10.2.7.1 ping statistics ---4 packets transmitted, 0 packets received, 100% packet loss
root@MMCS-DUMAD# run show configuration | display set | no-moreset version 20.2R3-S2.5
set security zones security-zone trust interfaces irb.0set security zones security-zone trust interfaces irb.1set security zones security-zone trust interfaces irb.2set interfaces ge-0/0/0 gigether-options 802.3ad ae0set interfaces ge-0/0/1 gigether-options 802.3ad ae0set interfaces ge-0/0/4 gigether-options 802.3ad ae1set interfaces ge-0/0/5 gigether-options 802.3ad ae1
set interfaces ae0 aggregated-ether-options lacp activeset interfaces ae0 unit 0 family ethernet-switching vlan members RTU-SCADAset interfaces ae1 aggregated-ether-options lacp activeset interfaces ae1 unit 0 family ethernet-switching vlan members MGMT-Backup
set interfaces irb unit 0 family inet address 192.168.2.1/24set interfaces irb unit 2 family inet address 10.6.7.1/24set interfaces irb unit 102 family inet address 10.2.7.1/24
set vlans MGMT-Backup vlan-id 106set vlans MGMT-Backup l3-interface irb.2set vlans RTU-SCADA vlan-id 102set vlans RTU-SCADA l3-interface irb.102set vlans vlan-trust vlan-id 3set vlans vlan-trust l3-interface irb.0
Thanks in advance
For an virtual irb interface to come up/up one of the physical interfaces in the same vlan must be up/up.
Same for ae interfaces they will not come to up/up without a physical interface being up/up
I don't see any other interfaces assigned to the vlan-trust above. Which are assigned there and what is their status?
Ge-0/0/0 and Ge-0/0/1 are the physical interfaces of ae0.0 and the physical interfaces are up.
ae0.0 interface was mapped to the vlan 102 and the l-3 interface was irb.102 which is down.
physical interfaces status are up and ae interface also up but the irb.102 interface was still down only
Sorry, I was looking at the wrong vlan.
So irb.102 is up/up in the status above. So the reason ping is not working will have to do with the default source address for the ping on the switch and the reachability of the vlan itself from there.
If you have a dedicated mgmt interface setup that would be the default source. I think if none is in place it defaults to the lowest ip address configured.
Or you can just specify a source address in the ping command for what you want to test reachability from with the ip of the vlan you want to be sure can communicate with irb.102