SRX

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
Expand all | Collapse all

SRX300 no local switching between ports with recent JunOS

  • 1.  SRX300 no local switching between ports with recent JunOS

    Posted 12-28-2023 19:40

    Hi,

    i have a situation where no local switching is happening between two ports on a SRX300. Essentially, i have the device in flow-mode, two ports (or more) have family ethernet-switching with one or more vlans configured, and traffic is ingressing the device on one port and, based on MAC learning and general topology, should egress the other port. However, this is not happening.

    Topology would be a single SRX300 with two devices (LAN switches, or just a PC and a printer in a small branch office) attached. Devices would not be able to reach each other. I have observed the behaviour with at least two different SRX300, so it's not a hardware issue. I have tried JunOS 21.4R3-S5 as well as 22.4R2-S2, same on both. 20.2R3-S8 appears to be working, i cannot observe the issue here.

    Replication is easy - happens with factory-default configuration (or after zeroize) as with any other configuration that involves family ethernet-switching on two or more ports.

    Anybody else observing the same? I need to replicate the same on a device with support yet to open a JTAC case, was just trying something out in the lab.

    Cheers

    Gregor



    ------------------------------
    GREGOR RADTKE
    ------------------------------


  • 2.  RE: SRX300 no local switching between ports with recent JunOS

    Posted 12-28-2023 19:46

    Are the devices setup to symmetrically route over the interfaces on the SRX?

    Is there a security policy setup between two interface zones to allow the traffic?

    Do you see the sessions created to permit the traffic?

    show security flow session



    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------



  • 3.  RE: SRX300 no local switching between ports with recent JunOS

    Posted 12-29-2023 00:18
    Edited by bkamen 12-29-2023 00:19

    Hi Gregor (and Steve!!), 

    You're not crazy. I ran into the same problem. I just recently configured a brand new SRX300 and loaded the recommended special patch and found switching between ports on same VLAN to be broken. 

    I had to move back to 22.4R2 to make things work. 

    I really wish Juniper did a better job testing this stuff before releasing it.  (version aligned docs would be nice too... oh well.)

    Cheers,



    ------------------------------
    Ben Kamen
    ------------------------------



  • 4.  RE: SRX300 no local switching between ports with recent JunOS

    Posted 12-29-2023 05:46

    Thanks Ben, glad that i am not crazy (well, still debatable i would say :))!

    I will make sure to create a JTAC case. I already had a discussion with my former colleagues, maybe i should ping @Karel Hendrych.. :)



    ------------------------------
    GREGOR RADTKE
    ------------------------------



  • 5.  RE: SRX300 no local switching between ports with recent JunOS

    Posted 12-29-2023 06:26

    Hi Gregor, use 21.4R3-S4, S5 and couple of other releases are impacted by a regression you may be seeing.

    Karel



    ------------------------------
    Karel Hendrych
    ------------------------------



  • 6.  RE: SRX300 no local switching between ports with recent JunOS

    Posted 01-25-2024 09:34

    HI Gregor,

    please do check if srx300 global mode is switching , using command "show ethernet-switching global-information".

    if  not then ,try setting global mode of box to switching by using command "set protocols l2-learning global-mode switching".

    followed by reboot. once srx300 is up and running .you can check traffic switching through.

    Cheers 

    Sudarshan



    ------------------------------
    Sudarshan Basavaraj
    ------------------------------



  • 7.  RE: SRX300 no local switching between ports with recent JunOS

    Posted 14 days ago

    I have recently ran into this same issue.  I upgraded my SRX from 22.4R2 to 22.4R3 and local switching between ports has stopped working.  I checked and global switching is on, as well as a policy to permit traffic for both zones/interfaces.

    The only fix was to rollback to 22.4R2.

    Curious is you have had any feedback on the JTAC case you opened?



    ------------------------------
    JACK RICKETT
    ------------------------------



  • 8.  RE: SRX300 no local switching between ports with recent JunOS

    Posted 14 days ago
    Edited by bkamen 14 days ago

    I'm in the process of configuring another SRX series with the latest patch... so I'm going to check this again.

    But to my knowledge, (shrug) I don't think JTAC has acknowledged this as a problem yet. (that I know of)

    Have you tried the suggested versions above?

    (I need to go do that with this unit I have here)



    ------------------------------
    Ben Kamen
    ------------------------------



  • 9.  RE: SRX300 no local switching between ports with recent JunOS

    Posted 14 days ago

    Hi, there was TSB for that one eventually. This may help:
    https://supportportal.juniper.net/s/article/DHCP-and-ARP-May-Fail-for-Traffic-Received-on-Ethernet-switching-Interfaces-using-IRB

    Karel



    ------------------------------
    Karel Hendrych
    ------------------------------



  • 10.  RE: SRX300 no local switching between ports with recent JunOS

    Posted 14 days ago
    Edited by bkamen 14 days ago

    Checking it out now - tanks!

    UPDATE:

    LOLOLOLOL!! THE KB SAYS TO DISABLE RSTP!! HAHAHAHAHA..... 

    Well this should be fun....  Anyone got any redundancy links?. Myyyeeaaa... we'll have to watch out for that one.

    Thanks again though!

    ------------------------------
    Ben Kamen
    ------------------------------



  • 11.  RE: SRX300 no local switching between ports with recent JunOS

    Posted 14 days ago

    Disabling STP doesn't apply to latest software if you read through carefully, that's just workaround (when applicable) for older impacted software. 



    ------------------------------
    Karel Hendrych
    ------------------------------



  • 12.  RE: SRX300 no local switching between ports with recent JunOS

    Posted 13 days ago

    Yea, I see that. 

    But in the meantime before upgrading. What a pain.

    In fact, I just had a client call me today with what could have been a broadcast storm on their network from a possible loop. (not the fault of the SRX300 though. Someone added some networking equipment incorrectly)

    Thanks again(!) for the link though.



    ------------------------------
    Ben Kamen
    ------------------------------