To troubleshoot we could start by looking at the status of the interfaces
show interfaces terse
Note that for irb virtual interface to come to the up/up status at least one physical interface in the same vlan has to be in the up/up status.
If both the layer 2 and layer 3 ip interfaces are up/up
Next phase is to confirm configurations
make sure the vlan assignments for both layer 2 and layer 3 interfaces are correct
confirm that security zones have the properly assigned interfaces
confirm that the security policies are in place
show security policies
If policies are present as expected look for the test traffic sessions
show security flow session
------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
http://puluka.com/home------------------------------
Original Message:
Sent: 09-01-2022 05:25
From: Max Prieler
Subject: VLAN-problem
Hi all,
on my SRX300 I set up a couple of vlans.
IRB.20, ge-0/0/2, ethernet-switching, mode access, zone office
IRB.30, ge-0/0/3, ethernet-switching, mode access, zone media
iface ge-0/0/5, port mode trunk going to the uplink switch containing these vlans and some more ....
rules are to permit all traffic between the zones
If I ping from irb.20 to irb.30 no answer on the client - even not the SRX interface IP ...3.1 , but answer from the srx itself.
Whats going wrong ?
Please be patient, I am not a network engineer :-)
regards Max
------------------------------
Max Prieler
------------------------------