Routing

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.
  • 1.  Communication through 2 srx not establishing

    This message was posted by a user wishing to remain anonymous
    Posted 03-08-2023 09:03
    This message was posted by a user wishing to remain anonymous

    Hi,
    Two srx not communicating,the ports are configured as trunk with allowed vlans.
    The SRX models are SRX 550 and SRX 345, SRX connected each other using fiber link.
    Please find attached screenshot and advise.

    SRX 550 Config

    set interfaces ge-0/0/8 unit 0 family ethernet-switching interface-mode trunk
    set interfaces ge-0/0/8 unit 0 family ethernet-switching vlan members srx550
    set interfaces irb unit 90 family inet address 10.0.0.3/24 vrrp-group 1 virtual-address 10.0.0.1
    set interfaces irb unit 90 family inet address 10.0.0.3/24 vrrp-group 1 priority 202
    set interfaces irb unit 90 family inet address 10.0.0.3/24 vrrp-group 1 preempt
    set interfaces irb unit 90 family inet address 10.0.0.3/24 vrrp-group 1 accept-data
    set security zones security-zone srx550 host-inbound-traffic system-services all
    set security zones security-zone srx550 host-inbound-traffic protocols all
    set security zones security-zone srx550 interfaces irb.90
    set vlans srx550 vlan-id 90
    set vlans srx550 l3-interface irb.90

    SRX 345 Config

    set interfaces ge-0/0/12 unit 0 family ethernet-switching interface-mode trunk
    set interfaces ge-0/0/12 unit 0 family ethernet-switching vlan members srx345
    set interfaces irb unit 90 family inet address 10.0.0.4/24 vrrp-group 1 virtual-address 10.0.0.2
    set interfaces irb unit 90 family inet address 10.0.0.4/24 vrrp-group 1 priority 202
    set interfaces irb unit 90 family inet address 10.0.0.4/24 vrrp-group 1 preempt
    set interfaces irb unit 90 family inet address 10.0.0.4/24 vrrp-group 1 accept-data
    set security zones security-zone srx345 host-inbound-traffic system-services all
    set security zones security-zone srx345 host-inbound-traffic protocols all
    set security zones security-zone srx345 interfaces irb.90
    set vlans s345 vlan-id 90
    set vlans s345 l3-interface irb.90



  • 2.  RE: Communication through 2 srx not establishing

    Posted 03-08-2023 09:07

    What is the communication that is currently blocked?

    What is permitted on the link will depend on whether it is transit traffic through the SRX zones or self traffic between the devices and what the protocols involved are.

    What you show so far should cover things like ospf between the SRX and other protocols but any transit traffic would also need a security policy created.



    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------