Hello
We are trying to configure our network with an srx345 firewalll and a ex3400 switch. I am trying to connect them together with a trunk port and pass dhcp & vlan through.
the two are not talking to each other. I can't ping the srx from the ex.
both configs and output from the devices.
version 15.1X49-D120.3;
system {
host-name gateway;
time-zone GMT-6;
root-authentication {
}
name-server {
67.217.151.131;
67.217.151.130;
8.8.8.8;
8.8.4.4;
}
name-resolution {
no-resolve-on-input;
}
services {
ssh;
telnet;
xnm-clear-text;
dhcp-local-server {
group jweb-default-group {
interface irb.0;
}
group group10 {
interface irb.1;
}
group group11 {
interface irb.2;
}
group group12 {
interface irb.3;
}
}
web-management {
https {
system-generated-certificate;
}
}
}
syslog {
archive size 100k files 3;
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
max-configurations-on-flash 5;
max-configuration-rollbacks 5;
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
ntp {
server us.ntp.pool.org;
}
}
chassis {
alarm {
management-ethernet {
link-down ignore;
}
}
}
security {
log {
mode stream;
report;
}
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
nat {
source {
rule-set nsw_srcnat {
from zone Inside;
to zone Internet;
rule nsw-src-interface {
match {
source-address 0.0.0.0/0;
destination-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
}
policies {
from-zone Inside to-zone Internet {
policy All_Inside_Internet {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
policy AllowAll_Internet_Inside {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone Internet to-zone Inside {
policy AllowAll_Internet_Inside {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone Inside {
interfaces {
irb.0 {
host-inbound-traffic {
system-services {
ping;
dhcp;
}
}
}
ge-0/0/3.0;
}
}
security-zone Internet {
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
ping;
}
}
}
}
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 162.208.45.185/24;
}
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching {
interface-mode access;
vlan {
members vlan0;
}
}
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching {
interface-mode access;
vlan {
members vlan0;
}
}
}
}
ge-0/0/3 {
unit 0 {
family inet {
dhcp-client;
}
}
}
ge-0/0/4 {
unit 0 {
family ethernet-switching {
interface-mode access;
vlan {
members vlan0;
}
}
}
}
ge-0/0/5 {
unit 0 {
family ethernet-switching {
interface-mode access;
vlan {
members vlan0;
}
}
}
}
ge-0/0/7 {
unit 0 {
description "trunk to ex";
family ethernet-switching {
interface-mode trunk;
vlan {
members [ vlan10 vlan11 vlan12 ];
}
##
## Warning: statement ignored: unsupported platform (srx345)
##
native-vlan-id 1;
}
}
}
fxp0 {
unit 0 {
family inet {
address 192.168.1.1/24;
}
}
}
irb {
unit 0 {
family inet {
address 10.8.0.1/8;
}
}
unit 1 {
family inet {
address 10.0.10.1/32;
}
}
unit 2 {
family inet {
address 10.0.11.1/32;
}
}
unit 3 {
family inet {
address 10.0.12.1/32;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop [ 10.8.0.1 162.208.45.1 ];
}
}
protocols {
l2-learning {
global-mode switching;
}
rstp {
interface all;
}
}
access {
address-assignment {
pool jweb-default-pool {
family inet {
network 10.0.0.0/24;
range jweb-default-range {
low 10.0.0.1;
high 10.0.0.254;
}
dhcp-attributes {
name-server {
67.217.151.130;
67.217.151.131;
}
router {
10.8.0.1;
}
}
}
}
pool pool10 {
family inet {
network 10.0.10.0/24;
range range10 {
low 10.0.10.1;
high 10.0.10.254;
}
dhcp-attributes {
name-server {
67.217.151.130;
67.217.151.131;
}
router {
10.8.0.1;
}
}
}
}
pool pool11 {
family inet {
network 10.0.11.0/24;
range range11 {
low 10.0.11.1;
high 10.0.11.254;
}
dhcp-attributes {
name-server {
67.217.151.130;
67.217.151.131;
}
router {
10.8.0.1;
}
}
}
}
pool pool12 {
family inet {
network 10.0.12.0/24;
range range12 {
low 10.0.12.1;
high 10.0.12.254;
}
dhcp-attributes {
name-server {
67.217.151.130;
67.217.151.131;
}
router {
10.8.0.1;
}
}
}
}
}
}
vlans {
vlan0 {
vlan-id 2;
l3-interface irb.0;
}
vlan10 {
description vlan10;
vlan-id 10;
l3-interface irb.1;
}
vlan11 {
description "vlan 11";
vlan-id 11;
l3-interface irb.2;
}
vlan12 {
description vlan12;
vlan-id 12;
l3-interface irb.3;
}
}output:
root@gateway> show vlans
Routing instance VLAN name Tag Interfaces
default-switch default 1
default-switch vlan0 2
ge-0/0/1.0
ge-0/0/2.0*
ge-0/0/4.0
ge-0/0/5.0
default-switch vlan10 10
ge-0/0/7.0*
default-switch vlan11 11
ge-0/0/7.0*
default-switch vlan12 12
ge-0/0/7.0*
root@gateway> show interfaces terse
Interface Admin Link Proto Local Remote
ge-0/0/0 up up
ge-0/0/0.0 up up inet 162.208.45.185/24
gr-0/0/0 up up
ip-0/0/0 up up
lsq-0/0/0 up up
lt-0/0/0 up up
mt-0/0/0 up up
sp-0/0/0 up up
sp-0/0/0.0 up up inet
inet6
sp-0/0/0.16383 up up inet 10.0.0.1 --> 10.0.0.16
10.0.0.6 --> 0/0
128.0.0.1 --> 128.0.1.16
128.0.0.6 --> 0/0
ge-0/0/1 up down
ge-0/0/1.0 up down eth-switch
ge-0/0/2 up up
ge-0/0/2.0 up up eth-switch
ge-0/0/3 up down
ge-0/0/3.0 up down inet
ge-0/0/4 up down
ge-0/0/4.0 up down eth-switch
ge-0/0/5 up down
ge-0/0/5.0 up down eth-switch
ge-0/0/6 up down
ge-0/0/7 up up
ge-0/0/7.0 up up eth-switch
ge-0/0/8 up down
ge-0/0/9 up down
ge-0/0/10 up down
ge-0/0/11 up down
ge-0/0/12 up down
ge-0/0/13 up down
ge-0/0/14 up down
ge-0/0/15 up down
fxp0 up down
fxp0.0 up down inet 192.168.1.1/24
fxp2 up up
fxp2.0 up up tnp 0x1
gre up up
ipip up up
irb up up
irb.0 up up inet 10.8.0.1/8
irb.1 up up inet 10.0.10.1 --> 0/0
irb.2 up up inet 10.0.11.1 --> 0/0
irb.3 up up inet 10.0.12.1 --> 0/0
jsrv up up
jsrv.1 up up inet 128.0.0.127/2
lo0 up up
lo0.16384 up up inet 127.0.0.1 --> 0/0
lo0.16385 up up inet 10.0.0.1 --> 0/0
10.0.0.16 --> 0/0
128.0.0.1 --> 0/0
128.0.0.4 --> 0/0
128.0.1.16 --> 0/0
lo0.32768 up up
lsi up up
mtun up up
pimd up up
pime up up
pp0 up up
ppd0 up up
ppe0 up up
st0 up up
tap up up
vlan up down
vtep up up
root@gateway> show route
inet.0: 10 destinations, 13 routes (10 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Static/5] 1w3d 16:37:17
> to 162.208.45.1 via ge-0/0/0.0
10.0.0.0/8 *[Direct/0] 5w3d 22:16:33> via irb.0
10.0.0.1/32 *[Access-internal/12] 17w5d 07:55:46> to 10.8.0.1 via irb.0
10.0.10.1/32 *[Direct/0] 01:23:36> via irb.1
[Local/0] 01:23:36
Local via irb.1
10.0.11.1/32 *[Direct/0] 01:23:36> via irb.2
[Local/0] 01:23:36
Local via irb.2
10.0.12.1/32 *[Direct/0] 01:23:36> via irb.3
[Local/0] 01:23:36
Local via irb.3
10.8.0.1/32 *[Local/0] 17w5d 07:56:22
Local via irb.0
162.208.45.0/24 *[Direct/0] 1w3d 16:37:17> via ge-0/0/0.0
162.208.45.185/32 *[Local/0] 17w5d 07:56:10
Local via ge-0/0/0.0
192.168.1.1/32 *[Local/0] 17w5d 07:56:35
Reject
root@gateway> show arp
MAC Address Address Name Interface Flags
a4:13:4e:44:9a:f0 10.0.0.1 10.0.0.1 irb.0 none
88:e0:f3:ee:bf:c0 162.208.45.1 162.208.45.1 ge-0/0/0.0 none
88:e0:f3:ee:bf:c0 162.208.45.27 162.208.45.27 ge-0/0/0.0 none
Total entries: 3Ex switch and output:
version 15.1X53-D58.3;
system {
host-name switch;
auto-snapshot;
root-authentication {
}
services {
ssh {
protocol-version v2;
}
telnet;
netconf {
ssh;
}
web-management {
http;
https {
system-generated-certificate;
}
}
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
chassis {
alarm {
management-ethernet {
link-down ignore;
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family ethernet-switching {
vlan {
members vlan10;
}
}
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching {
vlan {
members vlan10;
}
storm-control default;
}
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching {
vlan {
members vlan10;
}
storm-control default;
}
}
}
ge-0/0/3 {
unit 0 {
family ethernet-switching {
vlan {
members vlan10;
}
storm-control default;
}
}
}
ge-0/0/4 {
apply-macro juniper-port-profile {
Desktop;
}
unit 0 {
family ethernet-switching {
interface-mode access;
vlan {
members vlan10;
}
storm-control default;
}
}
}
ge-0/0/5 {
unit 0 {
family ethernet-switching {
vlan {
members vlan10;
}
storm-control default;
}
}
}
ge-0/0/6 {
unit 0 {
family ethernet-switching {
vlan {
members vlan10;
}
storm-control default;
}
}
}
ge-0/0/7 {
unit 0 {
family ethernet-switching {
vlan {
members vlan10;
}
storm-control default;
}
}
}
ge-0/0/8 {
unit 0 {
family ethernet-switching {
vlan {
members vlan10;
}
storm-control default;
}
}
}
ge-0/0/9 {
unit 0 {
family ethernet-switching {
vlan {
members vlan10;
}
storm-control default;
}
}
}
ge-0/0/10 {
unit 0 {
family ethernet-switching {
vlan {
members vlan10;
}
storm-control default;
}
}
}
ge-0/0/11 {
unit 0 {
family ethernet-switching {
vlan {
members vlan10;
}
storm-control default;
}
}
}
ge-0/0/12 {
unit 0 {
family ethernet-switching {
vlan {
members vlan11;
}
storm-control default;
}
}
}
ge-0/0/13 {
unit 0 {
family ethernet-switching {
vlan {
members vlan11;
}
storm-control default;
}
}
}
ge-0/0/14 {
unit 0 {
family ethernet-switching {
vlan {
members vlan11;
}
storm-control default;
}
}
}
ge-0/0/15 {
unit 0 {
family ethernet-switching {
vlan {
members vlan11;
}
storm-control default;
}
}
}
ge-0/0/16 {
unit 0 {
family ethernet-switching {
vlan {
members vlan11;
}
storm-control default;
}
}
}
ge-0/0/17 {
unit 0 {
family ethernet-switching {
vlan {
members vlan11;
}
storm-control default;
}
}
}
ge-0/0/18 {
unit 0 {
family ethernet-switching {
vlan {
members vlan11;
}
storm-control default;
}
}
}
ge-0/0/19 {
unit 0 {
family ethernet-switching {
vlan {
members vlan11;
}
storm-control default;
}
}
}
ge-0/0/20 {
unit 0 {
family ethernet-switching {
vlan {
members vlan11;
}
storm-control default;
}
}
}
ge-0/0/21 {
unit 0 {
family ethernet-switching {
vlan {
members vlan11;
}
storm-control default;
}
}
}
ge-0/0/22 {
unit 0 {
family ethernet-switching {
vlan {
members vlan11;
}
storm-control default;
}
}
}
ge-0/0/23 {
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members [ vlan0 vlan11 vlan10 vlan12 ];
}
##
## Warning: statement ignored: unsupported platform (ex3400-24t)
##
native-vlan-id 1;
storm-control default;
}
}
}
ge-0/2/0 {
unit 0 {
family ethernet-switching {
storm-control default;
}
}
}
xe-0/2/0 {
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members 2;
}
storm-control default;
}
}
}
ge-0/2/1 {
unit 0 {
family ethernet-switching {
storm-control default;
}
}
}
xe-0/2/1 {
unit 0 {
family ethernet-switching {
storm-control default;
}
}
}
ge-0/2/2 {
unit 0 {
family ethernet-switching {
storm-control default;
}
}
}
xe-0/2/2 {
unit 0 {
family ethernet-switching {
storm-control default;
}
}
}
ge-0/2/3 {
unit 0 {
family ethernet-switching {
storm-control default;
}
}
}
xe-0/2/3 {
unit 0 {
family ethernet-switching {
storm-control default;
}
}
}
irb {
unit 0 {
family inet {
address 10.0.1.1/8;
}
}
unit 1 {
family inet {
address 10.0.10.1/32;
}
}
unit 2 {
family inet {
address 10.0.11.1/32;
}
}
unit 3 {
family inet {
address 10.0.12.1/32;
}
}
}
me0 {
unit 0 {
family inet {
address 192.168.1.1/24;
}
}
}
}
forwarding-options {
storm-control-profiles default {
all;
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 10.0.0.1;
}
}
protocols {
lldp {
interface all;
}
lldp-med {
interface all;
}
igmp-snooping {
vlan vlan0;
}
rstp {
interface ge-0/0/4 {
edge;
}
interface ge-0/0/5;
interface ge-0/0/6;
interface ge-0/0/7;
interface ge-0/0/8;
interface ge-0/0/9;
interface ge-0/0/10;
interface ge-0/0/11;
interface ge-0/0/12;
interface ge-0/0/13;
interface ge-0/0/14;
interface ge-0/0/15;
interface ge-0/0/16;
interface ge-0/0/17;
interface ge-0/0/18;
interface ge-0/0/19;
interface ge-0/0/20;
interface ge-0/0/21;
interface ge-0/0/22;
interface ge-0/0/23;
interface ge-0/2/0;
interface xe-0/2/0;
interface ge-0/2/1;
interface xe-0/2/1;
interface ge-0/2/2;
interface xe-0/2/2;
interface ge-0/2/3;
interface xe-0/2/3;
interface all;
}
}
access {
address-assignment {
pool jweb-default-pool {
family inet {
network 10.0.1.0/8;
range jweb-default-range {
low 10.0.1.1;
high 10.255.255.254;
}
dhcp-attributes {
maximum-lease-time 43200;
server-identifier 10.0.1.0;
name-server {
67.217.151.131;
67.217.151.130;
}
router {
10.0.0.1;
}
}
}
}
}
}
switch-options {
interface ge-0/0/4.0 {
interface-mac-limit {
1;
packet-action drop;
}
}
}
vlans {
vlan0 {
vlan-id 2;
l3-interface irb.0;
forwarding-options {
dhcp-security {
arp-inspection;
}
}
}
vlan10 {
description vlan10;
vlan-id 10;
l3-interface irb.1;
}
vlan11 {
description "vlan 11";
vlan-id 11;
l3-interface irb.2;
}
vlan12 {
description vlan12;
vlan-id 12;
l3-interface irb.3;
}
}Routing instance VLAN name Tag Interfaces
default-switch default 1
default-switch vlan0 2
ge-0/0/23.0*
default-switch vlan10 10
ge-0/0/0.0
ge-0/0/1.0
ge-0/0/10.0
ge-0/0/11.0
ge-0/0/2.0
ge-0/0/23.0*
ge-0/0/3.0
ge-0/0/4.0
ge-0/0/5.0
ge-0/0/6.0
ge-0/0/7.0
ge-0/0/8.0
ge-0/0/9.0
default-switch vlan11 11
ge-0/0/12.0
ge-0/0/13.0
ge-0/0/14.0
ge-0/0/15.0
ge-0/0/16.0
ge-0/0/17.0
ge-0/0/18.0
ge-0/0/19.0
ge-0/0/20.0
ge-0/0/21.0
ge-0/0/22.0
ge-0/0/23.0*
default-switch vlan12 12
ge-0/0/23.0*
{master:0}
root@switch> show interfaces terse
Interface Admin Link Proto Local Remote
ge-0/0/0 up down
ge-0/0/0.0 up down eth-switch
pfe-0/0/0 up up
pfe-0/0/0.16383 up up inet
inet6
pfh-0/0/0 up up
pfh-0/0/0.16383 up up inet
ge-0/0/1 up down
ge-0/0/1.0 up down eth-switch
ge-0/0/2 up down
ge-0/0/2.0 up down eth-switch
ge-0/0/3 up down
ge-0/0/3.0 up down eth-switch
ge-0/0/4 up down
ge-0/0/4.0 up down eth-switch
ge-0/0/5 up down
ge-0/0/5.0 up down eth-switch
ge-0/0/6 up down
ge-0/0/6.0 up down eth-switch
ge-0/0/7 up down
ge-0/0/7.0 up down eth-switch
ge-0/0/8 up down
ge-0/0/8.0 up down eth-switch
ge-0/0/9 up down
ge-0/0/9.0 up down eth-switch
ge-0/0/10 up down
ge-0/0/10.0 up down eth-switch
ge-0/0/11 up down
ge-0/0/11.0 up down eth-switch
ge-0/0/12 up down
ge-0/0/12.0 up down eth-switch
ge-0/0/13 up down
ge-0/0/13.0 up down eth-switch
ge-0/0/14 up down
ge-0/0/14.0 up down eth-switch
ge-0/0/15 up down
ge-0/0/15.0 up down eth-switch
ge-0/0/16 up down
ge-0/0/16.0 up down eth-switch
ge-0/0/17 up down
ge-0/0/17.0 up down eth-switch
ge-0/0/18 up down
ge-0/0/18.0 up down eth-switch
ge-0/0/19 up down
ge-0/0/19.0 up down eth-switch
ge-0/0/20 up down
ge-0/0/20.0 up down eth-switch
ge-0/0/21 up down
ge-0/0/21.0 up down eth-switch
ge-0/0/22 up down
ge-0/0/22.0 up down eth-switch
ge-0/0/23 up up
ge-0/0/23.0 up up eth-switch
bme0 up up
bme0.0 up up inet 128.0.0.1/2
128.0.0.4/2
128.0.0.16/2
128.0.0.63/2
cbp0 up up
dsc up up
esi up up
gre up up
ipip up up
irb up up
irb.0 up up inet 10.0.1.1/8
irb.1 up up inet 10.0.10.1 --> 0/0
irb.2 up up inet 10.0.11.1 --> 0/0
irb.3 up up inet 10.0.12.1 --> 0/0
jsrv up up
jsrv.1 up up inet 128.0.0.127/2
lo0 up up
lo0.16385 up up inet
lsi up up
me0 up down
me0.0 up down inet 192.168.1.1/24
mtun up up
pimd up up
pime up up
pip0 up up
tap up up
vme up down
vtep up up
{master:0}
root@switch> show route
inet.0: 7 destinations, 10 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Static/5] 2w0d 01:03:35
> to 10.0.0.1 via irb.0
10.0.0.0/8 *[Direct/0] 2w0d 00:30:58> via irb.0
10.0.1.1/32 *[Local/0] 2w6d 23:15:58
Local via irb.0
10.0.10.1/32 *[Direct/0] 01:23:01> via irb.1
[Local/0] 01:23:01
Local via irb.1
10.0.11.1/32 *[Direct/0] 01:23:01> via irb.2
[Local/0] 01:23:01
Local via irb.2
10.0.12.1/32 *[Direct/0] 01:23:01> via irb.3
[Local/0] 01:23:01
Local via irb.3
192.168.1.1/32 *[Local/0] 3w0d 02:34:36
Reject
{master:0}
root@switch> show arp
{master:0}
root@switch>