[c-nsp] SRX Transparent mode with VLAN Rewrite and LACP

[Muhammad Atif Jauhar]

Hi,

We are trying to setup SRX Cluster in transparent mode with VLAN Rewrite
feature with LACP setting. Our Setup is following

Juniper SRX-1 (xe-0/0/16) ----> Cisco Switch (VSS) (Te-1/5/15)
Juniper SRX-1 (xe-0/0/17) ----> Cisco Switch (VSS) (Te-1/5/16)

Juniper SRX-2 (xe-0/0/16) ----> Cisco Switch (VSS) (Te-2/5/15)
Juniper SRX-2 (xe-0/0/16) ----> Cisco Switch (VSS) (Te-2/5/16)

With simple single interface I am able to perform VLAN Rewrite as per our
basic requirement. But due to limitation currently we have one link for in
and one link for out on each Firewall. But in near future we will add one
more links for in and out for redundancy.

I am trying to configure LACP from now so that in future we just need to
add new interfaces in respective reth interface in SRX and Port-Channel in
Cisco. But LACP is not coming up, kindly suggest any recommendation in
Cisco or Juniper Configuration changes.

Kindly find below Interface configuration of SRX and Cisco

SRX
====
interfaces {
    xe-0/0/16 {
        ether-options {
            redundant-parent reth1;
        }
    }
    xe-0/0/17 {
        ether-options {
            redundant-parent reth2;
        }
    }
    xe-7/0/16 {
        ether-options {
            redundant-parent reth1;
        }
    }
    xe-7/0/17 {
        ether-options {
            redundant-parent reth2;
        }
    }

    reth1 {
        redundant-ether-options {
            redundancy-group 1;
            minimum-links 1;
            lacp {
                active;
                periodic slow;
            }
        }
        unit 0 {
            family ethernet-switching {
                interface-mode trunk;
                vlan {
                    members VLAN-34;
                }
                vlan-rewrite {
                    translate 134 34;
                }
            }
        }
    }
    reth2 {
        redundant-ether-options {
            redundancy-group 1;
            minimum-links 1;
            lacp {
                active;
                periodic slow;
            }
        }
        unit 0 {
            family ethernet-switching {
                interface-mode trunk;
                vlan {
                    members VLAN-34;
                }
            }
        }
    }
}


Cisco
====
interface TenGigabitEthernet1/5/15
 switchport
 switchport mode trunk
 switchport trunk allowed vlan 134
 channel-protocol lacp
 channel-group 134 mode active
end
!
interface TenGigabitEthernet1/5/16
 switchport
 switchport mode trunk
 switchport trunk allowed vlan 34
 channel-protocol lacp
 channel-group 34 mode active
end
!
interface TenGigabitEthernet2/5/15
 switchport
 switchport mode trunk
 switchport trunk allowed vlan 134
 channel-protocol lacp
 channel-group 234 mode active
end
!
interface TenGigabitEthernet2/5/16
 switchport
 switchport mode trunk
 switchport trunk allowed vlan 34
 channel-protocol lacp
 channel-group 334 mode active
end
!
interface Port-channel34
 switchport
 switchport mode trunk
 switchport trunk allowed vlan 34
 lacp fast-switchover
!
interface Port-channel134
 switchport
 switchport mode trunk
 switchport trunk allowed vlan 134
 lacp fast-switchover

!
interface Port-channel234
 switchport
 switchport mode trunk
 switchport trunk allowed vlan 134
 lacp fast-switchover
!
interface Port-channel334
 switchport
 switchport mode trunk
 switchport trunk allowed vlan 34
 lacp fast-switchover
!


Regards,

Muhammad Atif Jauhar
(+966-56-00-04-985)