[j-nsp] SRX650 cluster - ethernet switching issue

Paulhamus, Jon jpaulhamus at IU17.ORG
Fri Dec 30 10:26:29 EST 2011 

Hello group -

I have a pair of SRX 650's running in a cluster -

My issue is that I have 2 trunk links on each firewall passing completely different VLAN's but when I enable any form of spanning tree, I'm seeing one of those links blocked (3 out of the 4 links get blocked by STP).  I've tried rstp, stp and mstp - all with the same issue.  The switches in use are 1- EX-4500, and 2 EX-4200's in a VC.   I may have a config issue - or is this possibly a bug?  Any help would be greatly appreciated!

Here is the relevant configuration:

ports 2/0/8 and 2/0/9 are my trunk links on each firewall
port 2/0/15 is the swfab on each firewall

------------------

ge-2/0/8 {
        unit 0 {
            family ethernet-switching {
                port-mode trunk;
                vlan {
                    members [ 200 201 250-260 ];
                }
            }
        }
    }
    ge-2/0/9 {
        unit 0 {
            family ethernet-switching {
                port-mode trunk;
                vlan {
                    members [ 300 400 401 500 850 900 1701 1753 ];
                }
            }
        }
    }

ge-11/0/8 {
        unit 0 {
            family ethernet-switching {
                port-mode trunk;
                vlan {
                    members [ 200 201 250-260 ];
                }
            }
        }
    }
    ge-11/0/9 {
        unit 0 {
            family ethernet-switching {
                port-mode trunk;
                vlan {
                    members [ 300 400 401 500 850 900 1701 1753 ];
                }
            }
        }
    }

swfab0 {
        fabric-options {
            member-interfaces {
                ge-2/0/15;
            }
        }
    }
    swfab1 {
        fabric-options {
            member-interfaces {
                ge-11/0/15;
            }
        }
    }


----------------------

> show chassis cluster ethernet-switching status
Cluster ID: 1
Node                  Priority          Status    Preempt  Manual failover
Redundancy group: 0 , Failover count: 1
    node0                   100         primary        no       no
    node1                   1           secondary      no       no
Redundancy group: 1 , Failover count: 1
    node0                   100         primary        yes      no
    node1                   1           secondary      yes      no
Ethernet switching status:
    Probe state is UP. Both nodes are in single ethernet switching domain(s).


> show chassis cluster ethernet-switching interfaces
swfab0:
    Name               Status
    ge-2/0/15          up
swfab1:
    Name               Status
    ge-11/0/15         up
















Privileged and Confidential:
The information contained in this message and any attachments hereto is intended solely for the use of the individual or entity to which it was addressed, and may contain confidential or privileged information. If you have received this message in error, please notify the sender and delete the message. The unauthorized use, disclosure, duplication or alteration of this message is strictly forbidden. Although BLaST IU 17 has taken precautions to ensure no viruses are present in this communication, BLaST accepts no responsibility for any loss or damage arising from the use of this message or attachments. BLaST additionally accepts no responsibility for any non-business related content.

More information about the juniper-nsp mailing list