[j-nsp] trouble setting up link agg between clustered SRX 550 and Cisco 6509
Per Westerlund
p1 at westerlund.se
Fri Aug 16 18:06:37 EDT 2013
What versions are you running?
Apparently L3 support for this type of config was available before the L2 version was ready.
Being lazy, and not having access to equipment where I can set this up, I will start with a pointer to someone who did a similar thing a while ago: http://cooperlees.com/blog/?p=401
/Per
16 aug 2013 kl. 17:37 skrev Andy Litzinger <Andy.Litzinger at theplatform.com>:
> Hi Per,
> thanks for your suggestion. I've set it up this way because I'm following this kb: https://kb.juniper.net/InfoCenter/index?page=content&id=KB22474
>
> it's not exactly apples to apples since I'm not connecting to an EX and I'm connecting to two switches instead of one, but I don't think those details matter in this case.
>
> Also, several people have pointed out that in the config I posted I had a difference with the channel mode (active vs passive) on the cisco side between the two ports I'm trying to aggregate. I apologize- that is just the state I left it in during troubleshooting. you'll note that the second interface, 8/2, is also actually shutdown in the config I posted. I have tried setting both to active and both to passive with no luck.
>
> -andy
>
>> -----Original Message-----
>> From: Per Westerlund [mailto:p1 at westerlund.se]
>> Sent: Friday, August 16, 2013 12:54 AM
>> To: Andy Litzinger
>> Cc: juniper-nsp at puck.nether.net
>> Subject: Re: [j-nsp] trouble setting up link agg between clustered SRX 550
>> and Cisco 6509
>>
>> The components of the SRX RETH-interfaces are not all active at the same
>> time, this is a fail-over construct. One active link at the time.
>>
>> You should be looking at the AE-interfaces instead, they are proper LACP
>> aggregators.
>>
>> /Per
>>
>> 16 aug 2013 kl. 00:55 skrev Andy Litzinger
>> <Andy.Litzinger at theplatform.com>:
>>
>>> Has anyone had any difficulty creating a port channel between an SRX
>> cluster (in this case, SRX 550s) and Cisco switches (in this case 6509s, non-
>> VSS)?
>>>
>>> When I tried to bring up a second link in the link agg group the cisco side put
>> it in state "I" which means: standalone. It also logged this message:
>>> %EC-SP-5-CANNOT_BUNDLE_LACP: Gi8/2 is not compatible with
>> aggregators
>>> in channel 10 and cannot attach to them (flow control send of Gi8/2 is
>>> on, Gi8/1 is off)
>>>
>>> I did some googling and found a couple articles that seemed to say that the
>> SRX doesn't support flow-control so I tried turning it off on the cisco side.:
>>> interface 8/1 flowcontrol send off
>>> interface 8/2 flowcontrol send off
>>> interface po10 flowconftorl send off
>>>
>>> This didn't help and when I shut/no shut the port channel on the cisco side
>> the whole thing went offline and wouldn't come back until I rebuilt it.
>>>
>>> any ideas?
>>>
>>> SRX-A connects to 6509-A with 2 physical links bundled into reth0
>>> SRX-B connects to 6509-B with 2 physical links bundled into reth0
>>>
>>> SRX side config:
>>>> show configuration interfaces ge-0/0/4
>>> gigether-options {
>>> redundant-parent reth0;
>>> }
>>>> show configuration interfaces ge-0/0/6
>>> gigether-options {
>>> redundant-parent reth0;
>>> }
>>>> show configuration interfaces ge-9/0/4
>>> gigether-options {
>>> redundant-parent reth0;
>>> }
>>>> show configuration interfaces ge-9/0/6
>>> gigether-options {
>>> redundant-parent reth0;
>>> }
>>>
>>>> show configuration interfaces reth0
>>> vlan-tagging;
>>> redundant-ether-options {
>>> redundancy-group 1;
>>> lacp {
>>> active;
>>> periodic fast;
>>> }
>>> }
>>> unit x {
>>> vlan-id x;
>>> family inet {
>>> address x.x.x.x/zz;
>>> }
>>> }
>>> unit y {
>>> vlan-id y;
>>> family inet {
>>> address x.x.x.x/zz;
>>> }
>>> }
>>>
>>>
>>> cisco side on 6509-A:
>>> interface GigabitEthernet8/1
>>> description srx01-g0/4
>>> switchport
>>> switchport trunk encapsulation dot1q
>>> switchport trunk allowed vlan x,y
>>> switchport mode trunk
>>> switchport nonegotiate
>>> spanning-tree portfast edge trunk
>>> channel-group 10 mode active
>>> end
>>>
>>> interface GigabitEthernet8/2
>>> description srx01-g0/6
>>> switchport
>>> switchport trunk encapsulation dot1q
>>> switchport trunk allowed vlan x,y
>>> switchport mode trunk
>>> switchport nonegotiate
>>> shutdown
>>> spanning-tree portfast edge trunk
>>> channel-group 10 mode passive
>>> end
>>>
>>> interface Port-channel10
>>> description srx01-internal
>>> switchport
>>> switchport trunk encapsulation dot1q
>>> switchport trunk allowed vlan x,y
>>> switchport mode trunk
>>> switchport nonegotiate
>>> spanning-tree portfast edge trunk
>>> end
>>>
>>> the 6509-B config is identical
>>>
>>> thanks!
>>> -andy
>>>
>>> _______________________________________________
>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list