[j-nsp] Correct config for SRX port channel -> Cisco

OBrien, Will ObrienH at missouri.edu
Thu Jul 25 15:16:32 EDT 2013 

Here's a full working example that I pulled off my production link. It's comprised of a pair of 10gb links.
I renumbered things to protect the guilty.
Useful bits here are adjustments to MTU counting style to make ospf work with jumbo frames.


interface port-channel5
  description "UP-srx-o-mystery"
  switchport mode trunk
  switchport trunk allowed vlan 1234
  spanning-tree port type normal
  mtu 9216

interface Ethernet3/8
  description UP-SRX-T2-xe-0/0/0
  no cdp enable
  switchport mode trunk
  switchport trunk allowed vlan 1234
  spanning-tree port type normal
  mtu 9216
  channel-group 5 mode active
  no shutdown

interface Vlan1234
  ip flow monitor favorit-collector input  
  no ip redirects
  ip address 10.22.33.45/29
  ip ospf cost 100
  ip router ospf 1 area 6.6.6.6
  ip pim sparse-mode
  description example
  no shutdown
  mtu 9174

Meanwhile, on the SRX

ae1 {
    description UP-nexus7k-o-evil;
    vlan-tagging;
    mtu 9192;
    aggregated-ether-options {
        lacp {
            active;
        }
    }
    unit 1234 {
        description voicenet-inside;
        vlan-id 1234;
        family inet {
            address 10.22.33.44/29;
        }
    }

and for each member:
xe-13/2/0 {
    description "srx to Nexus";
    gigether-options {
        802.3ad ae1;
    }
}






On Jul 25, 2013, at 11:19 AM, Phil Mayers wrote:

> On 24/07/13 17:11, Phil Mayers wrote:
>> On 24/07/13 17:01, Olivier Benghozi wrote:
>>> Hi Phil,
>>> 
>>> what is the Cisco model & IOS?
>> 
>> It's actually an Nexus 7009 running NX-OS.
>> 
>>> 
>>> Did you create the vlan in the vlan database in your Cisco switch? :)
>> 
>> Yep
>> 
>>> 
>>> Maybe try switchport nonegotiate...
>> 
>> No such command on NX-OS, there's no DTP.
>> 
> 
> In case people are curious, this seems to be a bug on the Cisco side.
> 
> If the port-channel is in "trunk" mode, the Cisco is sending the LACP PDUs tagged with the native vlan, as we have "vlan dot1q tag native" enabled. This an error IMO, as LACP is not part of a VLAN (it is doing the same for LLDP, FWIW)
> 
> The SRX, correctly I believe, is ignoring the tagged LACP PDUs.
> 
> I can work around this by using sub-interfaces on the Cisco side, but it's yucky. Oh well.
> 
> Thanks all for the input.
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list