[j-nsp] MX204: 802.3ad LAG 2 x 1 G with a Palo Alto firewall
Adam Gent
adam at cadence.net.uk
Thu Mar 18 07:38:47 EDT 2021
Hi,
I'm pretty sure that LACP is not supported for 1G interfaces on MX204.
Kind Regards,
--
Adam Gent
----- Original Message -----
From: "Emmanuel Halbwachs" <Emmanuel.Halbwachs at obspm.fr>
To: juniper-nsp at puck.nether.net
Sent: Thursday, March 18, 2021 11:30:08 AM
Subject: [j-nsp] MX204: 802.3ad LAG 2 x 1 G with a Palo Alto firewall
Hello,
I'm having hard times moving a 2 x 1 Gb/s LAG with a Palo Alto
firewall from a MX5 to a MX204. The MX204 is on my side, the firewall
to the partner side. The firewall have 10G interfaces, but we're stuck
to 1G because of the MMF underground link between the two campuses.
The LAG is seen UP on the MX204 but DOWN on the firewall.
If I put a 10G switch before the MX204, using the same transceivers, I
can ping the remote side. It worked with a MX5. So there must be
something with my MX204 configuration.
If a good soul from here could point me a clue or a direction where to
dig, it will make my day.
Here is what seems relevant to me:
chassis {
aggregated-devices {
ethernet {
device-count 1;
}
}
fpc 0 {
pic 1 {
port 4 {
speed 10g;
}
port 5 {
speed 10g;
}
}
}
}
interfaces {
xe-0/1/4 {
description "IAP (LAG 1/2)";
gigether-options {
802.3ad ae0;
speed 1g;
}
}
xe-0/1/5 {
description "IAP (LAG 2/2)";
gigether-options {
802.3ad ae0;
speed 1g;
}
}
ae0 {
description "IAP (LAG)";
unit 0 {
family bridge {
interface-mode access;
vlan-id 4000;
}
}
}
irb {
unit 4000 {
description IAP-INTERCO-TEST;
family inet {
address 145.238.192.9/30;
}
}
}
}
eh-adm at ro-p-coeur> show interfaces xe-0/1/4 terse
Interface Admin Link Proto Local Remote
xe-0/1/4 up up
xe-0/1/4.0 up up aenet --> ae0.0
eh-adm at ro-p-coeur> show interfaces xe-0/1/5 terse
Interface Admin Link Proto Local Remote
xe-0/1/5 up up
xe-0/1/5.0 up up aenet --> ae0.0
eh-adm at ro-p-coeur> show interfaces ae0 terse
Interface Admin Link Proto Local Remote
ae0 up up
ae0.0 up up bridge
eh-adm at ro-p-coeur> show interfaces xe-0/1/4 brief
Physical interface: xe-0/1/4, Enabled, Physical link is Up
Link-level type: Ethernet, MTU: 1514, MRU: 1522, LAN-PHY mode, Speed: 10Gbps, Loopback: None, Source filtering: Disabled,
Flow control: Disabled, Speed Configuration: 1G
Device flags : Present Running
Interface flags: SNMP-Traps Internal: 0x4000
Link flags : None
Logical interface xe-0/1/4.0
Flags: Up SNMP-Traps 0x24024000 Encapsulation: Ethernet-Bridge
aenet
eh-adm at ro-p-coeur> show interfaces xe-0/1/5 brief
Physical interface: xe-0/1/5, Enabled, Physical link is Up
Link-level type: Ethernet, MTU: 1514, MRU: 1522, LAN-PHY mode, Speed: 10Gbps, Loopback: None, Source filtering: Disabled,
Flow control: Disabled, Speed Configuration: 1G
Device flags : Present Running
Interface flags: SNMP-Traps Internal: 0x4000
Link flags : None
Logical interface xe-0/1/5.0
Flags: Up SNMP-Traps 0x24024000 Encapsulation: Ethernet-Bridge
aenet
eh-adm at ro-p-coeur> show interfaces ae0 brief
Physical interface: ae0, Enabled, Physical link is Up
Link-level type: Ethernet, MTU: 1514, Speed: 20Gbps, Loopback: Disabled, Source filtering: Disabled, Flow control: Disabled
Device flags : Present Running
Interface flags: SNMP-Traps Internal: 0x4000
Logical interface ae0.0
Flags: Up SNMP-Traps 0x24024000 Encapsulation: Ethernet-Bridge
bridge
eh-adm at ro-p-coeur> ping firewall-iap-test
PING firewall-iap-test.obspm.fr (145.238.192.10): 56 data bytes
^C
--- firewall-iap-test.obspm.fr ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
--
Emmanuel Halbwachs DIO/CASTORS/Resp. Réseau,Sécurité
Observatoire de Paris ✆ +33 1 45 07 75 54
Campus Paris : 61 av. de l'Observatoire F 75014 PARIS
Campus Meudon : 11 av. Marcellin Berthelot F 92190 MEUDON
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list