Re: [j-nsp] Correct config for SRX port channel -> Cisco

Thu, 25 Jul 2013 12:19:22 -0700 

Here's a full working example that I pulled off my production link. It's 
comprised of a pair of 10gb links.
I renumbered things to protect the guilty.
Useful bits here are adjustments to MTU counting style to make ospf work with 
jumbo frames.


interface port-channel5
  description "UP-srx-o-mystery"
  switchport mode trunk
  switchport trunk allowed vlan 1234
  spanning-tree port type normal
  mtu 9216

interface Ethernet3/8
  description UP-SRX-T2-xe-0/0/0
  no cdp enable
  switchport mode trunk
  switchport trunk allowed vlan 1234
  spanning-tree port type normal
  mtu 9216
  channel-group 5 mode active
  no shutdown

interface Vlan1234
  ip flow monitor favorit-collector input  
  no ip redirects
  ip address 10.22.33.45/29
  ip ospf cost 100
  ip router ospf 1 area 6.6.6.6
  ip pim sparse-mode
  description example
  no shutdown
  mtu 9174

Meanwhile, on the SRX

ae1 {
    description UP-nexus7k-o-evil;
    vlan-tagging;
    mtu 9192;
    aggregated-ether-options {
        lacp {
            active;
        }
    }
    unit 1234 {
        description voicenet-inside;
        vlan-id 1234;
        family inet {
            address 10.22.33.44/29;
        }
    }

and for each member:
xe-13/2/0 {
    description "srx to Nexus";
    gigether-options {
        802.3ad ae1;
    }
}






On Jul 25, 2013, at 11:19 AM, Phil Mayers wrote:

> On 24/07/13 17:11, Phil Mayers wrote:
>> On 24/07/13 17:01, Olivier Benghozi wrote:
>>> Hi Phil,
>>> 
>>> what is the Cisco model & IOS?
>> 
>> It's actually an Nexus 7009 running NX-OS.
>> 
>>> 
>>> Did you create the vlan in the vlan database in your Cisco switch? :)
>> 
>> Yep
>> 
>>> 
>>> Maybe try switchport nonegotiate...
>> 
>> No such command on NX-OS, there's no DTP.
>> 
> 
> In case people are curious, this seems to be a bug on the Cisco side.
> 
> If the port-channel is in "trunk" mode, the Cisco is sending the LACP PDUs 
> tagged with the native vlan, as we have "vlan dot1q tag native" enabled. This 
> an error IMO, as LACP is not part of a VLAN (it is doing the same for LLDP, 
> FWIW)
> 
> The SRX, correctly I believe, is ignoring the tagged LACP PDUs.
> 
> I can work around this by using sub-interfaces on the Cisco side, but it's 
> yucky. Oh well.
> 
> Thanks all for the input.
> _______________________________________________
> juniper-nsp mailing list [email protected]
> https://puck.nether.net/mailman/listinfo/juniper-nsp


_______________________________________________
juniper-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/juniper-nsp

Reply via email to