SRX240 cluster with LACP through a Cisco switch

Hi everyone!

I would like to ask for some help. We are trying to put together 2 SRX240 firewalls in a cluster with a Cisco switch between them and with LACP between them on the reth interfaces. 

The control and the fabric link won't work through the switch only when we connect them together. The management link works fine through the switch. Also the LACP wont aggregate, there's no connection between the two firewalls through these links.

Here is the config from the SRXs and the switch:

set groups node0 interfaces fxp0 unit 0 family inet address 10.X.Y.2/24
set groups node1 interfaces fxp0 unit 0 family inet address 10.X.Y.3/24


set chassis cluster reth-count 1
set chassis cluster redundancy-group 1 node 0 priority 200
set chassis cluster redundancy-group 1 node 1 priority 100
set chassis cluster redundancy-group 1 interface-monitor ge-0/0/14 weight 255
set chassis cluster redundancy-group 1 interface-monitor ge-0/0/15 weight 255
set chassis cluster redundancy-group 1 interface-monitor ge-5/0/15 weight 255
set chassis cluster redundancy-group 1 interface-monitor ge-5/0/14 weight 255

set security zones security-zone MGMT host-inbound-traffic system-services ping
set security zones security-zone MGMT host-inbound-traffic protocols all
set security zones security-zone MGMT interfaces reth1.100
set security zones security-zone MGMT interfaces reth1.104
set security zones security-zone MGMT interfaces reth1.108
set security zones security-zone MGMT interfaces reth1.254

set interfaces ge-0/0/14 gigether-options redundant-parent reth1
set interfaces ge-0/0/15 gigether-options redundant-parent reth1
set interfaces ge-5/0/14 gigether-options redundant-parent reth1
set interfaces ge-5/0/15 gigether-options redundant-parent reth1
set interfaces fab0 fabric-options member-interfaces ge-0/0/2
set interfaces fab1 fabric-options member-interfaces ge-5/0/2

set interfaces reth1 vlan-tagging
set interfaces reth1 redundant-ether-options redundancy-group 1
set interfaces reth1 redundant-ether-options minimum-links 1
set interfaces reth1 redundant-ether-options lacp passive
set interfaces reth1 redundant-ether-options lacp periodic slow

set interfaces reth1 unit 100 vlan-id 100
set interfaces reth1 unit 100 family inet address 10.X.Y.1/24
set interfaces reth1 unit 104 vlan-id 104
set interfaces reth1 unit 104 family inet address 10.X.Y.1/22
set interfaces reth1 unit 108 vlan-id 108
set interfaces reth1 unit 108 family inet address 10.X.Y.1/23
set interfaces reth1 unit 254 vlan-id 254
set interfaces reth1 unit 254 family inet address 10.X.Y.1/24

vlan 100
 name MGMT
vlan 104
 name whatever
vlan 108
 name whatever108
vlan 33 
 name control
vlan 34
 name fabric
vlan 254
 name vlan254


interface Port-channel10
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 100,104,108,254
 switchport mode trunk
!
interface Port-channel20
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 100,104,108,254
 switchport mode trunk
!
interface GigabitEthernet0/1
 switchport access vlan 100
 switchport mode access
!
interface GigabitEthernet0/2
 switchport access vlan 33
 switchport mode access
!
interface GigabitEthernet0/3
 switchport access vlan 34
 switchport mode access
!

interface GigabitEthernet0/13
 switchport access vlan 100
 switchport mode access
!
interface GigabitEthernet0/14
 switchport access vlan 33
 switchport mode access
!
interface GigabitEthernet0/15
 switchport access vlan 34
 switchport mode access

interface GigabitEthernet0/37
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 100,104,108,254
 switchport mode trunk
 channel-group 10 mode active
!
interface GigabitEthernet0/38
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 100,104,108,254
 switchport mode trunk
 channel-group 10 mode active
!

interface GigabitEthernet0/47
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 100,104,108,254
 switchport mode trunk
 channel-group 20 mode active
!
interface GigabitEthernet0/48
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 100,104,108,254
 switchport mode trunk
 channel-group 20 mode active
!

interface Vlan100
 ip address 10.X.Y.50 255.255.255.0
!
ip default-gateway 10.X.Y.1

And here is how the devices are connected together:

Juniper SRX 240 primary side:


SRX -> Cisco SW
ge-0/0/0 -> GigabitEthernet0/1 (mgmt)
ge-0/0/1 -> GigabitEthernet0/2 (control)
ge-0/0/2 -> GigabitEthernet0/3 (fabric)
ge-0/0/14 -> GigabitEthernet0/37 (lacp)
ge/0/0/15 -> GigabitEthernet0/38 (lacp)

Juniper SRX 240 secondary:

ge-0/0/0 -> GigabitEthernet0/13 (mgmt)
ge-0/0/1 -> GigabitEthernet0/14 (control)
ge-0/0/2 -> GigabitEthernet0/15 (fabric)
ge-0/0/14 -> GigabitEthernet0/47 (lacp)
ge/0/0/15 -> GigabitEthernet0/48 (lacp)

So what am I missing? The fabric and control links are not supposed to be access ports but rather trunk ports?

I'd appriciate any help and thanks for your help in advance.

Best regards,

Tihi