Hi, guys thanks for help and your time i have a SG-300-10(Cisco Crap) and i want to migrate to my SRX220H, but when i change the data line to the SRX220 i can ping the IP 10.10.2.25 in the VLAN 100 Interface ge-6, but from the cisco(crap) i can ping the ip 10.10.2.25
Cisco Configuration:
interface vlan 1 ip address 10.0.1 255.255.255.0 no ip address dhcp ! interface vlan 5 name SITE_A ip address 192.168.1.2 255.255.255.0 ! interface vlan 10 name SITE_B ip address 172.16.31.55 255.255.255.0 ! interface vlan 100 name REMOTE_NET_A ip address 10.10.2.26 255.255.255.252 ! interface gigabitethernet1 switchport trunk native vlan 5 ! interface gigabitethernet2 switchport trunk native vlan 5 ! interface gigabitethernet3 switchport trunk native vlan 5 ! interface gigabitethernet4 switchport trunk native vlan 10 ! interface gigabitethernet5 switchport trunk native vlan 10 ! interface gigabitethernet6 switchport trunk native vlan 10 ! interface gigabitethernet7 switchport trunk native vlan 10 ! interface gigabitethernet10 switchport mode access switchport access vlan 100 ! ip default-gateway 10.10.2.25
SRX220
interfaces {
ge-0/0/1 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members SITE_A;
}
}
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members SITE_A;
}
}
}
}
ge-0/0/4 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members SITE_B;
}
}
}
}
ge-0/0/5 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members SITE_B;
}
}
}
}
ge-0/0/6 {
speed 1g;
link-mode full-duplex;
gigether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members REMOTE_NET_A;
}
}
}
}
ge-0/0/7 {
unit 0 {
family inet {
address 10.0.0.1/24;
}
}
}
vlan {
unit 5 {
proxy-arp;
family inet {
address 192.168.1.2/24;
}
}
unit 10 {
proxy-arp;
family inet {
address 172.16.31.55/24;
}
}
unit 100 {
proxy-arp;
family inet {
address 10.10.2.26/24;
}
}
}
}
routing-options {
static {
route 192.168.15.0/24 next-hop 192.168.1.254;
}
}
protocols {
vstp {
vlan 10;
vlan 100;
vlan 5;
}
}
security {
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
zones {
security-zone Internal {
interfaces {
ge-0/0/7.0 {
host-inbound-traffic {
system-services {
ping;
http;
https;
ssh;
telnet;
}
}
}
}
}
}
}
vlans {
SITE_A {
vlan-id 5;
l3-interface vlan.5;
}
SITE_B {
vlan-id 10;
l3-interface vlan.10;
}
REMOTE_NET_A {
vlan-id 100;
l3-interface vlan.100;
}
}in my SRX the interfce ge-6 is the interface 10 on the cisco(crap)