Sunday, February 17, 2019

Configure VLAN between between Linux and SRX210

I have configure vlans on Ubuntu 18.04 using netplan and on the SRX box but don't seem to be able to pass traffic. Using tcpdump I see only echo request but no reply; I also see the ARP request and reply. On the SRX, the arp table shows the IP entry. Any ideas appreciated.

dude@kvm-host:~$ cat /etc/netplan/01-networkd-managed.yaml network: version: 2 renderer: networkd ethernets: enp7s0: dhcp4: false dhcp6: false vlans: br1.1011: id: 1011 link: br1 addresses: [ 10.240.11.160/24 ] br1.1012: id: 1012 link: br1 addresses: [ 10.240.12.160/24 ] br1.1020: id: 1020 link: br1 addresses: [ 10.240.20.160/24 ] bridges: br1: addresses: [ 10.240.1.160/24 ] interfaces: [ enp7s0 ] gateway4: 10.240.1.1 nameservers: addresses: [ 1.1.1.1,9.9.9.9 ] dude@kvm-host:~$ ip route default via 10.240.1.1 dev br1 proto static 10.240.1.0/24 dev br1 proto kernel scope link src 10.240.1.160 10.240.11.0/24 dev br1.1011 proto kernel scope link src 10.240.11.160 10.240.12.0/24 dev br1.1012 proto kernel scope link src 10.240.12.160 10.240.20.0/24 dev br1.1020 proto kernel scope link src 10.240.20.160 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown dude@kvm-host:~$ netstat -arn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 10.240.1.1 0.0.0.0 UG 0 0 0 br1 10.240.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br1 10.240.11.0 0.0.0.0 255.255.255.0 U 0 0 0 br1.1011 10.240.12.0 0.0.0.0 255.255.255.0 U 0 0 0 br1.1012 10.240.20.0 0.0.0.0 255.255.255.0 U 0 0 0 br1.1020 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0 dude@kvm-host:~/project/virtualization/tmp$ sudo tcpdump -n -i br1 -e | grep "vlan 1011" [sudo] password for dude: tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on br1, link-type EN10MB (Ethernet), capture size 262144 bytes 04:51:19.676157 ce:ea:91:45:8d:f2 > 2c:21:72:ce:8c:c2, ethertype 802.1Q (0x8100), length 102: vlan 1011, p 0, ethertype IPv4, 10.240.11.160 > 10.240.11.1: ICMP echo request, id 2649, seq 1, length 64 04:51:20.692015 ce:ea:91:45:8d:f2 > 2c:21:72:ce:8c:c2, ethertype 802.1Q (0x8100), length 102: vlan 1011, p 0, ethertype IPv4, 10.240.11.160 > 10.240.11.1: ICMP echo request, id 2649, seq 2, length 64 04:51:21.716016 ce:ea:91:45:8d:f2 > 2c:21:72:ce:8c:c2, ethertype 802.1Q (0x8100), length 102: vlan 1011, p 0, ethertype IPv4, 10.240.11.160 > 10.240.11.1: ICMP echo request, id 2649, seq 3, length 64 04:51:22.740012 ce:ea:91:45:8d:f2 > 2c:21:72:ce:8c:c2, ethertype 802.1Q (0x8100), length 102: vlan 1011, p 0, ethertype IPv4, 10.240.11.160 > 10.240.11.1: ICMP echo request, id 2649, seq 4, length 64 04:51:23.764030 ce:ea:91:45:8d:f2 > 2c:21:72:ce:8c:c2, ethertype 802.1Q (0x8100), length 102: vlan 1011, p 0, ethertype IPv4, 10.240.11.160 > 10.240.11.1: ICMP echo request, id 2649, seq 5, length 64 04:51:24.788014 ce:ea:91:45:8d:f2 > 2c:21:72:ce:8c:c2, ethertype 802.1Q (0x8100), length 102: vlan 1011, p 0, ethertype IPv4, 10.240.11.160 > 10.240.11.1: ICMP echo request, id 2649, seq 6, length 64 04:51:24.819994 ce:ea:91:45:8d:f2 > 2c:21:72:ce:8c:c2, ethertype 802.1Q (0x8100), length 46: vlan 1011, p 0, ethertype ARP, Request who-has 10.240.11.1 tell 10.240.11.160, length 28 04:51:24.821829 2c:21:72:ce:8c:c2 > ce:ea:91:45:8d:f2, ethertype 802.1Q (0x8100), length 64: vlan 1011, p 0, ethertype ARP, Reply 10.240.11.1 is-at 2c:21:72:ce:8c:c2, length 46 04:51:25.812014 ce:ea:91:45:8d:f2 > 2c:21:72:ce:8c:c2, ethertype 802.1Q (0x8100), length 102: vlan 1011, p 0, ethertype IPv4, 10.240.11.160 > 10.240.11.1: ICMP echo request, id 2649, seq 7, length 64 04:51:26.836057 ce:ea:91:45:8d:f2 > 2c:21:72:ce:8c:c2, ethertype 802.1Q (0x8100), length 102: vlan 1011, p 0, ethertype IPv4, 10.240.11.160 > 10.240.11.1: ICMP echo request, id 2649, seq 8, length 64 04:51:27.860038 ce:ea:91:45:8d:f2 > 2c:21:72:ce:8c:c2, ethertype 802.1Q (0x8100), length 102: vlan 1011, p 0, ethertype IPv4, 10.240.11.160 > 10.240.11.1: ICMP echo request, id 2649, seq 9, length 64 04:51:28.884049 ce:ea:91:45:8d:f2 > 2c:21:72:ce:8c:c2, ethertype 802.1Q (0x8100), length 102: vlan 1011, p 0, ethertype IPv4, 10.240.11.160 > 10.240.11.1: ICMP echo request, id 2649, seq 10, length 64 04:51:29.908064 ce:ea:91:45:8d:f2 > 2c:21:72:ce:8c:c2, ethertype 802.1Q (0x8100), length 102: vlan 1011, p 0, ethertype IPv4, 10.240.11.160 > 10.240.11.1: ICMP echo request, id 2649, seq 11, length 64 [edit interfaces fe-0/0/2] admin# run clear arp 10.240.0.160 deleted 10.240.1.160 deleted 10.240.11.160 deleted 10.240.0.177 deleted [edit interfaces fe-0/0/2] admin# run show arp MAC Address Address Name Interface Flags 72:a6:13:26:3d:95 10.240.0.160 10.240.0.160 ge-0/0/1.0 none 52:54:00:21:67:a7 10.240.0.177 10.240.0.177 ge-0/0/1.0 none ce:ea:91:45:8d:f2 10.240.1.160 10.240.1.160 fe-0/0/2.0 none 58:90:43:b7:6d:e8 192.168.2.1 192.168.2.1 ge-0/0/0.0 none Total entries: 4 [edit interfaces fe-0/0/2] admin# run show arp MAC Address Address Name Interface Flags 72:a6:13:26:3d:95 10.240.0.160 10.240.0.160 ge-0/0/1.0 none 52:54:00:21:67:a7 10.240.0.177 10.240.0.177 ge-0/0/1.0 none ce:ea:91:45:8d:f2 10.240.1.160 10.240.1.160 fe-0/0/2.0 none ce:ea:91:45:8d:f2 10.240.11.160 10.240.11.160 fe-0/0/2.1011 none 58:90:43:b7:6d:e8 192.168.2.1 192.168.2.1 ge-0/0/0.0 none Total entries: 5


at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)