- This topic has 14 replies, 4 voices, and was last updated 5 years, 1 month ago by
riot.conn.
- Posts
- riot.connKarma: 35Rank: Padawan
Our backbone network is made up of Juniper switches. I’m having difficulties getting the Stratix and Juniper switches to play nice with each other. Below is how everything is setup.
Juniper switch is setup with vlans 1 (default), 10 (data), and 12 (PLC). It handles the routing between the VLANs. VLAN 1 is 172.16.24.0/22 with gateway set at 172.16.27.254. VLAN 10 is 172.16.30.0/23 with the gateway set at 172.16.30.1. VLAN 12 is 172.16.33.0/24 with the gateway set at 172.16.33.1. Port 3 is connected to the Stratix as a trunk port. My computer is connected to a port on the Juniper as an access port on VLAN 10 with an IP set to 172.16.31.11.
Stratix is setup with IP address 172.16.25.241. VLANs 1 and 12 are setup on it. Port G1/1 is connected to the Juniper switch as a trunk port. Ports F1/1 and F1/2 are connected to computers with IP addresses 172.16.33.91/24 and 172.16.33.92/24. These ports are assigned to VLAN 12. I’ve configured all the smartports for desktop for automation and switch for automation as needed.
I can ping and connect to the Stratix (VLAN1) from my computer (VLAN 10) with no problem. The Stratix can ping my computer and anything else over the Juniper network on any VLAN with no problem. The 2 computers can ping each other.
The problem is the 2 computers cannot ping anything past the Stratix. Nothing connected through the Junipers can ping the computers. The Stratix cannot ping either computer. As best I can tell the VLAN tagging is not passing between the Stratix and the Juniper switches.
tfgmedia_adminHi Jonathon and welcome to the forums!
Curious, are you seeing any kind of uplink errors in the status bar of the Device Manager on your Stratix?
-Fred
riot.connKarma: 35Rank: PadawanOnly alerts are link faults where ports do not have a connection.
CaioKarma: 28Rank: PadawanHi, I had a similar problem pinging through Stratix 5700, but it was only the ping, both vlans were “seeing” each other, I was able to create crossed network shared folders and exchange files. Still don’t know why ping wasn’t working. (see my post)
R
whiskyjimKarma: 262Rank: JediDo you have NAT enabled on the 5700?
riot.connKarma: 35Rank: Padawanricardo robaudo: In my situation, it’s not just ping that’s not working. The computers connected to the Stratix cannot access anything across the network with any protocol or port.
Jim Manley: I do not. It’s something I’ll eventually want to try out, but I need to get past this VLAN issue first.
Came in this morning to find the G1/1 port is flashing orange. The dashboard is reporting the port has a faulty link. It’s bouncing between showing the link is up and showing it has a faulty link. I’ll try a different cable and G1/2 if that doesn’t work.
riot.connKarma: 35Rank: PadawanIs there a way to setup port mirroring on the Stratix so I can look at wireshark?
whiskyjimKarma: 262Rank: JediYes. See attached.
riot.connKarma: 35Rank: PadawanOk. Set G1/2 smartport role to Switch for Automation and moved the connection to the Juniper switch to it. Now I can ping just fine.
I had tried to setup NAT before testing the VLANs so there might be something in the config messing with port G1/1. Maybe. I thought I had removed all NAT related stuff from the config.
whiskyjimKarma: 262Rank: JediRunning NAT on the 5700 messes with lots of “normal” operational things. If you don’t need anything on/behind the switch to communicate the Internet, there’s really no reason to run NAT.
riot.connKarma: 35Rank: PadawanYeah, I’m slowly figuring that out. I applied NAT and got it working. I changed stratix-computer1’s IP address to 192.168.1.90 and translated it to 172.16.33.90 and was able to ping it from my computer. Realized that applying NAT prevents devices on the same VLAN from communicating. Stratix-computer2 could no longer be pinged at 172.16.33.92. Changed it to 192.168.1.92 and added that translation to the instance. Then I was able to ping it again.
I’m not sure that we’ll ever implement NAT, but if we do what happens if multiple Stratixes are setup using NAT with the same VLAN? So Stratix1 and Stratix2 are connected to the Juniper via trunk ports. Both use VLAN 12 and NAT is setup with the below devices:
Switch Device IP address Public IP
Stratix1 Controller1 192.168.1.10 172.16.33.10
Stratix2 Controller2 192.168.1.10 172.16.33.20Would that work?
whiskyjimKarma: 262Rank: JediThat should work so long as you don’t have devices on the private side of Stratix1 trying to communicate with devices on the private side of Stratix2.
riot.connKarma: 35Rank: PadawanThanks everyone for you responses.
tfgmedia_adminHi Jonathan, glad to see you’ve been getting excellent help from some of our moderators!
Just wanted to add, in case you haven’t seen it. I did a video on YouTube that shows a very similar setup with routing and NAT using Stratix 5700 switches. In your case you would be switching out the Stratix “router” with your Juniper, however, the setup should be very similar.
You can check it out here: Stratix 5700 Layer 3 Routing with NAT
riot.connKarma: 35Rank: PadawanThanks, Fred. Those videos are actually how I found this website. You did a good job with them, and they helped a lot.
- You must be logged in to reply to this topic.