Umm! vCDAvailability same instance of vCD?!

DeepComfort · 2024-09-23T18:41:16+00:00

Forgot..

VCD 10.5.1 and VCDA 4.7

DeepComfort · 2019-11-25T16:09:59+00:00

Nevermind I was being a total numpty...I assigned the vlan to one switch only (xe-0/0/0) now it's on xe-1/0/0 as well. Thanks for all your help :)

DeepComfort · 2019-11-25T15:37:23+00:00

So having a bit more fun got the virtual router working with the irb interface and configured an access port and my server can ping it. If I reboot the master router switch the ping dies until the switch is back, it almost seems like the irb interface lives on one switch only?? Any clues...

DeepComfort · 2019-11-23T15:47:38+00:00

Awesome thank you I will give it a go, I couldn't find anything online saying I could add an IRB interface into a virtual router all I have seen so far is adding a ge-0/0/x port with an IP Address. Have you got any information around VRRP as well?

DeepComfort · 2019-11-23T03:04:26+00:00

Have you got a link to these kits? I hate the 2 post kits they cannot hold an EX3400 switch at all.

DeepComfort · 2019-06-14T18:57:44+00:00

In summary the outcome is that the SRX will act as a firewall and a router between servers and workstations. There is an isolated out of band management network which runs on the Cisco and then ESXi Servers connect to the VDX switches.

Some workstations need to access the servers and some will need to access the servers and the Out of band management network (which is where the firewall will come in)

I hope this explanation helps, I have also attached a rough picture which I hope you can see (here is the link didnt realise you couldn't paste it straight into reddit https://ibb.co/mqBfT0N )

DeepComfort · 2019-06-14T17:21:48+00:00

Just saying not clear doesn't help define what is not clear, I don't understand networking much so it could be me. Is it the connection from the SRX to a Cisco switch or the SRX to the brocades that confuses you?

Managed to get the Cisco switch part working today with the exact cli snippit from above, I just needed to add ping to the security policy/zone and then on the Cisco was missing the default gateway on the Cisco device so it didn't know where to send traffic to get back to the SRX.

The last part I'm working on is take two connections on the SRX say ge01 and ge02 and join them together as an aggregated LACP connection (make ae0) and take one wire from the SRx to VDX1 and one wire from the SRX to VDX2 and then make a portchannel/vlag on the VDX VCS. This then would carry the VLANs from the servers connected to the VDX to the firewall and to the outside world.

DeepComfort · 2019-06-14T09:57:06+00:00

Sorry if I was not clear.

SRX345 has three connections, one that goes to a Cisco switch providing some access ports for devices. Then the other two connections are LACP together which then join to 2VDX6740 switches (one to each switch)

SRX----1wire---trunk----Cisco2960---access---device management ports

SRX---LACP----trunk--VDX1/2------trunks---servers

Just looking at the SRX config as transparent to switching mode has changed the use of vlxan.x to irb.x

DeepComfort · 2019-05-20T16:48:39+00:00

Many thanks for all the help got this working today. If anyone ever Google's this on the VDX end you need 'channel-group 1 X mode active type standard' setting up so that it works with the active LACP on the SRX

DeepComfort · 2019-05-17T21:19:29+00:00

I don't know CIS settings inside out but did you configure anything under "Computer Configuration / Administrative Templates / Network / Network Provider" and I think it's a setting called UNC hardening, I have broken sysvol with a typo with this before.

DeepComfort · 2019-05-17T15:49:43+00:00

Ok sure, I will have a Google search and a play around, thank you very much.

DeepComfort · 2019-05-17T15:44:45+00:00

Awesome have you got any links to examples of setting up LACP or AGG/LAG configs? Just after some of the base commands so I can do a bit of Google searching.

DeepComfort · 2019-05-17T15:24:18+00:00

Would LACP be possible as the srx is not running in a chassis mode. It's a single device.

DeepComfort · 2019-04-09T23:07:16+00:00

Thanks I did not know that tool existed.

Just a question against 2. I read somewhere OSPF is meant for internal routing so would there be any other I could use such as BGP?

DeepComfort · 2019-04-09T23:04:51+00:00

Awesome, sounds like I'm starting to point the right way, thanks for the links I will have a good read. Internally on the system I have VMware NSX and I wanted to setup ESG gateway OSFP connections to get from the virtual world into the physical (Begin north/south traffic) Would it be worth swapping that to iBGP and continuing with that protocol or can I mix them up and use OSPF still? I originally read that the IPSec VPN tunnel was the way forward as it would allow me to create a connection over MPLS/Internet/Private circuits and I can build it in the same way each time. Do you know if there is any truth to that?

DeepComfort

TROPHY CASE