Community discussions

MikroTik App
 
michaelahess
just joined
Topic Author
Posts: 17
Joined: Thu Nov 11, 2010 4:56 am

CRS-125 to Juniper SRX

Sun Aug 14, 2016 5:49 am

I've got a weird problem. Just put a Juniper SRX100 into my network as my internet firewall. My CRS is basically defaulted at this point with only port descriptions.

I can't get l2 between devices. I see there was a post about a year ago with a similar instance, but no resolution, just a work around. I have an old Netgear R6300 that is being used as an AP, if I jack the CRS into it, then into the SRX, everything works. Computers direct to the SRX work as well, so it's got to be something vlan related on the CRS. What can I try to figure out this issue?

Here's the Juni:
fe-0/0/0 {
    unit 0 {
        family inet {
            dhcp;
        }
    }
}
fe-0/0/1 {
    unit 0 {
        family ethernet-switching {
            vlan {
                members vlan0;
            }
        }
    }
}
vlan {
    unit 0 {
        family inet {
            address 10.54.25.1/24;
        }
    }
}
And the CRS:
[admin@MikroTik] > export 
# aug/13/2016 20:37:06 by RouterOS 6.35.2
# software id = RFDS-HPT0
#
/interface ethernet
set [ find default-name=ether1 ] disabled=yes name="1 - WAN1"
set [ find default-name=ether2 ] l2mtu=4064 name="2 - Cisco 2960S"
set [ find default-name=ether3 ] l2mtu=4064 master-port="2 - Cisco 2960S" name="3 - xxxx"
set [ find default-name=ether4 ] l2mtu=4064 master-port="2 - Cisco 2960S" name="4 - xxxx"
set [ find default-name=ether5 ] l2mtu=4064 master-port="2 - Cisco 2960S" name="5 - xxxx"
set [ find default-name=ether6 ] l2mtu=4064 master-port="2 - Cisco 2960S" name="6 - xxxx"
set [ find default-name=ether7 ] l2mtu=4064 master-port="2 - Cisco 2960S" name="7 - xxxx"
set [ find default-name=ether8 ] l2mtu=4064 master-port="2 - Cisco 2960S" name="8 - xxxx"
set [ find default-name=ether9 ] l2mtu=4064 master-port="2 - Cisco 2960S" name="9 - xxxx"
set [ find default-name=ether10 ] l2mtu=4064 master-port="2 - Cisco 2960S" name="10 - xxxx"
set [ find default-name=ether11 ] l2mtu=4064 master-port="2 - Cisco 2960S" name="11 - xxxx"
set [ find default-name=ether12 ] l2mtu=4064 master-port="2 - Cisco 2960S" name="12 - xxxx"
set [ find default-name=ether13 ] l2mtu=4064 master-port="2 - Cisco 2960S" name="13 - xxxx"
set [ find default-name=ether14 ] l2mtu=4064 master-port="2 - Cisco 2960S" name="14 - xxxx"
set [ find default-name=ether15 ] l2mtu=4064 master-port="2 - Cisco 2960S" name="15 - xxxx"
set [ find default-name=ether16 ] l2mtu=4064 master-port="2 - Cisco 2960S" name="16 - xxxx"
set [ find default-name=ether17 ] l2mtu=4064 master-port="2 - Cisco 2960S" name="17 - xxxx"
set [ find default-name=ether18 ] l2mtu=4064 master-port="2 - Cisco 2960S" name="18 - xxxx"
set [ find default-name=ether19 ] l2mtu=4064 master-port="2 - Cisco 2960S" name="19 - xxxx"
set [ find default-name=ether20 ] l2mtu=4064 master-port="2 - Cisco 2960S" name="20 - xxxx"
set [ find default-name=ether21 ] l2mtu=4064 master-port="2 - Cisco 2960S" name="21 - xxxx"
set [ find default-name=ether22 ] l2mtu=4064 master-port="2 - Cisco 2960S" name="22 - xxxx"
set [ find default-name=ether23 ] disabled=yes l2mtu=4064 master-port="2 - Cisco 2960S" name="23 - Unused"
set [ find default-name=ether24 ] l2mtu=4064 master-port="2 - Cisco 2960S" name="24 - R6300v2"
set [ find default-name=sfp1 ] disabled=yes l2mtu=4064 master-port="2 - Cisco 2960S" name="25 - SFP - Unused"
/interface bridge
add admin-mac=D4:CA:6D:CE:29:23 auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce country="united states" disabled=no distance=indoors frequency=2427 mode=ap-bridge ssid=HA wireless-protocol=802.11
/ip neighbor discovery
set "1 - WAN1" discover=no
set bridge comment=defconf
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys wpa-pre-shared-key=xxxx wpa2-pre-shared-key=xxxx
/ip dhcp-server
add interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface="2 - Cisco 2960S"
add bridge=bridge comment=defconf interface=wlan1
/interface ethernet switch port
set 0 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,\
    wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 1 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,\
    wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 2 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,\
    wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 3 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,\
    wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 4 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,\
    wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 5 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,\
    wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 6 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,\
    wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 7 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,\
    wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 8 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,\
    wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 9 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,\
    wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 10 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8\
    ,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 11 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8\
    ,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 12 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8\
    ,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 13 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8\
    ,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 14 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8\
    ,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 15 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8\
    ,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 16 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8\
    ,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 17 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8\
    ,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 18 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8\
    ,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 19 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8\
    ,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 20 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8\
    ,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 21 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8\
    ,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 22 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8\
    ,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 23 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8\
    ,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 24 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8\
    ,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 25 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8\
    ,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
/ip address
add address=10.x.x.51/24 comment=defconf interface="2 - Cisco 2960S" network=\
    10.xx.xx.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
    "1 - WAN1"
/ip dhcp-server network
add address=10.xx.xx.0/24 comment=defconf gateway=10.xx.xx.51 netmask=24
/ip dns
set allow-remote-requests=yes servers=10.xx.xx.1
/ip dns static
add address=10.xx.xx.51 name=router
/ip firewall filter
add chain=input comment="defconf: accept ICMP" protocol=icmp
add chain=input comment="defconf: accept established,related" connection-state=established,related
add action=drop chain=input comment="defconf: drop all from WAN" in-interface="1 - WAN1"
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add chain=forward comment="defconf: accept established,related" connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface="1 - WAN1"
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" disabled=yes out-interface="1 - WAN1"
/ip route
add check-gateway=ping distance=1 gateway=10.xx.xx.1
/lcd
set color-scheme=light default-screen=stats
/lcd pin
set pin-number=xxxx
/lcd interface
set "1 - WAN1" disabled=yes
set "2 - Cisco 2960S" disabled=yes
set "4 - xxxx" disabled=yes
set "5 - xxxx" disabled=yes
set "6 - xxxx" disabled=yes
set "14 - xxxx" disabled=yes
set "17 - xxxx" disabled=yes
set "23 - Unused" disabled=yes
set "25 - SFP - Unused" disabled=yes
/lcd interface pages
add interfaces=""
add interfaces=""
add interfaces="24 - R6300v2"
/lcd screen
set 1 disabled=yes
set 2 disabled=yes
set 3 disabled=yes
set 4 disabled=yes
set 5 disabled=yes
/system clock
set time-zone-name=America/Denver
/system ntp client
set enabled=yes primary-ntp=71.252.219.43 server-dns-names=\
    0.north-america.pool.ntp.org
/system routerboard settings
set silent-boot=yes
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=bridge
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=bridge
/tool sniffer
set filter-interface=all filter-ip-address=10.xx.xx.xx/32
[admin@MikroTik] > 

Who is online

Users browsing this forum: Bing [Bot] and 28 guests