My topology:
http://postimg.org/image/jl6nplzo7/
192.168.1.3 can ping 8.8.8.8 (google's DNS)
192.168.1.3 can ping 192.168.1.1 (JSRX)
192.168.1.3 can ping 172.16.254.197
192.168.1.1 (JSRX) can ping 8.8.8.8
192.168.1.1 (JSRX) can ping 192.168.1.3
192.168.1.1 (JSRX) can ping 172.16.254.197
192.168.1.1 (JSRX) can ping 172.16.1.197
192.168.1.3 cant ping 172.16.1.197 (nothing ...)
172.16.254.197 cant ping 192.168.1.3 (destination host unreachable)
My JSRX config is the standard config, I only added this configuration to the out of the box config:
set vlans MANAGEMENT vlan-id 254 set vlans TRUNKSRX vlan-id 2 run show vlans set vlans MANAGEMENT l3-interface vlan.254 set vlans TRUNKSRX l3-interface vlan.2 set interfaces ge-0/0/1 unit 0 family ethernet-switching port-mode trunk set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members MANAGEMENT set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members TRUNKSRX set interfaces vlan unit 254 family inet address 172.16.254.254/24 set interfaces vlan unit 2 family inet address 172.16.1.1/24 set security zones security-zone trust interfaces vlan.254 set security zones security-zone trust interfaces vlan.2 set security policies from-zone trust to-zone trust policy default-permit match source-address any set security policies from-zone trust to-zone trust policy default-permit match destination-address any set security policies from-zone trust to-zone trust policy default-permit match application any set security policies from-zone trust to-zone trust policy default-permit then permit commit confirmed
Switch is configured properly:
VLAN Name Ports Type Authorization
----- --------------- ------------- ----- -------------
2 vlan2 1/g17-1/g20, Static Required
1/g24
VLAN Name Ports Type Authorization
----- --------------- ------------- ----- -------------
254 vlan254 1/g13-1/g20, Static Required
1/g23-1/g24