06-08-2012 02:30 PM - edited 06-08-2012 02:33 PM
We have multiple VPN tunnels to each remote location, using multiple ISPs for redundancy, and have OSPF watching the tunnels for best path selection.
To test our backup link, we needed to manually bring down the preferred (primary) tunnel to force traffic onto the other (backup) tunnel. As a quick-and-dirty solution I changed the endpoint IP of the primary tunnel to a known non-working IP which caused the tunnel to fail (and traffic shifted to backup tunnel) but there has to be a more elegant solution.
What is the recommended way to administratively shut down a tunnel ( st0.x ) interface without having to butcher the config?
Solved! Go to Solution.
06-09-2012 02:03 AM
I don't think you'll get around "butchering" the config. The only way to bring down an interface is to disable it in the config. Same as on Cisco IOS btw.
06-09-2012 07:03 PM
Yeah, in Cisco IOS we can go to the interface config and issue 'shutdown' to turn off the interface. I've read other posts here that suggested there is no similar way to do that on the SRX.
06-10-2012 01:37 AM
06-10-2012 02:27 AM
You can disable/enable a tunnel interface from JWEB as well.
I have just tested this prior to this post. I have a ping to a remove endpoint, disable tunnel, ping stopped. Enabled tunnel, and the ping started again.
06-11-2012 07:41 AM
You could also deactivate the interface in OSPF as well.
06-18-2012 01:24 PM
Ben, your response was also good but (as I just found out) only one answer can be marked as the solution. I clicked John's and was going to click yours also, but the button disappeared.
Thanks to all for the dose of clue.
06-18-2012 01:35 PM
Not a problem. Glad you got it solved!