SRX Services Gateway
Posts: 1
Registered: ‎12-14-2011

SRX 240 cluster: impossible to make it on

Hi everybody,


I have to make a SRX 240 cluster running on Junos v.10.4R4. 

Every documents that i found about this say  1st Step: enable cluster with: set chassis cluster cluster id <> node <> reboot


and after the FW reboot, i cant see "primary" or "secondary" my both nodes are in HOLD mode, they cant see each other, the control links are down the fabric links are down..


So i tried to delete ethernet switching by doing following commands (founded on juniper technical doc):


user@host# delete vlans
user@host# delete interfaces vlan
user@host# delete interfaces interface-range interfaces-trust
user@host# delete security zones security-zone trust interfaces
user@host# commit

this was not working i had the following errors:

[edit security zones security-zone trust]
'interfaces vlan.0'
Interface vlan.0 must be configured under interfaces
error: Interface <ge-0/0/10.0> vlan member <vlan-trust> undefined
error: configuration check-out failed


I tried all the steps about troubleshooting why control link is down, fab link is down...


When i do "show chassis cluster status" i get :


root> show chassis cluster status
Cluster ID: 1
Node  Priority  Status    Preempt     Manual failover


Redundancy group: 0 , Failover count: 0

node0      1         hold          no            no
node1       0         lost         n/a            n/a



My cabling is the same as described in the Juniper technical doc...


I really dont know why this first step is not working...


There is somebody who can help me about this trouble please ?


thank you in advance



Trusted Expert
Posts: 601
Registered: ‎11-21-2009

Re: SRX 240 cluster: impossible to make it on

[ Edited ]

As you know There are 3 ports to be iused for HA , 2 of them should be specific ports ( fxp0 & control port )

make sure that those 2 specific ports doesnot have any configuration associated with them ( like zones , ...... )


**************  Click on the button saying " Accept  as Solution"  if  My Post solved your problem  **************


Recognized Expert
Posts: 369
Registered: ‎06-01-2011

Re: SRX 240 cluster: impossible to make it on



For HA configuration check the following KB


it contain steps and troubleshooting steps also I hope it will be useful for you.


Also if you are using any device link L2 SW between the two boxes, try to connect it direct as sometimes it cause problems.



Mohamed Elhariry




If this post was helpful, please mark this post as an "Accepted Solution".Kudos are always appreciated!

Mohamed Elhariry
2* JNCIE (SEC # 159, SP # 1059),JNCIP-ENT

[Click the "Star" for Kudos if you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]
Posts: 76
Registered: ‎09-28-2010

Re: SRX 240 cluster: impossible to make it on

maybe you should clear up: 


did you actually remove vlan.0 from the trust zone? :-)




You can also find me on Freenode IRC in #juniper, my handle is "cy[]"
Juniper Employee
Posts: 8
Registered: ‎02-27-2009

Re: SRX 240 cluster: impossible to make it on

Post the output of "show chassis cluster information detail"


Note: it is a hidden command so you have to completely type it.




Trusted Contributor
Posts: 121
Registered: ‎01-06-2010

Re: SRX 240 cluster: impossible to make it on

When issues pop up with starting clusters, I've found it best to start the cluster from a blank configuration.


  1. Turn off clustering on node 0 " set chassis cluster disable"
  2. Turn off clustering on node 1 " set chassis cluster disable"
  3. Log into node 0
  4. Delete the configuration
  5. Set the root password
  6. Copy this configuration
  7. Log into node 1
  8. Delete the config
  9. paste the config from node 0
  10. Turn on clustering on node 0 " set chassis cluster cluster-id 1 node 0"
  11. Turn on clustering on node 1 " set chassis cluster cluster-id 1 node 1"
  12. Verify the cluster comes up "show chassis cluster status"
  13. Configure like normal
Ben Boyd
Sr. Solutions Architect
Integration Partners (
Twitter - @ozark46
Copyright© 1999-2015 Juniper Networks, Inc. All rights reserved.