SRX Services Gateway
Showing results for 
Search instead for 
Do you mean 
Reply
Contributor
Posts: 26
Registered: ‎02-03-2015
0 Kudos
Accepted Solution

srx240b2 can't add static IP address to interface

I have an srx240b2. I have the default interface settings. Since it is 11.4x it will not allow me to add ip addresses to the host side interfaces, I think. The public(internet) interface does allow this. How can I successfully add ip addresses? I CAN add them however the interface no longer functions after doing so. I know that it is default behavior, or maybe I just need to do something else(reboot), like reinitialize the interface. Transparent mode????
Distinguished Expert
Posts: 1,098
Registered: ‎08-29-2013
0 Kudos

Re: srx240b2 can't add static IP address to interface

Running 11.4 version should not stop you from adding an IP address. Can you share the error message. current config and the changes you are rying to make?

Thanks,
Suraj
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too
Contributor
Posts: 26
Registered: ‎02-03-2015
0 Kudos

Re: srx240b2 can't add static IP address to interface

When i simply try to add ip addresses(ipv4 or ipv6) an interface(PC host side, or wireless AP side) the interface stops functioning. I know I have MSTP so right now i have to exclude an interface first to add the ip address to an interface.

 

Example:

using the j-web interface i try to add an ipv4 address to ge-0/0/10.0 and the interface will no longer function properly.

Also the same from the command line.

 

It seems to be this way even if I use the default config without my changes.

 

Am i imagining things? Should it work? If i add an ip address right now the

interface will not pass traffic to my Asus RT-AC68U  in AP mode.

 

It seems as though if i plugged in a PC to that same port after adding the address

that the interface will not function but i must recheck. 

 

 

## Last changed: 2017-03-16 07:18:29 PDT
version 11.4R7.5;
system {
    host-name MySRX240;
    root-authentication {
        encrypted-password "$1$Z3iAza5o$cT0fh8SK2acQwgUA7PNC60";
    }
    name-server {
        75.75.75.75;
        75.75.76.76;
    }
    login {
        user adrian {
            full-name "adrian aguinaga";
            uid 2000;
            class super-user;
            authentication {
                encrypted-password "$1$xo3TYJWi$DS7W/XJnM.XeEVnnCqQB01";
            }
        }
    }
    services {
        ssh;
        telnet;
        xnm-clear-text;
        dns {
            max-cache-ttl 604800;
            max-ncache-ttl 604800;
        }
        web-management {
            http {
                interface vlan.0;
            }
            https {
                system-generated-certificate;
                interface vlan.0;
            }
        }
        dhcp {
            router {
                192.168.1.1;
            }
            pool 192.168.1.0/24 {
                address-range low 192.168.1.2 high 192.168.1.254;
            }
            propagate-settings ge-0/0/0.0;
        }
    }
    syslog {
        archive size 100k files 3;
        user * {
            any emergency;
        }
        file messages {
            any critical;
            authorization info;
        }
        file interactive-commands {
            interactive-commands error;
        }
    }
    max-configurations-on-flash 5;
    max-configuration-rollbacks 5;
    license {
        autoupdate {
            url https://ae1.juniper.net/junos/key_retrieval;
        }
    }
}
interfaces {
    interface-range APs {
        member ge-0/0/14;
        member ge-0/0/15;
    }
    ge-0/0/0 {
        unit 0 {
            family inet {
                dhcp;
            }
            family inet6 {
                address 2601:204:ce00:5550:3:5cff:fe62:da46/64;
                address 2001:558:5516:37:3:5cff:fe62:da46/64;
                address fe80::3:5cff:fe62:da46/64;
            }
        }
    }
    ge-0/0/1 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    ge-0/0/2 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    ge-0/0/3 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    ge-0/0/4 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    ge-0/0/5 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    ge-0/0/6 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    ge-0/0/7 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    ge-0/0/8 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    ge-0/0/9 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    ge-0/0/10 {
        unit 0 {
            description "Unit 0";
            family ethernet-switching {
                port-mode access;
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    ge-0/0/11 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    ge-0/0/12 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    ge-0/0/13 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    ge-0/0/14 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    ge-0/0/15 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;
                }
            }
        }
    }
    lo0 {
        unit 0 {
            family inet6 {
                address 2601:204:ce00:5550:1:5cff:fe62:da46/64;
                address 2001:558:5516:37:1:5cff:fe62:da46/64;
                address fe80::1:5cff:fe62:da46/64;
            }
        }
    }
    vlan {
        unit 0 {
            family inet {
                address 192.168.1.1/24;
            }
            family inet6 {
                address 2601:204:ce00:5550:2:5cff:fe62:da46/64;
                address 2001:558:5516:37:2:5cff:fe62:da46/64;
                address fe80::2:5cff:fe62:da46/64;
            }
        }
    }
}
routing-options {
    static {
        route 0.0.0.0/0 next-hop 192.168.1.1;
        route 192.168.1.0/24 next-hop [ 192.168.1.8 192.168.1.9 ];
        route 192.168.1.8/32 next-hop [ 192.168.1.0 192.168.1.50 192.168.1.60 192.168.1.67 ];
        route 192.168.1.9/32 next-hop [ 192.168.1.0 192.168.1.36 192.168.1.90 ];
        route 192.168.1.11/32 next-hop 192.168.1.30;
        route 192.168.1.30/32 next-hop [ 192.168.1.11 192.168.1.50 ];
        route 192.168.1.36/32 next-hop 192.168.1.9;
        route 192.168.1.50/32 next-hop [ 192.168.1.8 192.168.1.30 ];
        route 192.168.1.60/32 next-hop 192.168.1.8;
        route 192.168.1.67/32 next-hop 192.168.1.8;
        route 192.168.1.90/32 next-hop 192.168.1.9;
    }
    forwarding-table {
        export DestinationLoadBalance;
    }
}
protocols {
    router-advertisement {
        interface vlan.0 {
            other-stateful-configuration;
            prefix 2601:204:ce00:5550:2:5cff:fe62:da46/64;
            prefix 2001:558:5516:37:2:5cff:fe62:da46/64;
            prefix fe80::2:5cff:fe62:da46/64;
            prefix 2601:204:ce00:5550::1/64;
            prefix 2001:558:5516:37::1/64;
            prefix fe80::1/64;
        }
        interface ge-0/0/0.0 {
            other-stateful-configuration;
            prefix 2601:204:ce00:5550:3:5cff:fe62:da46/64;
            prefix 2001:558:5516:37:3:5cff:fe62:da46/64;
            prefix fe80::3:5cff:fe62:da46/64;
            prefix 2601:204:ce00:5550::1/64;
            prefix 2001:558:5516:37::1/64;
            prefix fe80::1/64;
        }
        interface lo0.0 {
            prefix 2601:204:ce00:5550:1:5cff:fe62:da46/64;
            prefix 2001:558:5516:37:1:5cff:fe62:da46/64;
            prefix fe80::1:5cff:fe62:da46/64;
            prefix 2601:204:ce00:5550::1/64;
            prefix 2001:558:5516:37::1/64;
            prefix fe80::1/64;
        }
        interface ge-0/0/14.0 {
            other-stateful-configuration;
            prefix 2601:204:ce00:5550:1:5cff:fe62:da46/64;
            prefix 2001:558:5516:37:1:5cff:fe62:da46/64;
            prefix fe80::1:5cff:fe62:da46/64;
            prefix fe80::2:5cff:fe62:da46/64;
            prefix 2601:204:ce00:5550::1/64;
            prefix 2001:558:5516:37::1/64;
            prefix fe80::1/64;
        }
        interface ge-0/0/15.0 {
            other-stateful-configuration;
            prefix 2601:204:ce00:5550:1:5cff:fe62:da46/64;
            prefix 2001:558:5516:37:1:5cff:fe62:da46/64;
            prefix fe80::1:5cff:fe62:da46/64;
            prefix fe80::2:5cff:fe62:da46/64;
            prefix 2601:204:ce00:5550::1/64;
            prefix 2001:558:5516:37::1/64;
            prefix fe80::1/64;
        }
        interface ge-0/0/13.0 {
            other-stateful-configuration;
            prefix 2601:204:ce00:5550::/64;
            prefix 2001:558:5516:37::/64;
            prefix fe80::/64;
        }
        interface ge-0/0/12.0 {
            other-stateful-configuration;
            prefix 2601:204:ce00:5550::/64;
            prefix 2001:558:5516:37::/64;
            prefix fe80::/64;
        }
        interface ge-0/0/11.0 {
            other-stateful-configuration;
            prefix 2601:204:ce00:5550::/64;
            prefix 2001:558:5516:37::/64;
            prefix fe80::/64;
        }
        interface ge-0/0/10.0 {
            other-stateful-configuration;
            prefix 2601:204:ce00:5550::/64;
            prefix 2001:558:5516:37::/64;
            prefix fe80::/64;
        }
        interface ge-0/0/9.0 {
            other-stateful-configuration;
            prefix 2601:204:ce00:5550::/64;
            prefix 2001:558:5516:37::/64;
            prefix fe80::/64;
        }
        interface ge-0/0/8.0 {
            other-stateful-configuration;
            prefix 2601:204:ce00:5550::/64;
            prefix 2001:558:5516:37::/64;
            prefix fe80::/64;
        }
        interface ge-0/0/7.0 {
            other-stateful-configuration;
            prefix 2601:204:ce00:5550::/64;
            prefix 2001:558:5516:37::/64;
            prefix fe80::/64;
        }
        interface ge-0/0/6.0 {
            other-stateful-configuration;
            prefix 2601:204:ce00:5550::/64;
            prefix 2001:558:5516:37::/64;
            prefix fe80::/64;
        }
        interface ge-0/0/5.0 {
            other-stateful-configuration;
            prefix 2601:204:ce00:5550::/64;
            prefix 2001:558:5516:37::/64;
            prefix fe80::/64;
        }
        interface ge-0/0/4.0 {
            other-stateful-configuration;
            prefix 2601:204:ce00:5550::/64;
            prefix 2001:558:5516:37::/64;
            prefix fe80::/64;
        }
        interface ge-0/0/3.0 {
            other-stateful-configuration;
            prefix 2601:204:ce00:5550::/64;
            prefix 2001:558:5516:37::/64;
            prefix fe80::/64;
        }
        interface ge-0/0/2.0 {
            other-stateful-configuration;
            prefix 2601:204:ce00:5550::/64;
            prefix 2001:558:5516:37::/64;
            prefix fe80::/64;
        }
        interface ge-0/0/1.0 {
            other-stateful-configuration;
            prefix 2601:204:ce00:5550::/64;
            prefix 2001:558:5516:37::/64;
            prefix fe80::/64;
        }
    }
    pim {
        rp {
            auto-rp discovery;
        }
        interface vlan.0 {
            mode dense;
        }
        interface ge-0/0/0.0 {
            mode dense;
        }
        interface ge-0/0/14.0 {
            mode dense;
        }
        interface ge-0/0/15.0 {
            mode dense;
        }
        interface ge-0/0/13.0 {
            mode dense;
        }
        interface ge-0/0/12.0 {
            mode dense;
        }
        interface ge-0/0/11.0 {
            mode dense;
        }
        interface ge-0/0/10.0 {
            mode dense;
        }
        interface ge-0/0/9.0 {
            mode dense;
        }
        interface ge-0/0/8.0 {
            mode dense;
        }
        interface ge-0/0/7.0 {
            mode dense;
        }
        interface ge-0/0/6.0 {
            mode dense;
        }
        interface ge-0/0/5.0 {
            mode dense;
        }
        interface ge-0/0/4.0 {
            mode dense;
        }
        interface ge-0/0/3.0 {
            mode dense;
        }
        interface ge-0/0/2.0 {
            mode dense;
        }
        interface ge-0/0/1.0 {
            mode dense;
        }
    }
    stp {
        disable;
        bridge-priority 4k;
        max-age 20;
        hello-time 2;
        forward-delay 15;
        interface all {
            priority 112;
            cost 19;
            mode shared;
            edge;
        }
    }
    mstp {
        configuration-name mst1;
        revision-level 1;
        max-hops 30;
        max-age 20;
        hello-time 2;
        forward-delay 15;
        bridge-priority 4k;
        interface ge-0/0/1.0 {
            priority 112;
            mode shared;
            edge;
        }
        interface ge-0/0/2.0 {
            priority 112;
            mode shared;
            edge;
        }
        interface ge-0/0/3.0 {
            priority 112;
            mode shared;
            edge;
        }
        interface ge-0/0/4.0 {
            priority 112;
            mode shared;
            edge;
        }
        interface ge-0/0/5.0 {
            priority 112;
            mode shared;
            edge;
        }
        interface ge-0/0/6.0 {
            priority 112;
            mode shared;
            edge;
        }
        interface ge-0/0/7.0 {
            priority 112;
            mode shared;
            edge;
        }
        interface ge-0/0/8.0 {
            priority 112;
            mode shared;
            edge;
        }
        interface ge-0/0/9.0 {
            priority 112;
            mode shared;
            edge;
        }
        interface ge-0/0/10.0 {
            priority 112;
            mode shared;
            edge;
        }
        interface ge-0/0/11.0 {
            priority 112;
            mode shared;
            edge;
        }
        interface ge-0/0/12.0 {
            priority 112;
            mode shared;
            edge;
        }
        interface ge-0/0/13.0 {
            priority 112;
            mode shared;
            edge;
        }
        interface ge-0/0/14.0 {
            priority 112;
            mode shared;
            edge;
        }
        interface ge-0/0/15.0 {
            priority 112;
            mode shared;
            edge;
        }
        msti 1 {
            bridge-priority 4k;
            vlan vlan-trust;
            interface all {
                priority 112;
            }
        }
    }
    igmp-snooping {
        vlan all {
            query-interval 8;
            query-last-member-interval 9;
            query-response-interval 10;
            robust-count 4;
            immediate-leave;
            interface all {
                multicast-router-interface;
            }
        }
    }
}
policy-options {
    policy-statement DestinationLoadBalance {
        then {
            load-balance per-packet;
        }
    }
}
security {
    address-book {
        MyNetwork {
            address MyNetwork {
                range-address 192.168.1.2 {
                    to {
                        192.168.1.254;
                    }
                }
            }
            attach {
                zone trust;
            }
        }
    }
    forwarding-options {
        family {
            inet6 {
                mode flow-based;
            }
        }
    }
    screen {
        ids-option untrust-screen {
            icmp {
                ping-death;
            }
            ip {
                source-route-option;
                tear-drop;
            }
            tcp {
                syn-flood {
                    alarm-threshold 1024;
                    attack-threshold 200;
                    source-threshold 1024;
                    destination-threshold 2048;
                    timeout 20;
                }
                land;
            }
        }
    }
    nat {
        source {
            address-persistent;
            interface {
                port-overloading off;
            }
            rule-set trust-to-untrust {
                from zone trust;
                to zone untrust;
                rule source-nat-rule {
                    match {
                        source-address 0.0.0.0/0;
                    }
                    then {
                        source-nat {
                            interface {
                                persistent-nat {
                                    permit any-remote-host;
                                }
                            }
                        }
                    }
                }
            }
        }
    }
    policies {
        from-zone trust to-zone untrust {
            policy trust-to-untrust {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
    }
    zones {
        security-zone trust {
            host-inbound-traffic {
                system-services {
                    all;
                }
                protocols {
                    all;
                }
            }
            interfaces {
                vlan.0 {
                    host-inbound-traffic {
                        protocols {
                            igmp;
                            pim;
                        }
                    }
                }
                ge-0/0/14.0 {
                    host-inbound-traffic {
                        protocols {
                            pim;
                            igmp;
                        }
                    }
                }
                ge-0/0/15.0 {
                    host-inbound-traffic {
                        protocols {
                            pim;
                            igmp;
                        }
                    }
                }
                ge-0/0/13.0 {
                    host-inbound-traffic {
                        protocols {
                            pim;
                            igmp;
                        }
                    }
                }
                ge-0/0/12.0 {
                    host-inbound-traffic {
                        protocols {
                            pim;
                            igmp;
                        }
                    }
                }
                ge-0/0/11.0 {
                    host-inbound-traffic {
                        protocols {
                            pim;
                            igmp;
                        }
                    }
                }
                ge-0/0/9.0 {
                    host-inbound-traffic {
                        protocols {
                            pim;
                            igmp;
                        }
                    }
                }
                ge-0/0/8.0 {
                    host-inbound-traffic {
                        protocols {
                            pim;
                            igmp;
                        }
                    }
                }
                ge-0/0/7.0 {
                    host-inbound-traffic {
                        protocols {
                            pim;
                            igmp;
                        }
                    }
                }
                ge-0/0/6.0 {
                    host-inbound-traffic {
                        protocols {
                            pim;
                            igmp;
                        }
                    }
                }
                ge-0/0/5.0 {
                    host-inbound-traffic {
                        protocols {
                            pim;
                            igmp;
                        }
                    }
                }
                ge-0/0/4.0 {
                    host-inbound-traffic {
                        protocols {
                            pim;
                            igmp;
                        }
                    }
                }
                ge-0/0/3.0 {
                    host-inbound-traffic {
                        protocols {
                            pim;
                            igmp;
                        }
                    }
                }
                ge-0/0/2.0 {
                    host-inbound-traffic {
                        protocols {
                            pim;
                            igmp;
                        }
                    }
                }
                ge-0/0/1.0 {
                    host-inbound-traffic {
                        protocols {
                            pim;
                            igmp;
                        }
                    }
                }
                lo0.0 {
                    host-inbound-traffic {
                        protocols {
                            igmp;
                            pim;
                        }
                    }
                }
                ge-0/0/10.0 {
                    host-inbound-traffic {
                        protocols {
                            igmp;
                        }
                    }
                }
            }
        }
        security-zone untrust {
            screen untrust-screen;
            interfaces {
                ge-0/0/0.0 {
                    host-inbound-traffic {
                        system-services {
                            dhcp;
                            tftp;
                        }
                        protocols {
                            pim;
                            igmp;
                        }
                    }
                }
            }
        }
    }
}
vlans {
    vlan-trust {
        vlan-id 3;
        l3-interface vlan.0;
    }
}

Contributor
Posts: 26
Registered: ‎02-03-2015
0 Kudos

Re: srx240b2 can't add static IP address to interface

I have an Asus RT-AC68U  on port 14 and Asus RT-AC56U  on port 15 right now. port 10 is for test purposes.

Distinguished Expert
Posts: 1,098
Registered: ‎08-29-2013
0 Kudos

Re: srx240b2 can't add static IP address to interface

port 10 is currently in switching mode, please change to routing mode.

 

delete interfaces ge-0/0/10

delete protocols mstp interface ge-0/0/10

 

then configure the IPv4 or IPv6 address,

 

set interfaces ge-0/0/10 unit 0 family inet address 10.10.10.1/24

set security zones security-zone trust interfaces ge-0/0/10 host-inbound-traffic system-services all

set security zones security-zone trust interfaces ge-0/0/10 host-inbound-traffic protocols all

 

 

 

 

 

Thanks,
Suraj
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too
Highlighted
Contributor
Posts: 26
Registered: ‎02-03-2015
0 Kudos

Re: srx240b2 can't add static IP address to interface

Ok here is more......

 

I can do what you have asked and it works but for only that port. The other ports stop passing traffic.

 

I can tell you that I have comcast and ge-0/0/0 is a dhcp lease.

 

Also port 10 now does not allow management.

 

So should I do this to all ports and allow management traffic?

 

How do I allow management traffic after this? It says http traffic is not allowed.

 

Do i have to configure this further from "user management" and into "management access"?

 

I did not test https when i tried this, but i did try http and by default it looks like http access is

not allowed????

 

Port 10 did work after this and only port 10. Do i have to obtain ipv6 addresses from comcast for dhcp static addresses?

Distinguished Expert
Posts: 1,098
Registered: ‎08-29-2013
0 Kudos

Re: srx240b2 can't add static IP address to interface

On which interface are you trying to connect via HTTP/HTTPS, currently its allowed only on    vlan.0

 

    web-management {
            http {
                interface vlan.0;
            }
            https {
                system-generated-certificate;
                interface vlan.0;
            }
        }

 

Ad regarding the other issue , was this setup/config working?

Thanks,
Suraj
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too
Contributor
Posts: 26
Registered: ‎02-03-2015
0 Kudos

Re: srx240b2 can't add static IP address to interface

I was trying to add static IP addressing to the interfaces that connected to PC's and wireless routers in AP mode. The bindings from ge-0/0/14.0 and ge-0/0/15.0 were weak since my rt-ac68u(port 14) and rt-56u are in router mode. I have not been able to successfully add the static IP address to these interfaces because it isolates all traffic to that segment only. My solution was to use the rt-acxxu as a DHCP server, not a DHCP forwarder. This is not a solution but I used a workaround. A better solution is to add the static IP without isolating traffic. Any help is greatly appreciated.
Recognized Expert
Posts: 362
Registered: ‎01-18-2010
0 Kudos

Re: srx240b2 can't add static IP address to interface

The changes you are making and suprise at the results suggests a lack of understanding of some basic networking concepts. You're probably better off posting a detailed topographic overview and the exact results you are trying to achieve.

 

Contributor
Posts: 26
Registered: ‎02-03-2015
0 Kudos

Re: srx240b2 can't add static IP address to interface

I have highly improved my weak signal from the srx240 to my Asus AP's. The addressing for the ports(14, 15). This is due to enabling DHCP. My next move is to enable DHCP on the arc. Is this plausible? If so, should I give the ipv4 an address or only select DHCP with no address. Otherwise I may leave the ipv4 address blank and only use ipv6 for a static address on these ports. My config has changed, but the questions I have asked are the right ones I'm sure.
Contributor
Posts: 26
Registered: ‎02-03-2015
0 Kudos

Re: srx240b2 can't add static IP address to interface

Oops, correction. My next move is to enable DHCP on the srx240.
Contributor
Posts: 26
Registered: ‎02-03-2015
0 Kudos

Re: srx240b2 can't add static IP address to interface

So the solution to my problem was to make my AP's DHCP servers, and to make the srx relay the DHCP traffic.