Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  How to keep a brige group up when physical int's are down???

    Posted 04-30-2009 12:41

    Anbody know How to keep a brige group up when physical int's are down???

     

    I am dealing with an SSG5 6.0R3 and when the user disconnects his laptop the inside ip address is no longer pingable since the int's are all down.



  • 2.  RE: How to keep a brige group up when physical int's are down???

    Posted 04-30-2009 13:01
    I guess the user is directly connected to the firewall? I dont see anyway to do that unfortunately. One way is if you have spare ports to hook up a switch to one of the bgroup interfaces so that the bgroup int will stay up. Or to plug a loopback cable there.


  • 3.  RE: How to keep a brige group up when physical int's are down???

    Posted 04-30-2009 15:01
    Yes, The end user connects directly to the Firewall. Was really hoping for some software option... Smiley Mad


  • 4.  RE: How to keep a brige group up when physical int's are down???
    Best Answer

    Posted 04-30-2009 16:41

    Hey

     

    I managed to get some sort of a workaround though.

     

    EG:"

    bgroup2        0.0.0.0/0                         Trust       0017.cb8a.458d    -   U   - 
      wireless0/2  N/A                               N/A         N/A               -   U   -

     

    So I just used one of the wireless interfaces to bring the bgroup up. Not sure if thats something that you have on yours?

     

    You cant do it with the loop back interface though, if you are thinking abt that.

    Message Edited by WL on 04-30-2009 04:41 PM


  • 5.  RE: How to keep a brige group up when physical int's are down???

    Posted 04-30-2009 19:43

    WL,

     

    That is a great idea however we don't have the wireless SSG Smiley Sad

     

    I don't really want to add a loopback ip as then that is another network to route out to the far end over a vpn tunnel. Starting to look like like a a loopback plug or monitor the outside via SNMP instead of the inside. Hopefully all of the broadband ISP's will honor SNMP queries over the wire. That is what this is all about is monitoring the box.

     

    Thanks!



  • 6.  RE: How to keep a brige group up when physical int's are down???

    Posted 05-01-2009 13:38
    So set ignore-subnet-conflict on VR level and give a loopback an IP in desired range (can overlap now) Add it to bridgegroup.


  • 7.  RE: How to keep a brige group up when physical int's are down???

    Posted 05-01-2009 13:43

    I tried that as well earlier but the bgroup does not allow us to add a loopback interface.

    See:

    ssg5-isdn-wlan-> set int bgroup2 port ?
    ethernet0/2          ethernet0/2 interface
    ethernet0/3          ethernet0/3 interface
    ethernet0/4          ethernet0/4 interface
    ethernet0/5          ethernet0/5 interface
    ethernet0/6          ethernet0/6 interface
    ssg5-isdn-wlan-> set int bgroup2 port

     

    The loopback interface does not allow itself to be part of the group