SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  'HA control port cannot be configured' Error

    Posted 02-18-2018 13:25

    Hello Experts,

     

    I am trying to setup clustering in a lab SRX devices. But I am stuck at this error.

     

    user@SRX100b-2# show interfaces
fe-0/0/0 {
    unit 0 {
        family inet {
            dhcp;
        }
    }
}
fe-0/0/7 {
    unit 0;
}
vlan {
    unit 0 {
        family inet {
            address 192.168.1.1/24;
        }
    }
}

{hold:node1}[edit]
user@SRX100b-2# commit
[edit interfaces]
  'fe-0/0/7'
     HA control port cannot be configured
error: configuration check-out failed

{hold:node1}[edit]
user@SRX100b-2#

    -------------------------------------------

    {hold:node1}[edit]
    user@SRX100b-2# run show chassis cluster status
    Monitor Failure codes:
     CS Cold Sync monitoring FL Fabric Connection monitoring
     GR GRES monitoring HW Hardware monitoring
     IF Interface monitoring IP IP monitoring
     LB Loopback monitoring MB Mbuf monitoring
     NH Nexthop monitoring NP NPC monitoring
     SP SPU monitoring SM Schedule monitoring

    Cluster ID: 1
    Node Priority Status Preempt Manual Monitor-failures

    Redundancy group: 0 , Failover count: 0
    node0 0 lost n/a n/a n/a
    node1 1 hold no no None

    {hold:node1}[edit]

    Does anyone know why I can't commit the configuration? What change I need to make to fix this issue?



  • 2.  RE: 'HA control port cannot be configured' Error

     


  • 3.  RE: 'HA control port cannot be configured' Error

    Posted 02-18-2018 19:11

    Hi,

    The interface fe-0/0/7 is control link in srx100. So there should not be any config in that interface. Remove the interface from the config and try to commit:

    delete interface fe-0/0/7

     



  • 4.  RE: 'HA control port cannot be configured' Error

    Posted 02-18-2018 19:16

    Tried that, but didn't work.  : (

    user@SRX100b-2# delete interfaces fe-0/0/7

user@SRX100b-2# commit
[edit security zones security-zone trust]
  'interfaces fe-0/0/7.0'
    Interface fe-0/0/7.0 must be configured under interfaces
error: configuration check-out failed

{hold:node1}[edit]
user@SRX100b-2#

     



  • 5.  RE: 'HA control port cannot be configured' Error
    Best Answer

    Posted 02-18-2018 19:24
    Hi,
    Remove the interface from zone configuration:
    delete security zones security-zone trust interfaces fe-0/0/7


  • 6.  RE: 'HA control port cannot be configured' Error

    Posted 02-18-2018 19:40
    Yes, deleting the interface level configuration and removing the control link interface from zone configuration fixed the problem.

    Thanks Nellikka!