SRX

Hello,

Since I upgraded to Junos 11.1 on my SRX210H , I am unable to commit this simple statement.

set protocols ospf area 0.0.0.0 interface ge-0/0/0.0

root@*******# commit
error: Cannot parse routing-option max-interface-supported
error: configuration check-out failed

root@*****# show interfaces ge-0/0/0                             
description "link 1";
unit 0 {
    family inet {
        address 172.16.1.1/24;

No other routing-options whatsoever have been configured.

Factory default config, only ip set on ge-0/0/0 interface.

Has anybody encountered this before or am I overlooking something?

kind regards,

Valentijn

What does the rest of your configuration look like?

no longer factory default, still the same problem.

set system host-name
set system root-authentication encrypted-password
set system services ssh
set system services telnet
set system services xnm-clear-text
set system syslog archive size 100k
set system syslog archive files 3
set system syslog user * any emergency
set system syslog file messages any critical
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands error
set system max-configurations-on-flash 5
set system max-configuration-rollbacks 5
set interfaces ge-0/0/0 description "Uplink 1"
set interfaces ge-0/0/0 unit 0 family inet address 172.16.1.1/24
set interfaces ge-0/0/1 description "Uplink 2"
set interfaces ge-0/0/1 unit 0 family inet address 172.16.2.1/24
set interfaces fe-0/0/2 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces fe-0/0/3 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces fe-0/0/4 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces fe-0/0/5 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces fe-0/0/6 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces fe-0/0/7 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces lo0 unit 0
set interfaces vlan unit 0 family inet address 192.168.1.1/24
set protocols rstp bridge-priority 4k
set security forwarding-options family mpls mode packet-based
set security screen ids-option untrust-screen icmp ping-death
set security screen ids-option untrust-screen ip source-route-option
set security screen ids-option untrust-screen ip tear-drop
set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200
set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048
set security screen ids-option untrust-screen tcp syn-flood timeout 20
set security screen ids-option untrust-screen tcp land
set vlans vlan-trust vlan-id 3
set vlans vlan-trust l3-interface vlan.0

kind regards,

Valentijn

I hit this as well - it's a bug in 11.1 and there is a PR open for it, but it hasn't been made public yet.

The fix is one of the following:

configure a static route on your box (doesn't have to be a legit route, but just needs to be installed the route table)

or use the following hidden command:

set routing-options max-interface-supported 0

According to JTAC this is a new command that has been added to limit the number of interfaces that participate in OSPF and PIM - the knob isn't meant for SRXs, but this bug seems to be affecting them. 

Hi,

Thanks for the confirmation!

I'll use your workaround.

kind regards,

Valentijn