SRX Services Gateway
Highlighted
SRX Services Gateway

SRX 320 Cluster secondary is disabled

[ Edited ]
‎08-06-2019 07:13 AM

we have 2 SRX320. Physically connected (3 ports for OOB, fabric and Control)
SRX-A and SRX-B both load factory default
the goal is to form cluster but secondary(node1) is disabled, based on failure codes CF "request chassis cluster configuration-synchronize" do nothing
Please think that both firewall config is "fresh from out of the box"srx.PNGsrx 1.PNG

5 REPLIES 5
Highlighted
SRX Services Gateway

Re: SRX 320 Cluster secondary is disabled

‎08-06-2019 10:52 AM

Hi Bouya,

 

Could you please share the output for the below command?

 

user@host> show chassis cluster information configuration-synchronization

 

Alternatively, Is it possible to delete all the configuration from both the nodes except the root authentication password, try to form a cluster once again? Let me know how it goes.

 



Thanks,
π00bm@$t€®.
Please, Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
Highlighted
SRX Services Gateway
Solution
Accepted by topic author -Bouya
‎08-07-2019 07:00 PM

Re: SRX 320 Cluster secondary is disabled

[ Edited ]
‎08-06-2019 02:05 PM

Hi Bouya,

 

The factory default configuration usually pre-configure some of the ports that will be used later in chassis cluster (fxp0/control-link) and if one of these ports have configuration previous you form the chassis cluster, then you will have issues forming the cluster.

 

The fact that one node is in disable state means that the control-link is not fully coming up and this will also explain the CF alarm because the configuration is synchronized via the control-link.

 

I will advise to take the nodes back to standalone mode and use a "delete" at the configuration level to delete all existing config. Right after that set a root password and then commit the changes. After this go ahead and form the cluster again:

 

 # delete
 # set root-authentication plain-text-password
 # commit
 # run set chassis cluster cluster-id [#] node [#] reboot

 

Hope this helps you.

 

Please mark this comment as the Solution if applicable
Highlighted
SRX Services Gateway

Re: SRX 320 Cluster secondary is disabled

‎08-06-2019 02:09 PM

Another suggested test:

 

When the SRXs are in standalone mode, if you want to confirm that the cabling/ports are good, you could configure IP addresses on the ports that will be use for control-link and ping between them. This will confirm that there are no problems at the physical layer.

 

Please mark this comment as the Solution if applicable
Highlighted
SRX Services Gateway

Re: SRX 320 Cluster secondary is disabled

‎08-07-2019 06:22 PM

day1.PNG

Highlighted
SRX Services Gateway

Re: SRX 320 Cluster secondary is disabled

‎08-07-2019 07:01 PM

Thank you. This works