SRX

Dear support

 

I'm having problems relating to the HA configuration when I try to configure the interface GE-0/0/0 appears the error when i tried saved the configuration.

 

'ge-0/0/0'      HA management port cannot be configured error: configuration check-out failed

 

 

follow below my configuration

 

version 12.1X44-D30.4;
groups {
    node0 {
        system {
            host-name FW-SPO-01-LM;
        }
        interfaces {
            fxp0 {
                unit 0 {
                    family inet {
                        address 10.10.11.8/25;
                    }
                }
            }
        }
    }
    node1 {
        system {
            host-name FW-SPO-02-LM;
        }
        interfaces {
            fxp0 {
                unit 0 {
                    family inet {
                        address 10.10.11.9/25;
                    }
                }
            }
        }
    }
}
apply-groups "${node}";
system {
    root-authentication {
        encrypted-password "$1$PcGv0lO9$tRh6Ol2MG5P191VY3ea4L/"; ## SECRET-DATA
    }
    max-configurations-on-flash 5;
    max-configuration-rollbacks 5;
    license {
        autoupdate {
            url https://ae1.juniper.net/junos/key_retrieval;
        }
    }
}
chassis {
    cluster {
        reth-count 2;
        redundancy-group 0 {
            node 0 priority 100;
            node 1 priority 1;
        }
        redundancy-group 1 {
            node 0 priority 100;
            node 1 priority 1;
            interface-monitor {
                ge-0/0/0 weight 255;
                ge-9/0/0 weight 255;
                ge-0/0/3 weight 255;
                ge-9/0/3 weight 255;
            }
        }
    }
}
interfaces{
    ge-0/0/0 {
        gigether-options {
            redundant-parent reth0;
        }
    }
    ge-0/0/3 {
        gigether-options {
            redundant-parent reth1;
        }
    }
    ge-9/0/0 {
        gigether-options {
            redundant-parent reth0;
        }
    }
    ge-9/0/3 {
        gigether-options {
            redundant-parent reth1;
        }
    }
    fab0 {
        fabric-options {
            member-interfaces {
                ge-0/0/2;
            }
        }
    }
    fab1 {
        fabric-options {
            member-interfaces {
                ge-9/0/2;
            }
        }
    }
    reth0 {
        redundant-ether-options {
            redundancy-group 1;
        }
        unit 0 {
            family inet {
                address 10.10.11.7/25;
            }
        }
    }
    reth1 {
        redundant-ether-options {
            redundancy-group 1;
        }
        unit 0 {
            family inet {
                address 177.38.216.250/24;
            }
        }
    }
}
security {
    screen {
        ids-option untrust-screen {
            icmp {
                ping-death;
            }
            ip {
                source-route-option;
                tear-drop;
            }
            tcp {
                syn-flood {
                    alarm-threshold 1024;
                    attack-threshold 200;
                    source-threshold 1024;
                    destination-threshold 2048;
                    timeout 20;
                }
                land;
            }
        }
    }
    zones {
        security-zone untrust {
            interfaces {
                reth1.0;
            }
        }
        security-zone trust {
            interfaces {
                reth0.0;
            }
        }
    }
}

 

 

------------------------------------------------

my model juniper is SRX 650

------------------------------------------------

 

can anyone help me ?

 

regards

When clustering is enabled ge-0/0/0 become fxp0(management interface) and ge-0/0/1 become fxp1 (control link).

Thats the reason you get this error. Please refer below kb for more details
http://kb.juniper.net/InfoCenter/index?page=content&id=KB15356

I think the explanation needs more explanation. Why won't the command to reset a box back to factory defaults work? I'm just trying to set the box back to the way it was when I first received it. The command should just work.

Hi

 

From my experience, and I had this acouple of months ago with a SRX1500 cluster, when to enable clustering on a pair of SRX's even if you run "load factory-default" from configuration this will reset the config xml back to default but does not disable clustering.  You have to run "set chassis cluster disable reboot" to disable cluster.  I have found you can run "load factory-default" and then disable clustering.

 

When you enable clustering ge-0/0/0 is converted to fxp0 so that you can use the interface as an out-of-band management interface.  ge-0/0/1 is converted to fxp1 which is connected to ge-0/0/1 on the second node for HA control, you then have a choice of which interfaces to use as the faberic interfaces fab0 and fab1, I normally use the last interface on each node for fab0 and fab1 but on my SRX1500 cluster I used ge-0/0/0 and ge-0/0/11 for fab0 and ge-7/0/0 and ge-7/0/11 for fab1 because the 1500's have a deadicated Mgmt and HA interfaces.  On the 650 there are no deadicated interfaces for Mgmt or HA control so the first 2 interfaces on each nodes are used and you can then use any other interface (1g or 10g) as fab0 and fab1.  Also you do not have to use 2 interface for fab0 and fab1 as I did, I did this as I wanted redundancy on the faberic interfaces.

 

Hope this helps

the best so for!!! thanks