SRX Services Gateway
SRX Services Gateway

show interface doesnt tell you the mac address of the interface

05.08.17   |  
‎05-08-2017 01:00 PM

Yes yes. cisco guy logging into an SRX for like the 5th time ever and I want to know what the mac address of my interface is.

 

Im troubleshooting a L2 problem and want to make sure I have a path to the firewall interface, but cant for the life of me figure out how to display the physical address of the interface.

 

Thankyou for your patience. I know im probably a lost cause.

 

Specifically looking for the address of reth1.560

 

shammond@daysrx01> show interfaces xe-2/0/1                                  
Physical interface: xe-2/0/1, Enabled, Physical link is Up
  Interface index: 139, SNMP ifIndex: 519
  Link-level type: Ethernet, MTU: 1518, Link-mode: Full-duplex, Speed: 10Gbps, BPDU Error: None,
  MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled,
  Auto-negotiation: Disabled, Remote fault: Offline, Media type: Fiber
  Device flags   : Present Running
  Interface flags: SNMP-Traps Internal: 0x0
  CoS queues     : 8 supported, 8 maximum usable queues
  Current address: 00:10:db:ff:10:01, Hardware address: 10:0e:7e:d1:ae:45
  Last flapped   : 2016-11-01 13:46:10 EDT (26w6d 02:13 ago)
  Input rate     : 9648 bps (10 pps)
  Output rate    : 4984 bps (4 pps)
  Active alarms  : None
  Active defects : None
  Interface transmit statistics: Disabled

  Logical interface xe-2/0/1.374 (Index 89) (SNMP ifIndex 534)
    Flags: SNMP-Traps 0x0 VLAN-Tag [ 0x8100.374 ]  Encapsulation: ENET2
    Input packets : 215639187
    Output packets: 301395432
    Security: Zone: Null
    Protocol aenet, AE bundle: reth1.374   Link Index: 0

  Logical interface xe-2/0/1.375 (Index 87) (SNMP ifIndex 551)
    Flags: SNMP-Traps 0x0 VLAN-Tag [ 0x8100.375 ]  Encapsulation: ENET2
    Input packets : 422939846
    Output packets: 3054392
    Security: Zone: Null
    Protocol aenet, AE bundle: reth1.375   Link Index: 0

  Logical interface xe-2/0/1.550 (Index 99) (SNMP ifIndex 571)
    Flags: SNMP-Traps 0x0 VLAN-Tag [ 0x8100.550 ]  Encapsulation: ENET2
    Input packets : 1901248
    Output packets: 450830
    Security: Zone: Null
    Protocol aenet, AE bundle: reth1.550   Link Index: 0

  Logical interface xe-2/0/1.555 (Index 98) (SNMP ifIndex 570)
    Flags: SNMP-Traps 0x0 VLAN-Tag [ 0x8100.555 ]  Encapsulation: ENET2
    Input packets : 1426062
    Output packets: 1                   
    Security: Zone: Null
    Protocol aenet, AE bundle: reth1.555   Link Index: 0

  Logical interface xe-2/0/1.560 (Index 97) (SNMP ifIndex 569)
    Flags: SNMP-Traps 0x0 VLAN-Tag [ 0x8100.560 ]  Encapsulation: ENET2
    Input packets : 1704013
    Output packets: 31345
    Security: Zone: Null
    Protocol aenet, AE bundle: reth1.560   Link Index: 0

  Logical interface xe-2/0/1.565 (Index 96) (SNMP ifIndex 568)
    Flags: SNMP-Traps 0x0 VLAN-Tag [ 0x8100.565 ]  Encapsulation: ENET2
    Input packets : 0
    Output packets: 1
    Security: Zone: Null
    Protocol aenet, AE bundle: reth1.565   Link Index: 0

  Logical interface xe-2/0/1.32767 (Index 88) (SNMP ifIndex 533)
    Flags: SNMP-Traps 0x0 VLAN-Tag [ 0x0000.0 ]  Encapsulation: ENET2
    Input packets : 0
    Output packets: 0
    Security: Zone: Null
    Protocol aenet, AE bundle: reth1.32767   Link Index: 0

4 REPLIES
Highlighted
SRX Services Gateway

Re: show interface doesnt tell you the mac address of the interface

05.08.17   |  
‎05-08-2017 01:08 PM

Initial thought is just to look at mac-address on reth1;

 

user@fw> show interfaces reth1 | match Hardware
Current address: 00:10:db:ff:10:01, Hardware address: 00:10:db:ff:10:01

--
Best regards,

Jonas Hauge Jensen
Systems Engineer, SEC Datacom A/S (Denmark)
SRX Services Gateway

Re: show interface doesnt tell you the mac address of the interface

05.08.17   |  
‎05-08-2017 01:10 PM

take this one :

shammond@daysrx01> show interfaces xe-2/0/1                                  
Physical interface: xe-2/0/1, Enabled, Physical link is Up
  Interface index: 139, SNMP ifIndex: 519
  Link-level type: Ethernet, MTU: 1518, Link-mode: Full-duplex, Speed: 10Gbps, BPDU Error: None,
  MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled,
  Auto-negotiation: Disabled, Remote fault: Offline, Media type: Fiber
  Device flags   : Present Running
  Interface flags: SNMP-Traps Internal: 0x0
  CoS queues     : 8 supported, 8 maximum usable queues
  Current address: 00:10:db:ff:10:01, Hardware address: 10:0e:7e:d1:ae:45

 

the current address is the constructed mac-address for the reth-interface and the attached physical ones

 

regards

alexander

SRX Services Gateway

Re: show interface doesnt tell you the mac address of the interface

05.08.17   |  
‎05-08-2017 07:43 PM

Hi Wooieneck,

 

Welcome to J-Net Forums!!

 

You may not see the key-word "mac-address" under 'show interface" output on Junos devices.

 

MAC addres is specified under "Current address" and  "Hardware address"

 

Now why current address and hardware address.

 

Hardware address is the actual MAC for the physical interface and current address is a virtual MAC thats used in SRX clusters, this is different from the physical MAC

 

SRX cluster nodes use the Virtual MAC for communication , so for troubleshooting purpose you need to use the Current address as SRX MAC address.

 

How is Current address calculated -  The virtual MAC assigned is based on cluster and interface ID. So if you have 2 SRX cluster with same cluster id (say 1)and both of them have reth0 configured, they both will have same Virtual MAC address . Recommendation is to keep different cluster ID on your network (at least when they are on same L2 domain)

 

KB13689 explains How is the virtual MAC address derived for reth interfaces on J-Series and SRX. https://kb.juniper.net/KB13689

Thanks,
Suraj
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too
SRX Services Gateway

Re: show interface doesnt tell you the mac address of the interface

05.09.17   |  
‎05-09-2017 04:34 AM

See!

this is how slow I am.

 

Thanks for that, totally overlooked it because I was scanning for "Hardware:" or "MAC" and saw the hardware address that wasnt the right one and moved on.

(since I found 0010.dbff.1001 in the cam table on my cisco gear, but really wanted to learn how to find it directly from the SRX)

 

Okay I will continue my poking around, reading up and hopefully someday be proficient enough to not ask ridiculous questions.

 

Cheers!