Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

NSRP Manual failover didn't work, what should I check?



Article ID: KB11435 KB Last Updated: 07 Oct 2008Version: 3.0
NSRP Manual failover didn't work, what should I check?


The command 'exec nsrp vsd-group id 0 mode backup' is run on the Master firewall (Firewall-A) in order to manually force it to backup mode.  However, after running the command, Firewall-A is still Master.


The following might be the reasons for the NSRP manual failover to fail:

1.  Preempt is configured on Master firewall, Firewall-A, and the NSRP Priority of the Master firewall is lower than the NSRP Priority of the Backup firewall.
To avoid the above situation run the following command on master firewall in respective vsd-groups:

unset nsrp vsd-group id 0 preempt

Then run the command  "exec nsrp vsd-group id 0 mode backup" on master firewall to force it to backup.

2. The Backup firewall, Firewall-B, is in the Ineligible mode or in the Inoperable mode (these modes are not the same).  Then the manual failover might not happen and the master firewall will be forced to act as master again, although it toggles to backup mode for a brief period.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search