Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] What is the Ineligible state on a firewall running NSRP? Is it the same as the Inoperable state?

0

0

Article ID: KB11477 KB Last Updated: 13 Sep 2020Version: 4.0
Summary:
This article addresses what the ineligible state means, how to tell if the firewall is in the Ineligible state, and how to get it out of the ineligible state.
Symptoms:

This article addresses the following questions:

  1. What is the ineligible state?
  2. How do you put a firewall VSD into the ineligible state?
  3. How do you tell if the firewall VSD is in the ineligible state?
  4. How do you get a firewall VSD out of the ineligible state?
Solution:
  1. What is the ineligible state?

    The ineligible state is a state that an administrator purposefully assigns to a VSD group member so that it cannot participate in the election process.  In other words, it will not become the master.   An administrator will temporarily put a firewall into this state during an upgrade process or if the firewall is having problems and may need maintenance.
  2. How do you put a firewall VSD into the ineligible state?

    To set the ineligible state to a VSD group member, enter the command:

    set nsrp vsd-group id <id> mode ineligible
  3. How do you tell if the firewall VSD is in the ineligible state?

    Enter the command 'get nsrp' .  On the VSD line, it reports 'myself (ineligible)' when the VSD is ineligible:

    Note: If the firewall prompt has a (I), it means the firewall is in the Inoperable state.  This is not the same as the Ineligible state.  For more information on the Inoperable state, see KB11338.

    ssg550(B)-> get nsrp  <---note that firewall prompt is not (I)
    nsrp version: 2.0

    cluster info:
    cluster id: 1, no name
    local unit id: 10923520   <---note local unit ID of this firewall
    active units discovered:
    index: 0, unit id:  10923520, ctrl mac: 00121ea6ae07, data mac: 00121ea6ae07
    index: 1, unit id:   8345472, ctrl mac: 0005857f5787, data mac: 0005857f5787
    total number of units: 2
    (snip)
    group priority preempt holddown inelig   master       PB other members
        0      100 no             3 no      8345472     none myself(ineligible)  <-------
    total number of vsd groups: 1
    (snip)
  4. How do you get a firewall VSD out of the ineligible state?

    To get the firewall VSD out of the ineligible state, change the mode of the VSD, i.e. put it in another mode.  Put the VSD in the backup mode by entering the command:

    set nsrp vsd-group id <id> mode backup 
Modification History:
2020-09-13: Minor, non-technical edits.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search