Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[EOL/EOE] [ScreenOS] What is the Ineligible state on a firewall running NSRP? Is it the same as the Inoperable state?

0

0

Article ID: KB11477 KB Last Updated: 29 Mar 2021Version: 5.0
Summary:
This article addresses what the ineligible state means, how to tell if the firewall is in the Ineligible state, and how to get it out of the ineligible state.
Note: A product listed in this article has either reached hardware End of Life (EOL) OR software End of Engineering (EOE). 
Refer to End of Life Products & Milestones for the EOL, EOE, and End of Support (EOS) dates.
Symptoms:

This article addresses the following questions:

  1. What is the ineligible state?
  2. How do you put a firewall VSD into the ineligible state?
  3. How do you tell if the firewall VSD is in the ineligible state?
  4. How do you get a firewall VSD out of the ineligible state?
Solution:
  1. What is the ineligible state?

    The ineligible state is a state that an administrator purposefully assigns to a VSD group member so that it cannot participate in the election process.  In other words, it will not become the primary.   An administrator will temporarily put a firewall into this state during an upgrade process or if the firewall is having problems and may need maintenance.
  2. How do you put a firewall VSD into the ineligible state?

    To set the ineligible state to a VSD group member, enter the command:

    set nsrp vsd-group id <id> mode ineligible
  3. How do you tell if the firewall VSD is in the ineligible state?

    Enter the command 'get nsrp' .  On the VSD line, it reports 'myself (ineligible)' when the VSD is ineligible:

    Note: If the firewall prompt has a (I), it means the firewall is in the Inoperable state.  This is not the same as the Ineligible state.  For more information on the Inoperable state, see KB11338.

    ssg550(B)-> get nsrp  <---note that firewall prompt is not (I)
    nsrp version: 2.0

    cluster info:
    cluster id: 1, no name
    local unit id: 10923520   <---note local unit ID of this firewall
    active units discovered:
    index: 0, unit id:  10923520, ctrl mac: 001210000e07, data mac: 001210000e07
    index: 1, unit id:   8345472, ctrl mac: 000580000787, data mac: 000580000787
    total number of units: 2
    (snip)
    group priority preempt holddown inelig   master       PB other members
        0      100 no             3 no      8345472     none myself(ineligible)  <-------
    total number of vsd groups: 1
    (snip)
  4. How do you get a firewall VSD out of the ineligible state?

    To get the firewall VSD out of the ineligible state, change the mode of the VSD, i.e. put it in another mode.  Put the VSD in the backup mode by entering the command:

    set nsrp vsd-group id <id> mode backup 
Modification History:
2021-03-24: ‚Äč: Updated the article terminology to align with Juniper's Inclusion & Diversity initiatives.
2020-09-13: Minor, non-technical edits.
 
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search