Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] How to form a SRX240 cluster over EX2200 switches

0

0

Article ID: KB23995 KB Last Updated: 04 Mar 2017Version: 2.0
Summary:
This article provides information on how to form a SRX 240 cluster over EX2200 switches.
Symptoms:
Topology:
SRX240--------EX2200-------EX2200------SRX240
Cause:

Solution:
The following sample configuration used to create a cluster with SRX and EX2200 switches. The SRX 240 basic model is used in this scenario.

The specificatons on the EX2200 device are as follows:
  • The ports on EX220, which connect to the SRX device, should be in the trunk mode:
  • The MTU size should be 9014.
  • The VLAN-ID should be 4094.
The following configuration should be implemented on the EX 2200 switches:
set interfaces ge-0/0/0 mtu 9014
set interfaces ge-0/0/0 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members 4094
set interfaces ge-0/0/1 mtu 9014
set interfaces ge-0/0/1 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members 4094
set interfaces ge-0/1/0 mtu 9014
set interfaces ge-0/1/0 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/1/0 unit 0 family ethernet-switching vlan members 4094
After 10.4, the existing virtual LAN (VLAN) tag, which is used for control-link traffic, will be replaced with the use of the experimental 0x88b5 Ether type. However, backward compatibility is also supported for devices, which have already been deployed in the chassis cluster with VLAN tagging. So, with the 10.4 release on SRX, you do not have to set the trunk mode with vlan-id 4094 on the interface of EX switches. For more information, refer to KB23929 - [SRX] Nodes of a cluster go into Primary/Lost state after replacement of the RE or entire system.

When clustering over the L2 switch, you do not have to implement any extra configuration/settings on SRX, as compared to clustering with a back-to-back connection. If removing the switch resolved the issue, then the issue is with the switch.

Ensure that interfaces for the cluster on switches have the maximum MTU configured, which for all platforms is 9014, with the exception of the SRX100s that require an MTU of 1632. Additionally, make sure that the switch is not performing the IP legitimate check, as SRX is using juniper proprietary protocol for HA inter communication.

For troubleshooting clustering over the L2 switch issues, refer to the following articles:

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search