Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] How to enable or disable VLAN tagging on the chassis cluster control port

0

0

Article ID: KB24843 KB Last Updated: 16 Sep 2020Version: 6.0
Summary:

This article provides information on how to enable and disable VLAN tagging on the chassis cluster control port.

Symptoms:
  • One node is upgraded from a version that is prior to or from Junos OS 10.2R2 to 10.4 or later.

  • By default, the VLAN tag on the control port will be in enabled state.

  • The node on which RE has been replaced was downgraded/upgraded from a version after Junos OS 10.2R2 to the same version as the other node and does not join the cluster and goes into split brain; that is, the nodes do not see each other.

Sample Output on NODE-0:

{primary:node0}
root@> show chassis cluster information detail 
node0:
--------------------------------------------------------------------------
Redundancy mode:
    Configured mode: active-active
    Operational mode: active-active

Redundancy group: 0, Threshold: 255, Monitoring failures: none
    Events:
        Aug  5 16:51:18.773 : hold->secondary, reason: Hold timer expired
        Aug  5 16:51:34.789 : secondary->primary, reason: Only node present
Control link statistics:
    Control link 0:
        Heartbeat packets sent: 63115
        Heartbeat packets received: 0
        Heartbeat packet errors: 0
        Duplicate heartbeat packets received: 0
    Control recovery packet count: 0
    Sequence number of last heartbeat packet sent: 63114
    Sequence number of last heartbeat packet received: 0
Fabric link statistics:
    Probes sent: 63114
    Probes received: 0
    Probe errors: 0
    Probes not processed: 0             
    Probes dropped due to control link down: 0
    Probes dropped due to fabric link down: 0
    Sequence number of last probe sent: 63114
    Sequence number of last probe received: 0
Chassis cluster LED information:
    Current LED color: Red
    Last LED change reason: Peer node: node1 is not present
Control port tagging:
    Enabled 

{primary:node0}
root> show chassis cluster status
Cluster ID: 1
Node    Priority   Status  Preempt  Manual  failover
Redundancy group: 0,Failover count: 1
node0       1        primary  no  no
node1       0        lost     n/a n/a

Sample Output on NODE-1:

{primary:node1}
root> show chassis cluster information detail 
node1:
--------------------------------------------------------------------------
Redundancy mode:
    Configured mode: active-active
    Operational mode: active-active

Redundancy group: 0, Threshold: 255, Monitoring failures: none
    Events:
        Aug  5 16:50:52.904 : hold->secondary, reason: Hold timer expired
        Aug  5 16:56:38.711 : secondary->primary, reason: Remote yield (1/0)
Control link statistics:
    Control link 0:
        Heartbeat packets sent: 64212
        Heartbeat packets received: 337
        Heartbeat packet errors: 0
        Duplicate heartbeat packets received: 0
    Control recovery packet count: 0
    Sequence number of last heartbeat packet sent: 64210
    Sequence number of last heartbeat packet received: 361
Fabric link statistics:
    Probes sent: 64210
    Probes received: 0
    Probe errors: 0
    Probes not processed: 0             
    Probes dropped due to control link down: 0
    Probes dropped due to fabric link down: 0
    Sequence number of last probe sent: 64210
    Sequence number of last probe received: 0
Chassis cluster LED information:
    Current LED color: Red
    Last LED change reason: Peer node: node0 is not present
Control port tagging:
    Disabled

{primary:node1}
root> show chassis cluster status    
Cluster ID: 1 
Node    Priority   Status  Preempt  Manual failover 

Redundancy group: 0 , Failover count: 1    
node0       0         lost    n/a  n/a     
node1       1         primary no   no 

 

Cause:

One device is sending a tagged heartbeat and the other is sending an untagged heartbeat, because VLAN tagging is enabled on one node and disabled on the other node.

 

Solution:

Prior to Junos OS 10.2R3, in the chassis cluster, VLAN tagging was enabled by default on the control port. From Junos OS 10.2R3, by default VLAN tagging is not enabled on the control port.

To check control port tagging status, execute the show chassis cluster information detail command and look for Control port tagging:

admin@host> show chassis cluster information detail
.
Control port tagging:
Disabled

On one node, it is enabled and on the other node, it is disabled.

It is also possible to check the same by taking packet capture of the control port from both nodes. In one node, the packet will be tagged with vlan-id 4094 and the other packet will not have any tagging. VLAN tagging on the control port can be enabled or disabled by using the following command:

admin@host> set chassis cluster control-link-vlan enable/disable

Note: control-link-vlan is a hidden command on the SRX platform. Users must manually configure this command.

As VLAN tagging is disabled on the control port in versions that are later than Junos OS 10.2R2, it is recommended to disable tagging on both nodes.

 

Modification History:

2020-03-03: Changed vlan-id from 4096 to 4094 in Solution section
2020-09-16: minor non-technical change.

 

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search