This article describes the issue of NSM/Junos Space adding the SRX cluster or SRX stand-alone device as a Virtual Chassis.
SRX Virtual Chassis (VC) is a feature to enable inband management of SRX cluster from a netconf management such as Junos Space. For more information, see KB18228 - What is SRX Virtual Chassis and how is it added to NSM?
If both SRX cluster members can be reached by the management system (Space initated connection) or Both cluster members can reach the management system (device initiated connection) then this setting needs to be disabled. When only one member of the cluster can reach the management system, this should be set.
If the SRX devices were configured as a Virtual Chassis in the past for management, then the following condition may occur:
- NSM/Junos Space will continue to recognize the SRX devices as a VC instead of a Cluster member.
- NSM will see the device as a Virtual Chassis.
- Junos Space may fail to establish connectivity with the device.
Perform the following steps:
A. Check device 'netconf' response from SRX
Verify the problem:
-
Execute the following command via any command line SSH client, such as from the NSM or Junos Space Command Line:
# ssh <user>@<deviceip> -s netconf
Where user is the security device's administrator login username and deviceip is the security device's IP address. For example:
# ssh root@10.10.10.1 -s netconf
Where root is the SRX administrator user and 10.10.10.1 is the SRX IP address.
-
After you are connected, you will be presented with the prompt:
</hello>
]]>]]>
-
At the prompt, paste the following command:
<rpc><get-system-information/></rpc><rpc><close-session/></rpc>
-
The following example displays the messages that are received, after the above command is executed:
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/11.4R3/junos">
<system-information>
<hardware-model>srx650</hardware-model>
<os-name>junos-es</os-name>
<os-version>11.4R3.7</os-version>
<serial-number>************</serial-number>
<host-name>asdsrx01</host-name>
<virtual-chassis/>
</system-information>
</rpc-reply>
Notice virtual chassis highlighted in blue above.
If
<virtual-chassis> is shown in your output, then continue to section:
B. Remove virtual-chassis flag from SRX.
B. Remove virtual-chassis flag from SRX
Fix the problem as follows:
-
Delete the Virtual Chassis configuration via the SRX command line:
# delete chassis cluster network-management cluster-master
Note: Type (or copy/paste) the whole command, as it is a hidden command (the ''Tab' key cannot complete the keywords).
# commit
-
After the commit, run the commands as stated above under section 'A. Check device 'netconf' response from SRX' to confirm if virtual-chassis is still seen or not. If seen, continue to step 3 as mentioned below. If it is no longer displayed, the problem should be fixed; you do not need to do step 3.
-
Reboot device:
# request system reboot
Important: You will need to verify this on all devices, and each device may need to be rebooted, if virtual-chassis is not cleared after a commit.