Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] Not able to ping self interface IP, when interface is in non-default VR

0

0

Article ID: KB32538 KB Last Updated: 28 Mar 2018Version: 1.0
Summary:

This article provides a work-around for pinging an interface in a non-default VR.

Symptoms:

If an interface is moved to a non-default VR, self pings to it are not successful, i.e., one will not be able to ping its IP source self interface.

Example:


The following configuration is set:

set zone name <zone-name>
set vr name <vr-name>
set interface <interface id> zone <zone-name>

ex: set vr name custom
    set zone name custom
    set zone custom vr custom
    set interface zone custom
    set interface ip <x.x.x.x> 

Note: A custom zone has been created; however the interface can be in any default zone.

When trying to ping the interface IP with the source interface as itself, it is unsuccessful and it reports an ICMP timeout.

ping x.x.x.x from interface <interface ip> 

ex: 
ping 192.168.1.1 from interface eth1/1
Type escape sequence to abort

Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 1 seconds from ethernet1/1
.....
Success Rate is 0 percent (0/5)

 

Cause:

‚ÄčThe reason why this doesn't work is because the ping to the device is considered management traffic, and it will respond on the default-vr.

Solution:

In this scenario, there is a work-around to check the liveliness of the interface. Create a route from the trust VR towards the non-default VR; then one will able to ping it from the trust VR.

set route <x.x.x.x/y> vr <non default vr name>
ex:
set route 192.168.1.0/24 vr custom

ping 192.168.1.1
Type escape sequence to abort

Sending 5, 100-byte ICMP Echos to 10.141.222.151, timeout is 1 seconds
!!!!!
Success Rate is 100 percent (5/5), round-trip time min/avg/max=0/0/1 ms




 
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search