Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] Unable to configure a Track-IP on a sub-interface or native / physical interface

0

0

Article ID: KB4475 KB Last Updated: 30 Mar 2015Version: 5.0
Summary:

This article explains why users are unable to specify a Track-IP on a physical or sub-interface. Track IPs require that there be a manage-ip configured on the interface which routes to the IP being tracked.

Symptoms:

Configuration is as follows, but track-ip fails.

set interface eth1/1 zone null

set interface eth1/1.107 zone Trust

set interface eth1/1.107 ip 10.10.10.12/24

set nsrp track-ip ip 10.10.10.250 weight 100
set nsrp monitor track-ip threshold 125
set nsrp monitor track-ip ip 1.1.1.250 interval 20
set nsrp monitor track-ip ip 1.1.1.250 time-out 10
set nsrp monitor track-ip

ip address      interval threshold  weight  tmout  interface  meth  fail-count success-rate
10.10.10.250    1        3          128     1      auto       ping  152        0%
Cause:

Although the above example configuration is specific to a sub-interface, the issue is the same for sub-interfaces or native/physical interfaces. Track IPs require that there be a manage-ip configured on the interface which routes to the IP being tracked. In this case, the sub-interface eth1/1.107 does not have a manage-ip address configured.



Solution:

Note:  Track IPs work as follows:

  • The NetScreen device must send a Track IP session using the source IP of the manage IP.
    • Configuring only an interface IP is not sufficient.

  • The Manage IP address must be a different IP address from the IP address of the interface.
    • There is a different MAC address for the Manage IP than for the Interface IP on each interface.

    • The only way to use the Manage-IP MAC is to have an IP address that is different from the the IP address of the interface.


In this specific sub-interface case configure (do not enter subnet mask):

set interface eth1/1.107 manage-ip 10.10.10.100

noteFor more information on various track-ip options in NSRP refer to:

ScreenOS 6.3 Concepts and Examples Guide, Rev 2, High Availability
  
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search