Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Managing the backup device in an NSRP Active/Passive cluster in Transparent mode

0

0

Article ID: KB6264 KB Last Updated: 31 Aug 2010Version: 7.0
Summary:
Managing the secondary device in an Active/Passive pair operating in Transparent mode
Symptoms:
Environment:
  • Active/Passive NSRP configuration
  • Firewalls in Transparent mode
  • Manage the Passive device in NSRP
  • Manage the backup device in Transparent mode
Symptoms & Errors:
  • Cannot manage the passive device
  • No problem with managing the master firewall
 
Solution:

When operating in Transparent mode, the backup in an Active/Passive pair can only be managed from one Layer 2 zone at a time.  By default, this zone is V1-Trust.

If management is needed from V1-Untrust, V1-DMZ, or a custom layer 2 zone, use the command:

set interface vlan1 nsrp manage zone <zone name>

Note: This command must be enabled on both devices in the NSRP cluster.

The current management zone can be checked with the 'get interface vlan1' command:-

204(B)-> get interface vlan1
Interface vlan1:
  number 15, if_info 6000, if_index 0, VLAN tag 1, mode nat
  link inactive, phy-link up/full-duplex
  vsys Root, zone MGT, vr trust-vr
  ip 192.168.1.1/24   mac 0010.dbff.20f0
  manage ip 192.168.1.2, mac 0010.db27.68cf
  ping enabled, telnet enabled, SCS enabled, SNMP enabled
  web disabled, SSL enabled
  webauth disabled, webauth-ip 0.0.0.0
  OSPF disabled BGP disabled
  DHCP-elay disabled
  bandwidth: physical 100000kbps, configured 0kbps, current 0kbps
             total configured gbw 0kbps, total allocated gbw 0kbps
  unknown mac address resolve method: FLOOD
  vlan trunk: Off
  bypass others IPSEC: Off
  In backup mode, only traffic from V1-TRUST can manage the box

Note:  Ensure that the manage-ip addresses are different for both the primary and backup firewalls.  For more information on configuring a manage IP address, refer to KB4059.

For more info on interface VLAN1, see KB4862 :  What is the function of the vlan1 interface.

 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search