Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Archive] [ScreenOS] Why is the Source-ip for the Firewall Radius Authentication request seen to be manage-ip of Active (Primary) as well as passive (backup) manage-ip of the interface?

0

0

Article ID: KB6361 KB Last Updated: 26 Dec 2019Version: 5.0
Summary:

It is sometimes seen that firewall authentication requests from the NSRP to Radius server contains the source IP as the manage-ip of Active and Passive Nodes of NSRP cluster.

This article clarifies the reason behind this.

 

Symptoms:

Environment:

  • NSRP v2 Running Active/Passive

Symptoms & Errors:

  • Why is my source ip for Radius Authentication coming from the passive (backup) device manage-ip of the interface as well in addition to Master (Primary) Device manage-ip?

  • Source ip for Radius Authentication is coming from Active Manage ip and Passive Manage ip

 

Solution:

This solution applies to ScreenOS 6.3.0.

If the backup unit has a manage-ip configured for management reachability,  the backup unit will also connect to the Radius server because of the manage-ip configuration. This is as per design.

To stop backup node from connecting to Radius Server, following options are available:-

  1. unset manage-ip

  2. unset link up on slave

To unset link up on slave, please see KB6207 - [Archive] How do I disable link-up-on-slave in 4.0?

 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search