Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] How is the virtual MAC address for a pair of Active/Passive firewalls derived?

0

0

Article ID: KB7435 KB Last Updated: 27 Dec 2017Version: 6.0
Summary:
How is the virtual MAC address for a pair of Active/Passive firewalls derived?
Symptoms:

Environment:

  • NSRP Active Passive
  • VMAC
  • ARP table on router or switch

Symptoms & Errors: 

  • Duplicate MAC address seen when 2 NSRP Clusters with same Cluster ID and VSD-Group are attached to the same switch.
Solution:
NOTE:  If running ScreenOS 6.1 or later, also refer to KB11150 - Virtual MAC (VMAC) address for HA pair when using nsrp-max-cluster and nsrp-max-vsd variables.
 

The virtual MAC address for the shared interface of an Active/Passive NSRP pair has the following format:  

00.10.db.ff.<wx>.<yz>

where

w - cluster ID (id:1 -> 2, id:2 -> 4, id:3 -> 6, id:4 -> 8, id:5 -> a, id:6 -> c, id:7 -> e)
xy - interface number in hex
z - vsd group


For example, you can see the virtual MAC address for eth2/1 below (shown in the 'get int' output). 

eth2/1           0.0.0.0/0          Trust       0010.dbff.a070    -   D   0   Root

The cluster ID is 5 (which translates to a from the above formula). 
The interface # is 07 (shown in the 'get int eth2/1' output). 
The VSD group ID is 0.

ns5200(M)-> get config | inc nsrp
set nsrp cluster id 5
set nsrp vsd-group id 0 priority 100

ns5200(M)-> get int eth2/1
Interface ethernet2/1(VSI):
  number 7, if_info 229432, if_index 0, mode nat


 
Modification History:
2017-12-26: Article reviewed for accuracy. Added ScreenOS tag to the title. Article is correct and complete.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search