Help with Juniper SRX HA

B

Berg0

[H]ard|Gawd
Joined
May 16, 2005
Messages
1,038
Hey guys,

This is my first time using JUNOS, so go easy on me, haha. I'm rolling out some SRX100 HA pairs to a customers branch office, and I'm just working on the HA config, but having trouble committing my config.

I'm working off of this KB article: http://kb.juniper.net/KB15669

Code: 
Create FAB links (data plane links for RTO sync, etc). For this example we will use physical ports fe-0/0/1 from each node.
On device A:
{primary:node0}
# set interfaces fab0 fabric-options member-interfaces fe-0/0/1    -fab0 is node0 (Device A) interface for the data link 
# set interfaces fab1 fabric-options member-interfaces fe-1/0/1    -fab1 is node1 (Device B) interface for the data link

but I get the following error when I try to do a commit:

Code: 
{primary:node0}[edit]
root@Outlook-FW-01# commit
[edit interfaces fab0 fabric-options member-interfaces]
  'fe-0/0/1'
    Logical unit is not allowed on fabric member
error: commit failed: (statements constraint check failed)

So as you can see I am being told to use fe-0/0/1 for the FAB link on each device, but it won’t commit the config. Any suggestions?
 
If you notice your second statement you have fe-1/0/1, but the first srx is fe-0/0/1


Also if it helps try commit confirmed to test if the config passes.. if it does then you can commit.
 
the ports get renamed on node1 when the pair is configured in HA,
so fe-0/0/1 on node0 = fe-1/0/1 on node1

or am I on crack? haha.
 
figured it out, I had some remnants of switching config in there, can't have switching enabled in HA, not a supported configuration. got rid of references to a previously configured VLAN and away it went. weird.
 
so, still running into some issues with my config. does anyone know much about how to properly configure the fxp interfaces for the nodes in the cluster? I'm not sure if I'm supposed ot bind them to physical ports other than my trusted reth's or if they are supposed to be accessible through my trust reth. During HA config it complained about them being on the same subnet as my trust reth, which is odd, but I guess they really want them to be out of band management?
I understand from the documentation I've read I can only access J-web from the primary node and only cli access on the secondary, but I can't access either fxp address
 
there is actually a pretty good step-by-step on the juniper site
sorry got the link in the office :(

Just went through the pain of setting up our srx100's in HA best starting point...

New config delete anything switching , enable chassis clustering and then fabrics and from there configure interfaces.

keep in mind on the srx 100 the 0/0/7 and 6 become fxp0 and 1 !

And there is many more pitfalls like that :p
 
I'm following this one http://kb.juniper.net/KB15669

and yes, "fe-0/0/6 will be used as fxp0 for individual management of each of the devices"

-D'oh, totally missed that one

I've got 3 HA pairs of SRX100's and 2 HA pairs of SRX240's to configure, I should be pretty decent with JUNOS after this.. LOL
 
I was stupid, and didn't realize (how i missed this I'm not sure) that all the management interface config got blown away when I deleted my VLANs before enabling HA.

set system services ssh
set system services telnet
set system services web-management http interface reth0.0
set system services web-management https system-generated-certificate
set system services web-management https interface reth0.0

and now I'm all good :) my management interfaces were assigned to vlan0.0 before, and SRX's in HA don't support L2 switching

I feel like such a total n00b
 
You must log in or register to reply here.
Back
Top