Hi,
This seems to a known issue where the DHCP might be having issues and the service release under 18.2R3-S1 are the only ones affected.
https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1464267
Hope this information helps.
Thanks,
Pradeep
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
As the product SRX100B/H is End of Life and End of Support, I doubt if the recommended version will be further updated.
Regards,
Pradeep Kumar M
Hi aungzawtun,
I have 2 srx340 to configured as cluster in transparent mode. I have checked online for documentation all I get is the cluster config in routed mode. Could you please share your full config with me.
It will be much appreciated.
Regards
Good afternoon, can someone tell me why I get ping 192.168.100.10 and 192.168.8.1 no? if they are configured the same and another question, is it possible to add several interfaces to a virtual router? Thanks in advance
root# show
## Last changed: 2019-10-18 12:07:40 UTC
version 12.3X48-D85.1;
interfaces {
ge-0/0/4 {
vlan-tagging;
unit 0 {
family bridge {
interface-mode trunk;
vlan-id-list [ 2500 3500 ];
}
}
}
ge-0/0/5 {
vlan-tagging;
unit 0 {
family bridge {
interface-mode trunk;
vlan-id-list [ 2500 3500 ];
}
}
}
irb {
unit 2500 {
family inet {
address 192.168.100.10/24;
}
}
unit 3500 {
family inet {
address 192.168.8.1/24;
}
}
routing-instances {
VRPRUEBA {
instance-type virtual-router;
interface irb.2500;
}
bridge-domains {
Mybridge {
vlan-id 2500;
routing-interface irb.2500;
}
Mybridge2 {
vlan-id 3500;
routing-interface irb.3500;
}
}
vlans {
VLAN2500 {
vlan-id 2500;
interface {
irb.2500;
}
l3-interface irb.2500;
}
VLAN3500 {
vlan-id 3500;
interface {
irb.3500;
}
l3-interface irb.3500;
}
[edit]
root#
Is it possible to add more than one interface to a virtual router? Thanks again
Hi All,
Could someone please help me with this issue. I have 2 SRX340 to cluster, however I have setup a lab on EVE to configure and test before configuring the SRX340.
I'm unable to ping from the PC on my Trusted zone to the Router on the Untrusted zone. I'm not sure if I'm missing something. Any help will be appreciated
JUNOS 17.3R1.10
I have attached the topology
To confirm all chasis interfaces are up and I have run all the necessary command to make sure the cluster is fine.
PC - 10.10.10.5/24 - Trusted Zone
Router - 10.10.10.1/24 - Untrusted Zone.
Below is the config :
set groups node0 system host-name srx-a
set groups node0 interfaces fxp0 unit 0 family ethernet-switching interface-mode access
set groups node0 interfaces fxp0 unit 0 family ethernet-switching vlan members vlan-254
set groups node0 interfaces irb unit 0 family inet address 192.168.254.53/24
set groups node1 system host-name srx-b
set groups node1 interfaces fxp0 unit 0 family ethernet-switching interface-mode access
set groups node1 interfaces fxp0 unit 0 family ethernet-switching vlan members vlan-254
set groups node1 interfaces irb unit 0 family inet address 192.168.254.54/24
set apply-groups "${node}"
set chassis cluster reth-count 2
set chassis cluster redundancy-group 0 node 0 priority 200
set chassis cluster redundancy-group 0 node 1 priority 100
set chassis cluster redundancy-group 1 node 0 priority 200
set chassis cluster redundancy-group 1 node 1 priority 100
set interfaces fab0 fabric-options member-interfaces ge-0/0/1
set interfaces fab1 fabric-options member-interfaces ge-7/0/1
set interfaces ge-0/0/3 gigether-options redundant-parent reth0
set interfaces ge-7/0/3 gigether-options redundant-parent reth0
set interfaces ge-0/0/2 gigether-options redundant-parent reth1
set interfaces ge-7/0/2 gigether-options redundant-parent reth1
set interfaces reth0 redundant-ether-options redundancy-group 1
set interfaces reth0 unit 0 family ethernet-switching interface-mode access
set interfaces reth0 unit 0 family ethernet-switching vlan members vlan-10
set interfaces reth1 redundant-ether-options redundancy-group 1
set interfaces reth1 unit 0 family ethernet-switching interface-mode access
set interfaces reth1 unit 0 family ethernet-switching vlan members vlan-10
set security zones security-zone Trusted
set security zones security-zone Untrusted
set security zones security-zone Trusted host-inbound-traffic system-services all
set security policies from-zone Trusted to-zone Untrusted policy trust-untrust match source-address any
set security policies from-zone Trusted to-zone Untrusted policy trust-untrust match destination-address any
set security policies from-zone Trusted to-zone Untrusted policy trust-untrust match application any
set security policies from-zone Trusted to-zone Untrusted policy trust-untrust then permit
set vlans vlan-10 vlan-id 10
set vlans vlan-254 vlan-id 254
set vlans vlan-254 l3-interface irb.254
set routing-options static route 0.0.0.0/0 next-hop 192.168.254.254
===================================================
SW3- config : Just layer 2
!
interface Ethernet0/0
switchport access vlan 10
switchport mode access
!
interface Ethernet0/1
switchport access vlan 10
switchport mode access
!
interface Ethernet0/2
switchport access vlan 10
switchport mode access
!
interface Ethernet0/3
!
===================
SW3- config : Just layer 2
!
interface Ethernet0/0
switchport access vlan 10
switchport mode access
!
interface Ethernet0/1
switchport access vlan 10
switchport mode access
!
interface Ethernet0/2
switchport access vlan 10
switchport mode access
Hello,
I am stuck with the same issue.
It's been several months since there is no fix
To use the Jweb interface which version should I install?
Best regards
Gilles
Sure, I can see it. I have played withe the settings in SecureCRT and cant get a live connection to it. These are my settings;
BAUD 38400
DATA: 8
PARITY: NONE
STOP BITS: 1
Is that correct?
The default settings are 9600 8N1.. So try changing your baud rate and revert with the result.
Success, thanks. Not working on a colleagues machine but working on mine 
There are several issues in the provided config:
So this setup will be quite different on a vSRX platform. You don't have eg. an SRX300 available to the proof of concept? The transparant part should be similar in a cluster except interface naming.
So this is your excuse for stiffing me with bad firmware? More encouragement to go to a different vendor for my network equipment in the very near future.
set groups node0 system host-name srx-a
set groups node0 interfaces fxp0 unit 0 family inet address 192.168.1.52/24
set groups node1 system host-name srx-b
set groups node1 interfaces fxp0 unit 0 family inet address 192.168.1.53/24
set apply-groups "${node}"
set chassis cluster reth-count 2
set chassis cluster redundancy-group 0 node 0 priority 200
set chassis cluster redundancy-group 0 node 1 priority 100
set chassis cluster redundancy-group 1 node 0 priority 200
set chassis cluster redundancy-group 1 node 1 priority 100
set interfaces fab0 fabric-options member-interfaces ge-0/0/2
set interfaces fab1 fabric-options member-interfaces ge-5/0/2
set interfaces ge-0/0/4 gigether-options redundant-parent reth0
set interfaces ge-5/0/4 gigether-options redundant-parent reth0
set interfaces ge-0/0/0 gigether-options redundant-parent reth1
set interfaces ge-5/0/0 gigether-options redundant-parent reth1
set interfaces reth0 vlan-tagging
set interfaces reth0 redundant-ether-options redundancy-group 1
set interfaces reth0 unit 0 family ethernet-switching interface-mode trunk
set interfaces reth0 unit 0 family ethernet-switching vlan members vlan10
set interfaces reth1 vlan-tagging
set interfaces reth1 redundant-ether-options redundancy-group 1
set interfaces reth1 unit 0 family ethernet-switching interface-mode trunk
set interfaces reth1 unit 0 family ethernet-switching vlan members vlan10
set interfaces irb unit 10 family inet address 10.10.10.1/24
set protocols l2-learning global-mode transparent-bridge
set security zones security-zone Trusted
set security zones security-zone Untrusted
set security zones security-zone Trusted host-inbound-traffic system-services all
set security zones security-zone Untrusted interfaces reth0.0
set security zones security-zone Trusted interfaces reth1.0
set security policies from-zone Trusted to-zone Untrusted policy trust-untrust match source-address any
set security policies from-zone Trusted to-zone Untrusted policy trust-untrust match destination-address any
set security policies from-zone Trusted to-zone Untrusted policy trust-untrust match application any
set security policies from-zone Trusted to-zone Untrusted policy trust-untrust then permit
Thanks
Well, every vendor stops pushing updates at one point. In this case the SRX100B and SRX100H has not been sold since May 2014, more than 5 years ago. Providing software updates after 5 years is usual in this market.
Yes, Juniper apparantly broke J-web in the last maintenance release before the Junos 12.1X46 software train went EoL after 6-7 years but I expect they also fixed other stuff. You can still fully manage your SRX100B/SRX100H via cli why this is seen as a minor bug and not a priority.
So basically my point being: Other vendors are doing exactly the same in regards to EOL and decline bugfixing EOL'ed software.
some of us can manage via cli, some cannot. I'm just wondering why we are accepting bad firmware from Juniper. Windows 7 is eol but Microsoft still occasionally patches it.
Post 12.1X46-D66, it has been an Extended support for SRX100B/H series devices which eventually ended with 12.1X46-D86 on 10th May 2019.
FYI, similar end of extended support for Microsoft is Jan 14, 2020.
If J-web is the priority, this issue is not seen on 12.1X46-D82 which is the version prior to 12.1X46-D86. However, before you try 12.1X46-D82, please read through the release notes for the features, functionality, fixes and any known outstanding issues will apply to your specific network and applications.
What is the right tool for the job then? We are experincing the same issues. We have SRX340 and the DataCenter uplinks are seeing active/active issues. How do you go about fixing this?
Hi,
Yes you can have more than one interface in a virtual-router. However, to help you with the ping situation I need to better understand your topology that I assume it looks like this, please confirm this:
HostA-(192.168.100.X)----|
| irb.2500 (192.168.100.10)
Switch----------(ge-0/0/4)-SRX
| irb.3500 (192.168.8.1)
HostB-(192.168.8.X)------|
Are you trying to ping 192.168.100.10 and 192.168.8.1 from only one host? (lets say Host A) If so, we need to note that irb.2500 is under a virtual-router hence it is not aware of the subnet linked to irb.3500 unless we include irb.3500 in the same virtual router or configure a mechanism to make sure virtual-router VRPRUEBA knows about irb.3500 subnet.
Also I can see that you are using family bridge on your physical interfaces? are you configuring transparent mode in that SRX? I believe they should be family ethernet-switching.
Hi
lpaniagua.
What I intend with my topology is in an interface, to have 2 or more virtual routers that distribute ips with DHCP server regardless of the VLAN they access, what they ask me is to bridge that interface to host several interfaces, I am a Little confusing if it would be the best way but it is what I need.
Are you trying to ping 192.168.100.10 and 192.168.8.1? I am doing it from Juniper host using run ping 196.168.8.1 and not using run ping 196.168.8.1 routing-instance myvirtualrouter.
I do not understand why when pinging 192.168.8.1 he answers:
root# run ping 192.168.8.1
PING 192.168.8.1 (192.168.8.1): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host
ping: sendto: No route to host
^C
--- 192.168.8.1 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
I tried to do it in transparent mode but it told me that I could not create virtual routers on that interface if I remember correctly.
Thanks!!
I loaded a config in Notepad++ and cut/paste into the terminal and got:
> test configuration terminal [Type ^D at a new line to end input] ## Last changed: 2019-08-30 05:57:27 GMT-8 version 12.1X44-D35.5; ...
terminal:359:(9) error recovery ignores input until this point: }
[edit security zones security-zone data43]
'}'
error recovery ignores input until this point
policies {
from-zone core to-zone Internet {
policy All_core_Internet {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
...
phone44 {
vlan-id 442;
}
}
terminal:551:(1) error recovery ignores input until this point: }
[edit security]
'}'
error recovery ignores input until this point
terminal:551:(0) syntax error: }
[edit security]
''
syntax error
error: configuration syntax failedSeemingly I have an error with a curly bracket, or is it something else? I tried replacing tabs with spaces. I'm pasting into a Mac terminal using screen.
Hello,
wrote: Seemingly I have an error with a curly bracket, or is it something else? I tried replacing tabs with spaces. I'm pasting into a Mac terminal using screen.
You have likely made an error with missing curly bracket _AND_ possibly something else but this "something else" won't be discovered by JUNOS syntax checker until You fix that curly bracket error and re-run "test configuration terminal".
As a side note, copy-pasting big text blocks into telnet/ssh terminal is always a source of funny errors because chars can get missing in transit without You noticing, due to telnet/ssh server not keeping up with pace of incoming information. To minimise possibility of this happening, configure char send delay + line send delay in Your terminal emulator program (SecureCRT supports it, Putty does not).
HTH
Thx
Alex