My guess is that the subnet mask is wrong or your forgot to include the right st0.x interface in your ospf area.
Could you please provide relevant configuration snippets from your SRX1500 and what you expect of IP-adressing etc. - then we are better equipped to guide you 🙂
I am also searching for the vectoring firmware 2.16 for my good old srx110h-va.
I opened a ticket but the srx110 is way out of support and apparently there is no way of getting that file now ever again ;(
cnw@juniper> show version
Hostname: juniper
Model: srx110h-va
JUNOS Software Release [12.1X46-D86]
I have an old SRX110H and I need to upgrade the vdsl modem to 2.16.
the SRX110H only takes 12.1X firmware.
I am trying to find the jfirmware-srxsme... files, but given that this model is EOL for a while juniper no longer makes them available.
Can anyone share a copy or flash my router if I send it over?
Conrad
We have seen 4 SRX300 fail recently. Console connection indicates that no boot media is available. Same behavior where they lock up, need reboot to work normally. After a few reboots, they will not boot. These devices are all less than 3 years old. Running 15.1X49-D210 and 220.
Hi,
thank you for your answer. I apologize for my late response.
It would have made more sense that all parameters configured under thresholds could trigger a probe failure (just like successive-loss and total-loss do).
As you suggested I could use event-options. The problem is that the PING_RTT_THRESHOLD_EXCEEDED event is triggered as soon as just one ping exceeds the time. I usually configure my probes to allow for a few ping failures. And I use more then one destination. Does not look so easy to translate to an event script.
Best regards,
Steve
Hi,
Check this link, they explain how to use later version firmware package to upload older version.
Hi,
Thanks for the troubleshooting-lineup.
The last step solved (!!!!!), so i did a, deactivate security log, then commit confirmed 1.
The log started to flow from the box as expected.
...so much time spend on solving this, and it came down to that!
Thanks!
//Rob
Hi!
I have the following problem with my configuration: I cannot get communication between endpoint (in lan) with the router through the FW. Could you help me please?
1) Router -> VLAN 12 and VLAN 20
2) FW:
set interfaces ge-0/0/0 vlan-tagging
VLANS 10
ge-0/0/1
3) PC
Need:
Internal traffic to FW must be utagged
External traffic ge-0/0 / 0.10 to router must be tagged (vlan 10)
Example:
Internal traffic (lan) must reach the FW (pc to fw or pc-sw-fw) untagged (ge-0/0 / 1.0)
This traffic must internally transit from ge-0/0 / 1.0 to ge-0/0 / 0.10 and exit through ge-0/0 / 0.10 to reach the router.
I understand that the untagged traffic entering the FW remains untagged until it reaches ge-0/0 / 0.10 and this is where it is tagged.
Right?
How should I configure ge-0/0 / 1.0 so that it receives untagged traffic and becomes tagged on exit in order to reach the router in vlan 10?
Thanks so much!
Hi Jonas, thank you very much for your help. I ran the precedence but it does not finish communicating my network with members.dyndns.org!
What am I doing wrong, I don't have much knowledge in juniper and networks, I'm a beginner, thanks for your patience.
Result
user@srx> telnet members.dyndns.org port 443
members.dyndns.org: hostname nor servname provided, or not known
user@srx> telnet members.dyndns.org port 80
members.dyndns.org: hostname nor servname provided, or not known
Whether the frame is tagged or untagged is a function of the ethernet port configuration.
Putting both ports as members of the same vlan will have them in the same broadcast domain.
Each port then either tags or not based on that port mode.
So a simple example putting both your ports into vlan 10 and making one tagged and the other untagged.
set vlans v10 interface ge-0/0/0.10
set vlans v10 interface ge-0/0/1.0
set vlans v10 vlan-id 10
set interfaces ge-0/0/0 unit 10 family ethernet-switching port-mode trunk
set interfaces ge-0/0/1 unit 0 family ethernet-switching port-mode access
Hi!
Thanks for your help.
Forgot to tell that this is a SRX 345, so no port-mode is available. Instead interface-mode but this conflicts with your instructions:
[edit vlans VLAN10 interface]
'ge-0/0/0.0'
Interface with 'interface-mode' config is not allowed under vlans
[edit vlans VLAN10 interface]
'ge-0/0/0.0'Interface with 'interface-mode' config is not allowed under vlans
error: configuration check-out failed: (statements constraint check failed)
This is what I've tried, but no luck from pc:
set interfaces ge-0/0/0 unit 0 family ethernet-switching interface-mode trunk
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members VLAN10
set interfaces ge-0/0/1 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members VLAN10
sset interfaces irb unit 10 family inet address xx.xx.xx.xx/xx
set vlans VLAN10 vlan-id 10
set vlans VLAN10 l3-interface irb.10
Do you have another idea?. Thank you so much!
Best regards
I have encountered a similar problem and indeed the TFTP method worked for me.
Hi @eResources
can you please share part of the solution configuration
Does the Cisco ISR4300 supports multicast (OSPF) over IPSec tunnel? I know the Junos st0 does but I've read conflicting information on the Ciscos.
I have Comcast at home and run an SRX100. No problem whatsoever. Do you have a cable modem?
Hi
I did add the ST interface to ospf area, then OSPF works.
The problem i have now is that MPLS doesn't run on ST interfaces, is that right?
Even though I enabled MPLS on st interface without issues on the SRX.
Thanks
Hi!
I need to generate the following configuration:
pc -> fw -> router
All three are on the same vlan (ip on the same network)
So:
If I put a VLAN tag on the PC (vlan 10) with this configuration I can ping the router from the PC and vice versa:
But I need it to work without TAGing the pc. I have tried with these settings:
I have tested only access ge-0/0 / 1.0 and ge-0/0 / 0.10 in vlan-tagging ... PC can ping FW and Router to FW but not PC to FW.
It does not route ..
Is there a way to add a tag to the traffic coming through ge-0/0 /1.0 (access-mode) without using ethernet-switching?
Could someone explain me the difference between family inet an ethernet-switching, I've been looking but can totally understand..
Thank you very much
A greeting!
As suspected your SRX does not have name servers configured it cannot resolve members.dyndns.org to an IP address.
Add two name servers and try again - example with cloudflare and google nameservers but you can also use your ISPs local one if preferred. Then re-test the telnet commands and status of the dynamic dns client.