Hi I am having a problem with the out-of-band management (fxp0)
It is connected to an access port on EX4300, from the EX the Management subnet is tagged onwards through the network(MPLS).
I see in the arp table on the SRX240:
00:10:db:ff:21:d0 172.24.0.1 172.24.0.1 fxp0.0 none
ec:3e:f7:11:9a:61 172.24.9.10 172.24.9.10 fxp0.0 none
54:1e:56:e5:56:40 172.24.9.113 172.24.9.113 fxp0.0 none
54:4b:8c:5f:98:37 172.24.9.164 172.24.9.164 fxp0.0 none
The default gw is 172.24.0.1/18. I am unable to ping the GW from Node0 which is the active SRX, From Node1 (standby), I can ping the GW. Also from the EX4300 I can ping the default GW 172.24.0.1
Also I am unable to access the SRX remotely through ssh. After I login to the EX4300 and do a couple of pings towards the SRX cluster, I can login again. The SRX cluster is managed by Junos Space. The strange thing is that the SRXs are shown online in Space always.
Any help would be greatly appreciated:
This is the arp table on the EX4300:
00:10:db:ff:21:d0 172.24.0.1 172.24.0.1 irb.906 [ae1.0] none
54:1e:56:e6:64:40 172.24.9.110 172.24.9.110 irb.906 [ae1.0] none
54:1e:56:e6:4a:c0 172.24.9.112 172.24.9.112 irb.906 [ge-2/0/0.0] none
54:1e:56:e5:56:40 172.24.9.113 172.24.9.113 irb.906 [ge-3/0/0.0] none
54:4b:8c:5f:98:37 172.24.9.164 172.24.9.164 irb.906 [ge-2/0/16.0] none
54:4b:8c:61:34:37 172.24.9.165 172.24.9.165 irb.906 [ge-3/0/16.0] none
00:10:db:ff:21:d0 172.24.15.254 172.24.15.254 irb.906 [ae1.0] none
172.24.9.112 is SRX240 node0
172.24.9.113 is SRX240 node1
The EX4300 is configured with an irb interface where its IP resides:
set interfaces irb unit 906 family inet address 172.24.9.10/18
set vlans MGT description Management
set vlans MGT vlan-id 906
set vlans MGT l3-interface irb.906
# Interface towards MX960 (MPLS node)
set interfaces xe-0/0/35 ether-options 802.3ad ae1
set interfaces xe-1/0/35 ether-options 802.3ad ae1
set interfaces ae1 description "TO-SWT-MX960-SNC-LAG-20G ae1"
set interfaces ae1 mtu 9192
set interfaces ae1 aggregated-ether-options lacp active
set interfaces ae1 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae1 unit 0 family ethernet-switching vlan members MGT
set interfaces ae1 unit 0 family ethernet-switching vlan members EPC-DATAC
# Interface towards SRX240 cluster
set interfaces ge-2/0/0 description "OOB MNGT - to SRX240-SNC-CLST-NODE0 ge-0/0/0"
set interfaces ge-2/0/0 unit 0 family ethernet-switching interface-mode access
set interfaces ge-2/0/0 unit 0 family ethernet-switching vlan members MGT
set interfaces ge-3/0/0 description "OOB MNGT - to SRX240-SNC-CLST-NODE1 ge-5/0/0"
set interfaces ge-3/0/0 unit 0 family ethernet-switching interface-mode access
set interfaces ge-3/0/0 unit 0 family ethernet-switching vlan members MGT
### SRX240 cluster config:
set groups node0 system host-name SETAR-SRX240-SNC-CLUSTER-NODE-0
set groups node0 system backup-router 172.24.0.1
set groups node0 system backup-router destination 0.0.0.0/0
set groups node0 system services
set groups node0 interfaces fxp0 unit 0 description "OOB Management"
set groups node0 interfaces fxp0 unit 0 family inet address 172.24.9.112/18
set groups node1 system host-name SETAR-SRX240-SNC-CLUSTER-NODE-1
set groups node1 system backup-router 172.24.0.1
set groups node1 system backup-router destination 0.0.0.0/0
set groups node1 system services
set groups node1 interfaces fxp0 unit 0 description "OOB Management"
set groups node1 interfaces fxp0 unit 0 family inet address 172.24.9.113/18
set apply-groups "${node}"
set routing-options static route 0.0.0.0/0 next-hop 172.24.0.1
### MX960 config:
set interfaces xe-11/0/0 gigether-options 802.3ad ae1
set interfaces xe-11/1/0 gigether-options 802.3ad ae1
set interfaces ae1 description "TO-SWT-EX4300-SNC-LAG-20G ae1"
set interfaces ae1 vlan-tagging
set interfaces ae1 mtu 9192
set interfaces ae1 encapsulation flexible-ethernet-services
set interfaces ae1 aggregated-ether-options lacp active
set interfaces ae1 unit 906 description "CPE Management for SPACE"
set interfaces ae1 unit 906 encapsulation vlan-vpls
set interfaces ae1 unit 906 vlan-id 906
set interfaces ae1 unit 906 family vpls