Sounds like the interface did not put into group, and should use fxp0 ip instead
Regards -mike On Mar 22, 2011, at 12:05, Pavel Lunin <plu...@senetsy.ru> wrote: >> >> While testing the failover in SRX650 cluster. I have removed the control >> link between the primary and secondary. The secondary node went to >> ineligible mode. The secondry FW is still accessible through OoB >> interface. When I returned back the control link I couldn't reach the FW >> through OoB interface "ge-0/0/0". The only way to access the box is >> through console and found the secondary firewall is in disable mode. >> Then when I rebooted the whole firewall, it worked normally. Is it >> normal? And how to reach the secondary firewall remotely in case of >> control link flap? I have faced the same issue when removing the fab >> link. >> >> >> > Looks like a routing issue. Try to check it out with "show route a.b.c.d" > command, when you access the disabled box through the console port, where > a.b.c.d is IP address of the machine, you are trying to get remote access > form. Most probably it will show you something different from a route > pointing through fxp0. If this is the case, you need to configure a backup > router, which would make the disabled node (which does not run rpd) to route > packets to the management station through fxp0. > > http://www.juniper.net/techpubs/en_US/junos10.0/information-products/topic-collections/config-guide-system-basics/backup-router-configuring.html > > BTW, next time you want the public to guess the solution for your issue, try > to be a bit more informative in providing basic troubleshooting details. E. > g. instead of just saying "I couldn't reach the FW through OoB interface > "ge-0/0/0"", it would've been better to say something like "I checked the > whole path from my machine a.b.c.d/24 to the fxp0 interface of the node1, > which has address w.x.y.z/24 and… I see the packets coming to the > penultimate hop router, but the FW's fxp0 interface, which is the next and > last hop, does [not] respond to ARP requests… Than I tried to ping my > machine back from the FW with "ping a.b.c.d interface fxp0", and got the > following output… than I performed a traceroute… I checked what comes to the > fxp0 interface with "monitor traffic interface fxp0" and saw…", etc. > > Otherwise, I'm afraid, this sort of gambling-style troubleshooting, in which > you ask us to help you, will not be much effective anyway. Monte-Carlo is a > good method but it's too slow in convergence. > > -- > Pavel > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp