Chassis Cluster Management Interfaces
On SRX Series Firewalls in a chassis cluster, management interfaces allow out-of-band network access and network management to each node in the cluster. For more information, see the following topics:
Understanding Management Interface on an Active Chassis Cluster
Most of SRX Series Firewalls contain an fxp0 interface. The fxp0 interfaces
function like standard management interfaces on SRX Series Firewalls and allow network access to
each node in the cluster.
Management interfaces are the primary interfaces for accessing the device remotely. Typically, a management interface is not connected to the in-band network, but is connected instead to the device's internal network. Through a management interface you can access the device over the network using utilities such as ssh and telnet and configure the device from anywhere, regardless of its physical location. SNMP can use the management interface to gather statistics from the device. A management interface enables authorized users and management systems connect to the device over the network.
Some SRX Series Firewalls have a dedicated management port on the front panel. For other types of platforms, you can configure a management interface on one of the network interfaces. This interface can be dedicated to management or shared with other traffic. Before users can access the management interface, you must configure it. Information required to set up the management interface includes its IP address and prefix. In many types of Junos OS devices (or recommended configurations), it is not possible to route traffic between the management interface and the other ports. Therefore, you must select an IP address in a separate (logical) network, with a separate prefix (netmask).
For most SRX Series chassis clusters, the fxp0 interface is a dedicated port. SRX340 and SRX345 devices contain an fxp0 interface. SRX300 and SRX320 devices do not have a dedicated port for fxp0. The fxp0 interface is repurposed from a built-in interface. The fxp0 interface is created when the system reboots the devices after you designate one node as the primary device and the other as the secondary device.
We recommend giving each node in a chassis cluster a unique IP address for the fxp0 interface of each node. This practice allows independent node management.
Example: Configuring the Chassis Cluster Management Interface
This example shows how to provide network management access to a chassis cluster.
Requirements
Before you begin, set the chassis cluster node ID and cluster ID. See Example: Setting the Chassis Cluster Node ID and Cluster ID.
Overview
You must assign a unique IP address to each node in the cluster to provide network management access. This configuration is not replicated across the two nodes.
If you try to access the nodes in a cluster over the network before you configure the fxp0 interface, you will lose access to the cluster.
In this example, you configure the following information for IPv4:
Node 0 name—node0-router
IP address assigned to node 0—10.1.1.1/24
Node 1 name—node1-router
IP address assigned to node 1—10.1.1.2/24
In this example, you configure the following information for IPv6:
Node 0 name—node0-router
IP address assigned to node 0—2001:db8:1::2/32
Node 1 name—node1-router
IP address assigned to node 1—2001:db8:1::3/32
Configuration
- Configuring the Chassis Cluster Management Interface with IPv4 Addresses
- Verifying the Chassis Cluster Management Interface Configuration (IPv4 Addresses)
- Configuring the Chassis Cluster Management Interface with IPv6 Addresses
Configuring the Chassis Cluster Management Interface with IPv4 Addresses
CLI Quick Configuration
To quickly configure this example, copy the
following commands, paste them into a text file, remove any line breaks,
change any details necessary to match your network configuration,
copy and paste the commands into the CLI at the [edit] hierarchy
level, and then enter commit from configuration mode.
To configure a chassis cluster management interface for IPv4:
{primary:node0}[edit]
user@host#
set groups node0 system host-name node0-router
set groups node0 interfaces fxp0 unit 0 family inet address 10.1.1.1/24
set groups node1 system host-name node1-router
set groups node1 interfaces fxp0 unit 0 family inet address 10.1.1.2/24
set apply-groups “${node}”
Step-by-Step Procedure
To configure a chassis cluster management interface for IPv4:
Configure the name of node 0 and assign an IP address.
{primary:node0}[edit] user@host# set groups node0 system host-name node0-router user@host# set groups node0 interfaces fxp0 unit 0 family inet address 10.1.1.1/24Configure the name of node 1 and assign an IP address.
{primary:node0}[edit] user@host# set groups node1 system host-name node1-router user@host# set groups node1 interfaces fxp0 unit 0 family inet address 10.1.1.2/24Apply the groups configuration to the nodes.
{primary:node0}[edit] user@host# set apply-groups “${node}”If you are done configuring the device, commit the configuration.
{primary:node0}[edit] user@host# commit
Results
From configuration mode, confirm your configuration
by entering the show groups and show apply-groups commands. If the output does not display the intended configuration,
repeat the configuration instructions in this example to correct it.
{primary:node0}[edit]
user@host# show groups
node0 {
system {
host-name node0-router;
}
interfaces {
fxp0 {
unit 0 {
family inet {
address 10.1.1.1/24;
}
}
}
}
}
node1 {
system {
host-name node1-router;
}
interfaces {
fxp0 {
unit 0 {
family inet {
address 10.1.1.2/24;
}
}
}
}
}
{primary:node0}[edit]
user@host# show apply-groups
## Last changed: 2010-09-16 11:08:29 UTC
apply-groups "${node}";If you are done configuring the device, enter commit from configuration mode.
Verifying the Chassis Cluster Management Interface Configuration (IPv4 Addresses)
Purpose
Verify the chassis cluster management interface configuration.
Action
To verify the configuration is working properly, enter
the show interfaces terse, show configuration groups
node node0 interfaces and show configuration groups node
node1 interfaces commands.
{primary:node0} [edit]user@host> show interfaces terse | match fxp0fxp0 up up fxp0.0 up up inet 10.1.1.1/24
{primary:node0} [edit]user@host> show configuration groups node0 interfacesfxp0 { unit 0 { family inet { address 10.1.1.1/24; } } }
{primary:node0} [edit]user@host> show configuration groups node1 interfacesfxp0 { unit 0 { family inet { address 10.1.1.2/24; } } }
Meaning
The output displays the management interface information with their status.
Configuring the Chassis Cluster Management Interface with IPv6 Addresses
CLI Quick Configuration
To quickly configure this example, copy the
following commands, paste them into a text file, remove any line breaks,
change any details necessary to match your network configuration,
copy and paste the commands into the CLI at the [edit] hierarchy
level, and then enter commit from configuration mode.
To configure a chassis cluster management interface for IPv6:
{primary:node0}[edit]
user@host#
set groups node0 system host-name node0-router
set groups node0 interfaces fxp0 unit 0 family inet6 address 2001:db8:1::2/32
set groups node1 system host-name node1-router
set groups node1 interfaces fxp0 unit 0 family inet6 address 2001:db8:1::3/32
Step-by-Step Procedure
To configure a chassis cluster management interface for IPv6:
Configure the name of node 0 and assign an IP address.
{primary:node0}[edit] user@host# set groups node0 system host-name node0-router user@host# set groups node0 interfaces fxp0 unit 0 family inet6 address 2001:db8:1::2/32Configure the name of node 1 and assign an IP address.
{primary:node0}[edit] user@host# set groups node1 system host-name node1-router user@host# set groups node1 interfaces fxp0 unit 0 family inet6 address 2001:db8:1::3/32If you are done configuring the device, commit the configuration.
{primary:node0}[edit] user@host# commit
Results
From configuration mode, confirm your configuration
by entering the show groups and show apply-groups commands. If the output does not display the intended configuration,
repeat the configuration instructions in this example to correct it.
{primary:node0}[edit]
user@host# show groups
node0 {
system {
host-name node0-router;
}
interfaces {
fxp0 {
unit 0 {
family inet6 {
address 2001:db8:1::2/32;
}
}
}
}
}
node1 {
system {
host-name node1-router;
}
interfaces {
fxp0 {
unit 0 {
family inet6 {
address 2001:db8:1::3/32;
}
}
}
}
}
{primary:node0}[edit]
user@host# show apply-groups
## Last changed: 2010-09-16 11:08:29 UTC
apply-groups "${node}";If you are done configuring the device, enter commit from configuration mode.
Verification
Verifying the Chassis Cluster Management Interface Configuration (IPV6 Addresses)
Purpose
Verify the chassis cluster management interface configuration.
Action
To verify the configuration is working properly, enter
the show interfaces terse and show configuration groups
node0 interfaces commands.
{primary:node0} [edit]user@host> show interfaces terse | match fxp0fxp0 up up fxp0.0 up up inet 2001:db8:1::2/32
{primary:node0} [edit]user@host> show configuration groups node0 interfacesfxp0 { unit 0 { family inet { address 2001:db8:1::2/32; } } }
{primary:node0} [edit]user@host> show configuration groups node1 interfacesfxp0 { unit 0 { family inet { address 2001:db8:1::3/32; } } }
Meaning
The output displays the management interface information with their status.