Furthermore, having a dedicated interface for ha icl doesn't appear to
be required to get this working. I just flipped my config to using the
untrust interface and its associated ip addresses on both srx nodes
i did "deactivate security zones security-zone halink" and then
redefined my HA ICL peering to be via ae1.0 (which is my untrust
interface) and used those ip's. works.
Just nice to know in case you can't or don't want to setup a separate
(3rd) interface and zone dedicated for ha icl.
root@srx01> show configuration chassis high-availability local-id |
display set
set chassis high-availability local-id 1
set chassis high-availability local-id local-ip 139.139.139.226
root@srx01> show configuration chassis high-availability peer-id 2 |
display set
set chassis high-availability peer-id 2 peer-ip 139.139.139.227
set chassis high-availability peer-id 2 interface ae1.0
set chassis high-availability peer-id 2 liveness-detection
minimum-interval 400
set chassis high-availability peer-id 2 liveness-detection multiplier 5
root@srx02> show configuration chassis high-availability local-id |
display set
set chassis high-availability local-id 2
set chassis high-availability local-id local-ip 139.139.139.227
root@srx02> show configuration chassis high-availability peer-id 1 |
display set
set chassis high-availability peer-id 1 peer-ip 139.139.139.226
set chassis high-availability peer-id 1 interface ae1.0
set chassis high-availability peer-id 1 liveness-detection
minimum-interval 400
set chassis high-availability peer-id 1 liveness-detection multiplier 5
-Aaron
_______________________________________________
juniper-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/juniper-nsp
