SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  show interface doesnt tell you the mac address of the interface

    Posted 05-08-2017 13:01

    Yes yes. cisco guy logging into an SRX for like the 5th time ever and I want to know what the mac address of my interface is.

     

    Im troubleshooting a L2 problem and want to make sure I have a path to the firewall interface, but cant for the life of me figure out how to display the physical address of the interface.

     

    Thankyou for your patience. I know im probably a lost cause.

     

    Specifically looking for the address of reth1.560

     

    shammond@daysrx01> show interfaces xe-2/0/1                                  
    Physical interface: xe-2/0/1, Enabled, Physical link is Up
      Interface index: 139, SNMP ifIndex: 519
      Link-level type: Ethernet, MTU: 1518, Link-mode: Full-duplex, Speed: 10Gbps, BPDU Error: None,
      MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled,
      Auto-negotiation: Disabled, Remote fault: Offline, Media type: Fiber
      Device flags   : Present Running
      Interface flags: SNMP-Traps Internal: 0x0
      CoS queues     : 8 supported, 8 maximum usable queues
      Current address: 00:10:db:ff:10:01, Hardware address: 10:0e:7e:d1:ae:45
      Last flapped   : 2016-11-01 13:46:10 EDT (26w6d 02:13 ago)
      Input rate     : 9648 bps (10 pps)
      Output rate    : 4984 bps (4 pps)
      Active alarms  : None
      Active defects : None
      Interface transmit statistics: Disabled

      Logical interface xe-2/0/1.374 (Index 89) (SNMP ifIndex 534)
        Flags: SNMP-Traps 0x0 VLAN-Tag [ 0x8100.374 ]  Encapsulation: ENET2
        Input packets : 215639187
        Output packets: 301395432
        Security: Zone: Null
        Protocol aenet, AE bundle: reth1.374   Link Index: 0

      Logical interface xe-2/0/1.375 (Index 87) (SNMP ifIndex 551)
        Flags: SNMP-Traps 0x0 VLAN-Tag [ 0x8100.375 ]  Encapsulation: ENET2
        Input packets : 422939846
        Output packets: 3054392
        Security: Zone: Null
        Protocol aenet, AE bundle: reth1.375   Link Index: 0

      Logical interface xe-2/0/1.550 (Index 99) (SNMP ifIndex 571)
        Flags: SNMP-Traps 0x0 VLAN-Tag [ 0x8100.550 ]  Encapsulation: ENET2
        Input packets : 1901248
        Output packets: 450830
        Security: Zone: Null
        Protocol aenet, AE bundle: reth1.550   Link Index: 0

      Logical interface xe-2/0/1.555 (Index 98) (SNMP ifIndex 570)
        Flags: SNMP-Traps 0x0 VLAN-Tag [ 0x8100.555 ]  Encapsulation: ENET2
        Input packets : 1426062
        Output packets: 1                   
        Security: Zone: Null
        Protocol aenet, AE bundle: reth1.555   Link Index: 0

      Logical interface xe-2/0/1.560 (Index 97) (SNMP ifIndex 569)
        Flags: SNMP-Traps 0x0 VLAN-Tag [ 0x8100.560 ]  Encapsulation: ENET2
        Input packets : 1704013
        Output packets: 31345
        Security: Zone: Null
        Protocol aenet, AE bundle: reth1.560   Link Index: 0

      Logical interface xe-2/0/1.565 (Index 96) (SNMP ifIndex 568)
        Flags: SNMP-Traps 0x0 VLAN-Tag [ 0x8100.565 ]  Encapsulation: ENET2
        Input packets : 0
        Output packets: 1
        Security: Zone: Null
        Protocol aenet, AE bundle: reth1.565   Link Index: 0

      Logical interface xe-2/0/1.32767 (Index 88) (SNMP ifIndex 533)
        Flags: SNMP-Traps 0x0 VLAN-Tag [ 0x0000.0 ]  Encapsulation: ENET2
        Input packets : 0
        Output packets: 0
        Security: Zone: Null
        Protocol aenet, AE bundle: reth1.32767   Link Index: 0



  • 2.  RE: show interface doesnt tell you the mac address of the interface

    Posted 05-08-2017 13:08

    Initial thought is just to look at mac-address on reth1;

     

    user@fw> show interfaces reth1 | match Hardware
    Current address: 00:10:db:ff:10:01, Hardware address: 00:10:db:ff:10:01


    #MACAddress
    #SRX


  • 3.  RE: show interface doesnt tell you the mac address of the interface
    Best Answer

    Posted 05-08-2017 13:11

    take this one :

    shammond@daysrx01> show interfaces xe-2/0/1                                  
    Physical interface: xe-2/0/1, Enabled, Physical link is Up
      Interface index: 139, SNMP ifIndex: 519
      Link-level type: Ethernet, MTU: 1518, Link-mode: Full-duplex, Speed: 10Gbps, BPDU Error: None,
      MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled,
      Auto-negotiation: Disabled, Remote fault: Offline, Media type: Fiber
      Device flags   : Present Running
      Interface flags: SNMP-Traps Internal: 0x0
      CoS queues     : 8 supported, 8 maximum usable queues
      Current address: 00:10:db:ff:10:01, Hardware address: 10:0e:7e:d1:ae:45

     

    the current address is the constructed mac-address for the reth-interface and the attached physical ones

     

    regards

    alexander



  • 4.  RE: show interface doesnt tell you the mac address of the interface

    Posted 05-09-2017 04:35

    See!

    this is how slow I am.

     

    Thanks for that, totally overlooked it because I was scanning for "Hardware:" or "MAC" and saw the hardware address that wasnt the right one and moved on.

    (since I found 0010.dbff.1001 in the cam table on my cisco gear, but really wanted to learn how to find it directly from the SRX)

     

    Okay I will continue my poking around, reading up and hopefully someday be proficient enough to not ask ridiculous questions.

     

    Cheers!

     

     



  • 5.  RE: show interface doesnt tell you the mac address of the interface

     
    Posted 05-08-2017 19:44

    Hi Wooieneck,

     

    Welcome to J-Net Forums!!

     

    You may not see the key-word "mac-address" under 'show interface" output on Junos devices.

     

    MAC addres is specified under "Current address" and  "Hardware address"

     

    Now why current address and hardware address.

     

    Hardware address is the actual MAC for the physical interface and current address is a virtual MAC thats used in SRX clusters, this is different from the physical MAC

     

    SRX cluster nodes use the Virtual MAC for communication , so for troubleshooting purpose you need to use the Current address as SRX MAC address.

     

    How is Current address calculated -  The virtual MAC assigned is based on cluster and interface ID. So if you have 2 SRX cluster with same cluster id (say 1)and both of them have reth0 configured, they both will have same Virtual MAC address . Recommendation is to keep different cluster ID on your network (at least when they are on same L2 domain)

     

    KB13689 explains How is the virtual MAC address derived for reth interfaces on J-Series and SRX. https://kb.juniper.net/KB13689