SRX

I have had a little trouble with the routing instance of a virtual switch. The trouble is that it does something I've never seen my srx300 do. It gets stuck in dhcp apipa and is not accessible. I did not send it to rescue. I had to roll it back, which if I had chosen to do(rescue), is dangerous. But still perhaps it would be fine given a full reset. So a word to the wise. Make sure apipa is a policy before this. Does anyone actually have this working.

Can someone explain if other parts can work in this statement? It seems skimpy. My symptoms are:

1. Srx not accessible through web.

2. DHCP only gives apipa addresses.

3. Can only rollback history.

As with the web accessibility the srx seems to choke inherently and this shows to be true with virtual switch. But other problems arise. Can anyone give any advice?

srx300-c xfinity model

does not have stp, mstp, etc.

15.1X49-D60.7

    MyVRSwitch {

        instance-type virtual-switch;

        access {

            address-assignment {

                neighbor-discovery-router-advertisement p4;

                pool p1 {

                    family inet {

                        network 192.168.1.0/24;

                    }

                }

                pool p2 {

                    family inet6 {

                        prefix 2001:558::0/64;

                    }

                }

                pool p3 {

                    family inet6 {

                        prefix 2601:204::0/64;

                    }

                }

                pool p4 {

                    family inet6 {

                        prefix fe80::0/64;

                    }

                }

            }

        }

        vrf-advertise-selective {

            family {

                inet-mvpn;

                inet6-mvpn;

            }

        }

        forwarding-options {

            load-balance {

                per-prefix {

                    hash-seed 24051;

                }

            }

        }

    }

}

I have had a little trouble with the routing instance of a virtual switch. The trouble is that it does something I've never seen my srx300 do. It gets stuck in dhcp apipa and is not accessible. I did not send it to rescue. I had to roll it back, which if I had chosen to do(rescue), is dangerous. But still perhaps it would be fine given a full reset. So a word to the wise. Make sure apipa is a policy before this. Does anyone actually have this working.

Can someone explain if other parts can work in this statement? It seems skimpy. My symptoms are:

1. Srx not accessible through web.

2. DHCP only gives apipa addresses.

3. Can only rollback history.

As with the web accessibility the srx seems to choke inherently and this shows to be true with virtual switch. But other problems arise. Can anyone give any advice?

srx300-c xfinity model

does not have stp, mstp, etc.

15.1X49-D60.7

    MyVRSwitch {

        instance-type virtual-switch;

        access {

            address-assignment {

                neighbor-discovery-router-advertisement p4;

                pool p1 {

                    family inet {

                        network 192.168.1.0/24;

                    }

                }

                pool p2 {

                    family inet6 {

                        prefix 2001:558::0/64;

                    }

                }

                pool p3 {

                    family inet6 {

                        prefix 2601:204::0/64;

                    }

                }

                pool p4 {

                    family inet6 {

                        prefix fe80::0/64;

                    }

                }

            }

        }

        vrf-advertise-selective {

            family {

                inet-mvpn;

                inet6-mvpn;

            }

        }

        forwarding-options {

            load-balance {

                per-prefix {

                    hash-seed 24051;

                }

            }

        }

    }

}

I still have not tried to commit this again and im essentially at the same conclusion. I want to state that I think my locale is a major factor. My engineering station is also a culprit. It is 4 and 5 hops back. So maybe others don't notice this. I'm going to see if an uncommitted try will give high cpu results.

I would like to know if anyone has this problem and how they can fix it?

I have had a little trouble with the routing instance of a virtual switch. The trouble is that it does something I've never seen my srx300 do. It gets stuck in dhcp apipa and is not accessible. I did not send it to rescue. I had to roll it back, which if I had chosen to do(rescue), is dangerous. But still perhaps it would be fine given a full reset. So a word to the wise. Make sure apipa is a policy before this. Does anyone actually have this working.

Can someone explain if other parts can work in this statement? It seems skimpy. My symptoms are:

1. Srx not accessible through web.

2. DHCP only gives apipa addresses.

3. Can only rollback history.

As with the web accessibility the srx seems to choke inherently and this shows to be true with virtual switch. But other problems arise. Can anyone give any advice?

srx300-c xfinity model

does not have stp, mstp, etc.

15.1X49-D60.7

    MyVRSwitch {

        instance-type virtual-switch;

        access {

            address-assignment {

                neighbor-discovery-router-advertisement p4;

                pool p1 {

                    family inet {

                        network 192.168.1.0/24;

                    }

                }

                pool p2 {

                    family inet6 {

                        prefix 2001:558::0/64;

                    }

                }

                pool p3 {

                    family inet6 {

                        prefix 2601:204::0/64;

                    }

                }

                pool p4 {

                    family inet6 {

                        prefix fe80::0/64;

                    }

                }

            }

        }

        vrf-advertise-selective {

            family {

                inet-mvpn;

                inet6-mvpn;

            }

        }

        forwarding-options {

            load-balance {

                per-prefix {

                    hash-seed 24051;

                }

            }

        }

    }

}

Reviving post!

I still have not tried to commit this again and im essentially at the same conclusion. I want to state that I think my locale is a major factor. My engineering station is also a culprit. It is 4 and 5 hops back. So maybe others don't notice this. I'm going to see if an uncommitted try will give high cpu results.

I would like to know if anyone has this problem and how they can fix it?

I have had a little trouble with the routing instance of a virtual switch. The trouble is that it does something I've never seen my srx300 do. It gets stuck in dhcp apipa and is not accessible. I did not send it to rescue. I had to roll it back, which if I had chosen to do(rescue), is dangerous. But still perhaps it would be fine given a full reset. So a word to the wise. Make sure apipa is a policy before this. Does anyone actually have this working.

Can someone explain if other parts can work in this statement? It seems skimpy. My symptoms are:

1. Srx not accessible through web.

2. DHCP only gives apipa addresses.

3. Can only rollback history.

As with the web accessibility the srx seems to choke inherently and this shows to be true with virtual switch. But other problems arise. Can anyone give any advice?

srx300-c xfinity model

does not have stp, mstp, etc.

15.1X49-D60.7

    MyVRSwitch {

        instance-type virtual-switch;

        access {

            address-assignment {

                neighbor-discovery-router-advertisement p4;

                pool p1 {

                    family inet {

                        network 192.168.1.0/24;

                    }

                }

                pool p2 {

                    family inet6 {

                        prefix 2001:558::0/64;

                    }

                }

                pool p3 {

                    family inet6 {

                        prefix 2601:204::0/64;

                    }

                }

                pool p4 {

                    family inet6 {

                        prefix fe80::0/64;

                    }

                }

            }

        }

        vrf-advertise-selective {

            family {

                inet-mvpn;

                inet6-mvpn;

            }

        }

        forwarding-options {

            load-balance {

                per-prefix {

                    hash-seed 24051;

                }

            }

        }

    }

}

Reviving post again!

Reviving post!

I still have not tried to commit this again and im essentially at the same conclusion. I want to state that I think my locale is a major factor. My engineering station is also a culprit. It is 4 and 5 hops back. So maybe others don't notice this. I'm going to see if an uncommitted try will give high cpu results.

I would like to know if anyone has this problem and how they can fix it?

I have had a little trouble with the routing instance of a virtual switch. The trouble is that it does something I've never seen my srx300 do. It gets stuck in dhcp apipa and is not accessible. I did not send it to rescue. I had to roll it back, which if I had chosen to do(rescue), is dangerous. But still perhaps it would be fine given a full reset. So a word to the wise. Make sure apipa is a policy before this. Does anyone actually have this working.

Can someone explain if other parts can work in this statement? It seems skimpy. My symptoms are:

1. Srx not accessible through web.

2. DHCP only gives apipa addresses.

3. Can only rollback history.

As with the web accessibility the srx seems to choke inherently and this shows to be true with virtual switch. But other problems arise. Can anyone give any advice?

srx300-c xfinity model

does not have stp, mstp, etc.

15.1X49-D60.7

    MyVRSwitch {

        instance-type virtual-switch;

        access {

            address-assignment {

                neighbor-discovery-router-advertisement p4;

                pool p1 {

                    family inet {

                        network 192.168.1.0/24;

                    }

                }

                pool p2 {

                    family inet6 {

                        prefix 2001:558::0/64;

                    }

                }

                pool p3 {

                    family inet6 {

                        prefix 2601:204::0/64;

                    }

                }

                pool p4 {

                    family inet6 {

                        prefix fe80::0/64;

                    }

                }

            }

        }

        vrf-advertise-selective {

            family {

                inet-mvpn;

                inet6-mvpn;

            }

        }

        forwarding-options {

            load-balance {

                per-prefix {

                    hash-seed 24051;

                }

            }

        }

    }

}

I think I spotted the problem: "15.1X49-D60.7"

You really need to upgrade! Troubleshooting 10 year old code isn't very useful. A USB format install is very much preferred with such old releases, otherwise you have 6-7 steps of upgrading ahead of you.

Reviving post again!

Reviving post!

I still have not tried to commit this again and im essentially at the same conclusion. I want to state that I think my locale is a major factor. My engineering station is also a culprit. It is 4 and 5 hops back. So maybe others don't notice this. I'm going to see if an uncommitted try will give high cpu results.

I would like to know if anyone has this problem and how they can fix it?

I have had a little trouble with the routing instance of a virtual switch. The trouble is that it does something I've never seen my srx300 do. It gets stuck in dhcp apipa and is not accessible. I did not send it to rescue. I had to roll it back, which if I had chosen to do(rescue), is dangerous. But still perhaps it would be fine given a full reset. So a word to the wise. Make sure apipa is a policy before this. Does anyone actually have this working.

Can someone explain if other parts can work in this statement? It seems skimpy. My symptoms are:

1. Srx not accessible through web.

2. DHCP only gives apipa addresses.

3. Can only rollback history.

As with the web accessibility the srx seems to choke inherently and this shows to be true with virtual switch. But other problems arise. Can anyone give any advice?

srx300-c xfinity model

does not have stp, mstp, etc.

15.1X49-D60.7

    MyVRSwitch {

        instance-type virtual-switch;

        access {

            address-assignment {

                neighbor-discovery-router-advertisement p4;

                pool p1 {

                    family inet {

                        network 192.168.1.0/24;

                    }

                }

                pool p2 {

                    family inet6 {

                        prefix 2001:558::0/64;

                    }

                }

                pool p3 {

                    family inet6 {

                        prefix 2601:204::0/64;

                    }

                }

                pool p4 {

                    family inet6 {

                        prefix fe80::0/64;

                    }

                }

            }

        }

        vrf-advertise-selective {

            family {

                inet-mvpn;

                inet6-mvpn;

            }

        }

        forwarding-options {

            load-balance {

                per-prefix {

                    hash-seed 24051;

                }

            }

        }

    }

}

I have had a little trouble with the routing instance of a virtual switch. The trouble is that it does something I've never seen my srx300 do. It gets stuck in dhcp apipa and is not accessible. I did not send it to rescue. I had to roll it back, which if I had chosen to do(rescue), is dangerous. But still perhaps it would be fine given a full reset. So a word to the wise. Make sure apipa is a policy before this. Does anyone actually have this working.

Can someone explain if other parts can work in this statement? It seems skimpy. My symptoms are:

1. Srx not accessible through web.

2. DHCP only gives apipa addresses.

3. Can only rollback history.

As with the web accessibility the srx seems to choke inherently and this shows to be true with virtual switch. But other problems arise. Can anyone give any advice?

srx300-c xfinity model

does not have stp, mstp, etc.

15.1X49-D60.7

    MyVRSwitch {

        instance-type virtual-switch;

        access {

            address-assignment {

                neighbor-discovery-router-advertisement p4;

                pool p1 {

                    family inet {

                        network 192.168.1.0/24;

                    }

                }

                pool p2 {

                    family inet6 {

                        prefix 2001:558::0/64;

                    }

                }

                pool p3 {

                    family inet6 {

                        prefix 2601:204::0/64;

                    }

                }

                pool p4 {

                    family inet6 {

                        prefix fe80::0/64;

                    }

                }

            }

        }

        vrf-advertise-selective {

            family {

                inet-mvpn;

                inet6-mvpn;

            }

        }

        forwarding-options {

            load-balance {

                per-prefix {

                    hash-seed 24051;

                }

            }

        }

    }

}

I'm still wondering if anyone can help me compare. I haven't this code in my srx300. Who does? Reviving post.

I have had a little trouble with the routing instance of a virtual switch. The trouble is that it does something I've never seen my srx300 do. It gets stuck in dhcp apipa and is not accessible. I did not send it to rescue. I had to roll it back, which if I had chosen to do(rescue), is dangerous. But still perhaps it would be fine given a full reset. So a word to the wise. Make sure apipa is a policy before this. Does anyone actually have this working.

Can someone explain if other parts can work in this statement? It seems skimpy. My symptoms are:

1. Srx not accessible through web.

2. DHCP only gives apipa addresses.

3. Can only rollback history.

As with the web accessibility the srx seems to choke inherently and this shows to be true with virtual switch. But other problems arise. Can anyone give any advice?

srx300-c xfinity model

does not have stp, mstp, etc.

15.1X49-D60.7

    MyVRSwitch {

        instance-type virtual-switch;

        access {

            address-assignment {

                neighbor-discovery-router-advertisement p4;

                pool p1 {

                    family inet {

                        network 192.168.1.0/24;

                    }

                }

                pool p2 {

                    family inet6 {

                        prefix 2001:558::0/64;

                    }

                }

                pool p3 {

                    family inet6 {

                        prefix 2601:204::0/64;

                    }

                }

                pool p4 {

                    family inet6 {

                        prefix fe80::0/64;

                    }

                }

            }

        }

        vrf-advertise-selective {

            family {

                inet-mvpn;

                inet6-mvpn;

            }

        }

        forwarding-options {

            load-balance {

                per-prefix {

                    hash-seed 24051;

                }

            }

        }

    }

}

Reviving post!

I'm still wondering if anyone can help me compare. I haven't this code in my srx300. Who does? Reviving post.

I have had a little trouble with the routing instance of a virtual switch. The trouble is that it does something I've never seen my srx300 do. It gets stuck in dhcp apipa and is not accessible. I did not send it to rescue. I had to roll it back, which if I had chosen to do(rescue), is dangerous. But still perhaps it would be fine given a full reset. So a word to the wise. Make sure apipa is a policy before this. Does anyone actually have this working.

Can someone explain if other parts can work in this statement? It seems skimpy. My symptoms are:

1. Srx not accessible through web.

2. DHCP only gives apipa addresses.

3. Can only rollback history.

As with the web accessibility the srx seems to choke inherently and this shows to be true with virtual switch. But other problems arise. Can anyone give any advice?

srx300-c xfinity model

does not have stp, mstp, etc.

15.1X49-D60.7

    MyVRSwitch {

        instance-type virtual-switch;

        access {

            address-assignment {

                neighbor-discovery-router-advertisement p4;

                pool p1 {

                    family inet {

                        network 192.168.1.0/24;

                    }

                }

                pool p2 {

                    family inet6 {

                        prefix 2001:558::0/64;

                    }

                }

                pool p3 {

                    family inet6 {

                        prefix 2601:204::0/64;

                    }

                }

                pool p4 {

                    family inet6 {

                        prefix fe80::0/64;

                    }

                }

            }

        }

        vrf-advertise-selective {

            family {

                inet-mvpn;

                inet6-mvpn;

            }

        }

        forwarding-options {

            load-balance {

                per-prefix {

                    hash-seed 24051;

                }

            }

        }

    }

}

I have had a little trouble with the routing instance of a virtual switch. The trouble is that it does something I've never seen my srx300 do. It gets stuck in dhcp apipa and is not accessible. I did not send it to rescue. I had to roll it back, which if I had chosen to do(rescue), is dangerous. But still perhaps it would be fine given a full reset. So a word to the wise. Make sure apipa is a policy before this. Does anyone actually have this working.

Can someone explain if other parts can work in this statement? It seems skimpy. My symptoms are:

1. Srx not accessible through web.

2. DHCP only gives apipa addresses.

3. Can only rollback history.

As with the web accessibility the srx seems to choke inherently and this shows to be true with virtual switch. But other problems arise. Can anyone give any advice?

srx300-c xfinity model

does not have stp, mstp, etc.

15.1X49-D60.7

    MyVRSwitch {

        instance-type virtual-switch;

        access {

            address-assignment {

                neighbor-discovery-router-advertisement p4;

                pool p1 {

                    family inet {

                        network 192.168.1.0/24;

                    }

                }

                pool p2 {

                    family inet6 {

                        prefix 2001:558::0/64;

                    }

                }

                pool p3 {

                    family inet6 {

                        prefix 2601:204::0/64;

                    }

                }

                pool p4 {

                    family inet6 {

                        prefix fe80::0/64;

                    }

                }

            }

        }

        vrf-advertise-selective {

            family {

                inet-mvpn;

                inet6-mvpn;

            }

        }

        forwarding-options {

            load-balance {

                per-prefix {

                    hash-seed 24051;

                }

            }

        }

    }

}

Hi

Since you have a moved interfaces to virtual switch they dissapear from your inet.0 table which would explain the APIPA addresses.

Your config is missing layer 3 configs, so you need an IRB interface for this to act as gateway.

add below

set interfaces irb unit 1 family inet address 192.168.1.1/24

then tell the switch to use the IRB

set routing-instances MyVRSwitch bridge-domains default vlan-id 1
set routing-instances MyVRSwitch bridge-domains default routing-interface irb.1

then tell the pool which router to use

set routing-instances MyVRSwitch access address-assignment pool p1 family inet dhcp-attributes router 192.168.1.1

other things to check

system services web-management

ensure irb.1 is added to security zones

I have had a little trouble with the routing instance of a virtual switch. The trouble is that it does something I've never seen my srx300 do. It gets stuck in dhcp apipa and is not accessible. I did not send it to rescue. I had to roll it back, which if I had chosen to do(rescue), is dangerous. But still perhaps it would be fine given a full reset. So a word to the wise. Make sure apipa is a policy before this. Does anyone actually have this working.

Can someone explain if other parts can work in this statement? It seems skimpy. My symptoms are:

1. Srx not accessible through web.

2. DHCP only gives apipa addresses.

3. Can only rollback history.

As with the web accessibility the srx seems to choke inherently and this shows to be true with virtual switch. But other problems arise. Can anyone give any advice?

srx300-c xfinity model

does not have stp, mstp, etc.

15.1X49-D60.7

    MyVRSwitch {

        instance-type virtual-switch;

        access {

            address-assignment {

                neighbor-discovery-router-advertisement p4;

                pool p1 {

                    family inet {

                        network 192.168.1.0/24;

                    }

                }

                pool p2 {

                    family inet6 {

                        prefix 2001:558::0/64;

                    }

                }

                pool p3 {

                    family inet6 {

                        prefix 2601:204::0/64;

                    }

                }

                pool p4 {

                    family inet6 {

                        prefix fe80::0/64;

                    }

                }

            }

        }

        vrf-advertise-selective {

            family {

                inet-mvpn;

                inet6-mvpn;

            }

        }

        forwarding-options {

            load-balance {

                per-prefix {

                    hash-seed 24051;

                }

            }

        }

    }

}