set chassis cluster control-link-vlan enable
Explanation:
[SRX] How to enable or disable VLAN tagging on the chassis cluster control port



SUMMARY:

This article provides information on how to enable and disable VLAN tagging on the chassis cluster control port.

PROBLEM OR GOAL:

  • One Node is upgraded from a version that is prior to or from Junos OS 10.2R2 to 10.4 or later.


By default, the VLAN tag on the control port will be in the enabled state.


The node on which RE has been replaced was downgraded/upgraded from a version after Junos OS 10.2R2 to the same version as the other node and does not join the cluster and goes into split brain; that is, the nodes do not see each other.


Sample Output on NODE-0:

{primary:node0}
[email protected]> show chassis cluster information detail
node0:
--------------------------------------------------------------------------
Redundancy mode:
Configured mode: active-active
Operational mode: active-active

Redundancy group: 0, Threshold: 255, Monitoring failures: none
Events:
Aug 5 16:51:18.773 : hold->secondary, reason: Hold timer expired
Aug 5 16:51:34.789 : secondary->primary, reason: Only node present
Control link statistics:
Control link 0:
Heartbeat packets sent: 63115
Heartbeat packets received: 0
Heartbeat packet errors: 0
Duplicate heartbeat packets received: 0
Control recovery packet count: 0
Sequence number of last heartbeat packet sent: 63114
Sequence number of last heartbeat packet received: 0
Fabric link statistics:
Probes sent: 63114
Probes received: 0
Probe errors: 0
Probes not processed: 0
Probes dropped due to control link down: 0
Probes dropped due to fabric link down: 0
Sequence number of last probe sent: 63114
Sequence number of last probe received: 0
Chassis cluster LED information:
Current LED color: Red
Last LED change reason: Peer node: node1 is not present
Control port tagging:
Enabled



{primary:node0}
root> show chassis cluster status
Cluster ID: 1
Node Priority Status Preempt Manual failover
Redundancy group: 0,Failover count: 1
node0 1 primary no no
node1 0 lost n/a n/a

Sample Output on NODE-1:

{primary:node1}
root> show chassis cluster information detail
node1:
--------------------------------------------------------------------------
Redundancy mode:
Configured mode: active-active
Operational mode: active-active

Redundancy group: 0, Threshold: 255, Monitoring failures: none
Events:
Aug 5 16:50:52.904 : hold->secondary, reason: Hold timer expired
Aug 5 16:56:38.711 : secondary->primary, reason: Remote yield (1/0)
Control link statistics:
Control link 0:
Heartbeat packets sent: 64212
Heartbeat packets received: 337
Heartbeat packet errors: 0
Duplicate heartbeat packets received: 0
Control recovery packet count: 0
Sequence number of last heartbeat packet sent: 64210
Sequence number of last heartbeat packet received: 361
Fabric link statistics:
Probes sent: 64210
Probes received: 0
Probe errors: 0
Probes not processed: 0
Probes dropped due to control link down: 0
Probes dropped due to fabric link down: 0
Sequence number of last probe sent: 64210
Sequence number of last probe received: 0
Chassis cluster LED information:
Current LED color: Red
Last LED change reason: Peer node: node0 is not present
Control port tagging:
Disabled


{primary:node1}
root> show chassis cluster status
Cluster ID: 1
Node Priority Status Preempt Manual failover

Redundancy group: 0 , Failover count: 1
node0 0 lost n/a n/a
node1 1 primary no no



CAUSE:

One device is sending a tagged heartbeat and the other is sending a untagged heartbeat, as VLAN tagging is enabled on one node and disabled on the other node.

SOLUTION:

Prior to Junos OS 10.2R3, in the chassis cluster, VLAN tagging was enabled by default on the control port. From Junos OS 10.2R3 onwards, by default VLAN tagging is not enabled on the control port.
To check the control port tagging status, execute the show chassis cluster information detail command and look for Control port tagging:
[email protected]> show chassis cluster information detail
.
Control port tagging:
Disabled
On one node, it is enabled and on the other node, it is disabled.
It is also possible to check by taking the packet capture of the control port from both of the nodes. In one node,  the packet will be tagged with vlan-id 4096 and the other packet will not have any tagging. VLAN tagging on the control port can be enabled or disabled by using the following command:
[email protected]> set chassis cluster control-link-vlan enable/disable
Notecontrol-link-vlan is a hidden command on the SRX platform. Users must manually configure this command.

As VLAN tagging is disabled on the control port in versions that are later than Junos OS 10.2R2, it is recommended to disable tagging on both of the nodes.

PURPOSE:

Configuration
Implementation
Installation
Troubleshooting

RELATED LINKS: