?
Solved

quick change ssg-5 lan ip address / how to access via https

Posted on 2012-08-17
9
Medium Priority
?
2,430 Views
Last Modified: 2012-08-25
I just took an SSG-5 off line.
I replaced it with a router that will have the same LAN ip so the gateway remains the same.

But, I want to keep the SSG-5 on the LAN so I can configure it.

What is a quick and easy way to change the bgroup0 ip address?

If this fails then i'd like to access via https but can't figure that one out either.  It has it's own public IP.

Eventually I may want to swap it back in - with a quick and easy LAN IP change again....
0
Comment
Question by:Fred Marshall
  • 5
  • 3
9 Comments
 
LVL 18

Expert Comment

by:Sanga Collins
ID: 38308428
the best way to do this, especially if the LAN is your only way to access the ssg, is to donwload the config to text file. Modify the file, then upload the config back to the ssg choosing the 'replace' option instead of the 'merge' option. The ssg will take the config, save it to memory, then reboot to apply the changes.

if you have access to the WAN, make sure your public IP is in the list of permitted management IPs then login to the webui using the WAN ip address and change the LAN ip. this will not require a reboot.

Hope that helps :)
0
 
LVL 12

Expert Comment

by:Fidelius
ID: 38308438
Hello,

If you are using CLI:
set interface bgroup0 ip 10.0.0.1/24

From the WebUI:
Network > Interfaces > List > Edit (bgroup0) > Basic:
Enter the following, then click Apply:
IP Address/Netmask: 10.0.0.1/24

More details here on page 30:
http://www.juniper.net/techpubs/hardware/netscreen-systems/netscreen-systems54/HW_SSG5_540.pdf

Regards!
0
 
LVL 26

Author Comment

by:Fred Marshall
ID: 38309735
When I edit the bgroup IP address I'm putting in:
10.0.1.4/30
and I get:
broup0 ip change pre-checking failed.
General: General system error

Thus my question....

I'm only using a single port for the LAN on the SSG-5.  The "group" was just for convenience should I need or want to plug something into the SSG-5 LAN (which I have *never* had to do).
So, I'm wondering if NOT using a bgroup, but rather a single port, would be better?

My concern is that I'll end up changing other things as in routing or elsewhere if I make that one seemingly "little" change.  So, I'd prefer to stick with bgroup0.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 26

Author Comment

by:Fred Marshall
ID: 38309747
Currently the bgroup0 address is 10.0.1.253/24
I want 10.0.1.4/32 but that isn't accepted either.  

I released all the ports from the broup0 except one of them.  Still the same.
I tried assigning an IP address to a single port that's not in the group in the Trust zone,
Get:
ethernet0/3 ip change pre-checking failed.
Interface: Illegal overlapping subnet.

In order to not have subnet overlap, tried changing subnet for bgroup0 to 10.0.1.253/25
Still get:
broup0 ip change pre-checking failed.
General: General system error
0
 
LVL 12

Assisted Solution

by:Fidelius
Fidelius earned 2000 total points
ID: 38309770
Hello,

There should be no difference if you are using bgroup0 for one or 4 ports.
bgroup0 is just logically grouping of ports.

OK. So you are changing IP address and mask, not just IP address.

10.0.1.4/30 is not legal host address. It is a network address.
For start try to change IP address to:
set interface bgroup0 ip 10.0.1.4/24

One thing that crosses my mind is, if you are using NAT maybe you should remove NAT from bgroup0 first:
unset interface bgroup0 nat
set interface bgroup0 ip 10.0.1.253/25
set interface bgroup0 nat
0
 
LVL 26

Author Comment

by:Fred Marshall
ID: 38311773
10.0.1.4/30 is not legal host address. It is a network address.
For start try to change IP address to:
set interface bgroup0 ip 10.0.1.4/24

I understand your point here. But even with /24 I get:
broup0 ip change pre-checking failed.
General: General system error
0
 
LVL 12

Expert Comment

by:Fidelius
ID: 38311806
Did you try to remove NAT before setting new IP?
0
 
LVL 26

Accepted Solution

by:
Fred Marshall earned 0 total points
ID: 38311877
I switched the Interface Mode from NAT to Route and then tried to change the bgroup IP address but that didn't work either.

So, I tried the CLI as you suggested.  It also didn't work.
Then I tried
unset interface bgroup0 ip

This errored out telling me that bgroup0 ip was the syslog src-interface.
So, I removed the syslog entry and now setting the ip works.
Thanks
0
 
LVL 26

Author Closing Comment

by:Fred Marshall
ID: 38332084
The problem was that the syslog interface was assigned the bgroup0 ip address I was trying to change.  Removing that syslog entry solved the problem and I was able to change the ip address.

What an unfortunate design!  The tail seems to wag the dog in this case.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
Integration Management Part 2
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month17 days, 10 hours left to enroll

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question