quick change ssg-5 lan ip address / how to access via https
I just took an SSG-5 off line.
I replaced it with a router that will have the same LAN ip so the gateway remains the same.
But, I want to keep the SSG-5 on the LAN so I can configure it.
What is a quick and easy way to change the bgroup0 ip address?
If this fails then i'd like to access via https but can't figure that one out either. It has it's own public IP.
Eventually I may want to swap it back in - with a quick and easy LAN IP change again....
I replaced it with a router that will have the same LAN ip so the gateway remains the same.
But, I want to keep the SSG-5 on the LAN so I can configure it.
What is a quick and easy way to change the bgroup0 ip address?
If this fails then i'd like to access via https but can't figure that one out either. It has it's own public IP.
Eventually I may want to swap it back in - with a quick and easy LAN IP change again....
Hello,
If you are using CLI:
set interface bgroup0 ip 10.0.0.1/24
From the WebUI:
Network > Interfaces > List > Edit (bgroup0) > Basic:
Enter the following, then click Apply:
IP Address/Netmask: 10.0.0.1/24
More details here on page 30:
http://www.juniper.net/techpubs/hardware/netscreen-systems/netscreen-systems54/HW_SSG5_540.pdf
Regards!
If you are using CLI:
set interface bgroup0 ip 10.0.0.1/24
From the WebUI:
Network > Interfaces > List > Edit (bgroup0) > Basic:
Enter the following, then click Apply:
IP Address/Netmask: 10.0.0.1/24
More details here on page 30:
http://www.juniper.net/techpubs/hardware/netscreen-systems/netscreen-systems54/HW_SSG5_540.pdf
Regards!
ASKER
When I edit the bgroup IP address I'm putting in:
10.0.1.4/30
and I get:
broup0 ip change pre-checking failed.
General: General system error
Thus my question....
I'm only using a single port for the LAN on the SSG-5. The "group" was just for convenience should I need or want to plug something into the SSG-5 LAN (which I have *never* had to do).
So, I'm wondering if NOT using a bgroup, but rather a single port, would be better?
My concern is that I'll end up changing other things as in routing or elsewhere if I make that one seemingly "little" change. So, I'd prefer to stick with bgroup0.
10.0.1.4/30
and I get:
broup0 ip change pre-checking failed.
General: General system error
Thus my question....
I'm only using a single port for the LAN on the SSG-5. The "group" was just for convenience should I need or want to plug something into the SSG-5 LAN (which I have *never* had to do).
So, I'm wondering if NOT using a bgroup, but rather a single port, would be better?
My concern is that I'll end up changing other things as in routing or elsewhere if I make that one seemingly "little" change. So, I'd prefer to stick with bgroup0.
ASKER
Currently the bgroup0 address is 10.0.1.253/24
I want 10.0.1.4/32 but that isn't accepted either.
I released all the ports from the broup0 except one of them. Still the same.
I tried assigning an IP address to a single port that's not in the group in the Trust zone,
Get:
ethernet0/3 ip change pre-checking failed.
Interface: Illegal overlapping subnet.
In order to not have subnet overlap, tried changing subnet for bgroup0 to 10.0.1.253/25
Still get:
broup0 ip change pre-checking failed.
General: General system error
I want 10.0.1.4/32 but that isn't accepted either.
I released all the ports from the broup0 except one of them. Still the same.
I tried assigning an IP address to a single port that's not in the group in the Trust zone,
Get:
ethernet0/3 ip change pre-checking failed.
Interface: Illegal overlapping subnet.
In order to not have subnet overlap, tried changing subnet for bgroup0 to 10.0.1.253/25
Still get:
broup0 ip change pre-checking failed.
General: General system error
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
10.0.1.4/30 is not legal host address. It is a network address.
For start try to change IP address to:
set interface bgroup0 ip 10.0.1.4/24
I understand your point here. But even with /24 I get:
broup0 ip change pre-checking failed.
General: General system error
Did you try to remove NAT before setting new IP?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The problem was that the syslog interface was assigned the bgroup0 ip address I was trying to change. Removing that syslog entry solved the problem and I was able to change the ip address.
What an unfortunate design! The tail seems to wag the dog in this case.
What an unfortunate design! The tail seems to wag the dog in this case.
if you have access to the WAN, make sure your public IP is in the list of permitted management IPs then login to the webui using the WAN ip address and change the LAN ip. this will not require a reboot.
Hope that helps :)