Loss of Management Access from Misconfigured aux Interface
6219
Created On 04/29/19 02:03 AM - Last Modified 06/19/24 05:40 AM
Symptom
Management access on the MGT interface is lost if the aux-1/2 interface is configured with the same IP as MGT. The firewall is misconfigured to have the same IP address on MGT and aux interface. See below for an example:
# set deviceconfig system ip-address 10.193.80.163 # set deviceconfig system netmask 255.255.254.0 # set deviceconfig system default-gateway 10.193.80.1 # set deviceconfig system aux-1 netmask 255.255.254.0 # set deviceconfig system aux-1 default-gateway 10.193.80.1 # set deviceconfig system aux-1 ip-address 10.193.80.163 # commit
Although the commit is completed, the SSH connection breaks:
Commit job 95 is in progress. Use Ctrl+C to return to command prompt ...75%packet_write_wait: Connection to 10.193.80.163 port 22: Broken pipe
Environment
Firewall configured with aux interface IP address same as MGT interface
Cause
The aux interfaces are not intended to participate in regular network communication, but they are part of the control plane. If IPs are assigned to them, they should be unique and preferably outside of local IP scope. Assigning them to the same IP as the management interface will cause a conflict.
Resolution
This is considered a misconfiguration and is expected that MGT and aux interfaces are configured to have different IP addresses.
Configure the MGT and aux to have different IP addresses.