192.168.1.1/24 is not within the subnet of any address on this interface

I have got a very strange error as below when I tried to configure web authentication on my SRX junos 11.1R4.4

[edit system services]
root@fw1# commit
[edit interfaces vlan unit 10 family]
  'inet'
    Web-authentication address 192.168.1.1/24 is not within the subnet of any address on this interface
error: configuration check-out failed

I didn’t actually recall having this error on my 10.4 version but I may be wrong. However 192.168.1.1 address was the only address configured under interface stanza.

[edit interfaces vlan unit 10]
root@fw1# show
family inet {
    address 192.168.1.1/24 {
        web-authentication http;
    }
}

Then after a few minutes the penny dropped. Perhaps it isn’t allowed to set one interface for traffic and web authentication purposes and I tried using a separate ip address than the primary one and bingo! it worked.

[edit interfaces vlan unit 10 family inet]
root@fw1# show
address 192.168.1.1/24;
address 192.168.1.2/24 {
    web-authentication http;
}

About: rtoodtoo

Genco has worked for more than 10 years as a Network/Support Engineer. He is also interested in Python, Linux, Security and SD-WAN, currently lives in the Netherlands and works as a Network Support Engineer at Tesla Inc. // JNCIE-SEC #223 / RHCE / PCNSE


You have a feedback?

This site uses Akismet to reduce spam. Learn how your comment data is processed.