192.168.1.1/24 is not within the subnet of any address on this interface

I have got a very strange error as below when I tried to configure web authentication on my SRX junos 11.1R4.4

[edit system services]
root@fw1# commit
[edit interfaces vlan unit 10 family]
  'inet'
    Web-authentication address 192.168.1.1/24 is not within the subnet of any address on this interface
error: configuration check-out failed

I didn’t actually recall having this error on my 10.4 version but I may be wrong. However 192.168.1.1 address was the only address configured under interface stanza.

[edit interfaces vlan unit 10]
root@fw1# show
family inet {
    address 192.168.1.1/24 {
        web-authentication http;
    }
}

Then after a few minutes the penny dropped. Perhaps it isn’t allowed to set one interface for traffic and web authentication purposes and I tried using a separate ip address than the primary one and bingo! it worked.

[edit interfaces vlan unit 10 family inet]
root@fw1# show
address 192.168.1.1/24;
address 192.168.1.2/24 {
    web-authentication http;
}

About: rtoodtoo

Worked for more than 10 years as a Network/Support Engineer and also interested in Python, Linux, Security and SD-WAN // JNCIE-SEC #223 / RHCE / PCNSE


You have a feedback?

Discover more from RtoDto.net

Subscribe now to keep reading and get access to the full archive.

Continue reading