Netscreen-25 - secondary interfaces?



  • Hi all, (sorry for the newb question)

    My netscreen config shows the below for ethernet 2:

    set interface ethernet2 ip %.%.%.%/24
    set interface ethernet2 route
    set interface ethernet2 ip 172.%.%.% 255.%.%.% secondary
    set interface ethernet2 ip 192.%.%.% 255.%.%.% secondary
    set interface ethernet2 ip 192.%.%.% 255.%.%.% secondary

    The secondary interfaces no longer exist and I’m looking at removing them.  How could I go about doing that?



  • Thanks for the replies all. 
    Network
    Interfaces
    Ethernet 2
    Secondary
    It only shows one interface for ethernet 2 yet under: Config -> Update -> Config File the config file shows:
    set interface ethernet2 ip 172.%.%.% 255.%.%.% secondary
    set interface ethernet2 ip 192.%.%.% 255.%.%.% secondary
    set interface ethernet2 ip 192.%.%.% 255.%.%.% secondary
    Am I missing something here? 
    I’m basically trying to get to the bottom of why our DMZ has extreme latency. Ping times are crazy even late at night when no ones on the network - (they fluctuate constantly from 30ms to 200ms to even 2000ms).  If I connect via vpn, ping times are insane, (i was only 5k from work or about 3miles) yet if I ping internally to the dmz the ping times are insane also.(thats physically onsite also).
    I’ve run cisco network assistant against the cisco 2950 (DMZ switch) thats jacked into the secondary interface on netscreen.  Network assistant shows 30% mem usage, low processing usage, and bandwidth usage appears low on each port.  Basically I’m creating a new CSG in the DMZ and want to get to the bottom of where the latency resides.  I read somewhere it maybe vpn rules that can cause this on the netscreen firewall? (I noticed we have many redundant vpn rules and they will need an overhaul).
    I also ran ethereal against the dmz switch and there was no unecessary traffic. (the usual arp lookups etc).

    Has anyone had issues with vpn rules causing latency?  I’m at a point where I feel like I’ve checked everything physical and throughputs on the netscreen device and dmz switch and it all appears fine yet why the extreme latency?


  • Global Moderator

    Yeah, or in NSM. The point is: just remove them, no problem.



  • You can do it thru the Web as well,
    Network
    Interfaces
    Ethernet 2
    Secondary

    and remove the ip’s

    Greg


  • Global Moderator

    unset int e2 ip secondary I supose


 

25
Online

38.4k
Users

12.7k
Topics

44.5k
Posts