I work in in a cisco propriety shop. We got a demo Juniper EX4200 switch and I was tasked to upgrade the ios.
Right now the switch has a very old IOS 10.3R1.9 the ios I downloaded is 12.3
i did a tftp to the /var/tmp folder and then ran the request system software add command.
This is the error I got " truncated or corrupted package"
Am I missing something? I suspect that the file might be corrupt or that this is too many itterations ahead.
Any suggestions would be awesome thanks.
Could anyone explains to me why there is only 1 VC up (which is VLAN 193)? and what is required to make both the VCs up and functional?
instance-type l2vpn;
interface ge-0/0/1.192;
interface ge-0/0/1.193;
route-distinguisher 10.10.10.10:10;
vrf-target {
import target:20:20;
export target:20:20;
}
protocols {
l2vpn {
encapsulation-type ethernet-vlan;
site CE1 {
site-identifier 1;
interface ge-0/0/1.193;
interface ge-0/0/1.192;
}
}
}
bgp.l2vpn.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
20.20.20.20:20:2:1/96 (1 entry, 0 announced)
*BGP Preference: 170/-101
Route Distinguisher: 20.20.20.20:20
Next hop type: Indirect
Address: 0x2790e04
Next-hop reference count: 8
Source: 20.20.20.20
Protocol next hop: 20.20.20.20
Indirect next hop: 0x2 no-forward INH Session ID: 0x0
State: <Active Int Ext>
Peer AS: 100
Age: 1d 4:57:28 Metric2: 1
Validation State: unverified
Task: BGP_100_100.20.20.20.20+64637
AS path: I
Communities: target:20:20 Layer2-info: encaps: VLAN, control flags:[0x2] Control-Word, mtu: 0, site preference: 100
Import Accepted
Label-base: 800012, range: 2, status-vector: 0x0
Localpref: 100
Router ID: 20.20.20.20
Secondary Tables: l2vpn.l2vpn.0
20.20.20.20:20:2:3/96 (1 entry, 0 announced)
*BGP Preference: 170/-101
Route Distinguisher: 20.20.20.20:20
Next hop type: Indirect
Address: 0x2790e04
Next-hop reference count: 8
Source: 20.20.20.20
Protocol next hop: 20.20.20.20
Indirect next hop: 0x2 no-forward INH Session ID: 0x0
State: <Active Int Ext>
Peer AS: 100
Age: 1d 0:18:40 Metric2: 1
Validation State: unverified
Task: BGP_100_100.20.20.20.20+64637
AS path: I
Communities: target:20:20 Layer2-info: encaps: VLAN, control flags:[0x2] Control-Word, mtu: 0, site preference: 100
Import Accepted
Label-base: 800018, range: 2, status-vector: 0x0
Localpref: 100
Router ID: 20.20.20.20
Secondary Tables: l2vpn.l2vpn.0
Instance: l2vpn
Local site: CE1 (1)
Number of local interfaces: 2
Number of local interfaces up: 2
ge-0/0/1.193 2
ge-0/0/1.192 3
Interface flags: VC-Down
Label-base Offset Size Range Preference
800008 1 2 2 100
status-vector: 0
Label-base Offset Size Range Preference
800010 3 2 1 100
status-vector: 0
connection-site Type St Time last up # Up trans
2 rmt Up Jun 3 14:47:23 2010 1
Remote PE: 20.20.20.20, Negotiated control-word: Yes (Null)
Incoming label: 800009, Outgoing label: 800012
Local interface: ge-0/0/1.193, Status: Up, Encapsulation: VLAN
Connection History:
Jun 3 14:47:23 2010 status update timer
Jun 3 14:47:23 2010 PE route changed
Jun 3 14:47:23 2010 Out lbl Update 800012
Jun 3 14:47:23 2010 In lbl Update 800009
Jun 3 14:47:23 2010 loc intf up ge-0/0/1.193
----
PE2:
root@MX-104-5
e2> show configuration routing-instances l2vpn
instance-type l2vpn;
interface ge-0/0/0.192;
interface ge-0/0/0.193;
route-distinguisher 20.20.20.20:20;
vrf-target {
import target:20:20;
export target:20:20;
}
protocols {
l2vpn {
encapsulation-type ethernet-vlan;
site CE2 {
site-identifier 2;
interface ge-0/0/0.193;
interface ge-0/0/0.192;
}
}
}
root@MX-104-5e2> show route table bgp.l2vpn.0 detail
bgp.l2vpn.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
10.10.10.10:10:1:1/96 (1 entry, 0 announced)
*BGP Preference: 170/-101
Route Distinguisher: 10.10.10.10:10
Next hop type: Indirect
Address: 0x27915bc
Next-hop reference count: 8
Source: 10.10.10.10
Protocol next hop: 10.10.10.10
Indirect next hop: 0x2 no-forward INH Session ID: 0x0
State: <Active Int Ext>
Peer AS: 100
Age: 1d 5:01:30 Metric2: 1
Validation State: unverified
Task: BGP_100_100.10.10.10.10+179
AS path: I
Communities: target:20:20 Layer2-info: encaps: VLAN, control flags:[0x2] Control-Word, mtu: 0, site preference: 100
Import Accepted
Label-base: 800008, range: 2, status-vector: 0x0
Localpref: 100
Router ID: 10.10.10.10
Secondary Tables: l2vpn.l2vpn.0
10.10.10.10:10:1:3/96 (1 entry, 0 announced)
*BGP Preference: 170/-101
Route Distinguisher: 10.10.10.10:10
Next hop type: Indirect
Address: 0x27915bc
Next-hop reference count: 8
Source: 10.10.10.10
Protocol next hop: 10.10.10.10
Indirect next hop: 0x2 no-forward INH Session ID: 0x0
State: <Active Int Ext>
Peer AS: 100
Age: 1d 4:53:32 Metric2: 1
Validation State: unverified
Task: BGP_100_100.10.10.10.10+179
AS path: I
Communities: target:20:20 Layer2-info: encaps: VLAN, control flags:[0x2] Control-Word, mtu: 0, site preference: 100
Import Accepted
Label-base: 800010, range: 2, status-vector: 0x0
Localpref: 100
Router ID: 10.10.10.10
Secondary Tables: l2vpn.l2vpn.0
Instance: l2vpn
Local site: CE2 (2)
Number of local interfaces: 2
Number of local interfaces up: 2
ge-0/0/0.193 1
ge-0/0/0.192 3
Interface flags: VC-Down
Label-base Offset Size Range Preference
800012 1 2 1 100
status-vector: 0
Label-base Offset Size Range Preference
800018 3 2 1 100
status-vector: 0
connection-site Type St Time last up # Up trans
1 rmt Up Jun 3 14:47:23 2010 1
Remote PE: 10.10.10.10, Negotiated control-word: Yes (Null)
Incoming label: 800012, Outgoing label: 800009
Local interface: ge-0/0/0.193, Status: Up, Encapsulation: VLAN
Connection History:
Jun 3 14:47:23 2010 status update timer
Jun 3 14:47:23 2010 PE route changed
Jun 3 14:47:23 2010 Out lbl Update 800009
Jun 3 14:47:23 2010 In lbl Update 800012
Jun 3 14:47:23 2010 loc intf up ge-0/0/0.193
Hello,
I have problem with configuring out-of-band interface. First of all I`ve never worked with any of Juniper producst before. Also I enherited this infrastructure after previous employees so it was already set-up and configured. Therefore I ask you for patience but I can learn fast 
first of all, we use 3 basic VLANs
VLAN 1 - 192.168.200.0/24 (Native vlan)
VLAN 20 - 172.16.20.0/24 (PC vlan)
VLAN 221 - 192.168.221.0/24 (MGMT vlan)
I had made this cabling set-up -->
Cisco:
interface FastEthernet0/5
description SROSPC-JUNTEST
switchport access vlan 20
switchport mode access
interface FastEthernet0/14
description MGMT MDXKESW06
switchport access vlan 221
switchport mode access
till now we used IP address 172.16.20.254 for managing this switch (cable to MGMT port was not connected). SSH and HTTPS was working but we have dedicated MGMT Vlan so I want to use IP from MGMT subnet.
I went to webinterface on EX 3300. I found TAB management access, changed it and commited it. But then HTTPS access stopped working, right now I can use CLI but still only via 172.16.20.254
I would like to de-configure 192.168.200.254 and 172.16.20.254 from the switch and use only 192.168.221.16 on MGMT interface for managing this switch.
actual configuration on EX 3300 -->
me0 {
unit 0 {
family inet;
}
}
vlan {
unit 0 {
family inet {
address 172.16.20.254/24;
}
}
unit 1 {
family inet {
address 192.168.200.254/24;
}
}
}
vme {
unit 0 {
family inet {
address 192.168.221.16/24;
}
}
}
}
root@MDXKESW06# run show interfaces terse | match me
bme0 up up
bme0.32768 up up inet 128.0.0.1/2
me0 up up
me0.0 up up inet
pime up up
vme up down
vme.0 up down inet 192.168.221.16/24
below is detailed interface configuration...
root@MDXKESW06# run show interfaces me0 detail
Physical interface: me0, Enabled, Physical link is Up
Interface index: 1, SNMP ifIndex: 33, Generation: 1
Type: Ethernet, Link-level type: Ethernet, MTU: 1514, Clocking: Unspecified, Speed: 100mbps
Device flags : Present Running
Interface flags: SNMP-Traps
Link type : Full-Duplex
Physical info : Unspecified
Hold-times : Up 0 ms, Down 0 ms
Current address: 0c:86:10:5a:14:3f, Hardware address: 0c:86:10:5a:14:3f
Alternate link address: Unspecified
Last flapped : 2016-07-27 11:02:38 CEST (06:23:48 ago)
Statistics last cleared: Never
Traffic statistics:
Input bytes : 4023164
Output bytes : 0
Input packets: 47508
Output packets: 830
IPv6 transit statistics:
Input bytes : 0
Output bytes : 0
Input packets: 0
Output packets: 0
Logical interface me0.0 (Index 3) (SNMP ifIndex 34) (HW Token 4294967295) (Generation 1)
Flags: Up SNMP-Traps Encapsulation: ENET2
Bandwidth: 0
Traffic statistics:
Input bytes : 4023164
Output bytes : 211650
Input packets: 47508
Output packets: 830
Local statistics:
Input bytes : 4023164
Output bytes : 211650
Input packets: 47508
Output packets: 830
Protocol inet, MTU: 1500, Generation: 141, Route table: 0
Flags: Is-Primary
root@MDXKESW06# run show interfaces me0.0 detail
Logical interface me0.0 (Index 3) (SNMP ifIndex 34) (HW Token 4294967295) (Generation 1)
Flags: Up SNMP-Traps Encapsulation: ENET2
Bandwidth: 0
Traffic statistics:
Input bytes : 4023662
Output bytes : 212160
Input packets: 47511
Output packets: 832
Local statistics:
Input bytes : 4023662
Output bytes : 212160
Input packets: 47511
Output packets: 832
Protocol inet, MTU: 1500, Generation: 141, Route table: 0
Flags: Is-Primary
root@MDXKESW06# run show interfaces vme detail
Physical interface: vme, Enabled, Physical link is Down
Interface index: 66, SNMP ifIndex: 35, Generation: 4
Type: Mgmt-VLAN, Link-level type: Mgmt-VLAN, MTU: 1518, Clocking: Unspecified, Speed: 1000mbps
Device flags : Present Running
Interface flags: Hardware-Down SNMP-Traps
Link type : Full-Duplex
Link flags : None
Physical info : Unspecified
Hold-times : Up 0 ms, Down 0 ms
Current address: 0c:86:10:5a:14:02, Hardware address: 0c:86:10:5a:14:02
Alternate link address: Unspecified
Last flapped : Never
Statistics last cleared: Never
Traffic statistics:
Input bytes : 0
Output bytes : 0
Input packets: 0
Output packets: 0
IPv6 transit statistics:
Input bytes : 0
Output bytes : 0
Input packets: 0
Output packets: 0
Logical interface vme.0 (Index 5) (SNMP ifIndex 36) (HW Token 65535) (Generation 3)
Flags: Link-Layer-Down Device-Down SNMP-Traps Encapsulation: ENET2
Traffic statistics:
Input bytes : 0
Output bytes : 0
Input packets: 0
Output packets: 0
Local statistics:
Input bytes : 0
Output bytes : 0
Input packets: 0
Output packets: 0
Protocol inet, MTU: 1500, Generation: 206, Route table: 0
Flags: None
Addresses, Flags: Dest-route-down Is-Preferred Is-Primary
Destination: 192.168.221/24, Local: 192.168.221.16, Broadcast: 192.168.221.255, Generation: 5
I am totally lame and lost with Juniper technologies, please help Thanks
Hi,
I have a switch that stucks in this status:
can't load '/kernel'
can't load '/kernel.old'
Press Enter to stop auto bootsequencing and to enter loader prompt.
So, I have tried the following options:
1-Load from USB - DOESN'T WORK. It gives me error 22
2-Load from TFTP - DOESN'T WORK. It gives me error 60
3-Load snapshot from USB - DOESN'T work. It gives error "can't load '/kernel'
Before that I throw away this pice fo steal, is there ayone that can suggest me how fix this problem?
Adding a new member to a Juniper stack.
Hi
I have setup an IP fabric with EVPN control plane using VXLAN in the data plane. I have multiple DC's and so far this is working well. All of my end devices are bare metal or vlan based hypervisors ESXi etc.
My current L3 interfaces are not VXLAN aware.
I now have the requirement for NSX, I see that I need to configure OVSDB support on the qfx5100s to point to the NSX controller.
If the MAC learning control plane passes to the NSX controller, is this then superceding EVPN? Or is it setup in addition too.
Cant find any decent information regarding this type of setup.
Questions:
many thanks
Hi community,
we have a VC built-up by x4 Juniper 5100. Mos of the traffic crossing this platform is video mcast traffic and we suspect of mcast traffic lost. Client servers are connected via 10G ports but we also have a probe system connected on a 1Gb port. For this interface we are suffering some lost of traffic on the end system, and while checking the interface counters i saw that around a 0,6% of the mcast is being dropped:
Queue counters: Queued packets Transmitted packets Dropped packets
8 0 3071553518 19857689
Queue number: Mapped forwarding classes
0 best-effort
3 fcoe
4 no-loss
7 network-control
8 mcast
coS information:
Direction : Output
CoS transmit queue Bandwidth Buffer Priority Limit
8 mcast 20% 2000000000 20% 0 low none
As mcast traffic seems to use up to a 40% of the total BW, i wonder if this can be changed or not as this interface is mostly dideciated for cast traffic. i tried to assigned a different FC but not been succesful. )
any help on this is appreciated.
Thanks
Gab
Hi
I am facing one issue in EX 4200 stack of 3 switches. One is master other is backup and lastone is line card.
Presently Line card showing "not present" when issue show virtual-chassis command.
Chassis was working since last 7 months without any issues. No modification and no cable changes are made.
Powe is also upin entire chassis.
Please let me know the possible cause of solution.
Thanks'
Amit
Hello,
I have an EX2200 (12.3R6.6), and I'm trying to create a firewall filter that will restrict inbound and outbound traffic for ge-0/0/5 to specific source/destination addresses. This is for an old NAS that holds replicated backups, and it does not have built-in functionality for access control lists.
I tried following the procedure listed here: http://www.juniper.net/documentation/en_US/junos12.3/topics/task/configuration/firewall-filter-ex-series-cli.html
I created a firewall filter for the ethernet-switching family, and I added one term to accept traffic from a single IP address:
{master:0}[edit firewall family ethernet-switching]
user@SWITCH# show
filter NAS-Inbound {
term NAS-Inbound-Allow {
from {
source-address {
192.168.1.66/32;
}
}
}
}
Then I applied the firewall filter to the input of ge-0/0/5:
{master:0}[edit interfaces ge-0/0/5 unit 0 family ethernet-switching]
user@SWITCH# show
port-mode access;
vlan {
members VLAN2;
}
filter {
input NAS-Inbound;
}
After I commit the change, I cannot ping the NAS from anywhere on our network, even from the IP address that the rule should allow. That IP address is on the same VLAN as the NAS. If I remove that filter from ge-0/0/5, I can ping the NAS. I tried specifying "set then accept" to the NAS-Inbound-Allow term, and then I applied the filter to ge-0/0/5 again, but then I still can't ping the NAS. When the filter is applied, the NAS becomes unreachable.
I want the filter to apply only to ge-0/0/5 instead of VLAN2, if possible. What am I doing incorrectly?
Thank you.
I am in the process of attempting migrate from a bootp helper to a DHCP forwarder as I am trying to get DHCP6 working on my network. I have the vlan interfaces configured, the router-advertising configured and I thought I had the forwarding-options set. but alas I am at a loss. I have smashed my head into my desk for 2 days on this and finaly decided I should ask for some help.. Below is the relevant configurations as I have them.
I realize I only have the old helper deactivated currently, however I have tried deleting it also with 0 positive results.
I thank you in advance for any and all input.
show interfaces vlan
notanadmin@SW-VC-01# show interfaces vlan |no-more
unit 0 {
family inet {
address 10.1.1.254/23;
}
family inet6 {
address ABCD:DCBA::BADC:0031::1/64;
}
}
unit 2 {
family inet {
address 172.16.2.254/24;
}
family inet6 {
address ABCD:DCBA::BADC:0032::1/64;
}
}
unit 75 {
family inet {
address 172.16.75.254/24;
}
family inet6 {
address ABCD:DCBA::BADC:0033::1/64;
}
}
unit 401 {
family inet {
address 10.1.4.1/27;
}
family inet6 {
address ABCD:DCBA::BADC:0020::1/64;
}
}
unit 402 {
family inet {
address 10.1.4.33/27;
}
family inet6 {
address ABCD:DCBA::BADC:0021::1/64;
}
}
unit 501 {
family inet {
address 10.1.5.1/24;
}
family inet6 {
address ABCD:DCBA::BADC:0022::1/64;
}
}
unit 601 {
family inet {
address 10.1.6.1/28;
}
family inet6 {
address ABCD:DCBA::BADC:0023::1/64;
}
}
unit 602 {
family inet {
address 10.1.6.17/28;
}
family inet6 {
address ABCD:DCBA::BADC:0024::1/64;
}
}
unit 603 {
family inet {
address 10.1.6.33/28;
}
family inet6 {
address ABCD:DCBA::BADC:0025::1/64;
}
}
unit 604 {
family inet {
address 10.1.6.49/28;
}
family inet6 {
address ABCD:DCBA::BADC:0026::1/64;
}
}
unit 605 {
family inet {
address 10.1.6.65/26;
}
family inet6 {
address ABCD:DCBA::BADC:0027::1/64;
}
}
unit 606 {
family inet {
address 10.1.6.129/27;
}
family inet6 {
address ABCD:DCBA::BADC:0028::1/64;
}
}
unit 607 {
family inet {
address 10.1.6.161/27;
}
family inet6 {
address ABCD:DCBA::BADC:0029::1/64;
}
}
unit 608 {
family inet {
address 10.1.6.193/27;
}
family inet6 {
address ABCD:DCBA::BADC:002a::1/64;
}
}
unit 609 {
family inet {
address 10.1.6.225/27;
}
family inet6 {
address ABCD:DCBA::BADC:002b::1/64;
}
}
unit 701 {
family inet {
address 10.1.7.1/27;
}
family inet6 {
address ABCD:DCBA::BADC:003f::1/64;
}
}
unit 702 {
family inet {
address 10.1.7.33/27;
}
family inet6 {
address ABCD:DCBA::BADC:002c::1/64;
}
}
unit 703 {
family inet {
address 10.1.7.65/27;
}
family inet6 {
address ABCD:DCBA::BADC:002d::1/64;
}
}
unit 704 {
family inet {
address 10.1.7.97/27;
}
family inet6 {
address ABCD:DCBA::BADC:002e::1/64;
}
}
unit 705 {
family inet {
address 10.1.7.129/27;
}
family inet6 {
address ABCD:DCBA::BADC:002f::1/64;
}
}
unit 706 {
family inet {
address 10.1.7.161/27;
}
family inet6 {
address ABCD:DCBA::BADC:0030::1/64;
}
}
unit 4000 {
family inet;
}
show protocols router-advertisement
notanadmin@SW-VC-01# show protocols router-advertisement |no-more
interface vlan.0 {
prefix ABCD:DCBA::BADC:0031::1/64;
}
interface vlan.401 {
prefix ABCD:DCBA::BADC:0021::1/64;
}
interface vlan.402 {
prefix ABCD:DCBA::BADC:0020::1/64;
}
interface vlan.501 {
prefix ABCD:DCBA::BADC:0022::1/64;
}
interface vlan.601 {
prefix ABCD:DCBA::BADC:0023::1/64;
}
interface vlan.602 {
prefix ABCD:DCBA::BADC:0024::1/64;
}
interface vlan.603 {
prefix ABCD:DCBA::BADC:0025::1/64;
}
interface vlan.604 {
prefix ABCD:DCBA::BADC:0026::1/64;
}
interface vlan.605 {
prefix ABCD:DCBA::BADC:0027::1/64;
}
interface vlan.606 {
prefix ABCD:DCBA::BADC:0028::1/64;
}
interface vlan.607 {
prefix ABCD:DCBA::BADC:0029::1/64;
}
interface vlan.608 {
prefix ABCD:DCBA::BADC:002a::1/64;
}
interface vlan.609 {
prefix ABCD:DCBA::BADC:002b::1/64;
}
interface vlan.701 {
prefix ABCD:DCBA::BADC:003f::1/64;
}
interface vlan.702 {
prefix ABCD:DCBA::BADC:002c::1/64;
}
interface vlan.703 {
prefix ABCD:DCBA::BADC:002d::1/64;
}
interface vlan.704 {
prefix ABCD:DCBA::BADC:002e::1/64;
}
interface vlan.705 {
prefix ABCD:DCBA::BADC:002f::1/64;
}
interface vlan.706 {
prefix ABCD:DCBA::BADC:0030::1/64;
}
interface vlan.2 {
prefix ABCD:DCBA::BADC:0032::1/64;
}
interface vlan.75 {
prefix ABCD:DCBA::BADC:0033::1/64;
}
show forwarding-options
notanadmin@SW-VC-01# show forwarding-options | no-more
inactive: helpers {
bootp {
server 10.1.4.34;
interface {
vlan.2;
vlan.75;
vlan.0;
vlan.401;
vlan.402;
vlan.501;
vlan.601;
vlan.602;
vlan.603;
vlan.604;
vlan.605;
}
}
}
dhcp-relay {
dhcpv6 {
group vlans6 {
interface vlan.2;
interface vlan.3;
interface vlan.75;
interface vlan.401;
interface vlan.402;
interface vlan.501;
interface vlan.601;
interface vlan.602;
interface vlan.603;
interface vlan.604;
interface vlan.605;
interface vlan.606;
interface vlan.607;
interface vlan.608;
interface vlan.609;
interface vlan.701;
interface vlan.702;
interface vlan.703;
interface vlan.704;
interface vlan.705;
interface vlan.706;
}
server-group {
ITO-DHCP6 {
ABCD:DCBA::BADC:21::dc1;
}
}
active-server-group ITO-DHCP6;
}
server-group {
ITO-DHCP {
10.1.10.34;
}
}
active-server-group ITO-DHCP;
group vlans {
interface vlan.2;
interface vlan.3;
interface vlan.75;
interface vlan.401;
interface vlan.402;
interface vlan.501;
interface vlan.601;
interface vlan.602;
interface vlan.603;
interface vlan.604;
interface vlan.605;
interface vlan.606;
interface vlan.607;
interface vlan.608;
interface vlan.609;
interface vlan.701;
interface vlan.702;
interface vlan.703;
interface vlan.704;
interface vlan.705;
interface vlan.706;
}
}
Hi Community,
we have a VC built up with 4x QFX5100 running 14.1X53-D35. Most of the traffic is Mcast video traffic entering from the upstream switches towards the cliente ndoes connected to this juniper VC
I'd like to confirm with you if the below behaviour is correct or if the switch should handle the IGMP Leave gorup messages in in different form.
IGMP configuration:
protocols igmp-snooping
vlan Video {
interface ae0.0 {
multicast-router-interface;
}
}
##Igmp snooping enabled for Video vlan and ae0 is the interafce towards the upstream switching network.
Vlan video is shared between the client nodes and the ae0 interface facing the swtihing core where the traffic comes in.
let's say we have 4 servers members of mcast channel #3 for example.
What we see is that when server#3 for instance sends a leave group message for mcast channel#3, this message is forwarded as well via if ae0 towards the upstream switch, being this one configured with the immediate-leave, meaning that the rest of the servers even still interested receiving mcast traffic on channel 3 get the feed cut until a new memebershipquery/report is sent.
My doubt here is if the juniper is working fine sending the leave gorup towards the upstreams switches or it should handle internally via CPU the leave group message sent by server#3 thus cutting only the mcast feed to this server while keeping it for the others servers, meaning no leave group message is sent towrdas te upstream switch while at least we have 1 server still memeber of that channel.
So far i could not find in Juniper doc how it handles this (via CPU).
Thanks
Gab
Dear Experts,
I am new to Juniper and switched from Cisco. Here is simple situation: i am in configuration mode and already have port ge-2/0/15 as ether switch and assigned to vlan 20 - I am trying to delete the config from port 20 and set up as:
set interfaces ge-2/0/15 unit 0 family ethernet-switching
set interfaces ge-2/0/15 unit 0 family ethernet-switching vlan members 20
set ethernet-switching-options voip interface ge-2/0/15.0 vlan 80
edit ethernet-switching-options
set voip interface ge-2/0/15.0 forwarding-class ezqos-voice-fc
But when I try to put line: set ethernet-switching-options voip interface ge-2/0/15.0 vlan 80
I get the syntax error. When I configure new port from scratch all commands are working fine. This case is regarding reconfiguring existing port assigned to vlan. What is best practice to reset port to factory defaults like in cisco word I could do that. Thank You so much Juniper Experts, - Adam
So, I have EX4200 connected to distribution level EX4550. EX4550 connected to router's (vrrp).
At 4200 very simple design and config: 2 vlan. server at default vlan. access mode.
all config like:
> show configuration interfaces ge-0/0/3
unit 0 {
family ethernet-switching;
}
For unknown reasons, the switch "copies" the "unknown" output traffic (aka flood) to many ports (but not all)
Physical interface: ge-0/0/1, Enabled, Physical link is Up
Input rate : 1872 bps (3 pps)
Output rate : 210955840 bps (17824 pps)
Physical interface: ge-0/0/2, Enabled, Physical link is Up
IInput rate : 0 bps (0 pps)
Output rate : 210985808 bps (17825 pps)
.. up to ge-0/0/7
Physical interface: ge-0/0/7, Enabled, Physical link is Up
Input rate : 0 bps (0 pps)
Output rate : 98657312 bps (8393 pps)
>monitor interface ge-0/0/1
Interface: ge-0/0/1, Enabled, Link is Up
Encapsulation: Ethernet, Speed: 1000mbps
Traffic statistics: Current delta
Input bytes: 14422330 (0 bps) [702]
Output bytes: 17918433968187 (162113376 bps) [341143561]
Input packets: 163435 (0 pps) [9]
Output packets: 12112454495 (13745 pps) [231007]
Error statistics:
Input errors: 0 [0]
Input drops: 0 [0]
Input framing errors: 0 [0]
Policed discards: 0 [0]
L3 incompletes: 0 [0]
L2 channel errors: 0 [0]
L2 mismatch timeouts: 0 [0]
Carrier transitions: 1 [0]
Output errors: 0 [0]
Output drops: 0 [0]
Aged packets: 0 [0]
Active alarms : None
Active defects: None
Input MAC/Filter statistics:
Unicast packets 163431 [9]
Broadcast packets 4 [0]
Multicast packets 0 [0]
Oversized frames 0 [0]
Packet reject count 0 [0]
DA rejects 0 [0]
SA rejects 0 [0]
Output MAC/Filter Statistics:
Unicast packets 12104742469 [230618]
Broadcast packets 7251352 [354]
Multicast packets 460674 [35]
Packet pad count 0 [0]
Packet error count 0 [0]
--------------
show ethernet-switching table
Ethernet-switching table: 37 entries, 34 learned, 0 persistent entries
VLAN MAC address Type Age Interfaces
default * Flood - All-members
default 00:00:0c:9f:f0:01 Learn 0 ge-0/0/4.0
default 00:00:5e:00:01:14 Learn 43 ae0.0
...
It looks fine.
how to troubleshoot it?
Hi everyone,
I need to understand the QFX5100 switch hardware architecture, as well as the flow of the specific processing process,
Control panel and forwarding panel interaction process, VM Guest and Vm Junos interaction process.
Is there anyone who can provide the relevant information?
thank you very much.
set interfaces irb unit 100 proxy-macip-advertisement
I need to know what the "proxy-macip-advertisement" parameter is doing in EVPN, where to use and if this is the long awaited ARP-SUPPRESSION mechanism
I found this command in the latest 14.2R6.5 release ( it seems that from version to version new undocumented commands arise and other are removed without any information)
Also pls describe the difference to the command "set interfaces irb unit 100 proxy-arp"
if someone within Juniper knows where to get an answer pls forward
with best regards
alexander
Hi all
I had a loop on my network. Once I sorted that out, I discovered that three of my EX2200 switches were no longer reachable through the network. They are responsive to serial console connections.
One of those switches was in a lab, so I messed around with it for a bit but failed to get anything to work. I eventually rebooted it, and of course that works.
'restart management immediately' just seems to reload the active cli process. 'management' does not appear as a offered option when pressing ? after entering "restart".
The switch does report that the interface is up:
root@sa4-39> show interfaces me0
Physical interface: me0, Enabled, Physical link is Up
Interface index: 1, SNMP ifIndex: 33
Type: Ethernet, Link-level type: Ethernet, MTU: 1514, Speed: 100mbps
Device flags : Present Running
Interface flags: SNMP-Traps
Link type : Full-Duplex
Current address: f0:1c:2d:bc:f5:bf, Hardware address: f0:1c:2d:bc:f5:bf
Last flapped : 2016-08-15 14:41:15 EDT (01:45:26 ago)
Input packets : 157777142
Output packets: 18168943
Logical interface me0.0 (Index 3) (SNMP ifIndex 34)
Flags: SNMP-Traps Encapsulation: ENET2
Input packets : 157777142
Output packets: 18178196
Protocol inet, MTU: 1500
Flags: Is-Primary
Addresses, Flags: Is-Default Is-Preferred Is-Primary
Destination: 172.x.x/24, Local: 172.x.x.x, Broadcast: 172.x.x.x
All three affected switches are running 12.3R6.6.
All three affected switches are using out-of-band management, plugged into one of the ge- ports on the same switch
When the interface is plugged/unplugged, the switch records up/down activity on both the me interface and the ge interface that it is plugged in to.
Swapping the connection to another, similarly configured ge port has no effect; plugging other things into the ge port works normally. The switch appears to be switching properly; configuration changes made through the console appear to be taking effect properly.
Only one of the affected switches was directly involved in the network loop, although all switches saw the resulting storm.
Naturally, I would prefer not to reboot these switches. Does anyone know how I might resurrect the network connectivity of the management interface without a reboot?
Dear Experts,
I have to addmit I am new to juniper and trying to figure it out how to set aditional IP helper to specific vlan.
In Cisco I would have:
interface Vlan20
description second_floor
ip address 192.168.20.1 255.255.255.0
ip access-group BlockSMTP in
ip access-group BlockSMTP out
ip helper-address 192.168.100.25
ip helper-address 192.168.100.26
ip helper-address 192.168.100.38
ip helper-address 192.168.70.1
ip helper-address 192.168.100.70
ip helper-address 192.168.102.3
ip directed-broadcast
In this case I set up all IP helpers to specific VLAN, for example I want to add 192.168.104.3 to production as addition. We use external DHCP 192.168.102.3 as global for all vlans. So lets say I want to ass 192.168.104.3 globally to production as second IP helper
Current Juniper Config:
forwarding-options {
storm-control-profiles default {
all;
}
dhcp-relay {
server-group {
prod {
192.168.102.3;
}
guest {
192.168.200.100;
}
v104 {
192.168.102.3;
}
}
The reason I want try to add iphlper is we cannot get NetSUS | NetBOOT works with Juniper. With Cisco all works fine but Cisco had that IP as helper, with Juniper NetSUS stopped working corectly.
Any help appreciated. -Thank You
Dear Experts!
Setup is a EX4200 stack running 12.3R12.4 (old release for stability reason) with a routing-instance with instance-type virtual-router. Within this virtual router are two SVI: vlan.5 and vlan.20. VLAN 5 is connecting to our office switch and firewall, VLAN 20 is the Management VLAN on the site.
In VLAN 20 are Linux hosts, routes, others. And all show the same behaviour:
Pinging from the Office firewall via vlan.5 routed to vlan.20 the first packet is lost until ARP response is finished. As soon as the ARP entry is done all is running smooth.
So I placed a target into VLAN 20 and VLAN 6 on a trunk port whereas VLAN 6 is in the global inet routing table. While this does NOT happen on vlan.6 interface, it happens every time after a clear arp in the virtual router.
This is also true for the first SYN packet, first DNS query, first packet indepentend of any protocol.
This is also true for different types of endpoints connected to VLAN 6 and VLAN 20. In VLAN 20 the packet is NOT queued for some amount of time until ARP finished while it is queued in e.g. VLAN 6.
Why is there a different behaviour in virtual router and global routing table?
Any configuration issues I can configure that?
All my googeling and searching and documents reading does not show any results into that direction. Any help is appreciated most!
Thanks!
Walter
P.S.: Also a control plane firewall on lo0 has no influence on this behaviour. Or do I need to allow something special there, more than term default { then { accpet; } } at the end. Any denys that could match here?
switch# show routing-instances
oam {
description "OAM Mgmt VPN";
instance-type virtual-router;
interface lo0.5;
interface vlan.5;
interface vlan.20;
...
protocols {
ospf {
export OSPF-REDIST-OAM;
reference-bandwidth 10k;
area 0.0.0.0 {
interface vlan.5 {
metric 50;
priority 75;
hello-interval 1;
dead-interval 4;
authentication {
md5 1 key "****";
}
bfd-liveness-detection {
minimum-interval 300;
minimum-receive-interval 300;
multiplier 3;
}
}
interface lo0.5 {
passive;
}
interface vlan.20 {
passive;
metric 50;
}
}
}
}
}
switch# show interfaces vlan.20
description "OAM Server LAN";
family inet {
mtu 1500;
address 10.168.44.7/23 { # not tried to remove the VRRP config yet
preferred;
vrrp-group 20 {
virtual-address 10.168.44.254;
priority 120;
preempt;
accept-data;
authentication-type simple;
authentication-key "***";
}
}
}
switch# show interfaces vlan.6
family inet {
mtu 1500;
filter { # in/out filters do not have any influence on this issue
input VLAN6-IN;
output VLAN6-OUT;
}
address a.b.c.38/29; # some official IP
}