Hello, I am not receiving any syslog or SNMP traps on my Kiwi Syslog server.

Specifically I am trying to receive syslog or traps of when someone logs in successfully or unsuccessfully.

However when I generate a test SNMP trap using 'request snmp spoof-trap spoof-trap authenticationFailure', I do receive it in KiwiSyslog, so I cannot understand how my config is wrong. Can someone please advise what I am doing wrong.

Thank you kindly for any assistance.

version 11.4R1.6;
system {
host-name xxxxx
time-zone xxxxxxx
root-authentication {
encrypted-password "xxxxxxxxxxx";
}
login {
mxxxxxxxxxxxx
";
user admin {
uid 2000;
class super-user;
authentication {
encrypted-password "$xxxxxxx";
}
}
}
services {
ssh {
protocol-version v2;
}
telnet;
netconf {
ssh;
}
web-management {
http;
}
}
syslog {
user * {
any emergency;
}
host x.x.x.x {
facility-override local0;
source-address x.x.x.x;
}
file messages {
any info;
user info;
}
file interactive-commands {
interactive-commands any;
}
file authorization {
any any;
}
time-format;
source-address x.x.x.x;
}
ntp {
serverx.x.x.xx;
}
}
chassis {
alarm {
management-ethernet {
link-down ignore;
}
}
}
interfaces {
ge-0/0/0 {
description "xxxxxx";
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/1 {
description "xxxxx";
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members Engineering_VOIP;
}
}
}
}
ge-0/0/2 {
description "xxxxx";
unit 0 {
family ethernet-switching;
}
}
ge-0/0/3 {
description "Axxxxxx;
unit 0 {
family ethernet-switching;
}
}
ge-0/0/4 {
description "xxx";
unit 0 {
family ethernet-switching;
}
}
ge-0/0/5 {
description "xxx";
unit 0 {
family ethernet-switching;
}
}
ge-0/0/6 {
description "xxx";
unit 0 {
family ethernet-switching;
}
}
ge-0/0/7 {
description "xxxx";
unit 0 {
family ethernet-switching;
}
}
ge-0/0/8 {
description "xxx";
unit 0 {
family ethernet-switching;
}
}
ge-0/0/9 {
description "xxx1";
unit 0 {
family ethernet-switching;
}
}
ge-0/0/10 {
description "xxx;
unit 0 {
family ethernet-switching;
}
}
ge-0/0/11 {
description "xxx";
unit 0 {
family ethernet-switching;
}
}
ge-0/0/12 {
description "xxxx";
unit 0 {
family ethernet-switching;
}
}
ge-0/0/13 {
description "xxx";
unit 0 {
family ethernet-switching;
}
}
ge-0/0/14 {
description "xxx";
unit 0 {
family ethernet-switching;
}
}
ge-0/0/15 {
description "xxxxx";
unit 0 {
family ethernet-switching;
}
}
ge-0/0/16 {
description "xxxxx";
unit 0 {
family ethernet-switching;
}
}
ge-0/0/17 {
description "xxxx";
unit 0 {
family ethernet-switching;
}
}
ge-0/0/18 {
description "xxxxx";
unit 0 {
family ethernet-switching;
}
}
ge-0/0/19 {
description "xxxx";
unit 0 {
family ethernet-switching;
}
}
ge-0/0/20 {
description "xxx";
unit 0 {
family ethernet-switching;
}
}
ge-0/0/21 {
description "xxxxx";
unit 0 {
family ethernet-switching;
}
}
ge-0/0/22 {
description "xxxx";
unit 0 {
family ethernet-switching;
}
}
ge-0/0/23 {
description "xxxx";
unit 0 {
family ethernet-switching;
}
}
ge-0/0/24 {
description "xxxxx";
unit 0 {
family ethernet-switching;
}
}
ge-0/0/25 {
description "xxxx";
unit 0 {
family ethernet-switching;
}
}
ge-0/0/26 {
description "xxxxx";
unit 0 {
family ethernet-switching;
}
}
ge-0/0/27 {
description "xxxxx";
unit 0 {
family ethernet-switching;
}
}
ge-0/0/28 {
description "xxxxx";
unit 0 {
family ethernet-switching;
}
}
ge-0/0/29 {
description "xxxxx";
unit 0 {
family ethernet-switching;
}
}
ge-0/0/30 {
description "xxxx";
unit 0 {
family ethernet-switching;
}
}
ge-0/0/31 {
description "xxxx";
unit 0 {
family ethernet-switching;
}
}
ge-0/0/32 {xxx;
unit 0 {
family ethernet-switching;
}
}
ge-0/0/33 {
description "xxxx";
unit 0 {
family ethernet-switching;
}
}
ge-0/0/34 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/35 {
description "xxxx";
unit 0 {
family ethernet-switching;
}
}
ge-0/0/36 {
description "xxxx";
unit 0 {
family ethernet-switching;
}
}
ge-0/0/37 {
description "xxxxx";
unit 0 {
family ethernet-switching;
}
}
ge-0/0/38 {
description "xxxx";
unit 0 {
family ethernet-switching;
}
}
ge-0/0/39 {
description "xxxxx";
unit 0 {
family ethernet-switching;
}
}
ge-0/0/40 {
description "xxxxx";
unit 0 {
family ethernet-switching;
}
}
ge-0/0/41 {
description "xxxx";
unit 0 {
family ethernet-switching;
}
}
ge-0/0/42 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/43 {
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members xxxxx;
}
}
}
}
ge-0/0/44 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/45 {
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members Axia;
}
}
}
}
ge-0/0/46 {
description "xxxxx";
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members xxxxxx;
}
}
}
}
ge-0/0/47 {
description "xxxx";
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
membersxxxx;
}
}
}
}
ge-0/1/0 {
unit 0 {
family ethernet-switching;
}
}
xe-0/1/0 {
unit 0 {
family ethernet-switching;
}
}
ge-0/1/1 {
unit 0 {
family ethernet-switching;
}
}
xe-0/1/1 {
unit 0 {
family ethernet-switching;
}
}
ge-0/1/2 {
unit 0 {
family ethernet-switching;
}
}
xe-0/1/2 {
unit 0 {
family ethernet-switching;
}
}
ge-0/1/3 {
unit 0 {
family ethernet-switching;
}
}
vlan {
unit 0 {
family inet {
address 1x.x.x.x;
}
}
unit 2 {
family inet {
address x.x.x.x;
}
}
unit 3 {
family inet {
address 1x.x.x.x;
}
}
unit 4 {
family inet {
address x.x.x.x;
}
}
unit 5 {
family inet {
address 1x.x.x.x;
}
}
}
}
snmp {
location "xxxxd";
contact "xxxx";
community xxxxx {
authorization read-only;
}
trap-group xxxx {
version v2;
destination-port 162;
categories {
authentication;
startup;
}
targets {
x.x.x.x;
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop [ x.x.x.x x.x.x.x ];
route x.x.x.x/32 next-hop x.x.x.x;
}
}
protocols {
igmp-snooping {
vlan all;
}
rstp;
lldp {
interface all;
}
lldp-med {
interface all;
}
}
ethernet-switching-options {
voip;
storm-control {
interface all;
}
}
vlans {
Audio_Codecs {
description "Axxxxxxxxxx";
vlan-id 66;
}
Axia {xxxxxxx";
vlan-id 3;
l3-interface vlan.5;
}
Engineering_ISCSI {
description "xxxx";
vlan-id 100;
interface {
ge-0/0/42.0;
ge-0/0/44.0;
}
l3-interface vlan.4;
}
Engineering_News {
description "xxxxxxxx";
vlan-id 30;
}
Engineering_Nexgen {
description "xxxxxx";
vlan-id 31;
interface {
ge-0/0/0.0;
ge-0/0/2.0;
ge-0/0/3.0;
ge-0/0/4.0;
ge-0/0/5.0;
ge-0/0/6.0;
ge-0/0/7.0;
ge-0/0/8.0;
ge-0/0/9.0;
ge-0/0/10.0;
ge-0/0/11.0;
ge-0/0/12.0;
ge-0/0/13.0;
ge-0/0/14.0;
ge-0/0/15.0;
ge-0/0/16.0;
ge-0/0/17.0;
ge-0/0/18.0;
ge-0/0/19.0;
ge-0/0/20.0;
ge-0/0/21.0;
ge-0/0/22.0;
ge-0/0/23.0;
ge-0/0/24.0;
ge-0/0/25.0;
ge-0/0/26.0;
ge-0/0/27.0;
ge-0/0/28.0;
ge-0/0/29.0;
ge-0/0/30.0;
ge-0/0/31.0;
ge-0/0/32.0;
ge-0/0/33.0;
ge-0/0/34.0;
ge-0/0/35.0;
ge-0/0/36.0;
ge-0/0/37.0;
ge-0/0/38.0;
ge-0/0/39.0;
ge-0/0/40.0;
ge-0/0/41.0;
}
l3-interface vlan.2;
}
Engineering_VOIP {
description "xxxxxx";
vlan-id 41;
l3-interface vlan.3;
}
Kordia_IPAudio {
description "xxxxx";
vlan-id 6;
}
Office_IT {
description "xxxxxx";
vlan-id 10;
}
default {
l3-interface vlan.0;
}
}
poe {
interface all;
}

Hi, all, according to documentation, nested firewall rule is supported on EX-4200 platform, however it does not seem to be the case, any idea?

EX4200-24t# set firewall family inet filter filter1 term term1 ?
Possible completions:
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
> from Define match criteria
> then Action to take if the 'from' condition is matched

EX4200-24t#run show version
fpc0:
--------------------------------------------------------------------------
Hostname: tnx-ca1.dev-us1.twilio.com
Model: ex4200-24t
JUNOS Base OS boot [12.3R12.4]
JUNOS Base OS Software Suite [12.3R12.4]
JUNOS Kernel Software Suite [12.3R12.4]
JUNOS Crypto Software Suite [12.3R12.4]
JUNOS Online Documentation [12.3R12.4]
JUNOS Enterprise Software Suite [12.3R12.4]
JUNOS Packet Forwarding Engine Enterprise Software Suite [12.3R12.4]
JUNOS Routing Software Suite [12.3R12.4]
JUNOS Web Management [12.3R12.4]
JUNOS FIPS mode utilities [12.3R12.4]

Hi all,

I'm trying to connect a QFX10008 to an EX4300 switch using a Passive DAC as uplink port and not as vcp.

I already found out that the default behavior for a 4x40G pic in the EX4300 is configured as VCP

I removed the VCP ports and configured et port, and show interfaces shows the port as up | down from the EX4300.

QFX10K - 15.1X53-D33.3

show chassis hardware
Xcvr 10 REV 740-038625 QSFP+-40G-CU5M

show interfaces et-0/0/10
Physical interface: et-0/0/10, Enabled, Physical link is Down
Link-level type: Ethernet, MTU: 1514, LAN-PHY mode, Speed: 40Gbps, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Disabled, Media type: Fiber
Device flags : Present Running Down

EX4300 - 14.1X53-D35.3

show chassis hardware
PIC 1 REV 19 BUILTIN BUILTIN 4x 40GE QSFP+
Xcvr 0 REV 740-038625 QSFP+-40G-CU5M

shdudu@vodc-sw11.hfa> show interfaces et-0/1/0
Physical interface: et-0/1/0, Enabled, Physical link is Down
Link-level type: Ethernet, MTU: 1514, MRU: 0, Speed: 40Gbps, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled, Remote fault: Online,

Do I need to configure additional settings on the port?

Hello Experts

I do not understand the concept of inter-switch isolated VLAN VS isloated VLAN in PVLAN. When isolated VLAN member cannot communicate to other isolated VLAN member then why to carry traffic for isolated VLAN from one switch to other switch?

Appreciated your input 

I currently have an EX4200 with the enabled ports locked down to the MAC or MACs of the workstations on them with the "allowed-mac and mac-limit". I know have users with laptops wanting to move around offices and connect to ports other than theirs. How would I allow this with port security? Am I better off removing the individual port security, opening all ports and allowing all my known MACs on the entire switch? If so how would I accomplish this or if there is a better way, wht is that?

Thanks!

Hello All,

I've been trying to create a remote loop back on a 10G interface on an EX4550. The 4550 is in a remote location and I'm connected it to it via leased 10g ethernet circuit. I want to create a remote loop back so I can attach a JDSU 5812p tester on the circuit and run a bert test on the circuit.

I looked in the tech library and there's an article about setting up the remote loopback like this:

set protocol oam ethernet link-fault-management interface xe-0/0/2 remote-loopback

But the JDSU unit does not detect the loop when I run the 2544 test on it. 

I even added: 

set protocols oam ethernet link-fault-management interface xe-0/0/2 negotiation-options allow-remote-loopback

But that didn't seem to help either.

Any help would greatly be apprecaited.

Thanks

Ben

hello community, 

yesterday I was setting up some ports (20,21) from an EX3300 running 12.3 to be used by the Mgmt Vlan. I was getting Layer 2 connectivity between the servers connected to those ports and my Core SW. However I was not able to ping them. 

After some research. we found this PR in the Release notes

https://www.juniper.net/techpubs/en_US/junos12.3/information-products/topic-collections/release-notes/12.3/topic-69603.html#rn-junos-ex-limitations

• Routing between virtual-routing instances for local direct routes is not supported. [PR/490932: This is a known software limitation.

I have the same Vlan set under the dedicated mgmt port and it works fine, but the traffic coming from these servers was just not going through. 

Anyone knows if this gets fix in a recent version or if there is any way to track a PR?

Good day, all!

I have seriouse problem with installing EX-1FE-FX (P\n: 740-021487) SFP-module, and I not shure that my SFP-module is compatibe with my swith. Please, help me to recognise module(see on picture).

And another question: if this module in compatible with my switch what I shall do to launch this module?

Some output of diagnostic commands:

1.

root@SW-01> show interfaces ge-0/1/0 detail
Physical interface: ge-0/1/0, Enabled, Physical link is Down
Interface index: 161, SNMP ifIndex: 555, Generation: 175
Link-level type: Ethernet, MTU: 1514, Speed: 100mbps, Duplex: Full-Duplex, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Disabled, Media type: Fiber
Device flags : Present Running
Interface flags: Hardware-Down SNMP-Traps Internal: 0x4000
Link flags : None
CoS queues : 8 supported, 8 maximum usable queues
Hold-times : Up 0 ms, Down 0 ms
Current address: b0:a8:6e:09:76:9b, Hardware address: b0:a8:6e:09:76:9b
Last flapped : Never
Statistics last cleared: Never
Traffic statistics:
Input bytes : 0 0 bps
Output bytes : 0 0 bps
Input packets: 0 0 pps
Output packets: 0 0 pps
IPv6 transit statistics:
Input bytes : 0
Output bytes : 0
Input packets: 0
Output packets: 0
Egress queues: 8 supported, 4 in use
Queue counters: Queued packets Transmitted packets Dropped packets
0 best-effort 0 58303780 94881
1 assured-forw 0 0 0
5 expedited-fo 0 0 0
7 network-cont 0 18 0
Queue number: Mapped forwarding classes
0 best-effort
1 assured-forwarding
5 expedited-forwarding
7 network-control
Active alarms : LINK
Active defects : LINK
Interface transmit statistics: Disabled

Logical interface ge-0/1/0.0 (Index 93) (SNMP ifIndex 556) (Generation 177)
Flags: Device-Down SNMP-Traps 0x4000 Encapsulation: ENET2
Traffic statistics:
Input bytes : 0
Output bytes : 0
Input packets: 0
Output packets: 0
Local statistics:
Input bytes : 0
Output bytes : 0
Input packets: 0
Output packets: 0
Transit statistics:
Input bytes : 0 0 bps
Output bytes : 0 0 bps
Input packets: 0 0 pps
Output packets: 0 0 pps
Protocol eth-switch, Generation: 196, Route table: 0
Flags: None

{master:0}

2.

root@SW-01> show interfaces diagnostics optics ge-0/1/0
Physical interface: ge-0/1/0
Laser bias current : 12.650 mA
Laser output power : 0.0730 mW / -11.37 dBm
Module temperature : 34 degrees C / 93 degrees F
Module voltage : 3.1820 V
Receiver signal average optical power : 0.0308 mW / -15.11 dBm
Laser bias current high alarm : Off
Laser bias current low alarm : Off
Laser bias current high warning : Off
Laser bias current low warning : Off
Laser output power high alarm : Off
Laser output power low alarm : Off
Laser output power high warning : Off
Laser output power low warning : Off
Module temperature high alarm : Off
Module temperature low alarm : Off
Module temperature high warning : Off
Module temperature low warning : Off
Module voltage high alarm : Off
Module voltage low alarm : Off
Module voltage high warning : Off
Module voltage low warning : Off
Laser rx power high alarm : Off
Laser rx power low alarm : Off
Laser rx power high warning : Off
Laser rx power low warning : Off
Laser bias current high alarm threshold : 90.000 mA
Laser bias current low alarm threshold : 0.000 mA
Laser bias current high warning threshold : 85.000 mA
Laser bias current low warning threshold : 0.000 mA
Laser output power high alarm threshold : 0.2230 mW / -6.52 dBm
Laser output power low alarm threshold : 0.0220 mW / -16.58 dBm
Laser output power high warning threshold : 0.1580 mW / -8.01 dBm
Laser output power low warning threshold : 0.0310 mW / -15.09 dBm
Module temperature high alarm threshold : 75 degrees C / 167 degrees F
Module temperature low alarm threshold : -5 degrees C / 23 degrees F
Module temperature high warning threshold : 70 degrees C / 158 degrees F
Module temperature low warning threshold : 0 degrees C / 32 degrees F
Module voltage high alarm threshold : 3.795 V
Module voltage low alarm threshold : 2.805 V
Module voltage high warning threshold : 3.465 V
Module voltage low warning threshold : 3.135 V
Laser rx power high alarm threshold : 0.5012 mW / -3.00 dBm
Laser rx power low alarm threshold : 0.0003 mW / -35.23 dBm
Laser rx power high warning threshold : 0.3162 mW / -5.00 dBm
Laser rx power low warning threshold : 0.0004 mW / -33.98 dBm

{master:0}

3.

root@SW-01> show chassis pic fpc-slot 0 pic-slot 1
FPC slot 0, PIC slot 1 information:
Type 4x GE SFP Builtin
State Online
Uptime 8 hours, 27 minutes, 33 seconds

PIC port information:
Fiber Xcvr vendor Wave- Xcvr
Port Cable type type Xcvr vendor part number length Firmware
0 GIGE 100LX SM FINISAR CORP FTLF1217P2BTL-J1 1310 nm 0.0
1 GIGE 100LX SM FINISAR CORP FTLF1217P2BTL-J1 1310 nm 0.0
2 GIGE 100LX SM FINISAR CORP FTLF1217P2BTL-J1 1310 nm 0.0

4.

root@SW-01> show chassis hardware
Hardware inventory:
Item Version Part number Serial number Description
Chassis 663023100JZ EX2200-24T-4G
Routing Engine 0 REV 11 750-037483 663023100JZ EX2200-24T-4G
FPC 0 REV 11 750-037483 663023100JZ EX2200-24T-4G
CPU BUILTIN BUILTIN FPC CPU
PIC 0 BUILTIN BUILTIN 24x 10/100/1000 Base-T
PIC 1 REV 11 750-037483 663023100JZ 4x GE SFP
Xcvr 0 REV 01 740-021487 AN24B20 SFP-100-LX
Xcvr 1 REV 01 740-021487 AN24B27 SFP-100-LX
Xcvr 2 REV 01 740-021487 AN24B28 SFP-100-LX
Power Supply 0 PS 100W AC
Fan Tray Fan Tray

{master:0}

P.s. This module startup and work property wit MOXA IMC-21GA Ethernet converter.

P.p.s Sory for my English

Experts,

I am wonder if after request system halt is any way to turn on back a switch without unpluging power cable and plugging it back. Was looking on the LCD and buttons but did not find anything. thank you

hi all

we just bought a bunch of 3200 switches. we need to block traffic based on source/destination address (between vlans) and ports. but it seems only the mac filtering working. any special requirement needed to do ip/port?

thanks ina advance

B

Do EX switches have some equivalent to Cisco's "ip accounting" function?

Hello,

due to SRX650 end of sale, we had to lately order 2 SRX1500;

those SRX1500 have a dedicated HA Control port with is SFP based so, apparently 1G Copper of Fiber based on the GBIC you order; so, for example, SRX-SFP-1GE-SX or SRX-SFP-1GE-T GBIC could be used for this HA Control port

Question :

Can an EX-SFP-10GE-SR GBIC be used inside this HA Control port ?

(EX-SFP-10GE-SR is compatible with SRX-SFP-10GE-SR as shown here :

http://www.juniper.net/techpubs/en_US/release-independent/junos/information-products/topic-collections/hardware/srx-series/srx-transceivers/srx-transceiver-guide.pdf )

thanks for your help

Hi guys,

I am pretty new to the world of networking and especially Juniper switching. 

I have following situation I need your help with. I have 2 48P EX2200 switches, one SW01 that is fully managed by me and the other one SW02 managed by a third part and I only have read access.

SW01 is pretty much configured only with the default settings at this point in time with the default untagged vlan.

The main switch is the 3rd party managed one and SW01 is connected to it on port 1. 

I want to setup a guest wifi in a different vlan SW01 but since the VLAN exists already on SW02 I am not able to configure it on SW01.

3 access points are connected on port 19/21/23 on SW01.

As far as I understand I need to setup two vlans on those ports the default one and another one for guests. 

Secondly, I need to make sure that the guest vlan is giving out IPS via DHCP as well I.

Hope anyone has a similar setup and can help me with that?

SW01 Vlans

Vlan:

root@SW01> show vlans
Name           Tag     Interfaces
default
                       ge-0/0/0.0, ge-0/0/1.0*, ge-0/0/2.0, ge-0/0/3.0, ge-0/0/4.0, ge-0/0/5.0*,
                       ge-0/0/6.0, ge-0/0/7.0, ge-0/0/8.0, ge-0/0/9.0, ge-0/0/10.0, ge-0/0/11.0,
                       ge-0/0/12.0, ge-0/0/13.0, ge-0/0/14.0, ge-0/0/15.0, ge-0/0/16.0, ge-0/0/17.0,
                       ge-0/0/18.0, ge-0/0/19.0, ge-0/0/20.0, ge-0/0/21.0, ge-0/0/22.0, ge-0/0/23.0,
                       ge-0/0/24.0, ge-0/0/25.0*, ge-0/0/26.0, ge-0/0/27.0*, ge-0/0/28.0, ge-0/0/29.0*,
                       ge-0/0/30.0, ge-0/0/31.0, ge-0/0/32.0, ge-0/0/33.0, ge-0/0/34.0, ge-0/0/35.0,
                       ge-0/0/36.0, ge-0/0/37.0, ge-0/0/38.0, ge-0/0/39.0, ge-0/0/40.0, ge-0/0/41.0,
                       ge-0/0/42.0, ge-0/0/43.0, ge-0/0/44.0, ge-0/0/45.0, ge-0/0/46.0, ge-0/0/47.0

SW01 current configuration

root@SW01> show configuration
## Last commit: 2016-09-19 05:56:54 UTC by root
version 10.4R1.9;
system {
    host-name SW01;
    root-authentication {
SECRET-DATA
    }
    login {
        user admin {
            uid 2000;
            class super-user;
            authentication {
                encrypted-password 
            }
        }
    }
    services {
        ssh;
        web-management {
            http;
        }
    }
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any notice;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
}
interfaces {
    ge-0/0/0 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/1 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/2 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/3 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/4 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/5 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/6 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/7 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/8 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/9 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/10 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/11 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/12 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/13 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/14 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/15 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/16 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/17 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/18 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/19 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/20 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/21 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/22 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/23 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/24 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/25 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/26 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/27 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/28 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/29 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/30 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/31 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/32 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/33 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/34 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/35 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/36 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/37 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/38 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/39 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/40 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/41 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/42 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/43 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/44 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/45 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/46 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/47 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/1/0 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/1/1 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/1/2 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/1/3 {
        unit 0 {
            family ethernet-switching;
        }
    }
    me0 {
        unit 0 {
            family inet {
                address 192.168.1.249/24;
            }
        }
    }
    vlan {
        unit 0 {
            family inet {
                address 192.168.100.1/24;
            }
        }
    }
}
forwarding-options {
    helpers {
        bootp {
            server 192.168.1.20;
            interface {
                vlan.0;
            }
        }
    }
}
snmp {
    name SW01;
    description "Juniper EX2200 48P";
    location "IT cabinet";
    community SW01 {
        authorization read-only;
    }
    health-monitor {
        interval 200;
        rising-threshold 80;
        falling-threshold 70;
    }
}
routing-options {
    static {
        route 0.0.0.0/0 next-hop 192.168.1.3;
    }
}
protocols {
    igmp-snooping {
        vlan all;
    }
    rstp;
    lldp {
        interface all;
    }
    lldp-med {
        interface all;
    }
}
ethernet-switching-options {
    storm-control {
        interface all {
            level 50; ## Warning: 'level' is deprecated
        }
    }
}
poe {
    interface all;
}

SW02 vlans

BOE@SW02> show vlans
Name           Tag     Interfaces
default
                       None
vl-1           1
                       ge-0/0/0.0*, ge-0/0/1.0*, ge-0/0/2.0*, ge-0/0/3.0*,
                       ge-0/0/4.0*, ge-0/0/5.0*, ge-0/0/6.0*, ge-0/0/7.0*,
                       ge-0/0/8.0*, ge-0/0/9.0*, ge-0/0/10.0*, ge-0/0/11.0*,
                       ge-0/0/12.0*, ge-0/0/13.0, ge-0/0/14.0, ge-0/0/15.0,
                       ge-0/0/16.0*, ge-0/0/17.0*, ge-0/0/18.0*, ge-0/0/19.0*,
                       ge-0/0/20.0*, ge-0/0/21.0, ge-0/0/22.0*, ge-0/0/24.0*,
                       ge-0/0/25.0*, ge-0/0/26.0*, ge-0/0/27.0, ge-0/0/28.0*,
                       ge-0/0/29.0*, ge-0/0/30.0*, ge-0/0/31.0, ge-0/0/32.0,
                       ge-0/0/33.0*, ge-0/0/34.0*, ge-0/0/35.0*, ge-0/0/36.0*,
                       ge-0/0/37.0*, ge-0/0/38.0, ge-0/0/39.0*, ge-0/0/40.0*,
                       ge-0/0/41.0, ge-0/0/42.0, ge-0/0/43.0*, ge-0/0/44.0*,
                       ge-0/0/45.0*, ge-0/0/47.0*
vl-100         100
                       ge-0/0/0.0*, ge-0/0/22.0*, ge-0/0/44.0*, ge-0/0/45.0*,
                       ge-0/0/47.0*
vl-50          50
                       ge-0/0/0.0*, ge-0/0/1.0*, ge-0/0/2.0*, ge-0/0/3.0*,
                       ge-0/0/4.0*, ge-0/0/5.0*, ge-0/0/6.0*, ge-0/0/7.0*,
                       ge-0/0/8.0*, ge-0/0/9.0*, ge-0/0/10.0*, ge-0/0/11.0*,
                       ge-0/0/12.0*, ge-0/0/13.0, ge-0/0/14.0, ge-0/0/15.0,
                       ge-0/0/16.0*, ge-0/0/17.0*, ge-0/0/18.0*, ge-0/0/19.0*,
                       ge-0/0/20.0*, ge-0/0/21.0, ge-0/0/22.0*, ge-0/0/23.0,
                       ge-0/0/24.0*, ge-0/0/25.0*, ge-0/0/26.0*, ge-0/0/27.0,
                       ge-0/0/28.0*, ge-0/0/29.0*, ge-0/0/30.0*, ge-0/0/31.0,
                       ge-0/0/32.0, ge-0/0/33.0*, ge-0/0/34.0*, ge-0/0/35.0*,
                       ge-0/0/36.0*, ge-0/0/37.0*, ge-0/0/38.0, ge-0/0/39.0*,
                       ge-0/0/40.0*, ge-0/0/41.0, ge-0/0/42.0, ge-0/0/43.0*,
                       ge-0/0/44.0*, ge-0/0/45.0*, ge-0/0/46.0*, ge-0/0/47.0*
vl-99          99
                       ge-0/0/0.0*, ge-0/0/22.0*, ge-0/0/44.0*, ge-0/0/45.0*,
                       ge-0/0/47.0*

Hi

I'm trying to setup MC-LAG port between two core QFX10008 switches to an access EX4550 switch.

ICCP is up, other mc-lags to other access switches are up (QFX5100),

i'm attaching configuration in a hope that someone will take a look and find what am I missing here

Thanks in advanced you all!

SW1

x@sw1.xxx.RE0> show configuration interfaces ae45
description "MC-LAG TRUNK to SW45.XXX";
aggregated-ether-options {
minimum-links 1;
link-speed 10g;
lacp {
active;
periodic fast;
system-id 00:00:00:10:04:05;
admin-key 5;
}
mc-ae {
mc-ae-id 5;
redundancy-group 1;
chassis-id 0;
mode active-active;
status-control active;
init-delay-time 240;
events {
iccp-peer-down {
prefer-status-control-active;
}
}
}
}
unit 0 {
bandwidth 20g;
family ethernet-switching {
interface-mode trunk;
vlan {
members v405;
}
}
}

SW2

x@sw2.xxx.RE0> show configuration interfaces ae45
description "MC-LAG TRUNK to SW45.XXX";

aggregated-ether-options {
minimum-links 1;
link-speed 10g;
lacp {
active;
periodic fast;
system-id 00:00:00:10:04:05;
admin-key 5;
}
mc-ae {
mc-ae-id 5;
redundancy-group 1;
chassis-id 1;
mode active-active;
status-control standby;
init-delay-time 240;
events {
iccp-peer-down {
prefer-status-control-active;
}
}
}
}
unit 0 {
bandwidth 20g;
family ethernet-switching {
interface-mode trunk;
vlan {
members v405;
}
}
}

SW45

x@sw45.xxx> show configuration interfaces ae0
description "MC-LAG TRUNK to SW1+2.XXX";
aggregated-ether-options {
minimum-links 1;
link-speed 10g;
lacp {
active;
periodic fast;
}
}
unit 0 {
bandwidth 40g;
family ethernet-switching {
port-mode trunk;
vlan {
members v405;
}
}
}

MC-LAG is down

Member Link : ae45
Current State Machine's State: mcae active state
Configuration Check Status : Passed
Local Status : active
Local State : down
Peer Status : active
Peer State : down
Logical Interface : ae45.0
Topology Type : bridge
Local State : up
Peer State : up
Peer Ip/MCP/State : <peer_ip> ae1.0 up

other MC-LAGs on same redundancy group are up

Member Link : ae20
Current State Machine's State: mcae active state
Configuration Check Status : Passed
Local Status : active
Local State : up
Peer Status : active
Peer State : up
Logical Interface : ae20.0
Topology Type : bridge
Local State : up
Peer State : up
Peer Ip/MCP/State : <peer_ip> ae1.0 up

I have come across a commit error when adding the 'action-shutdown' option to a storm control profile.

{master:0}[edit interfaces xe-2/0/8]
paulh@LAB1# commit check
[edit interfaces xe-2/0/8 ether-options ethernet-switch-profile storm-control]
'TEST'
Action shutdown is not supported with the attached interface

The profile was already associated with an interface which is configured as follows.

{master:0}[edit interfaces xe-2/0/8]
paulh@LAB1# show
description Customer_A;
flexible-vlan-tagging;
native-vlan-id 4094;
encapsulation extended-vlan-bridge;
ether-options {
ethernet-switch-profile {
storm-control TEST;
}
auto-negotiation;
}
unit 10 {
vlan-id-list 1-4094;
input-vlan-map push;
output-vlan-map pop;
}

{master:0}[edit]
paulh@LAB1# show forwarding-options
storm-control-profiles TEST {
all {
bandwidth-level 2000;
}
action-shutdown;
}

Does anyone know why this is? 

My VC master has booted from the backup partition after a power failure. I can't get it to boot into the primary partition:
request system snapshot media internal slice alternate

request system reboot slice alternate media internal

Can I safely do a format install on the switch and have it fail the master role over the backup during the install, or is there a way to force the role to move to the backup switch before hand, or is there another prefered method for doing this on the master?

I have backups of the config but I would prefer not to have to use them if I don't need to.

Hi

a quick question please, does anyone know what's the meaning\solution for those logs?

Sep 24 09:22:23 sw1.hfa.RE1 dcd[4425]: parse_mix_rate_parent_ae : ifd ae0 no kernel link-speed
Sep 24 09:22:23 sw1.hfa.RE1 dcd[4425]: parse_mix_rate_parent_ae : ifd ae1 no kernel link-speed
Sep 24 09:22:23 sw1.hfa.RE1 dcd[4425]: parse_mix_rate_parent_ae : ifd ae10 no kernel link-speed
Sep 24 09:22:23 sw1.hfa.RE1 dcd[4425]: parse_mix_rate_parent_ae : ifd ae1405 no kernel link-speed
Sep 24 09:22:23 sw1.hfa.RE1 dcd[4425]: parse_mix_rate_parent_ae : ifd ae20 no kernel link-speed
Sep 24 09:22:23 sw1.hfa.RE1 dcd[4425]: parse_mix_rate_parent_ae : ifd ae2405 no kernel link-speed

Sep 24 09:22:56 sw2.hfa.RE1 dcd[1485]: parse_mix_rate_parent_ae : ifd ae0 no kernel link-speed
Sep 24 09:22:56 sw2.hfa.RE1 dcd[1485]: parse_mix_rate_parent_ae : ifd ae1 no kernel link-speed
Sep 24 09:22:56 sw2.hfa.RE1 dcd[1485]: parse_mix_rate_parent_ae : ifd ae10 no kernel link-speed
Sep 24 09:22:56 sw2.hfa.RE1 dcd[1485]: parse_mix_rate_parent_ae : ifd ae1405 no kernel link-speed
Sep 24 09:22:56 sw2.hfa.RE1 dcd[1485]: parse_mix_rate_parent_ae : ifd ae20 no kernel link-speed
Sep 24 09:22:56 sw2.hfa.RE1 dcd[1485]: parse_mix_rate_parent_ae : ifd ae2405 no kernel link-speed

I saw that someone answered to something similiar couple of years back but the article the solution was in is now under review or something.

I have an testlab with Openstack and mx80 (16.1).

Two vrf instances - one to organize overlay network, one for vxlan tenants, and one evpn instance for vxlan termination using pim sparse scheme.

Initially muticast tunnels doesn't work and irb unit for vxlan tenants is in down state.

Irb goes up only after strange kick. First vxlan tunnel must be destined for vtep-source-address, irb goes up and multicast VTEPs starts work.

Is any way to fix this behavior?

Thanks!

Can it be verified if the Open-flow 1.3 client in the QFX5100 switches supports configuring hardware TCAM or does it use software tables?