Hi there, 

I'm looking for QFX based Junos Fusion (Data Center) technical documention and config examples.  I can't find them anywhere on Juniper's site.  Provider Edge and Enterprise are documented but not Data Center.

Can someone point me in the right direction, please?

Thanks.

Hey Guys, 

Hope everyone is well in these holidays. Currently I faced a problem with my EX3300 running 12.3R6.6.

For some reason If I assign an Access Port to the Admin VLAN (Same Vlan used OOB for mgmt of all devices)  the port doesnt let the traffic pass. 

In this example I set as the Admin Vlan, Vlan 1 and set the port in the following way

set interfaces ge-0/0/19 description TEST
set interfaces ge-0/0/19 unit 0 family ethernet-switching port-mode access
set interfaces ge-0/0/19 unit 0 family ethernet-switching vlan members ADMIN_VLAN <<<<< Vlan 1

If I set any other VLAN. Works like a Charm.

I set a Laptop with an Ip from the Vlan and it doesnt let me pass the traffic. 

However. Testing it with a Cisco 3950 It does work. Any missing config that I am not setting up or any known Bug for this?

Thanks

Hello All, 

I've set a firewall filter in my EX running 12.3R6.6. It seems to work fine, However after a minute or so it starts dropping packets and eventually drops the connection to the hosts in the Port. 

This is the Filter

filter "ACL_CID#837" {
term ACCESS {
from {
source-address {
10.0.0.1/32;

10.0.0.2/32;

10.0.0.3/32;

10.0.0.4/32;

10.0.0.5/32;

10.0.0.6/32;
}
}
then accept;
}
term ACCESS_DENIED {
then discard;
}
term DEFAULT_TERM {
then accept;

I applied the Rule to the interface as follow:

ge-0/0/20 {
description 
ether-options {
speed {
100m;
}
}
unit 0 {
family ethernet-switching {
}
filter {
input "ACL_CID#837";

Any Ideas why it drops the connection?

Thanks

I constantly have these two alarms -

> show chassis alarms      
2 alarms currently active
Alarm time               Class  Description
2016-12-05 17:38:50 CST  Major  FPC 0 PEM 1 is not powered
2016-12-05 17:38:50 CST  Major  FPC 0 PEM 0 is not powered

I replaced power supply 1 with a new power supply

Power Supply 0   REV 03   740-020957   AT0508420508      PS 320W AC
Power Supply 1   REV 05   740-020957   AT0514103087      PS 320W AC

I am still getting the errors. (Also my date is wrong apparently). What should I do?

show system uptime
fpc0:
--------------------------------------------------------------------------
Current time: 2016-12-06 17:23:54 CST

Hi

I have the following setup:

My question is:

I just need to make sure each interface facing the external switches has the same ESI value?

As the ESI value needs to be the same on interfaces that face the same bridge domain?

thanks

Hello,

I have been reviewing the documentation for the Junos upgrade process of the EX4600 and to be honest it gets less clear each time I read it.  Specifically, I am looking at the nonstop-upgrade versus the in-service-upgrade process.  

Setup: in my situation the EX4600 will sit in a three member virtual chassis as our network core.  Two in the main server room, and one in a secondary location for redundancy.  Right now, the two in the main server room are RE and BK because they are directly attached via 40GB cable.  The third "LC" is connected via 2x10GB fiber to each to complete the loop.  Nearly all remote locations are connected via link aggreagation so I can lose one member at a time without issue.

My concern is that we are a small hospital and I need maximum uptime but also need to keep things current.  Which of the two upgrade options is best for this setup?  Also, if you see a problem with this setup feel free to voice it.  I would rather plan for problems now than react to them during an outage.

Thank you,

Todd

IS there any easy way to create VSTP in easy way? Look like I have to create VSTP for each vlan I have (around 40 vlans) in MDF and I have 7 IDFs so that would  be 8 places. I dont know if its license issue. 

Ideally would be creating VSTP for all vlans I have in one simple command. 

Thank You

Experts,

I have set up link aggregation AE21: 

aggregated-ether-options {
lacp {
active;
periodic fast;
}
}
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members all;
}
}
}

added port ge-2/0/21 & ge-2/0/22 but when I do sh int ae21 it says error: device ae21 not found however:

run show interfaces terse | match ae21 :
ge-2/0/21.0 up up aenet --> ae21.0
ge-2/0/22.0 up up aenet --> ae21.0

and:

ae20 up up 
ae21   ?   ?

I am missing something I know 

Dear Experts,

I have a few ex2200-c-12p-2g, few 3300, and few 4300 which is main MDF stack. 

ex2200: 12.3R12.4

ex4300: 14.1X53-D35.3

ex3300 12.3R12.4

Before I do anything I would like to find out the game plan for upgrading all IDFs and main MDF, and what impact upgrade would have. So far all is working ok. Should I just skipp it and dont even touch it? 

I plan upgrade first 2200 to 14.1X53-D40 but I noticed it says "JTAC Recommended release for this product is: 15.1R5" and see how it affects. Then 3300 and after some time the MDF virtual chasis including 4x4300 ex switches.

What about if I upgrade only one 2200ex to 14 or 15 and see the stability. Upgrading the one switch only affects that switch and configuratiion on it, so upgrading the testing switch would be great. I will be doing that first time on Juniper switches. My concern is that always new updates brings new problems and dont know what to expect if I upgrade all Juniper infrasturcture. 

Thank You for any advices. 

Hi All,

As per documentation regarding Cobranet discovery it just cun function using prior Layer 2 network. But in my design if Layer 3 with intervlan . So appreciate if someone here have share exprience regarding run Cobranet software using Juniper EX intervlan network.

Thanks

Hi

Can any one share knowledge over license required to activate Virtual chassis on EX 3300 ? i guess by default we can use 2 switches but for more i guess i need to buy license... but no sure which one...additionally, wouldnt it be better to go for 2300P-VC ? 

secondly, the deployment senario is like 4 switches at lcoation A, 3 switches at location B, 7 switches at location C and 2 switches at location D. do does it mean i will have buy master license for each master switch of each location and slave license for rest of the siwtches ? 

thanks in advance.

Hi

Is there any special poe requirements for this specific IP phones : Avaya E129 

Because lately we're facing a problem that only this kind of IP phones is going down .

It doesn't matter to which kind of EX device it is connected , we've tried EX2200-48p and 24p and doesn't matter to which version.

Also we've tried to upgrade the poe controller but doesn't help : request system firmware upgrade poe fpc-slot 0

Also we tried to configure : set poe interface<> maximum-power 4 .. after some calculations :

http://rapidtables.com/calc/electric/watt-volt-amp-calculator.htm

as the vendor requirements : https://www.avaya.com/en/documents/e129-sip-deskphone---sme7492.pdf

it says class 1 poe ..

as cisco explinations , it is up to 4 watts : http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/power_over_ethernet.pdf << page 16-2

Any advise would be appreciated !

So I've configured two 4200 into a virtual chassis with a preprovisioned config. Whenever I remote into the management ip for the master I will remain logged into the master for about 5mins before the session disconnects. When I remote back in after the disconnect using the same mgnt. IP I'm all of a sudden on the backup instead of the master and after 5mins again I get disconnected and log back in I'll be on the master. This continues on on on. My priorities on each switch is both 129. Any suggestions on whats going on?

Experts, I am including configuration from one of our switches and would like to get opinion the configuration is fine. 

version 12.3R12.4;
groups {
ezqos-voip {
class-of-service {
classifiers {
dscp ezqos-dscp-classifier {
import default;
forwarding-class ezqos-voice-fc {
loss-priority low code-points 101110;
}
forwarding-class ezqos-control-fc {
loss-priority low code-points [ 110000 011000 011010 111000 ];
}
forwarding-class ezqos-video-fc {
loss-priority low code-points 100010;
}
}
}
forwarding-classes {
class ezqos-best-effort queue-num 0;
class ezqos-video-fc queue-num 4;
class ezqos-voice-fc queue-num 7;
class ezqos-control-fc queue-num 5;
}
scheduler-maps {
ezqos-voip-sched-maps {
forwarding-class ezqos-voice-fc scheduler ezqos-voice-scheduler;
forwarding-class ezqos-control-fc scheduler ezqos-control-scheduler;
forwarding-class ezqos-video-fc scheduler ezqos-video-scheduler;
forwarding-class ezqos-best-effort scheduler ezqos-data-scheduler;
}
}
schedulers {
ezqos-voice-scheduler {
buffer-size percent 20;
priority strict-high;
}
ezqos-control-scheduler {
buffer-size percent 10;
priority strict-high;
}
ezqos-video-scheduler {
transmit-rate percent 70;
buffer-size percent 20;
priority low;
}
ezqos-data-scheduler {
transmit-rate percent 30;
buffer-size percent 50;
priority low;
}
}
}
}
}
apply-groups ezqos-voip;

class-of-service {
interfaces {
ge-* {
scheduler-map ezqos-voip-sched-maps;
unit * {
classifiers {
dscp ezqos-dscp-classifier;
}
}
}
}
}

family ethernet-switching {
filter classify-voip {
term classify-all {
then {
accept;
forwarding-class ezqos-voice-fc;
loss-priority low;
}
}
}
}

Before I had:

class ezqos-voice-fc queue-num 5;
class ezqos-control-fc queue-num 7;

But I was told this configuration:

class ezqos-voice-fc queue-num 7;
class ezqos-control-fc queue-num 5;  is correct. Thank You

Not sure how I should title this (C in S Tagging, double tagging, QinQ)?!

I have two switches which I have untagged ports with QinQ enabled on them, those switches take the taffic and each put them in their own VLAN (100 and 200).  Those go up to my core and need to get to another location with is across a 3rd party who will take just a single VLAN tag from me.  Is there a way within the Juniper EX4550 to take my two VLANS and put them within a new VLAN (300).  I could then hand them VLAN 300 they would perserve it and on the other side I would do the reverse and remove the 300 tag to get my 100 and 200 that I can then untag to the correct ports there. 

I have done similar with this by taking tagged traffic (VLAN 100) into a access port with another VLAN (300), repeat for other VLAN(s), and that way I have 100&200 inside 300 and can reverse on the other side.  I want to do this without burning physical ports!

Thoughts?

Thanks!

I am trying to setup a switch for testing and cannot figure out how to set the default gateway for the DHCP scope of 192.168.1.0/24

 I need to be able to connect several laptops to the switch. The interface ge-0/0/0 is going to a cable modem with 5 static IPs.

I get an address of 192.168.1.50 on my laptop without a gateway in the properties.

set version 12.3R8.7
set system host-name 
set system root-authentication encrypted-password "secret"
set system name-server 65.32.1.65
set system name-server 65.32.1.70
set system services ssh protocol-version v2
set system services telnet
set system services netconf ssh
set system services web-management http
set system services dhcp traceoptions file dhcp_logfile
set system services dhcp traceoptions level all
set system services dhcp traceoptions flag all
set system services dhcp pool 192.168.1.0/24 address-range low 192.168.1.50
set system services dhcp pool 192.168.1.0/24 address-range high 192.168.1.100
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set chassis auto-image-upgrade
set interfaces ge-0/0/0 unit 0 family inet address 75.112.50.226/29
set interfaces ge-0/0/1 unit 0 family ethernet-switching
set interfaces ge-0/0/2 unit 0 family ethernet-switching
set interfaces ge-0/0/3 unit 0 family ethernet-switching
set interfaces ge-0/0/4 unit 0 family ethernet-switching
set interfaces ge-0/0/5 unit 0 family ethernet-switching
set interfaces ge-0/0/6 unit 0 family ethernet-switching
set interfaces ge-0/0/7 unit 0 family ethernet-switching
set interfaces ge-0/0/8 unit 0 family ethernet-switching
set interfaces ge-0/0/9 unit 0 family ethernet-switching
set interfaces ge-0/0/10 unit 0 family ethernet-switching
set interfaces ge-0/0/11 unit 0 family ethernet-switching
set interfaces ge-0/0/12 unit 0 family ethernet-switching
set interfaces ge-0/0/13 unit 0 family ethernet-switching
set interfaces ge-0/0/14 unit 0 family ethernet-switching
set interfaces ge-0/0/15 unit 0 family ethernet-switching
set interfaces ge-0/0/16 unit 0 family ethernet-switching
set interfaces ge-0/0/17 unit 0 family ethernet-switching
set interfaces ge-0/0/18 unit 0 family ethernet-switching
set interfaces ge-0/0/19 unit 0 family ethernet-switching
set interfaces ge-0/0/20 unit 0 family ethernet-switching
set interfaces ge-0/0/21 unit 0 family ethernet-switching
set interfaces ge-0/0/22 unit 0 family ethernet-switching
set interfaces ge-0/0/23 unit 0 family ethernet-switching
set interfaces ge-0/0/24 unit 0 family ethernet-switching
set interfaces ge-0/0/25 unit 0 family ethernet-switching
set interfaces ge-0/0/26 unit 0 family ethernet-switching
set interfaces ge-0/0/27 unit 0 family ethernet-switching
set interfaces ge-0/0/28 unit 0 family ethernet-switching
set interfaces ge-0/0/29 unit 0 family ethernet-switching
set interfaces ge-0/0/30 unit 0 family ethernet-switching
set interfaces ge-0/0/31 unit 0 family ethernet-switching
set interfaces ge-0/0/32 unit 0 family ethernet-switching
set interfaces ge-0/0/33 unit 0 family ethernet-switching
set interfaces ge-0/0/34 unit 0 family ethernet-switching
set interfaces ge-0/0/35 unit 0 family ethernet-switching
set interfaces ge-0/0/36 unit 0 family ethernet-switching
set interfaces ge-0/0/37 unit 0 family ethernet-switching
set interfaces ge-0/0/38 unit 0 family ethernet-switching
set interfaces ge-0/0/39 unit 0 family ethernet-switching
set interfaces ge-0/0/40 unit 0 family ethernet-switching
set interfaces ge-0/0/41 unit 0 family ethernet-switching
set interfaces ge-0/0/42 unit 0 family ethernet-switching
set interfaces ge-0/0/43 unit 0 family ethernet-switching
set interfaces ge-0/0/44 unit 0 family ethernet-switching
set interfaces ge-0/0/45 unit 0 family ethernet-switching
set interfaces ge-0/0/46 unit 0 family ethernet-switching
set interfaces ge-0/0/47 unit 0 family ethernet-switching
set interfaces ge-0/1/0 unit 0 family ethernet-switching
set interfaces ge-0/1/1 unit 0 family ethernet-switching
set interfaces ge-0/1/2 unit 0 family ethernet-switching
set interfaces ge-0/1/3 unit 0 family ethernet-switching
set interfaces vlan unit 0 family inet address 192.168.1.1/24
set routing-options static route 0.0.0.0/0 next-hop 75.112.50.225
set protocols igmp-snooping vlan all
set protocols rstp
set protocols lldp interface all
set protocols lldp-med interface all
set ethernet-switching-options storm-control interface all
set vlans default l3-interface vlan.0

Hi all,

I see high CPU caused by mcsnoopd on one of our switches:

user@switch> show system processes extensive | no-more
last pid: 92838;  load averages:  1.40,  1.65,  1.70  up 1192+05:09:40    14:09:15
135 processes: 5 running, 110 sleeping, 20 waiting

Mem: 347M Active, 69M Inact, 74M Wired, 64M Cache, 110M Buf, 426M Free
Swap:

  PID USERNAME        THR PRI NICE   SIZE    RES STATE    TIME   WCPU COMMAND
 1152 root              1 131    0  7976K  4312K RUN     47.0H 63.87% mcsnoopd
 1106 root              2   8  -88 70808K 17552K nanslp 586.0H 28.27% sfid
 1108 root              1   8    0 85512K 30632K nanslp 1175.8  1.12% pfem
   11 root              1 171   52     0K    16K RUN       ???  0.00% idle

I think to remember that IPv6 mc is punted to CPU, so I configured the following Filter:

set interfaces lo0 unit 0 family inet6 filter input re-protect-inet6
set firewall family inet6 filter re-protect-inet6 term deny-all then count inet6-to-be-denied
set firewall family inet6 filter re-protect-inet6 term deny-all then discard

and now things are looking much better:

user@switch> show system processes extensive | no-more
last pid: 93234;  load averages:  0.20,  0.06,  0.18  up 1192+05:53:25    14:53:00
135 processes: 6 running, 109 sleeping, 20 waiting

Mem: 347M Active, 69M Inact, 75M Wired, 64M Cache, 110M Buf, 426M Free
Swap:

  PID USERNAME        THR PRI NICE   SIZE    RES STATE    TIME   WCPU COMMAND
   11 root              1 171   52     0K    16K RUN       ??? 94.97% idle
 1108 root              1  96    0 85512K 30876K RUN    1175.8  0.93% pfem
 1106 root              2  44  -52 70808K 17552K select 586.0H  0.05% sfid
 1105 root              1   4    0 17592K 10992K kqread 503.0H  0.00% chassism

Question:

1) Does it still true that IPv6 multicast traffic is punted to CPU on EX4200 with newer Junos versions (I'm currently still using 12.1)?

2) Any other way to prevent high cpu in this case (besides disabling igmp snooping completely)?

Thx,

Stefan

I just wanted to let the community know about issues that occur with EX2200 switches running the 15.1Rx Junos versions.

The upgrade from 12.3 to 15.1.R1 worked well and just as expected while each further 15.1 release we upgraded to (also the recent R4 to R5) caused major stability issues with many of the switches.

We tracked down several aspects so far:

- When you copy a new software package to the switch you will already see the switches memory jump well over 75-80% consumed. At that step we did not observe any other problems. However that consumed memory is not going to be cleared once the file has been transferred.

- If you continue and issue the 'request system software add..' for the package the switch is going to consume the remaining memory up to 100% and also 100% CPU load. What you can expect at that point is STP loops, unavailability of that switch and every related subnets caused the loop..

- Doing the copy and upgrade in one command e.g. with 'request system software add http://someserver/jinstall... reboot' will lead to the same issue.

We had few switches where the upgrade made it through to the switch reboot after which the device was up with the new software but the majority of 2200's just fail in operation.

The only workaround we found so far is to copy over the upgrade files to /var/tmp and do a reboot before actually installing the upgrade.

I assume this is also happening on other platforms but had no time to verify it until now as well as opening one more JTAC case.. other platforms like the EX3300 work however which I think is just the case as they got more RAM than the 2200 (512MB).

Hope this will save some of you from problems

Hello everyone,

I have two VLANS configured. I would like to allow clients from one VLAN to only be able to access one machine on a different VLAN. I don't want clients to be able to get to anyother IP on that network. Right now both VLANs can reach all clients on the other's VLAN.

I am new to firewall filters and I know this is wrong, but this is what I came up with so far:

set family inet filter BLOCK term TERM1 from source-address 192.168.10.0/24
set family inet filter BLOCK term TERM1 from destination-address 192.168.11.5/24
set family inet filter BLOCK term TERM1 then accept
set family inet filter BLOCK term TERM2 from source-address 192.168.10.0/24
set family inet filter BLOCK term TERM2 from destination-address 192.168.11.0/24
set family inet filter BLOCK term TERM2 then block
set family inet filter BLOCKI term TERM3 then accept

Thanks for your help.

Hi,

we have 2 qfx that are synced and being monitored by junos space network director, is the network director capable to recieved syslog from  qfx? thanks