Hi All,

May i know whether someone have facing problem same like me that normal port sudenly change to VC-PORT on EX3300-VC as per below log?

{master:0}
test@test> show virtual-chassis vc-port
fpc0:
--------------------------------------------------------------------------
Interface   Type              Trunk  Status       Speed        Neighbor
or                             ID                 (mbps)       ID  Interface
PIC / Port
0/20        Auto-Configured    -1    Up           1000
1/2         Configured          5    Up           10000        1   vcp-255/1/2
1/3         Configured          5    Up           10000        1   vcp-255/1/3

fpc1:
--------------------------------------------------------------------------
Interface   Type              Trunk  Status       Speed        Neighbor
or                             ID                 (mbps)       ID  Interface
PIC / Port
0/18        Auto-Configured    -1    Down         1000
1/2         Configured          5    Up           10000        0   vcp-255/1/2
1/3         Configured          5    Up           10000        0   vcp-255/1/3

Thanks and appreciate someone feedback

Hi,

When i enter "sh vlans" on an EX3300 switch with 12.2R10.2 it says "error: the ethernet-switching subsystem is not responding to management requests" as answer.

I will be so glad if someone knows about this issue.. Thanks  in advance.

Hi

I need to replace my ex switch with QFX5100. All the DHCP configuration onEX switch is replicated to QFX5100. The only command i am unable to find in QFX is DHCP exclude-address command. Can anyone help. The EX command is as below.

set system services dhcp pool 10.121.71.128/25 exclude-address 10.121.71.232

Regards

Tayyab

Hello,

we have EX4550 standalone running 12.3, juniper is recommanded 15.1

is it possible to upgrade directly from 12.3 to 15.1 ? or we need intermediaire version.

Note that from juniper upgrade policies, we can upgrade directy from EEOL version to next two EEOL releases.

As my understanding we can upgrade from Junos 12.3 (that is EEOL release) to 14.1 (that is the next two EEOL release), even from 14.1 we need to go through 14.2 before reach 15.1

Do someone had been done already this upgrade, what is the exact path to follow.

Thanks for you support.

I have several questions in regards to setting the root bridge priority properly.  We have a our corp HQ office that is running a ex4200VC at the core.  We have 15 addition IDF switches in our building. My topology for each IDF is 2GB LACP fiber LAG's connecting all IDF switches from all floors in all buildings back to our core switch. All switches are Juniper either EX2200 or EX4200. No routers or firewalls between any of them. i noticed when looking at our switches that when i ran the command below on the core my root ID was not for the core switch.

root@MDF1-SW1-EB1F> show spanning-tree bridge

STP bridge parameters

Context ID                          : 0

Enabled protocol                    : RSTP

  Root ID                           : 28672.b8:e9:37:04:5a:84

  Root cost                         : 210000

  Root port                         : ae5.0

  Hello time                        : 2 seconds

  Maximum age                       : 6 seconds

  Forward delay                     : 4 seconds

  Message age                       : 2

  Number of topology changes        : 10645

  Time since last topology change   : 592 seconds

  Topology change initiator         : ae5.0

  Topology change last recvd. from  : 84:18:88:a8:cb:83

  Local parameters

    Bridge ID                       : 32768.5c:5e:ab:66:a2:01

    Extended system ID              : 0

    Internal instance ID            : 0

upon further investigating it was determined that a sonos boost wireless extender on our network is acting as the root bridge.  We have the sonos speakers and boost on our network for different design studios.  currently i have about 20 speakers total spread throughout three buildngs.  That number is going to grow some more here.  We were having a slow speed issue in one area of our LAN.  after months of troubleshooting, testing computers, network, network cabling, speakers, printing, phones, switches, it was deteremined that we had some significan signal loss with our 1gb fiber trunks.  in that area we had 4 sonos speakers, but removed them during the troubleshooting phase. one thing we noticed when they were connecting using the ethernet wire was that you could only connect 2 speakers. if you tried to connect three it would cause the music to be glitchy and not work.

So i am trying to setup all of my switches to play nice with the sonos and vice versa to make the network work properly. 

1. By setting the bridge priority to 0 on the core will that be disruptive at all to the network? will that also require a reboot to take affect, or does the negotiation notice the change after commit and adjust accordingly?
2. Is it best practice to leave all other remaining IDF switches at their default value 32,768 or should i also set maybe one additional one at 4096 so if the core goes down that one will be elected as root bridge in the interim?
3. Because i have multiple VLANS (21 currently) on the network i saw there are several ways to set the bridge-priority based on the Juniper KB article below and what protocol to assign it on. Unless i am not seeing, thinking, or understandingsomething, i would want my core switch for all vlans to always be the root bridge, or is there some reason not to? My topology has 2GB LACP LAG's connecting all IDF switches from all floors in all buildings back to our core switch. All switches are Juniper either EX2200 or EX4200. No routers or firewalls between any of them.
4. will set the sonos boost bridge id to a higher value as well.
5. Has anyone else had to configure Sonos speakers on their network. Are there any other changes that need to be made at the core/MDF, IDF, or interface level to make them all work besides the root bridge

Since i have RSTP enabled based on the output above would i navigate to

#edit protocols rstp

[edit protocols rstp]#set bridge-priority 0

or would i do it a the STP protocol?

Juniper KB article

https://www.juniper.net/documentation/en_US/junos12.3/topics/reference/configuration-statement/bridge-priority-spanning-trees-ex-series.html

bridge-priority (Spanning Trees)

Syntax

bridge-priority priority;

Hierarchy Level

[edit protocols mstp],

[edit protocols mstp msti msti-id],

[edit protocols rstp],

[edit protocols stp],

[edit protocols vstp vlan vlan-id]

Release Information

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Statement updated in Junos OS Release 9.4 for EX Series switches to add VSTP support.

Description

Configure the bridge priority. The bridge priority determines which bridge is elected as the root bridge. If two bridges have the same path cost to the root bridge, the bridge priority determines which bridge becomes the designated bridge for a LAN segment.

Default

32,768

Options

priority—Bridge priority. It can be set only in increments of 4096.

Range: 0 through 61,440

Default: 32,768

Required Privilege Level

routing—To view this statement in the configuration.

routing-control—To add this statement to the configuration.

Hi all,

I have been doing some studying for Juniper exams and decided to check out the vQFX vm . I have set it up on KVM, as opposed to virtuabox. I understand it is not a supported configuration but for the last week it has been helpful for labbing up exercises. I have written a post here vQFX10k on KVM if anyone has some spare KVM cpu cycles and memory and wants to give it a bash.

Philip

hi gents,

     did anyone try configuring a virtual chassis qfx5100 devices for sflow towards a junos space log collector?

     heres my sampling rate .. any thoughts?

set protocols sflow polling-interval 20
set protocols sflow sample-rate ingress 2048
set protocols sflow sample-rate egress 2048
set protocols sflow collector 1.1.1.1 udp-port 5000
set protocols sflow collector 2.2.2.2 udp-port 5000

my junos space doesnt collect such sflows. im thinkin about some settings on the junos space.

thanks

Hello fellow Juniperians.

I bought an ex4600 with a standard 24sfp+ ports. This hardware also have 4*40Gbit qsfp. This ports are able to connect breakout cables.

My question is. Can those breakout cables have 10Gbit copper in it, or is it just fixed sfp+ fiber?

What alternatives do I have for copper in the ex4600 if the breakout cables doesnt work? 

Hi everyone,

I can't figure out how to do this.

We're expanding our network one of our sites, and have bought an additional 3 EX2200 switches to the existing 2 that's setup in a Virtual Chassis.

The plan is to have one of the switches on a new rack that will contain all the servers, and the other four act as access switches to the workstations. Now I just realized that the virtual chassis for ex2200 max out at 4 units, and I can't add the other switch on the server rack.

So instead, I'm planning to do LACP (802.3ad) on the rack switch, to the virtual chassis. But I want the link between the two to be a VLAN trunk, so I can still use the switch on the server rack on the same VLAN as the one in the VC. Please take note of the LACP interfaces are across different member switches (all port 46). 

The thing is, I can't seem to set this up properly. Access switch ports 0/0/46 and 1/0/46 are LACPd to connect to the server switch 0/0/46 and 0/0/47 respectively. I connected access switch ports 0/0/1 (Server VLAN), and another on server swtich ports 0/0/1 (Server VLAN). I got the LACPs up and running, but switching for the workstations on the SERVER vlan won't talk to each other. 

Config (redacted some parts) is as follows:

# JEX-SWITCH (Access switch Virtual Chassis)

chassis {

  aggregated-devices {

    ethernet {

      device-count 5;

    }

  }

}

interfaces {

  ge-0/0/0 {

    unit 0 {

      family ethernet-switching {

        vlan {

          members PHASE-1;

        }

      }

    }

  }

  ge-0/0/1 {

    unit 0 {

      family ethernet-switching {

        vlan {

          members SERVERS;

        }

      }

    }

  }

  ge-0/0/46 {

    ether-options {

      802.3ad ae0;

    }

  }

  ge-1/0/46 {

    ether-options {

      802.3ad ae0;

    }

  }

  ae0 {

    aggregated-ether-options {

      lacp {

        active;

      }

    }

    unit 0 {

      family ethernet-switching {

        port-mode trunk;

        vlan {

          members [ PHASE-1 SERVERS default ];

        }

      }

    }

  }

  vlans {

    unit 0 {

      family inet {

        address 10.0.0.2/24;

      }

    }

    unit 21 {

      family inet {

        address 10.0.21.1/24;

      }

    }

    unit 101 {

      family inet {

        address 10.0.101.1/24;

      }

    }

  }

}

virtual-chassis {

  preprovisioned;

  member 0 ...

  member 1 ...

  member 3 ...

  member 4 ...

}

vlans {

  PHASE-1 {

    vlan-id 21;

    l3-interface vlan.21;

  }

  SERVERS {

    vlan-id 101;

    l3-interface vlan.101;

  }

  default {

    vlan-id 0;

  }

}

---------------------------------------------------------

# SERVER-SWITCH

chassis {

  aggregated-devices {

    ethernet {

      device-count 5;

    }

  }

}

interfaces {

  ge-0/0/0 {

    unit 0 {

      family ethernet-switching {

        vlan {

          members PHASE-1;

        }

      }

    }

  }

  ge-0/0/1 {

    unit 0 {

      family ethernet-switching {

        vlan {

          members SERVERS;

        }

      }

    }

  }

  ge-0/0/46 {

    ether-options {

      802.3ad ae0;

    }

  }

  ge-0/0/47 {

    ether-options {

      802.3ad ae0;

    }

  }

  ae0 {

    aggregated-ether-options {

      lacp {

        active;

      }

    }

    unit 0 {

      family ethernet-switching {

        port-mode trunk;

        vlan {

          members [ PHASE-1 SERVERS default ];

        }

      }

    }

  }

  vlans {

    unit 0 {

      family inet {

        address 10.0.0.3/24;

      }

    }

    unit 101 {

      family inet {

        address 10.0.101.2/24;

      }

    }

  }

}

vlans {

  PHASE-1 {

    vlan-id 21;

    l3-interface vlan.21;

  }

  SERVERS {

    vlan-id 101;

    l3-interface vlan.101;

  }

  default {

    vlan-id 0;

  }

}

Experts, Just started noticing message:

 ESWD_ST_CTL_ERROR_IN_EFFECT: ae0.0: storm control in effect on the port 

ae0 is a trunk port to another switch,  but show configuration ethernet-switching-options shows:

voip {
interface ge-0/0/3.0 {
vlan 80;
forwarding-class ezqos-voice-fc;
}
interface ge-0/0/6.0 {
vlan 80;
forwarding-class ezqos-voice-fc;
}
interface ge-0/0/8.0 {
vlan 80;
forwarding-class ezqos-voice-fc;
}
interface ge-0/0/9.0 {
vlan 80;
forwarding-class ezqos-voice-fc;
}
interface ge-0/0/0.0 {
vlan v80-voice;
}
interface ge-0/0/10.0 {
vlan 80;
forwarding-class ezqos-voice-fc;
}
}
storm-control {
interface all;
}

Experts,

I have started seeing these messages:

Jan 12 13:40:00 MDF fpc3 [EX-BCM PIC] ex_bcm_linkscan_handler: Link 46 UP
 Jan 12 13:39:58 MDF fpc3 [EX-BCM PIC] ex_bcm_linkscan_handler: Link 46 DOWN

as errors Thank You

Hi All,

I'm a Juniper n00b, so bare with me.

I'm setting up inband management and unable to hit the mgmt interface (am connected to the switch directly)

.

I've assigned an IP to a new MGMT vlan;
set interface vlan.10 family inet address 10.255.127.230
set vlan mgmt l3-interface vlan.10
set system services web-management http interface vlan.10

Unsure what is missing here.
Attached is config.

Any help appreciated.

Hi,

We currently have a pair of Juniper EX4200-48T (JunOS 12.3R12.4) running as separate Core LAN Switches, not stacked. They’re both configured essentially the same except for different IP / VRRP addresses.  They have the Default routing-instance plus an additional routing-instance named Corporate and is of type virtual-router.  The Default routing-instance has one RVI and a static default route.  The Corporate routing-instance has several RVIs and is running OSPF plus a different static default route.

We have encountered an odd, intermittent problem in which some packets arriving on a Corporate VLAN that should be exiting on a different Corporate VLAN (IP route exists) are actually exiting the 4200 through the RVI/VLAN in the Default routing-instance..

To further confuse this, the packet source MAC address DOES NOT CHANGE as it transits the switch. The destination MAC address changes to the default router’s MAC address for the Default routing-instance.  As expected the source and destination IP addresses do not change through the switch.

We have Wiresharked the ingress and egress interfaces and this is definitely happening within the EX4200. It appears that the packet is “leaking” to the wrong routing-instance VLAN.

Has anyone seen this before or have any ideas what could be causing this?

Thank you for your time. Larry

Hi all, 

I am testing lab as the diagram show below: 
The PC A transmit packet to PC B via switch with running vlan 99 and firewall SRX running transparent mode. 
I have tested with EX 3200 switch and SRX210 firewall. 

The goal of a test is traffic flow between PC A and PC B like the red line. 
So I used command "firewall family ethernet-switching filter" in EX 3200 switch with options then is "interface" in order to force traffic go to srx transparent but it doesn't work

root@ex3200-1# set firewall family ethernet-switching filter FWF1 term T10 then ?

interface Switch traffic to the specified interface by-passing switching lookup - (Ingress only)

The traffic flow run directly from PC A to PC B not go through srx transparent mode
I have tested ping and add firewall family ethernet-switching filter count and monitor interface in switch for verifying 

Anybody can help me to solve this problem. 

Thanks

Hello,

first of all, I cannot open a JTAC case to report this issue.

I hope the following problem report still makes it to the support department, so this can be fixed.

I noticed on EX3300 (12.3R12.4) and at least EX4550 (13.2X51-D35.3) platforms as well, that in specific situations some MAC addresses are either forgotten, never learned or the hosts are suffering from a high latency.

Some days ago I experienced some strange issue in a layer 2 network, when one specific host was not pingable in one rack, but if the host was started in another rack everything worked fine. The VLAN and port configuration was identical.

When debugging this problem, I noticed that at the ToR switch where the host did not work, the command show ethernet-switching mac-learning-log showed a "learn" of the MAC address followed by an immediate "delete".

Okay, so probably the MAC table was saturated for this specific MAC hash? and the MAC address could not be learned. I increased mac-lookup-length from default to 8 and the host immediately sent replies to my pings. Great. If the pings would have been low, I would have been happy, but actually I had about 30% packet loss and the latency was at about 180 ms.

Finally the problem was solved by removing the configuration part:

ethernet-switching-options secure-access-port mac-move-limit 2 action log

I had issues with ethernet-switching-options secure-access-port mac-move-limit X action log some while ago, so I gave this a shot. To me it seems like mac-move-limit produces issues for some MAC addresses at least when used together with an increased mac-lookup-length. Clearing the affected MAC address on the switch did not bring any help by the way.

Kind Regards,

Leon Kramer

Hi

Im having issues setting up MC LAG on a pair of ex4600 with the recommended release code D40.

I have the following topology:

link xe-0/0/23 is used exclusively for the ICCP traffic

and ae0 is the ICL for the data plane.

from ex4600 PE1 on left side

[ multi-chassis ]
multi-chassis-protection 10.1.1.2 {
    interface ae0;
}

[interfaces irb ]
arp-l2-validate;
unit 3999 {
    family inet {
        address 10.1.1.1/30;
    }
}

[interfaces ae0]
description "EtherChannel between ex4600 ICL";
mtu 9216;
aggregated-ether-options {
    link-speed 10g;
}
unit 0 {
    family ethernet-switching {
        interface-mode trunk;
        vlan {
            members [ 10-16 18 20 30 40 50-51 55 60-65 70 80-83 90-91 100 111 114 117 120 123 150-151 279 350 1000 ];
        }
    }
}

[ interfaces xe-0/0/23 ]
description "ICCP Link to ex4600 xe-0/0/23";
mtu 9216;
unit 0 {
    family ethernet-switching {
        interface-mode trunk;
        vlan {
            members ICCP-Vlan;
        }
    }
}


[edit interfaces ae6]
description "EtherChannel to vca-l2oob-02";
mtu 9216;
aggregated-ether-options {
 lacp {
   active;
   periodic fast;
   system-id 00:00:00:00:00:06;
   admin-key 6;
 }
 mc-ae {
   mc-ae-id 6;
   chassis-id 0;
   mode active-active;
   status-control active;
 }
}
unit 0 {
 family ethernet-switching {
   interface-mode trunk;
     vlan {
       members [ 10-16 18 20 30 40 50-51 55 60-65 70 80-83 90-91 100 111 114 117 120 123 150-151 279 350 999-1000 ];
     }
   }
}

I originally had the multi-chassis protection link as xe-0/0/23.

When I connect the client with both links, everything looks ok but I am getting traffic looping.

the iccp is established and the show interface mc-ae showed the ae6 up-up on both peers

and errors like:

Jan 17 00:21:19  rtaggtmp01 l2ald[1735]: L2ALD_FREE_MAC_FAILED: ERROR:FwdE:0x9bffd00 EFlag:0x1802101f RGID:0001  AEID:0006  SERVICE-ID:01 UNIT:00 PEERID:16843018MAC: 08:5b:0e:72:4d:ae moved: already in RMAC List
Jan 17 00:21:21  rtaggtmp01 l2ald[1735]: L2ALD_FREE_MAC_FAILED: ERROR:FwdE:0x9c22000 EFlag:0x1802101f RGID:0001  AEID:0006  SERVICE-ID:01 UNIT:00 PEERID:16843018MAC: 08:5b:0e:78:23:bc moved: already in RMAC List
Jan 17 00:21:40  rtaggtmp01 l2ald[1735]: L2ALD_FREE_MAC_FAILED: ERROR:FwdE:0x9c1c100 EFlag:0x1802101f RGID:0001  AEID:0006  SERVICE-ID:01 UNIT:00 PEERID:16843018MAC: 08:5b:0e:72:4d:ae moved: already in RMAC List

Reading docs last night it states that the protection link should be the ICL, Which I understand to be the ae0 interface.

thus indicated in the code above.

I shutdown the interface on second ex4600 towards the client

then enabled mc-ae on the ae6 on primary ex4600.

the first ex4600 complains that protection link is not configured.

so questions are:

1.  Which link should be the multi-chassis protection link, the ICCP link xe-0/0/23 or the ICL ae0?

2.  As this client is not ONLY attached to the ex4600 pair , there are other devices connected in and there is currently RSTP running correctly in the network, what if anything needs to be done?  I saw some comments about having to set the bridge ID to be the same on both mc-lag boxes.

3.  Is anything else wrong with the config?

thanks

Hi,

We are looking at the possibility to use port mirroring on EX3300 switches to analyze the traffic passing through the device. The current idea is to do this mirroring permanently as a way to do real-time monitoring on the network traffic and conditions. A few questions come to mind:

• In a virtual chassis, does the traffic entering the virtual chassis on another switch than the one with the analyzer port get mirrored?
• Can we expect any performance degradation on the switches assuming that we only mirror a select number of VLANs?
• Is there anything else we should be wary about?

Thanks a lot to the community for any feedback.

Hello,

is there a way to tunnel traffic between two ports on the same EX4200 switch, so that switch won't care about packet content, won't learn MAC addresses, etc?

I'm used to do this between two switches using MPLS CCC tunneling, but I can't figure out how to configure MPLS CCC tunnel between two ports on the same switch. Or is there some other protocol/technology to achieve this?

Please help me a bit

Thank you for your time

My customer create 1 VC group of 4 EX2200
When my customer want to config some object, he can not commit
here is output error
itcview@SWL2-141LD-STACK01# commit confirmed 2
configuration check succeeds
fpc0:
error: could not copy to juniper.save+
fpc1:
error: remote commit-configuration failed on fpc0
commit confirmed will be automatically rolled back in 2 minutes unless confirmed
fpc2:
commit complete
commit confirmed will be automatically rolled back in 2 minutes unless confirmed
fpc3:
commit complete
fpc1:
error: commit failed


I try to upgrade to version 15.1R5.5, but still the same
I see the var/rundb is full

please help me

Hi all,

May i know whether someone has exprience the CPU Utilization suddenly 100% due to GRES on EX3300 8 VC member. I'm already open case but JTAC still iventigate it. Already reboot master and backup RE but still same issue.

Thanks