We are upgrading our environment to from EX4200s to EX4300s, essentially a 1:1 swap out. Are the configurations between the models compatable if I copy it directly over? Any gotchas' to look out for?
↧
EX4300 Config
↧
EX9200 MC-LAG Failover Recovery Times
Hello All,
I would appreciate any answers to gain some sort of consensus for my current situation. I currently have two EX9204 chassis configured in an MC-LAG along with VRRP and when simulating a failover situation by rebooting any one of the members, I experience a network disruption somewhere in the realm of 20 seconds before connectivity resumes internally and externally. What I mean by that is multi homed nodes (switches and servers) connected directly to the MC-LAG and external nodes upstream from the EX9204 switches.
I’ve been working with support for the past month and we have not been able to reduce this recovery time. What I’m trying to find out is if everyone else believes this is expected behavior from this platform? Our company went with this platform and are anxious to put this in production to replace antiquated equipment from another vendor and although 20 seconds is not a lot of time, but this failover and recovery period is somewhat unacceptable in my opinion if it were to ever happen during business hours.
Please, anyone, inform me of your experiences, guidance, and/or opinions. Thanks!
↧
↧
QFX5100-48S Virtual Chassis on SFP+ port with 80 KM ZR SFP+
Hi
Can anyone confirm if i can make QFX5100-48S virtual chassis using 10G SFP+ port. The SFP+ will be ZR with distance upto 80 KM. Any concerns for latency on that.
regards
Tayyab
↧
EX4300 Virtual Chassis Problems
Hi Everyone,
I'm trying to figure out why my virtual chassis is not linking with other switches.
Before I installed them, I had everything configured correctly and was working properly.
Here is what I have:
All ex4300 switches (7 in total).
All QSFP's are JNP-QSFP-40G-LR4's.
0.0 is core switch. All other #.0 link to 0.0. All #.1's link to #.0 (same room).
SMF is used to link all #.0's to 0.0
All #.0 <-> #.1, and 0.0 <-> 2.0, runs are using the QFX-QSFP-DAC-3M Direct Attach Cable.
0.0 and 2.0 are Routing Engines (2.0 is backup). All other switches are line cards.
VC is preprovisioned.
I did just turn on No-split detection on the master. Had to take down backup and it caused the master to stop working.
It looks like this:
0.0 SMF 1.0
0.0 DAC 2.0
0.0 SMF 3.0 DAC 3.1
0.0 SMF 4.0 DAC 4.1
The longest run, to 4.0, being 200-300ft.
What is working:
0.0 <-> 2.0 (But it uses the direct attach Cable).
I talked to my fiber installer and the fiber was certified before he left. I've tried different patch cables. Nothing.
He did say to change the polarity but not sure how to do that...
Any help would be appreciated.
↧
Install Software from ftp as "non root"
Hi Community,
we want a user to be able to install JunOS Updated via ftp.
However when copying the files from ftp to /var/tmp/ the Switch stores the image in the /home/user folder before copying it to /var/tmp - resulting in the home-directory being too small...
When using the copy as root-user the file is sent directly to /var/tmp/.
Is it possible to change the behavior of the Switch so that it puts the file straight to /var/tmp without storing it in /home/user first?
↧
↧
Unable to activate DHCP on EX3300 switch
Hello,
I have been trying to setup a DHCP server on an EX3300 switch, I have been following (https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/dhcp-server-cli-els.html). I even tried to paste the examples in and I was unable to get it to work. Am i following the correct instructions? The EX330 is on firmware --- JUNOS 12.3R6.6 built 2014-03-13 06:57:48 UTC
Thank you,
Michael
↧
DHCP-Relay + firewall on interface
Hi All,
I have configured a DHCP-Relay on my EX9200 switch (off topic: **bleep** Juniper made this complex)
Everything works fine but as soon as place an input firewall on the interface where the client is, it breaks.
I have configured a permit but the dhcp request packets do not seem to reach the routing engine.
term allow_dhcp {
from {
source-address {
0.0.0.0/32;
}
destination-address {
255.255.255.255/32;
}
protocol udp;
source-port bootpc;
destination-port bootps;
}
then accept;
I have tried this term in many formats. Intially i only had source-port and destination-port but that didn't work either.
As soon as i deactivate the input filter it works fine.
I sniffed the request packet and confirms everything.
Source: 0.0.0.0 (0.0.0.0) Destination: 255.255.255.255 (255.255.255.255) User Datagram Protocol, Src Port: bootpc (68), Dst Port: bootps (67)
I don't have a clue why this doenst work. Anyone a pointer for me?
↧
vQFX on VMware Fusion - RE won't boot
Hi,
I have downloaded and successfully deployed the PFE and RE for the vQFX using vagrant and virtual box. However, as I run most of my other VMs in VMware Fusion, I have tried exporting the VMs as OVAs and importing them into VMware. The PFE boots fine, but the RE gets stuck at:
Loading /boot/loader BTX loader 1.00 BTX version is 1.02
I also tried downloading the VMDKs and creating the VMs myself, as well as just downloading the vagrant BOX images, manually editing the OVAs as per the instructions found here - https://twitter.com/aleon9191/status/807249151989874688/photo/1 But, alas, no luck. The RE always get stuck at the boot loader.
Thoughts?
Rgds,
Brett.
↧
EX4300 Port Security - MAC Limiting (Allowed MAC) & ELS
I'm a new to Juniper devices and so please tell me if I'm being an idiot. I'm trying to configure an EX4300 switch with an allowed-mac list to limit what devices can connect. This appeared to be quite straightforward according to these;
https://kb.juniper.net/InfoCenter/index?page=content&id=KB10866
http://www.juniper.net/documentation/en_US/junos10.2/topics/task/configuration/port-security-cli.html
However ethernet-switching-options appears to have been deprecated (?) and replaced with switch-options but there doesn't appear to be an allowed-mac equivalent.
Having looked at this pdf;
It appears that in Chapter 6 : Configuring MAC Limiting it doesn't reference configuring an allowed mac list via the CLI, only via the J-Web interface. I don't have the luxury of the latter right now and so need to do this via the CLI.
Does anybody know how to do this either via the CLI or what the exported config should look like? Of course maybe I've completely missinterpreted this so feel free to flag that as well.
Any help would be appreciated.
↧
↧
How to configure VLAN-class-map and Rewrite input and Output Queuing on EX4550.
Hello Support.
I would like to do the following configuration on EX4550 connect with Catalyst Switch.
[topology]
(VLAN10) ge-0/0/1--EX4550--ge-0/0/10---(Trunk)---Gi1/0/10--Cat3850--Gi1/0/1(VLAN10)
(VLAN20) ge-0/0/2-- Gi1/0/2(VLAN20)
The cisco catalyst switch can do the following feature but EX4550 is unknown.
So I appreciate if you can let me know how to configure the follwoing feature.
1. VLAN-Classification (Input)
2. Rewrite base on VLAN-id to CoS (Input)
3. Queuing based on bandwidhgt ration (Output)
The cisco configurattion is following, I would like to do vice versa.
##### VLAN-Classification and Reqirte #####
class-map match-any VLAN_20
match vlan 20
class-map match-any VLAN_10
match vlan 10
policy-map VLAN-MARKING
class VLAN_20
set cos 2
class VLAN_10
set cos 1
!
interface GigabitEthernet1/0/1
switchport access vlan 10
switchport mode access
service-policy input VLAN-MARKING
!
interface GigabitEthernet1/0/2
switchport access vlan 20
switchport mode access
service-policy input VLAN-MARKING
##### Queuing based on CoS Value #####
class-map match-any COS2
match cos 2
class-map match-any COS1
match cos 1
!
policy-map QOS
class COS1
bandwidth percent 70
class COS2
bandwidth percent 30
!
interface GigabitEthernet1/0/10
switchport trunk allowed vlan 10,20
switchport mode trunk
service-policy output QOS
###################################
Best Regard,
Masanobu Hiyoshi
↧
SNMP ex9200
Hi,
I use prtg to monitor snmp device/juniper ex, for ex2200 and ex3300 i dont face any problem, just setting the snmpv2 community,auth,and clients prtg can query the snmp interface bandwidth/traffic, but when i set on ex9200 it show error "No available interfaces on this device snmp", but i can query snmp uptime on ex9200, is there some config missing ?
Model: ex9208
Junos: 14.2R7.5
[ SNMP ]
contact xxx4;
view RESTRICTED {
oid .1 include;
}
view all {
oid .1;
}
view interfaces {
oid 1.3.6.1.2.1.2 include;
}
community xxx3 {
authorization read-only;
}
community xxx1 {
view interfaces;
authorization read-only;
clients {
172.16.30.26/32;
172.16.30.76/32;
}
}
community xxx2 {
authorization read-only;
clients {
172.17.3.26/32;
}
}
trap-group snmp_traps_srv {
targets {
172.16.30.26;
}
}
[SNMP]
↧
Creating Virtual Chassis with EX3400's
Hi All,
I'm very new to Juniper and need assistance trying to create a VC with EX3400's. I've searched the Knowlege Base and it seems that the setup is version specific and model specific sometimes. I've had trouble finding all the data I need and I'd be appreciative if someone could give me more info. I'm coming from an Enterasys shop where no commands are necessary in the CLI beforehand, just power down, attach cables, and power up. I'm finding the Juniper switches much more favorable.... except for this one thing!
I have used the following in Member 0 of a closet with 5 switches that I want to stack together.
set virtual-chassis member 0 mastership-priority 255
set virtual-chassis member 1 mastership-priority 255
When I attempted this, upon powering up Member 1, Member 0 lost connectivity and the only lights on the front were SYS and SPD. Member 1 appeared to become the backup as it had the SYS LED, SPD, and flashing green MST, eventually going solid green. Consoling in to Member 0 showed it to be a linecard and consoling in to Member 1 showed it to be "Master 1" and running
show virtual-chassis
Returned that is was the only switch in the VC. It did not see member 0 at all.
Previous to that attempt, I used the pre-provisioned method and listed the SN of all 5 switches and making member 0 and member 1 be routing-engines and the remaining 3 as linecards. This also resulted in disaster. I powered on Member 0 and all was fine, upon powering on the remaining switches (with cables already connected) no switch (including member 0 now) had any lights except SYS and SPD. None were a Master, all showed as being a linecard.
As downtime was limited, in both instances, I restored to factory default and configured each individually with trunks between.
Am I missing a command? Do all switches need to be set at factory-defaults with no configuration, except for Member 0, of course? Do switches being added need to powered on or off when cables are connected. All switches are on the same firmware version (15.1X53-D51). Four are EX3400-48 and one is an EX3400-24. I used a ring topology using the VC ports on the rear of the device.
There is a lot of documentation that specifically lists the 4200, 4500, 8200, etc. but very little that specifically names the EX3400. Is it done differently on the 3400? Any help would be appreciated.
↧
RSTP implementation question
First time poster, I apologize if I am in the wrong place. I also inherited the configuration of this network... so be gentle.
I currently have 5 sites which are connected with a L2 service from our provider. We use a single VLAN (the default one, with the ID changed to 1000) which spans all 5 routers. The VLAN has a L3 interface bound to it, all in the same address space.
I recently discovered that we have a single RSTP instance, with one of the routers obviously serving as the root bridge. This is not what the previous administrator believed was happening, but it is unfortuantely so. I would like to make it so that the core router at each site is the root bridge for that site, and also that we aren't spamming BPDU's on our WAN connection. I understand STP fairly well, but I am not sure of the effect of having that VLAN in each of these sites.
Can I just disable the RSTP on each of the interfaces that connect the sites, and set the local router to have a bridge prioroty of 0?
We are running ex4600's (as the routers) at 2 of the sites, and ex4200's for the routers at the other 3.
I don't need any specific configuration help, I am just asking more as a general information question. Is there any way to make each of these sites it's own RSTP instance with the same VLAN at all 5 sites?
Thanks for any help you guys are willing to give.
↧
↧
Trunking on vQFX
Dear Com !
When configuring two vQFX to communicate (layer 2) together I saw that trunking interface are not working. This is due to the vnic adaptor. The Intel PRO/1000 strip the 802.1Q trag. By default, only access port works with vQFX.
Doesn't any one manage to have a working trunking configuration with vQFX ?
I tried to change the adaptor type in vagrant configuration but it doesn't work. it seems JunOS has only the "Intel PRO/1000" drivers...
Driver not compatible with JunOS => once configured, I can't see the interface on the vQFX
# Interconnect link between vqfx (xe-0/0/0)
vqfx.vm.network 'private_network',
auto_config: false,
nic_type: 'Am79C973',
virtualbox__intnet: "#{UUID}_vqfx_interconnect_nicA"Drivers compatible but not working with 802.1Q
# Interconnect link between vqfx (xe-0/0/1)
vqfx.vm.network 'private_network',
auto_config: false,
nic_type: '82540EM',
virtualbox__intnet: "#{UUID}_vqfx_interconnect_nicA"Environnement info :
OS : CentOS Linux release 7.3.1611 (Core) (on Cisco UCS BLADE, not a VM)
VirtualBox : 5.1.22r115126
Vagrant : 1.9.5
BOX : vqfx10k-pfe-virtualbox-20160609.box / vqfx10k-re-virtualbox-15.1X53-D60.box
help ?
Regards
Salah
↧
Any impact when EX Switch configures Secondary IP address for a Vlan.
Hello All
I appreciate if you can let me know the above subject.
(EX Switch)
set interfaces vlan unit 10 family inet address 10.0.10.101/24
set interfaces vlan unit 10 family inet address 10.0.100.1/24 primary
(Cisco Switch)
interface Vlan10
ip address 10.0.10.102 255.255.255.0 secondary
ip address 10.0.100.2 255.255.255.0
Cat3850#ping 10.0.10.101
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.10.101, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/10 ms
Cat3850#
Cat3850#ping 10.0.100.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.100.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/10 ms
Cat3850#sh ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
10.0.10.101 128 FULL/DR 00:00:38 10.0.100.1 Vlan10
*OSPF neighbor it is non-secondary IP Only whtch I know.
Are there any impact when EX configures Secondary IP?
Are there any secondary IP sepecification information which maximum secondary IP and so on?
Best Regards,
Masanobu Hiyoshi
↧
Filter traffic sent to analyzer
Hi,
I work for a VoIP company and we have an analyzer setup so we can monitor all traffic in and out of the nework. Recently the port that all the traffic comes out on has been a bit overloaded and we are trying to cut down on the amount of traffic that
the analyzer port outputs. I tried following the "Filtering the Traffic Entering an Analyzer section" at https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/port-mirroring-cli.html however this seems to only allow sending input traffic to the analyzer (since there is lots of other traffic such as NFS and MySQL) . It seems there is no way of sending output traffic to the analyzer as well.
I have the following filter:
set firewall family ethernet-switching filter UDP_TRAFFIC term 10 from protocol udp
set firewall family ethernet-switching filter UDP_TRAFFIC term 10 then accept
set firewall family ethernet-switching filter UDP_TRAFFIC term 10 then analyzer MAIN
set firewall family ethernet-switching filter UDP_TRAFFIC term 20 then accept
and I tried doing on the interface:
set interfaces ge-0/0/0 unit 0 family ethernet-switching filter input UDP_TRAFFIC
set interfaces ge-0/0/0 unit 0 family ethernet-switching filter output UDP_TRAFFIC
and when I try to commit confirmed I get:
root@dovid_home# commit check
[edit interfaces ge-0/0/0 unit 0 family ethernet-switching]
'filter'
Referenced filter 'UDP_TRAFFIC' can not be used as analyzer not supported on egress
error: configuration check-out failed
Are there any work arounds to this?
↧
Strange logmessages: "IFCM: no handler for command subtype XXX"
Hi experts,
after an upgrade to Junos 15.1R5 I noticed on my EX4550s strange log messages like these:
---snip---
chassism[1179]: IFCM: no handler for command subtype 178
chassism[1179]: IFCM: no handler for command subtype 179
---snap---
Are these pointing to an error?
Can I safely igore them?
Many thanks in advance,
Stefan
↧
↧
MX Q-in-Q With Multiple Inner Tags not working
I am trying to build an interface that sends 3 seperate VLANs inside an outer tag across the network. One of the logical units is a Layer3 IP interface and the other 2 are bridged VLANs. Using the below config, the Layer3 Interface passes traffic and then only 1 or the other (whichever one I build first) of the bridged units will pass traffic. How can this config be modified so all 3 VLANs pass traffic at the same time?
MX480
user@FTMY-T3-EDGE-01> show configuration interfaces ge-2/3/0
description "--- UPLINK TO NNI ---";
flexible-vlan-tagging;
mtu 9192;
encapsulation flexible-ethernet-services;
unit 1276 {
vlan-tags outer 1176 inner 1276;
family inet {
address 63.247.145.69/30;
}
}
unit 11767 {
encapsulation vlan-bridge;
vlan-tags outer 1176 inner 127;
}
unit 11769 {
encapsulation vlan-bridge;
vlan-tags outer 1176 inner 999;
}
user@FTMY-T3-EDGE-01> show configuration bridge-domains
VLAN-127 {
description T3-VOIP;
vlan-id 127;
interface ge-2/3/0.11767;
interface ge-x/x/x.127;
}
VLAN-999 {
description T3-CUST-MGMT;
vlan-id 999;
interface ge-2/3/0.11769;
interface ge-x/x/x.999;
}Again, in the above config I can ping across unit 1276, but I can only ever ping across either 999 or 127 and not both when enabled at the same time. How can I configure this better so it will work?
↧
How can do bandwidth control inet/inet6 for QFX 5100?
I've configured policers like:
set vlans V10 forwarding-options filter input FILTER-10M
set vlans V10 forwarding-options filter output FILTER-10M
set vlans V11 forwarding-options filter input FILTER-10M
set vlans V11 forwarding-options filter output FILTER-10M
set vlans V12 forwarding-options filter input FILTER-10M
set vlans V12 forwarding-options filter output FILTER-10M
set firewall policer 10M if-exceeding bandwidth-limit 10m
set firewall policer 10M if-exceeding burst-size-limit 1m
set firewall policer 10M then discard
set firewall family ethernet-switching filter FILTER-10M term 1 then accept
set firewall family ethernet-switching filter FILTER-10M term 1 then policer 10M
But is not working very well. Some vlans work normal, others the bandwidth is very slow. Very weird.
So I've configured filters using mx style:
set interfaces ge-0/0/1 unit 10 vlan-id 10
set interfaces ge-0/0/1 unit 10 family inet filter input FILTER-10M
set interfaces ge-0/0/1 unit 10 family inet filter output FILTER-10M
Now is working well but since qfx doesn't support logical-interface-policer like:
set firewall policer 10M logical-interface-policer
It can't share bandwidth for both inet/inet6.
Tried this way:
set interfaces ge-0/0/1 unit 10 family inet6 filter input FILTER-10M
set interfaces ge-0/0/1 unit 10 family inet6 filter output FILTER-10M
but it's double the bandwidth if using ipv4 and ipv6 at the same time.
It's possible? What is the correct way to do bandwidth control for qfx 5100?
↧
QinQ QFX and EX
Hello Guys,
I'm trying to configure a QinQ vlan from a EX4550 to a QFX3550. I have checked all the forums and corrected any possible mistake on the 4550, like the ethertype thing, but it is still not working.
This is my conf:
EX4550x2 --- EX4550x1 -- QFX3550x1
this is the configuration:
EX4550x2:
vlan100 {
vlan-id 100;
dot1q-tunneling {
customer-vlans 1-4094;
}
}
interfaces xe-1/0/5 {
description "DLX5_SERV + MGMT NIC2";
mtu 9216;
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members vlan100;
}
}
}
ae1 {
mtu 9216;
aggregated-ether-options {
minimum-links 1;
link-speed 10g;
lacp {
active;
periodic fast;
}
}
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members vlan100
}
}
}
ezequiel@EX4550x2> show configuration ethernet-switching-options
dot1q-tunneling {
ether-type 0x8100;
}
EX4550x1:
ezequiel@EX4550x1> show configuration interfaces xe-0/0/27 <<PORT FACING QFX3550x1
description "UPLINK COBOGWBPQX3500x3 PUERTO XE-0/0/0";
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members vlan100;
}
}
}
ae0 {
mtu 9216;
aggregated-ether-options {
minimum-links 1;
link-speed 10g;
lacp {
active;
periodic fast;
}
}
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members vlan100
}
}
}
QFX3550:
root@QFX3550x1> show configuration vlans vlan100
interface xe-0/0/10.100;
interface xe-0/0/11.100;
interface xe-1/0/0.100;
interface xe-1/0/10.100;
oot@QFX3550x1> show configuration interfaces xe-0/0/10 <<CE PORT
flexible-vlan-tagging;
native-vlan-id 100;
encapsulation extended-vlan-bridge;
unit 100 {
vlan-id-list 1-4094;
input-vlan-map push;
output-vlan-map pop;
}
root@QFX3550x1> show configuration interfaces xe-1/0/0 << PORT FACING EX4550x1 (trunk)
flexible-vlan-tagging;
encapsulation extended-vlan-bridge;
unit 100 {
vlan-id 100;
}
I see mac addresses from customers in both EX4550 but not in the QFX. Also I have mac addresses in the QFX but they are not passing to the EX. I guess the problem is on trunk QFX/EX configuration but I dont know how to fix it. I have tried multiple configurations, flexible-vlan/vlan-id, standard trunk with vlan members but none of them seem to be working.
Txs
Ezeq.
↧