Experts,

Looks like after updating software from 12.3 to 15.1 some folders are missing:

/dev/md7, mounted on: /packages/mfs-jkernel-ex-3300  however show system storage shows:

show system storage
fpc0:
--------------------------------------------------------------------------
Filesystem Size Used Avail Capacity Mounted on
/dev/da0s1a 183M 144M 25M 85% /
devfs 1.0K 1.0K 0B 100% /dev
/dev/md0 243M 243M 0B 100% /packages/mnt/junos
/dev/md1 6.7M 2.0M 4.1M 32% /packages/mfs-fips-mode-arm
/dev/md2 4.8M 4.8M 0B 100% /packages/mnt/fips-mode-arm-15.1R5.5
/dev/md3 8.6M 4.0M 3.9M 50% /packages/mfs-jdocs-ex
/dev/md4 11M 11M 0B 100% /packages/mnt/jdocs-ex-15.1R5.5
/dev/md5 39M 35M 1.2M 97% /packages/mfs-junos-ex-3300
/dev/md6 68M 68M 0B 100% /packages/mnt/junos-ex-3300-15.1R5.5
/dev/md7 13M 8.6M 3.5M 71% /packages/mfs-jweb-ex
/dev/md8 23M 23M 0B 100% /packages/mnt/jweb-ex-15.1R5.5
/dev/da0s3e 123M 6.7M 106M 6% /var
/dev/md9 252M 16K 232M 0% /tmp
/dev/da0s3d 369M 17M 323M 5% /var/tmp
/dev/da0s4d 62M 284K 57M 0% /config
/dev/md10 118M 20M 89M 18% /var/rundb
procfs 4.0K 4.0K 0B 100% /proc
/var/jail/etc 123M 6.7M 106M 6% /packages/mnt/jweb-ex-15.1R5.5/jail/var/etc
/var/jail/run 123M 6.7M 106M 6% /packages/mnt/jweb-ex-15.1R5.5/jail/var/run
/var/jail/tmp 123M 6.7M 106M 6% /packages/mnt/jweb-ex-15.1R5.5/jail/var/tmp
/var/tmp 369M 17M 323M 5% /packages/mnt/jweb-ex-15.1R5.5/jail/var/tmp/uploads
devfs 1.0K 1.0K 0B 100% /packages/mnt/jweb-ex-15.1R5.5/jail/dev
/var/jail/jweb-app 123M 6.7M 106M 6% /packages/mnt/jweb-ex-15.1R5.5/jail/var/jweb-app
/dev/md11 6.7M 2.0M 4.1M 32% /packages/mfs-fips-mode-arm
/dev/md12 8.6M 4.0M 3.9M 50% /packages/mfs-jdocs-ex
/dev/md13 39M 35M 1.2M 97% /packages/mfs-junos-ex-3300
/dev/md14 13M 8.6M 3.5M 71% /packages/mfs-jweb-ex
/dev/md15 10M 5.8M 3.8M 61% /packages/mfs-jweb-ex-app
/dev/md16 17M 17M 0B 100% /packages/mnt/jweb-ex-15.1R5.5/jail/var/jweb-app/jweb-ex-app

any advise? 

Experts,

I don't know if I should just ignore this message but this can't give me relaxing time when I see errors like this:

Jun 19 07:06:18 storeroom /kernel: Percentage memory available(18)less than threshold(20 %)- 1
2017-06-19	07:06:15	Auth	Info	IP	Jun 19 07:06:15 kitch_storeroom sshd[1296]: Accepted keyboard-interactive/pam for tech from 10.2.20.5 port 57926 ssh2
2017-06-19	06:59:58	Daemon	Error	IP	Jun 19 06:59:58 kitch_storeroom rpd[1192]: JTASK_SCHED_SLIP: 7 sec scheduler slip, user: 1 sec 599000 usec, system: 0 sec, 358374 usec
2017-06-19	06:58:17	System2	Notice	IP	Jun 19 06:58:17 kitch_storeroom xntpd: kernel time sync enabled 2001
2017-06-19	06:58:15	System2	Notice	IP	Jun 19 06:58:15 kitch_storeroom xntpd: kernel time sync disabled 2041
2017-06-19	06:58:14	Daemon	Error	IP	Jun 19 06:58:14 kitch_storeroom ppmd[1197]: ppmd_delete_cfm_pending_entries: connection received 0x39300c
2017-06-19	06:58:14	Daemon	Error	IP	Jun 19 06:58:14 kitch_storeroom ppmd[1197]: ppmd_delete_cfm_pending_entries: CFMD delete pending timer expired
2017-06-19	06:57:34	Daemon	Warning	IP	Jun 19 06:57:35 kitch_storeroom craftd[1186]: Major alarm cleared, FPC 0 PHY1 Temp Sensor Fail
2017-06-19	06:57:34	Daemon	Warning	IP	Jun 19 06:57:35 kitch_storeroom alarmd[1185]: Alarm cleared: FPC color=RED, class=CHASSIS, reason=FPC 0 PHY1 Temp Sensor Fail
2017-06-19	06:57:22	Daemon	Error	IP	Jun 19 06:57:22 kitch_storeroom dot1xd[1212]: JTASK_SNMP_CONN_RETRY: snmp_epi_reg_refresh: reattempting connection to SNMP agent (register MIBs): Operation timed out
2017-06-19	06:57:07	Daemon	Error	IP	Jun 19 06:57:07 kitch_storeroom dot1xd[1212]: JTASK_SNMP_CONN_RETRY: snmp_epi_reg_refresh: reattempting connection to SNMP agent (register MIBs): Operation timed out
2017-06-19	06:57:06	System2	Notice	IP	Jun 19 06:57:06 kitch_storeroom xntpd: kernel time sync disabled 6041
2017-06-19	06:57:06	System2	Notice	IP	Jun 19 06:57:06 kitch_storeroom xntpd[1189]: time reset +323469.898626 s
2017-06-19	06:57:04	Daemon	Error	IP	Jun 15 13:05:54 kitch_storeroom license-check[1214]: copy from member 0 failed
2017-06-19	06:57:04	Daemon	Error	IP	Jun 15 13:05:54 kitch_storeroom license-check[1214]: LIBJNX_REPLICATE_RCP_ERROR: rcp -r -Ji fpc0:/config/.license_priv/ /config/license : rcp: /config/.license_priv/: No such file or directory
2017-06-19	06:57:02	Daemon	Error	IP	Jun 15 13:05:52 kitch_storeroom license-check[1214]: LICENSE: copy to /config/license from fpc0:/config/.license_priv/
2017-06-19	06:56:56	Daemon	Error	IP	Jun 15 13:05:46 kitch_storeroom chassism[1172]: IFCM: no handler for command subtype 182
2017-06-19	06:56:56	Daemon	Error	IP	Jun 15 13:05:46 kitch_storeroom chassism[1172]: IFCM: no handler for command subtype 178
2017-06-19	06:56:56	Local4	Error	IP	Jun 15 13:05:46 kitch_storeroom fpc0 Error: VRF __master.anon__.5 in egress ACL
2017-06-19	06:56:56	Daemon	Alert	IP	Jun 15 13:05:46 kitch_storeroom eswd[1205]: Root bridge in context 0 changed from 61440:5c:45:27:df:93:81 to 4096:00:31:46:47:61:00
2017-06-19	06:56:56	Local4	Notice	IP	Jun 15 13:05:46 kitch_storeroom fpc0 pfe_pme_max 24
2017-06-19	06:51:11	Auth	Info	IP	Jun 19 06:51:11 kitch_storeroom init: chassis-control (PID 1185) terminate signal 15 sent
2017-06-19	06:51:11	Daemon	Notice	IP	Jun 19 06:51:11 kitch_storeroom sfid[1104]: JTASK_EXIT: Exit sfid[1104] version 15.1R5.5 built by builder on 2016-11-25 15:36:06 UTC, caller 0x17f898

LIBJNX_REPLICATE_RCP_ERROR: rcp -r -Ji fpc0:/config/.license_priv/ /config/license : rcp: /config/.license_priv/: No such file or directory

is this something reroius? 

Is there a way to check for extensive unicast flooding on an EX 4200 switch or, even better, on a single port of the switch? 

Regards,

Pawel

Is it possible to block all traffic from port _x_ from all hosts except one IP, but at layer2 using the EX3300's port filtering?

I attempted using the commands and GUI as per; https://www.juniper.net/documentation/en_US/junos/topics/concept/firewall-filter-ex-series-overview.html, but haven't had success so far.

Also -does 4 or 5 rules typically cause a very big increase in resources/CPU load?

Just want to make sure this is possible before I try again.

Any help appreciated. Many thanks.

Hello,

we have started to take a look at the EX3400 series and encountered that is impossible to upgrade due to low storage space.

In first place transfering the package to the device is insanly slow at 140 kb/s. We have been testing via http, ftp and scp to see if it is not a protocol regression but transfer rates stayed at 140 kb/s. The upgrade itself fails due to low storage space but it's not possible to free up more storage since all the tmp directories are already empty.

Software upgrades have always been troublesome with Juniper due to low space, memory leakage and slow processing power but given the fact that the EX3400 is pretty new and already suffering from outdated hardware is not understandable and makes automatization of upgrade process impossible.

We never encountered upgrade problems with other vendors even with entry level gear.

A server admin reported abnornally high traffic on one of his windows 2008 machines (1.1.1.9). A wireshark capture shows a TMG server on the network (1.1.1.1) sending packets destined to 1.1.1.2.  1.1.1.2 is a Microsoft NLB VIP.  The ex4200 switch has a static multicast MAC arp entry associating 1.1.1.2 with MAC 03:bf:0a:1d:5a:45.  1.1.1.9 is not part of the NLB cluster and has no association with it.

I'm at a loss to know why these packets are arriving a a device for which they arent intended. At an IP level they are unicast packets. The MAC of 1.1.1.9, according to all the machine's arp caches, has nothing to do with the packets details.

My understanding of multicast and its use in NLB is minimal, but i cant see why this traffic would be appearing on machines its not intended for. Any ideas

Hi together,

I have a small problem. I have a LAG connection between two QFX5100 running LACP.

Now I want to monitor this connection an would like to ask you, if there is a possibility to monitor the status of the interfces based on the LACP status and perform a SNMP trap if necessary.

Thank you for your help.

Hi all,

I have configured MAC Limiting on EX2200.

There is option allowed-mac, which allows to add allowed MAC addresses statically.

How to add MAC addresses dynamically?

Thanks

Hi All,

i need to disable igmp-snoopong on spesific vlan on  ex4300 sw.

as i undrestand that option isnt available on that sw model: 

for now is connfigured as default  :

"set protocols igmp-snooping vlan all"

i tried to "set protocols igmp-snooping" configure on any vlan except the vlan that i need him to be disable and there were a lot of problems (loss my connection to the sw and all the isis connectivity got down)

i know that i can disable igmp-snoopong on a vlan at 4200 .

so how i can disable the igmp on specific vlan at the 4300??

thank you all for the help.

I have an EX4200 in a remote location that I can't access via SSH.  Luckily, telnet was still enabled so I can access the box.  The is absolutely nothing in the messages log file on the box.  Anyone ever seen this before?  I was able to verify that logs are being forwarded to our remote log servers.

xxxx@switch# show system syslog
user * {
any emergency;
}
host syslog {
any any;
match "(requested 'commit' operation)|(copying configuration to juniper.save)|(commit complete)|ifAdminStatus|(FRU power)|(FRU removal)|(FRU insertion)|(link UP)|transitioned|Transferred|transfer-file|(license add)|(license delete)|(package -X update)|(package -X delete)|(FRU Online)|(FRU Offline)|(plugged in)|(unplugged)|cm_device|(Master Unchanged, Members Changed)|(Master Changed, Members Changed)|(Master Detected, Members Changed)|(vc add)|(vc delete)|(Master detected)|(Master changed)|(Backup detected)|(Backup changed)|(interface vcp-)";
port 11514;
structured-data;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
file default-log-messages {
any any;
match "(requested 'commit' operation)|(copying configuration to juniper.save)|(commit complete)|ifAdminStatus|(FRU power)|(FRU removal)|(FRU insertion)|(link UP)|transitioned|Transferred|transfer-file|(license add)|(license delete)|(package -X update)|(package -X delete)|(FRU Online)|(FRU Offline)|(plugged in)|(unplugged)|cm_device|(Master Unchanged, Members Changed)|(Master Changed, Members Changed)|(Master Detected, Members Changed)|(vc add)|(vc delete)|(Master detected)|(Master changed)|(Backup detected)|(Backup changed)|(interface vcp-)";
structured-data;
}
file radius {
authorization any;
}

xxxxxx@switch# run show log ?
Possible completions:
<[Enter]> Execute this command
<filename> Name of log file
authd_libstats Size: 0, Last changed: Feb 28 12:00:12
authd_profilelib Size: 0, Last changed: Feb 28 12:00:12
authd_sdb.log Size: 0, Last changed: Feb 28 12:00:12
chassisd Size: 1243730, Last changed: Jun 29 16:34:58
chassisd.0.gz Size: 54038, Last changed: Jun 22 08:01:55
cosd Size: 12587, Last changed: Feb 28 12:01:53
dcd Size: 62775, Last changed: Feb 28 12:02:05
default-log-messages Size: 0, Last changed: Jun 29 16:35:43
dfwc Size: 0, Last changed: Feb 28 12:00:04
eccd Size: 0, Last changed: Feb 28 12:00:03
gres-tp Size: 1171, Last changed: Feb 28 12:01:53
ifstraced Size: 15, Last changed: Feb 28 12:00:14
interactive-commands Size: 0, Last changed: Jun 29 16:35:43
inventory Size: 1689, Last changed: Feb 28 12:02:05
license Size: 0, Last changed: Feb 28 12:01:25
mastership Size: 137, Last changed: Feb 28 12:01:53
messages Size: 0, Last changed: Jun 29 16:35:43
pfed Size: 0, Last changed: Feb 28 12:01:26
pgmd Size: 48, Last changed: Feb 28 12:00:19
radius Size: 0, Last changed: Jun 29 16:35:43
user Show recent user logins
wtmp Size: 11540, Last changed: Jun 29 16:32:24
wtmp.0.gz Size: 27, Last changed: Jun 05 08:30:00
wtmp.1.gz Size: 58, Last changed: Feb 28 12:00:51

Hi,

I want to configure ICCP/ICL. I use this configuration :

root@SD-SRV-C012-1# show
## Last changed: 2017-06-30 08:35:25 UTC
version 15.1X53-D62.5;
system {
    host-name SD-SRV-C012-1;
    root-authentication {
        encrypted-password "$1$7urpvj.a$0XI/N6k1e5hA1bh3BP9NJ."; ## SECRET-DATA
    }
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any notice;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
    extensions {
        providers {
            juniper {
                license-type juniper deployment-scope commercial;
            }
            chef {
                license-type juniper deployment-scope commercial;
            }
        }
    }
    processes {
        dhcp-service {
            traceoptions {
                file dhcp_logfile size 10m;
                level all;
                flag all;
            }
        }
        app-engine-virtual-machine-management-service {
            traceoptions {
                level notice;
                flag all;
            }
        }
    }
}
chassis {
    aggregated-devices {
        ethernet {
            device-count 100;
        }
    }
    fpc 0 {
        pic 0 {
            port 25 {
                speed 100g;
            }
            port 31 {
                speed 100g;
            }
        }
    }
}
interfaces {
    et-0/0/25 {
        ether-options {
            802.3ad ae0;
        }
    }
    et-0/0/31 {
        hold-time up 100 down 4000;
        ether-options {
            802.3ad ae1;
        }
    }
    ae0 {
        description "ICCP Layer 3 Link with 1 member,et-0/0/25";
        aggregated-ether-options {
            lacp {
                active;
                periodic fast;
            }
        }
        unit 0 {
            family inet {
                address 10.0.10.9/30;
            }
        }
    }
    ae1 {
        description "ICL Layer 2 Link witch 1 member,et-0/0/31";
        vlan-tagging;
        aggregated-ether-options {
            lacp {
                active;
                periodic fast;
            }
        }
        unit 0 {
            family ethernet-switching {
                interface-mode trunk;
                vlan {
                    members all;
                }
            }
        }
    }
    em0 {
        unit 0 {
            family inet {
                dhcp {
                    vendor-id Juniper-qfx10002-36q;
                }
            }
        }
    }
    em1 {
        unit 0 {
            family inet {
                dhcp {
                    vendor-id Juniper-qfx10002-36q;
                }
            }
        }
    }
    irb {
        unit 0 {
            family inet {
                dhcp {
                    vendor-id Juniper-qfx10002-36q;
                }
            }
        }
    }
    lo0 {
        unit 0 {
            family inet {
                address 10.0.11.91/32;
            }
        }
    }
}
forwarding-options {
    storm-control-profiles default {
        all;
    }
}
#
# $Id:$
#
# Copyright (c) 2014, Juniper Networks, Inc.
# All rights reserved.
#
# Filename: default.conf
# Platform: ELIT-LITE
# Description: Default DST file.
#
#
protocols {
    iccp {
        local-ip-addr 10.0.11.91;
        peer 10.0.11.92 {
            session-establishment-hold-time 50;			/////// https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/multichassis-link-aggregation-qfx-series-cli.html 8.b.
            redundancy-group-id-list 1;
            liveness-detection {
                minimum-interval 1500;
                multiplier 2;
                transmit-interval {
                    minimum-interval 1500;				/////// https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/multichassis-link-aggregation-qfx-series-cli.html 8.e.
                }
            }
        }
    }
    lldp {
        interface all;
    }
    lldp-med {
        interface all;
    }
    igmp-snooping {
        vlan default;
    }
}
switch-options {
    service-id 1;
}
vlans {
    default {
        vlan-id 1;
        l3-interface irb.0;
    }
}

root@SD-SRV-C012-2# show
## Last changed: 2017-06-30 08:36:09 UTC
version 15.1X53-D62.5;
system {
    host-name SD-SRV-C012-2;
    root-authentication {
        encrypted-password "$1$krcme2vm$T4ebkj3/MoQImDdJVS/fF0"; ## SECRET-DATA
    }
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any notice;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
    extensions {
        providers {
            juniper {
                license-type juniper deployment-scope commercial;
            }
            chef {
                license-type juniper deployment-scope commercial;
            }
        }
    }
    processes {
        dhcp-service {
            traceoptions {
                file dhcp_logfile size 10m;
                level all;
                flag all;
            }
        }
        app-engine-virtual-machine-management-service {
            traceoptions {
                level notice;
                flag all;
            }
        }
    }
}
chassis {
    aggregated-devices {
        ethernet {
            device-count 100;
        }
    }
    fpc 0 {
        pic 0 {
            port 25 {
                speed 100g;
            }
            port 31 {
                speed 100g;
            }
        }
    }
}
interfaces {
    et-0/0/25 {
        ether-options {
            802.3ad ae0;
        }
    }
    et-0/0/31 {
        hold-time up 100 down 4000;
        ether-options {
            802.3ad ae1;
        }
    }
    ae0 {
        description "ICCP Layer 3 Link with 1 member,et-0/0/25";
        aggregated-ether-options {
            lacp {
                active;
                periodic fast;
            }
        }
        unit 0 {
            family inet {
                address 10.0.10.10/30;
            }
        }
    }
    ae1 {
        description "ICL Layer 2 Link witch 1 member,et-0/0/31";
        vlan-tagging;
        aggregated-ether-options {
            lacp {
                active;
                periodic fast;
            }
        }
        unit 0 {
            family ethernet-switching {
                interface-mode trunk;
                vlan {
                    members all;
                }
            }
        }
    }
    em0 {
        unit 0 {
            family inet {
                dhcp {
                    vendor-id Juniper-qfx10002-36q;
                }
            }
        }
    }
    em1 {
        unit 0 {
            family inet {
                dhcp {
                    vendor-id Juniper-qfx10002-36q;
                }
            }
        }
    }
    irb {
        unit 0 {
            family inet {
                dhcp {
                    vendor-id Juniper-qfx10002-36q;
                }
            }
        }
    }
    lo0 {
        unit 0 {
            family inet {
                address 10.0.11.92/32;
            }
        }
    }
}
forwarding-options {
    storm-control-profiles default {
        all;
    }
}
#
# $Id:$
#
# Copyright (c) 2014, Juniper Networks, Inc.
# All rights reserved.
#
# Filename: default.conf
# Platform: ELIT-LITE
# Description: Default DST file.
#
#
protocols {
    iccp {
        local-ip-addr 10.0.11.92;
        peer 10.0.11.91 {
            session-establishment-hold-time 50;		/////// https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/multichassis-link-aggregation-qfx-series-cli.html 8.b.
            redundancy-group-id-list 1;
            liveness-detection {
                minimum-interval 1500;
                multiplier 2;
                transmit-interval {
                    minimum-interval 1500;			/////// https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/multichassis-link-aggregation-qfx-series-cli.html 8.e.
                }
            }
        }
    }
    lldp {
        interface all;
    }
    lldp-med {
        interface all;
    }
    igmp-snooping {
        vlan default;
    }
}
switch-options {
    service-id 1;
}
vlans {
    default {
        vlan-id 1;
        l3-interface irb.0;
    }
}

ICCP don't want to go up :

root@SD-SRV-C012-1> show iccp

Redundancy Group Information for peer 10.0.11.92
  TCP Connection       : In progress
  Liveliness Detection : Unknown
  Redundancy Group ID          Status
    1                           Down

Client Application: MCSNOOPD
  Redundancy Group IDs Joined: None

Client Application: l2ald_iccpd_client
  Redundancy Group IDs Joined: None

Client Application: lacpd
  Redundancy Group IDs Joined: None

root@SD-SRV-C012-1> show lacp interfaces
Aggregated interface: ae0
    LACP state:       Role   Exp   Def  Dist  Col  Syn  Aggr  Timeout  Activity
      et-0/0/25      Actor    No    No   Yes  Yes  Yes   Yes     Fast    Active
      et-0/0/25    Partner    No    No   Yes  Yes  Yes   Yes     Fast    Active
    LACP protocol:        Receive State  Transmit State          Mux State
      et-0/0/25                 Current   Fast periodic Collecting distributing

Aggregated interface: ae1
    LACP state:       Role   Exp   Def  Dist  Col  Syn  Aggr  Timeout  Activity
      et-0/0/31      Actor    No    No   Yes  Yes  Yes   Yes     Fast    Active
      et-0/0/31    Partner    No    No   Yes  Yes  Yes   Yes     Fast    Active
    LACP protocol:        Receive State  Transmit State          Mux State
      et-0/0/31                 Current   Fast periodic Collecting distributing

root@SD-SRV-C012-2> show iccp

Redundancy Group Information for peer 10.0.11.91
  TCP Connection       : In progress
  Liveliness Detection : Unknown
  Redundancy Group ID          Status
    1                           Down

Client Application: MCSNOOPD
  Redundancy Group IDs Joined: None

Client Application: l2ald_iccpd_client
  Redundancy Group IDs Joined: None

Client Application: lacpd
  Redundancy Group IDs Joined: None
root@SD-SRV-C012-2> show lacp interfaces
Aggregated interface: ae0
    LACP state:       Role   Exp   Def  Dist  Col  Syn  Aggr  Timeout  Activity
      et-0/0/25      Actor    No    No   Yes  Yes  Yes   Yes     Fast    Active
      et-0/0/25    Partner    No    No   Yes  Yes  Yes   Yes     Fast    Active
    LACP protocol:        Receive State  Transmit State          Mux State
      et-0/0/25                 Current   Fast periodic Collecting distributing

Aggregated interface: ae1
    LACP state:       Role   Exp   Def  Dist  Col  Syn  Aggr  Timeout  Activity
      et-0/0/31      Actor    No    No   Yes  Yes  Yes   Yes     Fast    Active
      et-0/0/31    Partner    No    No   Yes  Yes  Yes   Yes     Fast    Active
    LACP protocol:        Receive State  Transmit State          Mux State
      et-0/0/31                 Current   Fast periodic Collecting distributing

I juste zeroize my swithces and configure ICCP/ICL.

Hi, bevause VC isn't support yet on QFX5110, we decided to setup the 2 QFX5110 in MCLAG topology. I have successfully been able to bring up the ICCP link beetween both switch, but as soon as I enable aeX port as part of mc-ae lag, the ICCP link goes down.  As anyone experience a similar issue ?  I have attache my config 

Hello Com,

I came across this question few days ago while planning to increase link redundancy of a firewall.

There is a QFX5100 VC consisting of 2x 48S and 2x 48T. Location is splitted and one 48S and 48T pair reside in a rack plus a firewall.

The firewall is attached with 2x copper to the local 48T and the plan is to add two fiber links to the LAG which link to the opposite side 48S.

Unfortunately the firewalls only have 1g interfaces which is fine for them but on the 5100's I now would have to bundle the 48S ports using ge-x/x/x naming and the 48T ports using xe-x/x/x into the same LAG where all LAG members must be the same speed...

Is there anybody who can confirm this will work as intended? I already commited the configuration, mixing the interface names without an error but yet only the copper ports, autonegotiating 1G fullduplex, are connected and at the moment I cannot test it by myself..

In some other threads I read it might be required to strictly configure speed(1g) and (full)duplex for all ports of this LAG to make them work properly.. which of course would need to be done on the firewalls as well then.

We have an ex3300 and it is being monitored using snmp. We have disconnected one of the network cables on one of the ports and since then the snmp monitoring has listed this port as having a problem.

as far as I could tell the snmp OID is .1.3.6.1.2.1.2.2.1.8.X and it is in a state of 7 or 2

the cable will not be connected to this port in the near future as the machine that was connected to this port was removed.

is there a way in the ex3300 web ui (or elsewhere) to reset the state of the snmp for this port so the monitoring will stop showing me this port as having a problem?

Hi all, 

I want to clarify something on native VLAN on Juniper vendor. 
First of all, I know that by default Juniper do not have specific VLAN number for native VLAN. 
In my circumstance,
I create two VLAN are VLAN_100 and VLAN_200 with VLAN number 100 and 200 respectively. Then, I define the interface ge-0/0/0 assigned trunk mode member all,

set interfaces ge-0/0/0 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members all

The member all is mean that the interface ge-0/0/0 is assigned to VLAN_100 and VLAN_200 which have tag id, and the interface ge-0/0/0 leave VLAN default because at moment the interface ge-0/0/0 set trunk needs tag id (by default, the VLAN default do not have tag id). 
After that, What happens when I set native VLAN id is 100 mapping VLAN_100? As I show VLAN on CLI device will see only the interface ge-0/0/0 assigned VLAN_200?

The next circumstance, as I define native VLAN id is 100 mapping VLAN_100 and the interface ge-0/0/0 assigned trunk mode member [VLAN_100 VLAN_200]. Does CLI command work? And what behavior of VLAN_100 when transmit and receive? The interface ge-0/0/0 connect with VLAN number 100 must be tagged id when transmitting/receiving traffic or not?

Please correct and clarify this to me. 

Thanks a lot. 

 HI, I am trying to understand the purpose and how ICCP and ICL link are use and if both are really need? 

As per the following article, my understanding is the configuration is done using only one one link, ae0, for ICCP/ICL connectivity. While the following example show the configuration done using 2 link for ICCP/ICL connectivity (ae0, ae1)

I have QFX5110, so I tried doing the configuration using the first url, but it didn't work, when I tried to add the mc-ae ether-option, the iccp went down. Then I tries using the second url, and then I succeed. All seem to be working as expected, however I am no sure how ICCP differ from ICL link. What should I expect in term of traffic on each link ?

Hi All

i m trying to configure qinq wiith QFX5100 and MX. its not working; i tried many example given on juniper.net but no result, 

attached is my topology. could you please share any working configuration as per attached.

Well it had to happen, the building got hit by lightening. The switch was on a UPS, but a few ports were taken out. The thin clients on those ports were fried as well.

So, when returning on RMA, is lightening coverred.?