How would I go about undoing this change?
[edit ethernet-switching-options analyzer VOIP]
'output'
Analyzer output interface ge-3/0/47.0 should not be added to any VLAN
error: configuration check-out failed
I attempted to add that interface to a VLAN. I want to utilize ge-3/0/47.0 as an access port and add it to a VLAN. It will not commit changes due to this. I no longer need this port configured as a mirror.
Hi,
I have been testing the "bpdu-block-on-edge" command on an EX3400 on 15.1X53-D56. I have noticed that the recovery timeout appears to now be configured on the interface rather than globally.
When I delibrately loop two ports the port is disabled.
xxx> show spanning-tree interface ge-0/0/2
Spanning tree interface parameters for instance 0
Interface Port ID Designated Designated Port State Role
port ID bridge ID Cost
ge-0/0/2 128:490 128:490 4096.e8b6c2663b61 20000 BLK DIS (Bpdu-Incon)
But the port never recovers.
Also I can not find a command to clear it manually!
xxx> clear ethernet-switching recovery-timeout interface ge-0/0/2
xxx> show spanning-tree interface ge-0/0/2
Spanning tree interface parameters for instance 0
Interface Port ID Designated Designated Port State Role
port ID bridge ID Cost
ge-0/0/2 128:490 128:490 4096.e8b6c2663b61 20000 BLK DIS (Bpdu-Incon)
Please could anyone help?
The below link states that IP Source guard is supported on EX switches with ELS.
But when I go to configure it, the option is not there. Can anyone explain why this is?
{master:0}[edit vlans VOIP-HOSTS forwarding-options dhcp-security]
lab@xxx# set ?
Possible completions:
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
arp-inspection Enable dynamic ARP inspection
> dhcpv6-options DHCPv6 option processing for snooped packets
> group Define a DHCP security group for overriding defaults
neighbor-discovery-inspection Enable neighbor discovery inspection
no-dhcp-snooping Disable dhcp snooping
no-dhcpv6-snooping Disable DHCPv6 snooping
> option-82 DHCP option-82 processing for snooped packets
I'm trying to enable "forwarding- options dhcp-relay" but keep getting an error when I try to enable dhcp on my me0 interface. I would think since the management interface is out of band it whouldn't conflict with my in-band dhcp relays.
root@AMTSGY-JN2200c-DSwc# commit check
[edit interfaces me0 unit 0 family inet]
'dhcp'
Incompatible with 'forwarding-options dhcp-relay'
error: configuration check-out failed: (statements constraint check failed)
Is there a work around for this?
I'm running on a JN2200C version 12.3R12.4
Hi.
I'm planning to setup a network in one of our locations based on a number of VCs that due to physical limitations have to be connected togetter in a ring topology. I have been searching for a while for protocol alternatives in this situation, or is the only supportet protocol xSTP in the situation? Do Juniper provide any aditional options here? I looked at ERP, but this is not supported by EX3400.
Quick schematic:
Best regards,
Johan Christensson
So the systems I am using are MX960 MPC7e.
When I use the 1meter 100G DAC I have zero errors + zero packet loss.
When I use the 3meter 100G DAC cables I have packet loss & framing errors. I tried 3 DAC cables on 2 different sets of routers…all MX960 MPC7e.
These are 3rd party DAC cables, all from the same place, but what I do not understand is why the 1M cables work and the 3M are giving me errors. The only difference between the cables that I have noticed is that the 3M are 28AWG and the 1M are 30AWG.
Any ideas as to what the issue is? I would think it was just a bad cable, but all 3 of them seems a little strange.
I need to change an interface from a trunk to an access port. Here's the current config:
interface-range wireless-ap-ports {
member-range ge-4/0/36 to ge-4/0/47;
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members [ Wireless CSMSBYOD ];
}
native-vlan-id 5;
}
}
}
Interface ge-4/0/36 is a trunk port and a member of a few VLANs. I need to remove it and make it an access port in a single VLAN. The vendor that installed/configured my EX switches are no longer in business and I do not have the required knowledge of the JunOS to be able to make these type of changes.
Hi there,
I have two QFX10K, connected between them with
2x40 for ICCP connectivity - ae0 Layer3
2x100 for ICL connectivity - ae1 as trunk
The MC-AE's interfaces connected to 2 QFX5K
the iccp is up, the mc-ae interfaces are up
I might be missing something, but on some manuals i saw that the ICCP link and the loopback0 of the machine should be familiar by routing, i saw it was done by ospf as both bounded to are 0.0.0.0
lo0 uses as the iccp endpoints of the machine, and I guess as ae0 serves as the ICCP links, some kind of routing is needed.
on my example, the lo0 is internet routable, the sh route indicates the peer iccp is routed through the switch layer 3 feeds (isis). in this case:
how would i know ae0 does anything?
how would i know that internet goes off (both links) - iccp can still communicate via ae0?
should i use static to route iccp peers across the ae0 with higher metric?
should i run routing protocol between ae0's?
i'm sure i'm missing something here. will appriciate your help.
I need your help. Attached are configuration files for the EX3300 and EX2300 switches.
I have setup a 20GB uplink from the EX3300 VC to the EX2300 switch using a link aggregation interface. The LACP on EX3300 is ae3 and on the EX2300 is ae0. Both interfaces are up and running and seems to be working.
On the EX3300 I have configured Vlan 30 (Guest_Network) and Vlan 1 (default) which is carried over the trunk ae3 interface to the EX2300 switch. Vlan 1 is setup as the native vlan. Vlan 1 and Vlan 30 are setup as RVIs on the EX3300. Vlan 1 subnet is 192.168.1.0/24 and Vlan 30 subnet is 192.168.30.0/24.
On the EX2300, I have configured Vlan 30 (Guest_Network). Vlan 1 (default) is aready setup by factory default; however it is not showing up in the configuration file attached. I have not setup RVIs for Vlan 1 or Vlan 30. Vlan30 and Vlan 1 is carried over the trunk ae0 interface to the EX3300 VC switch. On the EX2300 all the ports have Vlan 1 (default) assigned and the first 4 ports also have VLAN 30.
I have attached my laptop to port 9 on the EX2300 which is assigned Vlan 1 (default) and configured my Iaptop with the following network information:
IP = 192.168.1.160
SubNet = 255.255.255.0
Gateway = 192.168.1.2 (This is the IP address of the RVI for Vlan 1 on the EX3300 VC)
For some reason, I cannot ping any IP address on the 192.168.1.0/24 subnet. Also I am unable to connect to the Internet.
What am I doing wrong? Please help..
Hi Guys
I seems to have a big problem with configuring trunks as untrusted interfaces.
I can not find the way to override a default configuration of DHCP trust on trunk ports.
Can you please help.
show vlans VL-998 forwarding-options dhcp-security
group UNTRUST {
overrides {
##
## Warning: statement ignored: unsupported platform (ex2300-24p)
##
untrusted;
}
}
I have the EX2300-C 12P unit runing JUNOS image 15.1X53-D56. The two 10G ports are being used as an uplink to my EX3300 switch. The management port is being used as well as the first 3 ports on the switch.
The temperature is ranging from 52 to 56 degrees celsius. That is over 125 degrees fahrenheit. What is the normal / safe temperature for this unit? Please advise.
*****
can't load 'kernel'
Type '?' for a list of commands, 'help' for more detailed help.
loader>
*****
My EX's are in this state and none of the online recovery methods are working. I can get to u-boot and loader prompts. The USB and TFTP options of install command fail.
Can someone please chime in on any recovery tips? Thank you in advance.
Hello All,
I hope you are doing well. I have a question regarding Juniper EX4200.
I have an EX4200 with two port-mode trunk interfaces:
- one facing the customer where I receive many different vlans (10, 20, 30 and 40),
- another one facing a Juniper MX where the vlans are received in different subinterfaces according to the vlans.
Is there a way to do the following:
- Vlans 30 and 40 pass through as normal single tagged frames.
- Vlans 10 and 20 have to be encapsulated in another S-VLAN 100, and pass as VLAN 100 to the MX.
How could I configure this in the switch?
I tried configuring vlan 100 with dot1q-tunneling customer-vlans [ 10 20 ], but it won't work. Please take into account both interfaces are trunk.
I understand set ethernet-switching-options dot1q-tunneling ether-type 0x8100 should be configured, so that in the trunk with Juniper MX both single and dual tagged frames can be sent.
Thank you very much for your help
I've been confounded by a problem I ran into when I tried to implement LAG between an EX4600 2-member virtual chassis and a Cisco ASA 5525-X (LACP active). I am looking for an explanation of the problem.
The EX4600 side of the LAG is using Copper SFP transceivers distributed evenly between the physical members of the virtual chassis. The LAG members are configured on corresponding ports and modules on each member switch [ge-0/2/4,ge-0/2/5,ge-1/2/4,ge-1/2/5]. Originally, I used Juniper-compatible transceivers but have since purchased a genuine unit [QFX-SFP-1GE-T] for troubleshooting. Both of the EX4600 member switches were purchased at the same time and each has two EX4600-EM-8F expansion modules. The JunOS version is the same on both switches [14.1X53-D27.3]
When I tried to implement this design, I discovered that the ports on the primary VC member (FPC 0) would not come up. Troubleshooting the problem, I found the issue is unrelated to the LAG configuration. Using Windows servers and unmanaged switches as test components, I was able to locate a single port on the primary VC member (actually on a different expansion module) which would come up with a copper SFP inserted (genuine or compatible). All of the ports I have tried on the secondary VC member (FPC 1) also work. This is true even if auto-negotiation is not explicity enabled on the port. Setting auto-negotiation appears to have no effect. Connected devices always have good link lights but the Juniper side never negotiates the line protocol on the ports which don't work.
I am wondering what could explain this inconsistent behavior. Also, Juniper's documentation for the EX4600-EM-8F expansion module (ominously) states: "Caution: Copper SFP transceivers (1000BASE-T) are restricted to the top four ports or the bottom four ports; fiber SFP transceivers (1000BASE-X) can be used in any of the eight ports. Attempting to stack copper SFP transceivers causes internal damage to the module." I would like to know what kind of internal damage would result from "stacking" transceivers. Is this an electrical problem or does is refer to physical damage to the transceiver receptacle?
I have attached some diagnostic output from the EX4600 in question including the working test port (ge-0/1/0) and non-working test port (ge-0/1/1). Note that the same transceiver is used in each example. The "show chassis hardware" command shows the genuine transceiver installed in FPC 0 PIC 1 Xcvr 1 while the compatible transceivers (which are working in the LAG) are in FPC 1 PIC 2 Xcvr 4-5.
Thank you for your consideration.
Hello,
First i will summarize the network.
We got a new client (hospital) with juniper hardware. Our company has little experience with Juniper so i got the job to figure it out and find solutions. With me being fairly new to IT and networking i would rather ask than google everything.
So here goes, network consists of 14 EX series switches with a stack virtual chassis that does all the routing. Current setup is a mess with no documentation (previus IT did this and left).
We need to reconfigure all the switches while everything has to be live since it is a hospital.
Now my main question is we have 40 clients in this network that should be in it own VLAN and only have access to the server (easy to achieve no problem). But they should not be able to have traffic between them in any case (security reasons/client demand). Now i know PVLAN`s are one way to solve this, but here is the thing all those 40 clients have VoIP enabled and its all on one port because the infrastructure is a hellhole.
Can i solve this in any other way else than just putting every client in separate VLAN.
Thank you for your help.
Regards Dean.
Hello All,
Greetings of the Day!!!!
Request you to please help me out with implementation of MVR on EX4300.
A sample config template will be great if you share.
I'd like to temporarily mix 10Gb and 40Gb interfaces on an ae interface during an upgrade--can I safely do this? What do I set link-speed to?
--Paul
Hi everybody,
Please consider the following set up:
Let say if we have classifier JOJO on EX 4300
010000—Class B
011000-Class C
Forwarding class mapping:
Class C---Queue1
This classifier applies to ge 1/1/0.0
Let say a packet with DSCP 010000 received on the ge 1/1/0.0, Classifier JOJO is used to classify this packet but we do not have egress queue mapped to this class, what will SW do ? Will it place this packet into default queue since there is no mapping between ClassB and queue?
Thanks and have a nice day!!
I have the command "set vlan UserData forwarding-options dhcp-security" on an EX3400 switch, what is this specificly doing for the UserData vlan?
Hi all,
I've set up two EX2200s with VRRP between them. However I'm getting the following message on both devices:
root@EX1> show vrrp warning: vrrp subsystem not running - not needed by configuration.
There's not much information I can find online about this issue specific to VRRP, configuration is fine and I've tried restarting the services, devices etc. Here's some more output, if you need more please let me know. Thanks for any tips.
show version
fpc0:
--------------------------------------------------------------------------
Hostname: EX1-Primary
Model: ex2200-c-12t-2g
Junos: 15.1R5.5
JUNOS EX Software Suite [15.1R5.5]
JUNOS FIPS mode utilities [15.1R5.5]
JUNOS Online Documentation [15.1R5.5]
JUNOS EX 2200 Software Suite [15.1R5.5]
JUNOS Web Management Platform Package [15.1R5.5]
show configuration interfaces
ge-0/0/0 {
description EX1-Feed;
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members [ Data Voice ];
}
}
}
}
vlan {
unit 5 {
description VOICE;
family inet {
address 10.0.1.2/24 {
vrrp-group 5 {
virtual-address 10.0.1.1;
priority 254;
accept-data;
}
}
}
}
unit 10 {
description DATA;
family inet {
address 10.0.2.1/24 {
vrrp-group 10 {
virtual-address 10.0.2.1;
priority 255;
preempt;
accept-data;
}
}
}
}
Other EX mirrors both vlans with the opposite addressing.