Hi all,
I guess this is a stupid question, but I couldn`t find meaningful statemenst to this question.
So I would like you to aks:
Is it possible to configure storm-control to a trunk-port ?
And if possible, does it make sense to configure the storm-control to a trunk-interface, or should I use the strom-control only on regular access-ports ?
Thank you so much.
Christoph.
Hi everyone,
On EX 200 we have only two scheduler priority Strich High and low.
My question can I use two traffic classes T1 and T2 with rate limit with both STRICT HIGH ? Basicaly I would EX to do round robin for T1 and T2 but both are also limited to some rate then what ever is left should be given to Low priority traffic classes.
Thanks and have a nice night!!
Hi Guys,
is there any possibility to show on what Port a violation occured?
I found "https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/show-ddos-protocols-statistics.html", but this only tells me if the violation occured or not - it doesn't tell me anything about where this actually happened (on what interface).
Hi everyone,
On EX 200 we have only two scheduler priority Strich High and low.
My question can I use two traffic classes T1 and T2 with rate limit with both STRICT HIGH ? Basicaly I would EX to do round robin for T1 and T2 but both are also limited to some rate then what ever is left should be given to Low priority traffic classes.
Thanks and have a nice night!!
A little background before I crack into it: I just started a new job, and my past experience was with cisco adtran etc. The last network engineer left the week I started here, so I don't have a lot of people around me for support on this. Right now I have 2 qfx set up on a pretty simple config.
version 13.2X51-D30.4;
system {
host-name Juniper-GrackSwtich-1135;
arp {
aging-timer 5;
}
}
services {
ssh;
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
processes {
dhcp-service {
traceoptions {
file dhcp_logfile size 10m;
level all;
flag all;
}
}
app-engine-virtual-machine-management-service {
traceoptions {
level notice;
flag all;
}
}
}
}
chassis {
aggregated-devices {
ethernet {
device-count 1;
}
}
}
interfaces {
xe-0/0/0 {
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
vlan {
members default;
}
storm-control default;
}
}
}
xe-0/0/1 {
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
vlan {
members default;
}
storm-control default;
}
}
}
xe-0/0/2 {
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
vlan {
members default;
}
storm-control default;
}
}
}
xe-0/0/3 {
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
vlan {
members default;
}
storm-control default;
}
}
}
xe-0/0/4 {
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
vlan {
members default;
}
storm-control default;
}
}
}
xe-0/0/5 {
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
vlan {
members default;
}
storm-control default;
}
}
}
xe-0/0/6 {
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
vlan {
members default;
}
storm-control default;
}
}
}
xe-0/0/7 {
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
vlan {
members default;
}
storm-control default;
}
}
}
xe-0/0/8 {
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
vlan {
members default;
}
storm-control default;
}
}
}
...........
xe-0/0/43 {
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
vlan {
members default;
}
storm-control default;
}
}
}
xe-0/0/44 {
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
vlan {
members default;
}
storm-control default;
}
}
}
xe-0/0/45 {
ether-options {
auto-negotiation;
802.3ad ae0;
}
}
xe-0/0/46 {
ether-options {
auto-negotiation;
802.3ad ae0;
}
}
xe-0/0/47 {
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
vlan {
members default;
}
storm-control default;
}
}
}
et-0/0/48 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
storm-control default;
}
}
}
xe-0/0/48:0 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
storm-control default;
}
}
}
xe-0/0/48:1 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
storm-control default;
}
}
}
xe-0/0/48:2 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
storm-control default;
}
}
}
xe-0/0/48:3 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
storm-control default;
}
}
}
et-0/0/49 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
storm-control default;
}
}
}
xe-0/0/49:0 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
storm-control default;
}
}
}
xe-0/0/49:1 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
storm-control default;
}
}
}
xe-0/0/49:2 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
storm-control default;
}
}
}
xe-0/0/49:3 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
storm-control default;
}
}
}
et-0/0/50 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
storm-control default;
}
}
}
xe-0/0/50:0 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
storm-control default;
}
}
}
xe-0/0/50:1 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
storm-control default;
}
}
}
xe-0/0/50:2 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
storm-control default;
}
}
}
xe-0/0/50:3 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
storm-control default;
}
}
}
et-0/0/51 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
storm-control default;
}
}
}
xe-0/0/51:0 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
storm-control default;
}
}
}
xe-0/0/51:1 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
storm-control default;
}
}
}
xe-0/0/51:2 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
storm-control default;
}
}
}
xe-0/0/51:3 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
storm-control default;
}
}
}
et-0/0/52 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
storm-control default;
}
}
}
xe-0/0/52:0 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
storm-control default;
}
}
}
xe-0/0/52:1 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
storm-control default;
}
}
}
xe-0/0/52:2 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
storm-control default;
}
}
}
xe-0/0/52:3 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
storm-control default;
}
}
}
et-0/0/53 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
storm-control default;
}
}
}
xe-0/0/53:0 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
storm-control default;
}
}
}
xe-0/0/53:1 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
storm-control default;
}
}
}
xe-0/0/53:2 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
storm-control default;
}
}
}
xe-0/0/53:3 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
storm-control default;
}
}
}
ae0 {
aggregated-ether-options {
minimum-links 1;
link-speed 10g;
lacp {
active;
periodic fast;
}
}
unit 0 {
family ethernet-switching {
interface-mode access;
vlan {
members default;
}
}
}
}
em1 {
unit 0 {
family inet;
}
}
irb {
unit 0 {
family inet {
address 10.20.70.2/23;
}
}
}
vme {
unit 0 {
family inet {
dhcp {
vendor-id Juniper-qfx5100-48c-6q;
}
}
}
}
}
forwarding-options {
storm-control-profiles default {
all;
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 10.20.70.1;
}
}
protocols {
lldp {
interface all;
}
lldp-med {
interface all;
}
igmp-snooping {
vlan default;
}
rstp {
interface xe-0/0/0;
interface xe-0/0/1;
interface xe-0/0/2;
interface xe-0/0/3;
interface xe-0/0/4;
interface xe-0/0/5;
interface xe-0/0/6;
interface xe-0/0/7;
interface xe-0/0/8;
interface xe-0/0/9;
interface xe-0/0/10;
interface xe-0/0/11;
interface xe-0/0/12;
interface xe-0/0/13;
interface xe-0/0/14;
interface xe-0/0/15;
interface xe-0/0/16;
interface xe-0/0/17;
interface xe-0/0/18;
interface xe-0/0/19;
interface xe-0/0/20;
interface xe-0/0/21;
interface xe-0/0/22;
interface xe-0/0/23;
interface xe-0/0/24;
interface xe-0/0/25;
interface xe-0/0/26;
interface xe-0/0/27;
interface xe-0/0/28;
interface xe-0/0/29;
interface xe-0/0/30;
interface xe-0/0/31;
interface xe-0/0/32;
interface xe-0/0/33;
interface xe-0/0/34;
interface xe-0/0/35;
interface xe-0/0/36;
interface xe-0/0/37;
interface xe-0/0/38;
interface xe-0/0/39;
interface xe-0/0/40;
interface xe-0/0/41;
interface xe-0/0/42;
interface xe-0/0/43;
interface xe-0/0/44;
interface xe-0/0/47;
interface et-0/0/48;
interface xe-0/0/48:0;
interface xe-0/0/48:1;
interface xe-0/0/48:2;
interface xe-0/0/48:3;
interface et-0/0/49;
interface xe-0/0/49:0;
interface xe-0/0/49:1;
interface xe-0/0/49:2;
interface xe-0/0/49:3;
interface et-0/0/50;
interface xe-0/0/50:0;
interface xe-0/0/50:1;
interface xe-0/0/50:2;
interface xe-0/0/50:3;
interface et-0/0/51;
interface xe-0/0/51:0;
interface xe-0/0/51:1;
interface xe-0/0/51:2;
interface xe-0/0/51:3;
interface et-0/0/52;
interface xe-0/0/52:0;
interface xe-0/0/52:1;
interface xe-0/0/52:2;
interface xe-0/0/52:3;
interface et-0/0/53;
interface xe-0/0/53:0;
interface xe-0/0/53:1;
interface xe-0/0/53:2;
interface xe-0/0/53:3;
interface ae0;
}
}
vlans {
default {
vlan-id 70;
l3-interface irb.0;
}
}and
version 14.1X53-D27.3;
system {
host-name Juniper-GrackSwitch-1135-slave
}
services {
ssh;
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
extensions {
providers {
juniper {
license-type juniper deployment-scope commercial;
}
chef {
license-type juniper deployment-scope commercial;
}
}
}
processes {
dhcp-service {
traceoptions {
file dhcp_logfile size 10m;
level all;
flag all;
}
}
app-engine-virtual-machine-management-service {
traceoptions {
level notice;
flag all;
}
}
}
}
chassis {
fpc 0 {
pic 0 {
port 53 {
channel-speed 10g;
}
}
}
}
interfaces {
xe-0/0/0 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
}
}
}
xe-0/0/1 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
}
}
}
xe-0/0/2 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
}
}
}
xe-0/0/3 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
}
}
}
...........
}
xe-0/0/45 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
}
}
}
xe-0/0/46 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
}
}
}
xe-0/0/47 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
}
}
}
et-0/0/48 {
unit 0 {
family inet {
dhcp {
vendor-id Juniper-qfx5100-48t-6q;
}
}
}
}
xe-0/0/48 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
}
}
}
et-0/0/49 {
unit 0 {
family inet {
dhcp {
vendor-id Juniper-qfx5100-48t-6q;
}
}
}
}
xe-0/0/49 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
}
}
}
et-0/0/50 {
unit 0 {
family inet {
dhcp {
vendor-id Juniper-qfx5100-48t-6q;
}
}
}
}
xe-0/0/50 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
}
}
}
et-0/0/51 {
unit 0 {
family inet {
dhcp {
vendor-id Juniper-qfx5100-48t-6q;
}
}
}
}
xe-0/0/51 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
}
}
}
et-0/0/52 {
unit 0 {
family inet {
dhcp {
vendor-id Juniper-qfx5100-48t-6q;
}
}
}
}
xe-0/0/52 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
}
}
}
et-0/0/53 {
unit 0 {
family inet {
dhcp {
vendor-id Juniper-qfx5100-48t-6q;
}
}
}
}
xe-0/0/53 {
unit 0 {
family ethernet-switching {
interface-mode access;
vlan {
members default;
}
}
}
}
xe-0/0/53:0 {
unit 0 {
family ethernet-switching {
interface-mode access;
vlan {
members default;
}
}
}
}
xe-0/0/53:1 {
unit 0;
}
xe-0/0/53:2 {
unit 0;
}
xe-0/0/53:3 {
unit 0;
}
xe-0/0/54 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
}
}
}
xe-0/0/55 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
}
}
}
xe-0/0/56 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
}
}
}
xe-0/0/57 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
}
}
}
xe-0/0/58 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
}
}
}
xe-0/0/59 {
unit 0 {
family ethernet-switching {
vlan {
members default;
}
}
}
}
em1 {
unit 0 {
family inet {
dhcp {
vendor-id Juniper-qfx5100-48t-6q;
}
}
}
}
irb {
unit 0 {
family inet {
address 10.20.70.3/23;
}
}
}
vme {
unit 0 {
family inet {
dhcp {
vendor-id Juniper-qfx5100-48t-6q;
}
}
}
}
}
forwarding-options {
storm-control-profiles default {
all;
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 10.20.70.1;
}
}
protocols {
lldp {
interface all;
}
lldp-med {
interface all;
}
igmp-snooping {
vlan default;
}
}
vlans {
default {
vlan-id 70;
l3-interface irb.0;
}
}I can see now that they both have different firmwares installed. If I want to set the 2 switches in a stack, I will need to upgrade the firmware. I'm wondering what I should pick from for their ios--install media or install package? It is a little bit confusing, right?
My overall goal is to set up both switches in a stack and have them uplink through the QSFP to SFP adapted for a 10g fiber uplink. Every port should be on vlan 70.
I have a question: should I worry about stacking them? Or should I just do a QSFP to QSFP link and just have it work that way? It seems like I'm closer to that right now anyway.
Any help would be hugely appreciated, so thank you. I was able to get it running this far from scratch, but this part is stumping me.
Hi Experts,
There are two qfx5100-24Q leaf switch and the current configuration is below in my lab.
I can access to one of switch via CON port directly. This is fine.
But the other switch is not possible even via CON direct access by using console cable (The same calbe used with above one).
What can be possible reasons of this issue? Due to this access issue it is not possible to fetch internal log nor core dump from the system.
virtual-chassis {
preprovisioned;
no-split-detection;
member 0 {
role routing-engine;
serial-number XXXXX;
}
member 1 {
role routing-engine;
serial-number YYYYY;
}
}Serial port configuration on my PC is exactly configured with the following.
I am quite sure that my PC configuration isn't problem because I can access to one of switch via console without any problem.
• Baud Rate—9600 • Flow Control—None • Data—8 • Parity—None • Stop Bits—1 • DCD State—Disregard
I have a Juniper Networks SPP5100SR-J3
740-021308 REV 01 10GE SFP+SR
that has stopped working, are these devices warrantied from Juniper.?
Or just trash it and buy another.?
Dear Sir/Madam I have a Switch EX3300 using firmware 12.3R3.4. But there is some errors CVE existed in this version, so I want to update it to 12.3R12. However,in my equipment has options the layer 3 is routing. Therefore I just wonder that whether layer 3 functions are gonna be lost after this updating or not? And is there any impact to the license of equipment? , THank you very much
Hi All
kindly assist me on the issue i am facing when trying to configure allowed-mac-address on trunk port, i a getting below error
#commit check
[edit ethernet-switching-options secure-access-port]
'interface ge-0/1/7.0'
Allowed MAC configuration is not allowed for trunk port
error: configuration check-out failed
{master:0}[edit ethernet-switching-options secure-access-port]
note that i am able to configure allowed mac, and mac limit on the access port.
kindly assist me to know if this is possible on trunk port. i am using EX4550 Juniper switch .
regards
Janvier R.
Hello!
I have EX4600 (JUNOS 14.1X53-D27.3) and trying to connect ISP to OEM SFP which is inserted in interface 1 (ge-0/0/1). After insertion this interface is not showing in "show interface terse" and trying to issue command "show interface ge-0/0/1" resulting in error:
> show interfaces ge-0/0/1 error: device ge-0/0/1 not found
Switch reacts to SFP insertion with this log lines:
Oct 21 01:37:35 KHQ-EX4600 fpc0 PORTDEV: OPTIC State changed for port: 0/0/1 - Presence: 1 Oct 21 01:37:35 KHQ-EX4600 fpc0 XCVR: Unit 1, Fibre channel transceiver plugged in without Fibre channel configuration!!
How i can get it used to work?
Hello all!
May be someone have faced with the same problem.
I have a virtual-chassis from two EX4600 switches with 3 expansion modules (EX4600-EM-8F)
>show virtual-chassis
Preprovisioned Virtual Chassis
Virtual Chassis ID: 658d.d87e.4b80
Virtual Chassis Mode: Enabled
Mstr Mixed Route Neighbor List
Member ID Status Serial No Model prio Role Mode Mode ID Interface
1 (FPC 1) Prsnt TC3717030047 ex4600-40f 129 Master* N VC 2 vcp-255/0/24
2 vcp-255/0/25
2 (FPC 2) Prsnt TC3717030140 ex4600-40f 129 Backup N VC 1 vcp-255/0/24
1 vcp-255/0/25
> show chassis fpc pic-status
Slot 1 Online EX4600-40F
PIC 0 Online 24x10G-4x40G
PIC 1 Online EX4600-EM-8F
PIC 2 Online EX4600-EM-8F
Slot 2 Online EX4600-40F
PIC 0 Online 24x10G-4x40G
PIC 1 Online EX4600-EM-8F
When I tried to add fourth expansion module, my backup switch became offline and dissapeared from a chassis. When I removed this additional module, a switch became online. Is that problem of a switch or a module? I created a case in JTAC, but they will solve this case after weekend.
I'm having trouble getting autonegotiation status on a 10Gb SFP+ port on a QFX5100. Whether autonegotiation is set or not I don't see anything that indicates if autoneg is on, or what the outcome was.
1Gb-T, I see status, partner, and local:
Physical interface: ge-0/0/0, Enabled, Physical link is Up
Interface index: 659, SNMP ifIndex: 558, Generation: 150
Link-level type: Ethernet, MTU: 1514, MRU: 0, Speed: 1000 Mbps, Duplex: Auto,
Autonegotiation information:
Negotiation status: Complete
Link partner:
Link mode: Full-duplex, Flow control: Symmetric, Remote fault: OK,
Link partner Speed: 1000 Mbps
Local resolution:
Flow control: None, Flow control tx: None, Flow control rx: None,
Remote fault: Link OK
10Gb-SR, Nothing:
Physical interface: xe-0/0/28, Enabled, Physical link is Up Interface index: 686, SNMP ifIndex: 548, Generation: 179 Link-level type: Ethernet, MTU: 1514, MRU: 0, Speed: 10Gbps, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Disabled, Media type: Fiber
test@test> show configuration interfaces xe-0/0/28
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members [ 160-162 260 666 680 780 999 ];
}
}
}
Is this info somewhere else?
Have someone met with the same problem? (see description below...)
We run JUNOS 15.1R6.7 on our EX3300 configured as L3 gate for local vlans and particularly for vlan 102 Ex.:
my-user@my-ex3300> show configuration interfaces vlan.102
description hosts;
family inet {
address 10.136.19.1/24;
}
There is a physical host in vlan 102
my-user@my-ex3300> show arp no-resolve | match 00:25:90:06:22:3c
00:25:90:06:22:3c 10.136.19.200 vlan.102 none
For several weeks there was no problems with it.
One day EX3300 started sending L3 forwarded packets destined to the host's IP with zero DST MAC. So, the host started discarding all the packets from other vlans and remote nets.
At the same time L2 switched IP packets from neighbouring hosts in vlan 102 was coming with correct DST MAC to the host.
So, we examined mac/arp tables and even FDB! ...
PFEM0(vty)# show shim bridge fdb vlan vlan-index 4
FDB table for VlanIdx: 4, VlanTag: 102, HwToken: 102
Legend: SP - Storm Prevention, V - Valid, s - Skip,
R - Refresh, S - Static, Vl - VlanId, Vx - Vidx
...
0 0 102 00:25:90:06:22:3C 0/5 F|1|0|1|0 0|0 0 0 0 0 0|0 0|0 0x2CE4/0x0
1 0 102 00:25:90:06:22:3C 0/5 F|1|0|1|0 0|0 0 0 1 0 0|0 0|0 0x2CE4/0x0
PFEM0(vty)# show nhdb id 1412 detail
ID Type Interface Next Hop Addr Protocol Encap MTU Flags PFE internal Flags
----- -------- ------------- --------------- ---------- ------------ ---- ------------------ ------------------
1412 Unicast vlan.102 10.136.19.200 IPv4 Ethernet 0 0x0000000000000000 0x0000000000000000
BFD Session Id: 0
Interface: 71
Flags: 2 nh_idx: 0
CMD: Route Arp Idx1: 31
CMD: Route Arp Idx2: 0
MTU Idx: 2 Num Tags: 0
Upd Cnt: 1 Tun Strt: False
Chain_nh 1416:
Hw install: 1
Mac: 00 25 90 06 22 3c
So, ethernet switching table + arp table + FDB records were OK.
We tried to plug the host to different physical switch port and that didn't help.
In the end we changed the host MAC address from 00:25:90:06:22:3C to 00:25:90:06:22:3D and the EX3300 started L3 forwarding packets to the host with correct DST MAC 00:25:90:06:22:3D !
We can't figure out if it is a software bug or some kind of FDB collision in the switch ASIC...
I hope, this workaround will help someone!
Hey so i have 2 qfx5100 set up in a VC and one of them keeps shutting down every night and i cant see why? lucky theres only one user thats useing it right now. but what i walk in to is a switch with all the fan leds are orange and the sys led is orange as well only way for me to fix it is to pull the power and repower it up.
im leaving a pc connected over night to the con port to see if can grab any thing from it but if any one has a tips to look at let me know. thanks!
Hi all,
When an attacker sends MAC attack make MAC table of a switch is full, what's behavior switch now?
Does the switch change behave as a hub? So the switch now doesn't know VLAN terminology?
Regards,
Hoang Nguyen Huy
Hi all,
I imagine a scenario like here with topology
Client A (set manually IP address) ---------- Switch ------------- Client B (Hacker)
Client A and B same VLAN and switch configure DHCP snooping, DAI, IP source guard to prevent DHCP attack, ARP attack, Spoofing attack. However, the client A set manually IP address
In the situation, Client A doesn't have information on DHCP snooping database so Switch doesn't flood frame to access the Internet, does it?
The same, when Client B deploys arp spoofing with MAC's Client A to connect another client, the switch will discards packet because it doesn't see any MAC's A on DHCP snooping database, won't it?
Please correct me if I think wrong.
Thanks and best regards,
Hoang Nguyen Huy
Hi Team,
I need your help to confirm the configuration syntax for BOOTP relay on the QFX.
This is the current configuration on the NetScreen firewall that we would like to replicate:
set interface aggregate2.1 dhcp relay server-name "172.17.232.170"
set interface aggregate2.1 dhcp relay service
set interface aggregate2.3 dhcp relay server-name "172.17.232.170"
set interface aggregate2.3 dhcp relay service
The QFX documentation provided a configuration as shown below. Can you let me know if this is complete or more configs are needed, e.g. to specify the interface on which the client requests are being received.
set forwarding-options dhcp-relay overrides bootp-support
set forwarding-options dhcp-relay server-group CS2K_BOOTP 172.17.232.170
There are two interfaces that will be receiving the client BOOTP request: ge-0/0/4.77 and ge-0/0/4.79, ge-0/0/4.77 is in global space but ge-0/0/4.79 is in the DMZ-L3VPN routing instance.
set interfaces ge-0/0/4 vlan-tagging
set interfaces ge-0/0/4 unit 77 description ";;ATLNGA058600;eth2/6;MR;TAGGED GE LINK TO ATLNGA058600 VLAN 77 (CA5 CS2000 BEARER);;"
set interfaces ge-0/0/4 unit 77 vlan-id 77
set interfaces ge-0/0/4 unit 77 family inet filter input-list MARK-TOS
set interfaces ge-0/0/4 unit 77 family inet filter input-list CA5-CS2K-BEARER-V4-IN
set interfaces ge-0/0/4 unit 77 family inet filter output CA5-CS2K-BEARER-V4-OUT
set interfaces ge-0/0/4 unit 77 family inet address 98.173.169.2/27 vrrp-group 77 virtual-address 98.173.169.1
set interfaces ge-0/0/4 unit 77 family inet address 98.173.169.2/27 vrrp-group 77 priority 200
set interfaces ge-0/0/4 unit 77 family inet address 98.173.169.2/27 vrrp-group 77 fast-interval 300
set interfaces ge-0/0/4 unit 77 family inet address 98.173.169.2/27 vrrp-group 77 no-preempt
set interfaces ge-0/0/4 unit 77 family inet address 98.173.169.2/27 vrrp-group 77 accept-data
set interfaces ge-0/0/4 unit 79 description ";;ATLNGA058600;eth2/6;MR;TAGGED GE LINK TO ATLNGA058600 VLAN 79 (CA5 CS2000 SIGNALING);;"
set interfaces ge-0/0/4 unit 79 vlan-id 79
set interfaces ge-0/0/4 unit 79 family inet filter input MARK-TOS
set interfaces ge-0/0/4 unit 79 family inet address 98.173.168.2/24 vrrp-group 79 virtual-address 98.173.168.1
set interfaces ge-0/0/4 unit 79 family inet address 98.173.168.2/24 vrrp-group 79 priority 200
set interfaces ge-0/0/4 unit 79 family inet address 98.173.168.2/24 vrrp-group 79 fast-interval 300
set interfaces ge-0/0/4 unit 79 family inet address 98.173.168.2/24 vrrp-group 79 no-preempt
set interfaces ge-0/0/4 unit 79 family inet address 98.173.168.2/24 vrrp-group 79 accept-data
set routing-instances DMZ-L3VPN interface ge-0/0/4.79
Thanks and Regards,
Jehanzeb A. Qureshi
I have a security system that is running OSPF with Multicasting. I have 1 L3 switch running the routing protocols and several L2 access switches. I am confused about the VLAN setup on the access devices. If I were to setup the same VLAN 'cameras' on core and access do i need to setup an RVI on the access (as routing is actually done on the core) and is the same IP used for the VLAN on both switches an issue. I am experiencing connection issues and suspect is is due to ip address conflicts. 10.10.13.254/23 on both core and access even though it is referencing a single VLAN
Master-Core
set vlans Cameras vlan-id 13
set interfaces irb unit 13 family inet address 10.10.13.254/23
set vlans Cameras l3-interface irb.13
Access-switch-1
set vlans Cameras vlan-id 13
set interfaces vlan unit 13 family inet address 10.10.13.254/23
set vlans Cameras l3-interface vlan.13
Access-switch-2
set vlans Cameras vlan-id 13
All switches have similar trunk setting
set interfaces ge-0/0/45 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/45 unit 0 family ethernet-switching vlan members Cameras
Protocols:
set protocols ospf area 0.0.0.0 interface vlan.100
set protocols ospf area 0.0.0.0 interface irb.13
set protocols igmp interface all
Hi everyone,
I am looking for configuration guide for EX4200 Switch , some configuration are different on EX , for example, EX 4300 vlan l3 interface requires irb interface.
I googled it , all I see hardware guide .
Thanks and have a nice day
Hi everyone,
I am researching some Uplink module features on EX 4200.
SFP+ uplink module
Supports two 10 GIG ( port 0, port 2) or either 4 one gig ports.
Default is 10GIG
1)My question is how would all four ports appear by default if I do show interface terse?
will they appear as:
xe-0/1/0 ( because by default port 0 is 10G as per link)
xe-0/1/2 ( because by default por 1 is 10 G as per link)
ge-0/1/3
ge-0/1/1
2)If we change the default behavior by using :
user@switch# set chassis fpc 0 pic 1 sfpplus pic-mode 1g
How would ports will appear when we run show interface terse now?
3) Can we use any above ports on the module for Virtual chassis connection?
4) Can we use any port on PIC 0 for Virtual chassis?
Thanks and have a nice day!!