Trying to use DHCP temporarily till our server arrives.
show system services dhcp binding
error: command is not valid on the ex2300-48p
Yet the auto complete shows that command structure.
set system services dhcp name-server 10.10.10.10
set system services dhcp domain-search 10.10.10.10
set system services dhcp boot-server 10.12.9.10
I looked here:
https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/dhcp-server-cli.html
Hello Community.
I hope everyone is well. My office recently received an EX 9208 running 'JUNOS 14.1X53-D42.3' from factory. After carefully looking for a more updated version we proceed to upgrade the box to JUNOS 16.1R5.7' which actually is the one recommended by Juniper.
We did the upgrade through the CLI and we already had some Mgmt config in the Switch including a couple of VLANs.
Long story short. The Upgrade failed with the following command:
config/juniper.conf:220: (5) syntax error at 'vlans'
[edit]
'vlans {'
syntax error
/config/juniper.conf:581: (1) error recovery ignores input until this point at '}'
[edit]
'}'
error recovery ignores input until this point
Validation failed
ERROR: Current configuration not compatible with /var/tmp/junos-install-ex92xx-x86-64-16.1R5.7.tgz
I cleared the VLANs from the config and then tried it again and it worked fine.
Does any one knows what could've caused this issue? Did something changed with this version as I am unable to find any known caveat within the official documentation reporting this behavior.
Regards,
I have multiple MC-LAG deployments at an extreamly large site. Occasionally I need to track a MAC address to an access port, so I get the MAC assosicated with the devices IP address off of my firewall then login to the access switch and do show ethernet-switching table | match <MAC>. The problem is some MAC addresses associate with the aggergation interface (ae0.0) instead of the physical interface then I have no idea what acesse port I need to look at.
So my question is why do some MACs in the ARP table associate with the logical interface while others associate with the physical interface? WIll MAC address associating with ae0.0 cause problems? And is there another way to see which MAC addresses are connected to what interface?
(Example)
pack-plc 00:07:af:e6:be:a0 D - ge-0/0/7.0
pack-plc 00:07:af:e6:c7:b0 D - ge-0/0/18.0
pack-plc 00:07:af:e7:49:00 D - ge-0/0/10.0
pack-plc 00:0c:29:0f:0b:b9 D - ae0.0
pack-plc 00:0c:29:1c:86:a0 D - ae0.0
pack-plc 00:0c:29:52:25:66 D - ae0.0
Experts,
Meybe you can help here: I have all vlan set on Juniper MDF and one vlan (DMZ) set up on meraki MX security applinace. All DMZ hosts are connected to MX with access port and VLAN10 (DMZ vlan). MX LAN port is connectedt to MDF as well as switchport with defualt vlan1 and routing is done on MX and MDF. Now I am in need of connecting another DMZ host which is located in another building but question is how?
I would like to mirror DMZ vlan on 3300 switch and have access to DMZ ports on MX (switchports)
I was thinking on creating trunk port on MX and connect it to MDF with default vlan 10 192.168.168.1 on MX and vlan10 on MDF juniper with 192.168.168.2
I dont know if that would work and if extra routing is needed. I am attaching visio diagram with what I am trying to tahcive.
Hello.
trying to implement RI at EX2200
show configuration | display set set version 15.1R6.7 set system services ssh protocol-version v2 set system syslog user * any emergency set system syslog file messages any notice set system syslog file messages authorization info set system syslog file interactive-commands interactive-commands any set chassis alarm management-ethernet link-down ignore set interfaces ge-0/0/0 unit 0 family ethernet-switching set interfaces ge-0/0/1 unit 0 family ethernet-switching set interfaces ge-0/0/2 unit 0 family ethernet-switching set interfaces ge-0/0/3 unit 0 family ethernet-switching set interfaces ge-0/0/4 unit 0 family ethernet-switching set interfaces ge-0/0/5 unit 0 family ethernet-switching set interfaces ge-0/0/6 unit 0 family ethernet-switching set interfaces ge-0/0/7 unit 0 family ethernet-switching set interfaces ge-0/0/8 unit 0 family ethernet-switching set interfaces ge-0/0/9 unit 0 family ethernet-switching set interfaces ge-0/0/10 unit 0 family ethernet-switching set interfaces ge-0/0/11 unit 0 family ethernet-switching set interfaces ge-0/0/12 unit 0 family ethernet-switching set interfaces ge-0/0/13 unit 0 family ethernet-switching set interfaces ge-0/0/14 unit 0 family ethernet-switching set interfaces ge-0/0/15 unit 0 family ethernet-switching set interfaces ge-0/0/16 unit 0 family ethernet-switching set interfaces ge-0/0/17 unit 0 family ethernet-switching set interfaces ge-0/0/18 unit 0 family ethernet-switching set interfaces ge-0/0/19 unit 0 family ethernet-switching set interfaces ge-0/0/20 unit 0 family ethernet-switching set interfaces ge-0/0/21 unit 0 family ethernet-switching set interfaces ge-0/0/22 unit 0 family ethernet-switching set interfaces ge-0/0/23 unit 0 family ethernet-switching set interfaces ge-0/1/0 unit 0 family ethernet-switching set interfaces ge-0/1/1 unit 0 family ethernet-switching set interfaces ge-0/1/2 unit 0 family ethernet-switching set interfaces ge-0/1/3 unit 0 family ethernet-switching set interfaces vlan unit 0 family inet filter input FBF_Filter set interfaces vlan unit 0 family inet address 172.16.4.254/16 set routing-options interface-routes rib-group inet FBF set routing-options static route 0.0.0.0/0 next-hop 172.16.0.102 set routing-options rib-groups FBF import-rib inet.0 set routing-options rib-groups FBF import-rib FBF.inet.0 set protocols igmp-snooping vlan all set protocols rstp set protocols lldp interface all set protocols lldp-med interface all set firewall family inet filter FBF_Filter term first from destination-address 172.16.4.254/32 set firewall family inet filter FBF_Filter term first then accept set firewall family inet filter FBF_Filter term second from source-address 172.16.0.0/16 set firewall family inet filter FBF_Filter term second from destination-address 10.44.44.0/24 set firewall family inet filter FBF_Filter term second then routing-instance FBF set firewall family inet filter FBF_Filter term last then accept set routing-instances FBF instance-type forwarding set routing-instances FBF routing-options static route 0.0.0.0/0 next-hop 172.16.0.250 set ethernet-switching-options storm-control interface all set vlans default l3-interface vlan.0
root> show route
inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Static/5] 00:33:21
> to 172.16.0.102 via vlan.0
172.16.0.0/16 *[Direct/0] 00:33:21> via vlan.0
172.16.4.254/32 *[Local/0] 00:33:40
Local via vlan.0
FBF.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Static/5] 00:33:21
> to 172.16.0.250 via vlan.0
172.16.0.0/16 *[Direct/0] 00:33:21> via vlan.0
172.16.4.254/32 *[Local/0] 00:33:21
Local via vlan.0
{master:0}
at windows host (172.16.1.180/16) do trace to 10.44.44.20 and got
172.16.4.254
172.16.0.102
what's wrong?
Hi Team,
Iam facing issues on EX2300 running on Junos 15.1X53-D56.
Certain interfaces will not learn mac addresses and others will not pull an IP from DHCP. The resolution is to reboot the switch
During the time of issue, i could see the below logs.
Nov 6 11:03:46 law-15-sw2 dc-pfe: LBCM-L2,brcm_ifl_l2_init(),2283
isabling DHCP trapping on ge-0/0/20 dev: 1 port: 23.
Nov 6 11:03:47 law-15-sw2 dc-pfe: LBCM-L2,brcm_ifl_l2_init(),2283isabling DHCP trapping on ge-0/0/20 dev: 1 port: 23.
Nov 6 11:03:47 law-15-sw2 dc-pfe: LBCM-L2,brcm_ifl_l2_init(),2283isabling DHCP trapping on ge-0/0/20 dev: 1 port: 23.
Nov 6 11:03:47 law-15-sw2 fpc0 LBCM-L2,brcm_ifl_l2_init(),2283isabling DHCP trapping on ge-0/0/20 dev: 1 port: 23
I would like to know the meaning of this logs. Please let me know if anyone came across this scenario.
Regards,
Is there a way to configure MC-LAG with 4 leaf nodes under same MC-LAG id in IPClos Fabric? I believe ICL is established through SPINEs for these leafs however if I want to be having VRRP, I should have a Layer-2 connection between these leafs for VRRP hello packet.
Hello.
trying to implement RI at EX2200
show configuration | display set set version 15.1R6.7 set system services ssh protocol-version v2 set system syslog user * any emergency set system syslog file messages any notice set system syslog file messages authorization info set system syslog file interactive-commands interactive-commands any set chassis alarm management-ethernet link-down ignore set interfaces ge-0/0/0 unit 0 family ethernet-switching set interfaces ge-0/0/1 unit 0 family ethernet-switching set interfaces ge-0/0/2 unit 0 family ethernet-switching set interfaces ge-0/0/3 unit 0 family ethernet-switching set interfaces ge-0/0/4 unit 0 family ethernet-switching set interfaces ge-0/0/5 unit 0 family ethernet-switching set interfaces ge-0/0/6 unit 0 family ethernet-switching set interfaces ge-0/0/7 unit 0 family ethernet-switching set interfaces ge-0/0/8 unit 0 family ethernet-switching set interfaces ge-0/0/9 unit 0 family ethernet-switching set interfaces ge-0/0/10 unit 0 family ethernet-switching set interfaces ge-0/0/11 unit 0 family ethernet-switching set interfaces ge-0/0/12 unit 0 family ethernet-switching set interfaces ge-0/0/13 unit 0 family ethernet-switching set interfaces ge-0/0/14 unit 0 family ethernet-switching set interfaces ge-0/0/15 unit 0 family ethernet-switching set interfaces ge-0/0/16 unit 0 family ethernet-switching set interfaces ge-0/0/17 unit 0 family ethernet-switching set interfaces ge-0/0/18 unit 0 family ethernet-switching set interfaces ge-0/0/19 unit 0 family ethernet-switching set interfaces ge-0/0/20 unit 0 family ethernet-switching set interfaces ge-0/0/21 unit 0 family ethernet-switching set interfaces ge-0/0/22 unit 0 family ethernet-switching set interfaces ge-0/0/23 unit 0 family ethernet-switching set interfaces ge-0/1/0 unit 0 family ethernet-switching set interfaces ge-0/1/1 unit 0 family ethernet-switching set interfaces ge-0/1/2 unit 0 family ethernet-switching set interfaces ge-0/1/3 unit 0 family ethernet-switching set interfaces vlan unit 0 family inet filter input FBF_Filter set interfaces vlan unit 0 family inet address 172.16.4.254/16 set routing-options interface-routes rib-group inet FBF set routing-options static route 0.0.0.0/0 next-hop 172.16.0.102 set routing-options rib-groups FBF import-rib inet.0 set routing-options rib-groups FBF import-rib FBF.inet.0 set protocols igmp-snooping vlan all set protocols rstp set protocols lldp interface all set protocols lldp-med interface all set firewall family inet filter FBF_Filter term first from destination-address 172.16.4.254/32 set firewall family inet filter FBF_Filter term first then accept set firewall family inet filter FBF_Filter term second from source-address 172.16.0.0/16 set firewall family inet filter FBF_Filter term second from destination-address 10.44.44.0/24 set firewall family inet filter FBF_Filter term second then routing-instance FBF set firewall family inet filter FBF_Filter term last then accept set routing-instances FBF instance-type forwarding set routing-instances FBF routing-options static route 0.0.0.0/0 next-hop 172.16.0.250 set ethernet-switching-options storm-control interface all set vlans default l3-interface vlan.0
root> show route
inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Static/5] 00:33:21
> to 172.16.0.102 via vlan.0
172.16.0.0/16 *[Direct/0] 00:33:21> via vlan.0
172.16.4.254/32 *[Local/0] 00:33:40
Local via vlan.0
FBF.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Static/5] 00:33:21
> to 172.16.0.250 via vlan.0
172.16.0.0/16 *[Direct/0] 00:33:21> via vlan.0
172.16.4.254/32 *[Local/0] 00:33:21
Local via vlan.0
{master:0}
at windows host (172.16.1.180/16) do trace to 10.44.44.20 and got
172.16.4.254
172.16.0.102
what's wrong?
UPD: rolled back to 12.3R12.4
Experts,
My current connfigration between EX4300 and MX is fallowing:
1. I use swithcport between MX and EX4300 based on the routing from EX to MX and routing from MX to EX having one VLAN1 on MX so we have communication between MX and 4300
2. I have all vlans configured on EX 4300 (thats why I use switchport)
3. Now we started using DMZ which is configured on MX with default vlan 10 - 192.168.168.0/24
4. All ESXi host with DMZ uplink ports are connected directly to MX additional module and these modules are configured as switchport with default vlan 10
5. Now we installed replication host in another building and I have to connect replication ESX host connectedt to EX3300
to vlan10 using 192.168.168.0/24 How can I atchieve that?
I would not make chnages to current vlan management and want to keep 4300 with all vlans, I was told bt Meraki to start using MX for vlans management - stupid idea since if device fails I am doomed and that box is limited by CPU, RAM, etcs. so I dont want to do that.
If I create vlan 10 on EX4300 192.168.168.2 and connect to one of available module as trunk with defult vlan 10 would that work? I dont want to kill whole network since I have already one connection between MX and 4300.
I am attaching diagram to better understand what I am trying to atchive. Diagram should be easy to read. Thank you
we have two EX3300 , software version : JUNOS 15.1R6.7
booting have some message , is the message have any affect issue ,
have any recommand for as ?
###BOOT MESSAGE1##########################################################################
Initial interface configuration:
additional daemons:.
Additional routing options:kern.module_path: /boot//kernel;/boot/modules -> /boot/modules;/modules/peertype;/modules/ifpfe_drv;/modules/platform;/modules;
kld netpfe drv: ifpfed_chmicLoading the CHMIC module
ifpfed_ethinterface ifpfed_eth.1 already present in the KLD 'kernel'!
kldload: can't load /modules/ifpfe_drv/ifpfed_eth.ko: Exec format error
ifpfed_ml_cmn ifpfed_svcskld platform: ex_ifpfeLoading the EX-series platform NETPFE module
if_vcpkld peertype: peertype_hcm peertype_pfem peertype_sfi peertype_slavere grat_arp_on_ifup=YES: net.link.ether.inet.grat_arp_on_ifup: 1 -cryptosoft0: <software crypto> on motherboard
> 1
ipsec kld kats kldkldload: can't load kats.ko: File exists
IPsec: Initialized Security Association Processing.
.
Doing additional network setup:.
Starting final network daemons:.
starting local daemons:set cores for group access
.
Boot media /dev/da0 has dual root support
** /dev/da0s1a
FILE SYSTEM CLEAN; SKIPPING CHECKS
clean, 19833 free (9 frags, 2478 blocks, 0.0% fragmentation)
setting ldconfig path: /usr/lib /opt/lib
starting standard daemons: cron.
Local package initialization:.
Initialize /var subdirs
Tue Oct 24 10:29:14 CST 2017
EX3300 (ttyu0)
login: rm: ./mnt/jweb-ex-app: Read-only file system <<<<<<<
###BOOT MESSAGE2 ##########################################################################
Initial interface configuration:
additional daemons:.
Additional routing options:kern.module_path: /boot//kernel;/boot/modules -> /boot/modules;/Loading the CHMIC module
modules/peertype;/modules/ifpfe_drv;/modules/plainterface ifpfed_eth.1 already present in the KLD 'kernel'!
tform;/modules;
kld netpfe drv: ifpfed_chmic ifpfed_ethkldload: can't load /modules/ifpfe_drv/ifpfed_eth.ko: Exec format error
ifpfed_ml_cmn Loading the EX-series platform NETPFE module
ifpfed_svcskld platform: ex_ifpfe if_vcpkld peertype: peertype_hcm peertype_pfem peertype_sfi peertype_slavere grat_arp_on_ifup=YES: net.link.ether.inet.grat_arp_on_ifup: 1 -cryptosoft0: <software crypto> on motherboard
> 1
ipsec kld kats kldkldload: can't load kats.ko: File exists
IPsec: Initialized Security Association Processing.
Hi ,
I am trying to achieve the below scenario with a QFX Model. Can't seem to find the right fit.
I need 4 ports of 100G;- 4 ports of 10G and also need few ports of 1G.
Now with the available models, I see one can either mix 1 & 10GE ports, or 10/40/100 GE ports. Can't see any that has the scale from 1GE to 100GE on the same switch.
Is this achievable?
I'm curious as to what Breakout cables mean as i haven't so much time on Optics form factors. Is any close a solution to what I have described? Or rather, what would be most cost efficient solution.
Hi,
I'm a bit confused on what the recommeded upgrade path for this scenario.
Do I need to upgrade to 14.x something before going all the way to 15.1R6?
Thanks!
I successfully scan EX3300 and EX2200 switches to get MAC address information via SNMP. Part of that process is to get trunk port status using:
jnxExVlanPortAccessMode
-or-
1.3.6.1.4.1.2636.3.40.1.5.1.7.1.5
This does not work on an EX2300 (as well as many other OID's - which really sucks).
I've tried searching Junipers SNMP Mib Explorer but can't find the correct OID. Has anyone successfully gotten the trunk status out of a EX2300 and willing to share that OID?
Hello.
The task is allow traffic from hosts1 (192.168.1.5) to host2 (192.168.1.10) and block any other.
When set filter
firewall {
family ethernet-switching {
filter Allow {
term term1 {
from {
source-address {
192.168.1.5/32;
}
destination-address {
192.168.1.10/32;
}
}
then accept;
}
term term2 {
from {
source-address {
192.168.1.10/32;
}
destination-address {
192.168.1.5/32;
}
}
then accept;
}
}
}
}
on port
ge-0/0/5 {
unit 0 {
family ethernet-switching {
filter {
input Allow;
}
}
}
}
or on vlan, than all traffic drops.
I have a relatively simple office network. This is in part, a new deployment. The SRX (and config) come from a working environment. We're trying to replace the existing cisco sg300 switches with ex2300's. Everything else stays the same (same wireless, clients, etc).
* srx340 (cluster) that is both L2 and L3 (2 VLANS, 1, 24 as LAN and DMZ respectively)
* 6 ex2300 daisy chained off the srx with twinax cables (xe-0/1/0 xe-0/1/1 are trunks)
* 7 Ruckus APs plugged into switch6 (last in the chain, also trunk ports)
When clients roam across APs, they lose connectivity. At first, it seemed like a DHCP problem, but after doing tcpdumps, we find that the client sends a dhcp request, and never gets the reply. The reply is sent to the AP that the client used to be associated with. Still thinking this was DHCP, we tried using static IPs on the client. No joy. They couldn't ping anything including gateway, or even AP they were connected to). Thought this might be an issue with Ruckus, but we've since been able to duplicate it with wired clients. Plugging them into a switch port, they get DHCP the first time (quickly). Move to a different switch, no DHCP, no success with static IP. Moving back to the first switch, same thing. No DHCP, no success with static IP. Waiting 5m seems to reset something, allowing the client to function again (whether dhcp or static). Tried changing the MAC timeout and it didn't appear to make a difference.
We've tried different kinds of clients (laptop, desktop, mac, windows, android, ios) and they all behave the same way.
The mac-learning-log shows the switch learning/deleting MAC on linkup/down, and the entry is not in the ethernet-switching table.
I can provide sanatized configs, but there isn't much to them.
Hello,
I'm a newbie to Juniper and this is my first post here!
I have a couple of E4300 switches. It has got two 40GE QSFP+ ports.
User@EX4300-2> show chassis hardware | match 40G
PIC 1 REV 32 BUILTIN BUILTIN 4x 40GE QSFP+
Xcvr 0 REV 740-044512 APF17120005DT9 QSFP+-40G-CU50CM
Xcvr 1 REV 740-044512 APF17120005DNB QSFP+-40G-CU50CM
PIC 1 REV 32 BUILTIN BUILTIN 4x 40GE QSFP+
Xcvr 0 REV 740-044512 APF17120005DNB QSFP+-40G-CU50CM
Xcvr 1 REV 740-044512 APF17120005DT9 QSFP+-40G-CU50CM
{master:1}
But when I check the interface details I don't see these interface listed there. I expect them to see as two 'et' interfaces. But I see two VCP instead. Is this correct? I read somewhere that 40G QSFP+ by default configured as VCP ports. Where can I see that configuration? How can I convert them to normal network ports? 
User@EX4300-2> show interfaces terse
Interface Admin Link Proto Local Remote
vcp-255/1/0 up down
vcp-255/1/0.32768 up down
vcp-255/1/1 up up
vcp-255/1/1.32768 up up
ge-0/0/0 up down
ge-0/0/0.0 up down eth-switch
pfe-0/0/0 up up
pfe-0/0/0.16383 up up inet
inet6
pfh-0/0/0 up up
pfh-0/0/0.16383 up up inetAny help would be appreciated!
Hi,
I have a Motorola AP (now Extreme Networks) that use L2 multicast packet to discover other APs and Controller.
The multicast destination address is 01:A0:F8:00:00:00/48 that is a L2 multicast packet not linked to any multicast ip address 224.x.x.x / 239.x.x.x and a switch should flood these packets without any action from IGMP snooping. Now, to forward this packet I need to disable IGMP snooping on the EX box. Is there a different way to achieve the target ? I would like to avoid to disable igmp snooping. Any possibility with a custom firewall policy ?
Thanks for any advice
Emanuel
Hello,
I have two EX4300s configured as VC. But when I check the VLANs, I don't see all the information about Switch1 ports. Switch 1 is the backup switch.
Is there any command to check the backup switch?
user@EX4300-2> show virtual-chassis
Preprovisioned Virtual Chassis
Virtual Chassis ID: 23dc.bf78.2698
Virtual Chassis Mode: Enabled
Mstr Mixed Route Neighbor List
Member ID Status Serial No Model prio Role Mode Mode ID Interface
0 (FPC 0) Prsnt xxx ex4300-24t 129 Backup N VC 1 vcp-255/1/0
1 (FPC 1) Prsnt xxx ex4300-24t 129 Master* N VC 0 vcp-255/1/1
{master:1}
user@EX4300-2> show vlans
Routing instance VLAN name Tag Interfaces
default-switch Internet 999
ge-0/0/1.0
ge-0/0/11.0
ge-0/0/12.0
ge-0/0/15.0
ge-0/0/2.0
ge-0/0/21.0
ge-0/0/5.0
ge-1/0/1.0
ge-1/0/11.0
ge-1/0/12.0
ge-1/0/14.0
ge-1/0/2.0
default-switch default 1
ge-0/0/0.0
ge-0/0/10.0
ge-0/0/13.0
ge-0/0/14.0
ge-0/0/16.0
ge-0/0/17.0
ge-0/0/18.0
ge-0/0/19.0
ge-0/0/20.0
ge-0/0/22.0
ge-0/0/23.0
ge-0/0/3.0
ge-0/0/4.0
ge-0/0/6.0
ge-0/0/7.0
ge-0/0/8.0
ge-0/0/9.0
{master:1}
user@EX4300-2>The Backup switchport are not showing either.
krishna@EX4300-2# set interfaces ge-1?
Possible completions:<interface-name> Interface name
ge-1/0/1 Interface name
ge-1/0/11 Interface name
ge-1/0/12 Interface name
ge-1/0/14 Interface name
ge-1/0/2 Interface name
{master:1}[edit]Any help would be appreciated!
Dear community, I want that my EX-3300 blocks the access to the interface ge-0/0/0 as long as the supplicant is not authenticated. The authentication should run with the help of a RADIUS-Server. I am new in the Juniper world, therefore I need your help to find the mistake that I have done. My first step is now to get a request at the RADIUS-Server, when I plug a device into ge-0/0/0. Altough I can successful ping the RADIUS-Server, there arise no traffic at the RADIUS-Server. I tested the connection to the RADIUS with a tool called NTRadPing, which simulates a authentication requests at the RADIUS, to check if the firewall or something else interrupts the procedure, but this test was successful too. As soon as I try to connect a device to ge-0/0/0, only the block is working and my DHCP-Server does not give the client the network configuration parameters. Since more than two days, I am struggeling to get a request at the RADIUS-Server. I would be very grateful, if someone could help me.
This is my configuration (I shortened it and took only the relevant information out of it):
system {
root-authentication {
encrypted-password "XXXXXXXX"; ## SECRET-DATA
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members A100;
}
}
}
}
ge-0/0/20 {
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members A400;
}
}
}
}
vlan {
unit 400 {
family inet {
address 100.XXX.XXX.2/29;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 100.XXX.XXX.1;
}
}
protocols {
igmp-snooping {
vlan all;
}
dot1x {
traceoptions {
file dot1x size 5m;
flag all;
}
authenticator {
authentication-profile-name profile1;
interface {
ge-0/0/0.0 {
supplicant single;
retries 3;
transmit-period 3;
reauthentication 1;
supplicant-timeout 3;
server-timeout 3;
maximum-requests 3;
}
}
}
}
rstp;
lldp {
interface all;
}
lldp-med {
interface all;
}
}
access {
radius-server {
94.XXX.XXX.41 {
port 1812;
secret "XXXXXXXXXX"; ## SECRET-DATA
source-address 100.XXX.XXX.2;
}
}
profile profile1 {
authentication-order radius;
radius {
authentication-server 94.XXX.XXX.41;
}
}
}
ethernet-switching-options {
storm-control {
interface all;
}
}
vlans {
A100 {
vlan-id 100;
}
A400 {
vlan-id 400;
l3-interface vlan.400;
}
}
Hi Community
when we talk about EPL service as pseudowire type 5with RFC6870 enabled, we are reffering to L2circuit protocol configuration with hot-stdby configuration, correct? or are we referreng to l2vpn related configuraion? sorry but i'm bit confused with the terminology in regards of this topic.
Cheers