Quantcast
Channel: Ethernet Switching topics
Viewing all 2326 articles
Browse latest View live

EX4550 VC questions

December 27, 2017, 6:53 am
$
0
0

Hi all,

 

I'm installing an 2x 32GE Virtual Chassis Module into my EX4550. This is what I see when the module is installed:

 

{master:0}
root> show virtual-chassis vc-port
fpc0:
--------------------------------------------------------------------------
Interface   Type              Trunk  Status       Speed        Neighbor
or                             ID                 (mbps)       ID  Interface
PIC / Port
2/0         Configured         -1    Down         16000
2/1         Configured         -1    Down         16000
2/2         Configured         -1    Down         16000
2/3         Configured         -1    Down         16000

 

I'm very confused by this result - why is the Type listed as Configured, instead of Dedicated? And why are there 4 interfaces instead of 2? And why do the interfaces show up as 16Gbps instead of 32Gbps?

 

According to this documentation, I should see VCP-2/0 and VCP-2/1. Does anyone have some insight as to what's going on here?

 

I'm running 15.1R5.5

Search

DHCP Single Fixed Address per Port

December 27, 2017, 1:03 pm
$
0
0

Greetings,

 

I'm trying to figure out how to setup networking for an array of industrial devices.

 

There are 100 of these devices, each identical. My hope is that I can have these devices automatically assigned an ip address in the same /24 subnet, based on what switch port they are plugged in to. This way, I can infer physical location (important for the operation of these devices) from the ip address, and if I have to replace a faulty unit, it will be a plug and play affair.

 

I'm thinking that a stack of three EX3300 would be able to achieve this, in Virtual Chassis configuration.

 

Can these be configured with Option 82, or one DHCP pool per port to accomplish this?

 

 

EX4500 vs. EX4600, spanning-tree?

December 28, 2017, 1:59 pm
$
0
0

We have two EX4500's in a virtual chassis that form the core of our network. These are connected via fiber to our 22 edge data closets which all have stacks of EX4200's. The EX4500 runs layer 2 and 3 routing between about 30 different vlans. Out of the box, the EX series switches all have a bridge priority of 32768. On our core we have this in the config

rstp {

   bridge-priority 20k;

}

 

Since the core switch has the lowest bridge priority, it is the Root Bridge. We are about to trade out the EX4500s for a stack of two EX4600s that will be the core of our network. Based on a previous post, I think that the EX4600 handles spanning-tree differently. Besides including the same rstp statement in the EX4600 config, is there something else I should be aware of with the EX4600  and spanning-tree?

Trusted interface entry in dhcp snooping binding.

December 30, 2017, 11:27 pm
$
0
0

Do trusted interfaces have any enrty in DHCP SNOOPING DATABASE?

 

user@switch> show dhcp snooping binding

DHCP Snooping Information:
MAC Address             IP Address Lease   Type     VLAN    Interface
-----------------       ---------- -----   -------  ----    ---------
00:00:01:00:00:03       192.0.2.0  640     dynamic  guest    ge-0/0/12.0
00:00:01:00:00:04       192.0.2.1  720     dynamic  guest    ge-0/0/12.0
00:00:01:00:00:05       192.0.2.5  800     dynamic  guest    ge-0/0/13.0

ex4200 EX-UM-2X4SFP.module support 1G +10G or all port 4x1g or 2x10G

January 3, 2018, 3:28 am
$
0
0

Hello,

Does anyone know how Ex4200 EX-UM-2X4SFP.works? If we can use 1G +10 mix or we can only use all port as 4x1G and 2x10G at same time?

Right now we have two fiber coming and one support 10G and other support 1G. we are trying to mix the link but not sure if it support.

Thanks in advance.

 

EX-UM-4X4SFP module

January 4, 2018, 5:16 am
$
0
0

Can I the ports be configured as host access ports?  I want to connect some new servers via 10GbE.

Using configuration group to apply configuration to ports across linecards?

January 5, 2018, 10:19 am
$
0
0

Hey all,

 

I'm looking for a way to get Juniper to recognize wildcards properly across linecards and ports. I looked at the document here:

 

https://www.juniper.net/documentation/en_US/junos/topics/concept/junos-cli-wildcard-characters-configuration-groups-usage.html

 

But apparently things get hairy if you attempt to use more than 1 set of brackets? So say I have 12 linecards, and I want to apply the same configuration to ports 35 and 36 across fpc 0 through 10 - the following doesn't work:

 

<ge-[0-10]/0/[35-36]>

 

Anybody know the solution to keep this configuration simple? It's applying the configuration to unwanted ports. Maybe I'm just doing it wrong, but the document doesn't really give me the information I need to know where it's wrong.

 

Any insight would be great.

 

Thanks!

Does JUNOS 11.4R7.5 support sflow?

January 9, 2018, 8:41 am
$
0
0

Does  JUNOS 11.4R7.5 support sflow?

Thanks

Search

Firewall filter to accept traffic from tcp, udp except destined for ssh/telnet

January 9, 2018, 9:28 am
$
0
0

Hey all

I need to configure firewall filter to accept traffic from a customized range of  TCP/UDP ports except destined to port ssh/telnet from source 192.168.1.0/25.

How do I define customised range like an address book in srx

 

Show commands in Configuration mode

January 11, 2018, 2:44 pm
$
0
0

Is there an equivilent to the Cisco "do" command that allows you to perform show commands (for operational mode) while in Configuration mode?

 

For example, in Cisco while in config mode (regardless of level, system or an interface, etc) I could run "do show run conf" and it would show the switch configuration.  You didnt have to exit all the way back.

 

Is this possible in Junos?  Is there a way to run operational show commands (ie show configuation, show vlans, show interface details, etc) while in config mode?

Compatibility Cisco Rapid-PVST and Juniper EX MSTP

January 11, 2018, 11:52 pm
$
0
0

Hi guys,

just a short question.

Lets assume we have a Cisco Catalyst running STP Version Rpaid-PVST and now connect a Juniper EX-Switch running MSTP.

The MSTP is configured to have 3 Instances -> CIST / MSTI1 / MSTI2

 

Will these STP-Versions be compatible (and if yes, which STP-Version will it be), or are these STP-Versions incompatible and the switches will run as "standalone"-Boxes and the Cisco and the Juniper-Switch will be a root-bridge for themselves ?

 

Thank you so much,

 

Chrisotph.

Set 4 ports to un managed

January 14, 2018, 12:51 pm
$
0
0

Hi' guys,

 

Can anyone help me with this,

 

I have an ex3300 switch tha ti am configuring. There is a learning curve so in the meantime i would like to know how can i assign 4 ports to act a s a dumb unmanaged switch ? Switch is connected to DHCP server and 3 appliances connected to switch. All i want for now is to reach the dhcp server via the switch.

 

Can you help me with this please ?

JWeb Dashboard not showing, everything else work

January 15, 2018, 10:00 am
$
0
0

Just installed two EX4600 in a virtual chassis. Running Junos 14.1X53-D45.3 which is the J-Tac recommended version. We did install JWeb but when we login, the Dashboard is empty. Other links under Configuration, Monitor, Maintain, etc. work just fine. I did restart the web-management service with no luck.

 

Any ideas?

Software upgrade techniques for QFX10008 / MC-Lag

January 16, 2018, 1:50 pm
$
0
0
Hi everyone,
We are currently going through the standard rfp for our core switching architecture. The switch that seems to suit our needs is the qfx10008. Our se is saying there’s no way to perform a hitless upgrade with two of these guys in Mc-lag. Is that true? I haven’t been able to get my hands on a set of these yet to confirm but can’t find any documentation on issu for qfx10008. It just seems odd to have to take an outage with a switch of this stature to upgrade it. Also has anyone out there upgraded these with mc-lag / l3 Routing enables? How has your experience been?

Thanks! I really appreciate all the comments and advice!

Harold

Interface storming for validation of physical interface robustness

January 16, 2018, 3:25 pm
$
0
0

I am testing to ensure line rate traffic run for N days between Juniper and the System Under Test is stable/error free and I want to not introduce a dedicated traffic generator (Ixia/Spirent/Etc...). The idea is to generate a handful of frames from the System Under Test using the broadcom tool and the storm those same frames between all interfaces under test for N days.

 

Scenario:

SUT Port A ----> Port A MX480 Port B MX480 ----> Port B SUT

Note SUT is the same system in the same forwarding domain (vlan 1600)

 

 

Question: is there a way to enable Juniper Mx480 ports to be a 'dumb pass through' for a storm? I have my config below which uses bridge domains for vlan switching.

 

The problem I am having is that the Juniper interface seems to be dropping duplicate SA's and detecting the storm before it starts (theory at this point)

 

So far what I’m seeing is that one of the two interfaces is dropping the traffic at the interface level;

 

  MAC statistics:                      Receive         Transmit                                                                                                                                 

    Total octets              1037260846183188  993994070084256

    Total packets               15253859753479   14621189768338

    Unicast packets                 2872399475       1255040236

    Broadcast packets           15250987353091   14558226155616

    Multicast packets                        0                0

    CRC/Align errors                         0                0

    FIFO errors                              0                0

    MAC control frames                       0                0

    MAC pause frames                         0      61708575023

    Oversized frames                         0

    Jabber frames                            0

    Fragment frames                          0

    VLAN tagged frames          15253455467148

    Code violations                          0

    Total errors                             0                0

  Filter statistics:

    Input packet count          15253794449457

    Input packet rejects             392361777

    Input DA rejects                         0

    Input SA rejects                         0

    Output packet count                          14621127169687

    Output packet pad count                                   0

    Output packet error count                                 0

    CAM destination filters: 0, CAM source filters: 0

 

I’m curious why the input packet rejects doesn’t indicate SA or DA rejects?

 

Configuration

 

# add interfaces to the bridge domain

set interfaces et-5/0/2 vlan-tagging
set interfaces et-5/0/2 encapsulation extended-vlan-bridge
set interfaces et-5/0/2 unit 100 vlan-id 100

set interfaces et-5/0/5 vlan-tagging
set interfaces et-5/0/5 encapsulation extended-vlan-bridge
set interfaces et-5/0/5 unit 100 vlan-id 100


# add bridge domain interface config

set bridge-domains vlan-100 domain-type bridge bridge-options no-mac-learning
set bridge-domains vlan-100 interface et-5/0/2.100
set bridge-domains vlan-100 interface et-5/0/5.100

 

Any ideas, possible solutions, or even suggestions would be appreciated. Thank you in advance

Search

QFX5100 VxLAN

January 17, 2018, 1:03 am

cant route between vlans (SRX & EX)

January 18, 2018, 1:54 am
$
0
0

i configured ae0 aggragation link between SRX and EX switches as below:

the link worked but i want SRX to route between these vlans. when i tried to add interface ae0 to zone trust i got an error to config unit 0 at ae0 interface!.

 

SRX:

    ae0 {
        vlan-tagging;
        aggregated-ether-options {
            minimum-links 1;
            lacp {
                passive;
            }
        }
        unit 2 {
            vlan-id 2;
            family inet {
                address 192.168.22.1/24;
            }
        }
        unit 3 {
            vlan-id 3;
            family inet {
                address 192.168.33.1/24;
            }

-----------------------------------------

EX:

    ae0 {
        aggregated-ether-options {
            minimum-links 1;
            lacp {
                active;
            }
        }
        unit 0 {
            family ethernet-switching {
                port-mode trunk;
                vlan {
                    members 2-3;
                }

 

    ge-0/0/22 {
        unit 0 {
            family ethernet-switching {
                port-mode access;
                vlan {
                    members vlan-2;
                }


    ge-0/0/23 {
        unit 0 {
            family ethernet-switching {
                port-mode access;
                vlan {
                    members vlan-3;

------------------------------------------------------

 

EX2300-C which license for VC

January 18, 2018, 3:13 am
$
0
0

Hello,

 

I want to create a virtual chassis using 2x EX2300-C-12P switches.

In the future this virtual chassis will be extended with one or two EX2300-24P.

 

From what I understand it's possible to do this.

Concerning licensing I've read that each individual switch in the virtual chassis must have a VC license installed.

 

For the EX2300-24P it's clear that this is the EX2300-VC license.

 

For the EX2300-C-12P it's absolutely not clear.

According to the datasheet there's only one license for EX2300-C:

  EX-12-EFL enhanced feature license which - according to the datasheet - includes a VC license.

According to the tech library the enhanced feature license for EX2300-C is EX-24-EFL - not EX-12-EFL.

According to my local juniper partner, the license to get is EX2300-VC.

 

I've contacted JTAC thinking the guys that make it know how it works
but unfortunately they forwarded me to Sales.

 

I've contacted Juniper Sales but they haven't gotten back to me for several days now
where usually they respond swiftly.

 

(1) Does anyone have experience with this setup and can enlighten me on which licenses are the correct ones?

(2) Suppose EX-12-EFL works - can I still use it when adding a 24-port model to the VC later?
  (provided the 12-port switches remain master and backup)

 

Thanks in advance,

 

Dominic

EX-2200 Can't ping RVI interface itself from hosts belonging to other vlan

January 19, 2018, 5:26 am
$
0
0

Maybe I'm new in Juniper Network and you'll find a fast resolution for this issue.

But, following my past experience in networking and security, this problem still strange for me :-)

 

SIMPLIFY LAB ENVIRONMENT:

EX-2200 ->trunk -> SRX-110

On the EX-2200 I've two vlans:

- CONTACT

- DATA

On the SRX-110 I've one vlan:

- CONTACT

 

PROBLEM:

I've one PC connected to EX-2200 in access to DATA vlan.
The problem is that PC is able to ping RVI_DATA but not RVI_CONTACT! something if routing on the EX should be disabled or security policy on EX are involved*... BUT ... From the SRX itself, if I try to ping the PC, IS WORKING WELL!

*Security policy on the EX as far as I read shoudn't be put in place...is not one SRX.

- Why I'm not able to ping the other RVI interface?! [here... I really don't know wky...]

- Why I'm not able to ping the SRX? [maybe something wrong on the security zone configuration?!]

 

CONFIGURATION EXTRACT:

EX-2200:

interfaces {
ge-0/0/0 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members all;

 

vlan {
unit 10 {
description CONTACT_VLAN_AND_MANAGEMENT;
family inet {
address 10.10.10.254/24;
}
unit 30 {
family inet {
address 10.30.30.1/24;

 

routing-options {
static {
route 0.0.0.0/0 next-hop 10.10.10.1;

 

 

vlans {
CONTACT-MGMT {
vlan-id 10;
l3-interface vlan.10;
}
DATA {
vlan-id 30;
l3-interface vlan.30;

 

SRX:

interfaces {
fe-0/0/0 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members all;

 

vlan {
unit 10 {
family inet {
address 10.10.10.1/24;

 

zones {
security-zone CONTACT-INSIDE {
description "Contact inside to HQ internal";
interfaces {
vlan.10 {
host-inbound-traffic {
system-services {
all;

 

vlans {
vlan-10 {
vlan-id 10;
l3-interface vlan.10;

 

PC

10.30.30.33

255.255.255.0

10.30.30.1 gw

 

 WHY I'M NOT ABLE TO PING 10.10.10.254 OR 10.10.10.1?

J-Web, Flash to HTML5, when?

January 19, 2018, 12:15 pm
$
0
0

The title says it all. Currently J-Web on our switches (EX4200, EX4500, and EX4600) uses Flash to render certain parts of the interface. When is Juniper going to release a version of J-Web that uses HTML5 instead of Flash?

Viewing all 2326 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>