Hi experts,
any one successful in installation of vQFX on openstack ( Redhat in particular). Is there any documentation available as I am not able to find as we have for vMX. Can someone point me towards any link useful to start with.
Regards,
Muhammad Hasnain
Hi I want to ask you how you can convert Mib files to XML for Zabbix?
I read about mib2zabbix.pl and about mib2template.pl, and I did see that the mib2template.pl work for me but with Mib file for Mikrotik.
I move all mib.txt files of Juniper to /usr/share/snmp/mibs/
When I run:
snmptranslate -m /usr/share/snmp/mibs/mib-jnx-fabric-chassis.txt -Tz | egrep '"1\.3\.6\.1\.4\.1\.[0-9]+"'
The result is:
"juniperMIB" "1.3.6.1.4.1.2636"
Now I run :
./mib2template.pl --module JUNIPER-FABRIC-CHASSIS --root 1.3.6.1.4.1.2636 --group Templates > mib-jnx-fabric-chassis.xml
And the result is:
2018-04-11 13:44:14 WARN> Parent OID .1.3.6.1.4.1.2636 belongs to JUNIPER-SMI, which isn't among the ones specified with --module option
Why with Juniper Mib files I cant generate xml template?
My question is how you can write template for Zabbix from Juniper MIB files?
They are not like Mikrotik, in Mikrotik case I see only one file in .mib extension.
In Juniper case I see only .txt files 140 + files...
I downloaded them from here:
https://www.juniper.net/documentation/software/index_mibs.html
Standard and Juniper Mibs, but with snmp builder and mib2zabbix and mib2template perl scripts I can't do template for Zabbix, I am successfully with onle few mibs from 140+ inside in both folders, Standard and Juniper Mibs.
I tryed with 17.3 Jun Os release mib txt files.
Where can I find more information about Juniper mibs and how to use them in Zabbix Server?
Hello Experts,
root> show virtual-chassis | grep NotPrsnt 2 (FPC 2) NotPrsnt PE3718010358 ex4300-48t 8 (FPC 8) NotPrsnt unknown 9 (FPC 9) NotPrsnt unknown
Is there anyway we can delete the not present switches from VC?
root> show configuration virtual-chassis
member 6 {
mastership-priority 255;
}
member 1 {
mastership-priority 254;
}
{master:6}
root>
Hey all,
This is my first Juniper switch and I've done a lot of learning the last couple of days. I have worked with Adtran and cisco switches in the past.
I have 2 EX4300 switches configured in virtual chasis. the Master switch is connected to an EdgeRouter that is supplying the L3 VLANS like so:
#EdgeRouter Configuration
ethernet eth1 { description "LAN" duplex auto speed auto vif 2 { address 10.10.0.1/22 } vif 3 { address 10.10.4.1/22 } vif 4 { address 10.10.6.1/24 } vif 5 { address 10.10.7.1/24 } vif 10 { address 10.10.10.1/24 }
I want to trunk all these VLANS to the EX4300, but having trouble configuring the Uplink port. The EX4300 should be part of vlan 2 and have a management address of 10.10.0.2. On my old Adtran, I had to configure it's own uplink VLAN on the switch and assign the uplink port that VLAN. Seems like this would be an easy thing to do... My current EX4300 uplink port configuration looks like this:
#Set Uplink Port set interfaces ge-0/0/23 unit 0 family ethernet-switching port-mode trunk set interfaces ge-0/0/23 unit 0 family ethernet-switching vlan members vlan2 set interfaces ge-0/0/23 unit 0 family ethernet-switching vlan members vlan3 set interfaces ge-0/0/23 unit 0 family ethernet-switching vlan members vlan4 set interfaces ge-0/0/23 unit 0 family ethernet-switching vlan members vlan5 set interfaces ge-0/0/23 unit 0 family ethernet-switching vlan members vlan10 set interfaces ge-0/0/23 native-vlan-id 2 #Setup Static Route to EdgeRouter set routing-options static route 0.0.0.0/0 next-hop 10.10.0.1 #Setup Vlans set vlans vlan2 vlan-id 2 set vlans vlan3 vlan-id 3 set vlans vlan4 vlan-id 4 set vlans vlan5 vlan-id 5 set vlans vlan10 vlan-id 10 #Set management address set interfaces vme unit 0 family inet address 10.10.0.2
I'm not sure how I should setup the management interface. Documentation says I should assign it to the virtual chasis interface, but on my Adtran switches, I would assign an address to the vlan 2 interface. I think this is where my problem is.
Any help is grealty appreciated!
Does firewall filters / ACLs on EX (3400, 4300 etc.) can affect data plane performance / bandwidth or forwarding latency? Does it matter how complex they are and what actions they perform? (I am aware of TCAM size restrictions and I am NOT asking about it. I am asking specifically about performance hit / latency filters might introduce. )
I am about to implement quite complex ingress filters on routed VLAN interfaces (RVIs) with heavy use of FBF (routing-instance action) and I am wondering how it will affect performance.
Regards,
Pawel Mazurkiewicz
Hello Experts,
Since I am relatively new to Juniper world, I am not fully confident how to configure STP in Juniper switches.
Can anyon please give me some advice on enabling STP on 2 switch EX4300 VC. I have aound 100 VLAN in switch. I want to enable STP for all the VLANs in all the ports. Do I have to use RSTP or VSTP?
Note: These EX4300 is connected to other Cisco switches.
Hello.
Just posting how we got around the legacy 7960/7940 CDP required issues .
First we did a tcpdump capture from one of the cisco switches that sends info to the legacy phone..
Using a linux box(es) we replay the packet back via tcpreplay from the linux box clicked into the Juniper EX poe platforms.
This is just how i did this.. As you can guess there are a few other ways to do this... Hope this helps someone in need..
**PS .. i got this idead after reading the older JUNOS Enterprise Switching book as they spoke about sending CDP to company C gear..
I use Fedora / Centos / Rhel but Deb and Freebsd have tcpreplay in their repos. And note tcpreplay is CPU intensive on my little system76 nuc boxes when im spraying this over 8 vlans at some of my sites when im doing a Juniper install.
Here is what is in my rc.local
#######used for cisco to juniper migrations
## load the dot1q mod so we can do vlans
/usr/sbin/modprobe 8021q
## for completeness doing it with ip link aka iproute2 tools
ip link add name eno1.2 link eno1 type vlan id 2
ip link add name eno1.3 link eno1 type vlan id 3
#ip link add name eno1.4 link eno1 type vlan id 4
ip link add name eno1.5 link eno1 type vlan id 5
ip link add name eno1.6 link eno1 type vlan id 6
etc>>etc
## since we dont need to a l3 address to throw packets we can just bring up the interfaces and pump cdp out of those interfaces.
ip link set eno1.2 up
ip link set eno1.3 up
ip link set eno1.4 up
ip link set eno1.5 up
ip link set eno1.6 up
etc>>etch
#ip link set eno1.99 up
## Now we do the replay work.
## load tcpreplay and use screen so we can attach to the output window to see if its running or not.
tcpreplay --pps=1 --loop=0 -i eno1.2 /home/tom.greaser/cisco-switch-telling-voice-data-vlan-via-cdp-packet.pcap &
tcpreplay --pps=1 --loop=0 -i eno1.3 /home/tom.greaser/cisco-switch-telling-voice-data-vlan-via-cdp-packet.pcap &
tcpreplay --pps=1 --loop=0 -i eno1.4 /home/tom.greaser/cisco-switch-telling-voice-data-vlan-via-cdp-packet.pcap &
tcpreplay --pps=1 --loop=0 -i eno1.5 /home/tom.greaser/cisco-switch-telling-voice-data-vlan-via-cdp-packet.pcap &
tcpreplay --pps=1 --loop=0 -i eno1.6 /home/tom.greaser/cisco-switch-telling-voice-data-vlan-via-cdp-packet.pcap &
Thats it.. YOUR FREE..!!!
If anyone needs help with this just reply back.. Im a busy Husband,Dad,IT Guy,Welder,Car Guy, so please be patient.
**ps i made a cron minute to check the status to make sure tcpreplay is still running and if not restart it . but thats outside this post
Hi all,
we currently facing following scenario.
We try to implement two PulseSecure Gateways in a High-Availibilty-Setup.
(Maybe some of you already have some experiences with the devices. Pulse was once owned by Juniper and the PulseSecure Gateways was onced known as Juniper MAG`s).
So we have two datacenters. In each datacenter we run a virtual chassis of 3 EX4300 in each datacenter.
An aggregated interface which is configured as trunk via DWDM-Line connects the both datacenters.
A PulseSecure Gateway should be deployed per datacenter and the both PulseSeucreGateways should form a cluster and run HA.
PulseSecureGateway = PSA
PSANODE0---EX4300===DWDM===EX4300---PSANODE1
The problem we are currently facing is:
The PSAs have 3 ports: Internal / External / Mgmt
The Issue we now have is with the INternal-Port.
The Internal-Port is used for device-related services, like establishing HA, send AUTH-Requests, query DNS ....
These traffic is configured wihtin the "native" Internal-Port and the traffic also always send untagged.
But also, you can configure VLAN-Interfaces upon the INternal Interface, like customer traffic, and these traffic of course is tagged.
So, you have one pyhsical cabel, but you send and receive tagged and untagged traffic at the same time over it.
So, in my understandig, we need to set the native-vlan-statament.
Like I mention, some system services are send untagged via internal port. these are for example auth-request, or also DNS-Queries.
My DNS-Server is reachable via VLANXY. The DNS-Server is a virtual machine and the hypervisor is connected via trunk to the network.
So, lets assume, the VLAN in which my DNS-Server is located is VLAN25. The VLAn25 of course is a productive VLAN in which many servers and devices are located.
So I end up with the question. Can I now set on this specific port, which connects the EX4300 to the PSA INternal Port, the native vlan to 25.
Could this lead to issues in my productive vlan25 ?
For exmaple:
ge-0/0/31 {
description "psanode0";
native-vlan-id 25;
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members [ 5 10 15 25 ];
}
}
}
}
As I mentioned, keed in mind. The vlan25 already exists and it is a productive vlan, in which many devices are already located and running.
So the important question for me: Will there be issues / anomalies or something like this, when I akctivate native-vlan statement.
Thanks to you all, Christoph.
I have a simple question regarding EX2200 switches and DA cables. I found an article describing the compatibility of DA cables. However, there is nothing about EX2200 switches.
Do the EX2200 switches support Direct Attach cables?
Hi all!
Newbie here, I've been trying to setup an OOB network for our EX4300 switches in a VC. I would like to individually assign IP addresses to the me0.0 interface on each switch (master, backup, linecards). We want to go this route instead of VME to monitor by ping.
In the config we are using groups -> member# -> interfaces -> me0 -> unit 0 -> family inet -> address -> x.x.x.x/21
I've read the article here about troubleshooting and assigning linecards individual IP addresses. My question, is there no other way to assign an IP address to these individual switches me0.0 interface besides going in shell and using ifconfig?
Thanks for any help!
Hi,
We have a EX4300-48t virtual-chassis with 2 members, apparently working fine and with no alarms, but we are all the time getting in the log messages this:
Apr 24 07:37:14 CPCL-UKBAS-01-0001 pfex: [EX-BCM PIC] phy_BCM84756_edc_complete_wait: EDC configuration not complete 0x8a40 port 51
Apr 24 07:37:14 CPCL-UKBAS-01-0001 fpc0 [EX-BCM PIC] phy_BCM84756_edc_complete_wait: EDC configuration not complete 0x8a40 port 51
Apr 24 07:37:14 CPCL-UKBAS-01-0001 fpc1 [EX-BCM PIC] phy_BCM84756_edc_complete_wait: EDC configuration not complete 0x8a40 port 51
It is shown every second. Do you know what could be the issue and how to fix it?
Thanks!
We are a K-12 school district and nearly every classroom has a networked laser printer. We will be putting in IP phones over the next six months. The IP phones all have two RJ45 jacks, and in and an out. We want to come out of the wall jack with a patch cable to the phone and then another patch cable from the phone to the printer. All of our printers have DHCP reservations set so they pick up an IP address via DHCP. The phones will be in a completely different vlan than the printers. They need to be in separate vlans so we can set QOS rules for the phones. I know we have to make trunk ports on our EX4200 switches to carry the two vlans (printer and IP phone). Two questions:
Hi all,
just a quick and really simple one :-)
please confirm: after adding new ports to the switch-config, I also want to include these new ports within the STP-Config (MSTP).
The new ports will be edge devices.
So, this can be done during regular runtime, correct ? The other currently running ports will not be affected, correct ?
I know, this is a really simple question .... so if someone could just quickly confirm 
Thanks, Christoph
Hi,
just two short questions:
1)
On an EX4300 with ELS-Firmeware, when I configure MSTP, I only can select the "whole" interface
set protocols mstp interface ge-0/0/27
When I configure MSTP on a non-ELS-Switch the subinterface is included
set protocols mstp interface ge-0/0/27.0
Is this normal behavior ?
2)
I think I found a incorrect statement in junipers documetation:
It says:
Display the configured or calculated interface-level spanning-tree protocol (can be either STP, RSTP, or MSTP) parameters. In brief mode, will not display interfaces that are administratively disabled or do not have a physical link.
But when I do a "show spanning-tree interface brief" also the Disabled und Disconneted Interfaces are listed.
Can someone else confirm that ?
Thanks to you all,
Christoph.
Hello guys,
In a EX4300 stack SW-Cisco stack SW aggregated connection, I tried renaming an existing VLAN and using the previous VLAN to rename another existing VLAN in one commit as shown below:
xxx@sw1# rename vlans FREE-560 to FREE-xxx
{master:0}[edit]
xxx@sw1# rename vlans FREE-559 to FREE-560
xxx@sw1# show | compare
[edit vlans]
- FREE-559 {
- description "### FREE ###";
- vlan-id 559;
- }
[edit vlans FREE-560]
- description "### FREE ###";
- vlan-id 560;
- l3-interface irb.560;
+ description "### FREE ###";
+ vlan-id 559;
[edit vlans]
+ FREE-xxx {
+ description "### FREE ###";
+ vlan-id 560;
+ l3-interface irb.560;
+ }
xxx@sw1# commit
fpc0:
configuration check succeeds
fpc1:
commit complete
fpc2:
commit complete
fpc0:
commit complete
{master:0}[edit]
After commiting, traffic stops between on VLAN FREE-560 between both switches. But when I rename in two commits as shown below, it worked fine:
xxx@sw1# rename vlans FREE-560 to FREE-xxx
{master:0}[edit]
xxx@sw1# commit
fpc0:
configuration check succeeds
fpc1:
commit complete
fpc2:
commit complete
fpc0:
commit complete
xxx@sw1# rename vlans FREE-559 to FREE-560
{master:0}[edit]
xxx@sw1# commit
fpc0:
configuration check succeeds
fpc1:
commit complete
fpc2:
commit complete
fpc0:
commit complete
Any idea what's happening?
We have a situation where External Switch Tagging, which we prefer, will not work on some new HPE server while Virtual Switch Tagging works fine. This server is plugged into an EX4500 switch. The pdf tells the story. Is there something wrong with our setup? Something else to check?
Hello All,
This is my first post so apologies if it's not as detailed or I miss something out. I was hoping you can help me with an odd problem I have.
Scenario:
I have a management subnet/vlan. An IP from this network has been assigned to all management machines along with the management interface for the EX3300 virtual chassis. Let's say 10.1.1.0/24
I have migrated all management machines from the above vlan to a newly created vlan, let's say 10.2.2.0/24. All management machines now have an IP address assgined in the 10.2.2.0/24. An ssh session can be established from 10.2.2.0/24 to the management interface of the EX3300 virtual chassis on the 10.1.1.0/24 subnet however after session being established, it hangs and is disconnected after 30 seconds. I've tested this and it happens on all other management machine on the 10.2.2.0/24 network.
Has anyone ever come across this?
Hi All,
I have strange problem with 2 * qfx5100 with mc-lag and irb + ospf
MC-LAG peers have configured static-arp on irb interfaces. Everything works ok. Vlans without IRB works as it should be.
But the problem is with vlans with IRB. When traffic goes from downlink host to IRB MAC of peer2.
Traffic goes like this:
downlink-host > to peer1 mc-lag over mcae > to peer2 (to MAC on IRB)over ICL
Packet gets to peer2 but when traffic comes from downlink-host to peer1, peer1 treat this as unknown unicast because don't know peer2 MAC.
Documentation says:
"The IRB MAC address of each MC-LAG peer is replicated on the other MC-LAG peer and is installed as a MAC address that has been learned on the ICL"
but my mc-lag peers dont know each other's IRB MAC's 
Any ideas?
I tried on JTAC recommended Junos14 and on Junos18 - didn't help
Configuration is very similar to this document: https://www.juniper.net/documentation/en_US/release-independent/nce/topics/example/multichassis-link-aggregation-ex9200-series.html
After I tried to zeroize the EX2300, It came back and lost all of its functionality.
Meaning; Bricked and No Junos at all.
I tried the top 10-google search/output, and no success.
What I have tried?
- tftpboot with bootable USB > Data is flowing but after completing transfer the promt returns, nothing happened!
- install from loader > error; /bin/sh install not found
- in Menu option bootmenu: boot from USB > attempting to access USB > Fail and return to Main-menu
So, there is one option I did not tried.
- Recover from snapshot of an identical switch.
And here is my question;
-Can anyone provide me a snapshot from a Juniper EX2300 48 port switch?
It can be retrieved by this command:
"request system snapshot media usb partition"
I would be delightful by any help!
Thanks in advance.
Are