I tried to setup a mirror port on my EX9214 but it fail, the state always show "Down"

I follow instruction given in this page https://kb.juniper.net/InfoCenter/index?page=content&id=KB28604

is there anything I misconfiged?  Thank you

RE1> show forwarding-options analyzer porttrace
Analyzer name : porttrace
Mirror rate : 1
Maximum packet length : 0
State : down
Ingress monitored interfaces : ge-0/0/3.0
Ingress monitored interfaces : ge-0/0/8.0
Ingress monitored interfaces : ge-0/1/1.0
Ingress monitored interfaces : ge-12/0/3.0
Ingress monitored interfaces : ge-0/1/2.0
Ingress monitored interfaces : ge-0/1/3.0
Ingress monitored interfaces : ge-0/1/5.0
Ingress monitored interfaces : ge-1/2/1.0
Ingress monitored interfaces : ge-13/2/1.0
Ingress monitored interfaces : ge-12/1/3.0
Ingress monitored interfaces : ge-12/1/5.0
Ingress monitored interfaces : ge-12/1/1.0
Ingress monitored interfaces : ge-12/1/2.0
Egress monitored interfaces : ge-0/0/3.0
Egress monitored interfaces : ge-0/0/8.0
Egress monitored interfaces : ge-0/1/1.0
Egress monitored interfaces : ge-12/0/3.0
Egress monitored interfaces : ge-0/1/2.0
Egress monitored interfaces : ge-0/1/3.0
Egress monitored interfaces : ge-0/1/5.0
Egress monitored interfaces : ge-1/2/1.0
Egress monitored interfaces : ge-13/2/1.0
Egress monitored interfaces : ge-12/1/3.0
Egress monitored interfaces : ge-12/1/5.0
Egress monitored interfaces : ge-12/1/1.0
Egress monitored interfaces : ge-12/1/2.0

Dear Juniper

What is the number of QSFP+ build in EX4300MP?.  Information in datasheet and 4300 hardware guide is not equal.

Hi 

Can I enable GRES for OSPF, BGP and IS-IS for uninterrupt packet forwarding? In case of 

1. One EX9208, Two REs installed on same device and one of them failed 

2. Two EX9208, Two REs installed on each devicees and all of one EX9208 failed

Note: I enabled MC-LAG on two of EX9200 switches.

Thank you !

Don't have an active contract - just sharing as this may help someone.

Starting from 15.1X53-D58, there's undocumented change in RSTP protocol behavior with the following configuration:

(instead of ae0 there may be any trunk interface)

{master:0}[edit protocols rstp]
interface ae0 {
    mode point-to-point;
}
interface all {
    edge;
}
bpdu-block-on-edge;

Up to 15.1X53-D57 release, and on 12.3 this configuration results in the following:
1. Interfaces defined as point-to-point receive/forward BPDUs.
2. All other interfaces are edge and are blocked when a BPDU is received.

From D58 and 18.4 onwards:
1. All interfaces are defined as edge.
2. Interface ae0 mode point-to-point is not applied or overwritten, resulting in blocking uplink ports as soon as BPDU is received.

Workaround:

{master:0}[edit protocols rstp]
/* Deactivated, causes STP BLK */
interface all {
inactive: edge;
}

Then, add required interfaces with a wildcard/individually.

@Juniper what's happened with your release management/QA?  15.1X53-D590 is right after 15.1X53-D59.4 

Dears,

I'm configured lacp between two witches EX2200, but when check just one port working.

NOTE: Link between two switches is Microwave-Link.

Speed ae0 interface just 1gig, and one link working,not both two link.

We have a scenario where we have a customer prem switch say in an MDU with multiple tennants.  Many of them order metro internet service.  This service is delivered across our network on a specific VLAN.  So in an MDU with multiple customers with the same service but different speed profiles there is no way to individually police the download direction as you can only police on ingress, so there is no way to do that on the inbound trunk into the CPE switch.  Is there any way to do this at layer 2?  I'm wondering if using private vlans and setting the trunk as the promiscuous port and each tennant as a community or isolated vlan then trying to throttle that way because each customer would have their own vlan tied to the incomming vlan on the trunk.  Any thoughts?

we had the server ports set up as MC-LAG at first, but the server team change to SET teaming in the server and that does not do LACP 

QFX-a and are connect with AE256 for iccp and icl (ports 30 and 31 on both make the 200G link)

uplink to current Core is from QFX-A 

MACs on QFX-B are not learned on QFX-B witch we think is causing a unicast storm, if you ping a VM on the server from a nexus or junos you get the (DUP!) alarms 

if we shut the server ports on QFX-A those alarms go away 

why  are we not learing the MACs on the trunk from QFX a to QFX-b? 

is this not suppported topology? (the MClag docs say a standalone should mac learn via the iccp) 

There are 2 MC-LAG ports configed and they ARE learing MACS 

do we have a config wrong ? unsupported topo ? 

Juniper TAC said the L2-learing needed restarted, we tried that, chassis control, interface control, iccp services, and rebooted both boxes and the issue remains. 

I admit it could be an issue on the server side, but my job is the Network and I have no access to server. just trying to verify my side of things. 

Thoughts, facts and experance you have would be helpful

Server plug into both QFX's 100g, with set teaming configed 

we did try to MC-lag from both QFX to our core with nexuss VPC but it kept failing randomly, so did a single L2 link to the core from QFX-A 

Please help, I try to deploy a radius on ex2200, but there was a problem if there are two IP phones connected to the port, then one of these phones is fading.
Only one mac address is visible on the port. At the same time with computers such problems do not arise.
config:
set access radius-server 192.168.0.2 secret "1234"
set access radius-server 192.168.0.3 secret "5678"
set access profile radius_lan authentication-order radius
set access profile radius_lan radius authentication-server 192.168.0.2
set access profile radius_lan radius authentication-server 192.168.0.3

set protocols dot1x authenticator authentication-profile-name radius_lan
set protocols dot1x authenticator interface radius_port supplicant multiple
set protocols dot1x authenticator interface radius_port mac-radius restrict
set protocols dot1x authenticator interface radius_port server-reject-vlan vlan.20

set interfaces interface-range radius_port member ge-0/0/21

set ethernet-switching-options voip interface ge-0/0/21.0 vlan vlan.30

information on the port before applying the configuration:
run show ethernet-switching table interface ge-0/0/21
Ethernet-switching table: 6 unicast entries
VLAN MAC address Type Age Interfaces
vlan.10 * Flood - All-members
vlan.10 00:0a:6b:03:1a:c3 Learn 1:22 ge-0/0/21.0
vlan.10 00:0a:6b:03:1a:ed Learn 1:28 ge-0/0/21.0
vlan.10 50:46:5d:70:90:75 Learn 0 ge-0/0/21.0  PC
vlan.10 54:04:a6:a5:1a:85 Learn 0 ge-0/0/21.0  PC
vlan.30 * Flood - All-members
vlan.30 00:0a:6b:03:1a:c3 Learn 0 ge-0/0/21.0   IP phones
vlan.30 00:0a:6b:03:1a:ed Learn 0 ge-0/0/21.0  IP phones

results

run show dot1x interface ge-0/0/21
802.1X Information:
Interface Role State MAC address User
ge-0/0/21.0 Authenticator Authenticated 00:0A:6B:03:1A:C3 000a6b031ac3
ge-0/0/21.0 Authenticated 50:46:5D:70:90:75 50465d709075
ge-0/0/21.0 Authenticated 54:04:A6:A5:1A:85 5404a6a51a85
run show ethernet-switching table interface ge-0/0/21
Ethernet-switching table: 3 unicast entries
VLAN MAC address Type Age Interfaces
default * Flood - All-members
vlan.10 * Flood - All-members
vlan.10 50:46:5d:70:90:75 Learn 0 ge-0/0/21.0
vlan.10 54:04:a6:a5:1a:85 Learn 0 ge-0/0/21.0
vlan.30 * Flood - All-members
vlan.30 00:0a:6b:03:1a:c3 Learn 0 ge-0/0/21.0

run show lldp neighbors
Local Interface Parent Interface Chassis Id Port info System Name
ge-0/0/23.0 - f0:1c:2d:bd:ba:c0 ge-0/0/47.0 ATC3
ge-0/0/21.0 - 192.168.30.20 WAN PORT Tadiran
ge-0/0/8.0 - 192.168.30.28 WAN PORT Tadiran
ge-0/0/16.0 - 192.168.30.112 WAN PORT Tadiran
ge-0/0/21.0 - 192.168.30.175 WAN PORT Tadiran (disappeared)

Where did I make a mistake?

Hi 

I 've configured DHCP relay on EX4300 but DHCP message is not be forwarded to DHCP server. 

Here is my configuration.

set forwarding-options dhcp-relay server-group CP 10.1.2.99
set forwarding-options dhcp-relay server-group CP 10.1.3.254
set forwarding-options dhcp-relay active-server-group CP
set forwarding-options dhcp-relay group server active-server-group CP
set forwarding-options dhcp-relay group server interface irb.27 < VLAN27 = Client' vlan

root# run show dhcp relay statistics
Packets dropped:
Total 0

Messages received:
BOOTREQUEST 309
DHCPDECLINE 0
DHCPDISCOVER 309
DHCPINFORM 0
DHCPRELEASE 0
DHCPREQUEST 0
DHCPLEASEACTIVE 0
DHCPLEASEUNASSIGNED 0
DHCPLEASEUNKNOWN 0
DHCPLEASEQUERYDONE 0

Messages sent:
BOOTREPLY 0
DHCPOFFER 0
DHCPACK 0
DHCPNAK 0
DHCPFORCERENEW 0
DHCPLEASEQUERY 0
DHCPBULKLEASEQUERY 0

Hello,

I have a question regarding configuring two EX-Series switches with vlans. One is a EX2300-C, the other is a EX2200-C

I have used the following instructions: http://www.mustbegeek.com/configure-vlans-in-juniper-switch/

Here is the Configuration of SW_A (EX2300-C):

## Last changed: 2000-02-10 17:46:55 UTC
version 15.1X53-D57.3;
system {
host-name SW_A;
auto-snapshot;
root-authentication {
encrypted-password "$5$xgu6e/LM$OuVK7q5Y0BP.Y2uJfn94n8ypZWm08dr3RknyauBCWe/"; ## SECRET-DATA
}
static-host-mapping {
switch1 inet 192.168.2.1;
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
chassis {
redundancy {
graceful-switchover;
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family ethernet-switching {
vlan {
members marketing;
}
storm-control default;
}
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching {
vlan {
members marketing;
}
storm-control default;
}
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching {
vlan {
members marketing;
}
storm-control default;
}
}
}
ge-0/0/3 {
unit 0 {
family ethernet-switching {
vlan {
members marketing;
}
storm-control default;
}
}
}
ge-0/0/4 {
unit 0 {
family ethernet-switching {
vlan {
members marketing;
}
storm-control default;
}
}
}
ge-0/0/5 {
unit 0 {
family ethernet-switching {
vlan {
members marketing;
}
storm-control default;
}
}
}
ge-0/0/6 {
unit 0 {
family ethernet-switching {
vlan {
members finance;
}
storm-control default;
}
}
}
ge-0/0/7 {
unit 0 {
family ethernet-switching {
vlan {
members finance;
}
storm-control default;
}
}
}
ge-0/0/8 {
unit 0 {
family ethernet-switching {
vlan {
members finance;
}
storm-control default;
}
}
}
ge-0/0/9 {
unit 0 {
family ethernet-switching {
vlan {
members finance;
}
storm-control default;
}
}
}
ge-0/0/10 {
unit 0 {
family ethernet-switching {
vlan {
members finance;
}
storm-control default;
}
}
}
ge-0/0/11 {
unit 0 {
family ethernet-switching {
vlan {
members finance;
}
storm-control default;
}
}
}
ge-0/1/0 {
unit 0 {
family ethernet-switching {
storm-control default;
}
}
}
xe-0/1/0 {
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members all;
}
storm-control default;
}
}
}
ge-0/1/1 {
unit 0 {
family ethernet-switching {
storm-control default;
}
}
}
xe-0/1/1 {
unit 0 {
family ethernet-switching {
storm-control default;
}
}
}
me0 {
unit 0 {
family inet {
address 192.168.2.1/24;
}
}
}
vlan {
unit 10 {
family inet;
}
unit 20 {
family inet;
}
}
}
forwarding-options {
storm-control-profiles default {
all;
}
}
protocols {
lldp {
interface all;
}
lldp-med {
interface all;
}
igmp-snooping {
vlan default;
}
rstp {
interface ge-0/0/0;
interface ge-0/0/1;
interface ge-0/0/2;
interface ge-0/0/3;
interface ge-0/0/4;
interface ge-0/0/5;
interface ge-0/0/6;
interface ge-0/0/7;
interface ge-0/0/8;
interface ge-0/0/9;
interface ge-0/0/10;
interface ge-0/0/11;
interface ge-0/1/0;
interface xe-0/1/0;
interface ge-0/1/1;
interface xe-0/1/1;
}
}
vlans {
finance {
vlan-id 20;
}
marketing {
vlan-id 10;
}
}

{master:0}[edit]
root@SW_A#

Here is the Configuration of SW_B (EX2200-C):

## Last changed: 2010-01-01 22:55:13 UTC
version 12.3R9.4;
system {
host-name SW_B;
root-authentication {
encrypted-password "$1$G6hzdZnV$G3IK71R5xiemCNyhiGzI7."; ## SECRET-DATA
}
static-host-mapping {
SW_B inet 192.168.2.2;
}
services {
web-management {
https {
system-generated-certificate;
interface me0.0;
}
}
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
chassis {
auto-image-upgrade;
}
interfaces {
ge-0/0/0 {
unit 0 {
family ethernet-switching {
vlan {
members marketing;
}
}
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching {
vlan {
members marketing;
}
}
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching {
vlan {
members marketing;
}
}
}
}
ge-0/0/3 {
unit 0 {
family ethernet-switching {
vlan {
members marketing;
}
}
}
}
ge-0/0/4 {
unit 0 {
family ethernet-switching {
vlan {
members marketing;
}
}
}
}
ge-0/0/5 {
unit 0 {
family ethernet-switching {
vlan {
members marketing;
}
}
}
}
ge-0/0/6 {
unit 0 {
family ethernet-switching {
vlan {
members finance;
}
}
}
}
ge-0/0/7 {
unit 0 {
family ethernet-switching {
vlan {
members finance;
}
}
}
}
ge-0/0/8 {
unit 0 {
family ethernet-switching {
vlan {
members finance;
}
}
}
}
ge-0/0/9 {
unit 0 {
family ethernet-switching {
vlan {
members finance;
}
}
}
}
ge-0/0/10 {
unit 0 {
family ethernet-switching {
vlan {
members finance;
}
}
}
}
ge-0/0/11 {
unit 0 {
family ethernet-switching {
vlan {
members finance;
}
}
}
}
ge-0/1/0 {
media-type fiber;
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members all;
}
}
}
}
ge-0/1/1 {
media-type fiber;
unit 0 {
family ethernet-switching;
}
}
me0 {
unit 0 {
family inet {
address 192.168.2.2/24;
}
}
}
vlan {
unit 0 {
family inet {
dhcp {
vendor-id Juniper-ex2200-c-12t-2g;
}
}
}
unit 10 {
family inet;
}
unit 20 {
family inet;
}
}
}
protocols {
igmp-snooping {
vlan all;
}
rstp;
lldp {
interface all;
}
lldp-med {
interface all;
}
}
ethernet-switching-options {
storm-control {
interface all;
}
}
vlans {
default {
l3-interface vlan.0;
}
finance {
vlan-id 20;
}
marketing {
vlan-id 10;
}
}

{master:0}[edit]
root@SW_B#

Without VLANs I was able to ping from device_A on SW_A through the switches to a device_B on SW_B. With VLANs im not able to ping. Right now one device is on Port 10 on SW_A and the other device is also on Port 10 on SW_B.

Device_A: 192.168.20.200/24

Device_B 192.168.20.220/24

Can someone clarify where the mistake is and what i need to change?

Tanks for the help and greetings

So the DHCP is set for VOIP vlan:

access {
    address-assignment {
        pool VOIP_Phones {
            family inet {
                network 192.168.111.0/24;
                range voip-range {
                    low 192.168.111.21;
                    high 192.168.111.254;
                }
                dhcp-attributes {
                    maximum-lease-time 1800;
                    name-server {
                        192.168.111.38;
                    }
                    router {
                        192.168.111.1;
                    }
                    option 150 array ip-address [ 192.168.111.15 192.168.111.16 ];
                }
            }
        }
    }
}

I wonder how can I assign and set some static IP for specific phones ..... just dont want to break staff ..... thank you

I have tried to get the latency for the switch EX2300-48MP, but I couldn’t locate the same.  From where do I can see the switch assessment for Juniper EX2300-48MP switch (latency and its tolerance)

Hello all

Can anyone tell me what are the options for getting a packet capture of transit traffic on EX and QFX?

Many thanks

Daniel

Hi Community,

I have this log on our ex4200-24t switch, and I have no idea what it mean or how to clear it.

ifl_pfestat_add_async_sync_dependency: No dependency for this ifl

your help and feedback is greatly appreciated.

regards 

We have had an EX4300 VC with three switches for a while all running JUNOS 14.1X53-D42.3. an EX4600 Fiber switch was adeed (run JUNOS 14.1X53-D42.3) as well. 

Ever since we added the EX4600 auto negotiate on the EX4300 copper ports will not work, nothing has changed except adding the EX4600. When a gig device is plugged in it works fine, when a 100m device is plugged in it will not work unless I run set interfaces ge-X/X/X speed 100m then the interfaces will come up. Before it was working. 

I have opened a case with JTAC but that got no where other than them trying to blame all the devices on the other end (even though it's a mix of Copiers, Switches, Desktops, not just one type) they claim all these devices that worked before must not. Any ideas? 

I have the following device and configuration:

Model: ex4300-32f
Junos: 17.3R3.10

# show groups
GLOBAL-SNMP {
snmp {
client-list MANAGERS {
10.8.9.0/28;
}
community TEST-COMMUNITY {
authorization read-only;
client-list-name MANAGERS;
}
trap-options {
source-address 10.8.7.2;
context-oid;
}
trap-group TEST-COMMUNITY {
version v2;
categories {
authentication;
link;
routing;
startup;
}
targets {
10.8.9.2;
}
}
}
}

# show apply-groups
## Last changed: 2019-02-28 09:36:59 UTC
apply-groups GLOBAL-SNMP;

# show switch-options

interface ge-0/0/31.0 {
interface-mac-limit {
24;
packet-action shutdown;
}
}
interface-shutdown-action hard-shutdown;

When MAC limit exceeded, the switch does send ifDown SNMP trap and I succesfully receive it. I expect from the switch to send the jnxSecAccessIfMacLimitExceed (.1.3.6.1.4.1.2636.3.40.1.2.1.1.2.1.4) SNMP trap as well. But I got only syslog messages:
L2ALD_MAC_LIMIT_REACHED_IF: Limit on learned MAC addresses reached for ge-0/0/31.0; current count is 24
L2ALD_MAC_LIMIT_EXCEEDED_BLOCK: Limit on learned MAC addresses exceeded for ge-0/0/31.0; current count is 24 SHUTTING THE INTERFACE

I can use the raise-trap, but I think I have missed something and the switch can do it more "natively".

How should I configure EX4300 to send the SNMP trap regarding MAC limit exceed ?

Hi everyone.

Please consider the following scenarios:

1) Let say Ex 4200 Switch operating as layer 2, receives unknown Unicast destination MAC,  will  EX switch use harware switching to forward it ?

2) Let say Ex 4200 Switch operating as layer 2, receives multicast frame  as a transit traffic i.e frame is not deemed " Exceptional traffic" ,   will Switch use harware switching to forward it or frame will be sent to CPU for forwarding?

Thanks, and have a nice weekend!!

Hi there,

I can't find a recommeded software version for the qfx5120.

It's not listed in https://kb.juniper.net/InfoCenter/index?page=content&id=KB21476

Am I looking at the wrong place or why is there no recommended software version for this switch?

Kind regards

Matthias

Hi guys,

On EX3300, I was able to limit the mac using:

set ethernet-switching-options secure-access-port interface all mac-limit 5

However, now I am using EX3400 and found that there is no such one command using which you can limit mac addresses on all the interfaces. I am currently using:

wildcard range set switch-options interface ge-0/0/[0-47] interface-mac-limit 5 packet-action drop

I just want to know if there is any neat way of doing the same for EX3400.

Thanks

I am running Iperf between 2 servers conneted to EX 4200 via 10G DAC and i am only able to receive speed of upto 4.0Gbps any reason why i am not able to achive near desired speeds? 

Here's the iperf test result

Server listening on 5201
-----------------------------------------------------------
Accepted connection from 10.1.22.22, port 49768
[ 5] local 10.1.22.21 port 5201 connected to 10.1.22.22 port 49769
[ ID] Interval Transfer Bandwidth
[ 5] 0.00-1.00 sec 456 MBytes 3.83 Gbits/sec
[ 5] 1.00-2.00 sec 459 MBytes 3.85 Gbits/sec
[ 5] 2.00-3.00 sec 461 MBytes 3.87 Gbits/sec
[ 5] 3.00-4.00 sec 465 MBytes 3.90 Gbits/sec
[ 5] 4.00-5.00 sec 462 MBytes 3.87 Gbits/sec
[ 5] 5.00-6.00 sec 460 MBytes 3.86 Gbits/sec
[ 5] 6.00-7.00 sec 461 MBytes 3.86 Gbits/sec
[ 5] 6.00-7.00 sec 461 MBytes 3.86 Gbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bandwidth
[ 5] 0.00-7.00 sec 0.00 Bytes 0.00 bits/sec sender
[ 5] 0.00-7.00 sec 3.32 GBytes 4.08 Gbits/sec receiver