Quantcast
Channel: Ethernet Switching topics
Viewing all 2326 articles
Browse latest View live

Chassis

March 19, 2019, 4:13 pm
$
0
0

hello everyone,

 

I need help.  I am new in Juniper environment.  In the basement, I have a stack of 5 Junipers stackup, the master is EX4500 and other 4 are EX4200 and they are interconnecting to 3rd floor (stack up of another 4 chassis of EX4200) and 4th floor (same as 3rd) via fibre.  My question is how can I connect to the chassis on the 3rd floor and 4th floor. When I ssh to the gateway IP it always points to the main chassis in the basement.  My second question is How to identify a trunk vlan? Which command should I use to determine it's a trunk vlan.  Thanks you very much for your help.

Search

QFX 5100 l2-learning subsystem is not running

March 20, 2019, 9:16 am
$
0
0

Hello,

I have 2 QFX 5100 in virtual chassis mode

I don't know why but now i can not add more and when i try to show the vlan i have this error:

show vlans
error: the l2-learning subsystem is not running

 

I found nothing on the documentation about this error

 

Model: qfx5100-48s-6q
JUNOS Base OS Software Suite [13.2X51-D10.6]
JUNOS Base OS boot [13.2X51-D10.6]
JUNOS Crypto Software Suite [13.2X51-D10.6]
JUNOS Online Documentation [13.2X51-D10.6]
JUNOS Kernel Software Suite [13.2X51-D10.6]
JUNOS Packet Forwarding Engine Support (qfx-5) [13.2X51-D10.6]
JUNOS Routing Software Suite [13.2X51-D10.6]
JUNOS Enterprise Software Suite [13.2X51-D10.6]
JUNOS Web Management [13.2X51-D10.6]
JUNOS py-base-i386 [13.2X51-D10.6]
JUNOS Host Software [13.2X51-D10.6]

Thks for your help

Virtual Chass - vme0 down despite em0 interface up.

March 20, 2019, 11:08 am
$
0
0

Hi all,

 

I have 2 x qfx5100-48s-6q.

 

Individually, i have configured its em0.0 port for management purpose and assigned an ip to each of the switch.

During the virtual-chass pre-provisioned setup,  i have also setup an vme.0 interface and assigned an ip to it.

 

switch1 em0.0 -> 192.168.1.1

switch2 em0.0 -> 192.168.1.2

switch1 vme.0 -> 192.168.1.3

 

After the virtual chassis setup has completed and up, i realized my vme.0 interface is still down.  

However, I can access the master switch via em0.0 - 192.168.1.1

 

q1) In a virtual chassis setup,  can we still access individual switches via its em0.0 interface IP ?

e.g.  192.168.1.1 will access switch1 em0.0

        192.168.1.2 will access switch2 em0.0

         192.168.1.3  will always access the master switch -- like a floating IP.

 

q2) Any idea why is my vme.0 interface down ?  Should we actually configure the em0.0 interface with an IP during the virtual-chassis setup ?

 

Regards,

Alan

EX3400 packet capture for specific port?

March 20, 2019, 3:17 pm
$
0
0

At a remote location we're having some trouble with a vendor's equipment, so I need to do a packet capture on several specific ports on an EX3400 to troubleshoot the cause.  I tried "monitor traffic", only to find that it doesn't get transit traffic.  "tcpdump" doesn't get me transit traffic either.  Other than mirroring the port to a separate port with wireshark running (which I can't currently do because I don't yet have a monitoring PC there) is there any option to collect all traffic on a port locally?  Or, for that matter, to send it to a remote address not attached to that specific switch?  Thanks!

Running MPLS over GRE on the QFX5100

March 20, 2019, 7:01 pm
$
0
0

I am trying to setup MPLS over a GRE tunnel on the QFX5100, has anyone been able to work around it?

Thanks

EX4300 Virtual Chassis Mode

March 20, 2019, 8:51 pm
$
0
0

Hello,

 

I'm having a difficult time figuring out how to disable virtual chassis mode on the EX4300. I've already deleted all the VCP's by doing 'request virtual-chassis vc-port delete pic-slot 1 port [0-4]' and confirmed they are no longer there by running 'show virtual-chassis vc-port'. I also tried deleting all files under /config/vchassis. However, no matter what I do, every time I run 'show virtual-chassis' command, the second line keeps saying 'Virtual Chassis Mode: Enabled' as well as {master:0} being above every cli prompt. 

 

Is there a way to completely disable Virtual Chassis mode and only use it as a single switch?

 

Thank you!

4300-MP resources given to Junos

March 21, 2019, 5:10 am
$
0
0

Just asking. What if any limites dose the 4300-MP hypervisor  limit to the Junos instance ?

I see the box has 8 gig ram and the Junos 18. instance shows it is given 4gig . So what else is limited  ?

Just woundering things like

Is the priority of the pricess the hypervisor is running Junos set to real time , or normal ?

And anything else anyone is willing to eductate me with id be happy to know..

 

The purpose im asking this type of information is just to create baselines..

 

4300- MP upgrade output meaning

March 21, 2019, 5:27 am
$
0
0

What do these lines mean ?   The items in BOLD are posted to the screen when doing an upgrade.


============================================
Current Host kernel version : 3.14.52-rt50-WR7.0.0.9_ovp  

The rt dose that mean   kernel is complied for  RealTime ?

ovp = Wind River Open Virtualization Profile .  From my googling is it like vmware tools adds hooks to hypervisor and guest ?
Package Host kernel version : 3.14.52-rt50-WR7.0.0.9_ovp

Current Host version : 3.0.9
Package Host version : 3.1.0

What dose those last two lines of Host version mean ?  If my current is 3.0.9 and the package was complied built a version higher

why would it not just update my host version to keep it up dated ?

Min host version required for applications: 3.0.0
Skipping Host OS upgrade!

I understand Min Version is 3.0.0 but why did you skip updating my host ???
============================================

 

 

Search

EX DDOS explanation

March 21, 2019, 5:40 am
$
0
0

Would anyone be able to direct me to any detailed  docs to read up on the  system ddos-protection  stuff ?

Right now im looking for EX platform stuff but will soon be needing this for QFX (and MX if i get my buget funded).

I undertand this idea. Cisco calls it Control Plane Policing  ( CPP) .   Since we do the default action of protect-re filters

im just want to see what this ddos-protection can do in line with that and how to bettter tshoot it if we need to..

We run Nexus (will be replacing with qfx) and have had to deal with the Fcards sending traffic to its Mcards and havign issues with the with CPP.   So just wanting to jump ahead with issues ive dealt with in the past..

 

 

Maybe an Ambassador Day One recipe idea ??!?!? Hint Hint. Smiley Happy

 

 

 

 

SFP-T in EX2300 on 18.4R1

March 21, 2019, 6:48 am
$
0
0

I have problem with SFP-T modules in EX2300 uplink ports.

They are properly detected in chassis hardware with a name and s/n but the logical link is down so I can't pass any traffic throught it.

Weird thing is that the link on other side in EX2200 physical port comes up when I connect the cable and it blinks as it were passing some traffic but on EX2300 uplink side the LEDs for power and traffic are off.

 

I have a batch of SFP-T modules (non-Juniper but programmed for it) which works till you reboot the switch after which you need to re-attach them physically to make them function properly.

 

I have original SFP-T modules and few other from different vendors and even those programmed for Cisco. All of them are working fine with older hardware EX2200/EX3300 but not on ELS hardware EX2300/EX3400.

 

Maybe someone stumbled on this problem and solved it as I don't really have any idea why this happens and how to solve this.

STP BPDU filtering with l2 firewall filter

March 21, 2019, 7:09 am
$
0
0

Hi All,

Thank you for taking the time to read my question.

I have a spanning-tree free core network of 4 location/devices (EX92x + MX) which is running MPLS+EVPN. This pretty much functions as a dumb switch for alot of VLANs.

 

Currently, all STP BPDU's from edge switches is running through the entire network. Any change or switch up/down will cause STP to recalculate the tree thus impacting all switches on every edge location. This is not desires as we want isolation on every location.

 

To solve this issue, my idea was to have a STP root bridge on every location. Even for the same VLANs.

To achieve this, i want to block BPDU's on the core routers. To be more precise; a L2 filter on the core interface to the edge switch. This way BPDU's from other locations should not hit other locations. Thus creating multiple root bridges. More information here:
https://kb.juniper.net/InfoCenter/index?page=content&id=KB30304&cat=SWITCHING&actp=LIST

 

Since we are running multple VRF's and EVPN instances, interfaces are configured as follows;

[edit interfaces ae33]
USER@LOCATION1-CORE01# show
description labsw1;
flexible-vlan-tagging;
encapsulation flexible-ethernet-services;
unit 511 {
encapsulation vlan-bridge;
vlan-id 511;
}
unit 827 {
encapsulation vlan-bridge;
vlan-id 827;
}
unit 829 {
encapsulation vlan-bridge;
vlan-id 829;
}

 

When applying the filter; i am running into the following issue:

Warning: referenced filter must be defined under firewall family any

 

However, when i move the filter to Firewall Family Any, there is no option for L2 destination-mac filtering.

 

Does anyone have an idea on how i can apply a L2 filter in my scenario?

 

EX4500

March 21, 2019, 4:08 pm
$
0
0

I need help. I am new in Juniper environment. In the basement, I have a stack of 5 Junipers stackup, the master is EX4500 and other 4 are EX4200 and they are interconnecting to 3rd floor (stack up of another 4 chassis of EX4200) and 4th floor (same as 3rd) via fibre.  I just created a vlan on the master switchin the basement but the interconnected switch on the 3rd and 4th floor cannot see it.  What should I do?  Do I have to recreate the same vlan on the 3rd and 4th floor closet chassis?

thanks ,

Possible to have multiple vme interfaces?

March 22, 2019, 7:10 am
$
0
0

Hi guys,

 

I have an EX4200-48T VC with 4 members. The vme.0 is already configured and working. Now I need another management interface and I was thinking If i could configure another vme interface (e.g vme.10) on the VC and use one of the free MGT port on the switch.

 

vme.0 is connected to ge interface on switch A

vme.10 will be connected to ge interface on switch B

 

Will it work? If yes, does Juniper recommend doing this i.e having multiple management interfaces?

 

Thanks

Commit synchronise not needed in Virtual chassis ?

March 22, 2019, 1:06 pm
$
0
0

 

Hi everybody,
I noticed when when i do commit on master switch in Virtual-chassis, commit is also performed on all members switches without requring "commit synchronise" or set system commit synchronise command
Do we know when this behavior was first introduced in Junos ?

 

Thanks and have a nice weekend!!

 

 

 

Virtual Chassis Monitoring

March 22, 2019, 2:10 pm
$
0
0

I'd like to be informed if a member of a VC goes away (EX4300 or 4600). I was looking a while back and remember finding an SNMP trap that was related, but am having trouble finding the information again. If someone can someone point me to SNMP trap docs, or if there are syslogs invovled when a member is lost it would be helpful.

Search

set protocols rstp interface ge-x/x/x edge

March 23, 2019, 3:37 am
$
0
0

I do not trully understand the impact of the "protocols rstp interface ge-x/x/x edge" statement.

 

J-TechLibrary mentions:

For Rapid Spanning Tree Protocol (RSTP), VLAN Spanning Tree Protocol (VSTP), or Multiple Spanning Tree Protocol (MSTP), configure interfaces as edge ports or edge interfaces. Edge ports do not expect to receive BPDUs. If a BPDU is received, the port becomes a nonedge port and the Edge interfaces immediately transition to a forwarding state.

 

Okay thats clear, but this is also the case with interfaces that are not configured with the interface ge-x/x/x edge statement.

 

That same TechLibrary article https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/edge-edit-protocols-stp.html) (Ethernet Switching Feature Guide) states:

 

NOTE

Although the edge configuration statement appears in the [edit protocols stp interface (all | interface-name)] or [edit protocols rstp force-version stp interface (all | interface-name)] hierarchy on the switch, this statement has no effect on the switch operation if you configure it.

 

What is the meaning of: "no effect"... Does the "protocols rstp interface ge-x/x/x edge" statement have no effect/impact at all? So what is the function of this statement?

RoCE/DCB/PFC/ETS sample config für QFX5100

March 23, 2019, 11:11 pm

Daisy Chaining EX-series switches

March 24, 2019, 4:32 am
$
0
0

I was asked what I think about the proposal to link one EX series switch with 6x 1 Gbps CAT6 copper interfaces in a 802.1ad link aggregation group to another existing EX access switch Virtual Chassis from the same model. The reason is saving time and money. They want to connect 8 PC’s but there are only 6x CAT6 cables to the existing EX series Virtual Chassis Access switches in the Satellite Equipment Room available.

 

The existing LAN has the rather common spine leaf topology, just about as displayed in the sketch below, but with the absence of the core layer switches and with a lot of layer 2 vlans. The (orange) Distribution switches are coupled together with 2x fibre LAG interfaces to form a Virtual Chassis.

 

Leaf-Spine.JPG

 

The distribution switches have the lowest rstp bridge priority, the (blue) access switches have a higher bridge priority (rstp enabled on all interfaces). The new ex series switch shall be configured with the highest bridge priority of all. There is no BPDU-, loop-, or root protection. Storm control is enabled on all the switches.

 

What do you think about this proposal?

 

With regards,

 

Jean

Q in VNI and overlapping vlans in a evpn/vxlan ip fabric - is this configuration supposed to work?!

March 24, 2019, 11:32 am
$
0
0

Hello, we have bought a few QFX5120 switches, 

Our company is going to offer colocation in our new datacenter, and I intend to use evpn with vxlan in this setup.

I will not route any customer traffic on my switches, because I/they will do all routing externally. 

Therefor, each customer needs to be able to use their own vlans. 

 

I have a spine and leaf topology. I am using eBGP for underlay to distribute loopbacks. I use iBGP in a full mesh between leafes to exchange EVPN information.

 

Take note, I did get evpn with vxlan working when I used regular "trunk" interfaces. However, using that approach, I cannot have overlapping VLANS on the same switch, which I need to work in my colo-case.

 

To my understanding, I need to use encapsulation flexible-ethernet-services, and put every one customer interface in a vlan configuration, with encapsulation vlan-bridge. I understand this as creating seperate bridges for each vlan configuration? Finally I use encapsulate-inner-vlan on the bridge-vxlan config, something like this;

 

 

olof@o12-ls01> show configuration interfaces xe-0/0/7 | display set 
set interfaces xe-0/0/7 description "TEST Customer123"
set interfaces xe-0/0/7 vlan-tagging
set interfaces xe-0/0/7 mtu 9000
set interfaces xe-0/0/7 encapsulation flexible-ethernet-services
set interfaces xe-0/0/7 unit 100 description TEST
set interfaces xe-0/0/7 unit 100 encapsulation vlan-bridge
set interfaces xe-0/0/7 unit 100 vlan-id-list 1-4094

olof@o12-ls01> show configuration vlans Customer123_test | display set 
set vlans Customer123_test interface xe-0/0/7.100
set vlans Customer123_test vxlan vni 200123
set vlans Customer123_test vxlan encapsulate-inner-vlan
set vlans Customer123_test vxlan ingress-node-replication

set protocols evpn encapsulation vxlan
set protocols evpn multicast-mode ingress-replication
set protocols evpn extended-vni-list all
set protocols l2-learning decapsulate-accept-inner-vlan

 

 

 

I do see records in evpn database showing up from my customers, who are sending me vlan tagged frames.

However, they are unable to contact each other.

 

olof@o12-ls01> show evpn database 
Instance: default-switch
VLAN DomainId MAC address Active source Timestamp IP address
200123 00:50:56:a7:52:c1 10.18.255.35 Mar 24 18:08:15 172.18.66.22
200123 00:50:56:a7:56:8b xe-0/0/7.100 Mar 24 18:07:50 172.18.66.14
200123 00:50:56:a7:66:46 xe-0/0/7.100 Mar 24 18:07:49 172.18.66.13

olof@o12-ls01> show ethernet-switching table
...
name address flags interface source
Customer123_test 00:50:56:a7:52:c1 D vtep.32769 10.18.255.35 
Customer123_test 00:50:56:a7:56:8b D xe-0/0/7.100 
Customer123_test 00:50:56:a7:66:46 D xe-0/0/7.100

 

 

 

And this is my system version.

olof@o12-ls01> show version 
...
Hostname: o12-ls01
Model: qfx5120-48y-8c
Junos: 18.3R1.11 flex
JUNOS OS Kernel 64-bit FLEX [20180816.8630ec5_builder_stable_11]

 

 

I used forwarding-options analyzer, but I was only able to see traffic one way. I could see Q in the vxlan packet, which is great, however, no traffic was still being exchanged between hosts. 

 

migration ex switches

March 25, 2019, 5:46 pm
$
0
0

Hi All,

There is a high number(600) of locations to replace the  new VC EX that consist of a few members. In order to make sure new change doesn't break any part of the network infrastructure, what verification should be done before? And workable ideas, any approaches or any scripting? 

 

Thx

erix

 

Viewing all 2326 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>