I would like to monitor packets from two ethernet interface. Is it possible to monitor packets from two ethernet interface at the same time (QFX3500/EX2300)?
I have tried in QFX3500 with the CLI, “monitor traffic interface ge-0/0/8 interface ge-0/0/10 matching udp” but it only accept one interface. Is there anyway to monitor packets from two interface simultaneously?
Hey all,
We're having an issue with a customer's transport circuit blocking LACP. Originally, we had this topology:
Cisco ME (CE)<>EX2300 (PE-L2PT tunneling enabled)<>QFX5110<>MX480<>QFX5110 (PE) <> Cisco (CE)
L2PT isn't supported on the QFX5110 so we decided to move the circuit to this topology:
Cisco ME (CE)<>EX2300 (PE,L2PT tunneling enabled)<>QFX5110<>MX480(PE, L2PT Tunneling enabled)<> Cisco (CE)
Looking at the Juniper docs and it doesn't look like LACP is a supported protocol for L2PT (layer 2 protocol tunneling) for an MX.
Can anyone confirm if the MX480 supports LACP via L2PT? We're using MPC line cards with 17.2R1-S2.1 code.
me@router# set protocols layer2-control mac-rewrite interface xe-2/2/0 protocol ?
Possible completions:
<[Enter]> Execute this command
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
> cdp Enable mac rewrite for CDP
> pvstp Enable mac rewrite for PVSTP+
> stp Enable mac rewrite for STP
> vtp Enable mac rewrite for VTP
| Pipe through a command
Greetings Members:
I am trying to figure out how to implement the below (what I thought would be simple) topology.
I've been reading a ton of documentation and examples on the Internet but can't seem to find any examples that cover my desired implementation, or I am really not understanding VXLAN (which is most likely the case). The majority of what I am finding is DCI implementations or are not definitive enough for me see that it would cover my current design. I will eventually get to the DCI setup, but just not yet.
Networking Hardware:
Juniper MX80 Routers (x2), Juniper QFX5100-48T Switches (x2)
Hypervisor Environment:
Ubuntu 18.04 Compute Node w/Libvirt-QEMU
Open vSwitch
Goal:
Customer VMs on private vSwitches need to communicate to multiple compute-nodes within the network.
The customer can have 10 VMs spread across 10 compute nodes, and the L2 network needs accessible between all VMs.
Example:
Customer 12345 VM#1 (172.16.10.2/24) on Compute Node #1 needs to be able to talk to VM#2 (172.16.10.3/24) on Compute Node #2. These compute nodes are all within the same Data Center / Location.
Eventually, this will need to be extended to support multi-data center (DCI) interconnection of the customer VXLANs.
Here is where I'm having an understanding issue -- On Open vSwitch (OVS), I can make two compute nodes share VXLAN communication if I directly peer the OVS configuration to each other. Unfortuantely, this is not scaleable and I need to have a VTEP gateway (I assume the QFX5100) to "centralize" the connectivity points.
Example OVS Configuration:
node01# ovs-vsctl add-port 12345 vxlan_12345 -- \
set interface vxlan_12345 type=vxlan options:remote_ip={{node02-ipv4}} options:key=12345
node02# ovs-vsctl add-port 12345 vxlan_12345 -- \
set interface vxlan_12345 type=vxlan options:remote_ip={{node01-ipv4}} options:key=12345This allows my two VMs to directly communication, but again, not scalable if I had 100 compute nodes (configurations will become a HUGE mesh nightmare).
In my simplistic thought, the "remote_ip" would be the QFX5100 switching fabric setup as a VTEP L2 Gateway ... but how do you configure the QFX5100 to BE this VTEP gateway?
Any help or directions / links to documentation and examples would be greatly appreciated!
Hello
We are trying to configure our network with an srx345 firewalll and a ex3400 switch. I am trying to connect them together with a trunk port and pass dhcp & vlan through.
the two are not talking to each other. I can't ping the srx from the ex.
both configs and output from the devices.
version 15.1X49-D120.3;
system {
host-name gateway;
time-zone GMT-6;
root-authentication {
}
name-server {
67.217.151.131;
67.217.151.130;
8.8.8.8;
8.8.4.4;
}
name-resolution {
no-resolve-on-input;
}
services {
ssh;
telnet;
xnm-clear-text;
dhcp-local-server {
group jweb-default-group {
interface irb.0;
}
group group10 {
interface irb.1;
}
group group11 {
interface irb.2;
}
group group12 {
interface irb.3;
}
}
web-management {
https {
system-generated-certificate;
}
}
}
syslog {
archive size 100k files 3;
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
max-configurations-on-flash 5;
max-configuration-rollbacks 5;
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
ntp {
server us.ntp.pool.org;
}
}
chassis {
alarm {
management-ethernet {
link-down ignore;
}
}
}
security {
log {
mode stream;
report;
}
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
nat {
source {
rule-set nsw_srcnat {
from zone Inside;
to zone Internet;
rule nsw-src-interface {
match {
source-address 0.0.0.0/0;
destination-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
}
policies {
from-zone Inside to-zone Internet {
policy All_Inside_Internet {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
policy AllowAll_Internet_Inside {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone Internet to-zone Inside {
policy AllowAll_Internet_Inside {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone Inside {
interfaces {
irb.0 {
host-inbound-traffic {
system-services {
ping;
dhcp;
}
}
}
ge-0/0/3.0;
}
}
security-zone Internet {
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
ping;
}
}
}
}
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 162.208.45.185/24;
}
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching {
interface-mode access;
vlan {
members vlan0;
}
}
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching {
interface-mode access;
vlan {
members vlan0;
}
}
}
}
ge-0/0/3 {
unit 0 {
family inet {
dhcp-client;
}
}
}
ge-0/0/4 {
unit 0 {
family ethernet-switching {
interface-mode access;
vlan {
members vlan0;
}
}
}
}
ge-0/0/5 {
unit 0 {
family ethernet-switching {
interface-mode access;
vlan {
members vlan0;
}
}
}
}
ge-0/0/7 {
unit 0 {
description "trunk to ex";
family ethernet-switching {
interface-mode trunk;
vlan {
members [ vlan10 vlan11 vlan12 ];
}
##
## Warning: statement ignored: unsupported platform (srx345)
##
native-vlan-id 1;
}
}
}
fxp0 {
unit 0 {
family inet {
address 192.168.1.1/24;
}
}
}
irb {
unit 0 {
family inet {
address 10.8.0.1/8;
}
}
unit 1 {
family inet {
address 10.0.10.1/32;
}
}
unit 2 {
family inet {
address 10.0.11.1/32;
}
}
unit 3 {
family inet {
address 10.0.12.1/32;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop [ 10.8.0.1 162.208.45.1 ];
}
}
protocols {
l2-learning {
global-mode switching;
}
rstp {
interface all;
}
}
access {
address-assignment {
pool jweb-default-pool {
family inet {
network 10.0.0.0/24;
range jweb-default-range {
low 10.0.0.1;
high 10.0.0.254;
}
dhcp-attributes {
name-server {
67.217.151.130;
67.217.151.131;
}
router {
10.8.0.1;
}
}
}
}
pool pool10 {
family inet {
network 10.0.10.0/24;
range range10 {
low 10.0.10.1;
high 10.0.10.254;
}
dhcp-attributes {
name-server {
67.217.151.130;
67.217.151.131;
}
router {
10.8.0.1;
}
}
}
}
pool pool11 {
family inet {
network 10.0.11.0/24;
range range11 {
low 10.0.11.1;
high 10.0.11.254;
}
dhcp-attributes {
name-server {
67.217.151.130;
67.217.151.131;
}
router {
10.8.0.1;
}
}
}
}
pool pool12 {
family inet {
network 10.0.12.0/24;
range range12 {
low 10.0.12.1;
high 10.0.12.254;
}
dhcp-attributes {
name-server {
67.217.151.130;
67.217.151.131;
}
router {
10.8.0.1;
}
}
}
}
}
}
vlans {
vlan0 {
vlan-id 2;
l3-interface irb.0;
}
vlan10 {
description vlan10;
vlan-id 10;
l3-interface irb.1;
}
vlan11 {
description "vlan 11";
vlan-id 11;
l3-interface irb.2;
}
vlan12 {
description vlan12;
vlan-id 12;
l3-interface irb.3;
}
}output:
root@gateway> show vlans
Routing instance VLAN name Tag Interfaces
default-switch default 1
default-switch vlan0 2
ge-0/0/1.0
ge-0/0/2.0*
ge-0/0/4.0
ge-0/0/5.0
default-switch vlan10 10
ge-0/0/7.0*
default-switch vlan11 11
ge-0/0/7.0*
default-switch vlan12 12
ge-0/0/7.0*
root@gateway> show interfaces terse
Interface Admin Link Proto Local Remote
ge-0/0/0 up up
ge-0/0/0.0 up up inet 162.208.45.185/24
gr-0/0/0 up up
ip-0/0/0 up up
lsq-0/0/0 up up
lt-0/0/0 up up
mt-0/0/0 up up
sp-0/0/0 up up
sp-0/0/0.0 up up inet
inet6
sp-0/0/0.16383 up up inet 10.0.0.1 --> 10.0.0.16
10.0.0.6 --> 0/0
128.0.0.1 --> 128.0.1.16
128.0.0.6 --> 0/0
ge-0/0/1 up down
ge-0/0/1.0 up down eth-switch
ge-0/0/2 up up
ge-0/0/2.0 up up eth-switch
ge-0/0/3 up down
ge-0/0/3.0 up down inet
ge-0/0/4 up down
ge-0/0/4.0 up down eth-switch
ge-0/0/5 up down
ge-0/0/5.0 up down eth-switch
ge-0/0/6 up down
ge-0/0/7 up up
ge-0/0/7.0 up up eth-switch
ge-0/0/8 up down
ge-0/0/9 up down
ge-0/0/10 up down
ge-0/0/11 up down
ge-0/0/12 up down
ge-0/0/13 up down
ge-0/0/14 up down
ge-0/0/15 up down
fxp0 up down
fxp0.0 up down inet 192.168.1.1/24
fxp2 up up
fxp2.0 up up tnp 0x1
gre up up
ipip up up
irb up up
irb.0 up up inet 10.8.0.1/8
irb.1 up up inet 10.0.10.1 --> 0/0
irb.2 up up inet 10.0.11.1 --> 0/0
irb.3 up up inet 10.0.12.1 --> 0/0
jsrv up up
jsrv.1 up up inet 128.0.0.127/2
lo0 up up
lo0.16384 up up inet 127.0.0.1 --> 0/0
lo0.16385 up up inet 10.0.0.1 --> 0/0
10.0.0.16 --> 0/0
128.0.0.1 --> 0/0
128.0.0.4 --> 0/0
128.0.1.16 --> 0/0
lo0.32768 up up
lsi up up
mtun up up
pimd up up
pime up up
pp0 up up
ppd0 up up
ppe0 up up
st0 up up
tap up up
vlan up down
vtep up up
root@gateway> show route
inet.0: 10 destinations, 13 routes (10 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Static/5] 1w3d 16:37:17
> to 162.208.45.1 via ge-0/0/0.0
10.0.0.0/8 *[Direct/0] 5w3d 22:16:33> via irb.0
10.0.0.1/32 *[Access-internal/12] 17w5d 07:55:46> to 10.8.0.1 via irb.0
10.0.10.1/32 *[Direct/0] 01:23:36> via irb.1
[Local/0] 01:23:36
Local via irb.1
10.0.11.1/32 *[Direct/0] 01:23:36> via irb.2
[Local/0] 01:23:36
Local via irb.2
10.0.12.1/32 *[Direct/0] 01:23:36> via irb.3
[Local/0] 01:23:36
Local via irb.3
10.8.0.1/32 *[Local/0] 17w5d 07:56:22
Local via irb.0
162.208.45.0/24 *[Direct/0] 1w3d 16:37:17> via ge-0/0/0.0
162.208.45.185/32 *[Local/0] 17w5d 07:56:10
Local via ge-0/0/0.0
192.168.1.1/32 *[Local/0] 17w5d 07:56:35
Reject
root@gateway> show arp
MAC Address Address Name Interface Flags
a4:13:4e:44:9a:f0 10.0.0.1 10.0.0.1 irb.0 none
88:e0:f3:ee:bf:c0 162.208.45.1 162.208.45.1 ge-0/0/0.0 none
88:e0:f3:ee:bf:c0 162.208.45.27 162.208.45.27 ge-0/0/0.0 none
Total entries: 3Ex switch and output:
version 15.1X53-D58.3;
system {
host-name switch;
auto-snapshot;
root-authentication {
}
services {
ssh {
protocol-version v2;
}
telnet;
netconf {
ssh;
}
web-management {
http;
https {
system-generated-certificate;
}
}
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
chassis {
alarm {
management-ethernet {
link-down ignore;
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family ethernet-switching {
vlan {
members vlan10;
}
}
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching {
vlan {
members vlan10;
}
storm-control default;
}
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching {
vlan {
members vlan10;
}
storm-control default;
}
}
}
ge-0/0/3 {
unit 0 {
family ethernet-switching {
vlan {
members vlan10;
}
storm-control default;
}
}
}
ge-0/0/4 {
apply-macro juniper-port-profile {
Desktop;
}
unit 0 {
family ethernet-switching {
interface-mode access;
vlan {
members vlan10;
}
storm-control default;
}
}
}
ge-0/0/5 {
unit 0 {
family ethernet-switching {
vlan {
members vlan10;
}
storm-control default;
}
}
}
ge-0/0/6 {
unit 0 {
family ethernet-switching {
vlan {
members vlan10;
}
storm-control default;
}
}
}
ge-0/0/7 {
unit 0 {
family ethernet-switching {
vlan {
members vlan10;
}
storm-control default;
}
}
}
ge-0/0/8 {
unit 0 {
family ethernet-switching {
vlan {
members vlan10;
}
storm-control default;
}
}
}
ge-0/0/9 {
unit 0 {
family ethernet-switching {
vlan {
members vlan10;
}
storm-control default;
}
}
}
ge-0/0/10 {
unit 0 {
family ethernet-switching {
vlan {
members vlan10;
}
storm-control default;
}
}
}
ge-0/0/11 {
unit 0 {
family ethernet-switching {
vlan {
members vlan10;
}
storm-control default;
}
}
}
ge-0/0/12 {
unit 0 {
family ethernet-switching {
vlan {
members vlan11;
}
storm-control default;
}
}
}
ge-0/0/13 {
unit 0 {
family ethernet-switching {
vlan {
members vlan11;
}
storm-control default;
}
}
}
ge-0/0/14 {
unit 0 {
family ethernet-switching {
vlan {
members vlan11;
}
storm-control default;
}
}
}
ge-0/0/15 {
unit 0 {
family ethernet-switching {
vlan {
members vlan11;
}
storm-control default;
}
}
}
ge-0/0/16 {
unit 0 {
family ethernet-switching {
vlan {
members vlan11;
}
storm-control default;
}
}
}
ge-0/0/17 {
unit 0 {
family ethernet-switching {
vlan {
members vlan11;
}
storm-control default;
}
}
}
ge-0/0/18 {
unit 0 {
family ethernet-switching {
vlan {
members vlan11;
}
storm-control default;
}
}
}
ge-0/0/19 {
unit 0 {
family ethernet-switching {
vlan {
members vlan11;
}
storm-control default;
}
}
}
ge-0/0/20 {
unit 0 {
family ethernet-switching {
vlan {
members vlan11;
}
storm-control default;
}
}
}
ge-0/0/21 {
unit 0 {
family ethernet-switching {
vlan {
members vlan11;
}
storm-control default;
}
}
}
ge-0/0/22 {
unit 0 {
family ethernet-switching {
vlan {
members vlan11;
}
storm-control default;
}
}
}
ge-0/0/23 {
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members [ vlan0 vlan11 vlan10 vlan12 ];
}
##
## Warning: statement ignored: unsupported platform (ex3400-24t)
##
native-vlan-id 1;
storm-control default;
}
}
}
ge-0/2/0 {
unit 0 {
family ethernet-switching {
storm-control default;
}
}
}
xe-0/2/0 {
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members 2;
}
storm-control default;
}
}
}
ge-0/2/1 {
unit 0 {
family ethernet-switching {
storm-control default;
}
}
}
xe-0/2/1 {
unit 0 {
family ethernet-switching {
storm-control default;
}
}
}
ge-0/2/2 {
unit 0 {
family ethernet-switching {
storm-control default;
}
}
}
xe-0/2/2 {
unit 0 {
family ethernet-switching {
storm-control default;
}
}
}
ge-0/2/3 {
unit 0 {
family ethernet-switching {
storm-control default;
}
}
}
xe-0/2/3 {
unit 0 {
family ethernet-switching {
storm-control default;
}
}
}
irb {
unit 0 {
family inet {
address 10.0.1.1/8;
}
}
unit 1 {
family inet {
address 10.0.10.1/32;
}
}
unit 2 {
family inet {
address 10.0.11.1/32;
}
}
unit 3 {
family inet {
address 10.0.12.1/32;
}
}
}
me0 {
unit 0 {
family inet {
address 192.168.1.1/24;
}
}
}
}
forwarding-options {
storm-control-profiles default {
all;
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 10.0.0.1;
}
}
protocols {
lldp {
interface all;
}
lldp-med {
interface all;
}
igmp-snooping {
vlan vlan0;
}
rstp {
interface ge-0/0/4 {
edge;
}
interface ge-0/0/5;
interface ge-0/0/6;
interface ge-0/0/7;
interface ge-0/0/8;
interface ge-0/0/9;
interface ge-0/0/10;
interface ge-0/0/11;
interface ge-0/0/12;
interface ge-0/0/13;
interface ge-0/0/14;
interface ge-0/0/15;
interface ge-0/0/16;
interface ge-0/0/17;
interface ge-0/0/18;
interface ge-0/0/19;
interface ge-0/0/20;
interface ge-0/0/21;
interface ge-0/0/22;
interface ge-0/0/23;
interface ge-0/2/0;
interface xe-0/2/0;
interface ge-0/2/1;
interface xe-0/2/1;
interface ge-0/2/2;
interface xe-0/2/2;
interface ge-0/2/3;
interface xe-0/2/3;
interface all;
}
}
access {
address-assignment {
pool jweb-default-pool {
family inet {
network 10.0.1.0/8;
range jweb-default-range {
low 10.0.1.1;
high 10.255.255.254;
}
dhcp-attributes {
maximum-lease-time 43200;
server-identifier 10.0.1.0;
name-server {
67.217.151.131;
67.217.151.130;
}
router {
10.0.0.1;
}
}
}
}
}
}
switch-options {
interface ge-0/0/4.0 {
interface-mac-limit {
1;
packet-action drop;
}
}
}
vlans {
vlan0 {
vlan-id 2;
l3-interface irb.0;
forwarding-options {
dhcp-security {
arp-inspection;
}
}
}
vlan10 {
description vlan10;
vlan-id 10;
l3-interface irb.1;
}
vlan11 {
description "vlan 11";
vlan-id 11;
l3-interface irb.2;
}
vlan12 {
description vlan12;
vlan-id 12;
l3-interface irb.3;
}
}Routing instance VLAN name Tag Interfaces
default-switch default 1
default-switch vlan0 2
ge-0/0/23.0*
default-switch vlan10 10
ge-0/0/0.0
ge-0/0/1.0
ge-0/0/10.0
ge-0/0/11.0
ge-0/0/2.0
ge-0/0/23.0*
ge-0/0/3.0
ge-0/0/4.0
ge-0/0/5.0
ge-0/0/6.0
ge-0/0/7.0
ge-0/0/8.0
ge-0/0/9.0
default-switch vlan11 11
ge-0/0/12.0
ge-0/0/13.0
ge-0/0/14.0
ge-0/0/15.0
ge-0/0/16.0
ge-0/0/17.0
ge-0/0/18.0
ge-0/0/19.0
ge-0/0/20.0
ge-0/0/21.0
ge-0/0/22.0
ge-0/0/23.0*
default-switch vlan12 12
ge-0/0/23.0*
{master:0}
root@switch> show interfaces terse
Interface Admin Link Proto Local Remote
ge-0/0/0 up down
ge-0/0/0.0 up down eth-switch
pfe-0/0/0 up up
pfe-0/0/0.16383 up up inet
inet6
pfh-0/0/0 up up
pfh-0/0/0.16383 up up inet
ge-0/0/1 up down
ge-0/0/1.0 up down eth-switch
ge-0/0/2 up down
ge-0/0/2.0 up down eth-switch
ge-0/0/3 up down
ge-0/0/3.0 up down eth-switch
ge-0/0/4 up down
ge-0/0/4.0 up down eth-switch
ge-0/0/5 up down
ge-0/0/5.0 up down eth-switch
ge-0/0/6 up down
ge-0/0/6.0 up down eth-switch
ge-0/0/7 up down
ge-0/0/7.0 up down eth-switch
ge-0/0/8 up down
ge-0/0/8.0 up down eth-switch
ge-0/0/9 up down
ge-0/0/9.0 up down eth-switch
ge-0/0/10 up down
ge-0/0/10.0 up down eth-switch
ge-0/0/11 up down
ge-0/0/11.0 up down eth-switch
ge-0/0/12 up down
ge-0/0/12.0 up down eth-switch
ge-0/0/13 up down
ge-0/0/13.0 up down eth-switch
ge-0/0/14 up down
ge-0/0/14.0 up down eth-switch
ge-0/0/15 up down
ge-0/0/15.0 up down eth-switch
ge-0/0/16 up down
ge-0/0/16.0 up down eth-switch
ge-0/0/17 up down
ge-0/0/17.0 up down eth-switch
ge-0/0/18 up down
ge-0/0/18.0 up down eth-switch
ge-0/0/19 up down
ge-0/0/19.0 up down eth-switch
ge-0/0/20 up down
ge-0/0/20.0 up down eth-switch
ge-0/0/21 up down
ge-0/0/21.0 up down eth-switch
ge-0/0/22 up down
ge-0/0/22.0 up down eth-switch
ge-0/0/23 up up
ge-0/0/23.0 up up eth-switch
bme0 up up
bme0.0 up up inet 128.0.0.1/2
128.0.0.4/2
128.0.0.16/2
128.0.0.63/2
cbp0 up up
dsc up up
esi up up
gre up up
ipip up up
irb up up
irb.0 up up inet 10.0.1.1/8
irb.1 up up inet 10.0.10.1 --> 0/0
irb.2 up up inet 10.0.11.1 --> 0/0
irb.3 up up inet 10.0.12.1 --> 0/0
jsrv up up
jsrv.1 up up inet 128.0.0.127/2
lo0 up up
lo0.16385 up up inet
lsi up up
me0 up down
me0.0 up down inet 192.168.1.1/24
mtun up up
pimd up up
pime up up
pip0 up up
tap up up
vme up down
vtep up up
{master:0}
root@switch> show route
inet.0: 7 destinations, 10 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Static/5] 2w0d 01:03:35
> to 10.0.0.1 via irb.0
10.0.0.0/8 *[Direct/0] 2w0d 00:30:58> via irb.0
10.0.1.1/32 *[Local/0] 2w6d 23:15:58
Local via irb.0
10.0.10.1/32 *[Direct/0] 01:23:01> via irb.1
[Local/0] 01:23:01
Local via irb.1
10.0.11.1/32 *[Direct/0] 01:23:01> via irb.2
[Local/0] 01:23:01
Local via irb.2
10.0.12.1/32 *[Direct/0] 01:23:01> via irb.3
[Local/0] 01:23:01
Local via irb.3
192.168.1.1/32 *[Local/0] 3w0d 02:34:36
Reject
{master:0}
root@switch> show arp
{master:0}
root@switch>
Hello Team, I'm trying to connect a MX104 on a trunk Port of a EX4300.
MX104 config part :
description "VERS SW ";
vlan-tagging;
aggregated-ether-options {
link-speed 1g;
lacp {
active;
periodic fast;
}
}
unit 2361 {
vlan-id 2361;
family inet {
address 10.3.99.1/30;
}
}EX4300 config part :
description "VERS MX";
aggregated-ether-options {
link-speed 1g;
lacp {
periodic fast;
}
}
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members [ XCO_MX ];
}
storm-control default;
}
}
XCO_MX {
vlan-id 2361;
l3-interface irb.2361;
}
irb {
unit 2361 {
family inet {
address 10.3.99.2/30;
}
}
Now when I try to ping 10.3.99.1 from the EX it doesn't PING.
I have notice that MX is receiving ARP request from the EX and reply to it but it seam that EX never receive it. see monitor trafic.
from MX:
Reverse lookup for 10.3.99.1 failed (check DNS reachability). Other reverse lookup failures will not be reported. Use <no-resolve> to avoid reverse lookups on IP addresses. 05:18:33.620098 In arp who-has 10.3.99.1 tell 10.3.99.2 05:18:33.620141 Out arp reply 10.3.99.1 is-at e8:b6:c2:29:ff:f0 05:18:34.419723 In arp who-has 10.3.99.1 tell 10.3.99.2 05:18:34.419770 Out arp reply 10.3.99.1 is-at e8:b6:c2:29:ff:f0 05:18:35.119666 In arp who-has 10.3.99.1 tell 10.3.99.2 05:18:35.119713 Out arp reply 10.3.99.1 is-at e8:b6:c2:29:ff:f0 05:18:35.819601 In arp who-has 10.3.99.1 tell 10.3.99.2 05:18:35.819644 Out arp reply 10.3.99.1 is-at e8:b6:c2:29:ff:f0 05:18:36.419537 In arp who-has 10.3.99.1 tell 10.3.99.2 05:18:36.419572 Out arp reply 10.3.99.1 is-at e8:b6:c2:29:ff:f0 05:18:37.623739 In arp who-has 10.3.99.1 tell 10.3.99.2 05:18:37.623787 Out arp reply 10.3.99.1 is-at e8:b6:c2:29:ff:f0 05:18:38.423436 In arp who-has 10.3.99.1 tell 10.3.99.2 05:18:38.423481 Out arp reply 10.3.99.1 is-at e8:b6:c2:29:ff:f0
from EX
Reverse lookup for 10.3.99.1 failed (check DNS reachability). Other reverse lookup failures will not be reported. Use <no-resolve> to avoid reverse lookups on IP addresses. 21:17:37.450360 Out arp who-has 10.3.99.1 tell 10.3.99.2 21:17:38.250345 Out arp who-has 10.3.99.1 tell 10.3.99.2 21:17:38.950354 Out arp who-has 10.3.99.1 tell 10.3.99.2 21:17:39.655529 Out arp who-has 10.3.99.1 tell 10.3.99.2 21:17:40.255349 Out arp who-has 10.3.99.1 tell 10.3.99.2 21:17:40.855353 Out arp who-has 10.3.99.1 tell 10.3.99.2 21:17:41.755353 Out arp who-has 10.3.99.1 tell 10.3.99.2 21:17:42.655355 Out arp who-has 10.3.99.1 tell 10.3.99.2
Your help will be appreciate.
many thx.
On EX-4200 I can successfully rate-limit/police ingress and egress on a routed port with below config:
Firewall filter:
set firewall family inet filter RATE_LIMIT_25M term default_rate then policer 25M
set firewall family inet filter RATE_LIMIT_25M term default_rate then accept
Policer:
set firewall policer 25M if-exceeding bandwidth-limit 25m
set firewall policer 25M if-exceeding burst-size-limit 25m
The below interface config rate-limits for ingress only:
Interface config:
set interfaces ge-0/0/1 unit 0 family inet filter input RATE_LIMIT_25M
set firewall policer 25M then discard
On the EX-4200 class-of-service is used along with shaping to achieve rate-limiting because
a policer will not work for egress:
set class-of-service interfaces ge-0/0/1 shaping-rate 25m
The rate-limiting is successful on the routed port.
When I try to achieve the same result with an SVI/RVI ingress works fine, but egress will not be accepted. And it appears I cannot use class-of-service shaping as above with the routed port.
My question is how do I apply an egress rate limiter to an RVI?
Hello everyone,
I was wondering if anyone could help me figure out whats missing in my configuration. I am trying to setup a monitoring using CFM between a MX and LTS device from "Accedian" over a specific vlan (777). I tried labbing this up with an ACX instead of an MX and here is my configuration on the ACX:
set protocols oam ethernet connectivity-fault-management maintenance-domain MyLevel3 level 3 set protocols oam ethernet connectivity-fault-management maintenance-domain MyLevel3 maintenance-association V2xxxTowerIDX continuity-check interval 1s set protocols oam ethernet connectivity-fault-management maintenance-domain MyLevel3 maintenance-association V2xxxTowerIDX continuity-check interface-status-tlv set protocols oam ethernet connectivity-fault-management maintenance-domain MyLevel3 maintenance-association V2xxxTowerIDX mep 2 interface ge-0/1/0.777 set protocols oam ethernet connectivity-fault-management maintenance-domain MyLevel3 maintenance-association V2xxxTowerIDX mep 2 interface vlan 777 set protocols oam ethernet connectivity-fault-management maintenance-domain MyLevel3 maintenance-association V2xxxTowerIDX mep 2 direction down set protocols oam ethernet connectivity-fault-management maintenance-domain MyLevel3 maintenance-association V2xxxTowerIDX mep 2 priority 0 set protocols oam ethernet connectivity-fault-management maintenance-domain MyLevel3 maintenance-association V2xxxTowerIDX mep 2 auto-discovery set protocols oam ethernet connectivity-fault-management maintenance-domain MyLevel3 maintenance-association V2xxxTowerIDX mep 2 remote-mep 1
Here is the interface config:
set interfaces ge-0/1/0 description "Link To Accedian" set interfaces ge-0/1/0 flexible-vlan-tagging set interfaces ge-0/1/0 mtu 9192 set interfaces ge-0/1/0 encapsulation flexible-ethernet-services set interfaces ge-0/1/0 unit 777 encapsulation vlan-ccc set interfaces ge-0/1/0 unit 777 vlan-id 777
And this is What I see:
ACX1100-Lab> show oam ethernet connectivity-fault-management mep-database maintenance-domain MyLevel3 maintenance-association V2xxxTowerIDX
Maintenance domain name: MyLevel3, Format: string, Level: 3
Maintenance association name: V2xxxTowerIDX, Format: string
Continuity-check status: enabled, Interval: 1s, Loss-threshold: 3 frames
MEP identifier: 2, Direction: down, MAC address: 00:00:00:00:00:00
Auto-discovery: enabled, Priority: 0
Interface status TLV: none, Port status TLV: none
Connection Protection TLV: no
Interface name: ge-0/1/0.777, Interface status: Active, Link status: Down
Defects:
Remote MEP not receiving CCM : no
Erroneous CCM received : no
Cross-connect CCM received : no
RDI sent by some MEP : no
Some remote MEP's MAC in error state : no
Alarm Indication Signal state : no
Statistics:
CCMs sent : 0
CCMs received out of sequence : 0
LBMs sent : 0
Valid in-order LBRs received : 0
Valid out-of-order LBRs received : 0
LBRs received with corrupted data : 0
LBRs sent : 0
LTMs sent : 0
LTMs received : 0
LTRs sent : 0
LTRs received : 0
Sequence number of next LTM request : 1859318674
1DMs sent : 0
Valid 1DMs received : 0
Invalid 1DMs received : 0
Out of sync 1DMs received : 0
DMMs sent : 0
Valid DMMs received : 0
Invalid DMMs received : 0
DMRs sent : 0
Valid DMRs received : 0
Invalid DMRs received : 0
LMMs sent : 0
Valid LMMs received : 0
Invalid LMMs received : 0
LMRs sent : 0
Valid LMRs received : 0
Invalid LMRs received : 0
SLMs sent : 0
Valid SLMs received : 0
Invalid SLMs received : 0
SLRs sent : 0
Valid SLRs received : 0
Invalid SLRs received : 0
Valid AISs generated : 0
Valid AISs received : 0
Remote MEP count: 1
Identifier MAC address State Interface
1 ff:ff:ff:ff:ff:ff start
This is my first time using OAM on juniper so please bear with me if I made any obvious mistakes. I also hooked the Accedian unit to another Accedian with the same config and everything works great.
I am using MD Level3, ACX MEPID is 2, Accedian MEPID is 1.
What am I missing in my configuration?
Thanks in advance 
I am following this document and using QFX5100 and EX4200 as per instruction:
https://kb.juniper.net/InfoCenter/index?page=content&id=KB30315&cat=QFX_SERIES&actp=LIST
and as step through this I am not clear exactly how to accomplish the extensibility promised with VXLAN. It seems that I am stuck with a 1 to 1 mapping of VLAN-ID with VNI.
For instance:
vlan100 {
vlan-id 100;
vxlan {
vni 100;
multicast-group 224.1.1.1;
encapsulate-inner-vlan;
unreachable-vtep-aging-timer 600;
}
}
vlan200 {
vlan-id 200;
vxlan {
vni 200;
multicast-group 224.1.1.1;
encapsulate-inner-vlan;
unreachable-vtep-aging-timer 600;
Syntactically, how exactly do I extend out the 16 million VXLANs that are supposed to be available. It seems I am not able to map more than 1 VNI to one standard range VLAN-ID, which would seemingly limit me to 4094 as always. In the manual configuration of this using multicast is there a limit to the amount of VNI's i can actually configure? I'm sure I am missing something obvious, and any help would be greatly appreciated.
Hello guys!
Please tell me who faced this problem below in log dhcp_logfile on Juniper EX4600
, periodically there is such an error in the dhcp relay service:
[ERROR] jdhcpd_security_packet_handle: Interface >ae1.0< packet_flags:201
And this packet drop
> show dhcp relay statistics Packets dropped: Total 5488 Bootp packets 2 Interface not configured 2751 Send error 2730 No binding found 5
Apr 12 14:34:16.523523 [INFO] [default:default][RLY][INET][irb.26][SID=100] JDHCPD_CLIENT_EVENT: Client(0x8e18c00) got event CLIENT_EVENT_ACK_PDU in state RELAY_STATE_BOUND Apr 12 14:34:16.523545 Unexpected ACK received in RELAY_STATE_BOUND, relaying (could be inform-ack) Apr 12 14:34:16.523557 [ERROR] jdhcpd_security_packet_handle: Interface >ae1.0< packet_flags:201 Apr 12 14:34:16.523569 [INFO] jdhcpd_security_packet_handle: security-packet-handle input bd USERS-26 Apr 12 14:34:16.523579 security-packet-handle default/default-switch/USERS-26 dhcp-security not configured Apr 12 14:34:16.523594 [INFO] [default:default][RLY][INET][irb.26][SID=100] jdhcpd_packet_relay: *** relaying packet *** Apr 12 14:34:16.523608 [INFO] [default:default][RLY][INET][irb.26][SID=100] jdhcpd_packet_relay: Broadcast response for 0.0.0.0 Apr 12 14:34:16.523751 [INFO] [default:default][RLY][INET][irb.26] jdhcpd_io_send_packet: DHCP PDU from 10.193.18.1 to 255.255.255.255 port 68 out interface 554 len 300 Apr 12 14:34:47.536371 [INFO] jdhcpd_io_l2ng_pfe_reader: jdhcpd_pfe_pkt_hdr_t: len 141946028 L3ifindex = 328, L2ifindex = 553, dpi_rtbl=564 Apr 12 14:34:47.536417 [INFO] [irb.25] jdhcpd_io_get_ifs: The L3 interface is 553 and L2 interface is 564, using the L3 interface Apr 12 14:34:47.536440 [INFO] [default:default][RLY][INET][irb.25] jdhcpd_io_pfe_packet: LOCAL : recv sa 10.193.0.71 da 255.255.255.255, src_port 68, dst_port 67 if name irb.25 len 300 Apr 12 14:34:47.536456 [ERROR] jdhcpd_security_packet_handle: Interface >ae4.0< packet_flags:200 Apr 12 14:34:47.536467 security-packet-handle sus_l2:ae4.0 Apr 12 14:34:47.536478 [INFO] jdhcpd_security_packet_handle: security-packet-handle sus_l3:irb.25 Apr 12 14:34:47.536490 [INFO] jdhcpd_security_packet_handle: security-packet-handle input bd USERS-25 Apr 12 14:34:47.536649 security-packet-handle default/default-switch/USERS-25 dhcp-security not configured
My dhcp-relay configuration:
set forwarding-options dhcp-relay forward-snooped-clients all-interfaces set forwarding-options dhcp-relay overrides allow-snooped-clients set forwarding-options dhcp-relay overrides always-write-giaddr set forwarding-options dhcp-relay overrides bootp-support set forwarding-options dhcp-relay overrides send-release-on-delete set forwarding-options dhcp-relay overrides delete-binding-on-renegotiation
Why do such errors occur in the dhcp server log?
I am planning to use an EX2300-48MP switch in a low latency required UDP multicast network. The UDP network transmitter and receiver are VME board computers(SBCs) and it has 1GbE Ethernet interface.
I have measured the latency of the switch.
Surprisingly I got a latency of 6micro seconds for 2.5Gbps(16 to 31) port and 2.3micro seconds for 1Gbps (0 to 15).
My expectation was the other way around, i.e., 2.5Gbps port will have low latency. Does anybody has any clue why the switch behaves in this way?
Thanks in advance for your reply
Hello!
On our QFX5100 boxes we're using the following SP-style configuration to limit max. MAC addresses on interface:
minotaur@asw1-sp.ki# show vlans PUBLIC switch-options interface xe-0/0/0.777
interface-mac-limit {
1;
packet-action drop-and-log;
}
static-mac a0:36:9f:73:0f:02;
no-mac-learning;It works fine on 17.2R3.4 and 17.4R1-S3.3. But support in 18.4R1.8 looks broken:
minotaur@asw3-sp.ki# show vlans PUBLIC
##
## Warning: Interface mac limit should not be configured at VLAN level for sub interfaces
##
interface xe-0/0/47.777;
interface ae0.777;
switch-options {
interface xe-0/0/47.777 {
interface-mac-limit {
1;
packet-action drop-and-log;
}
}
}I was not able to find any other place to configure MAC limiting. Any ideas are kindly appreciated! Thanks!
Hi all,
When looking at the following errors on EX switches in VC, is about TTL, L3MTU and IPMCAST. These messages are time-to-time have been generating... What troublesthooting approach should be taken to idetify the case and resolving? Any ideas please?
DDOS_PROTOCOL_VIOLATION_SET: Warning: Host-bound traffic for protocol/exception TTL:aggregate exceeded its allowed bandwidth at fpc 0 for 30 times, started at xxxx
DDOS_PROTOCOL_VIOLATION_SET: Warning: Host-bound traffic for protocol/exception L3MTU-fail:aggregate exceeded its allowed bandwidth at fpc 0 for 30 times, started at xxxx
DDOS_PROTOCOL_VIOLATION_SET: Warning: Host-bound traffic for protocol/exception IPMCAST-miss:aggregate exceeded its allowed bandwidth at fpc 1 for 252 times, started at xxxx
Thanks,
Arix...
Experts,
Having Aerohive 650 & 650X I wonder if I have a chance to get speed of these ports to 2.5GB - what latest software support that?
Aerohive 650 supports 1 & 2.5 GB uplink port.
Thank you,
Not sure if I am missing something, but I am unable to ping device in the same subnet/VLAN except for the gateway which is an ASA. Any config on the EX that is cause this behaviour?
EMOH-EXPR1M3> show configuration interfaces vlan.88 | display set
set interfaces vlan unit 88 family inet address 192.168.255.131/26
MOH-EXPR1M3> show vlans brief
Ports
Name Tag Primary Address Active/Total
LAB 88 192.168.255.131/26 4/5
merit316@EMOH-EXPR1M3> show arp no-resolve
MAC Address Address Interface Flags
78:72:5d:00:d8:6f 192.168.255.129 vlan.88 none
b0:7f:b9:47:d2:fb 192.168.255.148 vlan.88 none
00:50:56:63:1f:70 192.168.255.149 vlan.88 none
--- 192.168.255.129 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.429/2.983/3.612/0.442 ms
{master:0}
merit316@EMOH-EXPR1M3> ping 192.168.255.148
PING 192.168.255.148 (192.168.255.148): 56 data bytes
^C
--- 192.168.255.148 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
{master:0}
merit316@EMOH-EXPR1M3> ping 192.168.255.149
PING 192.168.255.149 (192.168.255.149): 56 data bytes
^C
--- 192.168.255.149 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
0.0.0.0/0 *[Static/5] 4d 01:47:25
> to 192.168.255.129 via vlan.88
3.16.220.0/32 *[Direct/0] 4d 01:47:56
> via lo0.0
9.175.50.6/31 *[OSPF/10] 4d 01:46:15, metric 11
> to 192.168.255.129 via vlan.88
192.168.0.252/30 *[OSPF/10] 1d 05:19:16, metric 11
> to 192.168.255.129 via vlan.88
192.168.255.128/26 *[Direct/0] 4d 01:47:25
> via vlan.88
192.168.255.131/32 *[Local/0] 4d 01:47:34
Local via vlan.88
224.0.0.5/32 *[OSPF/10] 4d 01:48:00, metric 1
MultiRecv
Hello,
I would like to know if it is possible to change the POE Mode on my juniper switch EX2300-48P from 802.3at to 802.3af. I am trying to configure an access point which supports only 802.3af.
From what i have searched, 802.3at covers 802.3af. But I don't see any thing on the port or APoint.
Here are a few details if that might help:
admin@sw-jun-poc-2> show poe interface ge-0/0/6
PoE interface status:
PoE interface : ge-0/0/6
Administrative status : Enabled
Operational status : OFF
Operational status detail : Detection In Progress
FourPair status : Disabled
Power limit on the interface : 15.4W
Priority : High
Power consumed : 0.0W
Class of power device : not-applicable
PoE Mode : 802.3at
############################
admin@sw-jun-poc-2> show interfaces ge-0/0/6 brief
Physical interface: ge-0/0/6, Enabled, Physical link is Down
Link-level type: Ethernet, MTU: 1514, LAN-PHY mode, Speed: Auto, Loopback: Disabled, Source filtering: Disabled, Flow control: Disabled, Auto-negotiation: Enabled, Remote fault: Online,
Media type: Copper, IEEE 802.3az Energy Efficient Ethernet: Disabled, Auto-MDIX: Enabled
Device flags : Present Running Down
Interface flags: Hardware-Down SNMP-Traps Internal: 0x4000
Link flags : None
Logical interface ge-0/0/6.0
Flags: Device-Down SNMP-Traps 0x24024000 Encapsulation: Ethernet-Bridge
eth-switch
Thank you.
NOTE: I came across this issue at my work, and have since built a small lab to isolate the problem.
Hi everyone!
I have three EX4200s (We'll call them A, B, C) running 12.3R12.4 with basically a stock configuration. They're connected in a loop, all vlans trunked, with MSTP running (all vlans in the CIST). I configured the port cost higher on switch C, so that the port connecting over to switch B would block. Everything works fine just as you'd expect.
Now, I connect a Cisco Catalyst 3650 to switch A and trunk all the vlans over. The Catalyst runs rapid pvst+ on all VLANs. For years this ran just fine, the two different STPs not interfering with the other. This works perfectly fine in my test environment.
Now, part of some routine maintenance, I swapped out switch C for a 4300, configured the MSTP port cost over to switch B the same way as the old one. The port blocks just fine, and is labeled as an alternate path just like before. All is well!
Here's the problem: on the 4300, even though the port is in MSTP block mode, the rapid pvst+ traffic from the Cisco is still passing though the blocked interface. This means the rapid pvst+ traffic is looping continuously, and going back to the Cisco. The Cisco immediately blocks all vlans on the link over to switch A.
The only fix I can find for this is to instead set the port cost on one of the other 4200s, so that the trunk interface is blocked on the 4200 side and not the 4300 side. The 4200 does not let the rapid pvst+ packets to traverse the blocked interface, but the 4300 does.
Any help would be much appreciated.
Hi all,
There are following log messages ongoing on various fpc linecards. Some of them are below.
fpc5 ppe_img_ucode_redistribute Failed to evict needed instr to GUMEM - 14 left
fpc0 ppe_img_ucode_redistribute Failed to evict needed instr to GUMEM - 13 left.
.......
...........
................
Output of show chassis fpc errors is attached.
The case should be concerned or? If yes, what troublehooting approaches can be undertaken?
Thx,
Erimix
Can someone explain to me tcam usage on the EX4600 platform? I understand that the available tcam space is split between egress and ingress and how to calculate how much tcam space a particular filter is using. What I don't get it why my total available tcam space goes up or down based on how many irb's I have defined.
Dear Team,
I have two EX8208 switches (version:12.2R2.4) in VC mode and configured sflow on it.
My sflow collector is connected to Ex8208 through Ex3300.
Sflow collector ----->(ge-0/0/1) Ex3300 (ae0) ----->(ae31) Ex8208
ex3300 connected with both Ex8208 (master and backup) switch with ae31. ( Master-Backup interface added in ae. )
But when both Ex8208 is connected with ex3300 Sflow not working
But when backup Ex8208 is down sflow working.
Why Sflow is working on a single (master) switch? Please suggest.
Find attached diagram
I just got a pair of EX4600 switches with one EX4600-EM-8F module each. On every JunOS version that I've tried - 19.1R1.6, 18.4R1.8, 18.3R1.9, 18.1R2.6, 14.1X53-D49.1 - inserting the EX4600-EM-8F module into a switch causes its dashboard view in J-Web to go blank; displaying just the gray switch chassis without any ports. Removing the module and refreshing J-Web fixes the problem. If the switches are configured in virtual chassis, then only the switch that has the module installed has the issue - the one without the module displays the dashboard correctly. Web browser doesn't matter; tried it in Chrome, Firefox, IE and Edge.
Also, if I run the initial configuration in versions 18.x and 19.1 with the module installed, committing the configuration is impossible - I receive an error 'Failed to open /var/run/db/enable-process.data+ file'. If I remove the module, commit the configuration, then re-insert it, further commits work without issues.
Am I missing something obvious here?