I have a VCF of all qfx5100 with 14.1X53-D35.3 code.

suddenly a commit cant reach the backup RE.

seems to be running the VCF protocols but comms are down?

rebooted the member, zeroised the member and has come back up and is back in VCF but still the same.

a show virtual-chassis status shows the node.

a show chassis hardware doesnt show the node.

I login to the node and see:

{backup:1}
root> show chassis hardware
Hardware inventory:
Item Version Part number Serial number Description
Chassis
Pseudo CB 1
Fan Tray 0 QFX5100 Fan Tray 0, Front to Back Airflow - AFO
Fan Tray 1 QFX5100 Fan Tray 1, Front to Back Airflow - AFO
Fan Tray 2 QFX5100 Fan Tray 2, Front to Back Airflow - AFO
Fan Tray 3 QFX5100 Fan Tray 3, Front to Back Airflow - AFO
Fan Tray 4 QFX5100 Fan Tray 4, Front to Back Airflow - AFO

wheres the rest of the hardware?

Hi,

I'm getting a little confused with max distances with qfx qsfp+.

QFX-QSFP+-40GbaseSR4 are given for distance of 100m over om3 mmf, 150m over om4 MMF.

I get it that we can configure the QSFP+  as a 40G unique channel or as 4 separate 10GbaseSR interfaces.

Simple question :

when split to 4x10GBaseSR separate interfaces,

-1/ does the max distances stated for QFX-QSFP+-40GbaseSR4 (100m@om3, 150m@om4) remain the max distances available on each 10GbaseSR interface ?

-2/ ... or does the max distance becomes the same as a native SFP+ 10GBaseSR interface (300m@om3, 400m@om4).

Not talking about the ESR4 qsfp+ here, just the basic SR4 qsfp+.

Juniper representative told me 1/ was correct.

Cisco told me 2/ was correct (on their boxes...).

So... who's right and who's wrong ...?

Pascal

Hi,

Is there any chance to configure two ex3300 switches in virtual chassis , while first one is EX3300-24 port and the second one is EX3300-48 port ?

Hello Posting here in a run up to open cases left and right.

Last friday I had the following issue occur which we only resolved by taking the effected switch(s) out of the network.

We are in the process of upgrading our Network from EX4200 to EX4300 and QFX5100 to accomidate our mixed infrastructure with a heavy production need of our VMware platform. To do this I want to use the 5100's as our "core" using 2 virtual chassis idenpentantly configured as VC's in 2 of our 3 fire zones in the datacenter. Currently I only have a functional interconnect between core01 to core02 (qfx's) and as leafs I have the EX4300 Connected to each of them. Firezone 2 is only connected to firezone 2 and between rooms to eachother as a daisy chain(for now).

All together there are 4 QFX5100's and 10 EX4300 interconnected to each other, till I sotrt the issue with the QFX's only as a daisy chain.

Now to the problem  :

Initially it ran fine having about 40 Vmware hosts cross connected to all the switches (not every host to every switch but to switches in its respective racks/rooms) Last friday all off a sudden the QFX in Firezone 3 stopped passing IP traffic , initially we suspected the switch to be dead but it was running and with LLDP I could see its respective neighbors however anythign connected to this switch was not reachable via IP. We have rebooted the switch and looked at logs. But except the current software known software bug that spams the logs full there was nothing to see.

We in the end restored traffic via patching the interconenct directlly onto the EX4300 in either firezone and completelly excluding the QFX's from the switched network.

As we are planning on using VxLAN with the QFX's we have no STP of anyform and this is a open todo to resolve the redundancy, but ok that is why it is not configured.

Me Systems Engineering and our Backbone team differ in opnion into cause , effect and resolution here so want to see if this soudns familiar to anyone.

Dear All

I had an issue about a month ago with a EX4300 Virtual Chassis which Juniper Support helped resolve (2 thumbs up to Juniper Support to get the issue fixed).  During the support call the Engineer asked for a copy of the configuration (RSI).  When they examined the configuration they noticed we had 14 IP address in one VRRP group and the maximum number should be 8 IP Address per VRRP Group.  This was not the cause of the issue, but Juniper have advised I should split the IP Address down to more groups.

I have VRRP setup in a couple of different location and most of these location are not on the same layer2 network.

My Question is, if I have 2 different VRRP-groups setup, one at site A and one at site B and I use the same VRRP Group ID and I connected the 2 sites at layer2 with no security between the 2 sites will VRRP try and converge the VRRP groups at site A and site B into one large VRRP group?  Is there a way to say which Virtual Chassis's are a part of the VRRP Group.

And what is the maximum number of VRRP-group's I can have, or should I say what is the upper limit of the VRRP-Group ID?  

Richard

Hi All,

During my studies about QFX-5100-48T virtual chassis I noted that there is a kind of lack in the documentation about the switch over-subscription's topic.

The 2 sets of built-in interfaces on QFX-51000-48T, 48 10GbE (connecetd to end hosts) and 6 40GB (uplink) can offer a switch-oversubscritpion of 2:1, (480Gb : 240Gb). So far so good.
Jumping now on virtual-chassis topic (please note I am not talking about virtual chassis fabric)I further read that the traffic going from one switch to another in a ring topology is subject to nondeterministic over-subscription, depending on how many devices are between the source and the destination.
My question now is: how can I compute the switch over-subscription in case of a virtual-chassis with 10 Node's members?
If the books mentions non-deterministic over-subscription, is it really impossible to analise or plan the performance, in terms of over-subscription?

Thanks for reading my doubts.

Hi together

We have a customer with different sites which are connected through a QinQ network and all these sites need a local router/switch. Thus we use some Cisco switches to do the double tagging Q-in-Q part and a second Juniper EX switch for  local routing/switching/dhcp/dns/acl part at the customers site.

Now we had the idea to combine these functionalities in one device and for this I review the EX-2200-C switches (12.3R12.4 with EFL).

I can configure Q-in-Q for for customer facing ports and so we are able to replace the cisco switch. But we still need two devices to bring these services into the customer network.

Is it anyhow possible to terminate this Q-in-Q-Link in a local routing instance? Or from a different perspective, how can I configure a inet address inside customers vlan which gets double tagged on the uplink? Unfortunately I didn't find any documentation on this.

Thanks,

Holger

There are large ex4300 stacks with hundreds of access ports.  The bulk of these ports are access ports on a single VLAN, but there are exceptions sprinkled about.

With Junos 13.2, the exception interfaces can be configured with a VLAN, and this specific VLAN config overrides the config inherited by the interface-range it is a part of.

Apparently with 14.1, the more specific config under an interface does not overrite the inheritance, but is merged with it.  So the config check will error out because it looks (for the exceptions with specific interface configs) that more than one VLAN is configured on an access port.  This looks like a backward step, making interface config more cumbersome, has anyone else run into this?

This code does not work in our EX-4600, is there a way to make it work.?

        ##
        ## Warning: configuration block ignored: unsupported platform (ex4600-40f)
        ##
        dhcp {
            maximum-lease-time 1000;
            default-lease-time 1000;
            domain-name mass.com;
            name-server {
                10.10.10.10;
                10.2.0.1;
                10.2.0.3;
            }
            domain-search {
                mass.com;
            }
            router {
                10.10.110.254;
            }
            server-identifier 10.10.9.254;
        }
    }

Since we wanted to receive alarms from Junos Space / Network Director about tempretures on EX switches , its possible . But if you want to receive temp. alarms once switch reaches specific temp. , then it need to be confgured on the EX .

Note: Change of Temperature thresholds on EX switch is not recommended by JTAC.

Tested by me on EX switch 3300 , JunOS: 12.3R9

This is hidden command , so type "set chassis temperature-threshold ?" at once

{master:0}[edit]
master@SW-EX3300# set chassis temp
^
syntax error.
master@SW-EX3300# set chassis temperature-threshold ?
Possible completions:
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
fire-shutdown Threshold at which router will be shutdown within 10 seconds (degrees C)
red-alarm Threshold at which red alarm is set (degrees C)
red-alarm-if-failed-fan Threshold at which red alarm is set when bad fan present (degrees C)
yellow-alarm Threshold at which yellow alarm is set (degrees C)
yellow-alarm-if-failed-fan Threshold at which yellow alarm is set when bad fan present (degrees C)
{master:0}[edit]
master@SW-EX3300# set chassis temperature-threshold red-alarm ?
Possible completions:
<red-alarm> Threshold at which red alarm is set (degrees C)
{master:0}[edit]

HI,
I have EX2200 switch and my necessary configure dhcp relay option. In documentation I found two commands for it, helper bootp and dhcp-relay. In documentation not indicate exactly distinction between this two comands.

Do dhcp relay  is more extended version helper boopt? Do in typicaly situation (switch as dhcp relay agent without extra requrement) use helper bootp?
Can You please explain different and existence this commands? 

Hello

I have a situation.  On our floor I have 1 SRX220.  It connects to a Cisco 3560 switch with mm fiber.  From the Cisco siwtch it has to convert it to a single mode fiber to an EX2200 switch that is at another building.  I allowed all vlans in a trunk mode to go accross to the SRX and I can not get a SHCP on the LAN side.  I get a 169 IP.  On the SRX and EX2200 both are in trunk mode and all vlans are going accross.  Now the one off is that the Cisco switch is in the middle because it has to go from mm fiber where the SRX sits to a single mode fiber where the EX2200 switch sits.  Any ideas??

Hi, 

I have a question for ex9200 sf2 module.

On the sf2 module, I could see two sfp interface beside External clock interface.

I know that it can't be used as an Ethernet port, but I'm not sure where the ports are used.

Is there someone who know that this port is used where ?

Thank you,

Hello,

I have a topology composed of 6 EX3300 in VC.

1 is master , one other is backup (botj have same weight, 129). The four others are linecard.

I've done an upgrade from 12.3R9 to 12.3R12 few days ago.

During this upgrade, i've noticed NSB is not activated in my preprovisionned VC.

GRES is activated:

root@sw-cloud-ex3300-stack> show configuration chassis
redundancy {
graceful-switchover;
}

Tonight, all my LACP linksflapped (40 links approximately in my VC). Problem started at 01:42:53

I can't find something interresting in logs except LACP timeout.

Jun 7 00:53:28 sw-cloud-ex3300-stack xntpd[10092]: NTP Server Unreachable
Jun 7 00:53:44 sw-cloud-ex3300-stack last message repeated 8 times
Jun 7 01:11:01 sw-cloud-ex3300-stack last message repeated 9 times
Jun 7 01:28:03 sw-cloud-ex3300-stack xntpd[10092]: NTP Server Unreachable
Jun 7 01:28:19 sw-cloud-ex3300-stack last message repeated 8 times
Jun 7 01:42:53 sw-cloud-ex3300-stack sfid[1303]: JTASK_SCHED_SLIP_KEVENT: 21 sec 481478 usec kevent block
Jun 7 01:42:53 sw-cloud-ex3300-stack chassism[1302]: JTASK_SCHED_SLIP_KEVENT: 21 sec 486749 usec kevent block
Jun 7 01:42:53 sw-cloud-ex3300-stack lldpd[10106]: JTASK_SCHED_SLIP: 21 sec scheduler slip, user: 0 sec 0 usec, system: 0 sec, 557 usec
Jun 7 01:42:53 sw-cloud-ex3300-stack eswd[10087]: JTASK_SCHED_SLIP_KEVENT: 21 sec 526552 usec kevent block
Jun 7 01:42:53 sw-cloud-ex3300-stack eswd[10087]: Root bridge in context 0 changed from 4:cc:4e:24:3a:e9:b8 to 8192:84:b5:9c:46:79:01
Jun 7 01:42:53 sw-cloud-ex3300-stack cfmd[10091]: JTASK_SCHED_SLIP_KEVENT: 23 sec 280174 usec kevent block
Jun 7 01:42:53 sw-cloud-ex3300-stack /kernel: KERN_LACP_INTF_STATE_CHANGE: lacp_update_state_userspace: cifd ge-2/0/2 - ATTACHED state - acting as standby link
Jun 7 01:42:53 sw-cloud-ex3300-stack lacpd[1329]: LACPD_TIMEOUT: ge-2/0/2: lacp current while timer expired current Receive State: CURRENT
Jun 7 01:42:53 sw-cloud-ex3300-stack sflowd[10107]: JTASK_SCHED_SLIP_KEVENT: 24 sec 297734 usec kevent block
Jun 7 01:42:53 sw-cloud-ex3300-stack mcsnoopd[10108]: JTASK_SCHED_SLIP_KEVENT: 23 sec 337595 usec kevent block
Jun 7 01:42:53 sw-cloud-ex3300-stack rpd[1319]: RPD_SCHED_SLIP_KEVENT: 22 sec 425412 usec kevent block
Jun 7 01:42:53 sw-cloud-ex3300-stack lacpd[1329]: LACPD_TIMEOUT: ge-2/0/10: lacp current while timer expired current Receive State: CURRENT
Jun 7 01:42:53 sw-cloud-ex3300-stack /kernel: KERN_LACP_INTF_STATE_CHANGE: lacp_update_state_userspace: cifd ge-2/0/10 - ATTACHED state - acting as standby link
Jun 7 01:42:53 sw-cloud-ex3300-stack lacpd[1329]: LACPD_TIMEOUT: ge-2/0/9: lacp current while timer expired current Receive State: CURRENT
Jun 7 01:42:53 sw-cloud-ex3300-stack /kernel: KERN_LACP_INTF_STATE_CHANGE: lacp_update_state_userspace: cifd ge-2/0/9 - ATTACHED state - acting as standby link
Jun 7 01:42:53 sw-cloud-ex3300-stack bdbrepd: Subscriber Management is not ready for GRES
Jun 7 01:42:53 sw-cloud-ex3300-stack lacpd[1329]: LACPD_TIMEOUT: ge-3/0/10: lacp current while timer expired current Receive State: CURRENT
Jun 7 01:42:53 sw-cloud-ex3300-stack /kernel: ae_bundlestate_ifd_change: bundle ae31: bundle IFD minimum links not met 0 < 1
Jun 7 01:42:53 sw-cloud-ex3300-stack /kernel: KERN_LACP_INTF_STATE_CHANGE: lacp_update_state_userspace: cifd ge-3/0/10 - ATTACHED state - acting as standby link
Jun 7 01:42:53 sw-cloud-ex3300-stack lacpd[1329]: LACP_INTF_DOWN: ae31: Interface marked down due to lacp timeout on member ge-3/0/10
Jun 7 01:42:54 sw-cloud-ex3300-stack lacpd[1329]: LACPD_TIMEOUT: ge-3/0/9: lacp current while timer expired current Receive State: CURRENT
Jun 7 01:42:54 sw-cloud-ex3300-stack lacpd[1329]: LACP_INTF_DOWN: ae30: Interface marked down due to lacp timeout on member ge-3/0/9
Jun 7 01:42:54 sw-cloud-ex3300-stack /kernel: ae_bundlestate_ifd_change: bundle ae30: bundle IFD minimum links not met 0 < 1
Jun 7 01:42:54 sw-cloud-ex3300-stack /kernel: KERN_LACP_INTF_STATE_CHANGE: lacp_update_state_userspace: cifd ge-3/0/9 - ATTACHED state - acting as standby link
Jun 7 01:42:54 sw-cloud-ex3300-stack lacpd[1329]: LACPD_TIMEOUT: ge-5/0/11: lacp current while timer expired current Receive State: CURRENT
Jun 7 01:42:54 sw-cloud-ex3300-stack /kernel: KERN_LACP_INTF_STATE_CHANGE: lacp_update_state_userspace: cifd ge-5/0/11 - ATTACHED state - acting as standby link
Jun 7 01:42:54 sw-cloud-ex3300-stack eswd[10087]: Root bridge in context 0 changed from 8192:84:b5:9c:46:79:01 to 4:cc:4e:24:3a:e9:b8

I think the only interessting information is Subscriber Management is not ready for GRES

Is LACP flaps are linked to NSB not activated ? How can I debug this nihght issue ?

Thanks,

Hi and thanks in advance.

I have this issue.(both Juniper & Cisco stack or virtual chassis)

Juniper EX4200 CORE with Ge1/0/8 trunk port with Vlan1 added as native (in order to "talk" with Cisco)

Cisco Catalyst 2960X with Gi5/0/1 trunk Vlan1 native

Cisco 2960X Gi5/0/1 trunk -------------------------------------------------Ge1/0/8 Trunk Juniper EX4200

Trunk allowed Vlan1,100,114,120                                         Trunk allowed Vlan1,100,114,120

PVST enabled                                                                     VSTP enabled ALL Vlans

so I get this from Juniper side

Ethernet-switching table: 6 unicast entries

  VLAN              MAC address       Type         Age Interfaces

  VLAN-CORE         *                 Flood          - All-members

  VLAN-CORE         00:90:f5:e4:08:5f Learn          0 ge-1/0/8.0

  VLAN-CORE         38:20:56:11:24:01 Learn          0 ge-1/0/8.0

  VLAN-DGFE         *                 Flood          - All-members

  VLAN-DGFE         38:20:56:11:24:01 Learn          0 ge-1/0/8.0

  VLAN-USIP-TECNICOS *                Flood          - All-members

  VLAN-USIP-TECNICOS 38:20:56:11:24:01 Learn         0 ge-1/0/8.0

  VLAN1             *                 Flood          - All-members

  VLAN1             38:20:56:11:24:01 Learn          0 ge-1/0/8.0

  VLAN1             38:20:56:11:24:40 Learn         32 ge-1/0/8.0

{master:4}

aromay@AGC-IDF-CORE-PR> show ethernet-switching table interface ge-1/0/8

Ethernet-switching table: 0 unicast entries

{master:4}

aromay@AGC-IDF-CORE-PR> show ethernet-switching table interface ge-1/0/8

Ethernet-switching table: 0 unicast entries

  VLAN              MAC address       Type         Age Interfaces

  VLAN-CORE         *                 Flood          - All-members

  VLAN-DGFE         *                 Flood          - All-members

  VLAN-USIP-TECNICOS *                Flood          - All-members

  VLAN1             *                 Flood          - All-members

{master:4}

aromay@AGC-IDF-CORE-PR> show ethernet-switching table interface ge-1/0/8

Ethernet-switching table: 3 unicast entries

  VLAN              MAC address       Type         Age Interfaces

  VLAN-CORE         *                 Flood          - All-members

  VLAN-DGFE         *                 Flood          - All-members

  VLAN-DGFE         38:20:56:11:24:01 Learn          0 ge-1/0/8.0

  VLAN-USIP-TECNICOS *                Flood          - All-members

  VLAN-USIP-TECNICOS 38:20:56:11:24:01 Learn         0 ge-1/0/8.0

  VLAN1             *                 Flood          - All-members

  VLAN1             38:20:56:11:24:01 Learn          0 ge-1/0/8.0

as you can see everytime I refresh the command it connects, disconnects, and so

Same Cisco side

What seems to ne the problem?

before this I had RSTP on Juniper and ports blocked, NOW with VSTP I can see ports BUT get disconnected???

I want to use the same vlan-id and vlan or irb in both switches. Is this possible with out any alarms or errors.?



dear community,

we're integrating a virtual chassis formed by 4 Juniper qfx, 2x5100 48 t  and 2x qfx 5100 96s.

for the 48T ones, most of the acces ports are meant to be 1G ones UTP

When configuraing the L2 somehow we found out that the only way to work out was to configure these interafces and its vlan under the "xe-" interface section  vs the "ge-" interface section. Is this right? i mean, despite the speed we need on the port, are these ones always configured under the xe-x/x/x vs the ge-?

This lead us to a problem that it seems all the servers connect just at 100Mbps half-duplex.

Somehow we could not find the way to set the xe interafce speed at 1G

Even o the show interface it says that the media is phiber vs copper

Any idea s really appreciatted.

Thanks

Gabriel.

Is it possible to use the active QSFP+ DAC cables (7 or 10 meter) with the EX4300 switches for VC connections?

In most Juniper documention, it shows that the active cables only work with the QFX switches.

Thanks in advance!

I have an EX4200 running as a switch/router. I have a few Servers on a VLAN. I am looking to create a Firewall Filter and apply this filter to the VLAN with the Servers. The goal of allowing RDP (TCP3389) from a subnet (i.e. 192.168.1.0/24), then Deny RDP(TCP3389) from all other subnets, but allowing all other traffic to and from these Servers from everything. Can someone help me out with the format i should be using here? I have tried a few things without success.

Thank!

I have Juniper 4500/4200 switches; 4500 configured as L3 and multiple L3 subinterfaces are created  and tagged across  4200 switches in differnet locations.

My problem is that I am not able to access hosts in one subnet but able to ping L3 sub interface IP from any location, Checked end hosts ip address subnet mask and default gateway looks fine, pointed towards same sub interface IP created in 4500 (L3 switch)

Please advise...