Hey Guys,

What do I have wrong?

I can get an IP if I use access mode and switch to untagged in the rest of my network, but tagging isn't working. 

ae1 = Trunk to Distro switch with a LACP, then that switch has an interface connected to DHCP server with all vlans tagged. 

Ge-[1-2]/0/3 = connection to downstream devices with vlans tagged on their nics

See anything wrong? 

vlans {
    Hosted {
        vlan-id-list 1-3999;
    }
    default {
        vlan-id 4000;
    }


    ae1 {
        flexible-vlan-tagging;
        unit 0 {
            family ethernet-switching {
                interface-mode trunk;
                vlan {
                    members all;


    ge-1/0/2 {
flexible-vlan-tagging;
unit 0 {
    family ethernet-switching {        interface-mode trunk;        vlan {            members all;        }    }
}
                }                       
            }
        }
    }
    ge-1/0/3 {
        ether-options {
            802.3ad ae1;
        }
    } ge-0/0/2 {
flexible-vlan-tagging;
unit 0 {    family ethernet-switching {        interface-mode trunk;        vlan {            members all;        }    }
}
    ge-0/0/3 {
        ether-options {
            802.3ad ae1;
        }
    }

We have a EX4600 VC Core, and our Infosec team wants to get a span port on each CORE, capturing all interfaces on each CORE.

Core-1 NIC1 using port ge-0/2/6, Core-2 NIC2 ge-1/2/6.

I tried using the ae interfaces in the config, to simplify the number of interface lines, but it does not allow analyzer 1 to monitor the same Uplink ae ports as analyzer 2.  Switched to a interface based config.  Still seems conflicted.  Here's what I have:

CORE-1
set interfaces xe-0/2/6 unit 0 family ethernet-switching
set interfaces xe-0/2/6 description “The Eye NIC1”
set forwarding-options analyzer TheEye-NIC1-monitor input ingress interface ge-0/0/2
set forwarding-options analyzer TheEye-NIC1-monitor input ingress interface ge-0/0/3
set forwarding-options analyzer TheEye-NIC1-monitor input ingress interface ge-0/0/6
set forwarding-options analyzer TheEye-NIC1-monitor input ingress interface ge-0/0/7
set forwarding-options analyzer TheEye-NIC1-monitor input ingress interface ge-0/0/8
set forwarding-options analyzer TheEye-NIC1-monitor input ingress interface ge-0/0/9
set forwarding-options analyzer TheEye-NIC1-monitor input ingress interface ge-0/0/10
set forwarding-options analyzer TheEye-NIC1-monitor input ingress interface ge-0/0/11
set forwarding-options analyzer TheEye-NIC1-monitor input ingress interface ge-0/0/13
set forwarding-options analyzer TheEye-NIC1-monitor input ingress interface ge-0/0/21
set forwarding-options analyzer TheEye-NIC1-monitor input ingress interface ge-0/0/22
set forwarding-options analyzer TheEye-NIC1-monitor input ingress interface ge-0/0/23
set forwarding-options analyzer TheEye-NIC1-monitor input ingress interface xe-0/1/0
set forwarding-options analyzer TheEye-NIC1-monitor input ingress interface xe-0/1/6
set forwarding-options analyzer TheEye-NIC1-monitor input ingress interface xe-0/2/0
set forwarding-options analyzer TheEye-NIC1-monitor input ingress interface xe-0/2/1
set forwarding-options analyzer TheEye-NIC1-monitor output interface xe-0/2/6

CORE-2
set interfaces xe-1/2/6 unit 0 family ethernet-switching
set interfaces xe-1/2/6 description “The Eye NIC2”
set forwarding-options analyzer TheEye-NIC2-monitor input ingress interface
set forwarding-options analyzer TheEye-NIC2-monitor input ingress interface ge-1/0/2
set forwarding-options analyzer TheEye-NIC2-monitor input ingress interface ge-1/0/3
set forwarding-options analyzer TheEye-NIC2-monitor input ingress interface ge-1/0/6
set forwarding-options analyzer TheEye-NIC2-monitor input ingress interface ge-1/0/7
set forwarding-options analyzer TheEye-NIC2-monitor input ingress interface ge-1/0/8
set forwarding-options analyzer TheEye-NIC2-monitor input ingress interface ge-1/0/9
set forwarding-options analyzer TheEye-NIC2-monitor input ingress interface ge-1/0/10
set forwarding-options analyzer TheEye-NIC2-monitor input ingress interface ge-1/0/11
set forwarding-options analyzer TheEye-NIC2-monitor input ingress interface ge-1/0/13
set forwarding-options analyzer TheEye-NIC2-monitor input ingress interface ge-1/0/21
set forwarding-options analyzer TheEye-NIC2-monitor input ingress interface ge-1/0/22
set forwarding-options analyzer TheEye-NIC2-monitor input ingress interface ge-1/0/23
set forwarding-options analyzer TheEye-NIC2-monitor input ingress interface xe-1/1/0
set forwarding-options analyzer TheEye-NIC2-monitor input ingress interface xe-1/1/6
set forwarding-options analyzer TheEye-NIC2-monitor input ingress interface xe-1/2/0
set forwarding-options analyzer TheEye-NIC2-monitor input ingress interface xe-1/2/1
set forwarding-options analyzer TheEye-NIC2-monitor output interface xe-1/2/6

Any ideas as to what I did incorrectly?  First time doing one of these SPAN ports on Juniper gear.

I am having trouble figuring out how to configure swap operations on client ports for specific VLANs while maintaining remaining C-TAGs.

I have a QinQ client facing port with the following requirements:

S-TAG 200

C-TAG 50 needs to have S-TAG 200 pushed when traversing the upstream trunk interface

C-TAG 60 needs to have S-TAG 200 pushed when traversing the upstream trunk interface

C-TAG 70 needs to be swapped for C-TAG 100 and then have S-TAG 200 pushed when traversing on upstream trunk interface.

C-TAG 80 needs to be swapped for C-TAG 150 and then have S-TAG 200 pushed when traversing on upstream trunk interface

Is this possible on the EX 2300?

Thank You

Hi,

I'm attempting to configure an EX-4300 (version "17.3-20180405.0 [builder]") to operate as a DHCP server on one of my VLANs (id=24).  "show dhcp server statistics" indicates No available addresses >0 (=N) and no DHCPOFFERs are being sent in response to DHCPDISCOVER (count = N), but a range has been specified (see below) and no clients have been bound yet.  IRB.24 address is 192.168.23.2.

set system services dhcp-local-server group DHCP1 interface irb.24
set access address-assignment pool POOL1 family inet network 198.168.23.0/24
set access address-assignment pool POOL1 family inet range RANGE1 low 198.168.23.200
set access address-assignment pool POOL1 family inet range RANGE1 high 198.168.23.240
set access address-assignment pool POOL1 family inet dhcp-attributes router 198.168.23.2
set access address-assignment pool POOL1 family inet dhcp-attributes server-identifier 198.168.23.2
set access address-assignment pool POOL1 family inet dhcp-attributes maximum-lease-time 43200
set access address-assignment pool POOL1 family inet dhcp-attributes option 42 ip-address 10.11.13.6

set access address-assignment pool POOL1 family inet dhcp-attributes name-server 8.8.8.8

Any suggestions would be much appreciated.

Thanks!

Hi All,

I am implementing COS/QOS to support Teams.

I have implemented a configuration and when checking it is not operating as expected.

Any help would be appreciated.

The configuration:

set class-of-service forwarding-classes class Network-Control queue-num 3
set class-of-service forwarding-classes class Voice queue-num 1
set class-of-service forwarding-classes class Mission-Critical queue-num 2
set class-of-service forwarding-classes class Best-Effort queue-num 0
set class-of-service interfaces ge-* scheduler-map access-port-sched
set class-of-service interfaces ae* scheduler-map network-port-sched
set class-of-service interfaces ae* unit * rewrite-rules dscp rewrite-dscp
set class-of-service rewrite-rules dscp rewrite-dscp forwarding-class Network-Control loss-priority low code-point nc1
set class-of-service rewrite-rules dscp rewrite-dscp forwarding-class Voice loss-priority low code-point ef
set class-of-service rewrite-rules dscp rewrite-dscp forwarding-class Mission-Critical loss-priority low code-point af41
set class-of-service rewrite-rules dscp rewrite-dscp forwarding-class Best-Effort loss-priority low code-point be
set class-of-service scheduler-maps access-port-sched forwarding-class Network-Control scheduler control-user-sched
set class-of-service scheduler-maps access-port-sched forwarding-class Voice scheduler voice-user-sched
set class-of-service scheduler-maps access-port-sched forwarding-class Mission-Critical scheduler Mission-Critical-sched
set class-of-service scheduler-maps access-port-sched forwarding-class Best-Effort scheduler be-sched
set class-of-service scheduler-maps network-port-sched forwarding-class Network-Control scheduler control-network-sched
set class-of-service scheduler-maps network-port-sched forwarding-class Voice scheduler voice-network-sched
set class-of-service scheduler-maps network-port-sched forwarding-class Mission-Critical scheduler Mission-Critical-sched
set class-of-service scheduler-maps network-port-sched forwarding-class Best-Effort scheduler be-sched
set class-of-service schedulers control-network-sched shaping-rate percent 5
set class-of-service schedulers control-network-sched buffer-size percent 5
set class-of-service schedulers control-network-sched priority strict-high
set class-of-service schedulers control-user-sched shaping-rate percent 1
set class-of-service schedulers control-user-sched buffer-size percent 5
set class-of-service schedulers control-user-sched priority strict-high
set class-of-service schedulers voice-network-sched shaping-rate percent 5
set class-of-service schedulers voice-network-sched buffer-size percent 5
set class-of-service schedulers voice-network-sched priority strict-high
set class-of-service schedulers voice-user-sched shaping-rate percent 1
set class-of-service schedulers voice-user-sched buffer-size percent 5
set class-of-service schedulers voice-user-sched priority strict-high
set class-of-service schedulers Mission-Critical-sched transmit-rate percent 40
set class-of-service schedulers Mission-Critical-sched buffer-size percent 40
set class-of-service schedulers Mission-Critical-sched priority low
set class-of-service schedulers be-sched transmit-rate remainder
set class-of-service schedulers be-sched buffer-size remainder
set class-of-service schedulers be-sched priority low
set firewall family ethernet-switching filter mf-class-classifier term voice-mf from source-port 50000-50019
set firewall family ethernet-switching filter mf-class-classifier term voice-mf then accept
set firewall family ethernet-switching filter mf-class-classifier term voice-mf then forwarding-class Voice
set firewall family ethernet-switching filter mf-class-classifier term voice-mf then loss-priority low
set firewall family ethernet-switching filter mf-class-classifier term voice-mf then count counter-voip
set firewall family ethernet-switching filter mf-class-classifier term Mission-Critical-video-mf from dscp af41
set firewall family ethernet-switching filter mf-class-classifier term Mission-Critical-video-mf from source-port 50020-50039
set firewall family ethernet-switching filter mf-class-classifier term Mission-Critical-video-mf then forwarding-class Mission-Critical
set firewall family ethernet-switching filter mf-class-classifier term Mission-Critical-video-mf then loss-priority low
set firewall family ethernet-switching filter mf-class-classifier term Mission-Critical-screen-AppShare-mf from dscp af21
set firewall family ethernet-switching filter mf-class-classifier term Mission-Critical-screen-AppShare-mf from source-port 50040-50059
set firewall family ethernet-switching filter mf-class-classifier term Mission-Critical-screen-AppShare-mf then forwarding-class Mission-Critical
set firewall family ethernet-switching filter mf-class-classifier term Mission-Critical-screen-AppShare-mf then loss-priority low
set firewall family ethernet-switching filter mf-class-classifier term default then forwarding-class Best-Effort
set firewall family ethernet-switching filter mf-class-classifier term default then loss-priority low

The interface:

set interfaces ge-1/0/5 unit 0 family ethernet-switching interface-mode access
set interfaces ge-1/0/5 unit 0 family ethernet-switching vlan members Users_9th_Floor_North
set interfaces ge-1/0/5 unit 0 family ethernet-switching filter input mf-class-classifier

The output:

Egress queues: 12 supported, 8 in use
Queue counters: Queued packets Transmitted packets Dropped packets
0 0 239066 663
1 0 0 0
2 0 0 0
3 0 12198 0
8 0 157121 0
9 0 0 0
10 0 0 0
11 0 1426 0
Queue number: Mapped forwarding classes
0 Best-Effort
1 Voice
2 Mission-Critical
3 Network-Control
8 mcast-be
9 mcast-ef
10 mcast-af
11 mcast-nc

CoS information:
Direction : Output
CoS transmit queue Bandwidth Buffer Priority Limit
% bps % usec
0 Best-Effort r r r 0 low none
1 Voice r r 5 0 strict-high none
2 Mission-Critical 40 400000000 40 0 low none
3 Network-Control r r 5 0 strict-high none

I hope this is enough information to help.

Thanks

Hello Team

I hope you are doing well.

I would like to buy Juniper switch as I have old Cisco 3560 which I want to replace with Juniper with 1Gbit ports.
I am experiance with Cisco networking, I would like to learn about juniper switching. Last year because of same reason I took Juniper SRX 240.

Is there big difference betweek old Juniper ver 12.xx and new, 15,18,19  in configuration ?

Which model you would like to suggest ?
I think about EX 3300.

Thank you in advance.

Hello,

VC with 7 switch EX4300-48P - Junos 18.2R3.4.
Several ports on different members do not learn MAC adresse of connected hosts.
Physical link is Up, Negotiation status: Complete, No errors,... all seems OK but no network on this ports.
Mac address table is empty for somme ports. Delete interface, re-create interface, disable/enable, disable/enable poe...

Nothing can be done about it!
What would you suggest to correct this problem?
Thanks

After MX480 got member-id in virtual chassis, fpc status still "present" and does not switched into "online" after rebooting. We are using MPC 3D 16x 10GE line card. Does it support Virtual Chassis?

Hi ,

Wondering what will be equivalent config in Juniper as in Cisco

Static Port Channels - Channel mode on in Cisco.

Seems running 19 code trains on EX 4300-MP with the  4x10G SFP+ uplink module connected LR / SR to Cisco switches

(3850, N7k9, 4500x) you have to set speed nonegotiate .  If you do not you will see link lights on your Juniper gear but not on the Cisco side.. We thought we have bad fiber / spf but as soon as we swapped out 4300-mp with 3400 or 2300 the links came up.

Did a little tshoot / wild guessing and  found you have to set speed nonegotiate on your Cisco side when connecting at 1gig.. 10gig works fine..    Hope it helps someone .

interface TenGigabitEthernet1/1/4
description uplink-2260-ex4300-10gig
switchport trunk native vlan 3967
switchport trunk allowed vlan 9,10,12,22,36
switchport mode trunk
switchport nonegotiate
speed nonegotiate

udld port disable
spanning-tree link-type point-to-point
ip dhcp snooping trust

Hello,

we have some old juniper ex4200 in our stock and it shows following warning in console :

--- JUNOS 12.3R3.4 built 2013-06-14 00:08:02 UTC

***********************************************************************
** **
** WARNING: THIS DEVICE HAS BOOTED FROM THE BACKUP JUNOS IMAGE **
** **
** It is possible that the primary copy of JUNOS failed to boot up **
** properly, and so this device has booted from the backup copy. **
** **
** Please re-install JUNOS to recover the primary copy in case **
** it has been corrupted and if auto-snapshot feature is not **
** enabled. **
** **
***********************************************************************

maybe our old technical team set to boot from backup, so is it safe to use this? because we do not have access to old staffs.

thanks,

Hi.

I am testing some layer2 redundancy using RTG groups.

Storm control are working just fine on a normal access or trunk interface.

I cant get storm control to work on RTG memeber interfaces.

Look at the configuration and topology drawing.

When i create a network loop I see 980mbits on the primary link in the RTG group.

I already created a jtac case, and the engineer are working on the case.

Just want to know if anyone else have trying to do what i am here?

Basicly i want to protect a redunadant Layer2 link to an customer against loop and layer2 storms, without using STP.

Using aggregated interfaces is not an option.

Kind regards

Jonas Pedersen

Denmark

Experiencing issues with getting port mirroring to function properly on a EX4600 virtual chassis, as our core.  JUNOS is last recommended.  JTAC says configuration is good, but still we have no solution.

We have a Secure Onion server, 2 NIC's 10G interfaces.  We've done serveral different configurations, but not much luck.

We've created  an analyzer for each NIC, one per switch, using ae interfaces [trunks from multiple IDF's connected to the core] in the configuration.  No luck.

We tried individual interfaces, instead of the ae interfaces.  Still no luck.

We reduced the analayzers to only one for the entire VC, and it only sees one server interface, which happens to be the only Access interface.

The infosec goal is to see Everything across the Core, from all interfaces. 

Anyone successful with a VC, and dual NIC spans/mirroring in place ? 

Hello,

i want to rewrite my entire file system but it says cannot load kernel from package (error 2) and this is output of my switch

loader>
loader>
loader> install --format file:///jinstall-12.3R6.6-domestic-signed.gz
cannot load kernel from package (error 2)
loader>

any idea how can i solve it?

thanks,

Hi community 

I would like to send tagged vlans from RADIUS (Aruba ClearPass) during AP's supplicant authentication. I would like to dynamically setup vlans on switch port for AP (Aruba Instant Access Point). I have some SSID and each SSID has a seperate vlan (there is no tunneling vlans to controller, only bridging) 

Is it possible ?  I have Juniper EX 3300 virtual chassis with Junos: 15.1R7.9. 

Anyone has any experience with similar config ? 

Regards

Karol 

Hello,

I have a juniper ex4200 and i connect a mikrotik ccr 1072 to it, but my mikrotik can not discover it,

1. my mikrotik ccr neighbour discovery is set to all interface

2. this my juniper configs

rstp;
lldp {
interface all;
}
lldp-med {
interface all;
}

any idea how solve it?

thanks

Hello,

I just installed many ex4200 as top of rack switches in my rack but their fans are spinning at highspeed, 

i check temp and it was ok, 

i touch the switches they were not hot and everything was ok.

i execute "show system alarms" "show chassis alarms" there were no alarms,

also there are no servers or devices installed in rack so the only devices in my rack are switches,

so is it normal?

thank you.

Hello !

I was trying to monitor traffic on some link on a qfx5110-32q switch with monitor interface command.

Exemple : 

Interface: et-0/0/0, Enabled, Link is Up
Encapsulation: Ethernet, Speed: 40000mbps
Traffic statistics: Current delta
Input bytes: 4952140865259937 (9161687480 bps) [33005609474]

Output bytes: 1276782093570122 (1990947864 bps) [8964820590]

Documentation tells that bps=bytes per second (and i know bps is,instead usually related to bit per second). But you see above that 9.16G bytes per second is not possible on a 40Gbps link.

Unit error in documentation or i missed something ?

a nice day to all !

Hello,

Whant is diferent between ex2300-c-12t-taa and ex2300-c-12t?

Thanks,

Ruslan