Hello,
I have 6x EX4200 in working enviroments and i want to upgrade their junos but i never uypgrade ex4200 up to now,
so my questions are :
1. what is the solution for upgrade junos with less downtime?
2. if for any reason upgrade does not finish or has an issue, does the switch boot with old firmware?
THank you.
Hello,
i have tried to update my ex4200 but i got following error
root> ... add /mnt/jinstall-ex-4200-12.3R12.4-domestic-signed.tgz
Checking pending install on fpc0
rcp: shell/tcp: unknown service
any idea how to solve it?
thanks,
Looking at the network drawing I made, there is a possibility that the VLAN from the last-mile provider enters our network on two different physical ports. The VLAN is put in the same EVPN instance.
The last-mile provider uses this so that we as the ISP are in control of migrating from one physical port to the other.
I'm wondering if this setup creates a loop, since an EVPN instance is sort of the same as a L2 switch. Or does EVPN have some sort of loop prevention built in?
Hi, I have two EX2300 stacks and my client is using the EX2300 to do failover between a dedicated eLAN circuit and Cisco ASA VPNs as backup paths. What is the best method? The switches have OSPF and I've been coached by support to use RPM probes and event-options to respond to Ping_Test failures. Any help would be appreciated. Thx....
Hi Eveyrone,
I am currently testing 802.1x dynamic vlan. So far all work great, except for remote dekstop connection. Look like RDP and dynamic vlan doesn't make a good fit, or I may not be doing it correctly. I currently do first computer authentification at bootup and then once user is logging in, user authentication is done and switch's port move to the right vlan. Look like no matter which user logged in a desktop, it's the "computer account/vlan" that has priority over the user's account/vlan. Therefore if user was already logged in his system, then decide later to do an RDP session, the system will switch to "computers" vlan subnet, which cause disconnection/dns update/replication time issues.
How do you manage remote desktop and dynamic vlan within your environement? Any hint/clues on how to achieve this?
-Luc
Hi,
I'd like to know if service interruption or traffic disruption will take place for other ports except the deleted ports from a Virtual Chassis of two EX4300.
Example: Deleting one Virtual Chassis Port of a Virtual Chassis Configuration for two switches (EX4300) using two VCPs (40Gig QSFP+) and two Uplinks (10Gig SFP+).
> show virtual-chassis vc-port all-members
fpc0:
--------------------------------------------------------------------------
Interface Type Trunk Status Speed Neighbor
or ID (mbps) ID Interface
PIC / Port
1/0 Configured 5 Up 40000 1 vcp-255/1/0
1/1 Configured 5 Up 40000 1 vcp-255/1/1
2/0 Auto-Configured -1 Down 10000
2/1 Auto-Configured -1 Down 10000
2/2 Auto-Configured -1 Down 10000
1/3 Configured Absent
1/2 Configured Absent
fpc1:
--------------------------------------------------------------------------
Interface Type Trunk Status Speed Neighbor
or ID (mbps) ID Interface
PIC / Port
1/0 Configured 5 Up 40000 0 vcp-255/1/0
1/1 Configured 5 Up 40000 0 vcp-255/1/1
2/0 Auto-Configured -1 Down 10000
2/1 Auto-Configured -1 Down 10000
2/2 Auto-Configured -1 Down 10000
1/3 Configured Absent
1/2 Configured Absent
To free ports xe-0/2/0 and xe-1/2/0; I'd like to do the following:
> request virtual-chassis vc-port delete fpc-slot 0 pic-slot 2 port 0
> request virtual-chassis vc-port delete fpc-slot 1 pic-slot 2 port 0
Reference Page:https://www.juniper.net/
Response will be highly appreciated.
Regards,
Zahid H.
I am having some issues with an EX4300. There are a number of circuits that need to traverse a trunk uplink, some of these are single tagged and others are double tagged. As the customer traffic ingresses the switch we are OK with a single tag arriving and requiring an additional tag as it egresses the switch on the uplink (i.e. double tagged) and we are OK with a single tag arriving and egressing on the same uplink with that same single tag, but what I cannot work out is how receive an untagged packet and tag it as it egresses the switch on the uplink.
Below shows the uplink interface ge-0/0/0. It also shows ge-0/0/3 as a trunk port which will receive packets with tag 1000 and switch it to the uplink. I would like to configure ge-0/0/3 to receive untagged frames and for the frame to be tagged with VLAN 1000 as it egresses on ge-0/0/0.
{master:0}[edit]
lab@LAB-SW01# show interfaces ge-0/0/0
description "ge-0/3/9 LAB-PE-R2";
flexible-vlan-tagging;
mtu 1522;
encapsulation extended-vlan-bridge;
ether-options {
ethernet-switch-profile {
tag-protocol-id 0x8100;
}
}
unit 602 {
description L2VPN1;
vlan-id 602;
}
unit 1000 {
description L3VPN1;
vlan-id 1000;
}
{master:0}[edit]
lab@LAB-SW01# show interfaces ge-0/0/3
description "ge-0/0/3 LAB-CE-R1";
vlan-tagging;
encapsulation extended-vlan-bridge;
unit 1000 {
vlan-id 1000;
}
{master:0}[edit]
lab@LAB-SW01# show vlans
ELS-L2VPN1 {
interface ge-0/0/0.602;
interface ge-0/0/4.602;
}
ELS-L3VPN1 {
interface ge-0/0/0.1000;
interface ge-0/0/3.1000;
}
I have tried removing vlan-tagging, encapsulation, using encapsulation ethernet-bridge, using unit 0 but nothing works. Some of these result in commit errors, others do not, but nothing seems to work. What once seemed intuitive on traditional Junos has become so frustrating. Any help would be much appreciated.
Hi all,
We have the problem that SW EX4600-40F could not boot the operating system and we did not remember the root password for maintenance
Pls help me fixed it. Thank you.
Hello all,
has anyone already successfully connected an Juniper QFX switch with an Extreme Networks SLX switch via BGP/EVPN?
From what we see in the communication is that Junos and SLX are exchanging the informations differently. So far we were able to import the informations on the SLX coming from JunOS but not the opposite way.
Best Regards
Markus
Hello,
I need to do some port-mirroring over an IP network. Is this possible on EX switches. I've seen some documents in regards to MX setup using firewall filter.
If the switch cannot do it, is it possible to do it on SRX?
My environment is EX --> SRX--> WAN--> SRX--> EX
Thanks Lou
Hi!
How to define interface by this log message:
EX_SW_XCELERATE chassism[1246]: link 28 SFP laser bias current low warning set
link 28 - what is corresponding phisical interface number? Is there method to identify interface number?
Thank you!
Hi,
I am using EX 4300 running 18.1R3-S6.1. I configured DHCP Client on IRB Interface (vlan 1000). I have a DHCP Server connected in that VLAN. I do not see any DHCP activity on the EX 4300. Its stuck in INIT state forever.
root@Juniper1> show configuration interfaces irb unit 1000
family inet {
dhcp;
}
{master:0}
root@Juniper1>
root@Juniper1> show dhcp client binding
IP address Hardware address Expires State Interface
0.0.0.0 dc:38:e1:51:ac:41 0 INIT irb.0
0.0.0.0 dc:38:e1:51:ac:41 0 INIT irb.1000
172.16.10.132 dc:38:e1:51:ac:42 9535 BOUND vme.0
{master:0}
root@Juniper1>
Please let me know if I am missing something.
Thanks in Advance.
Hello,
We have 20x Ex4200 and we have in mind to use their sflow to analyze ddos attacks and traffics so :
1. Do we have any limitation on ex4200 sflow ?
2. If we enable sflow on our ex4200, when we receive ddos attacks it does not effect on CPU or cause high cpu usages or outage?
Thank you.
Hello,
I'm trying to figure out why I can't stop a particular error message from filling up the logs on my syslog server. I've put a match in place already that should be stopping them, but for some reason the events keep showing on my syslog.
It's a known issue with the ex2300 apparently, and I get all kinds of the these mac_add and mac_delete events:
https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1352722
I have the following filter in place to remove these, and a few others:
set system syslog file messages match "!(ifd null)|(pfe_bcm_l2_mac_add)|(pfe_bcm_l2_mac_delete)|(.*loadDefaultService:: supported on tomcat only.*)"
Am I missing something ?
Hi,
I have the issue that a EX4300 won't join a VC in production. 'show virtual-chassis' says
3 (FPC 3) Inactive PE3717020650 ex4300-48t 0 Linecard Y VC 2 vcp-255/1/1
There is no helpful output in the logs but I found this:
nico@sw00-ex4600-lab-acc18> show log messages | match fpc3 Dec 11 11:45:02 sw00-ex4600-lab-acc18 fpc3 CMEX: failed to receive online_ack PIC 0 Dec 11 11:45:02 sw00-ex4600-lab-acc18 fpc3 CMEX: failed to receive online_ack PIC 1 Dec 11 11:45:03 sw00-ex4600-lab-acc18 fpc3 idl decode err -1 magic 5022 Dec 11 11:45:03 sw00-ex4600-lab-acc18 fpc3 idl decode err -1 magic 5022 Dec 11 11:45:13 sw00-ex4600-lab-acc18 fpc3 CMEX: failed to receive online_ack PIC 0 Dec 11 11:45:13 sw00-ex4600-lab-acc18 fpc3 CMEX: failed to receive online_ack PIC 1 Dec 11 11:45:13 sw00-ex4600-lab-acc18 fpc3 idl decode err -1 magic 5022 Dec 11 11:45:13 sw00-ex4600-lab-acc18 fpc3 idl decode err -1 magic 5022 Dec 11 11:45:23 sw00-ex4600-lab-acc18 fpc3 CMEX: failed to receive online_ack PIC 0 Dec 11 11:45:23 sw00-ex4600-lab-acc18 fpc3 CMEX: failed to receive online_ack PIC 1 Dec 11 11:45:24 sw00-ex4600-lab-acc18 fpc3 idl decode err -1 magic 5022 Dec 11 11:45:24 sw00-ex4600-lab-acc18 fpc3 idl decode err -1 magic 5022 Dec 11 11:45:34 sw00-ex4600-lab-acc18 fpc3 CMEX: failed to receive online_ack PIC 0 Dec 11 11:45:34 sw00-ex4600-lab-acc18 fpc3 CMEX: failed to receive online_ack PIC 1 Dec 11 11:45:34 sw00-ex4600-lab-acc18 fpc3 idl decode err -1 magic 5022 Dec 11 11:45:34 sw00-ex4600-lab-acc18 fpc3 idl decode err -1 magic 5022 Dec 11 11:45:44 sw00-ex4600-lab-acc18 fpc3 CMEX: failed to receive online_ack PIC 0 Dec 11 11:45:44 sw00-ex4600-lab-acc18 fpc3 CMEX: failed to receive online_ack PIC 1 Dec 11 11:45:45 sw00-ex4600-lab-acc18 fpc3 idl decode err -1 magic 5022 Dec 11 11:45:45 sw00-ex4600-lab-acc18 fpc3 idl decode err -1 magic 5022 Dec 11 11:45:55 sw00-ex4600-lab-acc18 fpc3 CMEX: failed to receive online_ack PIC 0 Dec 11 11:45:55 sw00-ex4600-lab-acc18 fpc3 CMEX: failed to receive online_ack PIC 1 Dec 11 11:45:55 sw00-ex4600-lab-acc18 fpc3 idl decode err -1 magic 5022 Dec 11 11:45:56 sw00-ex4600-lab-acc18 fpc3 idl decode err -1 magic 5022 Dec 11 11:46:05 sw00-ex4600-lab-acc18 fpc3 CMEX: failed to receive online_ack PIC 0 Dec 11 11:46:05 sw00-ex4600-lab-acc18 fpc3 CMEX: failed to receive online_ack PIC 1 Dec 11 11:46:06 sw00-ex4600-lab-acc18 fpc3 idl decode err -1 magic 5022
I don't know if that indiciates a hardware problem maybe?
However: the software on the VC and the new member switch is slightly different.
VC: 14.1X53-D27.3
New Member: 14.1X53-D52.4
It is my understanding that this is only a newer build date but generally the same version. But I'm unable to find any information if that could be a reason for the member not to join the VC. Thanks for any support!
Hi guys,
just two quick questions:
1)
Running a VC of 3 EX4300. I will need to increase the amount of aggregated interfaces.
Can I increase the amount of aggregated devices within the config during normal operation, or will this lead to an impact of the currently running
aggregated interfaces ?
2)
What is the best practice for working with aggregated interfaces ?
Scenario A) Increase the amount of aggregated devices -> commit -> add the AE-Interfaces and assign the pyhiscal interfaces to that ae-bundle -> commit
Scenario B) Increase the amount of aggregated devices / add the AE-Interfaces and assign the pyhiscal interfaces to that ae-bundle -> commit (all within one commit)
Thanks !
Regards, Christoph
We have a stack of two EX4600's that form the core of our network and do layer 2 as well as all of our routing (layer 3). I have over 30 vlans defined with most of them routable. I went to setup a port-mirror by vlan and only two vlans show up, why?
Hello all!
I have a problem when trying to migrate DHCP server. We're moving our DHCP server to a new datacenter from our office, when doing this we noticed that our EX4600-40F which acts as router for our office wont forward dhcp relay requests to the new DHCP server at all.
And when adding traceoptions it wont log any failures either.
Our office DHCP server has IP: 192.168.98.5 (irb.98)
Our new DHCP server in DC has IP: 10.101.0.6
Client network at office: 192.168.100.0/23 (irb.100)
Config at the office (working configuration):
markus@core-sw01# run show configuration forwarding-options dhcp-relay
forward-snooped-clients all-interfaces;
overrides {
allow-snooped-clients;
layer2-unicast-replies;
trust-option-82;
}
relay-option-82;
server-group {
DHCP-SERVERS {
192.168.98.5;
}
}
active-server-group DHCP-SERVERS;
group DHCP-RELAY {
interface irb.100;
}markus@core-sw01# run show route 10.101.0.0
inet.0: 165 destinations, 172 routes (165 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.101.0.0/23 *[BGP/170] 6w2d 13:52:44, localpref 100
AS path: 64512 I, validation-state: unverified
> to 10.100.0.16 via irb.3051markus@core-sw01# run show configuration interfaces lo0
unit 0 {
family inet {
address 10.100.0.7/32;
}
family inet6 {
address 2a0e:bb80:1001::1/128;
}
}Ping from core-sw01 (EX4600-40F) to DC DHCP-server:
markus@core-sw01# run ping 10.101.0.6 source 192.168.100.1 PING 10.101.0.6 (10.101.0.6): 56 data bytes 64 bytes from 10.101.0.6: icmp_seq=0 ttl=63 time=0.648 ms 64 bytes from 10.101.0.6: icmp_seq=1 ttl=63 time=11.355 ms ^C --- 10.101.0.6 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.648/6.002/11.355/5.354 ms
markus@core-sw01# run ping 10.101.0.6 source 192.168.98.1
PING 10.101.0.6 (10.101.0.6): 56 data bytes
64 bytes from 10.101.0.6: icmp_seq=0 ttl=63 time=0.702 ms
^C
--- 10.101.0.6 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.702/0.702/0.702/0.000 m
Relay works fine within the switch even when it's done over l3-interfaces (server on irb.98 and clients on irb.100). Relay does not work when DHCP-server is not routed in switch.
Any clues on why it's like this?
Hi Experts,
Preparing to migrate from juniper qfx5100-VC solution to an qfx5100 EVPN/VXLAN.
In the leagacy setup the ae interface has no LACP configured when connected to an ESXI vswitch (with NIC teaming).
Is it a requirment to have LACP configured on the ae interface when changing to an EVPN/VXLAN solution?
Even if it's not a requirment I can see alot of disadvantages not to have it.
As I understand it, you must also switch to distributed switch in ESXI if LACP should be used.
Which configuration solution for QFX is best practiced when the other end is an ESXI server with NIC teaming?
Hello,
we have many EX4200 and we want to run a fastnetmon and set all switches send sflow to the fastnetmon so we can detect the attack and blackhole it,
but i read that ex4200 has limitation of 300 packets/second and its not configurable, so i want to knwo is this limitation ok for attack mitigation ? can this handle all packets and show us correct results/
thank you.