Looks to be some sort of HW issue, not SW, so why not just RMA the switch?
↧
Re: Problem with Juniper SFP "CM_JAVA [FPC:0 PIC:1]: Failed to uplink SFP 1 EEPROM"
↧
Re: Problem with Juniper SFP "CM_JAVA [FPC:0 PIC:1]: Failed to uplink SFP 1 EEPROM"
Hi,
We're looking for a solution with the least downtime, as it is a live environment.
↧
↧
Chassis Alarm Potential slow peers are: spmd When Fusion Configured
Hello All,
I have two EX9204 in an mc-lag configuration on JunOS 17.1 and whenever Fusion is configured, both chassis throw a system alarm. I have a Fusion configured as a satellite-management cluster consisting of two EX3400-24T. Anybody have any ideas what this alarm means and/or how to rectify?
> show system alarms
1 alarms currently active
Alarm time Class Description
2017-04-12 18:52:34 PDT Minor Potential slow peers are: spmd
Thanks,
J
↧
Re: interfaces interface-name vlan-tagging
The vlan-tagging statement is used so you can configure logical units aka layer 3 subinterfaces.
That way you can configure ge-0/0/1 unit 0
ge-0/0/1 unit 0
ge-0/0/1 unit 1
ge-0/0/1 unit 2
ge-0/0/1 unit 4094 (if your device supports it)
etc
When you configure the subinterfaces, you will then add a vlan-d tag to each of the subinterfaces created. This allows these sub-interfaces to recieve untagged packets.
How is this any different from simply configuring set interfaces family ethernet-switching interface-name port-mode trunk?
Ethernet-switching is a layer 2 concept. With the trunk port, it will only accept frames that have a vlan tag identifier.
The nomenclature vlan-tagging maybe what is misdirecting the understanding
↧
Re: interfaces interface-name vlan-tagging
The second part of your question, seems confusing.
"2. The documentation states "On EX Series switches except for EX4300 and EX9200 switches, the vlan-tagging and family ethernet-switching statements cannot be configured on the same interface." This suggests that it can be configured together on the EX4300 and EX9200 -- why would I want to do this and what purpose does it serve?"
Some switches allow the configuration of vlan-tagging and flexible-vlantagging statement at the same time. But I don't know what the documentation means.
↧
↧
Re: interfaces interface-name vlan-tagging
Got it, thank you--your explanation makes sense. vlan-tagging is for layer 3 subinterfaces. I agree the second point is still confiusing.
↧
Re: ip-source-guard/dhcp security blocking lease renewals
DHCP snooping builds and maintains a database of valid IP addresses assigned to downstream network devices by a trusted DHCP server. DHCP snooping reads the lease information, which is sent from the DHCP server to the individual DHCP clients
From this information it creates the DHCP snooping database. This database is a mapping between IP address, MAC address, Interface and the associated VLAN. When a DHCP client releases an IP address (by sending a DHCPRELEASE message), the associated mapping entry is deleted from the database.
DAI feature in EX series switches examines ARP requests and responses on the LAN and validates ARP packets. The switch intercepts ARP packets from an access port and validates them against the DHCP snooping database.
Unless there is a change with newer versions, Junos OS allows you to enable DAI and IP-SG without enabling DHCP snooping. As you can see the potential problem in your scenario. Since DAI relies on the DHCP snooping database, f DHCP snooping is not enabled, then the database is not created. By default, Dynamic Arp Inspection is disabled for all VLANs on EX Series switches.
When DAI is enabled, Trunk ports are trusted , so ARP packets bypass DAI on those ports; access ports are untrusted so ARP packets on those ports are subjected to DAI.
IP source guard like DAI obtains information about IP address to MAC address bindings (IP-MAC binding) from the DHCP snooping table.
So you should always enable DHCP snooping if you plan to use any of these security features. Otherwise it will result in all kinds issues as you have experienced. BTW, are you using 802.1x?
"Also, on juniper swithces does just turing on dhcp-security on a vlan stop rogue dhcp servers"
Technically speaking it drops DHCP server messages on the untrusted ports. So the rogue DHCP server if it is connected to an access port, will still receive DHCP client messages, have its DHCP messages dropped so the clients will not get an IP from the rogue server.
↧
Re: interfaces interface-name vlan-tagging
To understand some of this, you need to take a historical perspective of Juniper/Junos. Originally Junos was written for L3 operation only. Later L2 support was added, and with it the need to support things like VLANs (Bridge Domians) and tagging, IRB, etc. Some of this support came via flexable-vlan-tagging syntax.
Later Juniper introduced EX switches which were L2 based, with L3 capabilities, so VLANs and access/trunk (tagged) ports were standard syntax. This syntax differed from orginal Junos M/MX CLI syntax. These switches did NOT support concept or syntax of flexable-vlan-tagging - this was M/MX/PTX only.
With the introduction of next-gen EX models (those that now run ELS) Juniper standardized on a single CLI which favored original M/MX style, with slight modifications. So now all of the newer platforms, EX9200 and EX4300 being 2 of them, support the original M/MX syntax/CLI. The flexable-vlan-tagging support is on all ELS platforms, not just EX9200/EX4300.
Hopefully this makes some sense as to 2nd doc statement.
↧
Port LEDs continue to blink on EX2300
Has anyone seen this happen toa EX2300.?
When I unplug a port cable the LEDs continue to flutter.
↧
↧
Re: High Latency ping times
Hi can anyone halp me, How to reduce latency in Ex3300it running in JUNOS 15.1R5. its newly implemented device the latency is 2ms but i need to achive this as <1ms
↧
Re: High Latency ping times
Hi can anyone help me, How to reduce latency in Ex3300it running in JUNOS 15.1R5. its newly implemented device the latency is 2ms but i need to achive this as <1ms
↧
Re: Troubleshooting error message
You seem to have done all the necessary configuration items. I assume you have already tried removing and reseating the DAC connection to reset it.
I suspect a hardware issue.
Can you try rotating the cable to another port and try using a different optic in these ports. This will see if the issue follows the cable or stays with the port.
↧
Re: Chassis Alarm Potential slow peers are: spmd When Fusion Configured
This seems to be a potential issue with the PFE on the switches based on this description.
I would open a JTAC ticket on this one to have a deeper dive the the queues on all the devices involved when the alarms occur.
↧
↧
EX2300-C private VLANs or port isolation
I'm fairly new to ELS, but that is the way Juniper is going and I need a point in the right direction here.
I have an EX2300-C I need to set up with private port isolation or private VLANs to a primary vlan. Basically so broadcasts on systems on port A don't hit systems port B.
Following the chain of documentation it first sent me here:
http://www.juniper.net/techpubs/en_US/junos/topics/example/private-vlans-ex-series.html
except many commands listed including 'no-local-switching' and 'primary-vlan' were depricieted.
When going specifically for ELS software I ended up here
But on step 4 there 'private-vlan' and commands behind that aren't available.
Does this need the EFL license even though it doesn't appear to say it is needed? Is there something else I'm missing or can someone point me in the right direction before I try to open a ticket with Juniper?
↧
Re: EX2300-C private VLANs or port isolation
At the moment private-vlans are not supported on the EX2300 platform.
Ref: https://pathfinder.juniper.net/feature-explorer/feature-info.html?fKey=1206&fn=Private+VLANs+(PVLANs)
I haven't seen any roadmap info regarding this feature so you will need to get in touch with your partner or Juniper account manager if this is a much needed feature.
↧
Re: EX2300-C private VLANs or port isolation
Thank you. That seems fairly odd that a feature available on every most other EX switches, including the EX2300 predesesser, the EX2200, is not available on the EX2300. What's more worrisome is that same page says the EX2300-C doesn't support Q-in-Q. If that's the case they are pretty much papperweights as an endpoint device for me.
↧
Re: High Latency ping times
Seems like the answer is no. I would suggest opening a ticket with Juniper, but it seems like they already addressed it. A quick Google search shows similar answers. This is a result of the design of Juniper platforms.
https://kb.juniper.net/InfoCenter/index?page=content&id=KB28157
[Junos OS] ICMP Ping Showing Latency for Host Inbound and Outbound traffic
[KB28157] Show Article PropertiesSUMMARY:
SYMPTOMS:
CAUSE:
SOLUTION:
SYMPTOMS:
CAUSE:
SOLUTION:
↧
↧
Re: Chassis Alarm Potential slow peers are: spmd When Fusion Configured
Thanks Spuluka for that insight.
I opened a ticket with JTAC and they are currently investigating. Hopefully I can get this resolved sooner than later!
↧
Re: EX2300-C private VLANs or port isolation
Brief followup after a ticket opened. the EX2300/EX2300C do not support private VLANs as stated before. They do support dot1q even though it isn't listed on the protocol sheet.
↧
Re: Chassis Alarm Potential slow peers are: spmd When Fusion Configured
What is your case number? Did you include show log chassisd and show log messages into the case files? If not please add these and I may be able to get someone else to look at this.
↧