Quantcast
Channel: All Ethernet Switching posts
Viewing all 10307 articles
Browse latest View live

Re: Upgrade EX4200 version 11.4R75 to 15.1R5

April 26, 2017, 9:38 pm
$
0
0

HI Sir

Jloader Upgrade is same as Junos upgrade. 

root> request system software add Jloader-ex-2200-11.3I20110326_0802_hmerge-signed.tgz

 

Path to go from 11.4 to 15.1 is as you mentioned we have to get a version of 12 and then to 14.

 

Release Notes : https://www.juniper.net/techpubs/en_US/junos/information-products/topic-collections/release-notes/15.1/junos-release-notes-15.1.pdf

 

Upgrade and Downgrade Support Policy for Junos OS Releases Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release, even though EEOL releases generally occur in increments beyond three releases.
You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example,Junos OS Releases 10.0, 10.4, and 11.4 are EEOL releases. You can upgrade from Junos OS Release 10.0 to Release 10.4 or even from Junos OS Release 10.0 to Release 11.4. However, you cannot upgrade directly from a non-EEOL release that is more than three releases ahead or behind. For example, you cannot directly upgrade from Junos OS Release 10.3 (a non-EEOL release) to Junos OS Release 11.4 or directly downgrade from Junos OS Release 11.4 to Junos OS Release 10.3.


To upgrade or downgrade from a non-EEOL release to a release more than three releases earlier or later, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release. 

 

For more information about EEOL releases and to review a list of EEOL releases, see 

 

http://www.juniper.net/support/eol/junos.html.


Thanks
Partha

Search

Re: Troubleshooting error message

April 26, 2017, 9:44 pm
$
0
0

Apr 10 09:16:23 pfex: [EX-BCM PIC] ex_bcm_pic_optics_periodic: Failed to read eeprom of Optic 1 of Pic 2
Apr 10 09:16:23 fpc0 Link 51 FAILED
Apr 10 09:16:23 fpc0 [EX-BCM PIC] ex_bcm_pic_optics_periodic: Failed to read eeprom of Optic 1 of Pic 2
Apr 10 09:16:24 fpc1 Link 50 FAILED
Apr 10 09:16:24 fpc1 [EX-BCM PIC] ex_bcm_pic_optics_periodic: Failed to read eeprom of Optic 0 of Pic 2
Apr 10 09:16:24 fpc1 Link 51 FAILED
Apr 10 09:16:24 fpc1 [EX-BCM PIC] ex_bcm_pic_optics_periodic: Failed to read eeprom of Optic 1 of Pic 2
Apr 10 09:16:24 pfex: Link 50 FAILED
Apr 10 09:16:24 pfex: [EX-BCM PIC] ex_bcm_pic_optics_periodic: Failed to read eeprom of Optic 0 of Pic 2

 

These messages can be ignored. We have seen situation where these messages come without an optics plugged in.

Re: Macsec connection not coming up

April 26, 2017, 9:53 pm
$
0
0

HI

I am not sure if this would help because 4200 would be dropping the traffic

However can you try the below firewall ?

family ethernet-switching {
filter test {
interface-specific;
term 1 {
from {
ether-type 0x888e;
}
then count 0x888e-count;
}
term 2 {
then accept;
}
}
}

After applying please attach the output of this command:
show firewall filter test-[interface]-I
show firewall filter test-[interface]-o

Thanks
Partha

Re: Chassis Alarm Potential slow peers are: spmd When Fusion Configured

April 26, 2017, 9:55 pm
$
0
0

HI

 

There is already an internal PR/Discussion happening on this log message.

 

Would suggest you to please open a JTAC ticket.


Thanks

Partha

Re: alarms on ex2200

April 26, 2017, 9:57 pm

Re: Troubleshooting error message

April 29, 2017, 2:42 am
$
0
0

Is there a PR on this yet then?

 

I don't see one in a search of the public PR database.  

Re: Upgrade EX4200 version 11.4R75 to 15.1R5

May 1, 2017, 9:44 am
$
0
0

Awesome.  Thank you so much for your extremely fast response!  

How do I block port 25 on EX4600

May 1, 2017, 10:55 am
$
0
0

We need to block traffic on one switch port, from port 25 smtp.

What is the best way to accomplish this task.?

I could go into Security and Filters to create it.

 

 

 

 

Thanks

Search

Re: Upgrade EX4200 version 11.4R75 to 15.1R5

May 1, 2017, 11:16 am
$
0
0
Hi

You can follow this path (tested on ex2200 series)
11.4 >> 12.3R12 >> 15.1 (no need for 14)

Re: How do I block port 25 on EX4600

May 1, 2017, 11:21 am

Re: How do I block port 25 on EX4600

May 1, 2017, 12:22 pm
$
0
0

I think it does, I will test it soon.

 

Capture.GIF

Juniper compatibility with Cisco vCP

May 1, 2017, 1:14 pm
$
0
0

Are there any Juniper protocols that are compatible with Cisco's vCP?

We are designing a system where we would replace Cisco 7K with EX9200's at the Core. They will be keeping multiple Cisco Aggregation and Access switches. The 7k's have multiple vCP connections to those agg/acc switche locations around the country and in there datacenters.

Is there something that can be configured on the Juniper to be compatible withthe agg/acc switches to aoid having to reconfigure them?

Thanks in advance for the assist

Re: How do I block port 25 on EX4600

May 1, 2017, 4:24 pm
$
0
0

Note that this is a two step process, you create the desired block filter then apply the filter to the port where you want to block the traffic.

 

Also note that the default action is th block, so be sure to add a final accept term to your filter or you will drop all traffic at the port.

Re: How do I block port 25 on EX4600

May 1, 2017, 5:41 pm
$
0
0

Andy,

 

Thanks, I believe I figured it out earlier, but wanted to make sure someone kept me honest.

 

[edit]
+  firewall {
+      family ethernet-switching {
+          filter BLOCK-25 {
+              term PORT-25-BLOCK {
+                  from {
+                      interface ge-3/0/0.0;
+                      ether-type ipv4;
+                      source-port smtp;
+                      destination-port smtp;
+                      ip-protocol tcp;
+                  }
+                  then discard;
+              }
+          }
+      }
+  }

Re: How do I block port 25 on EX4600

May 1, 2017, 8:50 pm
$
0
0
starlog wrote:

Andy,

 

Thanks, I believe I figured it out earlier, but wanted to make sure someone kept me honest.

 

[edit]
+  firewall {
+      family ethernet-switching {
+          filter BLOCK-25 {
+              term PORT-25-BLOCK {
+                  from {
+                      interface ge-3/0/0.0;
+                      ether-type ipv4;
+                      source-port smtp;
+                      destination-port smtp;
+                      ip-protocol tcp;
+                  }
+                  then discard;
+              }
+          }
+      }
+  }

That would drop all trafic entering the port on which it is applied. You need a secon term to accept all other traffic.

"Also note that the default action is to block, so be sure to add a final accept term to your filter or you will drop all traffic at the port."

e.g

set term allow-all then accept

Search

Re: Juniper compatibility with Cisco vCP

May 1, 2017, 8:53 pm

Re: How do I block port 25 on EX4600

May 2, 2017, 2:37 am
$
0
0

In addition to the missing final term, you need to apply this filter to the interface. 

 

You have added the interface as a criteria here but the filter does not do anything until assigned to an interface in that hierarchi.

 

set interface ge-3/0/0 input PORT-25-BLOCK

 

Optionally you can also add count to your block term so you can see a packet count of dropped packets.

Web Management not functiong ES-4200 11.4R7.5

May 2, 2017, 6:31 am
$
0
0

When I enable Web Management (both http and https) with no interface specificed, I am unable to bring up the page.  I have factory defaulted the switch from the LCD and zeroized the switch (request system zeroize).  I have also set up multiple interfaces with various IP addresses and used 2 different computers along with different web browsers (IE, FF, Chrome).  I don't set a specific interface for web management.  I have deleted the web management and set them.  I have tried restart web-management, request system storage cleanup.  This is a stand alone switch.  There is no firewalls it's completey blank outside of setting up two interfaces with an IP.  I can ping the interfaces with no problem.

 

When I run show system processes extensive | match http  --

root> show system processes extensive | match http
1480 nobody 2 96 0 8324K 4028K ucond 0:01 0.00% httpd
1096 root 1 96 0 13780K 5444K select 0:00 0.00% httpd-gk

 

 

When I run show log httpd.log --

show log httpd.log
default:2 main Configuration for J-Web
default:2 main --------------------------------------------
default:2 main Host:
default:2 main CPU: i386
default:2 main OS: FREEBSD
default:2 main Distribution: unknown Unknown
default:2 main OS: FREEBSD
default:2 main Version: 2.4.0.0
default:2 main BuildType: RELEASE
default:2 main Started at: Mon May 1 13:02:07 2017
default:2 main Log rotation count: 0
default:2 main --------------------------------------------
default:2 main Set log level for all modules to 2
default:2 main Server Root "/jail"
default:2 main Document Root for NoName:
"/html"
default:2 main Setting Cache Max Age to: 5184000 seconds
default:2 main Add webauthHandler
default:2 main Add dirHandler
default:2 main Activating module (Builtin) upload
default:2 main Add uploadHandler
default:2 main Add uploadHandler
upload:2 main Upload directory: /tmp/uploads
default:2 main Add captiveauthHandler
default:2 main Add cgiHandler for ".php"
default:2 main Add dirHandler
default:2 main Add copyHandler
default:1 main Error: Can't find module sslModule
default:1 main Error: Ignoring bad directive "LoadModule" at line 31 in /jail/var/etc/httpd.conf
default:2 main Document Root for NoName:
"/html"
default:0 main Initialized CaptivePortalHdrLogo - images/hdr_logo.gif
default:0 main Initialized CaptivePortalHdrBgColor - #1F499B
default:0 main Initialized CaptivePortalHdrMsg - User Authentication
default:0 main Initialized CaptivePortalBnrMsg - Terms & Conditions
default:0 main Initialized CaptivePortalFrmMsg - Captive Portal User Authentication
default:0 main Initialized CaptivePortalFrmHdrBgColor - #D7DFEE
default:0 main Initialized CaptivePortalFormSubmitLbl - Log In
default:0 main Initialized CaptivePortalFormResetLbl - Reset
default:0 main Initialized CaptivePortalFtrMsg - Copyright ©2010, Juniper Networks Inc.
default:0 main Initialized CaptivePortalFtrBgColor - #1F499B
default:0 main Initialized CaptivePortalURL - NOURL
default:0 main Initialized CaptivePortalURL - 0
default:2 main Starting host named: "NoName"
default:2 main Starting host named: "NoName"
default:2 main Listening for HTTP on *:80
default:2 main Listening for HTTPS on *:443
default:2 main chroot() into: /jail
default:2 main HTTP services are ready with 5 pool threads
httpServer:2 pool.0 New connection from 192.168.55.25 on ifc ge-0/0/0.0 for :80
httpServer:2 pool.0 New connection from 192.168.55.25 on ifc ge-0/0/0.0 for :80
default:2 pool.0 Sending message to Gk
default:0 pool.0 GateKeeper returned failed [Rc - 0], [Type - 9 ], [Data 1 ], [GKTYPE-]
default:0 pool.0 Could not get interface index
default:1 pool.0 Error: Can't make temp file /tmp/MPR_1480_127.tmp, errno 13
default:1 pool.0 Error: Can't create stdio files

default:1 pool.0 Error: Can't open CGI output files

 

 

 

Re: How do I block port 25 on EX4600

May 2, 2017, 7:04 am
$
0
0

Something like this.?

 

[edit interfaces ge-3/0/0 unit 0 family ethernet-switching]
+       filter {
+           input BLOCK-25;
+       }
[edit]
+  firewall {
+      family ethernet-switching {
+          filter BLOCK-25 {
+              term PORT-25-BLOCK {
+                  from {
+                      source-port smtp;
+                      destination-port smtp;
+                  }
+                  then discard;
+              }
+              term allow-all {
+                  then accept;
+              }
+          }
+      }
+  }

 

 

Could I equally add to ge-3/0/0     output BLOCK-25  ?

Re: How do I block port 25 on EX4600

May 2, 2017, 8:42 am
$
0
0
That should be OK ..
This filter will block traffic entering the port (ingress) , so the output filter would be unnecessary .
Viewing all 10307 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>