You can use the feature explorer to what feature are supported on ech product and the version of code requred.
storm-control is a feature of the EX, MX, ACX QFX series - devices with the X
↧
Re: Storm Control Config SRX
↧
Re: Unable to open J-Web in EX-3200
Can you show configuration system services?
↧
↧
Re: How to Begin Troubleshooting Slow Network Issues
To know for sure we would need to see the topology of the connections between the host and computer being backed up.
But from your description, I assume the router in question is in the layer 2 path between the two ports involved in the communication. Check the data sheet for the router for the bandwidth limitations. You may be hitting a maximum for the device.
The other thing to check since the limit is at GE level is if the path from port to port passes GE only restriction some where. Or even a GE trunk port there this traffic plus the other traffic at the time is over capacity of the link as a result.
And as noted above look for error counters on all the interfaces in the path to confirm there are no physical media problems.
↧
Re: Unable to open J-Web in EX-3200
Till now I am unable to do that. I can see in configuration , We are using JUNOS 10.4R5.5
Configuration :
version 10.4R5.5;
system {
host-name RB;
time-zone Asia/Dili;
root-authentication {
encrypted-password XXXXXXXXXX; ## SECRET-DATA
}
login {
user XXXXXXXX {
full-name "XXXXX";
uid 2000;
class super-user;
authentication {
encrypted-password "XXXXXXXXXXXXXXXXX"; ## SECRET-DATA
}
}
}
services {
ssh {
protocol-version v2;
}
telnet;
netconf {
ssh;
}
web-management {
http;
}
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/3 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/4 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/5 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/6 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/7 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/8 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/9 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/10 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/11 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/12 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/13 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/14 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/15 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/16 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/17 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/18 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/19 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/20 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/21 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/22 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/23 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/24 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/25 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/26 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/27 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/28 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/29 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/30 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/31 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/32 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/33 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/34 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/35 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/36 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/37 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/38 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/39 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/40 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/41 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/42 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/43 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/44 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/45 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/46 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/47 {
unit 0 {
family ethernet-switching;
}
}
ge-0/1/0 {
unit 0 {
family ethernet-switching;
}
}
xe-0/1/0 {
unit 0 {
family ethernet-switching;
}
}
ge-0/1/1 {
unit 0 {
family ethernet-switching;
}
}
xe-0/1/1 {
unit 0 {
family ethernet-switching;
}
}
ge-0/1/2 {
unit 0 {
family ethernet-switching;
}
}
xe-0/1/2 {
unit 0 {
family ethernet-switching;
}
}
ge-0/1/3 {
unit 0 {
family ethernet-switching;
}
}
vlan {
unit 0 {
family inet {
address 192.168.2.135/24;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 192.168.2.1;
}
}
protocols {
igmp-snooping {
vlan all;
}
rstp;
lldp {
interface all;
}
lldp-med {
interface all;
}
}
ethernet-switching-options {
storm-control {
interface all;
}
}
vlans {
default {
l3-interface vlan.0;
}
}
poe {
interface all;
}
↧
Re: Unable to open J-Web in EX-3200
HI
Can you also please check
https://kb.juniper.net/InfoCenter/index?page=content&id=KB16427
Second in shell please run command ps -aux | grep http and check
1) http running
2) http-gk running
If not you may start that by running it on /usr/sbin/httpd -N
Partha
↧
↧
Re: How to Begin Troubleshooting Slow Network Issues
HI
For slow network issues I would approach
1) Check link drops , errors, CRC, Physical Layer.
2) Check CPU utilization on both peers.
3) Check STP state. (See if there is any fluctuation)
4) Check COS/QOS settings.
5) See if there are multiple next hops to reach the destination.
6) Check for redundant links and try disabling them and check.
This would be the start...
Partha
↧
Re: EX4550 not learning MAC-Address
Did you ever resolve this? I have the exact same issue and my entire lab is down because of it. Thanks!
↧
Can ex-sfp-10ge-sr be used on MX240?
Can ex-sfp-10ge-sr be used on MX240?
Thank you
↧
Re: ip-source-guard/dhcp security blocking lease renewals
Just an update of sorts.
This work in code version 16.1r4 and earlier it appears. But not in 17.1. In 17.1 it builds the dhcp snooping table but doesn't ever see the client renewing/rebinding and so the table entry expires briefly while the client renews its leaser (if it can). You never see the table state as renewing or binding.
Works beautifully in earlier versions though.
↧
↧
Re: EX9200/MX: MC-LAG to MC-LAG
I'm attempting to do the same with two pairs of EX9204's in an MC-LAG configuration but to support an L3 mc-ae. I'm running into the ae interface being able to operate properly let alone the L3 routing correctly failover. Were you able to accomplish this and how? I've been working with support so far for the past 10 days without any progress so far. Thanks,
↧
Re: A QinQ problem with QFX5100
Try this:
set interfaces ae31 flexible-vlan-tagging set interfaces ae31 mtu 9216 set interfaces ae31 encapsulation extended-vlan-bridge set interfaces ae31 unit 3174 vlan-tags outer 3174 set interfaces ae31 unit 3174 vlan-tags inner-range 21-22 set interfaces ae31 unit 3174 input-vlan-map push set interfaces ae31 unit 3174 output-vlan-map pop
Question: Why do you need to create vlan 21? Either QinQ or single-tag in your case.
↧
urgent EX 4200 Mirroring question
Hi
We have a EX 4200 swicth which is attached to a router. th elink is point to point layer three link (routed mode on EX).
I need to mirror the outgoing tarffic from EX to router. Is it psosible i cant see any document on that the only document was tarffic coming to the swiicth. I need egress not ingress mirror
please help
↧
SNMP traps not out from Juniper EX4600 Switch
Dears,
I configured snmp on Juniper EX4600 Switch to send snmp traps from EX4600 irb.590 "10.58.253.130" to NetAct on "10.7.192.199" dst-port 262 but we cannot find any snmp traffic “out” of the switch interface irb.590 as shown below:
-Attached is the full cofiguration
-Is ther any missing snmp configuration ?
-Here is the configuration :
nsn@EX-4600-torhos301> show configuration | match snmp | display set
set system login class snmp permissions view
set system login user netact class snmp
set snmp view remote-view oid .1 include
set snmp community netact view remote-view
set snmp community netact authorization read-write
set snmp trap-options source-address 10.58.253.130
set snmp trap-group NetAct version v2
set snmp trap-group NetAct destination-port 262
set snmp trap-group NetAct categories authentication
set snmp trap-group NetAct categories chassis
set snmp trap-group NetAct categories link
set snmp trap-group NetAct categories routing
set snmp trap-group NetAct categories startup
set snmp trap-group NetAct categories rmon-alarm
set snmp trap-group NetAct categories services
set snmp trap-group NetAct targets 10.7.192.199
{master:0}
nsn@EX-4600-torhos301> show log messages | match snmp
May 2 14:40:02 EX-4600-torhos301 snmpd[1727]: SNMPD_SOCKET_FAILURE: bind_snmptrap_socket: socket failure: bind error on trap socket source ipv4 address 10.58.253.130, retry during send. (Can't assign requested address)
May 2 14:40:07 EX-4600-torhos301 snmpd[1727]: SNMPD_TRAP_TARGET_ADD_NOTICE: trap target is added, address : 10.7.192.199
nsn@EX-4600-torhos301> monitor traffic interface irb.590 matching "host 10.7.192.199" no-resolve
verbose output suppressed, use <detail> or <extensive> for full protocol decode
Address resolution is OFF.
Listening on irb.590, capture size 96 bytes
^C
22 packets received by filter
0 packets dropped by kernel
{master:0}
nsn@EX-4600-torhos301> monitor traffic interface irb.590 matching "host 10.58.253.130" no-resolve
verbose output suppressed, use <detail> or <extensive> for full protocol decode
Address resolution is OFF.
Listening on irb.590, capture size 96 bytes
17:29:13.997683 Out IP 10.58.253.130 > 224.0.0.18: VRRPv2-advertisement 20: vrid=190 prio=250 authtype=none intvl=1
17:29:14.754691 Out IP 10.58.253.130 > 224.0.0.18: VRRPv2-advertisement 20: vrid=190 prio=250 authtype=none intvl=1
17:29:18.331664 Out IP 10.58.253.130 > 224.0.0.18: VRRPv2-advertisement 20: vrid=190 prio=250 authtype=none intvl=1
17:29:25.247637 Out IP 10.58.253.130 > 224.0.0.18: VRRPv2-advertisement 20: vrid=190 prio=250 authtype=none intvl=1
^C
25 packets received by filter
0 packets dropped by kernel
{master:0}
nsn@EX-4600-torhos301>
nsn@EX-4600-torhos301> show route 10.58.253.130
- BAR.inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
- 0.0.0.0/0 *[Static/5] 7w5d 14:00:54
> to 10.58.229.173 via irb.904
- InterDS.inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
- 0.0.0.0/0 *[Static/5] 2w4d 15:21:36
> to 10.58.229.205 via irb.801
- OAM.inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
- 10.58.253.130/32 *[Local/0] 7w5d 15:56:06
Local via irb.590
SDM-DB.inet.0: 12 destinations, 12 routes (12 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
- 0.0.0.0/0 *[Static/5] 2w4d 15:21:36
> to 10.58.229.197 via irb.800
SDM-DIAM.inet.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
- 0.0.0.0/0 *[Static/5] 7w5d 14:02:14
> to 10.58.229.189 via irb.902
SDM-SIG.inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
- 0.0.0.0/0 *[Static/5] 7w5d 14:02:14
> to 10.58.229.181 via irb.901
{master:0}
nsn@EX-4600-torhos301>
↧
↧
Re: ip-source-guard/dhcp security blocking lease renewals
As stated earlier. It seem to be a code issue. Turns out that the data vlan works just fine. Its the voice vlan that is not updating the dhcp-security binding table.
↧
Re: How to Begin Troubleshooting Slow Network Issues
Really would need to see your topology and configs.
↧
Guest internet firewall filter
I have an EX2200 running 12.3R12 to which i'm trying to apply some filters at layer 3. vlan 100 is bound to L3 interface unit 100 with ip 192.168.1.254/24. I want to prevent any 192.168.1.X clients from reaching 10.0.0.0/8, but permit them to reach any other IP (ie; internet). The switch has a routed interface uplink ge-0/0/0 unit 0 with ip 10.1.1.254/24
What might the filter set look like?
↧
Re: Guest internet firewall filter
set interfaces vlan unit 100 description guest set interfaces vlan unit 100 family inet filter input guest-to-internet-only set interfaces vlan unit 100 family inet filter output no-corp-to-guest set interfaces vlan unit 100 family inet address 192.168.1.254/24 set firewall family inet filter guest-to-internet-only term deny-access-to-rfc1918 from destination-address 10.0.0.0/8 set firewall family inet filter guest-to-internet-only term deny-access-to-rfc1918 from destination-address 172.16.0.0/12 set firewall family inet filter guest-to-internet-only term deny-access-to-rfc1918 from destination-address 192.168.0.0/16 set firewall family inet filter guest-to-internet-only term deny-access-to-rfc1918 from destination-address 127.0.0.0/8 set firewall family inet filter guest-to-internet-only term deny-access-to-rfc1918 from destination-address 169.254.0.0/16 set firewall family inet filter guest-to-internet-only term deny-access-to-rfc1918 from destination-address 224.0.0.0/3 set firewall family inet filter guest-to-internet-only term deny-access-to-rfc1918 then discard set firewall family inet filter guest-to-internet-only term allow-everything-else then accept set firewall family inet filter no-corp-to-guest term deny-access-from-rfc1918 from source-address 10.0.0.0/8 set firewall family inet filter no-corp-to-guest term deny-access-from-rfc1918 from source-address 172.16.0.0/12 set firewall family inet filter no-corp-to-guest term deny-access-from-rfc1918 from source-address 192.168.0.0/16 set firewall family inet filter no-corp-to-guest term deny-access-from-rfc1918 from source-address 127.0.0.0/8 set firewall family inet filter no-corp-to-guest term deny-access-from-rfc1918 from source-address 169.254.0.0/16 set firewall family inet filter no-corp-to-guest term deny-access-from-rfc1918 from source-address 224.0.0.0/3 set firewall family inet filter no-corp-to-guest term deny-access-from-rfc1918 then discard set firewall family inet filter no-corp-to-guest term allow-everything-else then accept
↧
↧
Integrate DPI with Juniper MX
Hi All,
Need your support how to integrate dpi boxes with mx routers as below Description:
- dpi used as L2 manner between two interfaces at mx router (hairpin used here one interface as internal with dpi one as external)
- the igw router(Cisco router) advertise the Internet prefixes to all EDGs in network by IBGP with RR.
- igw router is directly connected to mx router which has connectivity with dpi (that's mean the mx router did PHB and pop the ldp label for inet.0 routing table.)
I need solution to send inet.0 traffic to dpi before going to igw (issue here the traffic is labeled at mx router)
I thinking about FBF but it's not applicable for labeled traffic, also thinking about put the internal interface with dpi in vrf, do bgp between internal and external interface with dpi and extend the vrf to all PE routers but I have more than 240 PE routers.
Need your support how to integrate dpi boxes with mx routers as below Description:
- dpi used as L2 manner between two interfaces at mx router (hairpin used here one interface as internal with dpi one as external)
- the igw router(Cisco router) advertise the Internet prefixes to all EDGs in network by IBGP with RR.
- igw router is directly connected to mx router which has connectivity with dpi (that's mean the mx router did PHB and pop the ldp label for inet.0 routing table.)
I need solution to send inet.0 traffic to dpi before going to igw (issue here the traffic is labeled at mx router)
I thinking about FBF but it's not applicable for labeled traffic, also thinking about put the internal interface with dpi in vrf, do bgp between internal and external interface with dpi and extend the vrf to all PE routers but I have more than 240 PE routers.
↧
Re: urgent EX 4200 Mirroring question
↧
Re: Integrate DPI with Juniper MX
Hi,
A network diagram might be helpful to understand.
However, for hairpin I believe you may have to logically separate the 2 next-hops [internal v/s external], either with routing-instances [virtual router, vrf] or logical systems. MPLS label transport possible with logical systems but not RIs.
Cheers,
Ashvin
↧