Quantcast
Channel: All Ethernet Switching posts
Viewing all 10307 articles
Browse latest View live

Re: QinQ QFX and EX

June 17, 2017, 7:29 pm
$
0
0

HI

 

This is one sample config which I have tested see if this helps

 

QinQ ELS Configs

+------------------+         +------------------+         +--------------------+         +--------------------+
|  EX2200          +---------+  QFX-5100        +---------+  EX3300            +---------+  EX2200            |
|                  |         |                  |         |                    |         |                    |
+----------------0/1/0      0/0/0-------------0/0/23     0/1/0-----------------0/0/0    0/1/0-----------------+
                             +

EX2200

root@2200-Left> show configuration vlans
v200 {
    vlan-id 200;
    interface {
        ge-0/1/0.0;
    }
    l3-interface vlan.200;
}
vlans {
    vlan-id 100;
    interface {
        ge-0/0/0.0;
        ge-0/1/0.0;
    }
}

{master:0}
root@2200-Left> show configuration interfaces vlan.200
family inet {
    address 20.20.20.1/24;
}

QFX5100

root@5100# show interfaces ge-0/0/0
flexible-vlan-tagging;
encapsulation extended-vlan-bridge;
unit 4000 {
    vlan-id-list 100-200;
    input-vlan-map push;
    output-vlan-map pop;
}

{master:0}[edit]
root@5100# show interfaces ge-0/0/23
flexible-vlan-tagging;
encapsulation extended-vlan-bridge;
unit 4000 {
    vlan-id 4000;
}

{master:0}[edit]
root@5100# show vlans
Svlan {
    interface ge-0/0/23.4000;
    interface ge-0/0/0.4000;
}

EX3300

"root@3300# show interfaces ge-0/1/0
unit 0 {
    family ethernet-switching {
        port-mode trunk;
        vlan {
            members 4000;
        }
    }
}

{master:0}[edit]
root@3300# show interfaces ge-0/0/0    
unit 0 {
    family ethernet-switching {
        port-mode access;
        vlan {
            members 4000;
        }
    }
}

{master:0}[edit]
root@3300# show vlans
Svlan {
    vlan-id 4000;
    ##
    ## Warning: requires 'dot1q-tunneling' license
    ##
    dot1q-tunneling {
        customer-vlans 100 200;
        layer2-protocol-tunneling {
            all;
        }
    }
}

{master:0}[edit]
root@3300# show ethernet-switching-options
dot1q-tunneling {
    ether-type 0x8100;
}
storm-control {
    interface all;
}

EX2200

root@2200-Right# show interfaces ge-0/1/0
unit 0 {
    family ethernet-switching {
        port-mode trunk;
        vlan {
            members all;
        }
    }
}

[edit]
root@2200-Right# show vlans
v200 {
    vlan-id 200;
    l3-interface vlan.200;
}

[edit]
root@2200-Right# show interfaces vlan.200
family inet {
    address 20.20.20.2/24;
}


QinQ with PC directly connected to PE Devices.

     +---------------+           +-----------------+         +------------------+        +-----------------+
     |               |           |                 |         |                  |        |                 |
     |          0/0/0+-----------+0/0/1        0/0/0---------+0/0/0        0/0/1+--------+0/0/0            |
     +---------------+           +-----------------+         +------------------+        +-----------------+
          2200-A                       4300-A                      4300-B                      2200-B
 
0/0/0-30.30.30.1                  svlan 4000                   svlan 4000                     0/0/0-30.30.30.2
                                  cvlan 100 200                cvlan 100 200                  


2200-A

set interfaces ge-0/0/0 unit 0 family inet address 30.30.30.1/24
set interfaces vlan unit 100 family inet address 10.10.10.1/24
set interfaces vlan unit 200 family inet address 20.20.20.1/24
set ethernet-switching-options storm-control interface all
set vlans v100 vlan-id 100
set vlans v100 interface ge-0/0/0.0
set vlans v100 l3-interface vlan.100
set vlans v200 vlan-id 200
set vlans v200 interface ge-0/0/0.0
set vlans v200 l3-interface vlan.200
                              
4300-A

set interfaces ge-0/0/0 flexible-vlan-tagging
set interfaces ge-0/0/0 encapsulation extended-vlan-bridge
set interfaces ge-0/0/0 unit 4000 vlan-id 4000
set interfaces ge-0/0/1 flexible-vlan-tagging
set interfaces ge-0/0/1 native-vlan-id 50
set interfaces ge-0/0/1 encapsulation extended-vlan-bridge
set interfaces ge-0/0/1 unit 4000 vlan-id-list 50
set interfaces ge-0/0/1 unit 4000 vlan-id-list 100-200
set interfaces ge-0/0/1 unit 4000 input-vlan-map push
set interfaces ge-0/0/1 unit 4000 output-vlan-map pop
set vlans Svlan interface ge-0/0/0.4000
set vlans Svlan interface ge-0/0/1.4000
set vlans v50 vlan-id 50

4300-B

set interfaces ge-0/0/0 flexible-vlan-tagging
set interfaces ge-0/0/0 encapsulation extended-vlan-bridge
set interfaces ge-0/0/0 unit 4000 vlan-id 4000
set interfaces ge-0/0/1 flexible-vlan-tagging
set interfaces ge-0/0/1 native-vlan-id 50
set interfaces ge-0/0/1 encapsulation extended-vlan-bridge
set interfaces ge-0/0/1 unit 4000 vlan-id-list 50
set interfaces ge-0/0/1 unit 4000 vlan-id-list 100-200
set interfaces ge-0/0/1 unit 4000 input-vlan-map push
set interfaces ge-0/0/1 unit 4000 output-vlan-map pop
set vlans Svlan interface ge-0/0/0.4000
set vlans Svlan interface ge-0/0/1.4000
set vlans v50 vlan-id 50

2200-B

set interfaces ge-0/0/0 unit 0 family inet address 30.30.30.2/24
set interfaces vlan unit 100 family inet address 10.10.10.2/24
set interfaces vlan unit 200 family inet address 20.20.20.2/24
set vlans v100 vlan-id 100
set vlans v100 interface ge-0/0/0.0
set vlans v100 l3-interface vlan.100
set vlans v200 vlan-id 200
set vlans v200 interface ge-0/0/0.0
set vlans v200 l3-interface vlan.200

Thanks

Partha

Search

Re: How can do bandwidth control inet/inet6 for QFX 5100?

June 17, 2017, 7:31 pm
$
0
0

Does this help?

 

https://www.juniper.net/documentation/en_US/junos/topics/topic-map/policer-single-rate-two-color-bandwidth.html

 

set interfaces ge-1/3/0 per-unit-scheduler
set interfaces ge-1/3/0 vlan-tagging
set interfaces ge-1/3/0 unit 0 vlan-id 100
set interfaces ge-1/3/0 unit 0 family inet address 172.16.1.1/30
set interfaces ge-1/3/0 unit 1 vlan-id 200
set interfaces ge-1/3/0 unit 1 family inet address 172.16.1.1/30
set class-of-service interfaces ge-1/3/0 unit 0 shaping-rate 4m
set class-of-service interfaces ge-1/3/0 unit 1 shaping-rate 2m
set firewall policer LB-policer logical-bandwidth-policer
set firewall policer LB-policer if-exceeding bandwidth-percent 50
set firewall policer LB-policer if-exceeding burst-size-limit 125k
set firewall policer LB-policer then discard
set interfaces ge-1/3/0 unit 0 family inet policer input LB-policer
set interfaces ge-1/3/0 unit 0 family inet policer output LB-policer
set interfaces ge-1/3/0 unit 1 family inet policer input LB-policer
set interfaces ge-1/3/0 unit 1 family inet policer output LB-policer

Re: Strange logmessages: "IFCM: no handler for command subtype XXX"

June 17, 2017, 7:35 pm

Re: Any impact when EX Switch configures Secondary IP address for a Vlan.

June 17, 2017, 7:39 pm

Re: EX4300 Port Security - MAC Limiting (Allowed MAC) & ELS

June 17, 2017, 7:42 pm
$
0
0

HI

 

There is allowed mac config in ethernet switching options is this not working ?

 

set ethernet-switching-options secure-access-port interface MACSEC allowed-mac 00:13:72:71:8a:32

 

Thanks

Partha

Re: Creating Virtual Chassis with EX3400's

June 17, 2017, 7:45 pm
$
0
0

 HI

 

This is what I would suggest lets say we are needing a 4 member VC

 

1) Zeroize/FD all the 4 members.

2) Take one switch which you wan to be master, configure this with preprovisioned.

3) Make sure all devices in same code.

4) Add them one by one to the VC.

 

This would help.

 

Partha

Re: DHCP-Relay + firewall on interface

June 17, 2017, 7:48 pm
$
0
0

HI

First why do you need the filter to accept the packet, by default the packet would be accepted and fwd to the kernel.

 

If you still want the packet to be filtered for counting/logging purpose just use destination port 67/68. For source use the client mac address.

 

This should work.

 

Thanks

Partha

Re: QinQ QFX and EX

June 17, 2017, 8:12 pm
$
0
0

Hi Partha,

 

thanks for you quick response.

 

I have validated and it seems that I have the same configuration, but it is still not working.  However I have one additional element in my scenario: a EX4550 acting as P that connects both PE, (you EX3300 and your QFX5100).

 

In my case, this EX4550  only has two Aggregated ethernet configured as family ethernet port mode trunk.  So, if you see my configuration, this EX4550x1 is getting the S-vlan from one AE and passing it to another AE that is connected to the QFX.

 

So i have this:  CE --> PE --->P ---> PE ---> CE

 

Do I need to set anything special on the P Switch in order to see the mac-address on the QFX (PE). Per my revision, it seems that the P is passing the frames as standard dot1q frames and not as QinQ frames.

 

Thanks

Ezequiel

 

 

Search

Re: How can do bandwidth control inet/inet6 for QFX 5100?

June 18, 2017, 3:51 am
$
0
0
logical-bandwidth-policer is unsupported Smiley Sad

After software update dont see /dev/md7, mounted on: /packages/mfs-jkernel-ex-3300 on EX3300

June 18, 2017, 7:16 pm
$
0
0

Experts,

 

Looks like after updating software from 12.3 to 15.1 some folders are missing:

 

/dev/md7, mounted on: /packages/mfs-jkernel-ex-3300  however show system storage shows:

 

show system storage
fpc0:
--------------------------------------------------------------------------
Filesystem Size Used Avail Capacity Mounted on
/dev/da0s1a 183M 144M 25M 85% /
devfs 1.0K 1.0K 0B 100% /dev
/dev/md0 243M 243M 0B 100% /packages/mnt/junos
/dev/md1 6.7M 2.0M 4.1M 32% /packages/mfs-fips-mode-arm
/dev/md2 4.8M 4.8M 0B 100% /packages/mnt/fips-mode-arm-15.1R5.5
/dev/md3 8.6M 4.0M 3.9M 50% /packages/mfs-jdocs-ex
/dev/md4 11M 11M 0B 100% /packages/mnt/jdocs-ex-15.1R5.5
/dev/md5 39M 35M 1.2M 97% /packages/mfs-junos-ex-3300
/dev/md6 68M 68M 0B 100% /packages/mnt/junos-ex-3300-15.1R5.5
/dev/md7 13M 8.6M 3.5M 71% /packages/mfs-jweb-ex
/dev/md8 23M 23M 0B 100% /packages/mnt/jweb-ex-15.1R5.5
/dev/da0s3e 123M 6.7M 106M 6% /var
/dev/md9 252M 16K 232M 0% /tmp
/dev/da0s3d 369M 17M 323M 5% /var/tmp
/dev/da0s4d 62M 284K 57M 0% /config
/dev/md10 118M 20M 89M 18% /var/rundb
procfs 4.0K 4.0K 0B 100% /proc
/var/jail/etc 123M 6.7M 106M 6% /packages/mnt/jweb-ex-15.1R5.5/jail/var/etc
/var/jail/run 123M 6.7M 106M 6% /packages/mnt/jweb-ex-15.1R5.5/jail/var/run
/var/jail/tmp 123M 6.7M 106M 6% /packages/mnt/jweb-ex-15.1R5.5/jail/var/tmp
/var/tmp 369M 17M 323M 5% /packages/mnt/jweb-ex-15.1R5.5/jail/var/tmp/uploads
devfs 1.0K 1.0K 0B 100% /packages/mnt/jweb-ex-15.1R5.5/jail/dev
/var/jail/jweb-app 123M 6.7M 106M 6% /packages/mnt/jweb-ex-15.1R5.5/jail/var/jweb-app
/dev/md11 6.7M 2.0M 4.1M 32% /packages/mfs-fips-mode-arm
/dev/md12 8.6M 4.0M 3.9M 50% /packages/mfs-jdocs-ex
/dev/md13 39M 35M 1.2M 97% /packages/mfs-junos-ex-3300
/dev/md14 13M 8.6M 3.5M 71% /packages/mfs-jweb-ex
/dev/md15 10M 5.8M 3.8M 61% /packages/mfs-jweb-ex-app
/dev/md16 17M 17M 0B 100% /packages/mnt/jweb-ex-15.1R5.5/jail/var/jweb-app/jweb-ex-app

 

any advise? 

 

 

Re: Filter traffic sent to analyzer

June 19, 2017, 2:56 am
$
0
0

The issue with mirroring all traffic is why I am here originally. The problem is we are reaching the ports capacity. It seems the only solution is to mirror ingress and include the upstream port.

EX2200C after upgrade to 15.1R5 license error

June 19, 2017, 5:09 am
$
0
0

Experts,

 

I don't know if I should just ignore this message but this can't give me relaxing time when I see errors like this:

 

Jun 19 07:06:18 storeroom /kernel: Percentage memory available(18)less than threshold(20 %)- 1
2017-06-19	07:06:15	Auth	Info	IP	Jun 19 07:06:15 kitch_storeroom sshd[1296]: Accepted keyboard-interactive/pam for tech from 10.2.20.5 port 57926 ssh2
2017-06-19	06:59:58	Daemon	Error	IP	Jun 19 06:59:58 kitch_storeroom rpd[1192]: JTASK_SCHED_SLIP: 7 sec scheduler slip, user: 1 sec 599000 usec, system: 0 sec, 358374 usec
2017-06-19	06:58:17	System2	Notice	IP	Jun 19 06:58:17 kitch_storeroom xntpd: kernel time sync enabled 2001
2017-06-19	06:58:15	System2	Notice	IP	Jun 19 06:58:15 kitch_storeroom xntpd: kernel time sync disabled 2041
2017-06-19	06:58:14	Daemon	Error	IP	Jun 19 06:58:14 kitch_storeroom ppmd[1197]: ppmd_delete_cfm_pending_entries: connection received 0x39300c
2017-06-19	06:58:14	Daemon	Error	IP	Jun 19 06:58:14 kitch_storeroom ppmd[1197]: ppmd_delete_cfm_pending_entries: CFMD delete pending timer expired
2017-06-19	06:57:34	Daemon	Warning	IP	Jun 19 06:57:35 kitch_storeroom craftd[1186]: Major alarm cleared, FPC 0 PHY1 Temp Sensor Fail
2017-06-19	06:57:34	Daemon	Warning	IP	Jun 19 06:57:35 kitch_storeroom alarmd[1185]: Alarm cleared: FPC color=RED, class=CHASSIS, reason=FPC 0 PHY1 Temp Sensor Fail
2017-06-19	06:57:22	Daemon	Error	IP	Jun 19 06:57:22 kitch_storeroom dot1xd[1212]: JTASK_SNMP_CONN_RETRY: snmp_epi_reg_refresh: reattempting connection to SNMP agent (register MIBs): Operation timed out
2017-06-19	06:57:07	Daemon	Error	IP	Jun 19 06:57:07 kitch_storeroom dot1xd[1212]: JTASK_SNMP_CONN_RETRY: snmp_epi_reg_refresh: reattempting connection to SNMP agent (register MIBs): Operation timed out
2017-06-19	06:57:06	System2	Notice	IP	Jun 19 06:57:06 kitch_storeroom xntpd: kernel time sync disabled 6041
2017-06-19	06:57:06	System2	Notice	IP	Jun 19 06:57:06 kitch_storeroom xntpd[1189]: time reset +323469.898626 s
2017-06-19	06:57:04	Daemon	Error	IP	Jun 15 13:05:54 kitch_storeroom license-check[1214]: copy from member 0 failed
2017-06-19	06:57:04	Daemon	Error	IP	Jun 15 13:05:54 kitch_storeroom license-check[1214]: LIBJNX_REPLICATE_RCP_ERROR: rcp -r -Ji fpc0:/config/.license_priv/ /config/license : rcp: /config/.license_priv/: No such file or directory
2017-06-19	06:57:02	Daemon	Error	IP	Jun 15 13:05:52 kitch_storeroom license-check[1214]: LICENSE: copy to /config/license from fpc0:/config/.license_priv/
2017-06-19	06:56:56	Daemon	Error	IP	Jun 15 13:05:46 kitch_storeroom chassism[1172]: IFCM: no handler for command subtype 182
2017-06-19	06:56:56	Daemon	Error	IP	Jun 15 13:05:46 kitch_storeroom chassism[1172]: IFCM: no handler for command subtype 178
2017-06-19	06:56:56	Local4	Error	IP	Jun 15 13:05:46 kitch_storeroom fpc0 Error: VRF __master.anon__.5 in egress ACL
2017-06-19	06:56:56	Daemon	Alert	IP	Jun 15 13:05:46 kitch_storeroom eswd[1205]: Root bridge in context 0 changed from 61440:5c:45:27:df:93:81 to 4096:00:31:46:47:61:00
2017-06-19	06:56:56	Local4	Notice	IP	Jun 15 13:05:46 kitch_storeroom fpc0 pfe_pme_max 24
2017-06-19	06:51:11	Auth	Info	IP	Jun 19 06:51:11 kitch_storeroom init: chassis-control (PID 1185) terminate signal 15 sent
2017-06-19	06:51:11	Daemon	Notice	IP	Jun 19 06:51:11 kitch_storeroom sfid[1104]: JTASK_EXIT: Exit sfid[1104] version 15.1R5.5 built by builder on 2016-11-25 15:36:06 UTC, caller 0x17f898

LIBJNX_REPLICATE_RCP_ERROR: rcp -r -Ji fpc0:/config/.license_priv/ /config/license : rcp: /config/.license_priv/: No such file or directory

 

is this something reroius? 

 

Re: Creating Virtual Chassis with EX3400's

June 19, 2017, 10:41 am
$
0
0

Other than the Master, do the remaining switches to be added to the VC need any config, assuming they were zeroized and immediately powered down?

Is it best practice to power on member switches and THEN cable them?  Or cable and then power on?

 

 

Sorry if these are irritating questions - I'm a noob on Juniper. 

Re: Creating Virtual Chassis with EX3400's

June 19, 2017, 3:23 pm
$
0
0

Confirm the same version of Junos as the master is installed

Connect the switches via the VCP cable

Power the switch on and it will automatically add to the VC

 

I usually do this one switch at a time.

Re: EX2200C after upgrade to 15.1R5 license error

June 19, 2017, 5:15 pm
$
0
0

I used install --format with 15.1R5 as advised by Juniper 

 

also: 

 

Additional routing options:kern.module_path: /boot//kernel;/boot/modules -> /boo
t/modules;/modules/peertypeLoading the CHMIC module
;/modules/ifpfe_drv;/modules/platform;/modules;
kld netpfe drv: ifpfed_chmic ifpfed_ethinterface ifpfed_eth.1 already present in
 the KLD 'kernel'!
kldload: can't load /modules/ifpfe_drv/ifpfed_eth.ko: Exec format error
 ifpfed_ml_cmn ifpfed_svcskld platform: ex_ifpfeLoading the EX-series platform N
ETPFE module
 if_vcpkld peertype: peertype_hcm peertype_pfem peertype_sfi peertype_slavere gr
at_arp_on_ifup=YES: net.link.ether.inet.grat_arp_on_ifup: 1 -> 1
 ipsec kldcryptosoft0: <software crypto> on motherboard
 kats kldkldload: can't load kats.ko: File exists
IPsec: Initialized Security Association Processing.
.
Doing additional network setup:.
Starting final network daemons:.
Starting final network daemons:.

Is there any way to fix these? Then why they are advising such installation type if that simply does not work 

Search

Re: EX2200 - Junos 15.1R5 - broken Temperature Sensors

June 19, 2017, 6:25 pm
$
0
0

I have upgraded 2200C to 15.1R5 as advised by juniper tech and experiencing same bug ..... I dont know if I should trust Juniper tech or just Juniper forum since you users have more accurate info ....

 

i dont know what to do if my license covers only RMA not software 

Re: 802.1x broken in Junos 15.1R5.5

June 19, 2017, 7:13 pm
$
0
0

bug after bug - 15.1R5 - 2200C temerature sensor bug ............... Smiley Sad

show ethernet-switching statistics on EX4200

June 20, 2017, 5:02 am
$
0
0

Is there a way to check for extensive unicast flooding on an EX 4200 switch or, even better, on a single port of the switch? 

 

Regards,

Pawel

Port filtering with an EX3300

June 20, 2017, 5:31 am
$
0
0

Is it possible to block all traffic from port _x_ from all hosts except one IP, but at layer2 using the EX3300's port filtering?

 

I attempted using the commands and GUI as per; https://www.juniper.net/documentation/en_US/junos/topics/concept/firewall-filter-ex-series-overview.html, but haven't had success so far.

 

Also -does 4 or 5 rules typically cause a very big increase in resources/CPU load?

 

Just want to make sure this is possible before I try again.

 

Any help appreciated. Many thanks.

 

 

Re: MX Q-in-Q With Multiple Inner Tags not working

June 20, 2017, 1:17 pm
$
0
0

I finally solved this on my own.  I combined the two bridged inner vlans 127 & 999 on a trunk interface with the inner-vlan-id-list.  This is the config that works:

 

user@FTMY-T3-EDGE-01# show interfaces ge-2/3/0 
flexible-vlan-tagging;
mtu 9192;
encapsulation flexible-ethernet-services;
unit 1176 {
    vlan-id 1176;
    family bridge {
        interface-mode trunk;
        inner-vlan-id-list [ 127 999 ];
    }
}
unit 1276 {
    vlan-tags outer 1176 inner 1276;
    family inet {
        address 63.247.145.69/30;
    }
}

If anyone has any better methods, please feel free to reply.

Thanks!

Viewing all 10307 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>