Thanks, I wasn't aware of the memory issues. Rolling back to 12.3 seems to have resolved it.
↧
Re: VRRP Subsystem Not Running - 2x EX2200-C
↧
Re: dot1x to long reconnect
HI
Did you ever resolve this issue?
Thanks
Simon
↧
↧
EX4200 DOT1x and Cisco ISE
Hi
The issue I’m experiencing is with DOT1x, specifically CERT authentications are failing, the endpoint will then fail over to MAC authentication
Some endpoints are working but we do have alot of failures
I am using Juniper EX4200 version 12.3R6.6
I am using Cisco ISE (version 2.1 patch 3) as my RADIUS server
Clients are windows, primarily 7 and 10
I am using certificates (EAP TLS) as my AUTH method
My fail back method is MAB
My config is as follows, in case anyone can see any immediate issues
dot1x {
traceoptions {
file dot1x;
flag state;
flag dot1x-debug;
flag eapol;
}
authenticator {
authentication-profile-name ISE;
no-mac-table-binding;
interface {
ISE {
supplicant multiple;
retries 3;
quiet-period 15;
transmit-period 30;
mac-radius;
reauthentication 14400;
supplicant-timeout 30;
server-timeout 30;
maximum-requests 3;
server-fail use-cache;
access {
radius-server {
}
}
profile ISE {
authentication-order radius;
radius {
authentication-server [ x.x.x.x x.x.x.x ];
accounting-server [ x.x.x.x x.x.x.x ];
}
accounting {
order radius;
accounting-stop-on-failure;
accounting-stop-on-access-deny;
immediate-update;
coa-immediate-update;
Regards
Simon
↧
Vlan translation on MX
Hi,
Not sure if this is possible. I want to acheive the following. On my MX104 I have several customer sites handed over to me on different vlans from my provider. These sites needs to share the same subnet with the default gateway on the MX104.
"Vlan rewrite" option on the ge interface doesn't work as the MX won't allow me to translate two different vlans (vlan 100 and 200) to one (vlan 1000). Below is the basic configuration but it obviously doesn't work as there is no vlan translation/rewrite/swap in there. Anyone have any idea on how to acheive this? Please see the descibing picture attached.
irb {
unit 1000 {
family inet {
address 10.1.1.1/24;
}
}
}
bridge-domains {
VLAN_1000 {
vlan-id 1000;
routing-interface irb.1000;
}
}
interfaces {
ge-0/0/0 {
description "To PROVIDER";
flexible-vlan-tagging;
mtu 9192;
encapsulation flexible-ethernet-services;
unit 100 {
description "Customer ACME site 1";
family bridge {
interface-mode trunk;
vlan-id-list 100;
}
}
unit 200 {
description "Customer ACME site 2";
family bridge {
interface-mode trunk;
vlan-id-list 200;
}
}
↧
EX4600 RDMA over Converged Ethernet (RoCE) support?
Hi,
does anybody know if RDMA over Converged Ethernet (RoCE) is supported on EX4600?
Based on this:
I would say yes, but since I can not find anything written specifically about RoCE & EX4600, I would like to know from knowledgable experts here?
Thank you in advance ...
↧
↧
Re: EX4600 RDMA over Converged Ethernet (RoCE) support?
Hi MM-Zel,
RoCE relies on DCBX which the EX4600 supports:
↧
Re: Vlan translation on MX
I have used bridge domains for this purpose.
In the bridge domain you add the sub-interfaces for all the sites you want to be in the same broadcast domain for the inbound trunk port. It does not matter what vlan tag they have on this interface.
In the bridge domain you assign the vlan tag for your gateway for this broadcast domain.
You can then either send that vlan out layer two on another interface towards the gateway. Or create the IRB layer 3 interface on the MX to serve as the gateway. If you add the gateway on the MX make sure you consider the routing domain you want the traffic to be in. You might also want to create a virtual router routing instance to isolate that traffic.
↧
mgd core @ dom_make_object_simple,gram_make_command,gram_yyparse
Unable to find the PR in the database, any idea what is needed to fix this.?
EX2300-48P
When this happened, the switches cause a storm that dropped all connectivity sessions to our core services.
Ping was at 15% loss.
The contents of the PBN is shown below:
Title | mgd core @ dom_make_object_simple,gram_make_command,gram_yyparse |
Issue Date | Jul 17, 2014 |
Updated Time | Feb 22, 2017 06:15:38 PM EST |
Juniper Id | 596251 |
Organization | Massey Services |
Resolved In | |
Description | |
Trigger | [ Duplicate to PR686509 ] * Install sdk package bundle * Remove above package and Re-install |
Symptom | [ Duplicate to PR686509 ] Pkg installation fails and mgd core dumped. |
Work Around | |
Instruction | |
Relevances | [("OsPlatform", junos)] |
Customer Impact | |
Impact Probability | |
Owner | |
Flagged to Users |
↧
Cisco guy that inherited some junipers - need vlaing help !
Long story shirt, I took on a new position and the network guy decided to move on.
So i have inherited 39 juniper EX2400 and 4200 ? switches.
I have no experiance with juniper switch as I have always worked at cisco shops. I am going to assume that the vlaning is the same on a juniper as it would be on a cisco switch.
Setup we have a core set of switches , out to each switch stack we have fiber run and misconfigured port channels ( 2x10 gb fiber runs with 3 vlans assigned to each 10 gb port) the issue i have is that for every vlan on every switch there is an IP assigned to every vlan. example below VLAN 100 so that vlan 100 (not default vlan) has 10 gateways assigned to it ?
Switch Vlan 100
172.16.0.1 172.16.100.1
172.16.0.2 172.16.100.2
172.16.0.3 172.16.100.3
172.16.0.4 172.16.100.4
172.16.0.5 172.16.100.5
172.16.0.6 172.16.100.6
172.16.0.7 172.16.100.7
172.16.0.8 172.16.100.8
172.16.0.9 172.16.100.9
172.16.0.10 172.16.100.10
I am used to the setup of having all the vlan gateways live on the Core switch stack , all switches attached down the line by fiber would jusy have the vlans created on them ( no gateway) and have all of the vlans on the port channels of all the switches and have all of the vlans already extended to every part of the building. Am i worong on this ?
↧
↧
Re: Vlan translation on MX
Hi Steve,
Thanks a lot for the support. I followed your instructions and I got it to work!
This is the working configuration in my case:
irb {
unit 1000 {
family inet {
address 10.1.1.1/24;
}
}
}
bridge-domains {
VLAN_1000 {
vlan-id 1000;
interface ge-0/0/0.100;
interface ge-0/0/0.200;
routing-interface irb.1000;
}
}
interfaces {
ge-0/0/0 {
description "To PROVIDER";
flexible-vlan-tagging;
mtu 9192;
encapsulation flexible-ethernet-services;
unit 100 {
description "Customer ACME site 1";
encapsulation vlan-bridge;
vlan-id 100;
}
unit 200 {
description "Customer ACME site 2";
encapsulation vlan-bridge;
vlan-id 200;
}
Erac
↧
Re: EX4600 RDMA over Converged Ethernet (RoCE) support?
TY for prompt reply.
↧
Re: Cisco guy that inherited some junipers - need vlaing help !
KP3 wrote:
I am used to the setup of having all the vlan gateways live on the Core switch stack , all switches attached down the line by fiber would jusy have the vlans created on them ( no gateway) and have all of the vlans on the port channels of all the switches and have all of the vlans already extended to every part of the building. Am i worong on this ?
Yes, you are correct. not sure why the switches are configured this way. only management vlan ip is enough on access layer switches.
↧
10Gb modules on EX 6210 switch
Hi
I have to connect Nexus 9k to my ex4200 switch with 10Gb link.I would like to know wich module should I use ?
↧
↧
promiscuous mode
i can see continue log message and at that switch connected to that interface goes down
/kernel: ge-0/0/5: promiscuous mode enabled
/kernel: ge-0/0/5: promiscuous mode disabled
what is this
↧
EX4600: multicast not working in vlan default.
Hi,
I have an EX4600 switch which I'm using for host connectivity (obviously). Now I need to set up a VRRP/CARP between two hosts. Surprisingly, it's not working. And the reason is that these two hosts simple don't see the multicast packets from each other, they do see only self-originating packets in tcpdump. Previously I have successfully set up such scheme on a variety of switches, including EX4600, and I see no big difference between them, except that the latter one has the EX4600-EM-8F modukle, but the two hosts with this issue are plugged into pic 0. I was suspecting it's the igmp snooping feature that blocks the multicast, but it turns out there's no such thing configured on my switch:
emz@sw0-lynx# show | match igmp
{master:0}[edit]
emz@sw0-lynx#
[...]
emz@sw0-lynx> show igmp snooping interface
warning: multicast-snooping subsystem not running - not needed by configuration.
I've also discovered, that if I put the hosts interfaces into a trunk, the multicast does work in non-default vlan.
Currently I have no ideas why is this happening, so I will really apreciate any.
Thanks.
Follow-up: I just discovered that on a working EX4600 fll the vrrp interfaces are in non-default vlans.
↧
Re: 10Gb modules on EX 6210 switch
The EX-UM-2X4SFP-M. will give you 4 SFP+ ports which are 10G capable with right optics.
↧
Re: promiscuous mode
Hello,
What is the device connected to ge-0/0/5 of the switch?
Could you elaborate the symptoms?
Regards,
Rushi
↧
↧
CWA in EX switches
Hi,
I'm having a weird issue and was wondering if anyone noticed it as well.
I have recently implemented Aruba ClearPass NAC system on a network comprised of Juniper EX4300 and EX3300 switches running JunOS 15.1R6-S3.
See following documentation: https://www.juniper.net/documentation/en_US/release-independent/nce/topics/example/nce160-example-aruba-guest-access.html
After fixing some issues in the manual (e.g. URI contains "?&mac=" instead of "?mac="), I still cannot get the CWA or the JNPR_RSVD_FILTER_CWA filter to work, while in the traceoptions I see the Redirect URL, VLAN, and a manually configured firewall filter, and most of them are veing applied, I cannot get the switch to apply the redirect URL.
The only difference I can think of is that I am trying to create a "Walled Garden" scenario rather than a Guest access one, meaning I expect the CWA redirect to be applied when the user has been authenticated via 802.1x EAP-TLS rather than MAB.
Attaching the dot1x traceoptions for reference.
Can anyone offer an answer?
↧
Re: EX4600: multicast not working in vlan default.
You can enable IGMPsnooping with the following example for the default VLAN.
https://www.juniper.net/documentation/en_US/junos/topics/example/igmp-snooping-ex-series-configuring.html
https://www.juniper.net/documentation/en_US/junos/topics/example/igmp-snooping-ex-series-configuring.html
↧
Re: EX4600 RDMA over Converged Ethernet (RoCE) support?
UPDATE:
Reply directly from Juniper ("Sr Partner SE" person) for reference:
"We have the number of switches supporting DCBX with ECN, but there’s no explicit support for RoCE yet.
DCBX is just one of prerequisites.
As I have mentioned, the first our platform with RoCE support will be QFX 5100. I would consider seriously QFX 5100 – it has above mentioned features and there is a chance for RoCE support yet in this year. I see RoCEv2 support for QFX5100 scheduled for 17.4."
So seems no explicit support for RoCE on EX4600 ...
↧