Quantcast
Channel: All Ethernet Switching posts
Viewing all 10307 articles
Browse latest View live

Ethernet over MPLS on vQFX10K2 not working

July 30, 2018, 4:35 pm
$
0
0

Hi, I am trying to get Ethernet over MPLS work on vQFX, here is the topology:

 

srv1---vqfx1----vqfx2--srv2

 

vqfx1 and vqfx2 are back to back connected on xe-0/0/0, srv1 and srv2 are connected to xe-0/0/1 on vqfx1 and vqfx2, respectivity as CE device, all VMs are running on virtualbox managed by vagrant, I verified both PE-CE connections are fine by temporarily creating an irb interface on vqfx. The goal of the setup is L2 connectivity between srv1 and srv2 over the layer 3 link between vqfx1 and vqfx2.

 

here is the configuration I have:

vagrant@vqfx-RE1# run show configuration interfaces xe-0/0/1
encapsulation ethernet-ccc;
unit 0 {
    family ccc;
}

{master:0}[edit]
vagrant@vqfx-RE1# run show configuration protocols l2circuit
neighbor 185.67.136.1 {
    interface xe-0/0/1.0 {
        virtual-circuit-id 100;
    }
}
### Both MPLS LSP and l2circuits are up

vagrant@vqfx-RE1# run show mpls lsp
Ingress LSP: 1 sessions
To              From            State Rt P     ActivePath       LSPname
185.67.136.1    185.67.136.254  Up     0 *                      RE1-to-RE2
Total 1 displayed, Up 1, Down 0

Egress LSP: 1 sessions
To              From            State   Rt Style Labelin Labelout LSPname
185.67.136.254  185.67.136.1    Up       0  1 FF       3        - RE2-to-RE1
Total 1 displayed, Up 1, Down 0

Transit LSP: 0 sessions
Total 0 displayed, Up 0, Down 0

{master:0}[edit]
vagrant@vqfx-RE1# run show l2circuit connections
Layer-2 Circuit Connections:<snip>
Legend for interface status
Up -- operational
Dn -- down
Neighbor: 185.67.136.1
    Interface                 Type  St     Time last up          # Up trans
    xe-0/0/1.0(vc 100)        rmt   Up     Jul 30 22:52:25 2018           1
      Remote PE: 185.67.136.1, Negotiated control-word: Yes (Null)
      Incoming label: 16, Outgoing label: 16
      Negotiated PW status TLV: No
      Local interface: xe-0/0/1.0, Status: Up, Encapsulation: ETHERNET
      Flow Label Transmit: No, Flow Label Receive: No

{master:0}[edit]

 

 

 

## ping between srv1 and srv2 does not work, interface statistics on xe-0/0/1 on either vqfx stays at 0

 

vagrant@vqfx-RE1# run show interfaces xe-0/0/1
Physical interface: xe-0/0/1, Enabled, Physical link is Up
  Interface index: 650, SNMP ifIndex: 517
  Link-level type: Ethernet-CCC, MTU: 1514, LAN-PHY mode, Speed: 10Gbps, Duplex: Full-Duplex,
  BPDU Error: None, Loop Detect PDU Error: None, Ethernet-Switching Error: None,
  Source filtering: Disabled
  Ethernet-Switching Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Flow control: Disabled,
  Media type: Fiber
  Device flags   : Present Running
  Interface flags: SNMP-Traps Internal: 0x4000
  Link flags     : None
  CoS queues     : 8 supported, 8 maximum usable queues
  Current address: 02:05:86:71:ba:07, Hardware address: 02:05:86:71:ba:07
  Last flapped   : 2018-07-30 22:31:52 UTC (00:59:52 ago)
  Input rate     : 0 bps (0 pps)
  Output rate    : 0 bps (0 pps)
  Active alarms  : None
  Active defects : None
  PCS statistics                      Seconds
    Bit errors                             0
    Errored blocks                         0
  Ethernet FEC statistics              Errors
    FEC Corrected Errors                    0
    FEC Uncorrected Errors                  0
    FEC Corrected Errors Rate               0
    FEC Uncorrected Errors Rate             0
  Interface transmit statistics: Disabled

  Logical interface xe-0/0/1.0 (Index 568) (SNMP ifIndex 519)
    Flags: Up SNMP-Traps 0x4004000 Encapsulation: Ethernet-CCC
    Input packets : 0
    Output packets: 0
    Protocol ccc, MTU: 1514
      Flags: Is-Primary

What could be wrong?

 

 

 

Search

Re: Attempting to change the protocol iccp address.

July 31, 2018, 3:52 pm
$
0
0

I am attempting to chang the protocol iccp address.

This is for an MC_LAG between two EX9200 switches. I am running version: version 16.1R7.7

It keeps telling me that the IP address does not match the very data I am trying to change. 

I have disable as several protocols with this trying to get it to accept the change with not luck.

[edit protocols iccp]
- local-ip-addr 172.30.0.91;
+ local-ip-addr 172.30.0.80;
[edit protocols iccp]
+ peer 172.30.0.81 {
+ session-establishment-hold-time 50;
+ redundancy-group-id-list 1;
+ backup-liveness-detection {
+ backup-peer-ip 172.30.0.81;
+ }
+ liveness-detection {
+ minimum-interval 2000;
+ multiplier 4;
+ }
+ }
- peer 172.30.0.92 {
- session-establishment-hold-time 50;
- redundancy-group-id-list 1;
- backup-liveness-detection {
- backup-peer-ip 172.30.0.81;
- }
- liveness-detection {
- minimum-interval 2000;
- multiplier 4;
- }
- }

[edit]

 

I go to commit this and get the following errors:

 

[edit multi-chassis multi-chassis-protection]
'172.30.0.92'
The peer ip must match with ones defined at <protocols iccp peer>
[edit multi-chassis multi-chassis-protection]
'172.30.0.92'
iccp peer ip address does not match with the one configured under protocols iccp
error: commit failed: (statements constraint check failed)

 

I know that it does not match. It is not supposed to, it is what I am trying to change. 

I have also disabled the [multi-chassis-protection] to see if this would allow the change and along with: 

deactivate groups MC_Config_Global multi-chassis mc-lag consistency-check
deactivate multi-chassis mc-lag consistency-check
deactivate interfaces ae0
deactivate system commit peers-synchronize

 

I have tired inserting, manipulating, changing an element at a time with no luck.

Thank you,

 

 

 

Certificate - Secure Web

July 31, 2018, 3:38 pm
$
0
0

I've recently created a CSR on the EX3300 and I've now have the CER issued by the CA, I'm wondering what I'm not doing correctly?  I'm seeing the certificate that I generated:

root@SW99> show security pki certificate-request
Certificate identifier: SW99CSR
Issued to: SW99
Public key algorithm: rsaEncryption(2048 bits)

{master:0}

 

When I try and add the cer, I get the following:  
root@SW99> request security pki local-certificate load certificate-id SW99CSR filename SW99.cer
error: error load certid<SW99CSR>

{master:0}
root@SW99> request security pki local-certificate load certificate-id SW99 filename SW99.cer
error: error load certid<SW99>

 

Re: Accepted Solutions Initiative!

July 31, 2018, 3:40 pm

Re: Attempting to change the protocol iccp address.

July 31, 2018, 3:58 pm
$
0
0

Hi dgtechx + rccpgm,

 

An FYI - I've moved the question and response from the Community Talk Discussion Forum to the Ethernet Switching Discussion Forum.

 

dgtechx - I hope rccpgm has answered your question!

rccpgm - Thanks for helping out your fellow J-Net peers Smiley Very Happy

Re: Certificate - Secure Web

July 31, 2018, 4:51 pm
$
0
0

Does using the verify command give you a helpful reason for not liking the cert?

request security pki local-certificate verify certificate-id SW99

 

Re: Certificate - Secure Web

July 31, 2018, 8:52 pm
$
0
0

root@SW99> show security pki certificate-request
Certificate identifier: SW99CSR
Issued to: SW99
Public key algorithm: rsaEncryption(2048 bits)

{master:0}
root@SW99> request security pki local-certificate verify certificate-id SW99CSR
Error: Certificate SW99CSR doesn't exist

root@SW99> request security pki verify-integrity-status
Local key-pair integrity verification failed: Looks Fine, but warning - could not find PKI file /var/db/certs/common/key-pair/SW99CSR.sha256

root@SW99:RE:0% cd /var/db/certs/common/key-pair
root@SW99:RE:0% ls
SW99CSR.priv
root@SW99:RE:0% cd certificate-request
root@SW99:RE:0% ls
SW99CSR.req

Re: EX4300 EX-BCM PIC EDC configuration not complete

August 1, 2018, 12:25 am
$
0
0

Hi,

We have the same situation on EX4300-32F on portt 34 (only when we insert SFP in this port). SW version Junos: 14.1X53-D46.7.

logs:

Aug  1 09:15:01  EX4300-SW1 fpc0 [EX-BCM PIC] phy_BCM84756_edc_complete_wait: EDC configuration not complete 0x8e50 port 44
Aug  1 09:15:00  EX4300-SW1 pfex: [EX-BCM PIC] phy_BCM84756_edc_complete_wait: EDC configuration not complete 0x8e50 port 44
Aug  1 09:15:01  EX4300-SW1 pfex: [EX-BCM PIC] phy_BCM84756_edc_complete_wait: EDC configuration not complete 0x8e50 port 44
Aug  1 09:15:01  EX4300-SW1 fpc0 [EX-BCM PIC] phy_BCM84756_edc_complete_wait: EDC configuration not complete 0x8e50 port 44
Aug  1 09:15:02  EX4300-SW1 pfex: [EX-BCM PIC] phy_BCM84756_edc_complete_wait: EDC configuration not complete 0x8e50 port 44
Aug  1 09:15:02  EX4300-SW1 fpc0 [EX-BCM PIC] phy_BCM84756_edc_complete_wait: EDC configuration not complete 0x8e50 port 44
Aug  1 09:15:03  EX4300-SW1 pfex: [EX-BCM PIC] phy_BCM84756_edc_complete_wait: EDC configuration not complete 0x8e50 port 44

 

Is this a bug?

 

Search

Re: EX4300 EX-BCM PIC EDC configuration not complete

August 1, 2018, 1:51 am
$
0
0

Hi,

 

We finally solved the issue opening a case to JTAC. At the end, in our case, the issue was related to a high CPU used by the process "pfex_junos". We finally solved it killing the process (with traffic impact), anyway my recommendation is to open a support case to JTAC.

 

Regards

Re: EX4300 EX-BCM PIC EDC configuration not complete

August 1, 2018, 2:29 am
$
0
0

The same behavior on version 18.2R1.9.

 

Re: Certificate - Secure Web

August 1, 2018, 3:04 am
$
0
0

From the error it looks like the full key pair is not present.  try this to generate them.

request security pki generate-key-pair certificate-id

 

Removing two members switches from (four members in a Virtual Chassis)

August 1, 2018, 7:41 am
$
0
0

Hi All 

 

I have four ex-4300 switches configured in a single virtual chassis.  FPC-1 is my master and FPC-0 is my backup , FPC 2 and FPC 3 are in linecard role. I want to perform the following things with out loosing the configuration and master role of my switch :

Virtual chassis configured in preprovisioned role. Kindly help me how I can do these tasks as i am totally new to Juniper side.

 

1) Change the Backup Role from FPC -0 to FPC-3.

2) After that FPC1 would be my master and FPC 3 would be my backup. FPC 0 and FPC-2 would be in linecard role.

3) Then I want to remove FPC 0 and FPC 2 from this virtual chassis.

4) After the removal of FPC 0 and FPC 2 , Only two members ( FPC 1 and FPC 3 will left in that virtual chassis).

5) I want to change  FPC 1 to FPC 0 ( MASTER) and FPC 3 TO FPC 1 ( Backup).

 

Config is mentioned below : 

-------------------------------------------------------------------------------

root@sw5.mtl4> show virtual-chassis status

Preprovisioned Virtual Chassis
Virtual Chassis ID: 8fa1.ded1.a1d1
Virtual Chassis Mode: Enabled
Mstr Mixed Route Neighbor List
Member ID Status Serial No Model prio Role Mode Mode ID Interface


0 (FPC 0) Prsnt PE3717273221 ex4300-48t 129 Backup N VC                  1 vcp-255/1/0

                                                                                                                                                   2 vcp-255/1/1
1 (FPC 1) Prsnt PE3717278547 ex4300-48t 129 Master* N VC                3 vcp-255/1/0
                                                                                                                                                    0 vcp-255/1/1
2 (FPC 2) Prsnt PE3717274806 ex4300-48t 0 Linecard N VC                    0 vcp-255/1/0
                                                                                                                                                   3 vcp-255/1/1
3 (FPC 3) Prsnt PE37172704790 ex4300-48t 0 Linecard N VC                    2 vcp-255/1/0
                                                                                                                                                  1 vcp-255/1/1

{master:1}
root@sw5.mtl4>

-------------------------------------------------------------------------------------------------------------------------------------------------

{master:1}
root@sw5.mtl4> show configuration virtual-chassis | display set
set virtual-chassis preprovisioned
set virtual-chassis member 0 role routing-engine
set virtual-chassis member 0 serial-numberPE3717273221
set virtual-chassis member 1 role routing-engine
set virtual-chassis member 1 serial-number PE3717278547 
set virtual-chassis member 2 role line-card
set virtual-chassis member 2 serial-number PE3717274806
set virtual-chassis member 3 role line-card
set virtual-chassis member 3 serial-number PE37172704790

{master:1}
root@sw5.mtl4>

Re: Attempting to change the protocol iccp address.

August 1, 2018, 8:31 am
$
0
0

I appreciate the skill and assitance on this, great worked perfectly.

 

Re: Attempting to change the protocol iccp address.

August 1, 2018, 10:39 am
$
0
0

Occasionally I actually do get one right!!

EX2200 LACP Trunk to Brocade ping problem

August 1, 2018, 8:33 pm
$
0
0

Hi

 

2018-08-02 10_12_43-EVE _ Topology - Opera.png

 

PROBLEMS
1. EX2200 can't ping Brocade ip

I create trunk lacp between Juniper EX2200 and Brocade FCX648S

My problem was I can't ping from Juniper to Brocade and vice versa, but Brocade can ping Cisco or Gateway

What's wrong with my Juniper config?

tq

 

BROCADE
#show running-config
Current configuration:
ver 08.0.30sT7f3
stack unit 1
  module 1 fcx-48-port-management-module
  module 2 fcx-cx4-2-port-16g-module
!
lag CISCO dynamic id 1
ports ethernet 1/1/47 to 1/1/48
primary-port 1/1/47
lacp-timeout short
deploy
!
lag JUNIPER dynamic id 2
ports ethernet 1/1/1 to 1/1/2
primary-port 1/1/1
deploy
!
vlan 1 name DEFAULT-VLAN by port
router-interface ve 1
!
vlan 10 name WAN1 by port
tagged ethe 1/1/47 to 1/1/48
router-interface ve 10
!
vlan 20 name DMZ by port
tagged ethe 1/1/47 to 1/1/48
router-interface ve 20
!
vlan 30 name SVR by port
tagged ethe 1/1/47 to 1/1/48
router-interface ve 30
!
vlan 40 name USR by port
tagged ethe 1/1/47 to 1/1/48
untagged ethe 1/1/25
router-interface ve 40
!
vlan 50 name VOICE by port
tagged ethe 1/1/47 to 1/1/48
router-interface ve 50
!
vlan 60 name GUEST by port
tagged ethe 1/1/47 to 1/1/48
router-interface ve 60
!
vlan 80 name HA by port
tagged ethe 1/1/47 to 1/1/48
router-interface ve 80
!
vlan 88 name WAN2 by port
tagged ethe 1/1/47 to 1/1/48
router-interface ve 88
!
vlan 90 name STR by port
tagged ethe 1/1/47 to 1/1/48
router-interface ve 90
!
vlan 100 name MGMT by port
tagged ethe 1/1/47 to 1/1/48
router-interface ve 100
aaa authentication web-server default local
aaa authentication enable default local
aaa authentication login default local
aaa authentication login privilege-mode
boot sys fl sec
boot sys fl pri
chassis name FCX01
jumbo
enable super-user-password .....
enable port-config-password .....
enable read-only-password .....
enable aaa console
enable acl-per-port-per-vlan
hostname SWFCX648S
ip ssl cert-key-size 2048
ip dns domain-list ngtrain.com
ip dns server-address 8.8.8.8 9.9.9.9
ip route 0.0.0.0/0 10.0.10.1
no telnet server
username admin2 password .....
username admin1 password .....
clock timezone gmt GMT+07
ntp
server 103.31.225.225
web-management https
banner motd ^C
Do not disturb the setup ^C
interface management 1
no ip dhcp-client enable
interface ve 1
interface ve 10
ip address 10.0.10.216 255.255.255.0
interface ve 20
interface ve 30
interface ve 40
interface ve 50
interface ve 60
interface ve 80
interface ve 88
interface ve 90
interface ve 100
ip address 10.0.100.216 255.255.255.0
ip ssh  authentication-retries 2
ip ssh  timeout 30
ip ssh  idle-time 30
ip ssh  key-exchange-method dh-group14-sha1
ip ssh  encryption disable-aes-cbc
end
 
 
 
JUNIPER
# show
## Last changed: 2018-01-19 19:02:52 WIT
version 15.1R6.7;
system {
    time-zone Asia/Jakarta;
    root-authentication {
        encrypted-password "$1$WoekkUPE$BtBx7i5XNsWLfTDAfZ7tZ1"; ## SECRET-DATA
    }
    name-server {
        8.8.8.8;
        4.2.2.2;
    }
    services {
        ssh;
        dhcp {
            pool 10.0.10.0/24 {
                address-range low 10.0.10.101 high 10.0.10.200;
                router {
                    10.0.10.1;
                }
            }
        }
    }
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any notice;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
    ntp;
}
chassis {
    aggregated-devices {
        ethernet {
            device-count 1;
        }
    }
    alarm {
        management-ethernet {
            link-down ignore;
        }
    }
}
    ge-0/1/2 {
        ether-options {
            802.3ad ae0;
        }
    }
    ge-0/1/3 {
        ether-options {
            802.3ad ae0;
        }
    }
    ae0 {
        aggregated-ether-options {
            minimum-links 1;
            lacp {
                active;
            }
        }
        unit 0 {
            family ethernet-switching {
                port-mode trunk;
                vlan {
                    members [ WAN1 WAN2 DMZ SVR USR VOICE GUEST HA STR MGMT ];
                }
                native-vlan-id default;
            }
        }
    }
    vlan {
        unit 0 {
            family inet;
        }
        unit 10 {
            family inet {
                address 10.0.10.213/24;
            }
        }
    }
}
routing-options {
    static {
        route 0.0.0.0/0 next-hop 10.0.10.1;
    }
}
protocols {
    igmp-snooping {
        vlan all;
    }
    rstp;
    lldp {
        interface all;
    }
    lldp-med {
        interface all;
    }
}
ethernet-switching-options {
    storm-control {
        interface all;
    }
}
vlans {
    DMZ {
        vlan-id 20;
    }
    GUEST {
        vlan-id 60;
    }
    HA {
        vlan-id 80;
    }
    MGMT {
        vlan-id 100;
    }
    STR {
        vlan-id 90;
    }
    SVR {
        vlan-id 30;
    }
    USR {
        vlan-id 40;
    }
    VOICE {
        vlan-id 50;
    }
    WAN1 {
        vlan-id 10;
        l3-interface vlan.10;
    }
    WAN2 {
        vlan-id 88;
    }
    default {
        l3-interface vlan.0;
    }
}
 
 
# run show lacp interfaces
Aggregated interface: ae0
    LACP state:       Role   Exp   Def  Dist  Col  Syn  Aggr  Timeout  Activity
      ge-0/1/2       Actor    No    No   Yes  Yes  Yes   Yes     Fast    Active
      ge-0/1/2     Partner    No    No   Yes  Yes  Yes   Yes     Slow    Active
      ge-0/1/3       Actor    No    No   Yes  Yes  Yes   Yes     Fast    Active
      ge-0/1/3     Partner    No    No   Yes  Yes  Yes   Yes     Slow    Active
    LACP protocol:        Receive State  Transmit State          Mux State
      ge-0/1/2                  Current   Slow periodic Collecting distributing
      ge-0/1/3                  Current   Slow periodic Collecting distributing
 
# run show ethernet-switching interfaces
Interface    State  VLAN members        Tag   Tagging  Blocking
ae0.0        up     DMZ                 20    tagged   unblocked
                    GUEST               60    tagged   unblocked
                    HA                  80    tagged   unblocked
                    MGMT                100   tagged   unblocked
                    STR                 90    tagged   unblocked
                    SVR                 30    tagged   unblocked
                    USR                 40    tagged   unblocked
                    VOICE               50    tagged   unblocked
                    WAN1                10    tagged   unblocked
                    WAN2                88    tagged   unblocked
 
# run show interfaces brief ae0
Physical interface: ae0, Enabled, Physical link is Up
  Link-level type: Ethernet, MTU: 1514, Speed: 2Gbps, Loopback: Disabled,
  Source filtering: Disabled, Flow control: Disabled
  Device flags   : Present Running
  Interface flags: SNMP-Traps Internal: 0x4000
  Logical interface ae0.0
    Flags: Up SNMP-Traps 0x40004000 Encapsulation: ENET2
    eth-switch

Search

Re: EX2200 LACP Trunk to Brocade ping problem

August 1, 2018, 11:21 pm
$
0
0

From my point of view (without being a Brocade specialist ;-) ) your Brocade switch haven't tagged vlan 10 on ethe 1/1/1 and ethe 1/1/2  towards the Juniper EX2200.

 

vlan 10 name WAN1
tagged ethe 1/1/1 to 1/1/2
 

LAG on EX9200

August 2, 2018, 1:33 am
$
0
0

Hi 

Who can tell me How many maximum numer of LAG on EX9200 ?

 

Thank you !

Re: LAG on EX9200

August 2, 2018, 1:43 am
$
0
0

regress@test-9208# set chassis aggregated-devices maximum-links ?

Possible completions:

<maximum-links> Maximum links limit for aggregated devices (16, 32, or 64)

[edit]

regress@test-9208# set chassis aggregated-devices maximum-links

 

So, maximum of 64 members are allowed in a LAG bundle on Ex9200

Re: LAG on EX9200

August 2, 2018, 2:05 am

Automatically backup config to scp or tftp when “wr me”

August 2, 2018, 5:15 pm
Viewing all 10307 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>