Sorry no idea, but the source and destination MAC are the same? is there any way on EXFO to change this, and see what happens?
I assume EXFO set-up the same works with EX4200, yes?
Just note that EX4200 and EX4600 are based upon different chipsets from different vendors, so actual implementation of any feature/function could be different.
So LACP only has the role of bundling/removing the interfaces into the aggregated-ethernet interface, as long as there is no LACP and LAG it's up to the switch what it does with those unbundled interfaces?
We used one EXFO meter with the Y.1564 test to measure. That's why there is a physical loop on the swtich side.
Normally two meters are used for such tests. I remember that measurement like the one on the EX4200 was able to be performed.
Thank you for your answers.
Regards.
LACP is really completely independent of LAG, although it is most often used with LAGs. You can run LACP on a single link, or a LAG of one. LACP is really there to protect against one-way faults, which would cause one end to think their link is up when it actually is not. In a LAG of multiple interfaces, this creates a potential black-hole. Before LACP Bi-Directional Forward Protection was often used, but not a standard.
LACP will not determine if either side is configured in a LAG. Functions on a per-link basis, from what I know!
HTH
Thanks for the replies and sorry for the confusion; the situation is a little weird in that it's being used for a staging environment to configure multiple like devices at one time, which will always be VLAN50 and will always have the same IP addresses. That's why I can't allow them to be part of the same broadcast domain, since there will be IP overlap. What I left out initially for simplicity (ha) is that there are also multiple devices being configured at once per "store," and I do have to add VLAN 50 to the otherwise untagged traffic or I'd ask them to connect to the firewalls directly. I use "Store A" and "Store B" in my example below to show the separation:
[Store A Devices] [Switch Access] [Switch Trunk] [Store A Firewall]
192.168.1.2/24 <- Port 3 Port 1 -> 192.168.1.1/24
192.168.1.3/24 <- Port 4 Port 1 -> 192.168.1.1/24
Untagged +VLAN 50 VLAN 50 VLAN 50
[Store B Devices] [Switch Access] [Switch Trunk] [Store B Firewall]
192.168.1.2/24 <- Port 5 Port 2 -> 192.168.1.1/24
192.168.1.3/24 <- Port 6 Port 2 -> 192.168.1.1/24
Untagged +VLAN 50 VLAN 50 VLAN 50
So in short, I need to separate traffic coming into / going out of the switch and need to add the same VLAN in all cases, whether it's as the traffic comes in or as it goes out. I know it's a weird one but that's why I'm here 
The VRF / routing-instance thing sounds like it might be in the right direction. In Ciscoland I've done similar things with bridge-domains but I'm still working on getting up to speed with Juniper devices.
Been looking into routing-instances and going to try something like this later today and see if that separates the traffic:
set vlans TEST-VLAN vlan-id 50
set interfaces ge-0/0/1 description "STORE-A TRUNK"
set interfaces ge-0/0/1 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members TEST-VLAN
set interfaces ge-0/0/2 description "STORE-B TRUNK"
set interfaces ge-0/0/2 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members TEST-VLAN
set interfaces ge-0/0/3 description "STORE-A ACCESS 1"
set interfaces ge-0/0/3 unit 0 family ethernet-switching port-mode access
set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members TEST-VLAN
set interfaces ge-0/0/4 description "STORE-A ACCESS 2"
set interfaces ge-0/0/4 unit 0 family ethernet-switching port-mode access
set interfaces ge-0/0/4 unit 0 family ethernet-switching vlan members TEST-VLAN
set interfaces ge-0/0/5 description "STORE-B ACCESS 1"
set interfaces ge-0/0/5 unit 0 family ethernet-switching port-mode access
set interfaces ge-0/0/5 unit 0 family ethernet-switching vlan members TEST-VLAN
set interfaces ge-0/0/6 description "STORE-B ACCESS 2"
set interfaces ge-0/0/6 unit 0 family ethernet-switching port-mode access
set interfaces ge-0/0/6 unit 0 family ethernet-switching vlan members TEST-VLAN
set routing-instances STORE-A description "Store A routing-instance"
set routing-instances STORE-A instance-type l2vpn
set routing-instances STORE-A interface ge-0/0/1.0
set routing-instances STORE-A interface ge-0/0/3.0
set routing-instances STORE-A interface ge-0/0/4.0
set routing-instances STORE-A route-distinguisher 1234:1
set routing-instances STORE-A vrf-target target:1234:1
set routing-instances STORE-B description "Store B routing-instance"
set routing-instances STORE-B instance-type l2vpn
set routing-instances STORE-B interface ge-0/0/2.0
set routing-instances STORE-B interface ge-0/0/5.0
set routing-instances STORE-B interface ge-0/0/6.0
set routing-instances STORE-B route-distinguisher 1234:2
set routing-instances STORE-B vrf-target target:1234:2
What will be the other side of your l2 vpn?
I assume you are not looking to connect these to each other. So the tricky part here will be how to manage the communications from whatever needs to talk to the stores during the setup process.
hey rccpgm
im following this pdf to make the MC-LAG configuration but there is something i didnt get
in the page 33
set protocols iccp peer 192.18.39.1 backup-liveness-detection backup-peer-ip 10.105.5.5
the ip 10.105.5.5 is it point to point FXP0 ip or what? and should i advirtise it by ospf
2nd question
set interfaces irb unit 100 family inet address 192.168.10.2/24 arp 192.168.10.3 mac 00:1f:12:b6:6f:f0
what command to show me that needed mac, show int irb ex?
and i really appreciate your assistance
hey Junos
hey rccpgm
im following this pdf to make the MC-LAG configuration but there is something i didnt get
in the page 33
set protocols iccp peer 192.18.39.1 backup-liveness-detection backup-peer-ip 10.105.5.5
the ip 10.105.5.5 is it point to point FXP0 ip or what? and should i advirtise it by ospf
2nd question
set interfaces irb unit 100 family inet address 192.168.10.2/24 arp 192.168.10.3 mac 00:1f:12:b6:6f:f0
what command to show me that needed mac, show int irb.100 ex?
thanks in advance
You might also be interested in the newly released Juniper vLab for free online lab access.
Backup-liveness-connection is optional and has always confused me as well. Unfortunately, the documentation is clear as mud on this subject. See here (FYI if you select the CLI Explorer re-direct, you'll just end up in a loop!):
Basically as far as I know it is just a second connection between the nodes other than ICCP/ICL to test if other node is up or not. Therefore additional protection if ICCP goes down. A better solution, IMHO, is to put in additional redundancy for ICCP/ICP. I always recommend these be put together as part of an AE that is split HW wise across different modules. Requires at least 2 faults to physically have this link go down.
Yes, FXP0 can be used for this - most common method?? I think so. As for learning within OSPF, I'd think no. Just need communication across this link between the 2 nodes.
As for interface mac, I'd suggest you use either:
show interface extensive (look for hardware address)
or
show interface ge-x/y/z extensive | match hardware
This should work for both physical and logical interfaces
Just FYI for anyone reading this article, Juniper is moving away from MC-LAG as one the preferred solution, to instead use EVPN/VXLAN (or MPLS depending upon product) almost exclusively. If you have a greenfield deployment, I might suggest it is a good idea to consider an EVPN based architecture, or at least consider this technology.
Good luck, HTH.
I also need some help with this. I'm very new (just learning) the juniper platform and my issue is quite basic.
I've configured name-server and static route to 0.0.0.0/0 on my new switch and can ping ipv4 to 8.8.8.8 for example.. It seems however when I ping gooogle.com however I get the following:
root@Juniper-SW1> ping google.com PING6(56=40+8+8 bytes) :: --> 2607:f8b0:4007:80c::200e ping: sendmsg: No route to host ping6: wrote google.com 16 chars, ret=-1 ping: sendmsg: No route to host ping6: wrote google.com 16 chars, ret=-1 ping: sendmsg: No route to host ping6: wrote google.com 16 chars, ret=-1 --- google.com ping6 statistics --- 3 packets transmitted, 0 packets received, 100% packet loss
It looks like the switch (EX-2200-C) is trying to ping the ipv6 address despite this not having been configured anywhere on the switch. I'm at a loss to figure out how to disable ipv6 globally.
Can someone offer a pointer? I'm only using ip4 in this setup.
Thanks!
For reference:
root@Juniper-SW1> ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8): 56 data bytes 64 bytes from 8.8.8.8: icmp_seq=0 ttl=121 time=17.214 ms 64 bytes from 8.8.8.8: icmp_seq=1 ttl=121 time=14.245 ms 64 bytes from 8.8.8.8: icmp_seq=2 ttl=121 time=13.980 ms --- 8.8.8.8 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max/stddev = 13.980/15.146/17.214/1.466 ms
Hello,
I'm new to the Juniper product line.. Per the firmware download instructions page, I'm attempting to upgrade my switch's firmware to do some testing in my lab. I've followed the usage instructions exactly and am receiving a file-fetch failed error. Does anyone have some insight on this? It looks like I'm receiving an authentication error even though I copied the URL download link right from the page itself. Might this indicate there's an error with Juniper's download site?
Thanks!
root@Juniper-SW1> ...ex-2200-12.3R12.4-domestic-signed.tgz SSL support disabled fetch: https://cdn.juniper.net/software/junos/12.3R12.4/jinstall-ex-2200-12.3R12.4-domestic-signed.tgz?SM_USER=regan@evotek.com&__gda__=1534045579_7f3b0c5d9d85418bb2ec69f52eebb8d6: Authentication error error: file-fetch failed error: could not fetch local copy of file
It looks like your switch is running a Junos image without crypto. This means that ssh and access to https sites will not function.
You see it with the notice "SSL support disabled".
An alternative could be to fetch the Junos firmware to your local machine, upload it to a ftp server which the switch can reach - or just dump the firmware to a USB-drive and copy the firmware that way.
Hi guys,
I'm a newbie here with Juniper switches please don't get too hard on me. 
Ok, so we just took over a property with a bunch EX2200 for their Access Point.
I'm trying to upgrade the JUNOS because I think it's pretty old.
The current version is 12.1R5.5 and I'm seeing I can have it upgraded to 12.3 or 14 or even 15 version.
So I did try it slowly by using the 12.3 version first by using the Web GUI.
I did the Maintenance -> Software -> Upload Package -> Upload and Install Package.
I uploaded and install the 12.3R12 version of firmware but for some reason I don't think it's updating because after rebooting the switch manually, I'm still seeing the current 12.1 version Junos.
Am I missing something here, guys?
I know this is probably pretty easy problem to fix.
Any help would be appreciated.
Thank you!!
Hello,
On EX platform, there is no way to disable ONLY IPv6 leaving IPv4 working.
The root cause for Your grief is that Your DNS server is returning both A and AAAA records and AAAA records are preferred by default.
This behaviour is observed not only with JUNOS but with other OSes i.e. Windows:
https://serverfault.com/questions/548777/how-to-prevent-delays-associated-with-ipv6-aaaa-records
and Ubuntu
https://askubuntu.com/questions/32298/prefer-a-ipv4-dns-lookups-before-aaaaipv6-lookups
But the notable difference is that JUNOS does not support any knobs to change this behaviour.
So, configure Your DNS server to NOT return AAAA records and You should be fine.
If You are using public DNS server then there is no easy way out.
Finally a filter won't help You to get rid of above JUNOS DNS client behaviour (attempting connection to IPv6 address returned from DNS server in AAAA record), even if the switch itself does not have a publicly routable IPv6 address.
HTH
Thx
Alex
Note that 12.3 is the highest Junos recommended for the ex2200 due to memory limitations. The version you are trying is the highest recommended 12.3r12
https://kb.juniper.net/InfoCenter/index?page=content&id=KB21476
Since the update is failing with jweb you need to see why. Check to see if there are any logs.
show log messages
If not, try doing the upgrade on the cli so you get the feedback and try the validate option first on the cli
request system software validate FILENAME
Thanks Jonas. I performed this activity and your steps helped me a lot. It went smooth.
Folks,
I have a quiz question which I believe seems to be basic but at the same time I am not sure if my analysis is correct. I would really appreciate if you can provide your expertise. Here is the question.
Host X and Host Y are connected to a freshly booted switch.
1. Host X can communicate to Host Y.
2. Add Host Z to the same Switch.
3. Host Z can communicate with Host X.
4. But Host Z cannot communicate with Host Y.
I am thinking on the lines of mac-filter or port-security feature where the port connected to Host Z is restricted to one mac-address.
Thanks for your help in advance.
Arvind