Hello Team,
Just had a query on Juniper data center QFX series switches >>
Does Juniper support 10/25G SFP ?
If yes, then Does Juniper QFX serires have the dual rate SFP !
We would really appreciate your quick response.
Thanks in advance !
↧
Juniper support for 10/25G SFP - Do they support dual rate SFP ?
↧
EX9200 ipv4 / ipv6 Routes maximum scale ?
Hello Team,
Do you have any information on the maximum IPv4 routes in EX 9200
I have not seen any details on the datasheet or internal forums so far .
# maximum RIB scale
# maximum MPLS labels
I would really appreciate your quick response . Thanks in advance !
↧
↧
Re: Juniper support for 10/25G SFP - Do they support dual rate SFP ?
Yes, with the now shipping QFX5200-48y. The QFX5200-32C could also be broken out to 4 x 25GE or set as 40GE and broken out to 4 x 10GE. As for QFX5200-48y:
- QFX5200-48Y: This 1 U 48x25GbE switch has 6x100GbE uplink ports for connecting to the spine, making it an ideal choice for 25GbE access or leaf deployments with a 100GbE spine. Additionally, it’s backward compatible, as 25GbE access ports can be configured to 10GbE, and the 100GbE uplink ports can be configured to 40GbE.
There will be another 10/25 GE native switch coming out later in 2018, the QFX5120-48y, and then a similar form factor, the EX4650-48y.
y = 25GE natively capable. The default operation is 10GE. There is a setting to convert ports to 25GE in groups of 4 ports.
HTH
↧
Re: EX9200 ipv4 / ipv6 Routes maximum scale ?
IPv4/IPv6 routes by default are 256K, but with optional ML (mid-scale license) can be increased to 512K.
MPLS labels not sure, but for MPLS support, you need an AFL (Advanced Feature License) to start with.
↧
Re: EX9200 ipv4 / ipv6 Routes maximum scale ?
FYI, almost all this info is found via Google search:
↧
↧
Re: Juniper support for 10/25G SFP - Do they support dual rate SFP ?
↧
Re: Ethernet Switching between Hosts connected to a Switch
Either host Y or host Z is configured with the wrong subnet mask.
↧
configuring access list on juniper 4600ex
We have cisco 3750 in production need to replace with juniper 4600ex;
confused with accesslist part.please help me:
Extended IP access list VERIZON
10 deny tcp 172.27.31.0 0.0.0.255 172.27.0.0 0.0.255.255 eq 3389 (15 matches)
20 permit tcp 172.27.31.0 0.0.0.255 any eq 1985
30 permit udp 172.27.31.0 0.0.0.255 any eq 1985
40 permit udp any eq bootpc any eq bootps
50 permit ip 172.27.31.0 0.0.0.255 host 172.27.10.11
51 permit ip 172.27.31.0 0.0.0.255 host 172.27.67.69
52 permit ip 172.27.31.0 0.0.0.255 host 172.27.67.97
150 permit ip 172.27.31.0 0.0.0.255 host 172.27.67.119
160 permit ip 172.27.31.0 0.0.0.255 host 172.27.67.85
161 permit ip 172.27.31.0 0.0.0.63 host 172.27.67.104
162 permit ip 172.27.31.0 0.0.0.63 host 172.27.67.53
163 permit ip 172.27.31.0 0.0.0.63 host 172.27.67.110
164 permit ip 172.27.31.0 0.0.0.255 host 172.27.67.59
180 permit ip 172.27.31.0 0.0.0.255 host 166.68.85.77
200 permit ip 172.27.31.0 0.0.0.255 172.27.31.0 0.0.0.255
210 permit ip 172.27.31.0 0.0.0.255 host 172.27.67.21
220 permit tcp 172.27.31.0 0.0.0.255 host 172.27.67.95
230 permit ip 172.27.31.0 0.0.0.255 host 172.27.67.32
240 permit ip 172.27.31.0 0.0.0.255 host 172.27.67.33
250 permit ip 172.27.31.0 0.0.0.255 host 172.27.67.45
260 permit ip 172.27.31.0 0.0.0.255 host 172.27.67.58
interface Vlan150
ip access-group VERIZONin
these are cisco access-lists i need to convert all for juniper.
will you please help me...
I'm confused to use term parameter in this case.
Viru
↧
Re: configuring access list on juniper 4600ex
Hi,
The term part of the firewall filter is an identifier, much like the sequence number of the cisco ACL.
See the juniper documentation about configuring your filter corectly.
exmaple;
10 deny tcp 172.27.31.0 0.0.0.255 172.27.0.0 0.0.255.255 eq 3389 (15 matches) set firewall family inet filter verizon term 10 from protocol tcp set firewall family inet filter verizon term 10 from source-address 172.27.31.0/24 set firewall family inet filter verizon term 10 from destination-address 172.27.0.0/16 set firewall family inet filter verizon term 10 from destination-port 3389 set firewall family inet filter verizon term 10 then discard
Tim
↧
↧
Re: dhcp snooping in MX
Hi,
I am not sure if you got this working , You may try this to check if the snooping works :-
Client :- (for lab)
====================
Junos: 16.1R6.7
{master}[edit]
mx-client# show interfaces ge-5/1/8
unit 0 {
family inet {
dhcp {
retransmission-attempt 6;
}
}
}
mx-middle# run show dhcp client binding
IP address Hardware address Expires State Interface
192.168.1.8 2c:6b:f5:4c:4e:cc 86341 BOUND ge-5/1/8.0
{master}[edit]
mx-middle# run show dhcp client binding detail
Client Interface/Id: ge-5/1/8.0
Hardware Address: 2c:6b:f5:4c:4e:cc
State: BOUND(LOCAL_CLIENT_STATE_BOUND)
Lease Expires: 2009-08-22 18:09:26 UTC
Lease Expires in: 86213 seconds
Lease Start: 2009-08-21 18:09:26 UTC
Server Identifier: 192.168.1.1
Client IP Address: 192.168.1.8
Update Server No
DHCP options:
Name: dhcp-lease-time, Value: 1 day
Name: server-identifier, Value: 192.168.1.1
Name: subnet-mask, Value: 255.255.255.0
=========================================
Snoop device (Intermediate device ):-
=========================================
Junos: 16.2R1.6
labroot@jtac-mx240-r2023-re0# show bridge-domains | display set
set bridge-domains vlan vlan-id 100
set bridge-domains vlan routing-interface irb.100
set bridge-domains vlan forwarding-options dhcp-security arp-inspection
set bridge-domains vlan forwarding-options dhcp-security ip-source-guard
set bridge-domains vlan forwarding-options dhcp-security group test overrides trusted
set bridge-domains vlan forwarding-options dhcp-security group test interface xe-1/1/0.0 <<< server facing
set bridge-domains vlan forwarding-options dhcp-security group test1 overrides untrusted
set bridge-domains vlan forwarding-options dhcp-security group test1 interface ge-1/2/8.0
set bridge-domains vlan forwarding-options dhcp-security option-82 circuit-id
[edit]
labroot@jtac-mx240-r2023-re0# show interfaces
xe-1/1/0 {
unit 0 {
family bridge {
interface-mode access;
vlan-id 100;
}
}
}
ge-1/2/8 {
unit 0 {
family bridge {
interface-mode access;
vlan-id 100;
}
}
}
irb {
unit 100 {
family inet {
address 192.168.1.15/24;
}
}
}
[edit]
labroot@jtac-mx240-r2023-re0# show forwarding-options
labroot@jtac-mx240-r2023-re0# run show dhcp-security binding
IP address MAC address Vlan Expires State Interface
192.168.1.8 2c:6b:f5:4c:4e:cc vlan 85694 BOUND ge-1/2/8.0
[edit]
labroot@jtac-mx240-r2023-re0# run show dhcp-security binding ip-source-guard
IP address MAC address Vlan Expires State Interface
192.168.1.8 2c:6b:f5:4c:4e:cc vlan 85688 BOUND ge-1/2/8.0
=======
SERVER
=======
Junos: 16.1R7.7
[edit]
mx-server# show system services
dhcp-local-server {
group G1 {
interface xe-0/0/1.0;
}
}
[edit]
mx-server# show interfaces
xe-0/0/1 {
unit 0 {
family inet {
address 192.168.1.1/32;
}
mx-server# show access
address-assignment {
##
## Warning: requires 'subscriber-address-assignment' license
##
pool p1 {
family inet {
network 192.168.1.0/24;
range R1 {
low 192.168.1.5;
high 192.168.1.15;
}
}
}
}
mx-server# run show dhcp server binding detail
Client IP Address: 192.168.1.8
Hardware Address: 2c:6b:f5:4c:4e:cc
State: BOUND(LOCAL_SERVER_STATE_BOUND)
Protocol-Used: DHCP
Lease Expires: 2018-07-17 04:49:52 UTC
Lease Expires in: 86220 seconds
Lease Start: 2018-07-16 04:49:52 UTC
Last Packet Received: 2018-07-16 04:49:52 UTC
Incoming Client Interface: xe-0/0/1.0
Server Identifier: 192.168.1.1
Session Id: 15
Client Pool Name: p1
↧
2200C system partitions
experts,
I have noticed on 2200C:
Boot Media: internal (da0)
Active Partition: da0s2a
Backup Partition: da0s1a
Currently booted from: active (da0s2a)
and
Information for snapshot on internal (/dev/da0s1a) (backup)
Creation date: Jun 20 20:51:58 2018
JUNOS version on snapshot:
jbase : ex-12.3R12-S7
jkernel-ex-2200: 12.3R12-S7
jcrypto-ex: 12.3R12-S7
jdocs-ex: 12.3R12-S7
jswitch-ex: 12.3R12-S7
jpfe-ex22x: 12.3R12-S7
jroute-ex: 12.3R12-S7
jweb-ex: 12.3R12-S7
fips-mode-arm: 12.3R12-S7
Information for snapshot on internal (/dev/da0s2a) (primary)
Creation date: Nov 24 06:39:35 2017
JUNOS version on snapshot:
jbase : ex-12.3R12-S7
jkernel-ex-2200: 12.3R12-S7
jcrypto-ex: 12.3R12-S7
jdocs-ex: 12.3R12-S7
jswitch-ex: 12.3R12-S7
jpfe-ex22x: 12.3R12-S7
jroute-ex: 12.3R12-S7
jweb-ex: 12.3R12-S7
fips-mode-arm: 12.3R12-S7
other 2200C shows the main partition is
Other 2200C showing da0s1a instead of da0s2a - is this just normal and I can leave it as it is ?
↧
Re: 2200C system partitions
It doesn't matter if da0s1a or da0s2a is the primary partition. Primary and backup changes roles without any operational difference.
Next time you upgrade it will upgrade the backup partition, reboot and make it the primary partition (if the upgrade goes as planed). Same with an unplanned shutdown where da0s2a "breaks", it will just boot on da0s1a.
If you really wan da0s1a to be primary you can reboot on the backup partition with the command 'request system reboot slice alternate'
↧
Re: 2200C system partitions
Thank You Jonas for a quick reply and explanation !!! have a nice day
↧
↧
Re: Ethernet Switching between Hosts connected to a Switch
If Host Y or Z is configured with wrong subnet mask then Host X should not be able to communicate with the Host that is configured with wrong subnet mask but as per the question Host X can communicate to both Y and Z.
↧
Re: Ethernet Switching between Hosts connected to a Switch
Hello,
Or a concept of Private Vlan can also be applicable here.
Regards,
Rushi
↧
Re: Ethernet Switching between Hosts connected to a Switch
wrote: If Host Y or Z is configured with wrong subnet mask then Host X should not be able to communicate with the Host that is configured with wrong subnet mask but as per the question Host X can communicate to both Y and Z.
Incorrect.
Host X: 10.0.0.1/24
Host Y: 10.0.0.2/25
Host Z: 10.0.0.200/24
Host X and Y will successfully communicate.
Host X and Z will successfully communicate.
Host Y and Z will not.
↧
New User question about VLANS
Hi, I have a EX2300 set up with EZSetup. I want to separate the first 12 ports (ge-0/0/0 thru ge-0/0/11) into their own VLAN.
I created an interface range for those ports and I created the VLAN. At this point when I "show vlans" it shows all interfaces in VLAN "default" vlanid 1.
When I add the interface range to the VLAN I created I can no longer ping the devices on the ports that aren't in the interface range. I vaguely remember something about this from a class but I don't remember. This switch is connected to a Cisco switch and I am pinging from a device connected to the Cisco. I don't have VLANs or trunks defined on the Cisco switch. Everything works fine (I can ping, etc) until I assign the VLAN to the range. Any ideas what is changing? I have done some googling but no luck.
Thanks!
↧
↧
Re: New User question about VLANS
Hello,
Can you share your vlan level & interface-range configuration?
Regards,
Rushi
↧
Re: New User question about VLANS
Thanks for looking at this.
In the settings below I have done everything except assign the Interface Range to the Vlan 304.
This is the command I use to do that: "set interfaces interface-range DMZ-Range unit 0 family ethernet-switching vlan members DMZ-Vlan". Once I commit that last statement I can no longer ping ports not added to the DMZ range.
I snipped parts to save space but it was all duplicate information but for different interfaces:
version 15.1X53-D57.3;
interfaces {
interface-range DMZ-Range {
member-range ge-0/0/0 to ge-0/0/11;
}
ge-0/0/0 {
unit 0 {
family ethernet-switching {
storm-control default;
}
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching {
storm-control default;
}
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching {
storm-control default;
}
}
}
<SNIP>
ge-0/0/47 {
unit 0 {
family ethernet-switching {
storm-control default;
}
}
}
ge-0/1/0 {
unit 0 {
family ethernet-switching {
storm-control default;
}
}
}
<SNIP>
xe-0/1/2 {
unit 0 {
family ethernet-switching {
storm-control default;
}
}
}
ge-0/1/3 {
unit 0 {
family ethernet-switching {
storm-control default;
}
}
}
xe-0/1/3 {
unit 0 {
family ethernet-switching {
storm-control default;
}
}
}
vme {
unit 0 {
family inet {
address 10.17.0.18/16;
}
}
}
}
forwarding-options {
storm-control-profiles default {
all;
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 10.17.0.1;
}
}
vlans {
DMZ-Vlan {
vlan-id 304;
}
default {
vlan-id 1;
}
}
↧
Re: New User question about VLANS
I just tried this on a second switch and it works as expected. The one that works has version 15.1X53-D58.3 and the one that doesn't has version 15.1X53-D57.3. I will try the upgrade tonight and if that doesn't do it I'll swap switches and contact Juniper. Thanks for looking.
↧