Actually, I almost forgot.
You should consider rolling back the Junos version to 12.3 on the ex2200c per the JTAC recommendations. There is not really enough memory on the platform to run 15 reliably.
https://kb.juniper.net/InfoCenter/index?page=content&id=KB21476
Review the issue report and downgrade instructions here.
https://kb.juniper.net/InfoCenter/index?page=content&id=S:TSB17138
Your platform the ex4300 uses the els version the first link you have.
https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/dhcp-server-cli-els.html
Verify the configuration by confirming the pools are active. If they are not visible then likely some configuration section is missing.
show system services dhcp pool
Configure trace options then attempt to get a dhcp address and see what is in the file.
set system services dhcp traceoptions file dhcplog
set system services dhcp traceoptions flag all
Show the log contents after commit and running a dhcp request in operations mode
show log dhcplog
Thank you Steve for help here. There is no 12.3 for 2300C model. Please keep in mind its replacement od 2200C and what I am trying from to do here is copying config from 2200C into 2300C. For 2300 latest is 15.x. I use load replace terminal and piece by piece till these:
this one part of code giving me hard time:
ethernet-switching-options {
secure-access-port {
interface ae0.0 {
dhcp-trusted;
}
vlan v20-2nd-floor {
arp-inspection;
examine-dhcp;
ip-source-guard;
}
}
voip {
interface ge-0/0/4.0 {
vlan 80;
forwarding-class ezqos-voice-fc;
}
interface ge-0/0/6.0 {
vlan 80;
forwarding-class ezqos-voice-fc;
}
}Can you translate above part?
so the steps would be
show | display set | no-more
// You get the whole configs for the CPE in the set format.
The next step would be to do the
top load set terminal
// copy and past the configs here.
commit check and watch for any error
if not, then do the coomit and quit
and you are done.
// Take another show | no-more
// save a log and good to go.
Thanks all
Imran
After validating the install I receive this error:
Hardware Database regeneration succeeded
Validating against /config/juniper.conf.gz
Chassis control process: <xnm:error xmlns="http://xml.juniper.net/xnm/1.1/xnm" xmlns:xnm="http://xml.juniper.net/xnm/1.1/xnm">
Chassis control process: <source-daemon>chassisd</source-daemon>
Chassis control process: <edit-path>[edit interfaces]</edit-path>
Chassis control process: <statement>xe-0/1/0</statement>
Chassis control process: <message>INTERFACES_TYPE_UNIDIR: Error in parsing interface name</message>
Chassis control process: </xnm:error>
mgd: error: configuration check-out failed
Validation failed
Validating against /config/rescue.conf.gz
Chassis control process: <xnm:error xmlns="http://xml.juniper.net/xnm/1.1/xnm" xmlns:xnm="http://xml.juniper.net/xnm/1.1/xnm">
Chassis control process: <source-daemon>chassisd</source-daemon>
Chassis control process: <edit-path>[edit interfaces]</edit-path>
Chassis control process: <statement>xe-0/1/0</statement>
Chassis control process: <message>INTERFACES_TYPE_UNIDIR: Error in parsing interface name</message>
Chassis control process: </xnm:error>
mgd: error: configuration check-out failed
Validation failed
/usr/libexec/ui/validate-config.sh: op_fix_config: not found
ERROR: Current configuration not compatible with junos-arm-32-15.1X53-D56.tgz
The switch is running 15.1x3-D57.3, I need to change this to stay standard and because there is a Mac address issue with D57.3. The switch is remote and the interface in question is the Uplink port so I am afraid to do a no-validate.
The strange part is I have other EX2300 switches at the same location with the same config that had no problem with the downgrade. Any help would be great.
I am also getting errors trying to use the convertor. But had a look at the config and uploaded here is a manually converted version. I did a quick commit check in the lab switch and looks like it is good to go.
But no warranty, have a look over as a peer review.
Hi Juniper gurus!
I have 2x2 leaf-spine topology made of vqfx 18.1R1 VMs running on KVM:
me@kvm-server $ virsh list | grep junos-mcae
1791 junos-mcae.aos-aos-vm-aos_server running
1792 junos-mcae.aeon_ztp-vm1 running
1793 junos-mcae.vqfx-leaf21 running
1794 junos-mcae.vqfx-leaf22 running
1795 junos-mcae.vqfx-leaf11 running
1796 junos-mcae.vqfx-leaf12 running
1797 junos-mcae.vqfx-leaf11_pfe running
1798 junos-mcae.vqfx-leaf21_pfe running
1799 junos-mcae.ubuntu-server1 running
1800 junos-mcae.ubuntu-server2 running
1801 junos-mcae.vqfx-spine2_pfe running
1802 junos-mcae.vqfx-spine1 running
1803 junos-mcae.vqfx-leaf12_pfe running
1804 junos-mcae.vqfx-spine2 running
1805 junos-mcae.vqfx-spine1_pfe running
1806 junos-mcae.vqfx-leaf22_pfe running
1807 junos-mcae.veos-router running
After some time (~24 hours) `show version` started to take really long time to run, approximately 2-3 minutes. Other commands, like `show interfaces` or `show route` or `show bgp neighbor` execute immediately.
The configuration on vqfx boxes seem to be fine. KVM servers run at 0.2% cpu utilization, and have tons of unused RAM.
How do you troubleshoot? Are there any logs to look at? What may be causing such a huge delay?
me@kvm-server $ kvm --version QEMU emulator version 2.0.0 (Debian 2.0.0+dfsg-2ubuntu1.40), Copyright (c) 2003-2008 Fabrice Bellard me@kvm-server $ libvirtd --version libvirtd (libvirt) 1.2.2 me@kvm-server $ uname -a Linux bs32 4.13.0-041300-generic #201709031731 SMP Sun Sep 3 21:33:09 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux me@kvm-server $ cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=14.04 DISTRIB_CODENAME=trusty DISTRIB_DESCRIPTION="Ubuntu 14.04.5 LTS"
Junos boxes:
admin@l2-virtual-mlag-2-leaf1> show version fpc0: -------------------------------------------------------------------------- Hostname: l2-virtual-mlag-2-leaf1 Model: vqfx-10000 Junos: 18.1R1.9 limited JUNOS Base OS boot [18.1R1.9] JUNOS Base OS Software Suite [18.1R1.9] JUNOS Crypto Software Suite [18.1R1.9] JUNOS Online Documentation [18.1R1.9] JUNOS Kernel Software Suite [18.1R1.9] JUNOS Packet Forwarding Engine Support (qfx-10-f) [18.1R1.9] JUNOS Routing Software Suite [18.1R1.9] JUNOS jsd [i386-18.1R1.9-jet-1] JUNOS SDN Software Suite [18.1R1.9] JUNOS Enterprise Software Suite [18.1R1.9] JUNOS Web Management [18.1R1.9] JUNOS py-base-i386 [18.1R1.9] JUNOS py-extensions-i386 [18.1R1.9]
Hi Juniper gurus!
I'm running 2x2 leaf-spine topology with vqfx images on KVM. At some point some RPC calls started to take way too much time and fail with timeouts, so I decided to reboot the VMs using virsh:
me@kvm-server $ for vm in $(virsh list | grep -P 'junos-mcae.*(spine|leaf)' | awk '{print $2;}'); do virsh reset $vm; doneThe problem with RPC calls timeouts has gone, but new problem appeared: all the boxes now would have the same serial number:
from jnpr.junos import Device
user = "user"
password = "password"
devices = [{
"hostname": "<ip>.{}".format(ip),
"username": user,
"password": password,
} for ip in xrange(9, 14 + 1)]
for device in devices:
dev = Device(host=device['hostname'],
user=device['username'],
passwd=device['password'])
try:
dev.open()
print("%s facts: %s" % (device['hostname'], dev.facts['serialnumber']))
finally:
dev.close()prints following:
<ip>.9 facts: 130178177892<ip>.10 facts: 130178177892<ip>.11 facts: 130178177892<ip>.12 facts: 130178177892<ip>.13 facts: 130178177892<ip>.14 facts: 130178177892
Any suggestions on what I might be doing wrong? How is it possible to have serial numbers to be identical?
Hello,
If you have other switch in the same location with same configuration on the downgraded version, running downgrade using the no-validate option shouldn't be a problem I guess.
When you did upgrade in the first place on the current switch, did you proceed with any incremental upgrade (step by step upgrade)?
If yes, you can try incremental downgrade as well.
Regards,
Rushi
I tried applying:
2/ OSPF export policy with "then accept" - injects it as LSA5 Type2 /LSA7 Type 2 if NSSA
3/ OSPF export policy with "then external; type 1; accept" - injects it as LSA5 Type1 /LSA7 Type 1 if NSSA
Unfortunately it did not help. It appears all decisions about the preference for an OSPF route are made by the recipient rather than the sender. I am still trying to make the routes advertised by one router preferred to those of the other.
EDIT: I've found what might be a solution. Vlan 253 is the interlink subnet between my various routers. Setting a metric on that interface does nothing since that interface connects to all the other routers. There are no point to point layer 3 links between routers.
Each router routes its local subnets A, B, C. These are stub networks and are set to 'passive' in OSPF. I can apply a metric to each of A, B, and C which should impact how those subnets are advertised.
Hello,
You need to start each vQFX from its own image+use own matadata file, even if the image is the same file.
Just copy the source image+metadata image into 4+4 separate files and reference them in XML template.
Below XML template snippet shows how it is usually done for multiple VRR instances running on single phys server:
<devices><emulator>/usr/bin/kvm</emulator><disk type='file' device='disk'><driver name='qemu' type='qcow2' cache='none'/><source file='/var/lib/libvirt/images/vrr-XX.img'img'/>
{skip}
<disk type='file' device='disk'>
<driver name='qemu' type='raw' cache='directsync'/>
<source file='/var/lib/libvirt/images/metadata-vrr-XX.img'/>
- where XX is the sequence number of VRR instance (01, 02 etc).
HTh
Thx
Alex
looks like still some convertion errors:
Auto Image Upgrade: DHCP Client State Reset: irb.0 vme.0
load override /var/tmp/2300C-config-convert.txt
/var/tmp/2300C-config-convert.txt:434:(26) syntax error: ethernet-switching-opti
ons
[edit]
'ethernet-switching-options {'
syntax error
/var/tmp/2300C-config-convert.txt:458:(1) error recovery ignores input until thi
s point: }
[edit]
'}'
error recovery ignores input until this point
/var/tmp/2300C-config-convert.txt:564:(9) error recovery ignores input until thi
s point: }
[edit vlans v80-voice]
'}'
error recovery ignores input until this point
load complete (3 errors)
The CPU of each card would also be a plus...I'm not able to find anOID for that. Has anyone esle?
Thanks
I think these parameters are under SPU or services processing unit tree here.
Ok, this page covers the changes in this section of the hierarchy. For the dhcp, voip and storm control changes.
ethernet-switching-options {
secure-access-port {
interface ae0.0 {
dhcp-trusted;
}
vlan v20-2nd-floor {
arp-inspection;
examine-dhcp;
ip-source-guard;
}
}
voip {
interface ge-0/0/4.0 {
vlan 80;
forwarding-class ezqos-voice-fc;
}
interface ge-0/0/6.0 {
vlan 80;
forwarding-class ezqos-voice-fc;
}
}
storm-control {
interface all;
}
}
Attached is a stab at converting the storm control and voip per the doc.
But I don't follow the dhcp one and had to leave that out.
I have a problem in routing traffic from tagged VLANs to untagged VLANs on my lab environment
traffic can be routed normally between tagged vlans using the below commands
set vlans employee-vlan10
set vlans employee-vlan vlan-id 10
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members employee-vlan10
set vlans employee-vlan20
set vlans employee-vlan vlan-id 20
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members employee-vlan20
set interfaces vlan unit 10 family inet address 10.10.10.10/24
set interfaces vlan unit 20 family inet address 20.20.20.20/24
set vlans employee-vlan20 l3-interface vlan.20
set vlans employee-vlan10 l3-interface vlan.10
What is the exact commands that are needed to be done to have routing between tagged and untagged configured properly ?
Also does the native vlan has to be assigned to unit 0 in configuring the RVI\irb\vlan interfaces?
Also I can see an interface called vlan which is up and running is that the interface associated with the native vlan ? or the RVI interface for the native vlan should be vlan.0?
thanks in advance for your help
Hi
1. a vlan is a vlan with a vlan-id and has nothing to do with tags
2. tagging happens on a trunk interface with 802.1Q, where packets get a tagging header to be able to transport many vlans over one link.
3. on a trunk interface you can define a native vlan which will be carried untagged over the trunk, and any untagged packet comming in over a trunk will be considered to have the vlan-id of the native vlan of that trunk
4. routing happens between vlans regardless of tagging and native vlan-id
regards
Alexander
Is the link up on port ge-0/0/1 where you have the vlans assigned?
If the link is not up for at least one physical port in a vlan the RVI virtual interface will not come up.
Also did you make the ge-0/0/1 port mode trunk?
Dear all,
I followed the following guide to configure DSCP remarking on EX4200. I want to make all traffic going-out
interface ge-0/1/1.0 to be DSCP remarked as AF31. However, it doesn't work.
I use port mirror to monitor the out-going traffic. I cannot see DSCP was remarked.
Please help. Thanks.
George
https://kb.juniper.net/InfoCenter/index?page=content&id=KB13381
set class-of-service forwarding-classes class office-DSCP-forwarding queue-num 5
set class-of-service rewrite-rules dscp office-DSCP-forwarding forwarding-class office-DSCP-forwarding loss-priority low code-point 011010
set firewall family ethernet-switching filter office-rewrite-filter term 1 from source-address 10.11.72.132
set firewall family ethernet-switching filter office-rewrite-filter term 1 from source-address 10.11.72.133
set firewall family ethernet-switching filter office-rewrite-filter term 1 then forwarding-class office-DSCP-forwarding
set firewall family ethernet-switching filter office-rewrite-filter term 1 then loss-priority low
set firewall family ethernet-switching filter office-rewrite-filter term 1 then count office-hits
set interfaces ge-0/1/1 unit 0 family ethernet-switching filter output office-rewrite-filter