@ aarseniev awsome !!! 
I will try this in my Test vlan this week and will definately give you a feedback.

What else do you have on the ex2200?

The configuration you have will put these four ports into your current switch default vlan which is likely and internal one.

I assume you want to isolate these four ports from all the internal vlans.  So you have two options:

option 1 - layer 2 only vlan

Create a new vlan with an unused vlan tag value to assign to all four ports.

Make sure there are no layer 3 interfaces in this vlan so they cannot communicate with anything else

I doubt you need to worry about loops on these ports to the upstream routers or firewalls so the rstp is probably not needed

option 2 - isolated routing instance

This will create more separation and guarantee no access to internal vlans

Create a virtual router routing instance

Assign all 4 ports to this routing instance

The configuration you posted as just ethernet switching without need for vlans will work

Hello,

You can create a separate vlan with 'set vlans test vlan-id <ID>' command.

And then you can put interfaces from ge-0/0/0 to ge-0/0/3 in the VLAN created using command:

'set vlans test interface <interface name>'

This should put all these interfaces as L2 access interfaces in specific vlan.

Regards,

Rushi

Hi Jonas,

Thank you for your answer!

It seems wehave to use the MC-LAG.

Best Regards,

Attila

I still get insufficient space erros when installing from /mfs/ even when using force option. 

Basically stuck on one code version. Juniper needs to address this issue asap, in my opinion.

The same issue exists on 2300/2300-C. One workaround is to install the upgrade from a mounted USB flash drive.

So in other words there is not fix. JTAC seems to be at a loss related to it, choosing instead to focus on system storage clean up not cleaning up 2 small 25KB log files. 

Hello 

We have both ex2200 and ex3300 this is happening on. 

If a voip phone is plugged in and PC behind it, the PC with auth dot1 x and the phone will not, we can see the phone in lldp but the mac does not on the switch 

this happen with both poloy comm and avaya phones and has been an ongoing issue for a couple years, i have opened tickets in that past an Juniper blames it on the avaya phones at the time but now we have brand new phones and it still happens

set protocols dot1x authenticator authentication-profile-name ClearPass-Radius
set protocols dot1x authenticator interface All-dot1x-Ports supplicant multiple
set protocols dot1x authenticator interface All-dot1x-Ports transmit-period 5
set protocols dot1x authenticator interface All-dot1x-Ports mac-radius
set protocols dot1x authenticator interface All-dot1x-Ports reauthentication 3600
set protocols dot1x authenticator interface All-dot1x-Ports server-timeout 3
set protocols dot1x authenticator interface All-dot1x-Ports maximum-requests 3
set protocols dot1x authenticator interface All-dot1x-Ports server-fail use-cache

ge-0/0/4.0    Authenticator  Authenticated 

show lldp neighbors
Oct 15 12:58:16
Local Interface Parent Interface Chassis Id Port info System Name
ge-0/0/4.0 - 0.0.0.0 1 Polycom VVX 411

if you reboot the phone (hard or soft), if you restart dot1x on the switch this happens. above is the after here is the before 

ge-0/0/4.0 Authenticator Authenticated 64:16:7F:27:BD:99 64167f27bd99
ge-0/0/4.0 Authenticated FC:4D4:F4:87:FE

we have a packet capture showing the phone send tha mac to the switch but it look like the switch irgnors it. 

this only happens if a PC is plugged into the phone

Thank you Steve,

I have few ports used by trunks so this option would be perfect:

option 1 - layer 2 only vlan

Create a new vlan with an unused vlan tag value to assign to all four ports.

Make sure there are no layer 3 interfaces in this vlan so they cannot communicate with anything else

I doubt you need to worry about loops on these ports to the upstream routers or firewalls so the rstp is probably not needed

Thank you

thank you Rushi

Hello, I have some scenario - I need to connect two switches over 40G ports from Juniper EX4300-24P (Rev.A). Can I use four ports in backside EX4300 for this or this 40G  ports only for VCP?
If I can use it, how I can configure this ports? Because in the configuration I found only 10G interfaces xe-0/0/0. (firmware version 18.3R1.9)

scaran@ex4300_test# run show interfaces terse
Interface               Admin Link Proto    Local                 Remote
ge-0/0/0                up    down
ge-0/0/0.0              up    down eth-switch
gr-0/0/0                up    up
pfe-0/0/0               up    up
pfe-0/0/0.16383         up    up   inet
                                   inet6
pfh-0/0/0               up    up
pfh-0/0/0.16383         up    up   inet
pfh-0/0/0.16384         up    up   inet
ge-0/0/1                up    down
ge-0/0/1.0              up    down eth-switch
ge-0/0/2                up    down
ge-0/0/2.0              up    down eth-switch
ge-0/0/3                up    down
ge-0/0/3.0              up    down eth-switch
ge-0/0/4                up    down
ge-0/0/4.0              up    down eth-switch
ge-0/0/5                up    down
ge-0/0/5.0              up    down eth-switch
ge-0/0/6                up    down
ge-0/0/6.0              up    down eth-switch
ge-0/0/7                up    down
ge-0/0/7.0              up    down eth-switch
ge-0/0/8                up    down
ge-0/0/8.0              up    down eth-switch
ge-0/0/9                up    down
ge-0/0/9.0              up    down eth-switch
ge-0/0/10               up    down
ge-0/0/10.0             up    down eth-switch
ge-0/0/11               up    down
ge-0/0/11.0             up    down eth-switch
ge-0/0/12               up    down
ge-0/0/12.0             up    down eth-switch
ge-0/0/13               up    down
ge-0/0/13.0             up    down eth-switch
ge-0/0/14               up    down
ge-0/0/14.0             up    down eth-switch
ge-0/0/15               up    down
ge-0/0/15.0             up    down eth-switch
ge-0/0/16               up    down
ge-0/0/16.0             up    down eth-switch
ge-0/0/17               up    down
ge-0/0/17.0             up    down eth-switch
ge-0/0/18               up    down
ge-0/0/18.0             up    down eth-switch
ge-0/0/19               up    down
ge-0/0/19.0             up    down eth-switch
ge-0/0/20               up    down
ge-0/0/20.0             up    down eth-switch
ge-0/0/21               up    down
ge-0/0/21.0             up    down eth-switch
ge-0/0/22               up    down
ge-0/0/22.0             up    down eth-switch
ge-0/0/23               up    down
ge-0/0/23.0             up    down eth-switch
bme0                    up    up
bme0.0                  up    up   inet     128.0.0.1/2
                                            128.0.0.4/2
                                            128.0.0.16/2
                                            128.0.0.63/2
dsc                     up    up
gre                     up    up
ipip                    up    up
irb                     up    up
irb.0                   up    down inet
irb.1                   up    down inet    
irb.10                  up    down inet    
irb.20                  up    down inet    
irb.300                 up    down inet    
jsrv                    up    up
jsrv.1                  up    up   inet     128.0.0.127/2
lo0                     up    up
lo0.0                   up    up   inet
lo0.16385               up    up   inet
lsi                     up    up
me0                     up    down
me0.0                   up    down inet     172.30.101.13/24
mtun                    up    up
pimd                    up    up
pime                    up    up
tap                     up    up
vme                     up    down


Correct me if I'm wrong: I need to create  et interface  (40G interface)like this?:

set interfaces et-0/0/0 unit 0 family ethernet-switching interface-mode trunk VLAN members all

Even from usb still getting lack of space error. 

Did you make sure to delete recovery snapshots that might be taking up space?

By default, the QSFP+/40GE ports on EX4300 are configured for VCP.   You need to delete this setting and then configure ports as standard Ethernet for what you want to do.

Google "EX4300 vcp ports" and you'll get many hits for what to do.

Good luck

Further testing shows dropping the port out of the range and manually configing makes the issue stop 

however if we do this to the entire switch the problem comes back again 

check tcam and is seems fine

configure it in groups (change as needed this is basic config (also watch your TCAM)

make sure you apply the Rewrite to your uplink port, and apply your FW filter to that port as outbound.  

set groups XX-COS class-of-service classifiers dscp XX-dscp-classifier import default
set groups XX-COS class-of-service classifiers dscp XX-dscp-classifier forwarding-class VOIP-EF loss-priority low code-points 101110
set groups XX-COS class-of-service classifiers dscp XX-dscp-classifier forwarding-class VOIP-EF loss-priority low code-points 101000
set groups XX-COS class-of-service classifiers dscp XX-dscp-classifier forwarding-class VIDEO-AF41 loss-priority low code-points 100010
set groups XX-COS class-of-service classifiers dscp XX-dscp-classifier forwarding-class VIDEO-AF41 loss-priority low code-points 100000
set groups XX-COS class-of-service classifiers dscp XX-dscp-classifier forwarding-class CONTROL-AF31 loss-priority low code-points 011000
set groups XX-COS class-of-service classifiers dscp XX-dscp-classifier forwarding-class CONTROL-AF31 loss-priority low code-points 011010
set groups XX-COS class-of-service classifiers dscp XX-dscp-classifier forwarding-class CONTROL-AF31 loss-priority low code-points 110000
set groups XX-COS class-of-service classifiers dscp XX-dscp-classifier forwarding-class DATA-AF21 loss-priority low code-points 010000
set groups XX-COS class-of-service classifiers dscp XX-dscp-classifier forwarding-class DATA-AF21 loss-priority low code-points 010010
set groups XX-COS class-of-service forwarding-classes class VOIP-EF queue-num 5
set groups XX-COS class-of-service forwarding-classes class VIDEO-AF41 queue-num 2
set groups XX-COS class-of-service forwarding-classes class CONTROL-AF31 queue-num 7
set groups XX-COS class-of-service forwarding-classes class DATA-AF21 queue-num 1
set groups XX-COS class-of-service forwarding-classes class Best-Effort-0 queue-num 0

**********example****** below the port 0/0/0 is a uplink port********
set groups XX-COS class-of-service interfaces ge-0/0/0 scheduler-map NAME-sched-map
set groups XX-COS class-of-service interfaces ge-0/0/0 unit 0 classifiers dscp XX-dscp-classifier
set groups XX-COS class-of-service interfaces ge-0/0/0 unit 0 rewrite-rules dscp Branch-Rewrite

**********example****** below the port 0/1/0-3 are uplink ports********
set groups XX-COS class-of-service interfaces ge-0/1/* scheduler-map NAME-sched-map
set groups XX-COS class-of-service interfaces ge-0/1/* unit 0 classifiers dscp XX-dscp-classifier
set groups XX-COS class-of-service interfaces ge-0/1/* unit 0 rewrite-rules dscp Branch-Rewrite

**********example****** below the ports are acces ports th * apply this all ports you could also use 0/0/* here
set groups XX-COS class-of-service interfaces ge-*/*/* scheduler-map NAME-sched-map
set groups XX-COS class-of-service interfaces ge-*/*/* unit 0 classifiers dscp XX-dscp-classifier

set groups XX-COS class-of-service rewrite-rules dscp Branch-Rewrite forwarding-class VOIP-EF loss-priority low code-point 101110
set groups XX-COS class-of-service rewrite-rules dscp Branch-Rewrite forwarding-class VIDEO-AF41 loss-priority low code-point 100010
set groups XX-COS class-of-service rewrite-rules dscp Branch-Rewrite forwarding-class CONTROL-AF31 loss-priority low code-point 011010
set groups XX-COS class-of-service rewrite-rules dscp Branch-Rewrite forwarding-class DATA-AF21 loss-priority low code-point 010010
set groups XX-COS class-of-service rewrite-rules dscp Branch-Rewrite forwarding-class Best-Effort-0 loss-priority low code-point 000000
set groups XX-COS class-of-service scheduler-maps NAME-sched-map forwarding-class VOIP-EF scheduler XX-voice-scheduler
set groups XX-COS class-of-service scheduler-maps NAME-sched-map forwarding-class VIDEO-AF41 scheduler XX-video-scheduler
set groups XX-COS class-of-service scheduler-maps NAME-sched-map forwarding-class CONTROL-AF31 scheduler XX-control-scheduler
set groups XX-COS class-of-service scheduler-maps NAME-sched-map forwarding-class DATA-AF21 scheduler XX-data-scheduler
set groups XX-COS class-of-service scheduler-maps NAME-sched-map forwarding-class Best-Effort-0 scheduler XX-best-effort
set groups XX-COS class-of-service schedulers XX-voice-scheduler buffer-size percent 20
set groups XX-COS class-of-service schedulers XX-voice-scheduler priority strict-high
set groups XX-COS class-of-service schedulers XX-video-scheduler transmit-rate percent 50
set groups XX-COS class-of-service schedulers XX-video-scheduler buffer-size percent 20
set groups XX-COS class-of-service schedulers XX-video-scheduler priority low
set groups XX-COS class-of-service schedulers XX-control-scheduler buffer-size percent 10
set groups XX-COS class-of-service schedulers XX-control-scheduler priority strict-high
set groups XX-COS class-of-service schedulers XX-data-scheduler transmit-rate percent 10
set groups XX-COS class-of-service schedulers XX-data-scheduler buffer-size remainder
set groups XX-COS class-of-service schedulers XX-data-scheduler priority low
set groups XX-COS class-of-service schedulers XX-best-effort transmit-rate remainder
set groups XX-COS class-of-service schedulers XX-best-effort buffer-size remainder
set groups XX-COS class-of-service schedulers XX-best-effort priority low

Hello everyone!

I've been struggling with ESL on the 4300 trying to mix a normal vlan trunk with QinQ configuration.

I need to configure a normal trunk between two EX4300 but, one of those vlans in the trunk, needs to be a C-Vlan in the QinQ uplink later.

I really don't know how to configure this. I’ve tried making a mix using Ethernet-switching and qinq syntax, but unfortunately didn’t work.

I leave you the config that I used for QinQ and topology, hoping that the topology is more clear to explain you what I need.

Regards!

EX4300
****************
set interfaces ae0 description "CNX:EX-4300-TEST:0:MX960-3 Prueba QinQ"
set interfaces ae0 flexible-vlan-tagging
set interfaces ae0 native-vlan-id 941
set interfaces ae0 mtu 9192
set interfaces ae0 encapsulation extended-vlan-bridge
set interfaces ae0 aggregated-ether-options link-speed 1g
set interfaces ae0 aggregated-ether-options lacp active
set interfaces ae0 unit 941 vlan-id 941

set interfaces ge-0/0/32 description "CNX:MX960-3 (ae0)"
set interfaces ge-0/0/32 ether-options 802.3ad ae0

set interfaces ge-0/0/0 description "CNX:QinQ:SIST"
set interfaces ge-0/0/0 flexible-vlan-tagging
set interfaces ge-0/0/0 mtu 9192
set interfaces ge-0/0/0 encapsulation extended-vlan-bridge
set interfaces ge-0/0/0 unit 550 vlan-id 550
set interfaces ge-0/0/0 unit 550 input-vlan-map push
set interfaces ge-0/0/0 unit 550 output-vlan-map pop

set interfaces ge-0/0/1 description "CNX:QinQ:MGMT"
set interfaces ge-0/0/1 flexible-vlan-tagging
set interfaces ge-0/0/1 mtu 9192
set interfaces ge-0/0/1 native-vlan-id XXX
set interfaces ge-0/0/1 encapsulation extended-vlan-bridge
set interfaces ge-0/0/1 unit XXX vlan-id XXX
set interfaces ge-0/0/1 unit XXX input-vlan-map push
set interfaces ge-0/0/1 unit XXX output-vlan-map pop

set vlans Vlan941_Qinq interface ae0.941
set vlans Vlan941_Qinq interface ge-0/0/0.550
set vlans Vlan941_Qinq interface ge-0/0/1.XXX

Topology

I believe you are trying to run both Q-in-Q and standard 802.1q/tagged on same interface/AE.  I do not think this is supported.  I think interface must be one of either Q-in-Q or standard 802.1q tagged.

Maybe someone else smarter than me can provide a better answer.  Have you opened TAC case and ask them?

Good Luck

I'm getting set up to configure two pair of EX4300-48T and QFX5100-48S. My question is how the topology can work.  We'd prefer to set them up in a full mesh - and it seems to be suggested as possible by the Virtual Chassis Best Pratices guide at https://www.juniper.net/assets/kr/kr/local/pdf/implementation-guides/8010018-en.pdf on page 14. However, only spine/leaf is mentioned in the Virtual Chassis Feature Guide at https://www.juniper.net/documentation/en_US/junos/topics/concept/vcf-overview.html.  Is mesh possible?

Thanks.

Virtual Chassis (VC) and Virtual Chassis Fabrice (VCF) are 2 completely different architectures, with both built off of same underlying protocols/etc.

VC can be a full mesh of up to 5 switches, just using the 4 x 40GE interfaces on EX4300 and 4 of the 6 x 40GE (QSFP+) interfaces on the QFX5100.  You just need to config these interfaces to operate a VCP (Virtual Chassis Ports) vs standard Ethernet ports.  These interfaces can be one or the other.  By default 1st 2 ports on EX4300 default to VCP, while other 2 default to Ethernet.  You can check status of which interfaces are configured as VCP via - show interface vcp

I believe this is probably what you want to do - make the 4 switches into a full mesh VC.  You'll need 3 x VCP on each switch to do this.  You'll find plenty of documentation on how to set up a VC; I would suggest you use pre-provision mode, this is generally the best option, especially in your case as for this VC the QFX5100 MUST be both the Master and Back-up RE.

VCF is more spine and leaf like, with the spines used to just forward traffic between leaves.  In general, the Spine (2 or more) need to QFX5100-32Q, vs QFX5100-48S. 

Both VC and VCF allow for a single point of management for all of the switches.  VC scales to a maximim of 10 switches, while VCF can scale to 20 (and under some circumstance, even larger).

You should be able to find LOTS of documentation regarding VC and VCF, but as I stated earlier, I am 99% sure for you, the best choice would be VC.

Good luck.