One other thing I should have mentioned, we do have LLDP-MED enabled on all interfaces
↧
Re: Enable voip on just ports with phones or every port?
↧
Re: Getting killed by DHCP address conflicts
You could schedule a command to clear it:
set event-options generate-event clear_DHCP_conflicts time-interval 21600
set event-options policy Policy1 events clear_DHCP_conflicts
set event-options policy Policy1 then execute-commands commands "clear system services dhcp conflict"
↧
↧
Re: Spanning Tree config with Routing Instances?
Hello,
Spanning Tree configuration is supported only for Routing Instances of "type virtual-switch" or "type layer2-control".
And those instances are for advanced use cases such as :
1/"layer2-control" instance is the "access circuit-facing control plane" for VPLS (which means it runs STP towards access circuit/AC only and never injects STP BPDU into VPLS core and also provides stitching of STP AC state to VPLS signaling)
2/ virtual-switch instance allows segmenting Your L2 network into separate subdomains where VLAN-ids can overlap between subdomains (i.e. VLAN-id 100 on ge-0/0/0 inside virtual-switch vS1 is totally separate from VLAN-id 100 on ge-1/0/0 inside virtual-switch Vs2, without any VLAN rewrite)
HTH
Thx
Alex
↧
Re: LLDP-MED-ByPass
Hi Guys,
I am facing the same porblem. Did you find any solution for this ?
regards,
Dilmani
↧
Re: EX Series - Authentication issue with Radius server - IP address radius source
set system radius-options attributes nas-ip-address [mgmt IP address]
if i do this it uses the correct port but i get an arro that i cannot login, our RAD server respone with an execpt
↧
↧
Re: EX Series - Authentication issue with Radius server - IP address radius source
apperantly my account was locked in the juniper box........... odd
↧
Re: MC-LAG EX9200 To Active/Standby Firewall
Hi,
I know this is an old post, but I am facing with the same issue now. What firewall you use?
I want to connect my mc-lag (with vrrp) core switch to active-standby firewall (fortinet). My mc-lag is active-active. Initially mc-lag was ok, one side is active and one side is down, ping is ok. When I test to disable the active interface at core switch 1, lag interface at another core switch become active, but can't communicate to firewall (ping). And then I enable back the interface of core switch 1, the lag interface still down meanwhile the member lag port is up.
any idea for my case?
Thanks
I know this is an old post, but I am facing with the same issue now. What firewall you use?
I want to connect my mc-lag (with vrrp) core switch to active-standby firewall (fortinet). My mc-lag is active-active. Initially mc-lag was ok, one side is active and one side is down, ping is ok. When I test to disable the active interface at core switch 1, lag interface at another core switch become active, but can't communicate to firewall (ping). And then I enable back the interface of core switch 1, the lag interface still down meanwhile the member lag port is up.
any idea for my case?
Thanks
↧
Re: Has anyone been able to successfully enable ICCP/MC-LAG on a pair of QFX5100 switches?
we have 3300 connect to nexus running VPC, and we just configure a AE and it works fine....... in MCLAG is the juniper VPC version I would think this would work the same (the this is on a VC stack
description "xe-0/1/0, xe-1/1/0 bundel to CORE- VPC port eth1/36";
aggregated-ether-options {
minimum-links 1;
link-speed 10g;
lacp {
active;
periodic fast;
}
}
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members x,x,x,x,x;
}
native-vlan-id x;
show configuration interfaces xe-0/1/0
Dec 12 17:29:56
description LINK-TO-CORE-A-Eth1/36;
ether-options {
802.3ad ae1;
↧
QFX5100 48T - Configure QSFP slot for QSFP-SR4 optics
Hi all,
We are trying to use the QSFP ports on our QFX5100s. We are wanting to use a full 40GE interface by using an SR4 optic to uplink to our MX core router. The MX picked up the optics and show them as et interfaces, but the QFX is not picking them up.
When I try to configure them, all I can get is to the channelized 10G, but no options for 40.
The optics do not register in the "show chassis hardware" and I am not sure how to declare those ports as 40Ge.
Anyone have experience with this or know how to set it up?
I have tried looking through documentation, but I can't seem to find anything on this.
Thanks.
↧
↧
Re: QFX5100 48T - Configure QSFP slot for QSFP-SR4 optics
I would suggest that you disable auto-channelization as mentioned on https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/qfx3500-3600-standalone-channel-configuring.html
By default, the 40-Gbps QSFP+ ports on EX4600 and QFX5100 switches are channelized automatically (auto-channelized) if any of the four channels on a 40-Gbps QSFP+ port receive data, unless you have configured channelization either at the chassis level or at the port level. Auto-channelization is not supported on interfaces contained in expansion modules, or on Virtual Chassis ports.
You can disable auto-channelization by including the disable-auto-speed-detection statement at the [edit chassis fpc slot-number pic pic-number (port port-number | port-range port-range-lowport-range-high) channel-speed] hierarchy
It could also be that the ports are defined as virtual-chassis ports. Does 'show virtual-chassis vc-port' output any ports? If yes, then remove them via 'request virtual-chassis vc-port delete pic-slot 0 port X'
If you are still stuck, then provide output from 'show chassis hardware' and configuration related to interfaces and chassis.
↧
Re: EX9200 MC-LAG Failover Recovery Times
In version 16 with a similar configuration, when you have mc-ae events iccp-peer-down prefer-status-control-active configured on both peers, you will get a warning like this one for every MC-AE when you try to commit the configuration:
[edit interfaces ae83 aggregated-ether-options]
'mc-ae'
warning: prefer-status-control-active is used with status-control standby. Use this command only if BLD is configured
However, when we removed the command, we experience the same situation described here - 60 seconds of outage while the downstream portchannels go down and back up due to LACP issues. And another 60 seconds when the primary chassis comes back online. No issues when the standby chassis goes down/up.
↧
qfx 5200 MC LAG configs
THes are in our lab right now, trying to set this up, however fingin conlficing info, and the MX stuff is all mixed in or its for the qfx-10K
the ICCP link - sync traffic only correct ? does this have to be a 100Gb port? can it be on the em0 mgmt port ? (does it mater we have the 18.1x code and are using the mgmt routing instance?) i hate to waste 2x 100G ports for this
ICL - how large does this need to be? 2x 100GB ports? 3 ports ?
bestpractice on the MX says to seperate the ICL and ICCP, but on another junier configs guide, it has those on the same AE link, witch i would perfer to do but is this a supported config?
That same guide also show the ICCP ip on a Vlan IRB interface, best practice shows a LO0 as the required interface for that.
just trying to set this up properly the first time
One giude I found shows the ICCP link as L3 with OSPF however all the juniper side i have found this is a L2 link, what is the recommend here?
set chassis aggregated-devices ethernet device-count 6
set interfaces et-0/0/28 ether-options 802.3ad ae1
set interfaces et-0/0/29 ether-options 802.3ad ae1
set interfaces et-0/0/30 ether-options 802.3ad ae0
set interfaces et-0/0/31 ether-options 802.3ad ae0
set interfaces ae0 description ICCP-LINK
set interfaces ae0 aggregated-ether-options lacp active
set interfaces ae0 aggregated-ether-options lacp periodic fast
set interfaces ae0 unit 0 family inet address 10.100.101.0/31
set interfaces ae1 description ICL-LINK-TRAFFIC
set interfaces ae1 aggregated-ether-options lacp active
set interfaces ae1 aggregated-ether-options lacp periodic fast
set interfaces ae1 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae1 unit 0 family ethernet-switching vlan members all
set interfaces em0 unit 0 family inet address 192.168.255.100/23 master-only
set interfaces irb arp-l2-validate
set interfaces lo0 unit 0 family inet address 10.100.100.1/32
set multi-chassis multi-chassis-protection 10.100.100.2 interface ae1
set protocols ospf area 0.0.0.0 interface ae0.0 interface-type p2p
set protocols ospf area 0.0.0.0 interface lo0.0
set protocols iccp local-ip-addr 10.100.100.1
set protocols iccp peer 10.100.100.2 session-establishment-hold-time 50
set protocols iccp peer 10.100.100.2 redundancy-group-id-list 1
set protocols iccp peer 10.100.100.2 backup-liveness-detection backup-peer-ip 192.168.255.101
set protocols iccp peer 10.100.100.2 liveness-detection minimum-interval 60
set protocols iccp peer 10.100.100.2 liveness-detection multiplier 3
set routing-instances mgmt_junos routing-options static route 0.0.0.0/0 next-hop 192.168.254.1
set switch-options service-id 1
↧
Re: Spanning Tree config with Routing Instances?
We are using "virtual router" instance type, so I understand that configuration of STP within routing instance does not apply to us. Thanks for the info.
↧
↧
Re: dual-side mc-lag with QFX 5100
Hi smicker. Thanks for the help. Here's the requested output for the four switches.
↧
Re: qfx 5200 MC LAG configs
ICCP is control, ISL is data. Backup ICCP can be direct or routed, I’ve seen the same multiple recommendations. I use an IRB interface on the same ae used for ISL, with mgmt interfaces as backup ICCP to keep things simple. Size of ISL should probably be larger than maximum expected throughput of north/southbound traffic in case you end up with a Z traffic flow, but in normal active/active MCAE operation VRRP will route traffic locally and not send to VIP first. 60ms BFD on your ICCP link seems really aggressive—qfx5100 does not support BFD <1000ms, I’m not sure if QFX5200 has the same limit.
↧
Re: qfx 5200 MC LAG configs
wrote: ICCP is control, ISL is data. Backup ICCP can be direct or routed, I’ve seen the same multiple recommendations. I use an IRB interface on the same ae used for ISL, with mgmt interfaces as backup ICCP to keep things simple. Size of ISL should probably be larger than maximum expected throughput of north/southbound traffic in case you end up with a Z traffic flow, but in normal active/active MCAE operation VRRP will route traffic locally and not send to VIP first. 60ms BFD on your ICCP link seems really aggressive—qfx5100 does not support BFD <1000ms, I’m not sure if QFX5200 has the same limit.
the 60 was just from the config guides, do you recommed like 300 ? 1000 seems like a long time lol
are you running in prod with the above configs?
↧
Re: EX9200 MC-LAG Failover Recovery Times
Please add hold timers greater than your BFD interval to the physical interfaces that make up your ISL and test failover again.
For example with BFD = 3x1000ms
set interfaces et-0/0/52 hold-time up 100 set interfaces et-0/0/52 hold-time down 4000 set interfaces et-0/0/52 ether-options 802.3ad ae0 set interfaces et-0/0/53 hold-time up 100 set interfaces et-0/0/53 hold-time down 4000
set interfaces et-0/0/53 ether-options 802.3ad ae0
↧
↧
Re: qfx 5200 MC LAG configs
Yes. QFX10K can do BFD < 1000ms, JTAC may need to advise on 5200.
https://www.juniper.net/documentation/en_US/junos/topics/concept/bfd-understanding-qfx-series.html
↧
Cisco APIC-EM vs Juniper???
Hi
I discussed with customer about campus solution. Competitor is cisco and they proposed APIC-EM controller worked with catalyst 9xxx series.
What is solution should be approach to customer in order to highlighted on SDN within campus such as workflow automation, policies automation like APIC-EM do
I discussed with customer about campus solution. Competitor is cisco and they proposed APIC-EM controller worked with catalyst 9xxx series.
What is solution should be approach to customer in order to highlighted on SDN within campus such as workflow automation, policies automation like APIC-EM do
↧
Re: Cisco APIC-EM vs Juniper???
You mean Nexus 9000 switches, they are the only one that work with ACI. Catalyst 9000 are standard LAN switches.
Juniper SDN solution is Contrail, it has the advantage to be hardware independant and can be used in mixed hypervisor environment (ESXi/VShphere and Linux KVM)
↧