Hi,
Each member router in the Virtual Chassis must have dual Routing Engines installed, and all four Routing Engines in the Virtual Chassis must be the same model.
↧
Re: MX Virtual Chassis
↧
Re: How to configuration storm-control EX2200 and EX2300
Hi mriyaz;
The information you provide solves my problem, thank you very much. I have one more question;
"set protocols rstp bridge-priorty 0" I have received this command only for backbone switches. Do I also need to use SFP Backbone Switches?
↧
↧
Re: How to configuration storm-control EX2200 and EX2300
Hi Ahmet,
You're welcome. Please note this command "set protocols rstp bridge-priorty 0" means you're meant to use RSTP on the network. In that case you may want to enable "set protocols rstp interface all" on all switches.
And yes, if there is a redundant path between backbone switches and other access/distribution layer switches, then you need to definitely have RSTP enabled on the backbone switches too. The command you shared indicates the backbone switches are to be configured as ROOT BRIDGES (lowest priority is root and bridge-priority 0 means that switch will surely be the root bridge as long as it's up and running).
Hope that solves your query.
Regards,
-r.
--------------------------------------------------
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated![Smiley Happy]( "Smiley Happy")
.
You're welcome. Please note this command "set protocols rstp bridge-priorty 0" means you're meant to use RSTP on the network. In that case you may want to enable "set protocols rstp interface all" on all switches.
And yes, if there is a redundant path between backbone switches and other access/distribution layer switches, then you need to definitely have RSTP enabled on the backbone switches too. The command you shared indicates the backbone switches are to be configured as ROOT BRIDGES (lowest priority is root and bridge-priority 0 means that switch will surely be the root bridge as long as it's up and running).
Hope that solves your query.
Regards,
-r.
--------------------------------------------------
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated
.
↧
Re: Vlan Firewall filters
Hi,
Filter applied on VLAN would affect the the traffic incoming/outgoing in the VLAN based on input/output filter.
If you apply a filter on IRB, then the filter only the traffic that is destined to other networks. I mean routed packets. Intra-VLAN packets will not be affected due to the filter on IRB.
To explain,
Consider A, B C,D connected on the switch. A, B in VLAN 10 and C,D in VLAN 20.
If I apply a filter on VLAN 10 (Eg: input), then A-B, A-C, A-D communication would be filtered. As this traffic is incoming in the VLAN (irrespective of inter/intra VLAN). Similar applies to output VLAN filter as well.
If I apply filter in IRB of 10 (Again input), then A-C and A-D communication would be filtered. As this IRB Filter will be triggered only for inter-vlan traffic.
Regards,
Pavan
Click "Accept as solution" if it answers
Click "Kudos" if you like the Solution
↧
Re: QinQ Tunneling on QFX5110
Hi Steve,
Yes, that's correct! I would like to use trunk port to transport S-Tag VLAN.
Please kindly advise.
Thanks,
↧
↧
Re: QinQ Tunneling on QFX5110
It does then look like the example Shean links above is what you are looking for.
https://forums.juniper.net/t5/Ambassador-Insights/Configuring-Q-in-Q-Tunneling-ELS/ba-p/424100
↧
Configuring an EX3300 Virtual Chassis
Team,
Can we configure two different juniper EX switches in VC.
We have 15no of EX3300 switches now configured in VC for two locations and we are in process to buy another juniper EX 3400switches. can Both EX3300 & EX3400 configure in VC?
↧
Re: Configuring an EX3300 Virtual Chassis
EX3300 and EX3400 cannot coexist in the same virtual chassis.
The only mixed-mode virtual chassis switches which are supported, are mentioned on this page: https://www.juniper.net/documentation/en_US/junos/topics/concept/virtual-chassis-ex-qfx-series-mixed-understanding.html
↧
Re: Vlan Firewall filters
Thank you I understand this at a coneptual level just the way you've explained it but in real word results I've found that the same firewall filter applied in the "output" vs "input" direction gives very different results. Maybe a config post would help? Please note in the config posted that some things are inactive and I flip them back and forth to get differen results.
Basically here are the summary of my findings though when talking about intervlan communication.
as input you can only filter on destination address that is not in the local subnet
output you can only filter on source address from another subnet
show vlans data
vlan-id 4010;
l3-interface irb.4010;
forwarding-options {
filter {
input test-vlan99-vacl;
inactive: output test-vlan99-vacl;
}
dhcp-security;
}
{master:0}[edit]
cscott@2250-ex4300# show fira
^
syntax error.
cscott@2250-ex4300# show interfaces irb.4010
description local-data;
family inet {
address 10.3.27.17/28;
}
show firewall family ethernet-switching vl
syntax error.
cscott@2250-ex4300# show firewall family ethernet-switching filter test-vlan99-vacl
term deny-test-term {
from {
ip-source-address {
10.3.9.27/32;
}
inactive: ip-destination-address {
10.3.9.27/32;
}
}
then {
discard;
count test-deny;
}
}
term deny-2 {
from {
ip-destination-address {
10.3.27.22/32;
}
}
then discard;
}
term 1 {
then accept;
}
↧
↧
Re: QFX and IP-IP decapsulation
Hi!
Have you tried to omit "gre" keyword? It's an optional parameter.
↧
Re: QFX and IP-IP decapsulation
Hi,
Tried now:
admin@J-CORE-QFX# commit
[edit protocols]
error: Could not access attribute 'tunnel-protocol'
(if i just leave decapsulate without mentioning protocol)
Thanks!
↧
Dropped Connections after upgrading to 12.3R12.4 EX2200
Hello,
I have an EX2200 Juniper switch that I'm experiencing problems with client connectivity. Even though the workstation nic says it is connected, I cannot ping anyone on the network. The problem occurs on workstations (Win10) and servers (Server16). I've tried updating the nic drivers, resetting winsock, rebooting; nothing helps. I've swapped out the switch with another EX2200. I even zeroized the switch back to factory settings (ezsetup) but the workstation(s) will not connect
I believe it is a switch issue because I regain connectivity when connecting to a Cisco switch. It seems like my issues started occuring after updating the EX2200 to 12.3R12.4 from 12.3R9. I'm not showing any errors on the port in the CLI and I dont have mac filtering or BPDU configured on the switch.
I did notice that the disconnected workstation nic is showing 'unidentified network' versus the 'domain' connection.
Any ideas?
↧
Re: Dropped Connections after upgrading to 12.3R12.4 EX2200
Hi BlancoDiablo,
Believe these will help you narrow down where the problem is.
a) How do the clients get an IP? Please check if they get an IP properly along with the gateway IP.
b) Which device is the default gateway for these clients?
c) Are there any working clients connected to the same switch? Contrast if they are on the same VLAN.
d) Please check the ARP table on the client ("arp -a" from Windows CLI) and confirm if you learn the gateway's MAC address correctly (compare with working clients).
Hope this helps.
Regards,
-r.
--------------------------------------------------
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated![Smiley Happy]( "Smiley Happy")
.
Believe these will help you narrow down where the problem is.
a) How do the clients get an IP? Please check if they get an IP properly along with the gateway IP.
b) Which device is the default gateway for these clients?
c) Are there any working clients connected to the same switch? Contrast if they are on the same VLAN.
d) Please check the ARP table on the client ("arp -a" from Windows CLI) and confirm if you learn the gateway's MAC address correctly (compare with working clients).
Hope this helps.
Regards,
-r.
--------------------------------------------------
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated
.
↧
↧
Re: Dropped Connections after upgrading to 12.3R12.4 EX2200
Thank you for the follow-up. Answers:
a) Everything has a static address. DHCP is disabled.
b) The gateway is one hop from the EX to a Juniper SSG. I do not have access to this device
c) There are working stations on the same switch, using the default vlan. The problem occurs randomly; a device could work one minute and then be offline. It can affect the servers as well. NIC diagnostics do not produce any errors.
d) I'll need to get back to you on this. I have everything moved off the EX. Of course, when I reconnect the previous problem workstations, they can now connect to the EX2200 and arp the gateway without issue. That is how random the issue is.
The only time in my career that I have seen something similar is due to broadcast storms. I have the broadcast storm control enabled but I'm not sure about STP. I need to run 'show ethernet-switching interfaces' once the problem reoccurs.
↧
vxlan L3 gateway best way to reach rest of the network?
Hi experts.
I have followed the IaaS: EVPN and VXLAN Solution and is working as it should.
Next step is to decied how the rest of the network should reach the DC.
Should I setup a new bgp from each routing-instance in the spine to my PE router to get connectivty to the rest of the network?
Best practies?
Guides?
All suggestions are welcome
//Niklas
↧
Juniper EX4550 uses IP of neighbor port as the Source during ping directly connected remote peer
Hello.
We have 2xEX4550-32F (Virtual Chassis). Below configuration:
!
admin@EX4550> show configuration routing-instances TEST
instance-type virtual-router;
interface xe-0/0/29.0;
interface xe-1/0/29.0;
routing-options {
static {
route 192.168.0.0/24 {
next-hop 192.168.1.2;
qualified-next-hop 192.168.1.6 {
preference 10;
bfd-liveness-detection {
minimum-interval 5000;
multiplier 3;
}
}
bfd-liveness-detection {
minimum-interval 5000;
multiplier 3;
}
}
}
}
admin@EX4550> show configuration interfaces xe-0/0/29
description "Link A";
mtu 9216;
unit 0 {
family inet {
address 192.168.1.1/30;
}
}
{master:0}
admin@EX4550> show configuration interfaces xe-1/0/29
description "Link B";
mtu 9216;
unit 0 {
family inet {
address 192.168.1.5/30;
}
}
When I try to ping remote peer via 192.168.1.2 - ping is OK
When I try to ping remote peer via 192.168.1.6 - ping is FAIL
On remote peer tcpdump was turned on - incoming ICMP packets have Source IP = 192.168.1.1, not 192.168.1.5
Why so&
↧
Re: vxlan L3 gateway best way to reach rest of the network?
The DC networks are to be shared from CE to the PE and the outside networks to be injected by the PE to the gateway (CE). You can ideally use an IGP to do this, see the articles for options.
See the last section here that starts the Data Center Interconnect (DCI) part:
https://www.juniper.net/documentation/en_US/junos/topics/concept/vxlan-evpn-integration-overview.html#jd0e556
See the detailed CE configurations included here:
https://www.juniper.net/documentation/en_US/junos/topics/example/example-vxlan-evpn-integration-configuring.html
Hope this helps.
-r.
--------------------------------------------------
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated![Smiley Happy]( "Smiley Happy")
.
See the last section here that starts the Data Center Interconnect (DCI) part:
https://www.juniper.net/documentation/en_US/junos/topics/concept/vxlan-evpn-integration-overview.html#jd0e556
See the detailed CE configurations included here:
https://www.juniper.net/documentation/en_US/junos/topics/example/example-vxlan-evpn-integration-configuring.html
Hope this helps.
-r.
--------------------------------------------------
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated
.
↧
↧
Re: Juniper EX4550 uses IP of neighbor port as the Source during ping directly connected remote peer
Hi there,
Think that's expected, depending on how you tried to make the VC prefer 192.168.1.6. Because the primary/preferred next-hop is still 192.168.1.2. For testing if you shut down xe-0/0/29, then you can see it choose the xe-1/0/29 interface IP.
Hope this helps.
-r.
--------------------------------------------------
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated![Smiley Happy]( "Smiley Happy")
.
Think that's expected, depending on how you tried to make the VC prefer 192.168.1.6. Because the primary/preferred next-hop is still 192.168.1.2. For testing if you shut down xe-0/0/29, then you can see it choose the xe-1/0/29 interface IP.
Hope this helps.
-r.
--------------------------------------------------
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated
.
↧
Re: Juniper EX4550 uses IP of neighbor port as the Source during ping directly connected remote peer
When you have system sourced traffic the default address used will be the loopback address and if none is configured then the lowest ip address assigned to an interface.
As you saw you can override this default selection selecting specific interface, address or routing instance as the source.
https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/ping.html
↧
Re: vxlan L3 gateway best way to reach rest of the network?
Hi,
Thanks for the quick reply.
The links you send is more DC interconnect.
I looking more after how to connect the plain IP network with clients to the DC.
//Niklas
↧