EX4300-48MP is a new version of switch in EX4300 family which support 24 x 10/100/1000 Base-T and 24 x 1GE/2.5GE/5GE/10GE (multi-Gig). For this specific model the 4 x QSFP+ ports can ONLY be used to VC.
https://www.juniper.net/us/en/products-services/switching/ex-series/ex4300m/
Hi
Can I enable GRES for OSPF, BGP and IS-IS for uninterrupt packet forwarding? In case of
1. One EX9208, Two REs installed on same device and one of them failed
2. Two EX9208, Two REs installed on each devicees and all of one EX9208 failed
Note: I enabled MC-LAG on two of EX9200 switches.
Thank you !
gres and nsr only work within the same chassis not across chassis.
You will need to plan on having BFD and route failovers for the dual chassis setup.
Don't have an active contract - just sharing as this may help someone.
Starting from 15.1X53-D58, there's undocumented change in RSTP protocol behavior with the following configuration:
(instead of ae0 there may be any trunk interface)
interface ae0 {
mode point-to-point;
}
interface all {
edge;
}
bpdu-block-on-edge;Up to 15.1X53-D57 release, and on 12.3 this configuration results in the following:
1. Interfaces defined as point-to-point receive/forward BPDUs.
2. All other interfaces are edge and are blocked when a BPDU is received.
From D58 and 18.4 onwards:
1. All interfaces are defined as edge.
2. Interface ae0 mode point-to-point is not applied or overwritten, resulting in blocking uplink ports as soon as BPDU is received.
Workaround:
/* Deactivated, causes STP BLK */
interface all {
inactive: edge;
}Then, add required interfaces with a wildcard/individually.
@Juniper what's happened with your release management/QA? 15.1X53-D590 is right after 15.1X53-D59.4
Dears,
I'm configured lacp between two witches EX2200, but when check just one port working.
NOTE: Link between two switches is Microwave-Link.
Speed ae0 interface just 1gig, and one link working,not both two link.
Hello,
wrote:
NOTE: Link between two switches is Microwave-Link.
Is it 1 microwave link or 2 parallel microwave links, one per EX200 local port-remote port pair?
You need 2 paralell links for Your LAG to work, LACP does not work through hubs.
HTH
Thx
Alex
Hi fhamamdeh,
Agree with Alex. There's something wrong on the path that corrupts the System ID of "Bala1" in the LACPDU received on "Jenin-Sw" in the LACPDU. That'll never allow the two links to aggregate.
LACP info: Role System System Port Port Port
priority identifier priority number key
ge-0/0/42.0 Actor 127 64:64:9b:ac:20:80 127 1 1
ge-0/0/42.0 Partner 1 00:00:00:00:00:00 1 1 1<<<<<<<<<<<<<<<<<<<<Invalid System ID
ge-0/0/43.0 Actor 127 64:64:9b:ac:20:80 127 2 1
ge-0/0/43.0 Partner 127 50:c5:8d:ab:3c:40 127 2 1
Hope this helps.
Regards,
-r.
--------------------------------------------------
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated 
.
do you mean add system id manually.
We have a scenario where we have a customer prem switch say in an MDU with multiple tennants. Many of them order metro internet service. This service is delivered across our network on a specific VLAN. So in an MDU with multiple customers with the same service but different speed profiles there is no way to individually police the download direction as you can only police on ingress, so there is no way to do that on the inbound trunk into the CPE switch. Is there any way to do this at layer 2? I'm wondering if using private vlans and setting the trunk as the promiscuous port and each tennant as a community or isolated vlan then trying to throttle that way because each customer would have their own vlan tied to the incomming vlan on the trunk. Any thoughts?
so should i always set priority to 255 or just configure accept data...what is the best practice....Thank goodness i found this post ..as i could not ping my vrrp address!!!!
You need to have accept data enabled for the ping response to work.
This is the most common deploy that I've seen. Never worked anywhere where this was not implemented.
I don't see how you can do that policer per client sharing a local vlan like this.
Where is the aggregation point?
Could you set them up as eLines on unique vlans up to the aggregation node.
Then on this node create a bridge domain that pulls the disparate vlans together into the same broadcast domain and share the further upstream service.
the policing you want can then be applied per custmer vlan.
Hi necr -
Thanks for raising this. I've reached out to the appropriate team and am waiting to hear back.
I'll keep you posted.
Hello,
wrote: there is no way to individually police the download direction as you can only police on ingress,
On Juniper EX switches, You can shape on egress - which would give Your customers a better service.
HTH
Thx
Alex
we had the server ports set up as MC-LAG at first, but the server team change to SET teaming in the server and that does not do LACP
QFX-a and are connect with AE256 for iccp and icl (ports 30 and 31 on both make the 200G link)
uplink to current Core is from QFX-A
MACs on QFX-B are not learned on QFX-B witch we think is causing a unicast storm, if you ping a VM on the server from a nexus or junos you get the (DUP!) alarms
if we shut the server ports on QFX-A those alarms go away
why are we not learing the MACs on the trunk from QFX a to QFX-b?
is this not suppported topology? (the MClag docs say a standalone should mac learn via the iccp)
There are 2 MC-LAG ports configed and they ARE learing MACS
do we have a config wrong ? unsupported topo ?
Juniper TAC said the L2-learing needed restarted, we tried that, chassis control, interface control, iccp services, and rebooted both boxes and the issue remains.
I admit it could be an issue on the server side, but my job is the Network and I have no access to server. just trying to verify my side of things.
Thoughts, facts and experance you have would be helpful
Server plug into both QFX's 100g, with set teaming configed
we did try to MC-lag from both QFX to our core with nexuss VPC but it kept failing randomly, so did a single L2 link to the core from QFX-A
Please help, I try to deploy a radius on ex2200, but there was a problem if there are two IP phones connected to the port, then one of these phones is fading.
Only one mac address is visible on the port. At the same time with computers such problems do not arise.
config:
set access radius-server 192.168.0.2 secret "1234"
set access radius-server 192.168.0.3 secret "5678"
set access profile radius_lan authentication-order radius
set access profile radius_lan radius authentication-server 192.168.0.2
set access profile radius_lan radius authentication-server 192.168.0.3
set protocols dot1x authenticator authentication-profile-name radius_lan
set protocols dot1x authenticator interface radius_port supplicant multiple
set protocols dot1x authenticator interface radius_port mac-radius restrict
set protocols dot1x authenticator interface radius_port server-reject-vlan vlan.20
set interfaces interface-range radius_port member ge-0/0/21
set ethernet-switching-options voip interface ge-0/0/21.0 vlan vlan.30
information on the port before applying the configuration:
run show ethernet-switching table interface ge-0/0/21
Ethernet-switching table: 6 unicast entries
VLAN MAC address Type Age Interfaces
vlan.10 * Flood - All-members
vlan.10 00:0a:6b:03:1a:c3 Learn 1:22 ge-0/0/21.0
vlan.10 00:0a:6b:03:1a:ed Learn 1:28 ge-0/0/21.0
vlan.10 50:46:5d:70:90:75 Learn 0 ge-0/0/21.0 PC
vlan.10 54:04:a6:a5:1a:85 Learn 0 ge-0/0/21.0 PC
vlan.30 * Flood - All-members
vlan.30 00:0a:6b:03:1a:c3 Learn 0 ge-0/0/21.0 IP phones
vlan.30 00:0a:6b:03:1a:ed Learn 0 ge-0/0/21.0 IP phones
resultsrun show dot1x interface ge-0/0/21
802.1X Information:
Interface Role State MAC address User
ge-0/0/21.0 Authenticator Authenticated 00:0A:6B:03:1A:C3 000a6b031ac3
ge-0/0/21.0 Authenticated 50:46:5D:70:90:75 50465d709075
ge-0/0/21.0 Authenticated 54:04:A6:A5:1A:85 5404a6a51a85
run show ethernet-switching table interface ge-0/0/21
Ethernet-switching table: 3 unicast entries
VLAN MAC address Type Age Interfaces
default * Flood - All-members
vlan.10 * Flood - All-members
vlan.10 50:46:5d:70:90:75 Learn 0 ge-0/0/21.0
vlan.10 54:04:a6:a5:1a:85 Learn 0 ge-0/0/21.0
vlan.30 * Flood - All-members
vlan.30 00:0a:6b:03:1a:c3 Learn 0 ge-0/0/21.0
run show lldp neighbors
Local Interface Parent Interface Chassis Id Port info System Name
ge-0/0/23.0 - f0:1c:2d:bd:ba:c0 ge-0/0/47.0 ATC3
ge-0/0/21.0 - 192.168.30.20 WAN PORT Tadiran
ge-0/0/8.0 - 192.168.30.28 WAN PORT Tadiran
ge-0/0/16.0 - 192.168.30.112 WAN PORT Tadiran
ge-0/0/21.0 - 192.168.30.175 WAN PORT Tadiran (disappeared)
Where did I make a mistake?
Hi
I 've configured DHCP relay on EX4300 but DHCP message is not be forwarded to DHCP server.
Here is my configuration.
set forwarding-options dhcp-relay server-group CP 10.1.2.99
set forwarding-options dhcp-relay server-group CP 10.1.3.254
set forwarding-options dhcp-relay active-server-group CP
set forwarding-options dhcp-relay group server active-server-group CP
set forwarding-options dhcp-relay group server interface irb.27 < VLAN27 = Client' vlan
root# run show dhcp relay statistics
Packets dropped:
Total 0
Messages received:
BOOTREQUEST 309
DHCPDECLINE 0
DHCPDISCOVER 309
DHCPINFORM 0
DHCPRELEASE 0
DHCPREQUEST 0
DHCPLEASEACTIVE 0
DHCPLEASEUNASSIGNED 0
DHCPLEASEUNKNOWN 0
DHCPLEASEQUERYDONE 0
Messages sent:
BOOTREPLY 0
DHCPOFFER 0
DHCPACK 0
DHCPNAK 0
DHCPFORCERENEW 0
DHCPLEASEQUERY 0
DHCPBULKLEASEQUERY 0
Hello,
Please check Your lo0.0 filter to allow udp ports 67,68
Thanks
Alex
Hi John,
Please check if the non-working phone's MAC address is learnt on any other port i.e.
show ethernet-switching table | match 00:0a:6b:03:1a:ed
If it's learnt elsewhere, issue could be caused due to MAC moves and you'll need to put a filter and block the MAC being learnt on incorrect interface.
Hope this helps.
Regards,
-r.
--------------------------------------------------
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated .