Quantcast
Channel: All Ethernet Switching posts
Viewing all 10307 articles
Browse latest View live

Re: LAG from EX4300MP to Cisco VSS (2) Catalyst 4300X-16

March 19, 2019, 9:45 am
$
0
0

Spot on! defining native vlan1 on interface ae1 was the key!

 

I've been working with cisco gear for over 20 years and twice already I have tried to move to Juniper. I like everything about Juniper's hardware and cli.

Issue that I have with Juniper is not so good and knowledgable salespeople and support is kind of iffy - I've spent a few hours with Juniper's support looking into this issue and gave up as tech was a bit to inexperienced and I knew solution is as always, very simple  -  You sir, have proved that!</rant>

 

I don't know much about juniper equipment, especially this new line - it makes no sense to me why management interface would be affected by default vlan definition on ae1 link when different physical cables are used... Time to get some books.

 

I owe you a beer or two so if you are in Toronto area, let me know.

 

Regards,

 

T

Search

Virtual Chassis - preprovisioned vs non-provisioned

March 19, 2019, 10:11 am
$
0
0

Hi all,

I am extremely new to Juniper. Please bear with me.

Reading virtual chassis feature guide on configuring virtual chassis


In pre-provisioned

- mastership priority cannot be defined but will be set to the same for master and backup RE

- role is pre-defined to the serial number of switch

- memberid is pre-defined to the serial number of switch
- switch intended to be master is powered on

 

In non-provisioned

- mastership priority can be defined but will be set to the same for master and backup RE
- switch intended to be master is powered on

 

============================

So the only difference between a pre-provisioned and non-provisioned is that

- in pre-provisioned, you can define/tied the intended role to the desired switch ?

- in pre-provisioned, you can define the memberID to the desired switch ? ?

 

Q1) What other benefits/non-benefits does 1 have over the other ?  Why would one choose pre-provisioned over non-provisioned ?

In a 2 members virtual chassis, how will the above matters ?

 

Q2) When specifying an interface in a virtual-chassis setup,  what is the relationship between FPC and memberID ?

Say FPC2 (switch2) is define with a memberID of 6,   when we want to refer to port1 of switch2 , do we specify

ge-6/0/1 or ge-2/0/1 in a virtual chassis ?

 

I am using 2 x qfx5100-48s-6q

 

Regards,

Alan

Re: Clean up configuration against actual interfaces - how to

March 19, 2019, 10:17 am
$
0
0

1) Do you mean if i insert a SFP transciever into the slot, the configuration will not show it automatically ?

A. That is correct. If you add an optic to an interface, you will see it in the "show chassis hardware" command. If you connect a device to that port the port will automatically come up, NO configuration required, and it will NOT be added automatically to the configuration.  You will see that the interface now exists and is up with "show interfaces terse". 

In Junos, you only need to configure an interface, if you want to change a default attribute such as the MTU, or if you need to configure a logical interface (for example, et-0/0/0.0  which is the same  et-0/0/0 unit 0). The logical interfaces is where you enable family ethernet-switching (L2) or family inet (IPv4).  The reason why you are seeing all those interfaces in your configuration is because the factory-default configuration on the switch, sets all possible interfaces with family ethernet-switching, and storm-control.

 

2) Does that mean I will have to go to operation mode, do a "show interface terse" to see the actual interfaces, then match it against the configuration ?

A. Yes, the show interface terse is a good command to check which interfaces are actually there.  You might want to do show interfaces terse xe* or show interfaces terse et*. 

 

And yes, you would need to then remove the interfaces that do not exist from the configuration file to make it match.  You could write an op script to do that so that you don't have to do it manually or simply delete everything under interfaces and then add the interfaces that you do have. For the second option, you could go into "edit interfaces" and enter:  show | display set relative | except "ethernet|storm" and copy that, so that you can paste it back after you delete everything under edit interfaces.   

You could also write an op script that for example adds "set interface xe-x/y/z enable" to the configuration, when xe-x/y/z is physically added to the device.  (NOT needed, but will allow you to see the exiting interfaces in the config file).

 

HTH,

 

Re: Virtual Chassis - preprovisioned vs non-provisioned

March 19, 2019, 10:24 am
$
0
0

Hi alankoh,

 

Please find answers inline.  Perhaps you will find this beneficial too: https://www.juniper.net/us/en/local/pdf/implementation-guides/8010018-en.pdf

 

 wrote:

Hi all,

I am extremely new to Juniper. Please bear with me.

Reading virtual chassis feature guide on configuring virtual chassis


In pre-provisioned

- mastership priority cannot be defined but will be set to the same for master and backup RE

- role is pre-defined to the serial number of switch

- memberid is pre-defined to the serial number of switch
- switch intended to be master is powered on

 

In non-provisioned

- mastership priority can be defined but will be set to the same for master and backup RE
- switch intended to be master is powered on

 

============================

So the only difference between a pre-provisioned and non-provisioned is that

- in pre-provisioned, you can define/tied the intended role to the desired switch ?

[Ans] True

- in pre-provisioned, you can define the memberID to the desired switch ? ?

[Ans] True

 

Q1) What other benefits/non-benefits does 1 have over the other ?  Why would one choose pre-provisioned over non-provisioned ?

In a 2 members virtual chassis, how will the above matters ?

[Ans] A pre-provisioned VC will not allow any newer switch to join the VC even if physically connected, unless you manually add the Serial Number to the pre-provisioned VC configuration.

 

Q2) When specifying an interface in a virtual-chassis setup,  what is the relationship between FPC and memberID ?

Say FPC2 (switch2) is define with a memberID of 6,   when we want to refer to port1 of switch2 , do we specify

ge-6/0/1 or ge-2/0/1 in a virtual chassis ?

[Ans] Member ID and FPC# will be the same i.e. if you add a 2nd switch but define it's member ID as 6 then it's interfaces will be ge-6/0/x.

 

 

I am using 2 x qfx5100-48s-6q

 

Regards,

Alan

 

Hope this helps.

 

Regards,
-r.

--------------------------------------------------

If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated Smiley Happy.

Chassis

March 19, 2019, 4:13 pm
$
0
0

hello everyone,

 

I need help.  I am new in Juniper environment.  In the basement, I have a stack of 5 Junipers stackup, the master is EX4500 and other 4 are EX4200 and they are interconnecting to 3rd floor (stack up of another 4 chassis of EX4200) and 4th floor (same as 3rd) via fibre.  My question is how can I connect to the chassis on the 3rd floor and 4th floor. When I ssh to the gateway IP it always points to the main chassis in the basement.  My second question is How to identify a trunk vlan? Which command should I use to determine it's a trunk vlan.  Thanks you very much for your help.

Re: Virtual Chassis - preprovisioned vs non-provisioned

March 19, 2019, 4:20 pm
$
0
0

A big driver for using pre-provisioned mode in a word is control.

 

For the sake of ease of use virtual chassis will automatically add members and assign both roles and member id.  This is a great convenience during initial setup and expansion.

 

But many organizations prefer stricter control of the operational devices on the network.  With pre-provisioning there can be no accidental role assignment of the RE to a remote closet.  Or the accidental addition of a new member to the VC.  Each role, member id, addition or removal of members is under the control of configuration.

 

Re: Chassis

March 19, 2019, 4:33 pm
$
0
0

Welcome to Junos.

 

Since only 10 devices are allowed in a single virtual chassis using the ex4200/ex4500 I assume you probably have three distinct virtual chassis in your setup.  With the stacks on each floor as separate VC units.

 

If this is the case each will have their own mgmt ip setup for access.  Since the ex4500 is your core I suspect those gateway addresses are getting you into the VC in the basement.  What you will need to find is an ip address assigned in each of the other VC to access them for mgmt. 

 

If you can't locate that via a ping sweep and testing, you could use the serial console port on any of the switches in the upper floors.  Once connected you can then view the configuration to find the configured mgmt or virtual interfaces that you can use for remote mgmt.

 

All vlans can be used on either untagged access ports or included on ports in trunk mode as tagged vlans.  The trunk function is assigned to a port not a vlan.  On the cli use this command to see the list of interfaces configured as trunk port.

 

show configuration interfaces | display set | match "port-mode trunk"

 

Re: Chassis

March 20, 2019, 8:34 am
$
0
0

Thank you very much spuluka.

I am now being able to access all floor switches. I have one more question and really need your help.

I would like to create a new vlan for 10.92.88.0/22 on the Master EX4500 in the basement LAN room.  And these IP's are assigned only for servers, allow all existing VLAN all 3 floors to see this subnet and accessing the file and print server on this new vlan.  And this new vlan also access to the internet. Should I create a static route for this vlan as well? Would you please show me step by step to do this? thank you very much.

Search

QFX 5100 l2-learning subsystem is not running

March 20, 2019, 9:16 am
$
0
0

Hello,

I have 2 QFX 5100 in virtual chassis mode

I don't know why but now i can not add more and when i try to show the vlan i have this error:

show vlans
error: the l2-learning subsystem is not running

 

I found nothing on the documentation about this error

 

Model: qfx5100-48s-6q
JUNOS Base OS Software Suite [13.2X51-D10.6]
JUNOS Base OS boot [13.2X51-D10.6]
JUNOS Crypto Software Suite [13.2X51-D10.6]
JUNOS Online Documentation [13.2X51-D10.6]
JUNOS Kernel Software Suite [13.2X51-D10.6]
JUNOS Packet Forwarding Engine Support (qfx-5) [13.2X51-D10.6]
JUNOS Routing Software Suite [13.2X51-D10.6]
JUNOS Enterprise Software Suite [13.2X51-D10.6]
JUNOS Web Management [13.2X51-D10.6]
JUNOS py-base-i386 [13.2X51-D10.6]
JUNOS Host Software [13.2X51-D10.6]

Thks for your help

Re: Logical unit number / sub interface

March 20, 2019, 10:22 am
$
0
0

Hi Roman,

 

So it is consider normal to "not" find em2 interface inside the configuration ?

My point is - how do we verify/know if an interface is a "system generated" and can be ignored  ?

 

Regards,

Alan

Re: Clean up configuration against actual interfaces - how to

March 20, 2019, 10:40 am
$
0
0

Hi Yasmin ,

 

Thanks for the confirmation.

Can I confirm and check 1 last thing ->

 

a) an interface will automatically be "up"  once connected - even without a corresponding entry in the configuration - right ?

 

b) If answer to a) is yes ->  is there any security concern or impact  ? What can an interface without a logical unit in Juniper do ? or rather what can an "up interface" without a corresponding entry in the configuration do ?

Does it accept/transmit any form of traffic ?  


or is there some sort of "default" configuration for an interface if it is not explicity configured/specified in the configuration

 

c) will the best practise = to make sure entries for all interfaces are configured in the configuration and set to disable ?

 

Regards,

Alan

Re: Virtual Chassis - preprovisioned vs non-provisioned

March 20, 2019, 10:51 am

Re: Logical unit number / sub interface

March 20, 2019, 10:53 am

Virtual Chass - vme0 down despite em0 interface up.

March 20, 2019, 11:08 am
$
0
0

Hi all,

 

I have 2 x qfx5100-48s-6q.

 

Individually, i have configured its em0.0 port for management purpose and assigned an ip to each of the switch.

During the virtual-chass pre-provisioned setup,  i have also setup an vme.0 interface and assigned an ip to it.

 

switch1 em0.0 -> 192.168.1.1

switch2 em0.0 -> 192.168.1.2

switch1 vme.0 -> 192.168.1.3

 

After the virtual chassis setup has completed and up, i realized my vme.0 interface is still down.  

However, I can access the master switch via em0.0 - 192.168.1.1

 

q1) In a virtual chassis setup,  can we still access individual switches via its em0.0 interface IP ?

e.g.  192.168.1.1 will access switch1 em0.0

        192.168.1.2 will access switch2 em0.0

         192.168.1.3  will always access the master switch -- like a floating IP.

 

q2) Any idea why is my vme.0 interface down ?  Should we actually configure the em0.0 interface with an IP during the virtual-chassis setup ?

 

Regards,

Alan

Re: Virtual Chass - vme0 down despite em0 interface up.

March 20, 2019, 11:29 am
$
0
0

.Hi there,

 

for the vme interface to come up you need to delete the configuration of the other management interfaces, the vme will be setup as a virtual management interface and you will be able to reach it through the management interface of any of the VC members so you will manage each VC with just one IP that can be reached from any VC member's management port. Once in the VC use:

>request session member X

to move between the VC members

Try deleting the em interfaces so vme can come up.

 

Check this out:

https://kb.juniper.net/InfoCenter/index?page=content&id=KB11044&cat=EX4200_1&actp=LIST 

 

Cheers!

 

 

 

 

Search

Re: QFX 5100 l2-learning subsystem is not running

March 20, 2019, 11:38 am
$
0
0

hello Max

 

So what this means is that the l2ald which is the l2 learning daemon is not running, are you running the command from the master? you should see master, backup or linecard in your terminal like this 

{master:1}[edit]
root@SWITCH#

 

is the VC actually truly formed? 

>show virtual-chassis status

perhaps it is in linecard mode and it doesnt run the l2 learning daemon?

if you are in the master and l2ald is not running there is something wrong the process should start with the device check that out first.

Re: QFX 5100 l2-learning subsystem is not running

March 20, 2019, 11:47 am
$
0
0
 wrote:

hello Max

 

So what this means is that the l2ald which is the l2 learning daemon is not running, are you running the command from the master? you should see master, backup or linecard in your terminal like this 

{master:1}[edit]
root@SWITCH#

 

is the VC actually truly formed? 

>show virtual-chassis status

perhaps it is in linecard mode and it doesnt run the l2 learning daemon?

if you are in the master and l2ald is not running there is something wrong the process should start with the device check that out first.

Hi

virtual-chassis is OK

i restart l2-learning service and now it's OK

Thks for your help !

Re: Chassis

March 20, 2019, 2:53 pm
$
0
0

Based on your description, I assume you have layer 3 interfaces as the vlan gateways configured on the basement VC.  If you simply continue this pattern with the new vlan all the other vlans so configured in this VC will automatically get access to the new subnet.  The routing between these multiple layer 3 interfaces is by default.

 

Naturally if you have devices to connect to this vlan in the other closets you will need to add the vlan to the trunk ports and configure it locall there as well.

 

But it sounds like the remote closets are layer 2 with the gateway layer 3 interfaces on the basement VC in your setup so no routes will be needed on them for this purpose.

 

But you do probably want a default route down to the basement VC installed there so your mgmt interface and traffic can be remotely reachable.

 

EX3400 packet capture for specific port?

March 20, 2019, 3:17 pm
$
0
0

At a remote location we're having some trouble with a vendor's equipment, so I need to do a packet capture on several specific ports on an EX3400 to troubleshoot the cause.  I tried "monitor traffic", only to find that it doesn't get transit traffic.  "tcpdump" doesn't get me transit traffic either.  Other than mirroring the port to a separate port with wireshark running (which I can't currently do because I don't yet have a monitoring PC there) is there any option to collect all traffic on a port locally?  Or, for that matter, to send it to a remote address not attached to that specific switch?  Thanks!

Re: EX3400 packet capture for specific port?

March 20, 2019, 3:59 pm
Viewing all 10307 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>