Awesome. Educational for me too.
↧
Re: QFX 5100 Transit Traffic processed by Loopback Filters
↧
Re: EX4500
It works. Thank you very much.
↧
↧
Aggregation not working for EX3400
Hi guys, I have an unusual issue. I am configuring link aggregation on my EX3400 for the first time. I am experiecing the following issue. Can someone please have a look and tell me what am I missing? Thanks
Following is the configuration with the error message at the end.
SW_Lab# show interfaces ge-0/0/46
description "BACKUP ae0";
ether-options {
802.3ad ae0;
}
SW_Lab# show interfaces ge-0/0/47
description "BACKUP ae0";
ether-options {
802.3ad ae0;
}
{master:0}[edit]
SW_Lab# show interfaces ae0
description BACKUP;
aggregated-ether-options {
minimum-links 1;
link-speed 1g;
lacp {
active;
periodic fast;
}
}
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members 100;
}
}
}
{master:0}[edit]
SW_Lab# commit check
[edit]
'unit 0'
logical unit is not allowed on aggregated links
error: configuration check-out failed
↧
Re: Aggregation not working for EX3400
Can you post the output of
show interfaces ge-0/0/46 | display inheritence
Or your whole config. It sounds like your member interfaces are inherting something from a group or interface-range setting.
↧
EX4300 DHCP not working for phone vlan
I have an EX4300 setup with the following dhcp relay configuration. This switch is setup as a L3 switch.
forwarding-options {
storm-control-profiles default {
all;
}
dhcp-relay {
server-group {
AMI-DHCP {
172.16.30.8;
}
AMI-Phone {
172.16.128.11;
}
}
active-server-group AMI-DHCP;
group Data {
interface irb.11;
}
group Phone {
active-server-group AMI-Phone;
interface irb.130;
}
}
}Computers are on the data vlan (11 using irb.11) and phones are on the phone vlan (130 using irb.130). When I plug a phone into a port (which has data configured as the member vlan and phone configured as the VOIP vlan), the phone cannot receive an IP address from the dhcp server. However, if I plug a phone into a port (vlans configured the same as above) on a switch connected to the EX4300, it works fine.
So this works:
phone --> ex2200 --> ex4300 --> dhcp server
But this does not:
phone --> ex4300 --> dhcp server
Computers plugged into either switch receive an IP address without any problem. This only occurs with the phones.
↧
↧
Re: EX4300 DHCP not working for phone vlan
Hi Jconn,
Think you need to add these two knobs to the configuration:
set forwarding-options dhcp-relay overrides delete-binding-on-renegotiation
set forwarding-options dhcp-relay overrides bootp-support (this needs to be configured to local bootp packets.)
Use "show dhcp relay statistics" for stats. Also, if required use this cool way to trace dhcp per interface:
set system processes dhcp-service interface-traceoptions flag all
set system processes dhcp-service interface-traceoptions file dhcp_traces files 5 size 10m
set forwarding-options dhcp-relay group AMI-Phone interface <interface-name> trace
Hope this helps.
Regards,
-r.
--------------------------------------------------
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated 
.
↧
Re: 4300 J-web logon immediate session expire
Hi,
we still facing it!
tried to open permissions for var folder,
tried to upgrade didn't work.
tried to change the settings for a limit session, and sessions idle
create new user
nothing helped
please help!
↧
Juniper EX-4200 " Your Session has expired. Click OK to redirect to login page."
Hi,
I am having an issue with J-Web where the second I log in it expires my session immediately.
nothing works!
tried to open permissions for var folder,
tried to upgrade didn't work.
tried to change the settings for a limit session, and sessions idle
create new user
nothing helped
please help!
↧
Re: Juniper EX-4200 " Your Session has expired. Click OK to redirect to login page."
Hi m.man,
Please try to set the date/time to current and give it a shot:
user@root% cli
user@root> set date <YYYYMMDDhhmm.ss>
Hope this helps.
Regards,
-r.
--------------------------------------------------
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated .
↧
↧
Re: 4300 J-web logon immediate session expire
Hi m.man,
Please try to set the correct date/time on the switch if it's not already accurate. See if it helps:
user@root% cli
user@root> set date <YYYYMMDDhhmm.ss>
Hope this helps.
Regards,
-r.
--------------------------------------------------
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated .
↧
knobs for proxy-arp
Hi folks,
Can anyone help me understand "restricted" proxy-arp? Is it like the arp responses are made if the source and actual IP address are on unlike subnets? Is this understanding right?
Thanks!
↧
Regarding telemetry logging
PoE devices were inducted to EX switch, there are some issues around establishing connectivity but unfortunately, I don't see any telemetry logs even though it is enabled. Is there anything else to enable this logging to function properly.
Thanks!
↧
Juniper loopback interface & acl or firewall filter
Hi all,
I realize whenever i configure a firewall filter on the local loopback interface that allows SSH, Telnet from certain sourceIP (e.g. sourceIP-A) only , i lose the ability to PING to the switch even if i come from the sourceIP-A which is white-listed - is this normal ?
q1) Does loopback interface represents all traffic that is address to the Juniper switch/router itself ? (e.g. traffic destined to interface ip )
q2) if the above is right, and i only open SSH/Telnet to sourceIP-A, does that means all the other control/routing protocol traffic that is address to the switch/router will no longerworks ? (including ICMP) ?
q3) Does that if i want to restirct access via SSH/Telnet, i should create in the firewall filter on the local-loopback interface
- a term that allow ssh/telnet from source-IPA
- a term that deny ssh/telnet form all other IPs
- a term that allow all other traffic from anywhere -- so that my ping and other traffic can still works as normal ?
Regards,
Alan
↧
↧
Re: Juniper loopback interface & acl or firewall filter
The answer is YES to all your questions. There is an implicit deny statement at the end of each firewall filter which blocks traffic if you are not specifically allowing it.
↧
Re: knobs for proxy-arp
Hi Nexon,
Yes restricted proxy-arp makes the switch/router to respond to an ARP request coming from subnet A for a destination IP in subnet B (say). The switch/router must have a route to subnet B.
https://kb.juniper.net/InfoCenter/index?page=content&id=KB26906&cat=SRX_SERIES&actp=LIST
Hope this helps.
Regards,
-r.
--------------------------------------------------
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated .
↧
Re: Regarding telemetry logging
Hi Nexon,
Such telemetry logging occurs for 1 hour by default. You can modify it as follows:
Hope this helps.
Regards,
-r.
--------------------------------------------------
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated .
↧
Re: EX4300 Port Security - MAC Limiting (Allowed MAC) & ELS
Hi,
Try accept-source-mac knob.
Sample configuration:
configuration-mode#set interfaces ge-0/0/1 unit 0 accept-source-mac mac-address 00:00:00:11:11:11
Please let me know if this helps!
↧
↧
Re: EX4300 DHCP not working for phone vlan
Thanks for the suggestion mriyaz. I have more information to share below, but I'll give your suggestions a try before going through my solution.
Since posting my original post, here's some more troubleshooting steps I took and the results I found.
- I configured an unused port (ge-3/0/32) with no VOIP vlan and Phone set as the member vlan. Plugged a laptop into the port and it received an IP address without issue. Then plugged in an unconfigured phone, and it received an IP address without issue.
- Configured the same port with Data as the member vlan and Phone as the VOIP vlan using the GUI (changing the interface port settings on the web interface). Plugged in an unconfigured phone, and it received an IP address without issue.
- Compared the settings between a port that did not work (ge-2/0/19) and the port that was working (ge-3/0/32). I made their settins identical using the CLI Editor via the web interface. Port ge-2/0/19 still failed to provide an IP address to a phone.
- Used the GUI to change ge-2/0/19's member vlan to another vlan besides Data and set the VOIP vlan to none, then committed. Used the GUI to change the member vlan to Data and the VOIP vlan to Phone, then committed. Plugging a phone into this port now worked.
- Repeated step 4 using the CLI via SSH on port ge-0/0/23 which wasn't working. Afterwards plugging in a phone worked.
- Repeated step 4 using Powershell with Posh-Junos on port ge-2/0/14 which wasn't working. Afterwards plugging in a phone worked.
Then I went home. I have no idea what setting I'm changing by removing the vlans and putting them back which is allowing the phones to begin receiving IP addresses. When I look at the configuration using the CLI viewer/editor on the web interface, there is nothing noticably different from the ports that are working vs. the ports that now work. I've even dropped before and after configurations into Notepad++ and use it's compare plugin to see what's different, and nothing shows up.
↧
EX4300 Mgmt Interface (me0)
Hello all,
I'm currently in the process of upgrading my EX-4200's to EX-4300's, but I'm running into a problem I'm wondering anyone else has seen. The Mgmt Interface on my EX-4300 connects to a media converter via cat 6 and then spans across a few rooms to another media converter using Multimode Fiber. The other end of the cable connects to a EX-4200. What I'm running into is once I swap out the EX-4200 with the 4300, the media converter that is in use, doesn't link up with the EX-4300's Mgmt port. No lights are seen on the Mgmt port and the port remains up/down. Has anyone else seen this behavior? The same hardware and configuration set up worked with the EX-4200 being in place. I've attached the diagram to this post. In the diagram Room D is what is being swapped from a EX-4200 to an EX-4300. With the EX-4200 being connected in Room D, no problems are experienced on the Mgmt Interface. As soon as we move the connection to the EX-4300, no lights are seen on the EX-4300. We have also rebooted both media converters. Initially we thought it was a fluke, but this behavior has been seen on two other switches.
↧
Re: EX4300 Mgmt Interface (me0)
↧