Smicker,
Thank you for your response, but I still don't really get it.
Sorry for responding so late, I am very busy at the moment (and passed for the JNCIS-ENT exam last thuesday 
).
I would like to give an in dept response, later on.
With regards,
Jean de La Cour
Hello,
I am currently having problem getting remote port mirroring work on Juniper QFX. Below is the topology:
Regards,
Hi
Remote port mirroring sents traffic into a specified vlan
that vlan need sto be enabled on the SW02 and on both trunks between
juniper does not per default transport all vlans on a trunk
regards
Alexander
Try to disable mac learning for vlan to which you mirror traffic on sw02
from experience when doing an RSPAN with QFX it is better to point it to a remote ip address, if you send it to an interface it some times it doesnt work.
about the config on sw2 just pass the vlan across it like you would do with any traffic.
hope that helps
I have previously used show vlans |m "\*"
but the above does not display the vlan name itself...
Can I please ask if anyone knows how to show vlan AND active ports within each vlan
many thanks
Please try below command. Replace the vlan with your vlan name prefix:
show vlans | match "vlan|\*"
Hi Ajaz,
If I am getting your query correctly, I think you can get the desired output using command ' show vlans brief '. If you need any specific vlans, than you can use match statement with this command and match with vlan name.
This command will show the routing instance , vlan name and active ports/interfaces in that vlan,
labroot@jtac-qfx5100-24q-2p-r2212> show vlans brief
Routing instance VLAN name Tag Interfaces
default-switch default 1 xe-0/1/3.0*
default-switch v10 10 ae0.0
ae1.0
xe-0/1/5.0
default-switch v100 100 ae0.0
Regards,
Ankur
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
gents...
neither work.
Would like to view this:
labroot@jtac-qfx5100-24q-2p-r2212> show vlans brief
Routing instance VLAN name Tag Interfaces
default-switch default 1 xe-0/1/3.0* <--- just the interfaces with ' * ' and vlan info i.e name/tag
default-switch v10 10 ae0.0
xe-0/1/5.0
default-switch v100 100 ae0.0
We're nearly there, but not quite...
That command provide all interfaces with asterisk, and the first line from output containing 'vlan' word.
requirement is to see all vlans with all their respective ports configured in those vlans. e.g.
vlan-id vlan 100
ge-1/0/0*
ge-1/0/1*
vlan 200
ge-2/0/0*
ge-2/0/1*
vlan 300
ge-3/0/0*
ge-3/0/1*
Actually it seems there are four columns when observing the output from show vlans, and we need all four
Hi Jibut
Did you see my last update to this query?
Thanks
Hi all,
There are two weird log messages here. pls see attached file...
1-) newsyslog[35030]: logfile turned over due to -F request --->What is this? and why is it over? how to check this?
2-) xntpd: kernel time sync enabled 2001 ------>what is this? Why is it happening? Any idea or it is relating to the rtc-error?
3-) constant rtc-errors----->why is it occurring constantly as system uptime is correct! and why ip addresses of (xxxxx and yyyyy) from associations are same? Is this worong?
4-) generating huge excessive chassid log ---> what can be reason in generating excessive chassid logs. Pls see attachment
Any ideas please.
Thx.
Tried to answer inline, however IMHO its better to report such detailed error log analysis/behavior to JTAC so you can share constant feedback.
1-) newsyslog[35030]: logfile turned over due to -F request --->What is this? and why is it over? how to check this?
[ANS] It could be due to storage issue. Please check "show system storage", and first try "request system storage clean-up" and re-check. Another way is try to find large files, here is an example command for finding files more than 10MB:
% sh -c 'find / -size +10000000c 2> /dev/null' | xargs du -h | sort -nr
If the found files are useless, please issue the clean up command to resolve the storage issue first. If even after processing the clean up command, the storage is still full, just need to delete the abnormal big size files manually i.e.
CLI:
file delete /var/tmp/...."
or
start shell user root
cd /var/tmp/
rm -rf <filename>
After storage returns to normal, please check the syslog again. If we still see the log, then try to deactive/active syslog config once i.e.:
deactivate system syslog
commit
activate system syslog
commit
If required, modify the syslog configuration particularly the no. of files and file sizes:
https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/syslog-edit-system.html
2-) xntpd: kernel time sync enabled 2001 ------>what is this? Why is it happening? Any idea or it is relating to the rtc-error?
[ANS] Seen the log in working cases as well. Please validate if NTP is working as expected "show ntp associations"
See table 1:https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/show-ntp-associations.html
Another caveat if you see NTP time sync issue on your box: https://kb.juniper.net/InfoCenter/index?page=content&id=KB11436&actp=METADATA
3-) constant rtc-errors----->why is it occurring constantly as system uptime is correct! and why ip addresses of (xxxxx and yyyyy) from associations are same? Is this worong?
[ANS] Believe this was answered on another ports. It might be better to check with JTAC.
4-) generating huge excessive chassid log ---> what can be reason in generating excessive chassid logs. Pls see attachment
[ANS] Better to report this one to JTAC.
Hope this helps.
Regards,
-r.
--------------------------------------------------
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated .
Hello,
wrote:
1-) newsyslog[35030]: logfile turned over due to -F request --->What is this? and why is it over? how to check this?
JUNOS runs FreeBSD nesyslog daemon to maintain the logfiles. Please check the "newsyslog" manpage to learn about -F knob
https://www.freebsd.org/cgi/man.cgi?newsyslog
wrote:
2-) xntpd: kernel time sync enabled 2001 ------>what is this? Why is it happening? Any idea or it is relating to the rtc-error?
3-) constant rtc-errors----->why is it occurring constantly as system uptime is correct! and why ip addresses of (xxxxx and yyyyy) from associations are same? Is this worong?
"kernel time sync enabled" are harmless messages and can be ignored. What can NOT be ignored is below snippet from Your syslog:
Jul 9 21:59:47 On902300 kernel: rtc8564je_rtc0: SETTIME failed for seconds: error 16
Jul 9 21:59:47 On902300 kernel: warning: clock_settime failed (16), time-of-day clock not adjusted to system time
These messages say that Your switch clock is not synced to NTP. And "show ntp status" confirms Your switch clock is 3 mins off:
reftime=e0d638f2.b3d261d5 Mon, Jul 15 2019 9:27:46.702, poll=4,
clock=e0d639a1.11842883 Mon, Jul 15 2019 9:30:41.068, state=2,
NTP cannot sync the time if the offset is greater than 128 secs.
Please execute operational command "set date ntp" to sync the switch clock with NTP server. It may fail due to overprotective loopback filter as "set date ntp" uses dynamic source port as opposed to regular NTP exchange. If that's the case, set the switch clock manually as close to current true time as possible.
HTH
Thx
Alex
hi,
Storage seems okay...
>show system storage
fpc0:
--------------------------------------------------------------------------
Filesystem Size Used Avail Capacity Mounted on
/dev/gpt/junos 1.3G 573M 683M 46% /.mount
tmpfs 112M 52K 112M 0% /.mount/tmp
tmpfs 324M 504K 324M 0% /.mount/mfs
fpc1:
--------------------------------------------------------------------------
Filesystem Size Used Avail Capacity Mounted on
/dev/gpt/junos 1.3G 828M 428M 66% /.mount
tmpfs 604M 48K 604M 0% /.mount/tmp
tmpfs 324M 388K 324M 0% /.mount/mfs
% sh -c 'find / -size +10000000c 2> /dev/null' | xargs du -h | sort -nr
256K /mfs/var/sdb/log.0000000001
223M /cf/var/tmp/junos-srxsme-15.1X49-D50.3-domestic.tgz
223M /cf/var/sw/pkg/junos-15.1X49-D50.3.tgz
220M /cf/packages1/junos-15.1X49-D50.3-domestic
89M /usr/sbin/flowd_octeon_hm
72M /usr/sbin/flowd_octeon
22M /usr/lib/dd/libjkernel-dd.tlv
18M /usr/sbin/rpd
14M /usr/share/icu/4.6/icudt46l.dat
14M /usr/lib/dd/libjroute-dd.tlv
14M /mfs/var/run/db/schema.db
13M /usr/libdata/chassisd/chassisd.static.db
12M /usr/sbin/bbe-mibd
9.8M /usr/sbin/chassisd
9.8M /jail/var/log/debug_wmid.1
9.8M /cf/var/log/debug_wmid.1
9.5M /usr/sbin/ipfd
%
wrote: hi,
Storage seems okay...
[ANS] Thank you for the feedback. Althought there's some scope to clear the /var/tmp/, get rid of the install file if we don't need it any more, but seems the issue isn't because of storage in your case.
Please check "show system processes extensive | grep eventd" once right now and check it again after seeing the log messages" " to confirm if the pid changes. Suspect if we're hitting: https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1195239
Regarding other queries, please do check and rule out the NTP caveat from the KB link I'd provided. Perhaps that'll help. Appreciate if you provide feedback on what worked so others benefit from your post.
>show system storage
fpc0:
--------------------------------------------------------------------------
Filesystem Size Used Avail Capacity Mounted on
/dev/gpt/junos 1.3G 573M 683M 46% /.mount
tmpfs 112M 52K 112M 0% /.mount/tmp
tmpfs 324M 504K 324M 0% /.mount/mfsfpc1:
--------------------------------------------------------------------------
Filesystem Size Used Avail Capacity Mounted on
/dev/gpt/junos 1.3G 828M 428M 66% /.mount
tmpfs 604M 48K 604M 0% /.mount/tmp
tmpfs 324M 388K 324M 0% /.mount/mfs
% sh -c 'find / -size +10000000c 2> /dev/null' | xargs du -h | sort -nr
256K /mfs/var/sdb/log.0000000001
223M /cf/var/tmp/junos-srxsme-15.1X49-D50.3-domestic.tgz
223M /cf/var/sw/pkg/junos-15.1X49-D50.3.tgz
220M /cf/packages1/junos-15.1X49-D50.3-domestic
89M /usr/sbin/flowd_octeon_hm
72M /usr/sbin/flowd_octeon
22M /usr/lib/dd/libjkernel-dd.tlv
18M /usr/sbin/rpd
14M /usr/share/icu/4.6/icudt46l.dat
14M /usr/lib/dd/libjroute-dd.tlv
14M /mfs/var/run/db/schema.db
13M /usr/libdata/chassisd/chassisd.static.db
12M /usr/sbin/bbe-mibd
9.8M /usr/sbin/chassisd
9.8M /jail/var/log/debug_wmid.1
9.8M /cf/var/log/debug_wmid.1
9.5M /usr/sbin/ipfd
%
Hope this helps.
Regards,
-r.
--------------------------------------------------
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated .
set chassis redundancy graceful-switchover set chassis aggregated-devices ethernet device-count 1 set interfaces interface-range VLAN26 member-range ge-0/0/0 to ge-0/0/47 set interfaces interface-range VLAN26 member-range ge-1/0/1 to ge-1/0/46 set interfaces interface-range VLAN26 unit 0 family ethernet-switching interface-mode access set interfaces interface-range VLAN26 unit 0 family ethernet-switching vlan members 26 set interfaces xe-0/1/0 ether-options 802.3ad ae0 set interfaces xe-1/1/0 ether-options 802.3ad ae0 set interfaces xe-1/1/1 unit 0 family ethernet-switching storm-control default set interfaces ae0 aggregated-ether-options minimum-links 1 set interfaces ae0 aggregated-ether-options link-speed 10g set interfaces ae0 unit 0 family ethernet-switching interface-mode trunk set interfaces ae0 unit 0 family ethernet-switching vlan members 7 set interfaces ae0 unit 0 family ethernet-switching vlan members 21-26 set interfaces ae0 unit 0 family ethernet-switching vlan members 100-101 set interfaces ae0 unit 0 family ethernet-switching vlan members 212 set interfaces ae0 unit 0 family ethernet-switching vlan members 2028 set interfaces irb unit 21 family inet address 192.168.21.21/24 set forwarding-options storm-control-profiles default all set routing-options nonstop-routing set routing-options static route 0.0.0.0/0 next-hop 192.168.21.1 set protocols lldp interface all set protocols lldp-med interface all set protocols igmp-snooping vlan USERS-26 set protocols layer2-control nonstop-bridging set protocols rstp interface all set switch-options interface-mac-limit 10 set switch-options interface-mac-limit packet-action drop-and-log set switch-options interface ae0.0 interface-mac-limit 16383 set switch-options interface ae0.0 interface-mac-limit disable set virtual-chassis no-split-detection set virtual-chassis member 0 mastership-priority 255 set virtual-chassis member 1 mastership-priority 250 set vlans USERS-26 vlan-id 26 set vlans default vlan-id 1
Have this configuration on Juniper EX2300
After connecting an unmanaged switch to port ge-1/0/20, the EX2300 switch became unavailable remotely. Through the console in place you could see the following logs
Jan 1 04:00:14 ex2300 l2ald[4656]: L2ALD_MAC_LIMIT_EXCEEDED_IF: Limit on learned MAC addresses exceeded for ge-1/0/20.0; current count is 10 DROPPING THE PACKET with mac address: 1c:1b:0d:5b:7f:a7 Jan 1 04:00:14 ex2300 l2ald[4656]: L2ALD_MAC_LIMIT_EXCEEDED_IF: Limit on learned MAC addresses exceeded for ge-1/0/20.0; current count is 10 DROPPING THE PACKET with mac address: 54:a0:50:79:c2:ac Jan 1 04:00:14 ex2300 l2ald[4656]: L2ALD_MAC_LIMIT_EXCEEDED_IF: Limit on learned MAC addresses exceeded for ge-1/0/20.0; current count is 10 DROPPING THE PACKET with mac address: 94:de:80:ad:68:43 Jan 1 04:00:14 ex2300 l2ald[4656]: L2ALD_MAC_LIMIT_EXCEEDED_IF: Limit on learned MAC addresses exceeded for ge-1/0/20.0; current count is 10 DROPPING THE PACKET with mac address: e0:d5:5e:03:73:88
EX2300> show spanning-tree statistics interface detail
Interface BPDUs BPDUs Next BPDU TCs Proposal Agreement
Sent Received Transmission Tx/Rx Tx/Rx Tx/Rx
ae0 1617 163374 0 0/0 0/0 0/0
ge-0/0/0 165592 0 1 0/0 0/0 0/0
ge-0/0/1 165591 0 1 0/0 0/0 0/0
ge-0/0/2 165623 0 0 0/0 0/0 0/0
ge-0/0/3 165581 0 1 0/0 0/0 0/0
ge-0/0/4 165598 0 1 0/0 0/0 0/0
ge-0/0/5 165597 0 0 0/0 0/0 0/0
ge-0/0/6 0 0 0 0/0 0/0 0/0
ge-0/0/7 0 0 0 0/0 0/0 0/0
ge-0/0/8 165604 0 0 0/0 0/0 0/0
ge-0/0/9 0 0 0 0/0 0/0 0/0
ge-0/0/10 165586 0 1 0/0 0/0 0/0
ge-0/0/11 165443 0 1 0/0 0/0 0/0
ge-0/0/12 165565 0 1 0/0 0/0 0/0
ge-0/0/13 165586 0 0 0/0 0/0 0/0
ge-0/0/14 165553 0 0 0/0 0/0 0/0
ge-0/0/15 0 0 0 0/0 0/0 0/0
ge-0/0/16 0 0 0 0/0 0/0 0/0
ge-0/0/17 0 0 0 0/0 0/0 0/0
ge-0/0/18 0 0 0 0/0 0/0 0/0
ge-0/0/19 165612 0 0 0/0 0/0 0/0
ge-0/0/20 0 0 0 0/0 0/0 0/0
ge-0/0/21 0 0 0 0/0 0/0 0/0
ge-0/0/22 0 0 0 0/0 0/0 0/0
ge-0/0/23 0 0 0 0/0 0/0 0/0
ge-0/0/24 165614 0 1 0/0 0/0 0/0
ge-0/0/25 165609 0 1 0/0 0/0 0/0
ge-0/0/26 165623 0 1 0/0 0/0 0/0
ge-0/0/27 165590 0 0 0/0 0/0 0/0
ge-0/0/28 165602 0 0 0/0 0/0 0/0
ge-0/0/29 165613 0 0 0/0 0/0 0/0
ge-0/0/30 165635 0 0 0/0 0/0 0/0
ge-0/0/31 165589 0 1 0/0 0/0 0/0
ge-0/0/32 165592 0 0 0/0 0/0 0/0
ge-0/0/33 165575 0 1 0/0 0/0 0/0
ge-0/0/34 165609 0 0 0/0 0/0 0/0
ge-0/0/35 0 0 0 0/0 0/0 0/0
ge-0/0/36 165572 0 0 0/0 0/0 0/0
ge-0/0/37 165629 0 1 0/0 0/0 0/0
ge-0/0/38 165497 0 0 0/0 0/0 0/0
ge-0/0/39 165605 0 0 0/0 0/0 0/0
ge-0/0/40 0 0 0 0/0 0/0 0/0
ge-0/0/41 0 0 0 0/0 0/0 0/0
ge-0/0/42 0 0 0 0/0 0/0 0/0
ge-0/0/43 165607 0 1 0/0 0/0 0/0
ge-0/0/44 165610 0 0 0/0 0/0 0/0
ge-0/0/45 0 0 0 0/0 0/0 0/0
ge-0/0/46 165609 0 1 0/0 0/0 0/0
ge-0/0/47 165615 0 1 0/0 0/0 0/0
ge-1/0/0 0 0 1 0/0 0/0 0/0
ge-1/0/1 0 0 1 0/0 0/0 0/0
ge-1/0/2 0 0 1 0/0 0/0 0/0
ge-1/0/3 0 0 1 0/0 0/0 0/0
ge-1/0/4 165680 0 0 0/0 0/0 0/0
ge-1/0/5 0 0 0 0/0 0/0 0/0
ge-1/0/6 0 0 0 0/0 0/0 0/0
ge-1/0/7 0 0 0 0/0 0/0 0/0
ge-1/0/8 165655 0 1 0/0 0/0 0/0
ge-1/0/9 165689 0 1 0/0 0/0 0/0
ge-1/0/10 0 0 1 0/0 0/0 0/0
ge-1/0/11 143830 0 1 0/0 0/0 0/0
ge-1/0/12 165678 0 1 0/0 0/0 0/0
ge-1/0/13 0 0 1 0/0 0/0 0/0
ge-1/0/14 0 0 1 0/0 0/0 0/0
ge-1/0/15 0 0 1 0/0 0/0 0/0
ge-1/0/16 0 0 1 0/0 0/0 0/0
ge-1/0/17 165660 0 1 0/0 0/0 0/0
ge-1/0/18 165681 0 1 0/0 0/0 0/0
ge-1/0/19 0 0 1 0/0 0/0 0/0
ge-1/0/20 205827 2099073 1 0/0 0/0 0/0
ge-1/0/21 138185 0 1 0/0 0/0 0/0
ge-1/0/22 165648 0 0 0/0 0/0 0/0
ge-1/0/23 48073 0 1 0/0 0/0 0/0
ge-1/0/24 165690 0 0 0/0 0/0 0/0
ge-1/0/25 0 0 0 0/0 0/0 0/0
ge-1/0/26 165652 0 1 0/0 0/0 0/0
ge-1/0/27 165692 0 0 0/0 0/0 0/0
ge-1/0/28 0 0 0 0/0 0/0 0/0
ge-1/0/29 165677 0 1 0/0 0/0 0/0
ge-1/0/30 165636 0 1 0/0 0/0 0/0
ge-1/0/31 165666 0 1 0/0 0/0 0/0
ge-1/0/32 165691 0 0 0/0 0/0 0/0
ge-1/0/33 165691 0 1 0/0 0/0 0/0
ge-1/0/34 0 0 1 0/0 0/0 0/0
ge-1/0/35 0 0 1 0/0 0/0 0/0
ge-1/0/36 0 0 1 0/0 0/0 0/0
ge-1/0/37 165671 0 1 0/0 0/0 0/0
ge-1/0/38 0 0 1 0/0 0/0 0/0
ge-1/0/39 0 0 1 0/0 0/0 0/0
ge-1/0/40 0 0 1 0/0 0/0 0/0
ge-1/0/41 0 0 1 0/0 0/0 0/0
ge-1/0/42 0 0 1 0/0 0/0 0/0
ge-1/0/43 0 0 1 0/0 0/0 0/0
ge-1/0/44 0 0 1 0/0 0/0 0/0
ge-1/0/45 0 0 1 0/0 0/0 0/0
ge-1/0/46 0 0 1 0/0 0/0 0/0
ge-1/0/47 0 0 1 0/0 0/0 0/0
What could be the reason for not shutting down the port ge-1/0/20 on the EX2300?
Hello,
wrote: What could be the reason for not shutting down the port ge-1/0/20 on the EX2300?
So, You wanted RSTP to shut down the interface for You? It cannot do that, sorry.
To bring interface down when BPDU is received, You need to enable BPDU block
Having just RSTP enabled on the port is not the way for the port to be disabled when incident like this strikes.
Spanning Tree protocols can put interface into "listening", "learning", "forwarding" or (recent) "blocked" mode but not "disabled".
Stats You posted indicate ge-1/0/20 received BPDU so having "bpdu-block" on this port would have stopped this incident from happening.
HTH
Thx
Akex
Hello, aarseniev !
Well, but why then was this port not blocked by RSTP? Why did not see the ring?