I've not seen this before but it looks like the local config on that member is somehow corrupt. You could try to delete and replace the config file from another member inthe config directory and see if that clears the issue.
↧
Re: EX3300 [12.3R3.4] returns an error: remote unlock-configuration failed
↧
Re: EX3300 [12.3R3.4] returns an error: remote unlock-configuration failed
Hello Steve,
Thank you for an advice. Will the replacement of the config file can involve the need to restart the switch or maybe a whole stack?
Dawid
↧
↧
Ex3400-48p xSTP:Trying to configure too many interfaces for given protocol
Hello,
I am facing an issue with VSTP on my EX3400 switches Junos version 15.1X53-D58.3.
When 100 or more vlans are configured. The following config will result in error.
set protocols vstp interface ge-0/0/0 edge set protocols vstp interface ge-0/0/1 edge set protocols vstp interface ge-0/0/2 edge set protocols vstp interface ge-0/0/3 edge set protocols vstp interface ge-0/0/4 edge set protocols vstp interface ge-0/0/5 edge set protocols vstp interface ge-0/0/6 edge set protocols vstp interface ge-0/0/7 edge set protocols vstp interface ge-0/0/8 edge set protocols vstp interface ge-0/0/9 edge set protocols vstp interface ge-0/0/10 edge set protocols vstp interface ge-0/0/11 edge set protocols vstp interface ge-0/0/12 edge set protocols vstp interface ge-0/0/13 edge set protocols vstp interface ge-0/0/14 edge set protocols vstp interface ge-0/0/15 edge set protocols vstp interface ge-0/0/16 edge set protocols vstp interface ge-0/0/17 edge set protocols vstp interface ge-0/0/18 edge set protocols vstp interface ge-0/0/19 edge set protocols vstp interface ge-0/0/20 edge set protocols vstp interface ge-0/0/21 edge set protocols vstp interface ge-0/0/22 edge set protocols vstp interface ge-0/0/23 edge set protocols vstp interface ge-0/0/24 edge set protocols vstp interface ge-0/0/25 edge set protocols vstp interface ge-0/0/26 edge set protocols vstp interface ge-0/0/27 edge set protocols vstp interface ge-0/0/28 edge set protocols vstp interface ge-0/0/29 edge set protocols vstp interface ge-0/0/30 edge set protocols vstp interface ge-0/0/31 edge set protocols vstp interface ge-0/0/32 edge set protocols vstp interface ge-0/0/33 edge set protocols vstp interface ge-0/0/34 edge set protocols vstp interface ge-0/0/35 edge set protocols vstp interface ge-0/0/36 edge set protocols vstp interface ge-0/0/37 edge set protocols vstp interface ge-0/0/38 edge set protocols vstp interface ge-0/0/39 edge set protocols vstp interface ge-0/0/40 edge set protocols vstp interface ge-0/0/41 edge set protocols vstp interface ge-0/0/42 edge set protocols vstp interface ge-0/0/43 edge set protocols vstp interface ge-0/0/44 edge set protocols vstp interface ge-0/0/45 edge set protocols vstp interface ge-0/0/46 edge set protocols vstp interface ge-0/0/47 edge set protocols vstp vlan all interface all
root@test-swj-A1-1npA-2p# commit
[edit protocols]
'vstp'
xSTP:Trying to configure too many interfaces for given protocol
error: configuration check-out failedWhen I try different approach:
set protocols vstp vlan all interface ge-0/0/0 edge set protocols vstp vlan all interface ge-0/0/1 edge set protocols vstp vlan all interface ge-0/0/2 edge set protocols vstp vlan all interface ge-0/0/3 edge set protocols vstp vlan all interface ge-0/0/4 edge set protocols vstp vlan all interface ge-0/0/5 edge set protocols vstp vlan all interface ge-0/0/6 edge set protocols vstp vlan all interface ge-0/0/7 edge set protocols vstp vlan all interface ge-0/0/8 edge set protocols vstp vlan all interface ge-0/0/9 edge set protocols vstp vlan all interface ge-0/0/10 edge set protocols vstp vlan all interface ge-0/0/11 edge set protocols vstp vlan all interface ge-0/0/12 edge set protocols vstp vlan all interface ge-0/0/13 edge set protocols vstp vlan all interface ge-0/0/14 edge set protocols vstp vlan all interface ge-0/0/15 edge set protocols vstp vlan all interface ge-0/0/16 edge set protocols vstp vlan all interface ge-0/0/17 edge set protocols vstp vlan all interface ge-0/0/18 edge set protocols vstp vlan all interface ge-0/0/19 edge set protocols vstp vlan all interface ge-0/0/20 edge set protocols vstp vlan all interface ge-0/0/21 edge set protocols vstp vlan all interface ge-0/0/22 edge set protocols vstp vlan all interface ge-0/0/23 edge set protocols vstp vlan all interface ge-0/0/24 edge set protocols vstp vlan all interface ge-0/0/25 edge set protocols vstp vlan all interface ge-0/0/26 edge set protocols vstp vlan all interface ge-0/0/27 edge set protocols vstp vlan all interface ge-0/0/28 edge set protocols vstp vlan all interface ge-0/0/29 edge set protocols vstp vlan all interface ge-0/0/30 edge set protocols vstp vlan all interface ge-0/0/31 edge set protocols vstp vlan all interface ge-0/0/32 edge set protocols vstp vlan all interface ge-0/0/33 edge set protocols vstp vlan all interface ge-0/0/34 edge set protocols vstp vlan all interface ge-0/0/35 edge set protocols vstp vlan all interface ge-0/0/36 edge set protocols vstp vlan all interface ge-0/0/37 edge set protocols vstp vlan all interface ge-0/0/38 edge set protocols vstp vlan all interface ge-0/0/39 edge set protocols vstp vlan all interface ge-0/0/40 edge set protocols vstp vlan all interface ge-0/0/41 edge set protocols vstp vlan all interface ge-0/0/42 edge set protocols vstp vlan all interface ge-0/0/43 edge set protocols vstp vlan all interface ge-0/0/44 edge set protocols vstp vlan all interface ge-0/0/45 edge set protocols vstp vlan all interface ge-0/0/46 edge set protocols vstp vlan all interface ge-0/0/47 edge
It is committed without errors. My question is: what is the difference between those configs? Are their equivalent? Why does the first config fails?
This is just an example. Maybe you are wondering I have just too much vlans, but the problem is relevant when switches are in stack. With 5 switches in stack the vlan number limit is 20.
↧
Re: EX Series SSH issue
Thanks for the fix! I had the same issue and this fixed it!
↧
Re: EX3300 [12.3R3.4] returns an error: remote unlock-configuration failed
A restart of just that switch may clear the issue by itself depending on how and where the corruption is.
I was suggesting this approach to avoid a reboot. I have moved configs by physical copy before to load them on devices. But have not had this specific problem so am not certian if it will work or not.
↧
↧
In log, command the is not showing, which is run by network admin in ex4200 switch.
Dear Team,
In log, command is not showing, which is run by network admin in ex4200 switch.
i have use below command to check the logs.
show log audit
show log interactive-commands
show log messages
Thanks & Regards..
Umesh Sharma | +91 9007743324
JNCIA | JNCIS
↧
Re: In log, command the is not showing, which is run by network admin in ex4200 switch.
Hi bnrumesh,
"show cli history" and "show log interactive-commands" track commands used by users. Which command were you trying to check?
↧
Re: QFX5110 and EX 2300 how to build template from MIB file for Zabbix 3.4+
Hi,
Check these out, maybe it helps:
https://share.zabbix.com/component/mtree/owner/larcorba
Regards,
Nathan
↧
Re: BPDU filtering
I don't believe that turning OFF STP will acheive the same affect as you claimed...
As a switch I will do one of two things upon receipt of an STP BPDU:
- If (x)STP is enabled, the switch will absorb the BPDU in the data-plane, punt it to the control-plane for processing and regenerate a new BPDU to forward upstream as a 'responsible xSTP citizen'
- If (x)STP is *disabled*, then BPDUs are simply seen as data-plane traffic that pass through the switch like any other frame.
So one way to address the 'rogue device' sending BPDUs is to turn xSTP *on* and then enable 'edge mode' on that port so that BPDUs will always be blocked, but the port will remain active. Another way would be to enable 'bpdu-guard' but this will block BPDUs and put the port into a 'bpdu error' state (refer to 'show interface <interface-name> extensive | match error' and/or 'show spanning-tree interface' and look for the port in question and it should be in a blocking state) and this error state will need to be cleared in order for the port to return to a forwarding state.
However, if you have no need for spanning-tree in your environment, but you have a device connected that is sending BPDUs (and you don't have the ability to stop the BPDUs from being generated from that device in the first-place) then you might want to block BPDUs from traversing the network and the command 'set protocols layer2-control bpdu-block interface <interface-name> gives you the ability to block BPDUs without having to create a firewall filter and apply it to an interface nor enable spanning-tree to achieve the same affect plus possibily incur other unwanted side-effects from adding STP to your enivronment just for the sake of BPDU blocking.
Hope this helps.
SC
↧
↧
Re: In log, command the is not showing, which is run by network admin in ex4200 switch.
Can you share the syslog configuration?
>show configuration system syslog
↧
Re: In log, command the is not showing, which is run by network admin in ex4200 switch.
Assuming you are looking for logs of commands run by users then
show log interactive-commands
Would be the correct one assuming you have this in your configuration
system syslog {
file interactive-commands {
interactive-commands any;
Note that the local file does roll over for size but will save several local copies so using the ? prompt you can see how many files are there and then look in older files which add a period number to the file name
show log interactive-commands?
interactive-commands
interactive-commands.0.gz
interactive-commands.1.gz
↧
Performance issues withJuniper EX4300MP
Hello,
I'm attempting to replace Catalyst 3650 with Juniper EX4300-48MP but severe performance issues are plaguing VM host connected to Juniper switch.
Network configuration:
- The core consists of two Catalyst 4500X in VSS and juniper is connected to it with 4 10G uplinks (two to each 4500X)
4 10G ports config on Catalyst 4500X side :
switchport mode trunk
switchport nonegotiate
speed nonegotiate
channel-group 111 mode active
Ports Config on Juniper EX4300-48MP side:
xe-0/2/0 {
ether-options {
802.3ad ae1;
}
}
xe-0/2/1 {
ether-options {
802.3ad ae1;
}
}
xe-0/2/2 {
ether-options {
802.3ad ae1;
}
}
xe-0/2/3 {
ether-options {
802.3ad ae1;
LAG Config:
ae1 {
description "LAG to Cisco";
native-vlan-id 1;
aggregated-ether-options {
lacp {
active;
LAG Config on Juniper EX4300-48MP for VM Host
ae2 {
description "LAG to VM Host2";
native-vlan-id 1;
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members all;
For a few hours it appears all is good but then performance gradually declines to the point that even few icmp packets per min are dropped.
VMWare and Juniper support are telling me configuration is fine on both ends.
Any suggestion would be greatly apretiated.
↧
Issues connecting two different vlans through SRX
Hello community
Could you help me with an issue with the connectivity between two vlans connected through an SRX? I am connecting two differente vlans (90 and 190) through an SRX, the vlan 90 is connected to a asterisk server and the vlan 190 is connected to IP phones. Voice vlan is configured in the switch where the IP phones are connected. For testing pourposes the policies enabled for this services are allowing all traffic in both directions, also host inbound traffic is enable for all services. Phones are registerd for a while and after a period of time all phones are disconnected and also connectivity is lost, consider that locally only inside vlan 90 connectivity continues.
the configuration applied is:
policy PL_VOIP_TO_PHONE {
match {
source-address ADD_VOIP_SERVER;
destination-address ADD_LAN_VOIP;
application any;
}
then {
permit;
log {
session-close;
}
}
}
policy PL_VOIP_COMGSP {
match {
source-address ADD_LAN_VOIP;
destination-address ADD_VOIP_SERVER;
application any;
}
then {
permit;
log {
session-close;
}
}
}
security-zone SZ_LAN_COMGSP {
interfaces {
ae1.110 {
host-inbound-traffic {
system-services {
ping;
traceroute;
dhcp;
}
}
}
ae1.190 {
host-inbound-traffic {
system-services {
all;
ping;
dhcp;
traceroute;
ntp;
ftp;
tftp;
http;
https;
}
}
}
}
application-tracking;
}
security-zone SZ_SERVICIOS_INTERNOS {
interfaces {
ae0.105 {
host-inbound-traffic {
system-services {
ping;
traceroute;
}
}
}
ae0.90 {
host-inbound-traffic {
system-services {
all;
ping;
traceroute;
dhcp;
ntp;
ftp;
tftp;
}
}
}
}
application-tracking;
Best regards
Karlink
↧
↧
Re: Issues connecting two different vlans through SRX
Hello,
wrote: I am connecting two differente vlans (90 and 190) through an SRX, the vlan 90 is connected to a asterisk server and the vlan 190 is connected to IP phones. Voice vlan is configured in the switch where the IP phones are connected. For testing pourposes the policies enabled for this services are allowing all traffic in both directions, also host inbound traffic is enable for all services. Phones are registerd for a while and after a period of time all phones are disconnected and also connectivity is lost, consider that locally only inside vlan 90 connectivity continues.
Looks like Your phones do not send keepalives/KA, or their KA interval is too large and if You haven't changed the SRX default session timeouts (1800 sec for TCP and 60 sec for UDP last time I checked) then these phones' sessions in SRX expire and are silenlty deleted.
You have 3 options here:
1/ tune SRX default timeouts - not recommended
2/ create an application definition for these phones matching on ports and include custom inactivity-timeout into that definition, then match on this application in the security policies.
3/ enable KA or tune KA interval in Your phones
HTH
Thx
Alex
↧
EX 4300 many to many mirroring
i have a requirement of Many to many port miorring to run CC setup on Juniper EX 4300.
Is that possible to achieve it?
I tried couple of options but none of them have given satisfactory input.
↧
Re: EX 4300 many to many mirroring
Hi milindmistry,
What is the issue you're facing with this? This should be achievable:
https://kb.juniper.net/InfoCenter/index?page=content&id=KB25660&cat=EX2200&actp=LIST
Hope this helps.
Regards,
-r.
--------------------------------------------------
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated 
.
↧
Re: EX 4300 many to many mirroring
Tried this does JUNOS ELS has a different way to interpret this.
Hence not working on EX 4300.
↧
↧
Re: EX 4300 many to many mirroring
Here is the documentation for EX4300s.
↧
Re: Issues connecting two different vlans through SRX
Hi Alex:
Thanks for your answer, I will test your recommendations. Do you think your explanation is also the root cause of the problem of losing even connectivity betwee server and phones
Best regards
Karlink
↧
Re: EX 4300 many to many mirroring
Per this link - https://www.juniper.net/documentation/en_US/release-independent/nce/topics/concept/port-mirroring-conf-guideline.html only 1 active analyzer session is allowed for on EX4300 (also 2300 & 3400). Using the other documentation noted by @randero provides a method for multiple analyzer sessions. Then use Firewall Filters to segment which analyzer sees what traffic.
To provide for such capabilities on the switch, it might be good idea to save at least 4 interfaces for this operation, if ever required.
↧