Quantcast
Channel: All Ethernet Switching posts
Viewing all 10307 articles
Browse latest View live

unable to pass Vlan traffic through trunk port

March 21, 2020, 9:43 am
$
0
0

 Hi team,

we are trying to integrate sophos xg firewall to our existing architecture for using  ssl vpn.

and the device ip vlan we have taken is 192.168.20.0/24(168 vlan) device ip is 192.168.20.2 and the client vpn subnet we have taken is 10.105.201.0/24.

 

and we are not tagging the ssl client vpn subent in sophos firewall.

 

we are able to connect to the client vpn and getting the ip address in the subnet of 192.168.20.x/24 but unable to access internal resources and we are using routed vlan interface for layer 2 switching.

 

when we put the layer 2 switch port(connected to sophos) in access we are able to ping the 192.168.20.1 vlan on our internal gateway and the 201 vlan cannot access internal gateway ,but when we change the port to trunk even 168 vlan cannot access internal gateway.

 

Since when we change the port to trunk i think we need to tag the vlan but in sophos but we are unable to find that option so can anyone suggest connecting the firewall directly to layer 3 switch(internal gateway) does it work or any suggestions please? 

 

thanks,

Gautam

 

sophos.PNG

Search

Re: Help Regarding JWeb

March 21, 2020, 11:14 am
$
0
0

Hi HDawood,

 

 Could you share the "show version" of the affected switch?

 

Thanks

Esteban,

Re: Help Regarding JWeb

March 21, 2020, 11:15 am
$
0
0

Hi HDawood,

 

Can you please confirm what is your Junos version as well J-Web version? please confirm you are using the right one.

Have you tried with a different browser?

 

Re: unable to pass Vlan traffic through trunk port

March 21, 2020, 11:24 am

EX4650 - gigabit interface configuration?

March 22, 2020, 2:39 am
$
0
0

I am trying to configure a brand new EX4650, running 18.4R2-S3. Right now I have a number of SFP+ (10Gbps) modules plugged into it, and they're all working fine and passing traffic. However, when I plug in an SFP (1Gbps) module, I can see it in the chassis hardware (as 'SFP-LX10), but it does not appear in the list of interfaces - 'show interfaces terse' skips that port number. Is there some option that I need to set to enable 1Gbps support?

Re: EX4650 - gigabit interface configuration?

March 22, 2020, 2:54 am
$
0
0

Hi Boris

Could you paste the output of show chassis hardware and show interface terse ?

Betreff: EX4650 - gigabit interface configuration?

March 22, 2020, 2:59 am
$
0
0

Hello,

 

I don't have an EX4650 available to check, but you can try the following command:

 

set chassis fpc <slot-number> port <port-number> channel-speed 1g

Betreff: EX4650 - gigabit interface configuration?

March 22, 2020, 3:09 am
$
0
0

Sorry, the only option available to me under that section is 'disable-auto-speed-detection'.

Something else that is odd - I just plugged in a 25Gbps SFP28 transceiver and got the same behavior - it appears in chassis hardware, but an interface is not created.

Search

Re: EX4650 - gigabit interface configuration?

March 22, 2020, 3:32 am
$
0
0

show chassis hardware
Hardware inventory:
Item Version Part number Serial number Description
Chassis XH3718360020 Virtual Chassis
Routing Engine 0 BUILTIN BUILTIN RE-EX4650-48Y-8C
Routing Engine 1 BUILTIN BUILTIN RE-EX4650-48Y-8C
FPC 0 REV 09 650-083242 XH3718360056 JNP48Y8C-CHAS
CPU BUILTIN BUILTIN FPC CPU
PIC 0 BUILTIN BUILTIN 48x25G-8x100G
Xcvr 36 REV 01 740-011613 S2002001459 SFP28-25G-BASE-SR
Xcvr 54 REV 01 740-061000 1P1C40A4296BR QSFP28-100G-CU1M
Xcvr 55 REV 01 740-061000 1P1C40A4296GH QSFP28-100G-CU1M
Power Supply 0 REV 04 740-070750 1F178310119 JPSU-650W-AC-AI
Power Supply 1 REV 04 740-070750 1F178310031 JPSU-650W-AC-AI
Fan Tray 0 Fan Tray, Back to Front Airflow - AFI
Fan Tray 1 Fan Tray, Back to Front Airflow - AFI
Fan Tray 2 Fan Tray, Back to Front Airflow - AFI
Fan Tray 3 Fan Tray, Back to Front Airflow - AFI
Fan Tray 4 Fan Tray, Back to Front Airflow - AFI
FPC 1 REV 09 650-083242 XH3718360020 JNP48Y8C-CHAS
CPU BUILTIN BUILTIN FPC CPU
PIC 0 BUILTIN BUILTIN 48x25G-8x100G
Xcvr 0 NON-JNPR AR20YWG SFP+-10G-SR
Xcvr 1 NON-JNPR AR20YWM SFP+-10G-SR
Xcvr 2 NON-JNPR PSS2KKC SFP-LX10
Xcvr 3 REV 01 740-031980 G1906163820 SFP+-10G-SR
Xcvr 4 NON-JNPR AR2107H SFP+-10G-SR
Xcvr 5 REV 01 740-031980 G1906163815 SFP+-10G-SR
Xcvr 6 NON-JNPR AD153330GV6 SFP+-10G-SR
Xcvr 7 REV 01 740-031980 D87B1409788 SFP+-10G-SR
Xcvr 8 NON-JNPR AR21GNZ SFP+-10G-SR
Xcvr 9 NON-JNPR AR210HH SFP+-10G-SR
Xcvr 10 NON-JNPR AR21GN6 SFP+-10G-SR
Xcvr 11 REV 01 740-031980 G1906163812 SFP+-10G-SR
Xcvr 12 REV 01 740-031980 D87B1409787 SFP+-10G-SR
Xcvr 13 REV 01 740-031980 D87B1409785 SFP+-10G-SR
Xcvr 14 REV 01 740-031980 D87B1409786 SFP+-10G-SR
Xcvr 15 REV 01 740-031980 D87B1409780 SFP+-10G-SR
Xcvr 16 NON-JNPR AR20YVL SFP+-10G-SR
Xcvr 17 NON-JNPR AR21038 SFP+-10G-SR
Xcvr 18 NON-JNPR AR20YW2 SFP+-10G-SR
Xcvr 19 REV 01 740-031980 D87B1409789 SFP+-10G-SR
Xcvr 20 REV 01 740-031980 D87B1409782 SFP+-10G-SR
Xcvr 21 REV 01 740-031980 D87B1409784 SFP+-10G-SR
Xcvr 22 REV 01 740-031980 D87B1409781 SFP+-10G-SR
Xcvr 23 REV 01 740-031980 D87B1409783 SFP+-10G-SR
Xcvr 24 NON-JNPR AR210KF SFP+-10G-SR
Xcvr 25 REV 01 740-031980 G1906163818 SFP+-10G-SR
Xcvr 26 NON-JNPR ASK1VUE SFP+-10G-SR
Xcvr 27 NON-JNPR ASK1WGY SFP+-10G-SR
Xcvr 29 REV 01 740-031980 G1906163816 SFP+-10G-SR
Xcvr 36 REV 01 740-011613 S2002001460 SFP28-25G-BASE-SR
Xcvr 40 REV 01 740-031980 G1906163811 SFP+-10G-SR
Xcvr 54 REV 01 740-061000 1P1C40A4296BR QSFP28-100G-CU1M
Xcvr 55 REV 01 740-061000 1P1C40A4296GH QSFP28-100G-CU1M
Power Supply 0 REV 04 740-070750 1F178310075 JPSU-650W-AC-AI
Power Supply 1 REV 04 740-070750 1F178310064 JPSU-650W-AC-AI
Fan Tray 0 fan-ctrl-0 0, Back to Front Airflow - AFI
Fan Tray 1 fan-ctrl-0 1, Back to Front Airflow - AFI
Fan Tray 2 fan-ctrl-1 2, Back to Front Airflow - AFI
Fan Tray 3 fan-ctrl-1 3, Back to Front Airflow - AFI
Fan Tray 4 fan-ctrl-2 4, Back to Front Airflow - AFI

 

show interfaces terse
Interface Admin Link Proto Local Remote
vcp-255/0/54 up up
vcp-255/0/54.32768 up up
vcp-255/0/55 up up
vcp-255/0/55.32768 up up
gr-0/0/0 up up
pfe-0/0/0 up up
pfe-0/0/0.16383 up up inet
inet6
pfh-0/0/0 up up
pfh-0/0/0.16383 up up inet
pfh-0/0/0.16384 up up inet
pfe-1/0/0 up up
pfe-1/0/0.16383 up up inet
inet6
pfh-1/0/0 up up
pfh-1/0/0.16383 up up inet
pfh-1/0/0.16384 up up inet
xe-1/0/0 up down
xe-1/0/0.0 up down eth-switch
xe-1/0/1 up up
xe-1/0/1.0 up up eth-switch
xe-1/0/3 up down
xe-1/0/4 up up
xe-1/0/4.0 up up eth-switch
xe-1/0/5 up up
xe-1/0/5.0 up up eth-switch
xe-1/0/6 up up
xe-1/0/6.0 up up eth-switch
xe-1/0/7 up up
xe-1/0/7.0 up up eth-switch
xe-1/0/8 up up
xe-1/0/8.0 up up eth-switch
xe-1/0/9 up up
xe-1/0/9.0 up up eth-switch
xe-1/0/10 up up
xe-1/0/10.0 up up eth-switch
xe-1/0/11 up up
xe-1/0/11.0 up up eth-switch
xe-1/0/12 up up
xe-1/0/12.0 up up eth-switch
xe-1/0/13 up up
xe-1/0/13.0 up up eth-switch
xe-1/0/14 up up
xe-1/0/14.0 up up eth-switch
xe-1/0/15 up up
xe-1/0/15.0 up up eth-switch
xe-1/0/16 up down
xe-1/0/16.0 up down eth-switch
xe-1/0/17 up up
xe-1/0/17.0 up up eth-switch
xe-1/0/18 up up
xe-1/0/18.0 up up eth-switch
xe-1/0/19 up up
xe-1/0/19.0 up up eth-switch
xe-1/0/20 up up
xe-1/0/20.0 up up eth-switch
xe-1/0/21 up up
xe-1/0/21.0 up up eth-switch
xe-1/0/22 up up
xe-1/0/22.0 up up eth-switch
xe-1/0/23 up up
xe-1/0/23.0 up up eth-switch
xe-1/0/24 up down
xe-1/0/24.0 up down eth-switch
xe-1/0/25 up up
xe-1/0/25.0 up up eth-switch
xe-1/0/26 up down
xe-1/0/26.0 up down eth-switch
xe-1/0/27 up down
xe-1/0/27.0 up down eth-switch
xe-1/0/29 up up
xe-1/0/29.0 up up eth-switch
xe-1/0/40 up down
xe-1/0/40.16386 up down
bme0 up up
bme0.0 up up inet 128.0.0.1/2
128.0.0.4/2
128.0.0.63/2
bme0.32769 down up eth-switch
cbp0 up up
dsc up up
em0 up down
em0.0 up down eth-switch
em1 up down
em1.0 up down inet
em2 up up
em2.32768 up up inet 192.168.1.2/24
em3 up up
esi up up
gre up up
ipip up up
irb up up
irb.0 up up inet 172.27.99.4/24
lo0 up up
lo0.16385 up up inet
lsi up up
mtun up up
pimd up up
pime up up
pip0 up up
tap up up
vme up down
vtep up up

Re: EX4650 - gigabit interface configuration?

March 22, 2020, 3:40 am
$
0
0

Found it. Needed to issue the following:

set chassis fpc 1 pic 0 port 44 speed 1G (or 25g)

 

Note that it changes the speed for ports in groups of 4, i.e. setting port 44 to 1G changes this setting for ports 44, 45, 46 and 47.

Re: EX4650 - gigabit interface configuration?

March 22, 2020, 4:11 am
$
0
0

I'm glad that you found it. Please mark the relevant post as "Accepted Solution" to let others find the solution easier. If you want to honor our help, please spend some Kudos as well. Thank you.

Re: EX4650 - gigabit interface configuration?

March 22, 2020, 5:54 am
$
0
0

@Boris - this is spelled out at - https://www.juniper.net/documentation/en_US/junos/topics/topic-map/switches-interface-port.html

 

You might have been looking here, which does not what is needed as clear as above.

 

https://www.juniper.net/documentation/en_US/release-independent/junos/topics/topic-map/ex4650-hardware-overview.html

 

Per NOTE under EX4650 Switch First View

 

The SFP28 speed can be applied only for individual quads (four ports). The speed cannot be configured for a single port.

 

BIG Question: You are setting with fpc 1, not fpc 0, is this EX4650 maybe set as a VC with another EX4650?  If yes, what SW release are you running?

 

Thanks

Re: Help Regarding JWeb

March 22, 2020, 8:30 am
$
0
0

Hello,

the version is  18.2R3-S1.7

EX4650 - 100gb vc-ports not passing client traffic

March 22, 2020, 10:31 am
$
0
0

I have two EX4650 switches in a preprovisioned virtual chassis:

root@SwitchFabric> show virtual-chassis

Preprovisioned Virtual Chassis
Virtual Chassis ID: 92a8.0532.c3fd
Virtual Chassis Mode: Enabled
Mstr Mixed Route Neighbor List
Member ID Status Serial No Model prio Role Mode Mode ID Interface
0 (FPC 0) Prsnt XH3718360056 ex4650-48y-8c 129 Backup N VC 1 vcp-255/0/54
1 vcp-255/0/55
1 (FPC 1) Prsnt XH3718360020 ex4650-48y-8c 129 Master* N VC 0 vcp-255/0/54
0 vcp-255/0/55

{master:1}
root@SwitchFabric> show configuration virtual-chassis
preprovisioned;
no-split-detection;
member 0 {
role routing-engine;
serial-number XH3718360056;
}
member 1 {
role routing-engine;
serial-number XH3718360020;
}

 

root@SwitchFabric> show chassis hardware
Hardware inventory:
Item Version Part number Serial number Description
Chassis XH3718360020 Virtual Chassis
Routing Engine 0 BUILTIN BUILTIN RE-EX4650-48Y-8C
Routing Engine 1 BUILTIN BUILTIN RE-EX4650-48Y-8C
FPC 0 REV 09 650-083242 XH3718360056 JNP48Y8C-CHAS
CPU BUILTIN BUILTIN FPC CPU
PIC 0 BUILTIN BUILTIN 48x25G-8x100G
Xcvr 54 REV 01 740-061000 1P1C40A4296BR QSFP28-100G-CU1M
Xcvr 55 REV 01 740-061000 1P1C40A4296GH QSFP28-100G-CU1M
Power Supply 0 REV 04 740-070750 1F178310119 JPSU-650W-AC-AI
Power Supply 1 REV 04 740-070750 1F178310031 JPSU-650W-AC-AI
Fan Tray 0 Fan Tray, Back to Front Airflow - AFI
Fan Tray 1 Fan Tray, Back to Front Airflow - AFI
Fan Tray 2 Fan Tray, Back to Front Airflow - AFI
Fan Tray 3 Fan Tray, Back to Front Airflow - AFI
Fan Tray 4 Fan Tray, Back to Front Airflow - AFI
FPC 1 REV 09 650-083242 XH3718360020 JNP48Y8C-CHAS
CPU BUILTIN BUILTIN FPC CPU
PIC 0 BUILTIN BUILTIN 48x25G-8x100G
Xcvr 54 REV 01 740-061000 1P1C40A4296BR QSFP28-100G-CU1M
Xcvr 55 REV 01 740-061000 1P1C40A4296GH QSFP28-100G-CU1M

 

They are connected using two 100Gbps DAC cables on ports 54 and 55 (I tried other 100Gbps ports too, this did not make a difference). The virtual chassis forms correctly, but there is no traffic flow between clients on the two switches. They can communicate within a switch, but not between them. If I configure ports 1-48 as vc-ports (I tested on port 15) and connect 10Gbps DACs, then it works fine, but 100Gbps breaks things. What am I missing?

 

Edit: Forgot to mention, it's running version 18.4R2-S3.

Re: EX4650 - gigabit interface configuration?

March 22, 2020, 10:32 am
$
0
0

Yes, it is a member of a virtual chassis. Running version 18.4R2-S3.

Search

Re: EX4650 - 100gb vc-ports not passing client traffic

March 22, 2020, 11:02 am
$
0
0

I don't think that VC is officially supported on QFX5120/EX4650 until 19.3/19.4

 

https://www.juniper.net/documentation/en_US/junos/topics/concept/virtual-chassis-qfx-series-understanding.html 

 

Two QFX5120 switches or up to four EX4650 switches (a non-mixed Virtual Chassis), as follows:

  • Starting in Junos OS Release 19.3R1, you can interconnect two QFX5120-48Y or EX4650-48Y switches into a Virtual Chassis.

  • Starting in Junos OS Release 19.4R1, you can interconnect up to four EX4650-48Y switches into a Virtual Chassis.

Re: EX4650 - 100gb vc-ports not passing client traffic

March 22, 2020, 11:12 am
$
0
0

@Boris, as @smiker stated VC is not "officially" support until 19.3R1, as well as any future releases.  Even though configurable and working, TAC may not provide full support, unless you are on 19.3R1 or higher.

 

Just a FYI.

Re: EX4650 - 100gb vc-ports not passing client traffic

March 22, 2020, 11:29 am
$
0
0

Understood. I was actually in the middle of updating to 19.2R2-S4 as I wrote the post (I'm a bit wary of bleeding-edge releases); if that does not help, I will update to 19.4R1-S1.

Re: EX4650 - 100gb vc-ports not passing client traffic

March 22, 2020, 12:34 pm
$
0
0

19.2 did not resolve it, but 19.4 did - it appears to be working fine now. Thank you.

Re: Help Regarding JWeb

March 22, 2020, 2:07 pm
$
0
0

appreciate the urgent help please I have provided the required version ..

Viewing all 10307 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>