Hi,
Have you tried a different browser like Firefox or Chrome?
Thanks
John
↧
Re: Help Regarding JWeb
↧
Juniper ex4600 - disable/block local route but let IRB and VRRP online
Hi Guys,
i need an idea to solve my task.
I had two ex4600 MCL with IRB and VRRP Interfaces. In some Vlans i would like that local route of the IRB will disbled. But the IP of the IRB and the VRRP Adresse should be online.
The Devices in the Vlan should not be able to route over the irb and vrrp adresse, but i will use ping with the irb and would the ethernet-switching table.
On my ex9200 i can solve it with an output Firwall policy on the irb but the ex4600 don´t support output firewall policys.
Is there any possibility to block routing with out disbale interfaces?
Thx
↧
↧
Re: Juniper ex4600 - disable/block local route but let IRB and VRRP online
Hi,
What is your use-case? That local route is only needed when routing between VLANs. So host to host traffic in the same VLAN (as the irb) still uses ethernet-switching. If your use-case is to block inter-vlan routing, there's still an option to apply ingress ACLs to block IP subnets "source-address x.x.x.x" and/or "destination-address x.x.x.x" on the IRB unit interfaces. If you're trying to block communication within a VLAN, consider using family ethernet-switching filters for protecting specific server(s) or use private VLANs: https://www.juniper.net/documentation/en_US/release-independent/nce/topics/concept/private-vlans-qfx-series.html
Hope this helps.
Regards,
-r.
--------------------------------------------------
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated 
.
↧
Re: Help Regarding JWeb
I tried but it didn't work too ..
↧
Re: Help Regarding JWeb
hI
Can you paste the output of show version ?
Also you may try to re-install the jweb package.
↧
↧
Re: Juniper ex4600 - disable/block local route but let IRB and VRRP online
I think you want to just isolate a vlan or set of vlans so that layer 3 routing does not connect with the main group.
If that is correct, simply create a routing instance of virtual router and place the interfaces for the isolated vlan here. This behaves as if they are on an independent router/switch and they will only be able to see and route to each other.
you will also then need to move the upstream connection for this vlan over to the virtual router as well so the outbound default route will work if they need to leave the switch for something else. But if they are completely local nothing else needs to be done.
↧
Re: Help Regarding JWeb
below is the out put:
I'm not able to download it, if You can appreciate to share with me ..
↧
Re: Help Regarding JWeb
Hi
This is the link to JWeb package on juniper support site for 18.2
You have to select ex3400 and then drop down for JWeb
https://webdownload.juniper.net/swdl/dl/secure/site/1/record/76845.html?pf=EX3400
↧
Re: Help Regarding JWeb
I did of cpurse but not able to download due to the below error:
You have encountered this error because your account privileges do not permit access to the information or service requested. Software download entitlement is granted for customers under the following scenarios.
Juniper Product within the first 90 days of the hardware warranty period.
Juniper Product which is currently under an active maintenance contract.
Juniper Standalone Software Subscription which is currently active.
↧
↧
EX3300 Configure STP on specific port (SONOS)
Hi!
I'm running 2xEx3300 (in Virtual chassis configuration). I'm trying to configure some ports to use STP. The reason for using STP on some ports it to be able to run my sonos device with STP and the rest to use RSTP.
(Sonos need STP when running them borth with wireless and cable connection).
I'm failing to do so, both with J-web and cli.
Using Jweb I have added and configured STP, but when enabling it i get the message:
"Already RSTP instance is configured.Do you want to disable it and enable STP ?"
It seems I can't run both STP and RSTP.
Trying to use CLI to enable STP
(looking at https://www.juniper.net/documentation/en_US/junos/topics/topic-map/spanning-tree-configuring-stp.html)
root@juniper1# set stp interface ge-1/0/4
^
missing argument.
{master:0}[edit protocols]
This is my current config
root@juniper1> show configuration protocols
igmp-snooping {
vlan all;
}
stp {
disable;
bridge-priority 4k;
max-age 20;
hello-time 2;
forward-delay 15;
interface ge-1/0/4.0 {
priority 128;
cost 10;
}
}
rstp {
interface ge-1/0/4.0 {
disable;
}
}
lldp {
interface all;
}
lldp-med {
interface all;
}
{master:0}Plugging in sonos device in ge-1/0/4 gives me a broadcast storm.
How can I configure ge-1/0/4 to use STP, I want the rest to continue using RSTP.
Thanks in advance, J
↧
Re: EX3300 Configure STP on specific port (SONOS)
Hi
I believe RSTP is backward compatible with the legacy STP.
https://www.juniper.net/us/en/local/pdf/implementation-guides/8010002-en.pdf
RSTP is backward-compatible with legacy STP; if legacy STP BPDU is detected on a link, then an RSTP-capable bridge will revert to legacy STP on that given port.
Hope this helps
↧
Re: EX3300 Configure STP on specific port (SONOS)
Hi!
Thanks. It worked using RSTP and configuring using sonos recommended settings.
Best Regards J
↧
Re: Help Regarding JWeb
You may need to contact Ccare for that, your account may not have full download privileges.
↧
↧
Re: Help Regarding JWeb
Basically what you seing is the phone-home client for zero touch provisioning. To disable this, you have to login via serial console, go into configuration mode and delete the 'system phone-home' part of the configuration.
I expect your swith is with the factory default meaning something like the following commands (login with root and no password):
%cli
{master:0}
root> configure
Entering configuration mode
{master:0}[edit]
root# delete system phone-home
{master:0}[edit]
root# commit and-quitthen you should be able to access the basic j-web package on your EX3400. Regarding software access, create a case for customer care mentioning the serial number for your device... you will then be given access to download of software for your EX switch.
↧
Re: 25GbE on QFX5200: FEC does not work properly
There is a PFE vendor limitation that, currently FEC74 is only supported in QFX5200 for 25G.
Though the cli allows us to configure FEC91 by default internally it is set to FEC74. The only option we have now is to set it FEC74 or set to none.
Options in your case is it to check if the peer FEC can be set to auto, so that he detects the switch FEC settings or set the FEC to none.
↧
Re: Juniper ex4600 - disable/block local route but let IRB and VRRP online
Hi,
thx for the two answers. Mriyaz i explain the case again, your understandiung of my case is not quite correct.
Spuluka you are on the right way, but i explain my case a little bit detailed again. So i hope you can check it again with your idea.
I have the two ex4600 with some vlans, every with IRB und VRRP. For example:
- Vlan ID 1 and Vlan ID 22
- The Clients in Vlan 1 have setup IPs and the Gateway right because this are Office clients.
- The Clients in Vlan 22 are production clients and shoud not be reached by the office clients.
- The most clients have no Gateway setup, so they could not be answer request of the office clients.
- Some clients have setup the Gateway of the Vlan, but i have a input Firewall-Filter on the ex4600 to block that traffic.
- But some Clients have setup a Server in the Vlan as Gateway and that Server has two NICs, one in Vlan 1 and one in Vlan 22. The Server routes these packets between the Vlans.
So i would block the traffic from Vlan 1 to vlan 22. But i have much Office Vlans, so i can´t and would not setup input Filter on all that IRBs. And the ex4600 can´t setup output filter like the ex9200.
In the future we will remove the server and setup the clients with other setting but and the moment its not possible. So i search and easy way to block that traffic from one vlan to vlan 22.
↧
Re: QSFPP-4X10GE-LR @ 40Gb?
Sorry for the late response
This would be for a QFX10002-72Q. If I channelize this optic and use an MTP->LC breakout, will each channel run at 1310 so that I can use standard LR's on the other end?
wrote: I actually believe the answer is yes, that it can support 40GE (via 4 x 10GE wavelengths) or be used with break-out cable. If you go to Pathfinder here - https://apps.juniper.net/hct/model/?component=QSFPP-4X10GE-LR&tab=sPlatforms and hover over the red "i" circles, the info appears to say that this transceiver can be used in either configuration.
The first question I might ask is, for which Platform are you planning to use this specific transceiver?
↧
↧
High load due to SNMP monitoring
Hi there,
we have a virtual chassis with 6 EX4300 members.
The firmware version is: 18.2R1.9
We have high CPU usage on the primary routing engine.
This load is caused by our SNMP monitoring. We query normal values. For example, temperature, CPU usage or just the traffic of the individual ports.
It is precisely this cancellation of the traffic (values "IF-MIB :: ifHCInOctets" "IF-MIB :: ifHCOutOctets") that causes the load.
Here is a top excerpt:
last pid: 11414; load averages: 1.63, 1.42, 1.30 up 418+05:36:18 16:13:06
66 processes: 3 running, 63 sleeping
CPU states: 38.0% user, 0.0% nice, 41.5% system, 0.5% interrupt, 20.1% idle
Mem: 986M Active, 81M Inact, 152M Wired, 560M Cache, 112M Buf, 81M Free
Swap:
PID USERNAME THR PRI NICE SIZE RES STATE TIME WCPU COMMAND
1793 root 1 76 0 59772K 38904K RUN 3246.6 30.08% mib2d
1646 root 2 -52 -52 564M 208M select 2637.2 17.14% pfex_junos
1792 root 1 76 0 35796K 25132K select 1214.3 12.45% snmpd
1798 root 1 51 0 41172K 23352K select 518.2H 3.42% pfed
1633 root 1 49 0 64888K 29128K select 334.9H 2.59% chassisd
11407 root 1 42 0 11836K 5572K select 0:00 0.22% sshd
We collect the values every 10 seconds. We also do this on our older ex4200 switches. We have absolutely no problems with the ex4200.
If I set that we only collect the values for the graphs every 20 seconds, then the load decreases, but we have peaks in the graph every 20 seconds.
What could be the problem here? I think we are not the only ones requesting SNMP values, so I hope that one or the other has a tip.
Best regards
↧
Re: QSFPP-4X10GE-LR @ 40Gb?
Yes. See here for specs - https://apps.juniper.net/hct/model/?component=QSFPP-4X10GE-LR
From there it states:
Transmitter wavelengths (range). 1260 nm through 1355 nm (this is 1310)
All this info can be found on-line.
HTH. Regards.
↧
Re: QSFPP-4X10GE-LR @ 40Gb?
Update: Unfortunately this optic (for some unknown reason to me!) is NOT certified for use on any QFX capable platform. See here - https://apps.juniper.net/hct/model/?component=QSFPP-4X10GE-LR&tab=sPlatforms
At the same time, since all optics are standards based, the optic should/will work fine, and you can considered as you would as a 3rd party optics. At least at the present time.
I will check further, and update if I find any additional info.
↧