Quantcast
Channel: All Ethernet Switching posts
Viewing all 10307 articles
Browse latest View live

Re: JunOS update on QFX5100 Virtual Chassis

April 1, 2020, 4:04 pm
$
0
0

Hi vakas10 .

 

I hope everything is ok.

 

My team and I have done many upgrades from 14 to 18 in a single hop with no issues as long as the configuration has not syntax or compatibility issues, but it's ok to jump from 14 to 17 then 18 through the regular upgrade, meaning that you need to put the Junos image in var/tmp folder in the master routing engine then issue the command request system software add/var/tmp/image name.tgz.

In regards to NSSU , if possible do not try it, the procedure above can take less time than NSSU, if NSSU fails can even cause a longer downtime than regular upgrades.


This command will install the same image in all the members at a time and requires a single reboot.

 

If this solves your problem, please mark this post as "Accepted Solution" so we can help others too.

 

Kind regards

 

Search

Re: Routing Issue on EX45000

April 1, 2020, 4:16 pm
$
0
0

Hi tri.nguyen .

 

I hope you're doing great.

 

I have faced similar behavior caused by IP addressing conflict, please check the default gateway and its address to make sure there are no duplicate address or overlapping.


Please also check the routing if by any chance you have static, go ahead and check that the return route is properly configured.

Keep me posted.

 

If this solves your problem, please mark this post as "Accepted Solution" so we can help others too.

Betreff: Disable Inter-VLAN Switching/Routing on EX4300-48MP

April 2, 2020, 12:17 am
$
0
0

Yes, default gateways point to the Cisco. Yes, the Cisco knows how to route between the VLANs, but there are some ACLs to restrict communication between VLANs. I already tried to take down the trunk between the EX4300 and the Cisco - same behavior.

 

All clients connected to the EX4300 can communicate with each other, no matter which VLANs are set. If you try to communicate with clients connected to another switch, the ACLs are working as expected.

Betreff: Disable Inter-VLAN Switching/Routing on EX4300-48MP

April 2, 2020, 5:03 am
$
0
0

Maybe you could gather output of the below commands when there is no physical connection to the Cisco.

 

show route

show interface terse | no-more

show configuration interface | no-more

 

Paste all of this into some doc (word/etc.) and send here so we can take a better look.

Syslog message

April 2, 2020, 6:12 am
$
0
0

Hi, 

 

trying to get to the bottom of this message 

chassism[1287]: %DAEMON-3-CMLC: connection in progress for long  

If anyone knows, searched the web couldnt find anything. Tried the help syslog function not much to reasons why. It is at severity 3, so would like to get the bottom of it.  

 

Thanks 

Betreff: Syslog message

April 2, 2020, 7:03 am
$
0
0

Hello,

 

within the Release notes for EX Series 12.3R5, I can find the following:

 

On EX Series switches, the messages CMLC: connection in progress for long and pfem:devrt_gencfg_rtsock_msg_handler Incorrect major_type 8
might be displayed, but the messages do not impact switch functionality. [PR/890633: This issue has been resolved.]

 

Are you using an EX Switch with a JUNOS release older than 12.3R5?

Betreff: Syslog message

April 2, 2020, 8:58 am
$
0
0

Thanks, that will be it.  Using a slightly older version 12.3R4.6 

Re: EX 2200 - DHCP Snooping and DAI

April 2, 2020, 11:53 am
$
0
0

MAYDAY!

 

So I only enabled dhcp examine-all and now my wirelined ethernet workstation has no connectivity because it does not have a valid ip configuartion anymore.

It appears only my workstation was disconnected thus far.

I did not do any DAI configs in the switches. 

I am stuck again! I do not understand why this keeps happening. I cannot access the switch through putty because I have no internal ip address to LAN connect to it and I connect go into my firewall gateway appliance which acts as the DHCP server to make any changes as well. 

I had to set a static ip thru windows network properties to reconnect.

I just do not want this to affect all the other end-user nodes connectivity in our LAN.

 

PLease advise. 

Search

EX 2200 - DHCP Snooping and DAI Causing Connectivity Drops

April 2, 2020, 5:32 pm
$
0
0

Hello All,

 

I have inherited (5) ex 2200 24p 4g by the SMB I work for and I am wanting to properly and optimally configure them as they are currently practically at default settings. Also they are non-ELS. 

There is no VLANS (other than default), and they are not set up as a virtual chassis. No trunk interface ports have been configured as well.

They are version 12.3R6.6 (qty.2) and 12.3R4.6(qty.3)

 

The reason why I am posting this is because when I was attempting to set up DHCP snooping via CLI, it worked. I was able to set and commit and noticed that nothing had actively changed in terms of access from my user workstation and LAN connectivity.

However, immediately after, I set Dynamic Arp Inspection with this command set vlan all arp-inspection I was disconnected from the switch and it was rendered inaccessible through the network. This also caused all nodes with IP addresses to become disconnected.

 

Now I understand that this means it is actively working with the DHCP snooping database and executing immediately, ( I was testing it out), but what I DO NOT KNOW is how to do this properly so that all currently connected MAC devices and assigned IP addresses are trusted and stored. What do I have to do to properly implement this?

 

I have been referring to KB artcilces in juniper.net Tech Library to do this, BUT  nowhere do I see how to properly execute this in an order of operations and successful sequence.

 

Can anyone please inform me or refer to me how to set up DHCP snooping with DAI correctly (not just - here are the commands now go and enter them, I already did that) so that I can protect this SMB LAN more securely.

 

I am a new network admin and I am seeking help from experienced experts. Please and thanks.

 

 

 

 

Re: EX 2200 - DHCP Snooping and DAI

March 30, 2020, 11:42 am
$
0
0

From what I understand you enabled arp inspection quite quickly after enabling dhcp snooping.

 

Basically you need to do this in two steps: First enable dhcp snooping at let it be active for at least the max lease time period (could be several days, check your DHCP server). You can also validate that dhcp snooping bindings are shown via 'show dhcp snooping binding'.

 

After this you can enable arp inspection as DAI relies on a fully populated dhcp snooping database.

 

More on dhcp snooping: https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/port-security-dhcp-snooping-cli.html

Re: EX 2200 - DHCP Snooping and DAI

March 30, 2020, 11:48 am
$
0
0

Hi V.

 

I hope everything is fine despite this difficult situation we are all going through.

 

I checked the description of the issue you are facing, for me, it fully matches a PR for this platform, actually, there is a WA to overcome that.

As a workaround, deactivate/activate DAI or do a DHCP renew on clients will resolve this issue.

Below you can find the public PR details for your reference.

https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR874106

 

If this solves your problem, please mark this post as "Accepted Solution" so we can help others too.

 

Cheers.

Re: EX 2200 - DHCP Snooping and DAI

April 2, 2020, 5:30 pm
$
0
0

MAYDAY!

 

So I only enabled dhcp examine-all and now my wirelined ethernet workstation has no connectivity because it does not have a valid ip configuartion anymore.

It appears that it is only disconnecting some Ethernet desktops. Not all. I do not why. When troubleshooting from windows network control panel the results is no valid IP configuration. After ipconfig /release and ipconfig /renew there is no successful Ipv4 ethernet table info obtained. 

What is interesting is that certain wireless clietns still have internet connection which means their IPv4 DHCP connectivity remained intact. Of the 4 switches, I executed DCHP snooping on 3 of them which host the most port connections to LAN and WLAN IAPs so I do not think these clients are connected to the last switch that was not configure for dhcp snooping. 

I did not do any DAI configs in the switches. 

I am stuck again! I do not understand why this keeps happening. I cannot access the switch through putty because I have no internal ip address to LAN connect to it and I connect go into my firewall gateway appliance which acts as the DHCP server to make any changes as well. 

I had to set a static ip thru windows network properties to reconnect.

I just do not want this to affect all the other end-user nodes connectivity in our LAN.

 

PLease advise. 

QFX TVP vs non-TVP

April 4, 2020, 11:39 am
$
0
0

Hi,

 

In the context of QFX 51xx platforms - what is a "TVP image" vs "non-TVP image"? 

For example: "

Downgrade from TVP image to non-tvp image is not supported. Upgrade from non-tvp to TVP is supported.

"

Reagrds,

Pawel Mazurkiewicz

Re: QFX TVP vs non-TVP

April 4, 2020, 1:20 pm
$
0
0

Hi Pawel,

 

There was a change on some Junos products some time ago, mainly QFX, with the introduction of the TVP architecture on newer codes. These were different kernel and internal components optimizations on these platforms added by the engineering teams. You may not find any public documentation as this as they are Juniper hardware build specifications. However, you can differentiate the codes as VTPs show as "qfx-5e-". Example: jinstall-host-qfx-5e-x86-64-19 vs jinstall-host-qfx-5-19

 

 I am also adding some PRs regarding the error you are getting:

https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1248145

https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1345848

 

Best regards!

 

If that clears your concerns, please mark as solved

Re: QFX TVP vs non-TVP

April 6, 2020, 12:23 am
$
0
0

Hi Pawel,

 

Any chance you could elaborate on TVP architecture as the QFX5110 only supportss a TVP image (5e) and has a major impact bug Pr1426737 where upgrade is the only fix path from the JTAC recomended software.

 

Any chance there is an understanding presentation/explaination, just the TVP basics if thats not a contridication.

Search

Re: QFX TVP vs non-TVP

April 6, 2020, 3:04 am
$
0
0

Thanks egarro Smiley Happy 

 

Kind regards,

Pawel

Re: QFX TVP vs non-TVP

April 6, 2020, 5:58 am
$
0
0

As @egarro stated, all [most] newer products support [only] the newer and improved TVP archietcure.  QFX5100 was only product in QFX family that was caught with support for 2 archiectures.  To keep backwards, as well as forward, compatiabilty for mixed VC and VCF, for the QFX5110 (the Spine in VCF) 5e is explicately called out as "informational".  Reason is:

 

You can not mixed in the QFX5100/5110 family a 5e and a non-5e in any mixed VCF/VC.  QFX5110 will call out 5e explicately for this reason, while all [at least most] other products supporting the newer TVP archiecture will not.

 

Once you convert any QFX5100 to 5e TVP archiecture, that switch can now ONLY be used with other 5e switches, in a VC or VCF, and return to non-5e is not supported.  This is all informational [warning?] so that [only] QFX5100 customers do not run into issues.

 

The details of the archiecture are Juniper propritary as is the SW archectuture for Junos or newer EVO.

 

HTH

ex4200 ospf nssa docking cisco ospf nssa

April 6, 2020, 6:29 am
$
0
0

I have ex4200 run ospf nssa, we have new project docking cisco router. I found ex4200 ospf database have nssa route,

but can't join to route table.

 

root> show ospf database instance PG_VR_

OSPF database, Area 0.0.0.11
Type ID Adv Rtr Seq Age Opt Cksum Len
Router *192.168.11.1 192.168.11.1 0x80000018 944 0x20 0x2717 60
Router 192.168.11.255 192.168.11.255 0x80000044 1337 0x28 0x4e38 96
Network *172.20.11.41 192.168.11.1 0x8000000a 2947 0x20 0xfd6 32
Network *172.20.11.61 192.168.11.1 0x8000000c 1941 0x20 0x428d 32
NSSA 100.101.0.0 192.168.11.255 0x80000001 1377 0x28 0x8cad 36

{master:0}
root> show route table PG_MO.inet.0

PG_VR_MGM_MO.inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

172.20.11.1/32 *[Local/0] 03:01:57
Reject
172.20.11.40/29 *[Direct/0] 03:01:42
> via vlan.111
172.20.11.41/32 *[Local/0] 03:01:57
Local via vlan.111
172.20.11.56/29 *[Direct/0] 03:01:42
> via vlan.119
172.20.11.61/32 *[Local/0] 03:01:57
Local via vlan.119
192.168.11.1/32 *[Direct/0] 03:01:58
> via lo0.11
224.0.0.5/32 *[OSPF/10] 03:01:59, metric 1
MultiRecv

 

andthan I found remote router network ex4200 can't receive

 

 

Re: ex4200 ospf nssa docking cisco ospf nssa

April 6, 2020, 10:13 am
$
0
0

 Hey Jonas_Cheung,

 

Greetings, these are some common reasons why you could be facing this issue: 

 

1-Import Policy Is Blocking the Routes

2-Network Type Mismatch (check the interface type on both sides)

3-Wrong Address Assignment

4-If you are using point to point check that both sides are on the same subnet

5-Check if the forwarding Address Known via an External Route

 

 

I hope this helps mate! good luck.

 

Juniper EX2300 BPDU issue

April 6, 2020, 12:36 pm
$
0
0

Our network currently consists of two EX9208 distro switches, and around 40 EX4300 edge switches. All edge switches have a direct connection to one of the distro switches. I recently purchased 6x - EX2300-C switches to add to our network.

 

Upon configuring the EX2300-C switches and connecting them to the newtork, the EX2300-C switches are having STP issues. They consistently bounce the root bridge assignment between themselves and the distro switch (distro switch is ACTUAL root bridge). This bouncing back and forth happens every 5-15 seconds, and ends up causing the switch to go up and down constantly. This also causes a topology change on EX2300-C and root bridge everytime the switch changes root bridge assignment.

 

We're using MSTP, and the EX2300-C has the same MSTP region name, revision, configuration digest as all the rest of the switches in the network. The EX2300-C is using a nearly exact same switch configuration as the EX4300 switches (all of which never had STP issues). I've tried all 6 switches, each with the same result. I've tried the JUNOS software that came on the switch, the latest JUNOS version, and a version in between.. all with the same result.

 

I'm guessing its a BPDU issue, for some reason the EX2300-C is not receiving BPDU packets correctly. Running an MSTP traceoptions with BPDU flag shows inconsistent BPDU activity, whereas running the same traceoptions on a working EX4300 switch shows consistent BPDUs from the root bridge (every 2 seconds successfully received BPDU from root bridge).

 

I've tried setting the hello-times to 5 sec on root bridge and EX2300-C, no change in result. Originally my configuration sets the EX2300-C port connected to the root bridge with "bpdu-timeout-action block". If I remove the bpdu-timeout-action setting, this at least allows the switch to stay up, however, you can still observe the root bridge bouncing up and down.

 

I've had a ticket open with JTAC for almost 2 months, they haven't been able to resolve the issue either. I was hoping maybe someone on here may have experienced this before... Any ideas?

Viewing all 10307 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>