All,

I feel like I'm not the only one who could want this, but I want the device to auto disable ports that have been unused for 7 days.

My environment is all EX switches and SRX appliances. I'm hoping to do this using op scripts or another means executed on the local device.

Any ideas?

I'm going to be working with juniper devices in a 'network specialist' role so I'm trying to get familiar with the catalogue beforehand.

And to my surprise I'm seeing the AP's on their website advertised as having some sensors, which is cool.

Temperature sensors I can understand, but what is the point of an accelerometer in an AP which will most likely never be moved once installed? Anyone made use of these, if so what for?

Simple MX204 with a few thousand subscribers. Based on best practice, do I need CGNAT?

Thanks so much in advance

Today, I successfully pinged from my PC (192.168.10.5) to the SRX (192.168.20.2) within my network. However, after attempting to implement OSPF (0.0.0.1) from the ge-0/0/1 interface, I am now unable to ping anything from my PC. My objectives are as follows:

• Establish layer 3 routing for both VLANs on the EX and SRX.
• Achieve a full OSPF neighbor state.

I'm seeking assistance in diagnosing what might be causing issues with my setup.

Additionally, I plan to set up OSPF with another SRX on port ge-0/0/0.

SRX

set security screen ids-option untrust-screen icmp ping-death

set security screen ids-option untrust-screen ip source-route-option

set security screen ids-option untrust-screen ip tear-drop

set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024

set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200

set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024

set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048

set security screen ids-option untrust-screen tcp syn-flood timeout 20

set security screen ids-option untrust-screen tcp land

set security policies from-zone trust to-zone untrust policy trust-to-untrust match source-address any

set security policies from-zone trust to-zone untrust policy trust-to-untrust match destination-address any

set security policies from-zone trust to-zone untrust policy trust-to-untrust match application any

set security policies from-zone trust to-zone untrust policy trust-to-untrust then permit

set security policies from-zone trust to-zone trust policy Trust-to-Trust match source-address any

set security policies from-zone trust to-zone trust policy Trust-to-Trust match destination-address any

set security policies from-zone trust to-zone trust policy Trust-to-Trust match application any

set security policies from-zone trust to-zone trust policy Trust-to-Trust then permit

set security policies from-zone untrust to-zone trust policy untrust-trust match source-address any

set security policies from-zone untrust to-zone trust policy untrust-trust match destination-address any

set security policies from-zone untrust to-zone trust policy untrust-trust match application any

set security policies from-zone untrust to-zone trust policy untrust-trust then permit

set security zones security-zone trust host-inbound-traffic system-services all

set security zones security-zone trust host-inbound-traffic protocols all

set security zones security-zone trust interfaces ge-0/0/1.0 host-inbound-traffic system-services all

set security zones security-zone trust interfaces ge-0/0/1.0 host-inbound-traffic protocols all

set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services all

set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic protocols all

set security zones security-zone trust interfaces lo0.0 host-inbound-traffic system-services all

set security zones security-zone trust interfaces lo0.0 host-inbound-traffic protocols all

set security zones security-zone untrust host-inbound-traffic system-services all

set security zones security-zone untrust host-inbound-traffic protocols all

set interfaces ge-0/0/0 unit 0 description Link-to-SRX-OSPF

set interfaces ge-0/0/1 unit 0 description SRXLINK

set interfaces ge-0/0/1 unit 0 family inet address 192.168.20.1/30

set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members vlan-trust

set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members vlan-trust

set interfaces ge-0/0/4 unit 0 family ethernet-switching vlan members vlan-trust

set interfaces ge-0/0/5 unit 0 family ethernet-switching vlan members vlan-trust

set interfaces ge-0/0/6 unit 0 family ethernet-switching vlan members vlan-trust

set interfaces ge-0/0/8 unit 0 family ethernet-switching vlan members vlan-trust

set interfaces ge-0/0/9 unit 0 family ethernet-switching vlan members vlan-trust

set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members vlan-trust

set interfaces ge-0/0/11 unit 0 family ethernet-switching vlan members vlan-trust

set interfaces ge-0/0/12 unit 0 family ethernet-switching vlan members vlan-trust

set interfaces ge-0/0/13 unit 0 family ethernet-switching vlan members vlan-trust

set interfaces ge-0/0/14 unit 0 family ethernet-switching vlan members vlan-trust

set interfaces ge-0/0/15 unit 0 family inet dhcp vendor-id Juniper-srx345

set interfaces cl-1/0/0 dialer-options pool 1 priority 100

set interfaces dl0 unit 0 family inet negotiate-address

set interfaces dl0 unit 0 family inet6 negotiate-address

set interfaces dl0 unit 0 dialer-options pool 1

set interfaces dl0 unit 0 dialer-options dial-string 1234

set interfaces dl0 unit 0 dialer-options always-on

set interfaces fxp0 unit 0 family inet address 192.168.1.1/24

set interfaces fxp0 unit 0 family inet address 192.168.100.4/24

set interfaces irb unit 0

set interfaces irb unit 10 family inet address 192.168.10.254/24

set interfaces irb unit 20 family inet

set interfaces lo0 unit 0 family inet address 11.11.11.11/24

set interfaces lo0 unit 0 family inet address 1.1.1.1/24

set access address-assignment pool junosDHCPPool1 family inet network 192.168.1.0/24

set access address-assignment pool junosDHCPPool1 family inet range junosRange low 192.168.1.2

set access address-assignment pool junosDHCPPool1 family inet range junosRange high 192.168.1.254

set access address-assignment pool junosDHCPPool1 family inet dhcp-attributes router 192.168.1.1

set access address-assignment pool junosDHCPPool1 family inet dhcp-attributes propagate-settings ge-0/0/0.0

set access address-assignment pool junosDHCPPool2 family inet network 192.168.2.0/24

set access address-assignment pool junosDHCPPool2 family inet range junosRange low 192.168.2.2

set access address-assignment pool junosDHCPPool2 family inet range junosRange high 192.168.2.254

set access address-assignment pool junosDHCPPool2 family inet dhcp-attributes router 192.168.2.1

set access address-assignment pool junosDHCPPool2 family inet dhcp-attributes propagate-settings ge-0/0/0.0

set vlans ThinClients vlan-id 10

set vlans ThinClients l3-interface irb.10

set vlans vlan-trust vlan-id 3

set protocols ospf area 0.0.0.1 stub

set protocols ospf area 0.0.0.1 area-range 192.168.20.0/24

set protocols ospf area 0.0.0.1 interface ge-0/0/1.0 interface-type p2p

set protocols ospf area 0.0.0.0 interface ge-0/0/0.0

set protocols ospf area 0.0.0.0 interface lo0.0

set protocols l2-learning global-mode switching

set protocols rstp interface all

set routing-options router-id 192.168.20.2

set routing-options static route 192.168.10.0/24 next-hop 192.168.20.2

set routing-options static route 0.0.0.0/0 next-hop 192.168.20.2

set routing-options static route 192.168.10.1/32 next-hop 192.168.20.1

EX4200

set interfaces ge-0/0/0 unit 0 description "<=== THIN CLIENT ===>"

set interfaces ge-0/0/0 unit 0 family ethernet-switching port-mode access

set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members ThinClients

set interfaces ge-0/0/1 unit 0 family ethernet-switching port-mode access

set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members ThinClients

set interfaces ge-0/0/2 unit 0 family ethernet-switching port-mode access

set interfaces ge-0/0/3 unit 0 family ethernet-switching port-mode access

set interfaces ge-0/0/12 description "<=== Thin Client 12 ===>"

set interfaces ge-0/0/12 unit 0 family ethernet-switching port-mode access

set interfaces ge-0/0/13 description "<=== Thin Client 13 ===>"

set interfaces ge-0/0/13 unit 0 family ethernet-switching port-mode access

set interfaces ge-0/0/14 description "<=== Thin Client 14 ===>"

set interfaces ge-0/0/14 unit 0 family ethernet-switching port-mode access

set interfaces ge-0/0/15 description "<=== Thin Client 15 ===>"

set interfaces ge-0/0/15 unit 0 family ethernet-switching port-mode access

set interfaces ge-0/0/18 description "<=== UNUSED ===>"

set interfaces ge-0/0/18 unit 0 family ethernet-switching vlan members 99

set interfaces ge-0/0/21 unit 0 description "Temp port of laptops"

set interfaces ge-0/0/21 unit 0 family ethernet-switching port-mode access

set interfaces ge-0/0/21 unit 0 family ethernet-switching vlan members 99

set interfaces ge-0/0/22 ether-options link-mode full-duplex

set interfaces ge-0/0/22 unit 0 description SRXLINK

set interfaces ge-0/0/22 unit 0 family inet

set interfaces ge-0/0/23 description SRXLINK

set interfaces ge-0/0/23 unit 0 family ethernet-switching

set interfaces ge-0/1/0 unit 0 family ethernet-switching

set interfaces xe-0/1/0 unit 0 family ethernet-switching

set interfaces ge-0/1/1 unit 0 family ethernet-switching

set interfaces xe-0/1/1 unit 0 family ethernet-switching

set interfaces ge-0/1/2 unit 0 family ethernet-switching

set interfaces xe-0/1/2 unit 0 family ethernet-switching

set interfaces ge-0/1/3 unit 0 family ethernet-switching

set interfaces fxp0 unit 0 family inet address 192.168.100.4/24

set interfaces lo0 unit 0 family inet

set interfaces vlan unit 0 family inet

set interfaces vlan unit 10 description ThinClients

set interfaces vlan unit 10 family inet address 192.168.10.1/24

set interfaces vlan unit 20 description SRXLINK

set interfaces vlan unit 20 family inet address 192.168.20.2/30

set interfaces vlan unit 24 family inet

set interfaces vlan unit 99 family inet address 10.1.99.4/26

set interfaces vme unit 0 family inet dhcp vendor-id Juniper-ex4200-24t

set forwarding-options helpers bootp server 10.1.99.10

set forwarding-options helpers bootp interface vlan.20

set routing-options static route 0.0.0.0/0 next-hop 192.168.20.1

set routing-options router-id 10.1.255.2

set protocols ospf area 0.0.0.1 interface vlan.20

set protocols igmp-snooping vlan all

set protocols rstp

set protocols lldp interface all

set protocols lldp-med interface all

set ethernet-switching-options storm-control interface all

set vlans Mgmt vlan-id 99

set vlans SRXLINK interface ge-0/0/23.0

set vlans SRXLINK l3-interface vlan.20

set vlans ThinClients vlan-id 10

set vlans ThinClients l3-interface vlan.10

set vlans UNUSED vlan-id 666

set vlans U_Tools

set vlans VDI_client_analyst vlan-id 97

set vlans WSTATION

set vlans default l3-interface vlan.0

set poe interface all

This is on an EX3300 (I know, I know)

Trying to set my me0 interface VLAN to enable remote management of the device. I created VLAN 8 named MGMT (specifically caps if this is important). Assigned VLAN 8 to that interface. It gives an error like, "Can not assign 2 VLANS on an access interface" VLAN 'mgmt' (specifically lowercase) already assigned.

(I'm sorry as I dont remember exact error - switch is remotely installed as as you can imagine I can not log into it.)

In any case I try to show vlans and other method to enumerate declared named VLANs on the switch but there are none called 'mgmt'. So I can not figure out how to delete or unassign this VLAN named mgmt from me0. I thought I'd out think it and make a new mgmt vlan and assign it my vlan id. But I receive an error that there is already a VLAN of that name... but it still doesn't show with any command that I can find.

Any ideas where this value might exist on the switch or interface that I could delete or reassign? I can't locate any instance of this 'mgmt' value as a VLAN name.

Hello, I'm new to Juniper and could use some assistance verifying my configuration. I'm looking to establish two layer-3 VLANs on an EX4200 switch. Port 23 of the EX4200 is connected as a trunk to port 1 of my SRX 345. Once I confirm everything is set up correctly, my next step is to enable OSPF and advertise the VLAN traffic.

EX4200

set vlan ThinClients vlan-id 10

set vlan WSTATION vlan-id 20

*

set interfaces vlan unit 10 family inet address 192.168.10.1/24

set interfaces vlan unit 20 family inet address 192.168.20.1/24

*

set vlan ThinClients l3-interface vlan.10

set vlan WSTATION l3-interface vlan.20

*

set interfaces ge-0/0/0-1 unit 0 family ethernet-switching port-mode access

set interfaces ge-0/0/0-1 unit 0 family ethernet-switching vlan members vlan ThinClients

set interfaces ge-0/0/2-3 unit 0 family ethernet-switching port-mode access

set interfaces ge-0/0/2-3 unit 0 family ethernet-switching vlan members all vlan WSTATION

* Trunk

set interface ge-0/0/23 unit 0 family ethernet-switching port-mode trunk

set interface ge-0/0/23 unit 0 family eithernet-switching vlan members all

_____________________________________________________________________________

SRX 345

set interface ge-0/0/1 unit 0 family ethernet-switching port-mode trunk

set interface ge-0/0/1 unit 0 family ethernet-switching vlan members all

*

set security zones security-zone trust interfaces ge-0/0/1 host-inbound-traffic system-services all

set security zones security-zone trust interfaces ge-0/0/1 host-inbound-traffic protocol all

set security zones security-zone trust interfaces ge-0/0/1 host-inbound-traffic application all

set security policies from-zone trust to-zone trust policy allow-all match source-address any

set security policies from-zone trust to-zone trust policy allow-all match destination-address any

set security policies from-zone trust to-zone trust policy allow-all match application any

set security policies from-zone trust to-zone trust policy allow-all match then permit

*

set vlans ThinClients vlan-id 10

set interfaces vlan unit 10 family inet address 192.168.0.254/24

set interface vlan irb unit 10 family inet 192.168.0.254

set vlan ThinClient l3-interface irb.10

set vlans WSTATION vlan-id 20

set interfaces vlan unit 20 family inet address 192.168.20.254/24

set interface vlan irb unit 20 family inet 192.168.20.254

set vlan WSTATION l3-interface irb.20

I'm trying to download the Juniper vswitch file via the Juniper website. For some reason I can only download .DMS file. What gives?

I am a newbie to Juniper.

I mean something like juniper firewall or something where I can configure routing tables ospf, rip, etc? I want to learn practically. What should I learn for it. I hate packet tracer and love real world firewall.

any guru's out there can tell me how to turn this into a dynamic profile?

​

set forwarding-options dhcp-relay group client_group1 interface ae0.1500

set forwarding-options dhcp-relay group client_group1 interface ae0.1501

set forwarding-options dhcp-relay group client_group1 interface ae0.1502

...

​

and/or

​

set routing-options static route 1.1.1.10/32 qualified-next-hop ae0.1500

set routing-options static route 1.1.1.11/32 qualified-next-hop ae0.1501

set routing-options static route 1.1.1.12/32 qualified-next-hop ae0.1502

​

​

thanks in advance. my config is getting bloated :)

Hello! I am looking to do a data center refresh, and I was looking into Juniper and MIST. Coming from the Cisco background, I am used to using Cisco ASR routers to handle BGP at the edge. I was told that Juniper SRX1600 Firewall would be able to handle it just fine, and that is what Sales wants to sell me.

Does anyone know if this would be advisable? I was always told that BGP crushes Firewalls. Haven't had much Juniper experience yet.

​

Hi,

I am wondering if you can run a mix of older and newer (diff wattages) power supplies in single Juniper MX960 chassis?

I believe you can, but please clarify and specify any issues.

Thank you very much,

-D

Hi all

My setup:

MX280 that is doing CGNAT , OSPF , and BGP . 

-all traffic is coming from the LAG interface on different sub interfaces.

-I have about 3000 Subs that are doing CGNAT and going out to the Net. 

-Connected via BGP with full routing table to the ISP. 

-Connected to different routers/switches via OSPF. 

I Implemented  the following jflow configuration:

set chassis fpc 0 inline-services flow-table-size ipv4-flow-table-size 15

set services flow-monitoring version-ipfix template ipv4 flow-active-timeout 15

set services flow-monitoring version-ipfix template ipv4 flow-inactive-timeout 15

set services flow-monitoring version-ipfix template ipv4 template-refresh-rate seconds 60

set services flow-monitoring version-ipfix template ipv4 ipv4-template

set forwarding-options sampling instance CSC input rate 200

set forwarding-options sampling instance CSC family inet output flow-server x.x.x.x  port 2055

set forwarding-options sampling instance CSC family inet output flow-server x.x.x.x autonomous-system-type origin

set forwarding-options sampling instance CSC family inet output flow-server x.x.x.x  no-local-dump

set forwarding-options sampling instance CSC family inet output flow-server x.x.x.x  source-address z.z.z.z

set forwarding-options sampling instance CSC family inet output flow-server x.x.x.x  version-ipfix template ipv4

set forwarding-options sampling instance CSC family inet output inline-jflow source-address z.z.z.z

set forwarding-options sampling instance CSC family inet output inline-jflow flow-export-rate 200

set firewall family inet filter DDOS-CSC-jflow term all then count DDOS-CSC-jflow

set firewall family inet filter DDOS-CSC-jflow term all then sample

set firewall family inet filter DDOS-CSC-jflow term all then accept

set interfaces ae11 unit 861 family inet filter input DDOS-CSC-jflow    ( ISP facing )
set interfaces ae11 unit 861 family inet filter output DDOS-CSC-jflow

When I Apply the config.  OSPF goes down only on the router/switch with incoming subscribers to CGNAT. 

I have other OSPF neighbors on the same interface ( different  sub interfaces that was not impacted )

I did not have the time to see if OSPF will recover. I have to rollback  in 1 minute.

Anyone experienced this before ? any thoughts or ideas?

It's Thursday, and you're finally coasting into the weekend. Let's open the floor for a Weekly Question Thread, so we can all ask those Juniper-related questions that we are too embarrassed to ask!

Post your Juniper-related question here to get an answer. Anyone can post a question and the community as a whole is invited and encouraged to provide an answer.

Note: This post is created at 00:00 UTC. It may not be Thursday where you are in the world, no need to comment on it.

Hello, I have a EX-4300-48P and I was trying to test out connecting it to a TP-LINK TL-SG108E and the intended network flow is as follows:

EX-4300-48P Interface ge-0/0/0 set to trunk VLAN 99,100,101 -> TL-SG108E Port 1

TL-SG108E Port 1 is manageable via VLAN 99 but is trunking VLAN 99,100,101

TL-SG108E Port 2 accesses VLAN 100

TL-SG108E Port 3 accesses VLAN 101

So far I configured this on the TL-SG108E-

Port 1:

• Vlan Member for VLAN 99,100,101
• Tagged for VLAN 99,100,101
• PVID = 99

Port 2:

• Vlan member for VLAN 100
• Untagged VLAN 100
• PVID = 100

Port 3:

• Vlan member for VLAN 101

• Untagged VLAN 101

• PVID = 101

Anyone have any ideas as to why when I connect the trunk port I don't even see any packet traffic on ge-0/0/0 but have a blinking activity light on both ends? Also I don't even see the TP-LINK TL-SG108E on the network?

I have following situation: p2p link between arista router and srx fw with following ip on the 2 end of the p2p link:

Arista router (10.2.5.222) - (10.2.5.223) juniper fw

Right now between the router and fw I am using static routes and my idea is to convert to iBGP

Problem: I have the SNAT pool on the firewall

set security nat source pool PAT-POOL address 192.131.52.0/29

set routing-options static route 0.0.0.0/0 next-hop 10.2.5.222

and on the Arista I am aggregating the 192.131.52.0/24 to our upstream and the router will reach the snat pool via static as well

ip route  192.131.52.0/29 10.2.5.223
router bgp xxxx
aggregate-address 192.131.52.0/24 summary-only 

Idea: fw must advertise in the future the 192.131.52.0/29 back to the router via iBGP, the router will trigger the aggregation to upstream using this contribute route 192.131.52.0/29. The router will advertise back to the fw the default route. Aggregation of course will not be touched.

Problem: how can install the 192.131.52.0/29 in the routing table of the firewall? I was thinking to use generate route option but it does not seem the way to go as the firewall does not have any contribute route with clear next-hop.

Any suggestion is welcome, thanks

Hello everybody I need some help about a project

+---------------------+

| Layer 3 Ruijie |

| 2910 Switch |

+----------+----------+

|

|

+----------+----------+

| Juniper SRX 320 |

| Firewall |

+----------+----------+

|

|

|

+----------+----------+

| Juniper 4100 |

| Switch |

+----------+----------+

|

|

+----------+----------+

| Layer 2 Ruijie |

| 2928 Switch |

+----------+----------+

|

|

+--------+---------+

| End User Devices |

| (Computers, |

| Printers, etc.) |

+-------------------+

In this topology I have two different vlans on 2928 vlan184 and vlan213 also there is two different host connected to 2928 one is belong to vlan 184 and the other one belong to 213 I have to restrict all communication between these vlans but they have to communicate rest of the network how can I do with an ACL on EX4100 switch

Hi All , Can I use My AV devices via DANTE on Juniper SW 's ?

Hello everyone,

I bought a nice EX3300-48P for personal use, it's working quite fine but it's running JUNOS 12.3R12-S10

I see there is a 15.1R7.9 to be downloaded on the support page, but no luck without any active subscription... Even the very nice lady on the support phone line isn't able to help me unless I have some other active support contract which I don't...

I asked her to please push to juniper that releasing the software for EOL products would be nice and probably help keeping some of this nice hardware from becoming e-waste...

I find it just realy sad when companies don't care about the waste they're producing and are artificially keeping people from repairing, upgrading or simply keeping it running... Reuse is not the first of the R but neither is it the last...

But it seems money is all they care about, untill we complain hard enough seems Juniper is not about to release any software for their EOL products, they just don't care to spend the money to make it available, they already passed those EOL products/softwares in their "loss" column and aren't seeing kindly to add some more money in what they se as pure loss.. Poor planet of ours...

Is there any possibility to block TCP Timestamps packets on an MX80 arriving on one of the links using firewall policy?

Does anyone know the magic combination?

I'm searching for MX scaling datasheets, how big is the FIB on this mpc5e-40g10g?

Does anyone know where I can get that info?

Has anyone good the juniper mistAI cert in this chat ideally living up north ??

My company have mist APs and we have a captive portal running. We want to use a single WLAN and assign blabs according to the AD role, which I have working already.

However, we also want to have a captive portal for certain VLANS (subnets). Otherwise no captive portal will be shown.

Is there a way to accomplish this!? I've tried to add "allowed subnets" but nothing. I just don't want every VLAN to use captive portal.

Is there a general way to use a QFX5100 as aggregation device for the MX240?

Transit providers are connected to the QFX5100. I thought about trunking the transfer vlans from the transit providers directly to the MX via an interface connected to the qfx5100 and mx.

Is this the "normal" approach?

A few months ago we ran into a new situation where I had to configure lacp with a juniper mx104 and a palo alto 3400. I used the same agreegated ethernet interface ae2 and connected both firewalls and 3 links per firewall to the mx.

Fast forward to today and I just did an update to the palo alto and during fail over the interfaces on the secondary palo alto were having issues coming up.

My question is: should each firewall and connection to mx104 be utilizing a separate aggregated Ethernet interface? My only concern is that I am currently using one static route and i don't know how this could work without adding ospf which will have to wait for a maintenance window.

My current configuration worked prior to the upgrade so I'm also wondering if both are acceptable solutions?

Hello, Any one experience they are unable to ping the irb interface.

We have 3400 3 stack VC, we got a sudden OS corruption on switch2, was able to return back to original settings. able to connect and remote via MIST. but suddenly the management IP we set, we are unable to ping, which was working before the OS corruption.

iknow we must tag the irb to a l3 vlan interface and a device must be connected to it, but still we are unable to ping from Local. but we can from Firewall and able to ping internet too.

arp only shows 8 devices, but this Stack have Accesspoints and servers which i believe should show more.

Support did ask to "commit sync force" but didn't manage to fix the issue.

Maybe someone here got an idea while i wait for support

Hi,

Some of the interface on my EX4600 switch is showing dropped packets on queue 0. These are 10G interfaces and are not being maxed out.

I have the following CoS config applied:

set class-of-service classifiers dscp TEST-DSCP-CLASSIFIER forwarding-class FC-Q0-BE loss-priority low code-points be

set class-of-service classifiers dscp TEST-DSCP-CLASSIFIER forwarding-class FC-Q0-BE loss-priority low code-points nc2

set class-of-service classifiers dscp TEST-DSCP-CLASSIFIER forwarding-class FC-Q1-EF loss-priority low code-points ef

set class-of-service classifiers dscp TEST-DSCP-CLASSIFIER forwarding-class FC-Q2-AF loss-priority low code-points af12

set class-of-service classifiers dscp TEST-DSCP-CLASSIFIER forwarding-class FC-Q2-AF loss-priority low code-points af31

set class-of-service classifiers dscp TEST-DSCP-CLASSIFIER forwarding-class FC-Q3-NC loss-priority low code-points nc1

set class-of-service forwarding-classes class FC-Q0-BE queue-num 0

set class-of-service forwarding-classes class FC-Q1-EF queue-num 1

set class-of-service forwarding-classes class FC-Q2-AF queue-num 2

set class-of-service forwarding-classes class FC-Q3-NC queue-num 3

set class-of-service traffic-control-profiles TEST-TCP scheduler-map TEST-SCHED-MAP

set class-of-service traffic-control-profiles TEST-TCP shaping-rate percent 100

set class-of-service traffic-control-profiles TEST-TCP guaranteed-rate percent 100

set class-of-service traffic-control-profiles STRICT-TCP scheduler-map STRICT-SCHED-MAP

set class-of-service traffic-control-profiles STRICT-TCP shaping-rate percent 100

set class-of-service forwarding-class-sets TEST-FCS class FC-Q0-BE

set class-of-service forwarding-class-sets TEST-FCS class FC-Q2-AF

set class-of-service forwarding-class-sets STRICT-FCS class FC-Q1-EF

set class-of-service forwarding-class-sets STRICT-FCS class FC-Q3-NC

set class-of-service interfaces ge-* forwarding-class-set TEST-FCS output-traffic-control-profile TEST-TCP

set class-of-service interfaces ge-* forwarding-class-set STRICT-FCS output-traffic-control-profile STRICT-TCP

set class-of-service interfaces ge-* unit * classifiers dscp TEST-DSCP-CLASSIFIER

set class-of-service interfaces xe-* forwarding-class-set TEST-FCS output-traffic-control-profile TEST-TCP

set class-of-service interfaces xe-* forwarding-class-set STRICT-FCS output-traffic-control-profile STRICT-TCP

set class-of-service interfaces xe-* unit * classifiers dscp TEST-DSCP-CLASSIFIER

set class-of-service interfaces ae* forwarding-class-set TEST-FCS output-traffic-control-profile TEST-TCP

set class-of-service interfaces ae* forwarding-class-set STRICT-FCS output-traffic-control-profile STRICT-TCP

set class-of-service interfaces ae* unit * classifiers dscp TEST-DSCP-CLASSIFIER

set class-of-service scheduler-maps TEST-SCHED-MAP forwarding-class FC-Q0-BE scheduler SCHED-BE

set class-of-service scheduler-maps TEST-SCHED-MAP forwarding-class FC-Q2-AF scheduler SCHED-AF

set class-of-service scheduler-maps STRICT-SCHED-MAP forwarding-class FC-Q1-EF scheduler SCHED-EF

set class-of-service scheduler-maps STRICT-SCHED-MAP forwarding-class FC-Q3-NC scheduler SCHED-NC

set class-of-service schedulers SCHED-NC buffer-size percent 5

set class-of-service schedulers SCHED-NC priority strict-high

set class-of-service schedulers SCHED-EF buffer-size percent 5

set class-of-service schedulers SCHED-EF priority strict-high

set class-of-service schedulers SCHED-AF transmit-rate percent 30

set class-of-service schedulers SCHED-AF buffer-size percent 15

set class-of-service schedulers SCHED-AF priority low

set class-of-service schedulers SCHED-BE transmit-rate percent 70

set class-of-service schedulers SCHED-BE buffer-size remainder

set class-of-service schedulers SCHED-BE priority low

Is the problem due to lack of buffer space available on queue 0 ?

Thanks

Hello all,

I'm facing a issue that's beenig very hard to find out a solution.

I have two firewalls Juniper SRX345 working in cluster and 5 switches Juniper ex3400 and 2 aruba in cluster with mobility master for my access poits.

The internet service is ok but when any user try to do a meeting with Microsoft Teams, the performance is very bad showing issues like :

1 - Audio and video freezing or glitches

2 - Show poor connection several times

3 - Meeting freezing when some screen is shared

This problems are happen with pc on cable and on wi-fi.

​

After many tests I still looking for a solution.

Can some one give me any idea to sort it?

​

Thank you very much all!

In Mist I need to renumber the switches in VC configuration as the switches don’t match the rack setup.

The document and steps say

“Renumbering the members within a Virtual Chassis does not renumber the port configurations and port profile assignment. Ensure that these changes are taken care of before or after renumbering the members in the Virtual Chassis.”

After changing the order between the two switches do I need to renumber the ports?

Will the switch order change on power up?

How do I keep the switches in mist in line with my physical stack?

I understand that we are not moving forward with QFX10K or 5K and instead we are using PTX moving forward.

one of my friends trying to build evpn vxlan data center using qfx5k/10k , I guess I should advise him not to buy any QFXs and should go with PTXs?

also for using pnetlab/eve-ng for building virtual environment, we hate 2 VM based vQFX(re+pfe), can we build the the software configuration template based on vJuniper-Evolved https://www.juniper.net/us/en/products/network-operating-system/junos-evolved.html if we are planning to purchase QFX 5k/10k?

Is junos-evolved virtual platform 100% the same with qfx5k/10k configuration-wise?

Hey guys!

I'm missing how to tell the outgoing traffic of a source subnet to lookup a different table

Tried this with the firewall and applied to the gateway interface where traffic is getting in from the servers, but apparently it's not doing the job

term vibeg-srcs {
    from {
        source-address {
            <prefix>;
        }
    }
    then {
        routing-instance vibeg;
    }
}
term accept-all-else {
    then accept;
}

Or is it

term vibeg-srcs {
    from {
        source-address {
            <prefix>;
        }
    }
    then {
      next-hop <next-hop>;
      table <your table>;
    }
}
term accept-all-else {
    then accept;
}