/r/JuniperNetworks
Info and news about Juniper Networks, products, training material.
Info and news about Juniper Networks, products, training material.
/r/JuniperNetworks
888 Subscribers
Set one external IP to multiple internal ips
Hi guys,
Quick question in my old ISG-2000 Netscreen I could give multiple public IPs the same internal NAT ip. On the SRX1500 it fails to commit saying there is an overlap.
I read something about address-shared; but have no clue how to do this.
If anyone can shed some light it would be appreciated.
13:52 UTC
Why does "Invalid Code" appear when attempting to claim a Mist AP on trial account?
No matter which route I take, (web, phone app) Claim Status: "Invalid Code" keeps showing up. I'm on a trial account, and deleted and recreated Orgs several times but I continue to get the same status.
Note, I got the AP63 off eBay so I do understand the risk I took. Reading through all the AP claim help on here there's no reference to this status.
21:27 UTC
VC-Juniper-EX2300
BUen dia es mi primer post.
Despues de realizar un proyecto hace un a;o tengo el inconveniente con 2 VC que esta conformado por 3 sw, uno de los 3 me presenta problemas de espacio y esto no me permite realizar alguna configuracion a cualquier sw, he realizo varios procedimientos y el problema persiste.
-Eliminando logs del sistema.
-Haciendo espacio en /Var ya que esta parte es la que mas se llena y me dice que tiene poco espacio.
-Elimino servicios que no necesito.
Entre tantas configuraciones realizadas siempre al reiniciar me deja guardar configuracion unos 3 o 4 dias y luego sucede lo mismo, tal vez algo me esta causando el problmea que no he detectado.
Estoy pendiente a los comentarios.
Gracias.
17:16 UTC
Juniper MX204-HW-BASE 8x 10GB SFP 4x 100GB QSFP28 Router Chassis
15:32 UTC
Juniper SRX not pass just vlan traffic without L3 interface
I need to ping from 10.10.10.2 to 10.10.10.1 IP but it is not successful. This is my topology diagram. SRX340 need to switch the corresponding vlan as L2. SRX receive mac from both Cisco router port and Cisco cluster switch port but Cisco cluster switch not learn the mac from SRX340. SRX to Cisco cluster switch connected with bundle interface.
Anyone can help for this ?
15:35 UTC
EX2200 switches
Are Mist EX2200-48P switches able to join the Mist online console for centralized management? We have been able to add EX2300 switches but have not been successful with the EX2200 line. Thank you.
12:10 UTC
Juniper routing engine and IPv4, IPv6 relationships
I have been trying to find a relationship between IPv4 and IPv6 routing table size and how many can a specific MX routing engine can handle. But having no luck finding such info.
For example, how many routing tables can RE-S-2000-4096 hold, based on its RAM size?
I found out that there is approx. 1000K entries routing table as of Sept. 2023.
Thank you for your help.
17:31 UTC
port-mirror-instance
Hi everyone, I'm trying to mirror all traffic using the configuration below, but it doesn't seem to be working. Please help.
set interfaces ge-1/3/4 encapsulation ethernet-bridge
set interfaces ge-1/3/4 unit 0 family bridge
set bridge-domains PORT-MIRROR1 interface ge-1/3/4.0
set forwarding-options port-mirroring instance PM-INSTANCE-1 input rate 1
set forwarding-options port-mirroring instance PM-INSTANCE-1 family any output interface ge-1/3/4.0
set firewall family any filter MIRROR-ANY-INS1 term 1 then accept
set firewall family any filter MIRROR-ANY-INS1 term 1 then port-mirror-instance PM-INSTANCE-1
set chassis fpc 1 pic 3 port-mirror-instance PM-INSTANCE-1
set interfaces ae2 unit 0 filter input MIRROR-ANY-INS1
set interfaces ae2 unit 0 filter output MIRROR-ANY-INS1The ingress and egress traffic is mirrored:
# run show interfaces ae2 extensive | match bps | refresh 1
---(refreshed at 2023-09-18 10:48:35 ICT)---
Link-level type: Ethernet, MTU: 9192, Speed: 1Gbps, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled,
Minimum links needed: 1, Minimum bandwidth needed: 1bps
Input bytes : 2642988529 3728 bps
Output bytes : 603764001 3456 bps
Input bytes : 0 0 bps
Statistics Packets pps Bytes bps
---(refreshed at 2023-09-18 10:48:36 ICT)---Port Mirror output traffic as below:
# run show interfaces ge-1/3/4 extensive | match bps | refresh 1
---(refreshed at 2023-09-18 10:48:28 ICT)---
Link-level type: Ethernet-CCC, MTU: 1514, MRU: 1522, LAN-PHY mode, Speed: 1000mbps, BPDU Error: None, Loop Detect PDU Error: None,
Input bytes : 438029 0 bps
Output bytes : 0 0 bps
Flow control: Symmetric, Remote fault: Link OK, Local link Speed: 1000 Mbps, Link mode: Full-duplex
% bps % usec
Input bytes : 0 0 bps
Output bytes : 0 0 bpsIs something wrong because my port mirror output traffic is nothing?
04:42 UTC
VMX BNG ppp subscriber-mgr-activation-failed
Dear All,
When I configured vMX BNG with PPPoE on local DHCP Server, it provisioned subscriber and assigned an IPv4 and IPv6, however logged out and reconnect continuously with new IP after 8-10 seconds. The error on Authentication log shown:
state:log-out ge-0/0/1.3221227567:777 reason: ppp subscriber-mgr-activation-failed
What is the possible reason for that?
15:16 UTC
EX2300 48P Virtual Chassis config
Good morning all, I have only setup a couple of multi switch Virtual Chassis. In each case, I setup each switch fully, then setup the VC, clean up any config issues, connected them and went on about my day. I want to decrease the time it takes to build a VC if possible.
My question is... If I fully config the Master, IRB's, VLANS, DHCP Helper, etc. Then, I just input enough information to create the VC on the other X devices. Lastly connect the switches, confirm the VC and set all interfaces (Access/Trunk/VLANS) from the Master. Would this bring up a functional VC? Or do I need to do more config on the X devices?
12:31 UTC
MX204 BNG Customers do not get IP from External DHCP Server
I have configured my Juniper MX204 as a BNG IPOE with DHCP Relay and pointing an external DHCP server through forwarding options:
MX204 as BNG with DHCP relay configuration:
forwarding-options {
dhcp-relay {
access-profile Test;
server-group {
DHCP {
192.168.100.100;
}
}
active-server-group DHCP;
group all {
authentication {
username-include {
mac-address;
}
}
interface ge-0/0/0.0;
interface ge-0/0/2.0;
}
}
}
I have also configured an external RADIUS Server on Ubuntu and it authenticating and authorising by Access-Accept.
The issue is: My DHCP server received DHCP-DISCOVER request from BNG, it also offer IP to the BNG, However, the loopback interface of Juniper is not receiving it and clients are also not receiving any IPs from DHCP server. Some logs are here:
tail -f /var/log/syslog
Aug 2 12:09:33 DHCP dhcpd[45777]: DHCPDISCOVER from 50:02:00:31:00:01 (C-1) via 192.168.100.1
Aug 2 12:09:33 DHCP dhcpd[45777]: DHCPOFFER on 192.168.100.102 to 50:02:00:31:00:01 (C-1) via 192.168.100.1
Aug 2 12:09:42 DHCP dhcpd[45777]: DHCPDISCOVER from 50:02:00:31:00:01 (C-1) via 192.168.100.1
Aug 2 12:09:42 DHCP dhcpd[45777]: DHCPOFFER on 192.168.100.102 to 50:02:00:31:00:01 (C-1) via 192.168.100.1
Aug 2 12:09:47 DHCP dhcpd[45777]: DHCPDISCOVER from 50:02:00:31:00:01 (C-1) via 192.168.100.1
Aug 2 12:09:47 DHCP dhcpd[45777]: DHCPOFFER on 192.168.100.102 to 50:02:00:31:00:01 (C-1) via 192.168.100.1
Aug 2 12:09:48 DHCP dhcpd[45777]: DHCPDISCOVER from 50:02:00:31:00:01 (C-1) via 192.168.100.1
Aug 2 12:09:48 DHCP dhcpd[45777]: DHCPOFFER on 192.168.100.102 to 50:02:00:31:00:01 (C-1) via 192.168.100.1
Aug 2 12:09:48 DHCP dhcpd[45777]: DHCPDISCOVER from 50:02:00:31:00:01 (C-1) via 192.168.100.1
Aug 2 12:09:48 DHCP dhcpd[45777]: DHCPOFFER on 192.168.100.102 to 50:02:00:31:00:01 (C-1) via 192.168.100.1
DHCP Server cannot recognise BNG Loopback interface: (This is Wireshark packet capture)
Juniper is not receiving any IP from DHCP server: show log dhcplog | last 300
My Clients are not getting any IP:
My dynamic profile configuration is as below:
dynamic-profiles {
DYP-IPOE-DHCP-INET {
predefined-variable-defaults {
input-filter default;
output-filter default;
output-ipv6-filter default-v6;
input-ipv6-filter default-v6;
}
routing-instances {
"$junos-routing-instance" {
interface "$junos-interface-name" {
any;
}
routing-options {
rib "$junos-ipv6-rib" {
access {
route $junos-framed-route-ipv6-address-prefix {
qualified-next-hop "$junos-interface-name";
metric "$junos-framed-route-ipv6-cost";
preference "$junos-framed-route-ipv6-distance";
tag "$junos-framed-route-ipv6-tag";
}
}
}
access {
route $junos-framed-route-ip-address-prefix {
next-hop "$junos-framed-route-nexthop";
metric "$junos-framed-route-cost";
preference "$junos-framed-route-distance";
tag "$junos-framed-route-tag";
}
}
}
}
}
interfaces {
demux0 {
unit "$junos-interface-unit" {
proxy-arp;
demux-options {
underlying-interface "$junos-underlying-interface";
}
family inet {
demux-source {
$junos-subscriber-ip-address;
}
filter {
input "$junos-input-filter";
output "$junos-output-filter";
}
unnumbered-address lo0.0;
}
family inet6 {
filter {
input "$junos-input-ipv6-filter";
output "$junos-output-ipv6-filter";
}
address $junos-ipv6-address;
demux-source {
"$junos-subscriber-ipv6-address";
}
unnumbered-address lo0.0;
}
}
}
}
protocols {
router-advertisement {
interface "$junos-interface-name" {
link-mtu;
prefix $junos-ipv6-ndra-prefix {
valid-lifetime 14400;
on-link;
preferred-lifetime 14400;
}
}
}
}
}
DYP-SVLAN-IPDEMUX {
interfaces {
demux0 {
unit "$junos-interface-unit" {
actual-transit-statistics;
demux-source [ inet inet6 ];
proxy-arp;
vlan-id "$junos-vlan-id";
demux-options {
underlying-interface "$junos-interface-ifd-name";
}
family inet {
unnumbered-address lo0.0 preferred-source-address 192.168.100.1;
}
family inet6 {
unnumbered-address lo0.0 preferred-source-address 2009:2007::1;
}
}
}
}
}
}
Anyone has any solution for that please?
15:49 UTC
Junos update fail
For a system operating as a standalone device, the following error will be seen:
root@juniper> request system software add /var/tmp/junos-arm-32-18.4R1.8.tgz no-copy no-validate reboot
Error: not enough space to unpack /var/tmp/junos-arm-32-18.4R1.8.tgz ERROR: Either use 'force' or consider deleting snapshots using 'request system snapshot delete <snap>'
we already clear the storage by using .
root@juniper> request system storage cleanup
root@juniper> request system snapshot delete *
after clearing the storage it again shows the same error.
Is there any other solution for this issue.
04:12 UTC
EX2300 Mac Limit Configuration is not working
Hi Experts
Unable to configure mac limit in Juniper Ex2300
what we tried is
[edit switch-options]
user@switch# set interface interface-name interface-mac-limit limit packet-action action
also tried with Vlan
[edit vlans]
user@switch# set vlan-name switch-options mac-table-size limit packet-action action
Please suggest a proper way to configure Mac limit on an Interface.
06:22 UTC
Spanning Tree
Model Ex4200-24px switch. JunOs image 12.3R9.4. Recently had a network loop disable two ports and change port status to Blocking. Port Role is disabled.
Tried using #delete interfaces ge-x/x/x disable; which works on different model switch I have.
No idea how to get these ports back into forwarding and designated.
19:34 UTC
Juniper EX4300 "mac info allocation failed"
Hi All! I can't seem to find any info on the error we're seeing on our EX4300 stack. The switches have been up for over 4 years - might be something a reboot can clear but wondered if anyone has seen this before?
show log messages
"Apr 19 13:30:49 la-******access-sw1 pfex: mac info allocation failed
Apr 19 13:30:49 la-******access-sw1 fpc0 mac info allocation failed
Apr 19 13:30:51 la-******access-sw1 fpc1 mac info allocation failed"
Thanks!
20:41 UTC
Tracking condition applied to EX static route entry
Hi guys,
I have an EX4600 and I would need to apply a tracking condition to some static routes configured on it, based on the status of 1 EX physical interface, like another manufacturers can do...
Do you know if is this possible with an EX? I am looking in the command guide but I cannot see similar function
Kind Regards
Juan
14:28 UTC
Mist AP optimization
Have a few Mist WiFi 6 APs, they're getting full power to all radios, but signal strength and range are pretty weak. 5Ghz only connects while in the same room (console says transmit Power= 20 dBm) but signal strength is barely drops into the upper -30s even when a foot away from the AP. Signal strength throughout my residence is usable, but significantly lower than many other brands I've tested. If anyone has any recommendations or link to a good optimization guide, please share.
00:48 UTC
Husband is applying for a Network and systems specialist position at a school district. Any tips about how to prepare for the testing and interview?
20:06 UTC
Current studying for JNCIA and got my hands on an ex 4200 for practice. What else do I need as far as equipment, and are there any scenarios best for training?
03:44 UTC
Limit bandwidth on a Ip
hi team
Could you help me, I have a Juniper srx300 firewall and I want to limit the bandwidth use of an IP to 2mb for download and upload
How could I do it?
00:01 UTC
mld packets flooded back on the same interface on which they are received
So just posting this hear as a word of warning. I'm seeing mld packets looped right back out the same interface the switch receives them on, violating a cardinal rule of switching, on ex4300mp's. This happens when the following 2 conditions are met.
the path to vstp root is on a port that is the non master RE.
mld-snooping is enabled on the vlan. We had the exact same thing happen with dhcp packets (v4) when the dhcp security was enabled on the vlan and path to root was on non master RE. This can be seen on case 2021-0222-0299. There is a PR that came from that case, PR1610253.
The behvavior is the exactly the same now, but with mld instead of dhcp. There is a jtac case open, 2023-0212-638031.
This is the 3rd time now that we've had issues with Junos devices not handling broadcast/flooded traffic correct. The problem seems to be endemic to the Junos platform.
Work around so far is to toggle RE or disable mld-snooping.
16:02 UTC
EX-4200 Data Storage Replacement
hello everyone,
I bought an EX4200 second hand about 2 years ago, but as of recently it has become an EOL product. I have been going through the internet looking how to replace the data storage drive on it, and have had no luck thus far. any pointers to finding a replacement part would be much appreciated.
Many thanks in advance.
09:01 UTC
alternatives to IPvfoo
Hi Team, am looking for better alternatives to IPv4foo, anyone has ideas? and other similar apps as well
23:05 UTC
Enabled Protocols
I am trying to figure out how to tell what protocols are enabled in my EX4300. Is there a command that will list them all or am I missing it somewhere in the configuration?
16:46 UTC
Find Regional Juniper SE
Good day,
Anyone know of a way to find out who my Juniper SE is? I don't know the sales rep either for our region. North Dakota
Thank you
14:46 UTC
Juniper firmware for Trapeze MX800
Hello, some years ago I purchased a WLC800 with some WLA522 APs 2nd hand on eBay for home use.
The WLC800 died and I found an old trapeze MX800 mobility exchange but, since it still has the trapeze firmware, the WLA522 APs do not work with it.
This is a home setup and I cannot access to download latest firmware from juniper.
Is there any other way to acquire the firmware?
16:24 UTC
MX DHCP relay issue
Hello,
We have a pair of MX204 running 20.4R3-S3.4. We have been having some issues with DHCP.
The DHCP lease time is set to 42 minutes, due to the amount of wifi devices and the wifi devices move around. Most devices are fine. We just have some devices cannot get their DHCP address renew. Upon closer at the DHCP renew during the T2 timer due. The device will send out a DHCP request but the source address as DHCP assigned IP address, but the destination address is 255.255.255.255. I don't see that DHCP request make it to the DHCP server side. The device DHCP lease time is up and it will start from discovery again, and so on.
My understand is when the DHCP lease time reach half, the client will send DHCP request to extend the least time as a DHCP request. It should be an unicast packet as DHCP server assigned IP address as source and the DHCP server as destination to extend the lease. But that is not the behavior I observed. Is it a Juniper MX DHCP relay issue or config issue?
Thanks for time,
E
Here is the partial of the configuration,
This is the DHCP portion of the firewall filter apply to the lo0 interface.
set firewall family inet filter accept-dhcp term accept-dhcp from protocol udp
set firewall family inet filter accept-dhcp term accept-dhcp from port 67
set firewall family inet filter accept-dhcp term accept-dhcp from port 68
set firewall family inet filter accept-dhcp term accept-dhcp then count accept-dhcp
set firewall family inet filter accept-dhcp term accept-dhcp then accept
set interfaces lo0 unit 0 family inet filter input-list accept-dhcp
set forwarding-options dhcp-relay overrides no-arp
set forwarding-options dhcp-relay forward-only
set forwarding-options dhcp-relay server-group net_dhcp_servers 192.168.1.10
set forwarding-options dhcp-relay server-group net_dhcp_servers 192.168.7.10
set forwarding-options dhcp-relay active-server-group net_dhcp_servers
set forwarding-options dhcp-relay group data_interfaces overrides no-arp
set forwarding-options dhcp-relay group data_interfaces forward-only
set forwarding-options dhcp-relay group data_interfaces interface ae0.1000
<snipped>15:08 UTC