[j-nsp] NAT Port translation on JUNOS, puzzled...
I'm working on a NAT setup, which is actually very straightforward but i still am puzzled by the services documentation from Juniper. Please help :). It's a J2300 with 2 interfaces, in and out. One public IP address and a local subnet on the inside. I got the network translation from the inside to the public ip working, but now i want to configure one single port-forward to an internal host (let's say 10.0.0.1) on port 80. But how? On a cheap $50 router it's a point-and-click, but it's not even in J-web?! The config i have now : services { service-set wan-service-set { nat-rules nat-set; interface-service { service-interface sp-0/0/0; } } nat { pool nat-pool { address-range low 217.21.x.x high 217.21.x.x; port automatic; } rule nat-set { match-direction input; term 1 { from then { translated { source-pool nat-pool; translation-type { source dynamic; } } } } } } } -- Kind regards, Signet bv Remco Bressers T 040 - 707 4 907 F 040 - 707 4 909 E [EMAIL PROTECTED] ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] RE : ISIS between T640 and Redback SE 800
Hi, I've flapping between SE and T640 : Hereafter some logs : Jun 17 07:28:57 ncidf303 rpd[16196]: RPD_ISIS_ADJDOWN: IS-IS lost L2 adjacency to SE800 on ae8.1456, reason: Address Mismatch Jun 17 07:29:04 ncidf303 rpd[16196]: RPD_ISIS_LSPCKSUM: IS-IS L2 LSP checksum error, interface ae8.1456, LSP id nclyo302.00-01, sequence 0x418, checksum 0xd308, lifetime 60148 Jun 17 07:29:07 ncidf303 rpd[16196]: RPD_ISIS_LSPCKSUM: IS-IS L2 LSP checksum error, interface ae8.1456, LSP id ncstr102.00-00, sequence 0x8bab, checksum 0x81c7, lifetime 35134 Each time we've the Address Mismatch we've also the log LSP checksum error Regards, David -Message d'origine- De : Jeff Tantsura [mailto:[EMAIL PROTECTED] Envoyé : mardi 17 juin 2008 09:43 À : ROY David URS NANTES Cc : juniper-nsp@puck.nether.net Objet : RE: [j-nsp]RE : ISIS between T640 and Redback SE800 Hi David, Flapping between SE and J? Can you provide more info, logs, etc Cheers, Jeff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: maandag 16 juni 2008 11:27 To: ROY David URS NANTES; Jeff Tantsura; baraa baraa; [EMAIL PROTECTED]; Tony Stout Cc: juniper-nsp@puck.nether.net Subject: RE: [j-nsp]RE : ISIS between T640 and Redback SE800 Now, Isis works fine between T640 and SE800. But now, I've got ISIS adjacency flapping with this reason : RPD_ISIS_ADJDOWN: IS-IS lost L2 adjacency to .0a7b.9842 on ae8.1456, reason: Address Mismatch Somebody has more information regarding to this reason ? Thanks, Regards David -Message d'origine- De : [EMAIL PROTECTED] [mailto:juniper-nsp- [EMAIL PROTECTED] De la part de [EMAIL PROTECTED] Envoyé : mercredi 11 juin 2008 11:11 À : Jeff Tantsura; baraa baraa; [EMAIL PROTECTED]; Tony Stout Cc : juniper-nsp@puck.nether.net Objet : Re: [j-nsp]RE : ISIS between T640 and Redback SE800 Thanks, I will test it. Regards, David -Message d'origine- De : Jeff Tantsura [mailto:[EMAIL PROTECTED] Envoyé : mercredi 11 juin 2008 04:11 À : ROY David URS NANTES; 'baraa baraa'; [EMAIL PROTECTED]; 'Tony Stout' Cc : juniper-nsp@puck.nether.net Objet : RE: [j-nsp] RE : ISIS between T640 and Redback SE800 Hi, That's how you configure it: router isis ip-backbone interface my_interface authentication key-chain keys type simple key-chain keys key-id 1 key-string monday Regards, Jeff -Original Message- From: [EMAIL PROTECTED] [mailto:juniper-nsp- [EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: dinsdag 10 juni 2008 20:27 To: baraa baraa; [EMAIL PROTECTED]; Tony Stout Cc: juniper-nsp@puck.nether.net Subject: [j-nsp] RE : ISIS between T640 and Redback SE800 Thanks. Regards, David De: baraa baraa [mailto:[EMAIL PROTECTED] Date: mar. 10/06/2008 17:51 À: ROY David URS NANTES; [EMAIL PROTECTED]; Tony Stout Cc: juniper-nsp@puck.nether.net Objet : RE: [j-nsp] ISIS between T640 and Redback SE800 hi Daved; This link may help you, to configure LSP on SE800 http://www.frameip.com/forum/publication-de-piece-jointe/redback/Por ts - Circuits-and-Tunnels-Operations-Guide.pdf BR Baraa Ericsson AB Date: Tue, 10 Jun 2008 17:30:21 +0200 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] CC: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] ISIS between T640 and Redback SE800 It's seems that is a Authentication issue. Indeed, we have LSP L2 authentication simple configured on the T640 and I've enabled the traceoption ISIS flag error : the logs displays this : Jun 10 16:57:01.533962 ERROR: ISIS ignored a bad packet: L2 LSP id .0a7b.820 8.00-00 from .0a7b.8208 on interface ae8.1458 without authentication So I've to find how to configure LSP authentication simple on the Redback. David -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Envoyé : mardi 10 juin 2008 17:19 À : Tony Stout Cc : juniper-nsp@puck.nether.net; ROY David URS NANTES Objet : RE: [j-nsp] ISIS between T640 and Redback SE800 Ok... So is this ethernet direct between the boxes? No switch? Is it possible to sniff this traffic and see if there are errors coming out of the T box? Tony Stout [EMAIL PROTECTED] wrote: Aggregated ethernet - 802.3ad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, June 10, 2008 10:43 AM To: [EMAIL PROTECTED] Cc: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] ISIS between T640 and Redback SE800 What is an AE??? [EMAIL PROTECTED] wrote: Hi all, I encountered some problems to established ISIS between a T640 and a Redback SE800 through an AE. The ISIS level 2 adjacency is well
[j-nsp] Extreme Switch Hang issue
Hi all, I am using Extreme Switch summit 400 48t (Extremeware Version 7.5e.2.8) connected to Juniper M7i (JUNOS Base OS boot [8.0R2.8]). I sometime see that Extreme Switch hangs, but on juniper side none of ports is shown in down state. Does anybody have any idea of, if it is a known issue with any of the OS's. Thanks Munish Saini ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Extreme Switch Hang issue
Hi Munish, You Extreme hang then you need to restart the device? Or you can't access your Extreme because your management using one of the management vlan on the trunking link from juniper to Extreme? I'd been on that problem before but it happened on aggregate-ethernet with lacp on it (Extreme use port sharing with dynamic flow traffic). Sometimes I need to restart PIC FE on my M-series with JunOS 8.0R3.4 when the problem occurred. The problem come up when you include the scheduler-map statement (at the class-of-service interfaces aeX) hierarchy level and member link of the aggregate-ethernet goes intermittent (up/down), traffic forwarding on the routing platform halts for approximately 400 milliseconds or your Extreme port-sharing indicated ND (not distribute) (you need to re-create port-sharing sometimes it will help), or sometimes you need to restart PIC FE on juniper router based on PR from Juniper this already solved on JunOS 8.1R4 or latest. Thanks, Beny D Setyawan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Munish Saini Sent: Tuesday, June 17, 2008 5:12 PM To: juniper-nsp@puck.nether.net Subject: [j-nsp] Extreme Switch Hang issue Hi all, I am using Extreme Switch summit 400 48t (Extremeware Version 7.5e.2.8) connected to Juniper M7i (JUNOS Base OS boot [8.0R2.8]). I sometime see that Extreme Switch hangs, but on juniper side none of ports is shown in down state. Does anybody have any idea of, if it is a known issue with any of the OS's. Thanks Munish Saini ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] RD usage in BGP based VPLS
Hi can any one tell me why RD is required for BGP based VPLS configaration. in case of L3 vpn RD is used to make customer ipv4 address globally unique in MPLS domain. But i dont understand the usage of RD in case of VPLS. Murthy ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Serial Question
Hi Lee, This might be a known issue. Have you buzzed Juniper TAC about this? Cheers Lakshmi 2008/6/17 Lee Hetherington [EMAIL PROTECTED]: Hi All, I have a J2320-JH which is replacing an aging Cisco 3640. I am having trouble bringing up an x.21 leased line. It brings up the line, but in cisco terms not the protocol. It keeps telling me on my subinterface flags: down. Below are my cisco and juniper configs. Anyone any ideas, the isp is being particularly un-helpful. Cisco: ! interface Serial0/0 bandwidth 2048 no ip address encapsulation frame-relay no ip mroute-cache keepalive 5 no fair-queue frame-relay lmi-type ansi ! interface Serial0/0.16 point-to-point description Telstra Circuit ip address 154.32.xxx.81 255.255.255.252 no cdp enable frame-relay interface-dlci 16 IETF ! Juniper: se-1/0/1 { description Telstra; mtu 1500; encapsulation frame-relay; serial-options { clocking-mode loop; } unit 0 { description Telstra Serial Circuit MXFS203988; point-to-point; dlci 16; family inet { address 154.32.152.81/30; } } } Many Thanks, Lee ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] NAT Port translation on JUNOS, puzzled...
I'm on my Blackberry so I can't give you the full config right now but you need to get rid of that 'port automatic' command as that will enable PAT. Give me a few minutes and I will post the rest of the configuration. Stefan Fouant Principal Network Engineer NeuStar, Inc. - http://www.neustar.biz On 6/17/08, Remco Bressers [EMAIL PROTECTED] wrote: I'm working on a NAT setup, which is actually very straightforward but i still am puzzled by the services documentation from Juniper. Please help :). It's a J2300 with 2 interfaces, in and out. One public IP address and a local subnet on the inside. I got the network translation from the inside to the public ip working, but now i want to configure one single port-forward to an internal host (let's say 10.0.0.1) on port 80. But how? On a cheap $50 router it's a point-and-click, but it's not even in J-web?! The config i have now : services { service-set wan-service-set { nat-rules nat-set; interface-service { service-interface sp-0/0/0; } } nat { pool nat-pool { address-range low 217.21.x.x high 217.21.x.x; port automatic; } rule nat-set { match-direction input; term 1 { from then { translated { source-pool nat-pool; translation-type { source dynamic; } } } } } } } -- Kind regards, Signet bv Remco Bressers T 040 - 707 4 907 F 040 - 707 4 909 E [EMAIL PROTECTED] ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -- Sent from Gmail for mobile | mobile.google.com ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] NAT Port translation on JUNOS, puzzled...
Ok here are a few pointers... You can directly specify the destination using the 'destination-prefix' command as opposed to the 'destination-pool' command because in this configuration you are only translating for a single address. Furthermore, you need to specify the 'destination-address' and 'application' in the 'from' portion in order to properly match on the appropriate flow you want to apply destination NAT to. Give the following a try: services { nat { rule nat-set { match-direction input; term 1 { /* Matches on inbound to 50.0.0.10/32 Port 80 */ from { destination-address { 50.0.0.10/32; } applications junos-http; } /* Static translation of Port 80 to 10.0.0.100/32 */ then { translated { destination-prefix 10.0.0.100/32; translation-type destination static; } } } } } service-set wan-service-set { nat-rules nat-set; interface-service { service-interface sp-0/0/0; } } } You also might want to consider moving to JUNOS Enhanced Services as the NAT configuration is greatly simplified and much more logical in nature than in normal JUNOS using 'services' configs. HTHs. Stefan Fouant Principal Network Engineer NeuStar, Inc. - http://www.neustar.biz On Tue, Jun 17, 2008 at 9:31 AM, Remco Bressers [EMAIL PROTECTED] wrote: Hi Stefan, It would be great to receive a full snippet of config. Thanks! Remco Stefan Fouant wrote: I'm on my Blackberry so I can't give you the full config right now but you need to get rid of that 'port automatic' command as that will enable PAT. Give me a few minutes and I will post the rest of the configuration. Stefan Fouant Principal Network Engineer NeuStar, Inc. - http://www.neustar.biz On 6/17/08, Remco Bressers [EMAIL PROTECTED] wrote: I'm working on a NAT setup, which is actually very straightforward but i still am puzzled by the services documentation from Juniper. Please help :). It's a J2300 with 2 interfaces, in and out. One public IP address and a local subnet on the inside. I got the network translation from the inside to the public ip working, but now i want to configure one single port-forward to an internal host (let's say 10.0.0.1) on port 80. But how? On a cheap $50 router it's a point-and-click, but it's not even in J-web?! The config i have now : services { service-set wan-service-set { nat-rules nat-set; interface-service { service-interface sp-0/0/0; } } nat { pool nat-pool { address-range low 217.21.x.x high 217.21.x.x; port automatic; } rule nat-set { match-direction input; term 1 { from then { translated { source-pool nat-pool; translation-type { source dynamic; } } } } } } } -- Kind regards, Signet bv Remco Bressers T 040 - 707 4 907 F 040 - 707 4 909 E [EMAIL PROTECTED] ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -- Met vriendelijke groet, Signet bv Remco Bressers T 040 - 707 4 907 F 040 - 707 4 909 E [EMAIL PROTECTED] altijd online? www.signet.nl ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] RD usage in BGP based VPLS
if you're using bgp signaling for auto discovery then you need RD, if you are using LDP, you do not if you still dont know why you need an RD when using bgp, i suggest you read the following RFC's http://tools.ietf.org/html/rfc4761 http://tools.ietf.org/html/rfc4762 On Tue, Jun 17, 2008 at 8:07 AM, narasimha murthy [EMAIL PROTECTED] wrote: Hi can any one tell me why RD is required for BGP based VPLS configaration. in case of L3 vpn RD is used to make customer ipv4 address globally unique in MPLS domain. But i dont understand the usage of RD in case of VPLS. Murthy ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] NAT Port translation on JUNOS, puzzled...
P.S. A book which has very good coverage of the subject matter and might prove to be a valuable reference if you plan to support these types of functions is JUNOS Enterprise Routing by Doug Marschke and Harry Reynolds. Regards, Stefan Fouant Principal Network Engineer NeuStar, Inc. - http://www.neustar.biz On Tue, Jun 17, 2008 at 10:43 AM, Stefan Fouant [EMAIL PROTECTED] wrote: A NAT rule similar to the following would accomplish your goal of outbound dynamic translation, assuming you wanted to use PAT (most likely if you only have a few public IPs): services { nat { pool nat-pool { address 50.0.0.1/32; port automatic } rule nat-set-outbound { match-direction output; term 1 { then { translated { source-pool nat-pool; translation-type source dynamic; } } } } } } Notice I used a pool here. This is not necessary but allows for future scalability if you get additional public IPs and want to add them to the pool. Also notice that I have not specified a from clause. This will essentially match on *all* outbound flows. If you want different behavior you should specify the match conditions appropriately. Regards, Stefan Fouant Principal Network Engineer NeuStar, Inc. - http://www.neustar.biz On Tue, Jun 17, 2008 at 10:22 AM, Remco Bressers [EMAIL PROTECTED] wrote: Hi, Thanks a million for this. I'll try it out lateron. How do i combine this with the dynamic translation outbound for my internal LAN to the Internet? Regards, Remco Stefan Fouant wrote: Ok here are a few pointers... You can directly specify the destination using the 'destination-prefix' command as opposed to the 'destination-pool' command because in this configuration you are only translating for a single address. Furthermore, you need to specify the 'destination-address' and 'application' in the 'from' portion in order to properly match on the appropriate flow you want to apply destination NAT to. Give the following a try: services { nat { rule nat-set { match-direction input; term 1 { /* Matches on inbound to 50.0.0.10/32 http://50.0.0.10/32 Port 80 */ from { destination-address { 50.0.0.10/32 http://50.0.0.10/32; } applications junos-http; } /* Static translation of Port 80 to 10.0.0.100/32 http://10.0.0.100/32 */ then { translated { destination-prefix 10.0.0.100/32 http://10.0.0.100/32; translation-type destination static; } } } } } service-set wan-service-set { nat-rules nat-set; interface-service { service-interface sp-0/0/0; } } } You also might want to consider moving to JUNOS Enhanced Services as the NAT configuration is greatly simplified and much more logical in nature than in normal JUNOS using 'services' configs. HTHs. Stefan Fouant Principal Network Engineer NeuStar, Inc. - http://www.neustar.biz http://www.neustar.biz/ On Tue, Jun 17, 2008 at 9:31 AM, Remco Bressers [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hi Stefan, It would be great to receive a full snippet of config. Thanks! Remco Stefan Fouant wrote: I'm on my Blackberry so I can't give you the full config right now but you need to get rid of that 'port automatic' command as that will enable PAT. Give me a few minutes and I will post the rest of the configuration. Stefan Fouant Principal Network Engineer NeuStar, Inc. - http://www.neustar.biz http://www.neustar.biz/ On 6/17/08, Remco Bressers [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: I'm working on a NAT setup, which is actually very straightforward but i still am puzzled by the services documentation from Juniper. Please help :). It's a J2300 with 2 interfaces, in and out. One public IP address and a local subnet on the inside. I got the network translation from the inside to the public ip working, but now i want to configure one single port-forward to an internal host (let's say 10.0.0.1 http://10.0.0.1/) on port 80. But how? On a cheap $50 router it's a point-and-click, but it's not even in J-web?! The config i have now : services { service-set wan-service-set {
Re: [j-nsp] RD usage in BGP based VPLS
Unless you're running nonstop active routing (NSR), you can get away with simply setting the global route-distinguisher-id value to the loopback IP of your box at [edit routing-options] instead of manually specifying the RD in every routing-instance. Then, all routing-instances will import it and generate the 2nd value for you (ie. ip:some_value). That said, if you are planning on enabling NSR in the future, just create RDs in each routing-instance now to save yourself a headache later. David 2008/6/17 Christian Koch [EMAIL PROTECTED]: if you're using bgp signaling for auto discovery then you need RD, if you are using LDP, you do not if you still dont know why you need an RD when using bgp, i suggest you read the following RFC's http://tools.ietf.org/html/rfc4761 http://tools.ietf.org/html/rfc4762 On Tue, Jun 17, 2008 at 8:07 AM, narasimha murthy [EMAIL PROTECTED] wrote: Hi can any one tell me why RD is required for BGP based VPLS configaration. in case of L3 vpn RD is used to make customer ipv4 address globally unique in MPLS domain. But i dont understand the usage of RD in case of VPLS. Murthy ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Serial Question
Hi Lee Can you provide us for some traces: Monitor trafic interface se-1/0/1 We will see the lmi traffic And Show interface se-1/0/1 extensive I believe it's an LMI problem Normaly the default lmi on Juniper is ansi like the one you've configured on Cisco (so this should be OK) But perhaps the keepalive could be adapted (5 ?) I am also wondering why you configured serial-option: clocking-mode loop ! Alain -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Lee Hetherington Envoyé : mardi 17 juin 2008 14:06 À : juniper-nsp@puck.nether.net Objet : [j-nsp] Serial Question Hi All, I have a J2320-JH which is replacing an aging Cisco 3640. I am having trouble bringing up an x.21 leased line. It brings up the line, but in cisco terms not the protocol. It keeps telling me on my subinterface flags: down. Below are my cisco and juniper configs. Anyone any ideas, the isp is being particularly un-helpful. Cisco: ! interface Serial0/0 bandwidth 2048 no ip address encapsulation frame-relay no ip mroute-cache keepalive 5 no fair-queue frame-relay lmi-type ansi ! interface Serial0/0.16 point-to-point description Telstra Circuit ip address 154.32.xxx.81 255.255.255.252 no cdp enable frame-relay interface-dlci 16 IETF ! Juniper: se-1/0/1 { description Telstra; mtu 1500; encapsulation frame-relay; serial-options { clocking-mode loop; } unit 0 { description Telstra Serial Circuit MXFS203988; point-to-point; dlci 16; family inet { address 154.32.152.81/30; } } } Many Thanks, Lee ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Serial Question
Hi Vineet, The Junos version is 9.0R1.10, the firmware of the PIC is 2.2 J-TAC are also asking the same questions now :) Thanks, Lee -Original Message- From: Vineet Venugopal [mailto:[EMAIL PROTECTED] Sent: 17 June 2008 16:43 To: Lee Hetherington Cc: [EMAIL PROTECTED]; juniper-nsp@puck.nether.net Subject: Re: [j-nsp] Serial Question Hi Lee, Can you confirm the JUNOS version running on the Router as well as the firmware version of the interface show system firmware? Regards Vineet On 6/17/08, Lee Hetherington [EMAIL PROTECTED] wrote: Hi Alain, Im also not sure why I configured the clocking type :) I will connect it all up later on and drop you the output. Thanks for this Lee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 17 June 2008 16:13 To: Lee Hetherington; juniper-nsp@puck.nether.net Subject: RE: [j-nsp] Serial Question Hi Lee Can you provide us for some traces: Monitor trafic interface se-1/0/1 We will see the lmi traffic And Show interface se-1/0/1 extensive I believe it's an LMI problem Normaly the default lmi on Juniper is ansi like the one you've configured on Cisco (so this should be OK) But perhaps the keepalive could be adapted (5 ?) I am also wondering why you configured serial-option: clocking-mode loop ! Alain -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Lee Hetherington Envoyé : mardi 17 juin 2008 14:06 À : juniper-nsp@puck.nether.net Objet : [j-nsp] Serial Question Hi All, I have a J2320-JH which is replacing an aging Cisco 3640. I am having trouble bringing up an x.21 leased line. It brings up the line, but in cisco terms not the protocol. It keeps telling me on my subinterface flags: down. Below are my cisco and juniper configs. Anyone any ideas, the isp is being particularly un-helpful. Cisco: ! interface Serial0/0 bandwidth 2048 no ip address encapsulation frame-relay no ip mroute-cache keepalive 5 no fair-queue frame-relay lmi-type ansi ! interface Serial0/0.16 point-to-point description Telstra Circuit ip address 154.32.xxx.81 255.255.255.252 no cdp enable frame-relay interface-dlci 16 IETF ! Juniper: se-1/0/1 { description Telstra; mtu 1500; encapsulation frame-relay; serial-options { clocking-mode loop; } unit 0 { description Telstra Serial Circuit MXFS203988; point-to-point; dlci 16; family inet { address 154.32.152.81/30; } } } Many Thanks, Lee ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -- This message has been scanned for viruses and dangerous content by REDScanner, and is believed to be clean. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -- ---Vineet -- This message has been scanned for viruses and dangerous content by REDScanner, and is believed to be clean. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Filter weirdness - bug?
-Original Message- From: Chris Spears [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 17, 2008 1:01 PM To: Eric Van Tol Subject: Re: [j-nsp] Filter weirdness - bug? It matches your loopback, which is the destination address for any packets going to it. Try source-prefix-list: ... term 10-allow_local_nets { from { source-prefix-list { local_nets; } } ... Durrr...I knew that. Works now. Thanks! -evt ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Is this true
http://www.cisco.com/en/US/products/hw/routers/ps133/prod_system_test_report 0900aecd801b9424.html :) Regards, Masood ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Is this true
On Wednesday 18 June 2008, Masood Ahmad Shah wrote: http://www.cisco.com/en/US/products/hw/routers/ps133/prod _system_test_report 0900aecd801b9424.html I stopped paying any attention to Miercom reports years ago, especially when compared between C and J - ignore it. Mark. signature.asc Description: This is a digitally signed message part. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp