[j-nsp] NAT Port translation on JUNOS, puzzled...
I'm working on a NAT setup, which is actually very straightforward but i
still am puzzled by the services documentation from Juniper. Please help :).
It's a J2300 with 2 interfaces, in and out. One public IP address and a
local subnet on the inside. I got the network translation from the
inside to the public ip working, but now i want to configure one single
port-forward to an internal host (let's say 10.0.0.1) on port 80.
But how? On a cheap $50 router it's a point-and-click, but it's not even
in J-web?!
The config i have now :
services {
service-set wan-service-set {
nat-rules nat-set;
interface-service {
service-interface sp-0/0/0;
}
}
nat {
pool nat-pool {
address-range low 217.21.x.x high 217.21.x.x;
port automatic;
}
rule nat-set {
match-direction input;
term 1 {
from
then {
translated {
source-pool nat-pool;
translation-type {
source dynamic;
}
}
}
}
}
}
}
--
Kind regards,
Signet bv
Remco Bressers
T 040 - 707 4 907
F 040 - 707 4 909
E [EMAIL PROTECTED]
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] RE : ISIS between T640 and Redback SE 800
Hi,
I've flapping between SE and T640 : Hereafter some logs :
Jun 17 07:28:57 ncidf303 rpd[16196]: RPD_ISIS_ADJDOWN: IS-IS lost L2 adjacency
to SE800 on ae8.1456, reason: Address Mismatch
Jun 17 07:29:04 ncidf303 rpd[16196]: RPD_ISIS_LSPCKSUM: IS-IS L2 LSP checksum
error, interface ae8.1456, LSP id nclyo302.00-01, sequence 0x418, checksum
0xd308, lifetime 60148
Jun 17 07:29:07 ncidf303 rpd[16196]: RPD_ISIS_LSPCKSUM: IS-IS L2 LSP checksum
error, interface ae8.1456, LSP id ncstr102.00-00, sequence 0x8bab, checksum
0x81c7, lifetime 35134
Each time we've the Address Mismatch we've also the log LSP checksum error
Regards,
David
-Message d'origine-
De : Jeff Tantsura [mailto:[EMAIL PROTECTED]
Envoyé : mardi 17 juin 2008 09:43
À : ROY David URS NANTES
Cc : juniper-nsp@puck.nether.net
Objet : RE: [j-nsp]RE : ISIS between T640 and Redback SE800
Hi David,
Flapping between SE and J?
Can you provide more info, logs, etc
Cheers,
Jeff
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Sent: maandag 16 juni 2008 11:27
To: ROY David URS NANTES; Jeff Tantsura; baraa baraa;
[EMAIL PROTECTED]; Tony Stout
Cc: juniper-nsp@puck.nether.net
Subject: RE: [j-nsp]RE : ISIS between T640 and Redback SE800
Now, Isis works fine between T640 and SE800. But now, I've got ISIS
adjacency flapping with this reason :
RPD_ISIS_ADJDOWN: IS-IS lost L2 adjacency to .0a7b.9842 on
ae8.1456,
reason: Address Mismatch
Somebody has more information regarding to this reason ?
Thanks,
Regards
David
-Message d'origine-
De : [EMAIL PROTECTED] [mailto:juniper-nsp-
[EMAIL PROTECTED] De la part de [EMAIL PROTECTED]
Envoyé : mercredi 11 juin 2008 11:11 À : Jeff Tantsura; baraa baraa;
[EMAIL PROTECTED]; Tony Stout Cc : juniper-nsp@puck.nether.net
Objet : Re: [j-nsp]RE : ISIS between T640 and Redback SE800
Thanks,
I will test it.
Regards,
David
-Message d'origine-
De : Jeff Tantsura [mailto:[EMAIL PROTECTED] Envoyé : mercredi 11
juin
2008 04:11 À : ROY David URS NANTES; 'baraa baraa';
[EMAIL PROTECTED]; 'Tony Stout'
Cc : juniper-nsp@puck.nether.net
Objet : RE: [j-nsp] RE : ISIS between T640 and Redback SE800
Hi,
That's how you configure it:
router isis ip-backbone
interface my_interface
authentication key-chain keys type simple
key-chain keys key-id 1
key-string monday
Regards,
Jeff
-Original Message-
From: [EMAIL PROTECTED] [mailto:juniper-nsp-
[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: dinsdag 10 juni 2008 20:27
To: baraa baraa; [EMAIL PROTECTED]; Tony Stout
Cc: juniper-nsp@puck.nether.net
Subject: [j-nsp] RE : ISIS between T640 and Redback SE800
Thanks.
Regards,
David
De: baraa baraa [mailto:[EMAIL PROTECTED]
Date: mar. 10/06/2008 17:51
À: ROY David URS NANTES; [EMAIL PROTECTED]; Tony Stout
Cc: juniper-nsp@puck.nether.net
Objet : RE: [j-nsp] ISIS between T640 and Redback SE800
hi Daved;
This link may help you, to configure LSP on SE800
http://www.frameip.com/forum/publication-de-piece-jointe/redback/Por
ts
- Circuits-and-Tunnels-Operations-Guide.pdf
BR
Baraa
Ericsson AB
Date: Tue, 10 Jun 2008 17:30:21 +0200
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
CC: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] ISIS between T640 and Redback SE800
It's seems that is a Authentication issue. Indeed, we have LSP L2
authentication simple configured on the T640 and I've enabled the
traceoption ISIS flag error : the logs displays this :
Jun 10 16:57:01.533962 ERROR: ISIS ignored a bad packet: L2 LSP id
.0a7b.820 8.00-00 from .0a7b.8208 on interface ae8.1458
without authentication
So I've to find how to configure LSP authentication simple on the
Redback.
David
-Message d'origine-
De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Envoyé :
mardi 10 juin 2008 17:19 À : Tony Stout Cc :
juniper-nsp@puck.nether.net; ROY David URS NANTES Objet : RE:
[j-nsp] ISIS between T640 and Redback SE800
Ok...
So is this ethernet direct between the boxes? No switch?
Is it possible to sniff this traffic and see if there are errors
coming
out of the T box?
Tony Stout [EMAIL PROTECTED] wrote:
Aggregated ethernet - 802.3ad
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Tuesday, June 10, 2008 10:43 AM
To: [EMAIL PROTECTED]
Cc: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] ISIS between T640 and Redback SE800
What is an AE???
[EMAIL PROTECTED] wrote:
Hi all,
I encountered some problems to established ISIS between a T640
and a Redback SE800 through an AE.
The ISIS level 2 adjacency is well
[j-nsp] Extreme Switch Hang issue
Hi all, I am using Extreme Switch summit 400 48t (Extremeware Version 7.5e.2.8) connected to Juniper M7i (JUNOS Base OS boot [8.0R2.8]). I sometime see that Extreme Switch hangs, but on juniper side none of ports is shown in down state. Does anybody have any idea of, if it is a known issue with any of the OS's. Thanks Munish Saini ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Extreme Switch Hang issue
Hi Munish, You Extreme hang then you need to restart the device? Or you can't access your Extreme because your management using one of the management vlan on the trunking link from juniper to Extreme? I'd been on that problem before but it happened on aggregate-ethernet with lacp on it (Extreme use port sharing with dynamic flow traffic). Sometimes I need to restart PIC FE on my M-series with JunOS 8.0R3.4 when the problem occurred. The problem come up when you include the scheduler-map statement (at the class-of-service interfaces aeX) hierarchy level and member link of the aggregate-ethernet goes intermittent (up/down), traffic forwarding on the routing platform halts for approximately 400 milliseconds or your Extreme port-sharing indicated ND (not distribute) (you need to re-create port-sharing sometimes it will help), or sometimes you need to restart PIC FE on juniper router based on PR from Juniper this already solved on JunOS 8.1R4 or latest. Thanks, Beny D Setyawan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Munish Saini Sent: Tuesday, June 17, 2008 5:12 PM To: juniper-nsp@puck.nether.net Subject: [j-nsp] Extreme Switch Hang issue Hi all, I am using Extreme Switch summit 400 48t (Extremeware Version 7.5e.2.8) connected to Juniper M7i (JUNOS Base OS boot [8.0R2.8]). I sometime see that Extreme Switch hangs, but on juniper side none of ports is shown in down state. Does anybody have any idea of, if it is a known issue with any of the OS's. Thanks Munish Saini ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] RD usage in BGP based VPLS
Hi can any one tell me why RD is required for BGP based VPLS configaration. in case of L3 vpn RD is used to make customer ipv4 address globally unique in MPLS domain. But i dont understand the usage of RD in case of VPLS. Murthy ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Serial Question
Hi Lee,
This might be a known issue. Have you buzzed Juniper TAC about this?
Cheers
Lakshmi
2008/6/17 Lee Hetherington [EMAIL PROTECTED]:
Hi All,
I have a J2320-JH which is replacing an aging Cisco 3640. I am having
trouble bringing up an x.21 leased line. It brings up the line, but in
cisco terms not the protocol. It keeps telling me on my subinterface
flags: down.
Below are my cisco and juniper configs. Anyone any ideas, the isp is
being particularly un-helpful.
Cisco:
!
interface Serial0/0
bandwidth 2048
no ip address
encapsulation frame-relay
no ip mroute-cache
keepalive 5
no fair-queue
frame-relay lmi-type ansi
!
interface Serial0/0.16 point-to-point
description Telstra Circuit
ip address 154.32.xxx.81 255.255.255.252
no cdp enable
frame-relay interface-dlci 16 IETF
!
Juniper:
se-1/0/1 {
description Telstra;
mtu 1500;
encapsulation frame-relay;
serial-options {
clocking-mode loop;
}
unit 0 {
description Telstra Serial Circuit MXFS203988;
point-to-point;
dlci 16;
family inet {
address 154.32.152.81/30;
}
}
}
Many Thanks,
Lee
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] NAT Port translation on JUNOS, puzzled...
I'm on my Blackberry so I can't give you the full config right now but
you need to get rid of that 'port automatic' command as that will
enable PAT. Give me a few minutes and I will post the rest of the
configuration.
Stefan Fouant
Principal Network Engineer
NeuStar, Inc. - http://www.neustar.biz
On 6/17/08, Remco Bressers [EMAIL PROTECTED] wrote:
I'm working on a NAT setup, which is actually very straightforward but i
still am puzzled by the services documentation from Juniper. Please help :).
It's a J2300 with 2 interfaces, in and out. One public IP address and a
local subnet on the inside. I got the network translation from the
inside to the public ip working, but now i want to configure one single
port-forward to an internal host (let's say 10.0.0.1) on port 80.
But how? On a cheap $50 router it's a point-and-click, but it's not even
in J-web?!
The config i have now :
services {
service-set wan-service-set {
nat-rules nat-set;
interface-service {
service-interface sp-0/0/0;
}
}
nat {
pool nat-pool {
address-range low 217.21.x.x high 217.21.x.x;
port automatic;
}
rule nat-set {
match-direction input;
term 1 {
from
then {
translated {
source-pool nat-pool;
translation-type {
source dynamic;
}
}
}
}
}
}
}
--
Kind regards,
Signet bv
Remco Bressers
T 040 - 707 4 907
F 040 - 707 4 909
E [EMAIL PROTECTED]
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
--
Sent from Gmail for mobile | mobile.google.com
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] NAT Port translation on JUNOS, puzzled...
Ok here are a few pointers... You can directly specify the destination
using the 'destination-prefix' command as opposed to the 'destination-pool'
command because in this configuration you are only translating for a single
address. Furthermore, you need to specify the 'destination-address' and
'application' in the 'from' portion in order to properly match on the
appropriate flow you want to apply destination NAT to.
Give the following a try:
services {
nat {
rule nat-set {
match-direction input;
term 1 {
/* Matches on inbound to 50.0.0.10/32 Port 80 */
from {
destination-address {
50.0.0.10/32;
}
applications junos-http;
}
/* Static translation of Port 80 to 10.0.0.100/32 */
then {
translated {
destination-prefix 10.0.0.100/32;
translation-type destination static;
}
}
}
}
}
service-set wan-service-set {
nat-rules nat-set;
interface-service {
service-interface sp-0/0/0;
}
}
}
You also might want to consider moving to JUNOS Enhanced Services as the NAT
configuration is greatly simplified and much more logical in nature than in
normal JUNOS using 'services' configs.
HTHs.
Stefan Fouant
Principal Network Engineer
NeuStar, Inc. - http://www.neustar.biz
On Tue, Jun 17, 2008 at 9:31 AM, Remco Bressers [EMAIL PROTECTED] wrote:
Hi Stefan,
It would be great to receive a full snippet of config. Thanks!
Remco
Stefan Fouant wrote:
I'm on my Blackberry so I can't give you the full config right now but
you need to get rid of that 'port automatic' command as that will
enable PAT. Give me a few minutes and I will post the rest of the
configuration.
Stefan Fouant
Principal Network Engineer
NeuStar, Inc. - http://www.neustar.biz
On 6/17/08, Remco Bressers [EMAIL PROTECTED] wrote:
I'm working on a NAT setup, which is actually very straightforward but i
still am puzzled by the services documentation from Juniper. Please help
:).
It's a J2300 with 2 interfaces, in and out. One public IP address and a
local subnet on the inside. I got the network translation from the
inside to the public ip working, but now i want to configure one single
port-forward to an internal host (let's say 10.0.0.1) on port 80.
But how? On a cheap $50 router it's a point-and-click, but it's not even
in J-web?!
The config i have now :
services {
service-set wan-service-set {
nat-rules nat-set;
interface-service {
service-interface sp-0/0/0;
}
}
nat {
pool nat-pool {
address-range low 217.21.x.x high 217.21.x.x;
port automatic;
}
rule nat-set {
match-direction input;
term 1 {
from
then {
translated {
source-pool nat-pool;
translation-type {
source dynamic;
}
}
}
}
}
}
}
--
Kind regards,
Signet bv
Remco Bressers
T 040 - 707 4 907
F 040 - 707 4 909
E [EMAIL PROTECTED]
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
--
Met vriendelijke groet,
Signet bv
Remco Bressers
T 040 - 707 4 907
F 040 - 707 4 909
E [EMAIL PROTECTED]
altijd online? www.signet.nl
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] RD usage in BGP based VPLS
if you're using bgp signaling for auto discovery then you need RD, if you are using LDP, you do not if you still dont know why you need an RD when using bgp, i suggest you read the following RFC's http://tools.ietf.org/html/rfc4761 http://tools.ietf.org/html/rfc4762 On Tue, Jun 17, 2008 at 8:07 AM, narasimha murthy [EMAIL PROTECTED] wrote: Hi can any one tell me why RD is required for BGP based VPLS configaration. in case of L3 vpn RD is used to make customer ipv4 address globally unique in MPLS domain. But i dont understand the usage of RD in case of VPLS. Murthy ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] NAT Port translation on JUNOS, puzzled...
P.S. A book which has very good coverage of the subject matter and might
prove to be a valuable reference if you plan to support these types of
functions is JUNOS Enterprise Routing by Doug Marschke and Harry Reynolds.
Regards,
Stefan Fouant
Principal Network Engineer
NeuStar, Inc. - http://www.neustar.biz
On Tue, Jun 17, 2008 at 10:43 AM, Stefan Fouant [EMAIL PROTECTED] wrote:
A NAT rule similar to the following would accomplish your goal of outbound
dynamic translation, assuming you wanted to use PAT (most likely if you only
have a few public IPs):
services {
nat {
pool nat-pool {
address 50.0.0.1/32;
port automatic
}
rule nat-set-outbound {
match-direction output;
term 1 {
then {
translated {
source-pool nat-pool;
translation-type source dynamic;
}
}
}
}
}
}
Notice I used a pool here. This is not necessary but allows for future
scalability if you get additional public IPs and want to add them to the
pool. Also notice that I have not specified a from clause. This will
essentially match on *all* outbound flows. If you want different behavior
you should specify the match conditions appropriately.
Regards,
Stefan Fouant
Principal Network Engineer
NeuStar, Inc. - http://www.neustar.biz
On Tue, Jun 17, 2008 at 10:22 AM, Remco Bressers [EMAIL PROTECTED]
wrote:
Hi,
Thanks a million for this. I'll try it out lateron.
How do i combine this with the dynamic translation outbound for my
internal LAN to the Internet?
Regards,
Remco
Stefan Fouant wrote:
Ok here are a few pointers... You can directly specify the destination
using the 'destination-prefix' command as opposed to the
'destination-pool' command because in this configuration you are only
translating for a single address. Furthermore, you need to specify the
'destination-address' and 'application' in the 'from' portion in order
to properly match on the appropriate flow you want to apply destination
NAT to.
Give the following a try:
services {
nat {
rule nat-set {
match-direction input;
term 1 {
/* Matches on inbound to 50.0.0.10/32
http://50.0.0.10/32 Port 80 */
from {
destination-address {
50.0.0.10/32 http://50.0.0.10/32;
}
applications junos-http;
}
/* Static translation of Port 80 to 10.0.0.100/32
http://10.0.0.100/32 */
then {
translated {
destination-prefix 10.0.0.100/32
http://10.0.0.100/32;
translation-type destination static;
}
}
}
}
}
service-set wan-service-set {
nat-rules nat-set;
interface-service {
service-interface sp-0/0/0;
}
}
}
You also might want to consider moving to JUNOS Enhanced Services as the
NAT configuration is greatly simplified and much more logical in nature
than in normal JUNOS using 'services' configs.
HTHs.
Stefan Fouant
Principal Network Engineer
NeuStar, Inc. - http://www.neustar.biz http://www.neustar.biz/
On Tue, Jun 17, 2008 at 9:31 AM, Remco Bressers [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:
Hi Stefan,
It would be great to receive a full snippet of config. Thanks!
Remco
Stefan Fouant wrote:
I'm on my Blackberry so I can't give you the full config right now
but
you need to get rid of that 'port automatic' command as that will
enable PAT. Give me a few minutes and I will post the rest of the
configuration.
Stefan Fouant
Principal Network Engineer
NeuStar, Inc. - http://www.neustar.biz http://www.neustar.biz/
On 6/17/08, Remco Bressers [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:
I'm working on a NAT setup, which is actually very
straightforward but i
still am puzzled by the services documentation from Juniper.
Please help :).
It's a J2300 with 2 interfaces, in and out. One public IP address
and a
local subnet on the inside. I got the network translation from
the
inside to the public ip working, but now i want to configure one
single
port-forward to an internal host (let's say 10.0.0.1
http://10.0.0.1/) on port 80.
But how? On a cheap $50 router it's a point-and-click, but it's
not even
in J-web?!
The config i have now :
services {
service-set wan-service-set {
Re: [j-nsp] RD usage in BGP based VPLS
Unless you're running nonstop active routing (NSR), you can get away with simply setting the global route-distinguisher-id value to the loopback IP of your box at [edit routing-options] instead of manually specifying the RD in every routing-instance. Then, all routing-instances will import it and generate the 2nd value for you (ie. ip:some_value). That said, if you are planning on enabling NSR in the future, just create RDs in each routing-instance now to save yourself a headache later. David 2008/6/17 Christian Koch [EMAIL PROTECTED]: if you're using bgp signaling for auto discovery then you need RD, if you are using LDP, you do not if you still dont know why you need an RD when using bgp, i suggest you read the following RFC's http://tools.ietf.org/html/rfc4761 http://tools.ietf.org/html/rfc4762 On Tue, Jun 17, 2008 at 8:07 AM, narasimha murthy [EMAIL PROTECTED] wrote: Hi can any one tell me why RD is required for BGP based VPLS configaration. in case of L3 vpn RD is used to make customer ipv4 address globally unique in MPLS domain. But i dont understand the usage of RD in case of VPLS. Murthy ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Serial Question
Hi Lee
Can you provide us for some traces:
Monitor trafic interface se-1/0/1
We will see the lmi traffic
And
Show interface se-1/0/1 extensive
I believe it's an LMI problem
Normaly the default lmi on Juniper is ansi like the one you've configured on
Cisco (so this should be OK)
But perhaps the keepalive could be adapted (5 ?)
I am also wondering why you configured serial-option: clocking-mode loop !
Alain
-Message d'origine-
De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Lee Hetherington
Envoyé : mardi 17 juin 2008 14:06
À : juniper-nsp@puck.nether.net
Objet : [j-nsp] Serial Question
Hi All,
I have a J2320-JH which is replacing an aging Cisco 3640. I am having trouble
bringing up an x.21 leased line. It brings up the line, but in cisco terms not
the protocol. It keeps telling me on my subinterface
flags: down.
Below are my cisco and juniper configs. Anyone any ideas, the isp is being
particularly un-helpful.
Cisco:
!
interface Serial0/0
bandwidth 2048
no ip address
encapsulation frame-relay
no ip mroute-cache
keepalive 5
no fair-queue
frame-relay lmi-type ansi
!
interface Serial0/0.16 point-to-point
description Telstra Circuit
ip address 154.32.xxx.81 255.255.255.252 no cdp enable frame-relay
interface-dlci 16 IETF !
Juniper:
se-1/0/1 {
description Telstra;
mtu 1500;
encapsulation frame-relay;
serial-options {
clocking-mode loop;
}
unit 0 {
description Telstra Serial Circuit MXFS203988;
point-to-point;
dlci 16;
family inet {
address 154.32.152.81/30;
}
}
}
Many Thanks,
Lee
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Serial Question
Hi Vineet,
The Junos version is 9.0R1.10, the firmware of the PIC is 2.2
J-TAC are also asking the same questions now :)
Thanks,
Lee
-Original Message-
From: Vineet Venugopal [mailto:[EMAIL PROTECTED]
Sent: 17 June 2008 16:43
To: Lee Hetherington
Cc: [EMAIL PROTECTED]; juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] Serial Question
Hi Lee,
Can you confirm the JUNOS version running on the Router as well as the
firmware version of the interface show system firmware?
Regards
Vineet
On 6/17/08, Lee Hetherington [EMAIL PROTECTED] wrote:
Hi Alain,
Im also not sure why I configured the clocking type :)
I will connect it all up later on and drop you the output.
Thanks for this
Lee
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: 17 June 2008 16:13
To: Lee Hetherington; juniper-nsp@puck.nether.net
Subject: RE: [j-nsp] Serial Question
Hi Lee
Can you provide us for some traces:
Monitor trafic interface se-1/0/1
We will see the lmi traffic
And
Show interface se-1/0/1 extensive
I believe it's an LMI problem
Normaly the default lmi on Juniper is ansi like the one you've configured on
Cisco (so this should be OK)
But perhaps the keepalive could be adapted (5 ?)
I am also wondering why you configured serial-option: clocking-mode loop !
Alain
-Message d'origine-
De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Lee
Hetherington
Envoyé : mardi 17 juin 2008 14:06
À : juniper-nsp@puck.nether.net
Objet : [j-nsp] Serial Question
Hi All,
I have a J2320-JH which is replacing an aging Cisco 3640. I am having
trouble bringing up an x.21 leased line. It brings up the line, but in cisco
terms not the protocol. It keeps telling me on my subinterface
flags: down.
Below are my cisco and juniper configs. Anyone any ideas, the isp is being
particularly un-helpful.
Cisco:
!
interface Serial0/0
bandwidth 2048
no ip address
encapsulation frame-relay
no ip mroute-cache
keepalive 5
no fair-queue
frame-relay lmi-type ansi
!
interface Serial0/0.16 point-to-point
description Telstra Circuit
ip address 154.32.xxx.81 255.255.255.252 no cdp enable frame-relay
interface-dlci 16 IETF !
Juniper:
se-1/0/1 {
description Telstra;
mtu 1500;
encapsulation frame-relay;
serial-options {
clocking-mode loop;
}
unit 0 {
description Telstra Serial Circuit MXFS203988;
point-to-point;
dlci 16;
family inet {
address 154.32.152.81/30;
}
}
}
Many Thanks,
Lee
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
--
This message has been scanned for viruses and
dangerous content by REDScanner, and is
believed to be clean.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
--
---Vineet
--
This message has been scanned for viruses and
dangerous content by REDScanner, and is
believed to be clean.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Filter weirdness - bug?
-Original Message-
From: Chris Spears [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 17, 2008 1:01 PM
To: Eric Van Tol
Subject: Re: [j-nsp] Filter weirdness - bug?
It matches your loopback, which is the destination address for any
packets going to it. Try source-prefix-list:
...
term 10-allow_local_nets {
from {
source-prefix-list {
local_nets;
}
}
...
Durrr...I knew that. Works now. Thanks!
-evt
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Is this true
http://www.cisco.com/en/US/products/hw/routers/ps133/prod_system_test_report 0900aecd801b9424.html :) Regards, Masood ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Is this true
On Wednesday 18 June 2008, Masood Ahmad Shah wrote: http://www.cisco.com/en/US/products/hw/routers/ps133/prod _system_test_report 0900aecd801b9424.html I stopped paying any attention to Miercom reports years ago, especially when compared between C and J - ignore it. Mark. signature.asc Description: This is a digitally signed message part. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
