Re: [j-nsp] dhcp-relay on MX
> Does anyone know why DHCP discover packets are not relayed through an MX > from my client to en external DHCP server that resides on the same network > as one on the interfaces on MX (I can ping this DHCP server from the MX). I don't see any mention of which *interface* to run the DHCP helper on under your forwarding-options. I believe you need that. Steinar Haug, Nethelp consulting, [EMAIL PROTECTED] ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] dhcp-relay on MX
HiDoes anyone know why DHCP discover packets are not relayed through an MX
from my client to en external DHCP server that resides on the same network
as one on the interfaces on MX (I can ping this DHCP server from the MX).
I see DHCP Discover packet come in from the client side but nothing going
out on the server side.
Thanks,
Marlon,
Here is the relavant config:
[EMAIL PROTECTED] show interfaces
ge-0/0/0 {
<-client interface
vlan-tagging;
unit 0 {
vlan-id 1;
family inet {
unnumbered-address lo0.0 preferred-source-address 1.1.1.1;
}
}
}
ge-0/1/0 { <--external DHCP
server is connected here
unit 0 {
family inet {
address 10.0.0.1/24;
}
}
}
lo0 {
unit 0 {
family inet {
address 1.1.1.1/32;
}
}
}
[edit]
[EMAIL PROTECTED]
[EMAIL PROTECTED] show forwarding-options
dhcp-relay {
server-group {
test {
10.0.0.100;
}
}
active-server-group test;
}
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] EX Series Firewall Filter Configuration
>From what I understand and what i've seen, processing continues even if the >action is 'discard'. --- On Tue, 9/16/08, Stefan Fouant <[EMAIL PROTECTED]> wrote: > From: Stefan Fouant <[EMAIL PROTECTED]> > Subject: Re: [j-nsp] EX Series Firewall Filter Configuration > To: [EMAIL PROTECTED] > Cc: "Juniper-Nsp" > Date: Tuesday, September 16, 2008, 11:23 AM > On Tue, Sep 16, 2008 at 12:35 PM, Jared Gull > <[EMAIL PROTECTED]> wrote: > > Stefan, > > > > Processing continues even if there is match and an > accept/reject on a preceeding filter. > > > > Jared > > I could see that being the case in the event of an accept, > but even > with a reject? Would it not be simply discarded without > further > processing? > > -- > Stefan Fouant > Principal Network Engineer > NeuStar, Inc. - http://www.neustar.biz > GPG Key ID: 0xB5E3803D ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] EX Series Firewall Filter Configuration
Stefan, Processing continues even if there is match and an accept/reject on a preceeding filter. Jared --- On Tue, 9/16/08, Stefan Fouant <[EMAIL PROTECTED]> wrote: > From: Stefan Fouant <[EMAIL PROTECTED]> > Subject: [j-nsp] EX Series Firewall Filter Configuration > To: "Juniper-Nsp" > Date: Tuesday, September 16, 2008, 9:27 AM > Folks, > > I'm curious if anyone here can answer a question about > firewall filter > implementation on the EX Series switches. For input > packets > traversing through the switch, the switch process packets > through the > Port-Based Firewall Filter (PACL), then the VLAN-Based > Firewall Filter > (VACL), and finally the Router-Based Firewall Filter > (RACL). However, > I am curious, if a either a PACL or an VACL has match > conditions which > match the traffic AND has a terminating action of accept or > reject/discard, does the packet get processed by the > ensuing VACLs > and/or RACLs, or is it immediately allowed through without > further > processing (a la normal FF behavior)? > > Thanks in advance. > > Stefan > > -- > Stefan Fouant > Principal Network Engineer > NeuStar, Inc. - http://www.neustar.biz > GPG Key ID: 0xB5E3803D > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] EX Series Firewall Filter Configuration
On Tue, Sep 16, 2008 at 12:35 PM, Jared Gull <[EMAIL PROTECTED]> wrote: > Stefan, > > Processing continues even if there is match and an accept/reject on a > preceeding filter. > > Jared I could see that being the case in the event of an accept, but even with a reject? Would it not be simply discarded without further processing? -- Stefan Fouant Principal Network Engineer NeuStar, Inc. - http://www.neustar.biz GPG Key ID: 0xB5E3803D ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] EX Series Firewall Filter Configuration
Folks, I'm curious if anyone here can answer a question about firewall filter implementation on the EX Series switches. For input packets traversing through the switch, the switch process packets through the Port-Based Firewall Filter (PACL), then the VLAN-Based Firewall Filter (VACL), and finally the Router-Based Firewall Filter (RACL). However, I am curious, if a either a PACL or an VACL has match conditions which match the traffic AND has a terminating action of accept or reject/discard, does the packet get processed by the ensuing VACLs and/or RACLs, or is it immediately allowed through without further processing (a la normal FF behavior)? Thanks in advance. Stefan -- Stefan Fouant Principal Network Engineer NeuStar, Inc. - http://www.neustar.biz GPG Key ID: 0xB5E3803D ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] In case you missed it...
Hello, http://www.juniper.net/techpubs/software/junos-es/ Regards, Andrea Duey [EMAIL PROTECTED] 1-888-314-JTAC 07:00 AM - 03:00 PM MDT (UTC - 0600) Monday - Friday Please CC: [EMAIL PROTECTED] To have your case reassigned to another engineer please email [EMAIL PROTECTED] with your case number in the subject line. Please visit our Knowledge Base http://kb.juniper.net/ Stefan Fouant wrote: JUNOS-ES docs are at the same location where the normal JUNOS docs can be found ;) On 9/16/08, Andrea Montefusco <[EMAIL PROTECTED]> wrote: Stefan Fouant wrote: Juniper just released the SRX platform. 120 Gbps / 15Mpps of firewalling, 30 Gbps of IPS, and 4 Million concurrent sessions! Holy crap - this box looks sweet. I've wanted to talk about this box for so long but was restricted due to NDA. Can't wait to take a more detailed look under the hood. http://www.juniper.net/products/srx/dsheet/100254.pdf Can you give us a pointer to JunOS-ES documentation ? *am* - Andrew Montefusco Network Manager Kyneste S.p.A. Roma Via Mario Bianchini, 68 Milano Via della Posta, 3 tel: +3906874021fax: +390687402300 - ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] In case you missed it...
JUNOS-ES docs are at the same location where the normal JUNOS docs can be found ;) On 9/16/08, Andrea Montefusco <[EMAIL PROTECTED]> wrote: > Stefan Fouant wrote: >> Juniper just released the SRX platform. 120 Gbps / 15Mpps of >> firewalling, 30 Gbps of IPS, and 4 Million concurrent sessions! Holy >> crap - this box looks sweet. I've wanted to talk about this box for >> so long but was restricted due to NDA. Can't wait to take a more >> detailed look under the hood. >> >> http://www.juniper.net/products/srx/dsheet/100254.pdf > > Can you give us a pointer to JunOS-ES documentation ? > >*am* > > - > Andrew Montefusco Network Manager > Kyneste S.p.A. Roma Via Mario Bianchini, 68 > Milano Via della Posta, 3 > tel: +3906874021fax: +390687402300 > - > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > -- Sent from Gmail for mobile | mobile.google.com Stefan Fouant Principal Network Engineer NeuStar, Inc. - http://www.neustar.biz GPG Key ID: 0xB5E3803D ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Multihoming servers to two Virtual Chassises
Hi, * Tim Durack > Linux ethernet bonding/teaming does not need to be switch assisted. > If you configure one of the non-802.3ad modes (TLB etc) and put the > two NICs on the same broadcast domain, everything will work. > > We use TLB mode, which gives 2x outbound, 1x inbound, due to the way > arp resolution works. Cool, I wasn't aware of that TLB mode. Seems to fit me perfectly, thank you very much for the tip! Regards, -- Tore Anderson ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Multihoming servers to two Virtual Chassises
* Chuck Anderson > What software release were you testing with? 9.1R3 has a fix > scheduled for PR 295093 which describes a problem of lost > connectivity over a virtual chassis fiber link caused by not properly > flooding unknown frames over the fiber link. Plain stacks (no VC > fiber links) worked fine when I tested it. I'm running 9.2R1.10. I wasn't able to look up that ID, unfortunately (need to convince the reseller/elite partner that sold me the gear to grant me that access it seems). Anyway, I tried not using fibres for VC links, and then it seemed to work better. The OSPF session stayed up, at least, so I think I might be running into that bug you mentioned. Thanks! Regards, -- Tore Anderson ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] 802.1ah/802.1ad on MX-Series
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, did anyone get to play with 802.1ah/802.1ad on the MX-Series yet? I would like to know if the implementation is stable and can be de- ployed in production environments. Thanks and best regards, Sven Mit freundlichen Gruessen i. A. Sven Juergensen - -- Fachbereich Netze KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 / 2219-053 Telefax : 0431 / 2219-005 E-Mail : [EMAIL PROTECTED] Internet: http://www.kielnet.de Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkjPTtsACgkQnEU7erAt4TJiJQCgjMZ0RRSGHvd+olH2XLLrGE+k XTYAoPKILm1GTotS6U2eC0D1EHEmcd1a =F5Lx -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] In case you missed it...
Stefan Fouant wrote: Juniper just released the SRX platform. 120 Gbps / 15Mpps of firewalling, 30 Gbps of IPS, and 4 Million concurrent sessions! Holy crap - this box looks sweet. I've wanted to talk about this box for so long but was restricted due to NDA. Can't wait to take a more detailed look under the hood. http://www.juniper.net/products/srx/dsheet/100254.pdf Can you give us a pointer to JunOS-ES documentation ? *am* - Andrew Montefusco Network Manager Kyneste S.p.A. Roma Via Mario Bianchini, 68 Milano Via della Posta, 3 tel: +3906874021fax: +390687402300 - ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
