Re: [j-nsp] QFX3500 optics lock?
On (2012-01-10 07:26 +0100), Daniel Roesen wrote: On Mon, Jan 09, 2012 at 04:02:14PM -0600, Richard A Steenbergen wrote: FWIW they've actually had serious problems interoperating correctly with copper SFPs from other vendors, on EX and MX. There are still unsolved issues with ports showing link state up despite nothing being plugged in. :) Juniper uses Methode Elec. OEM SFPs. Those work fine. Stay away from Finisar units, they have such phantom link problems. JNPR actually claimed that this problem was going to be fixed on 10.4R7 (PR665918, by you). I got such claim in ticket 2011-0725-0041. I've heard elsewhere that it has not been fixed. I don't care any more, sourced enough methode cuSFPs from flexoptix. MX80 experiences this same problem with with even JNPR optics for ISG and SRX at least. It boggles the mind vendor would internally want to use different optics for different vendors, seems losing bet. -- ++ytti ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] QFX3500 optics lock?
On 01/10/2012 12:35 AM, Richard A Steenbergen wrote: In theory the way it's supposed to work is that a cryptographically verifiable code based on the serial number (probably some sort of hash, but no clue what they actually use) is written to the EEPROM. That way, Cisco can give the actual manufacturers a list of SN's and codes equal to the number of units they're purchasing, to prevent the classic counterfeiting problem of the factory in China running during the day for the customer and at night for themselves. That's something I've heard before, but to be frank it's always seemed a bit... highly organised, shall I say?... for the vendors to actually accomplish. Are you convinced that they're actually doing this? If so, I don't suppose you could share the evidence that convinced you? ;o) If nothing else, one wonders how things like the widely-available XYZ Compatible optics (or the flexBox) would work if this validation were taking place. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] QFX3500 optics lock?
On Tue, Jan 10, 2012 at 10:11:43AM +0200, Saku Ytti wrote: On (2012-01-10 07:26 +0100), Daniel Roesen wrote: On Mon, Jan 09, 2012 at 04:02:14PM -0600, Richard A Steenbergen wrote: FWIW they've actually had serious problems interoperating correctly with copper SFPs from other vendors, on EX and MX. There are still unsolved issues with ports showing link state up despite nothing being plugged in. :) Juniper uses Methode Elec. OEM SFPs. Those work fine. Stay away from Finisar units, they have such phantom link problems. JNPR actually claimed that this problem was going to be fixed on 10.4R7 (PR665918, by you). I got such claim in ticket 2011-0725-0041. I've heard elsewhere that it has not been fixed. I don't care any more, sourced enough methode cuSFPs from flexoptix. MX80 experiences this same problem with with even JNPR optics for ISG and SRX at least. It boggles the mind vendor would internally want to use different optics for different vendors, seems losing bet. Not to mention using the same model numbers for MX SFPs and EX SFPs (the order numbers are different) so once you have them installed (or even out of their original packaging), you can't tell which is which, and then having support issues when one works and the other doesn't because you used it in the wrong platform. Been there, done that. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] MX VPLS Trunk with VLAN rewriting
* Humair Ali humair.s@gmail.com [2011-12-23 16:41]: Sebastian, you should be able to achieve what you want by using Virtual Switch Routing instance instead of VPLS routing instance. you can confirgure a Virtual Switch instance with protocol VPLS in it , and create a bridge-domains to allow all vlans , that should allow you to be able to create a trunk in VPLS, and allowing all vlans FYI: I asked the people I know at Juniper the same question and they also told me to use virtual-switch. But this only works with interface-type trunk, and I need single units because 1 physical interface has multiple VLANs which must be added to different VPLS instances or other services on a per-unit basis. instance-type virtual-switch; ## ## Warning: Only interface with 'interface-mode' is allowed in a virtual-switch ## The other option was to use one VPLS instance per VLAN which seems to be the only option available to us. Regards Sebastian -- GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE) 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE. -- Terry Pratchett, The Fifth Elephant ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] junos 10 - send syslog to non standard port
Hi Artur, checked it with SRX100 (JUNOS 11.4R1.6) and it is not a hidden command: [edit system syslog host 1.1.1.1] root@host# set ? Possible completions: allow-duplicates Do not suppress the repeated message any All facilities + apply-groups Groups from which to inherit configuration data + apply-groups-except Don't inherit configuration data from these groups authorizationAuthorization system change-log Configuration change log conflict-log Configuration conflict log daemon Various system processes dfc Dynamic flow capture explicit-priorityInclude priority and facility in messages external Local external applications facility-overrideAlternate facility for logging to remote host firewall Firewall filtering system ftp FTP process interactive-commands Commands executed by the UI kernel Kernel log-prefix Prefix for all logging to this host matchRegular expression for lines to be logged ntp NTP process pfe Packet Forwarding Engine port Port number --- here! security Security related source-address Use specified address as source address structured-data Log system message in structured format user User processes Viele Grüße / Kind regards, Christian Loos Sitz der NK Networks Services GmbH: Von-der-Wettern-Straße 15, 51149 Köln Registergericht: Amtsgericht Köln, Registernummer HRB 30805 Geschäftsführer: Markus Buschmann, Frank Kammer, Bernard Latour ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] junos 10 - send syslog to non standard port
On Tuesday 10 of January 2012 14:46:55 Loos, Christian wrote: Hi Artur, checked it with SRX100 (JUNOS 11.4R1.6) and it is not a hidden command: The question was about Junos 10. Port command was hidden there: [edit] root@firewall# run show version Hostname: firewall Model: srx210h-poe JUNOS Software Release [10.4R7.5] [edit] root@firewall# set system syslog host 10.10.10.10 ? Possible completions: any All facilities + apply-groups Groups from which to inherit configuration data + apply-groups-except Don't inherit configuration data from these groups authorizationAuthorization system change-log Configuration change log conflict-log Configuration conflict log daemon Various system processes dfc Dynamic flow capture explicit-priorityInclude priority and facility in messages external Local external applications facility-overrideAlternate facility for logging to remote host firewall Firewall filtering system ftp FTP process interactive-commands Commands executed by the UI kernel Kernel log-prefix Prefix for all logging to this host matchRegular expression for lines to be logged ntp NTP process pfe Packet Forwarding Engine security Security related source-address Use specified address as source address user User processes Best regards, Artur ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] MX VPLS Trunk with VLAN rewriting
Hi thanks for your feedback, just to clarify , you want to use specific unit for specific vpls instance ? if you need specfic range of vlan per unit for multiple VPLS instance ,can you try the following below, this is not what we have in production , but it should work, or work around it set interfaces xe-1/1/0 flexible-ethernet-services set interfaces xe-1/1/0 unit 10 encapsulation vlan-bridge set interfaces xe-1/1/0 unit 10 family bridge interface-mode trunk set interfaces xe-1/1/0 unit 10 family bridge vlan-id-list 100-500 set interfaces xe-1/1/0 unit 20 encapsulation vlan-bridge set interfaces xe-1/1/0 unit 20 family bridge interface-mode trunk set interfaces xe-1/1/0 unit 20 family bridge vlan-id-list 540-4094 then you can apply xe-1/1/0.10 to vpls-instance A and xe-1/1/0.20 to vpls instance B let me know if it works , i would be interested to know thanks On 10 January 2012 15:57, Sebastian Wiesinger juniper-...@ml.karotte.org wrote: * Humair Ali humair.s@gmail.com [2011-12-23 16:41]: Sebastian, you should be able to achieve what you want by using Virtual Switch Routing instance instead of VPLS routing instance. you can confirgure a Virtual Switch instance with protocol VPLS in it , and create a bridge-domains to allow all vlans , that should allow you to be able to create a trunk in VPLS, and allowing all vlans FYI: I asked the people I know at Juniper the same question and they also told me to use virtual-switch. But this only works with interface-type trunk, and I need single units because 1 physical interface has multiple VLANs which must be added to different VPLS instances or other services on a per-unit basis. instance-type virtual-switch; ## ## Warning: Only interface with 'interface-mode' is allowed in a virtual-switch ## The other option was to use one VPLS instance per VLAN which seems to be the only option available to us. Regards Sebastian -- GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE) 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE. -- Terry Pratchett, The Fifth Elephant ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -- Humair ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp