[j-nsp] EX2200 - LIBJNX_SNMP_ENGINE_SCAN_FAILURE

2013-02-20 Thread Joel Dahl 
Hi,

I installed a new Juniper EX2200 today, running Junos 11.4R5.7.

Upon every commit I get the following error message (but the commit succeeds):

root@testsw# commit check 
LIBJNX_SNMP_ENGINE_SCAN_FAILURE: snmp_engine_read: fscanf : 
/var/db/snmp_engine.db scanning: full_engine_id Error: Unknown error: 0
configuration check succeeds

It's also visible in the message log during boot.

Is this something I should be worried about? I haven't seen it before.

-- 
Joel
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] EX-series POWER-ETHERNET-MIB traps - which category?

2013-02-20 Thread Dale Shaw 
Hi Ben,

On Thu, Feb 21, 2013 at 1:00 PM, Ben Dale  wrote:
>
>> Which SNMP trap *category* in JUNOS includes the three
>> POWER-ETHERNET-MIB (RFC3621) traps?
>>
>> [1] pethPsePortOnOffNotification
>> [2] pethMainPowerUsageOnNotification
>> [3] pethMainPowerUsageOffNotification
>
> Couldn't find any doco, but a quick test in the lab shows that category 
> "chassis" picks up all three.
>
> Just make sure you've got PoE notification enabled:
>
> set poe notification-control fpc 0
>
> or you won't see anything.

You are a gentleman and a scholar! Thanks.

Cheers,
Dale
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] EX-series POWER-ETHERNET-MIB traps - which category?

2013-02-20 Thread Ben Dale 

> Which SNMP trap *category* in JUNOS includes the three
> POWER-ETHERNET-MIB (RFC3621) traps?
> 
> [1] pethPsePortOnOffNotification
> [2] pethMainPowerUsageOnNotification
> [3] pethMainPowerUsageOffNotification

Couldn't find any doco, but a quick test in the lab shows that category 
"chassis" picks up all three.

Just make sure you've got PoE notification enabled:

set poe notification-control fpc 0

or you won't see anything.

Cheers,

Ben


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] EX-series POWER-ETHERNET-MIB traps - which category?

2013-02-20 Thread Dale Shaw 
Hi all,

I feel like I should have been able to find the answer to this myself
but I haven't been able to dig anything up.

Which SNMP trap *category* in JUNOS includes the three
POWER-ETHERNET-MIB (RFC3621) traps?

[1] pethPsePortOnOffNotification
[2] pethMainPowerUsageOnNotification
[3] pethMainPowerUsageOffNotification

References/pointers welcome!

Cheers,
Dale
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Firefly (V-SRX) and Dynamic VPN bug

2013-02-20 Thread Robert Hass 
On Wed, Feb 20, 2013 at 10:44 PM, Robert Hass  wrote:
> I just started testing Firefly (SRX on VMware) and occurred problem that I
> cannot connect with JunOS Pulse due to no license:
[...]

Resolved.

I have to upgrade to JunOS Pulse v 4.0.

Rob
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Firefly (V-SRX) and Dynamic VPN bug

2013-02-20 Thread Robert Hass 
Hi
I just started testing Firefly (SRX on VMware) and occurred problem that I
cannot connect with JunOS Pulse due to no license:

Feb 20 15:41:53  firefly httpd-gk: DYNAMIC_VPN_LICENSE_CHECK_FAILED:
Dynamic VPN license check failed for user test
Feb 20 15:41:53  firefly httpd-gk: DYNAMIC_VPN_AUTH_NO_LICENSE:
Authentication failed for user test due to unavailable license

But I have 'all' features license ;-)

root@firefly> show system license
License usage:
 Licenses LicensesLicensesExpiry
  Feature name   usedinstalled  needed
  all   01   029 days

Licenses installed: none

root@firefly> show version
Hostname: firefly
Model: junosv-firefly
JUNOS Software Release [12.1X44-D10.4]

Is it bug ?

Rob
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] IPv6 ND timeouts and configuration

2013-02-20 Thread Grzegorz Janoszka 
On 20-02-13 16:41, Grzegorz Janoszka wrote:
> I was looking for Juniper command to set IPv6 ND parameters, like ie set
> system arp aging-timer for v4. The only thing I found was under
> protocols router-advertisement interface and there I set reachable-time
> and retransmit-timer. However that enabled sending RA on that interface
> which was not my goal.
> Is there any way to tune IPv6 ND to achieve the equivalent of Cisco IOS:
> interface X
>  ipv6 nd reachable-time 180
>  ipv6 nd ns-interval 5000
> but without enabling RA?
> 
> Thanks for any hints, Google was not really helpful.

Weird to answer to own emails, but I think someone will Google for it
anyway so the list archive may be useful (once I had a problem, googled
for it and found my own answer to the very same problem posted a few
years ago in a mailing list ;))

The problem now is we had a packet loss on some routers. They were
dropping IPv6 packets passing the router. On Cisco you can set the above
on interface and it helps, on Juniper setting that helps is:

[edit protocols]
+   router-advertisement {
+   interface xe-1/2/3.0 {
+   reachable-time 360;
+   retransmit-timer 5000;

It stopped the packet loss, however there is one drawback:

> show ipv6 router-advertisement
Interface: xe-1/2/3.0
  Advertisements sent: 5, last sent 00:04:35 ago

Any idea how to keep those parameters (they help for the packet loss)
and not send any ads?

-- 
Grzegorz Janoszka
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] IPv6 ND timeouts and configuration

2013-02-20 Thread Grzegorz Janoszka 

I was looking for Juniper command to set IPv6 ND parameters, like ie set
system arp aging-timer for v4. The only thing I found was under
protocols router-advertisement interface and there I set reachable-time
and retransmit-timer. However that enabled sending RA on that interface
which was not my goal.
Is there any way to tune IPv6 ND to achieve the equivalent of Cisco IOS:
interface X
 ipv6 nd reachable-time 180
 ipv6 nd ns-interval 5000
but without enabling RA?

Thanks for any hints, Google was not really helpful.

-- 
Grzegorz Janoszka
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] SRX240 Series and BGP Routes (and other things)

2013-02-20 Thread Skeeve Stevens 
Hey all,

I've just noticed something interesting in the SRX Branch Datasheet located
at: http://www.juniper.net/us/en/local/pdf/datasheets/1000281-en.pdf

Previous to this version, the SRX240B could do 32k BGP routes, and the
SRX240H could do 64k.

The new version just lists 600k (for both versions).  This is a 10 times
increase on the previous version of the document.  I am just not sure how
right that is.

I am not sure what has changed, and am assuming that the SRX240(H.B)2
versions are now able to take a full table (430k or so).

I wanted to clarify if this was simply due to the RAM increase on the
Series 2 models, or did something else change in the Junos version shipping
with them to increase this number.

I've also just noticed that the Throughput now says 1.8 Gbps for the
SRX240, but the old one said 1.5Gbps.  Firewall IMIX also has increased by
100Mbps too. Strangely the Connections per second has dropped from 9,000 to
8,500 and IPS has dropped from 250Mbps to 230Mbps.

OSFP, Static and RIP routes have also gone through the roof as well.

The old document was under Junos 10.3, and the new one is 11.4R5

So in some ways the device has increased in performance, and others,
decreased.  Kinda weird.

I'd also like to understand if this means that a SRX240H2 can hold 600k
BGP, 200k OSPF, 200k RIPv2 and 256K Static routes at the same time, or is
there some ratio'ing going on here?  It also doesn't talk about IPv6 routes
at all (which normally require double the space to store).

Also, Juniper, shouldn't the document differentiate between the Series 1
and Series 2 capabilities?

This isn't meant to be a rant... it just has a lot of inconsistencies that
I don't get and would love an explanation to.

...Skeeve

*Skeeve Stevens - *eintellego Networks Pty Ltd
ske...@eintellegonetworks.com ; www.eintellegonetworks.com

Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve

facebook.com/eintellegonetworks ;  
linkedin.com/in/skeeve

twitter.com/networkceoau ; blog: www.network-ceo.net

The Experts Who The Experts Call
Juniper - Cisco - Cloud
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp