[j-nsp] /config/rescue.conf.gz
Dear Colleagues, If I want my rescue configuration to be totally different from the current config, how do I edit/upload it? Because the request system configuration rescue save saves the current config as rescue. I just want a DHCP client on the management interface and some local login/password authentication for a possible emergency. Anything more than that is redundant. If I prepare a custom config offline and upload it as /config/rescue.conf.gz, will this work? -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] /config/rescue.conf.gz
Hello Victor, You are quite correct that you normally can only save the current configuration file; however I have just tested your assumption and this does work. The only snag was that I couldn't directly SCP the file onto the Juniper back in the correct directory (I didn't try as root), I put the file in /var/tmp then dropped into the shell and moved it over. rollback rescue then loaded the file which I created. HTH, Graham Graham Brown Twitter - @mountainrescuer https://twitter.com/#!/mountainrescuer LinkedIn http://www.linkedin.com/in/grahamcbrown On 2 July 2015 at 20:44, Victor Sudakov v...@mpeks.tomsk.su wrote: Dear Colleagues, If I want my rescue configuration to be totally different from the current config, how do I edit/upload it? Because the request system configuration rescue save saves the current config as rescue. I just want a DHCP client on the management interface and some local login/password authentication for a possible emergency. Anything more than that is redundant. If I prepare a custom config offline and upload it as /config/rescue.conf.gz, will this work? -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] MPLS Endpoint Discussion
All, I've created simpler MPLS ring between a total of 6 MPLS 4550s. My questions what IP do I use for the Label Switched Path Endpoints. I can't seem to find a best practice. Specifically this code Obfuscated as I'm a little to literal with my descriptions set protocols mpls label-switched-path PE2-to-PE1 to 10.254.1.1 set protocols mpls label-switched-path PE2-to-PE3 to 10.254.1.6 set protocols mpls label-switched-path PE2-to-PE4 to 10.254.0.4 Do I use the /30 that exists between the Legs? Or should I use the LoopBack0 ? My thought would be Leg itself as it creates the path. But some documents state LoopBack. Thank you, *Levi Pederson* Mankato Networks LLC cell | 612.481.0769 work | 612.787.7392 levipeder...@mankatonetworks.net ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Juniper mx80 mirror ae0 to ge
Hi, replace this set chassis fpc 1 pic 1 port-mirror-instance mirror_reductor with: set chassis fpc 1 port-mirror-instance mirror_reductor For whatever reason PM did not work (when I tested it in the past) when I tried to enable it for a particular pic. After enabling it for fpc it worked ok. Thanks, Marcin. On Tue, Jun 30, 2015 at 12:10 PM, dmi...@zhigulinet.ru wrote: Hi, Juniper-nsp. I tried configure port mirrror on mx80, but i have problem I don't watch traffic on the port ge-1/0/5 set chassis fpc 1 pic 1 port-mirror-instance mirror_reductor set forwarding-options port-mirroring instance mirror_reductor input rate 1 set forwarding-options port-mirroring instance mirror_reductor input run-length 0 set forwarding-options port-mirroring instance mirror_reductor family inet output interface ge-1/0/5.0 next-hop 192.168.98.2 set forwarding-options port-mirroring instance mirror_reductor family inet output no-filter-check set firewall filter mirror_reductor term dst-http-https from protocol tcp set firewall filter mirror_reductor term dst-http-https from destination-port 80 set firewall filter mirror_reductor term dst-http-https from destination-port 443 set firewall filter mirror_reductor term mirror then count mirror_reductor set firewall filter mirror_reductor term mirror then port-mirror-instance mirror_reductor set firewall filter mirror_reductor term default then accept set interfaces ae0 unit 0 family inet filter input mirror_reductor set interfaces ge-1/0/5 description --mirror-to-reductor-- set interfaces ge-1/0/5 unit 0 family inet address 192.168.98.1/30 arp 192.168.98.2 mac 00:11:22:33:44:55 set forwarding-options port-mirroring instance mirror_reductor family inet output interface ge-1/0/5.0 next-hop 192.168.98.2 set interfaces ge-1/1/0 gigether-options 802.3ad ae0 set interfaces ge-1/1/1 gigether-options 802.3ad ae0 set interfaces ge-1/1/2 gigether-options 802.3ad ae0 set interfaces ae0 unit 0 family inet address 123.143.143.246/30 -- Best regards Dmitry mailto:dmi...@zhigulinet.ru ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] MPLS Endpoint Discussion
loopbacks On 7/2/15, 4:25 PM, juniper-nsp on behalf of Levi Pederson juniper-nsp-boun...@puck.nether.net on behalf of levipeder...@mankatonetworks.net wrote: All, I've created simpler MPLS ring between a total of 6 MPLS 4550s. My questions what IP do I use for the Label Switched Path Endpoints. I can't seem to find a best practice. Specifically this code Obfuscated as I'm a little to literal with my descriptions set protocols mpls label-switched-path PE2-to-PE1 to 10.254.1.1 set protocols mpls label-switched-path PE2-to-PE3 to 10.254.1.6 set protocols mpls label-switched-path PE2-to-PE4 to 10.254.0.4 Do I use the /30 that exists between the Legs? Or should I use the LoopBack0 ? My thought would be Leg itself as it creates the path. But some documents state LoopBack. Thank you, *Levi Pederson* Mankato Networks LLC cell | 612.481.0769 work | 612.787.7392 levipeder...@mankatonetworks.net ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] MPLS Endpoint Discussion
On 3 Jul 2015, at 12:25 am, Levi Pederson levipeder...@mankatonetworks.net wrote: All, I've created simpler MPLS ring between a total of 6 MPLS 4550s. My questions what IP do I use for the Label Switched Path Endpoints. I can't seem to find a best practice. Specifically this code Obfuscated as I'm a little to literal with my descriptions set protocols mpls label-switched-path PE2-to-PE1 to 10.254.1.1 set protocols mpls label-switched-path PE2-to-PE3 to 10.254.1.6 set protocols mpls label-switched-path PE2-to-PE4 to 10.254.0.4 Do I use the /30 that exists between the Legs? Or should I use the LoopBack0 ? My thought would be Leg itself as it creates the path. But some documents state LoopBack. Always use loopbacks - if the link goes down (or the preceding node), the destination of the LSP goes with it - Junos will not maintain prefixes for downed interfaces. You mention this being a ring - if you target the LSP to a loopback, your IGP will provide an alternative path after a failure. Cheers, Ben ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] EX3300 mac-address aging counter stuck for several mac addresses
Hello everyone, I have several EX3300s suffering from a strange problem. They run Junos 12.3 and they are far away from their scalability numbers in terms of number of mac-addresses (6K at maximum) and thorughput. They are mainly traversed by pppoe subscribers. From time to time and not for every subscriber, when I run a 'show ethernet-switching table', I see that 'age' counter is completely stuck and neither goes to zero when the mac is 'seen' nor goes on growing in case the mac address is not 'seen'. The only way to return to a normal situation is manually clearing the mac-address entry. Have you ever had an issue like this in the EX family? Thanks in advance Kind regards Octavio ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp