Hi Klaus,
I just had a quick peek in the vShield manual - it looks like it only supports
IKEv2, so you'll need to add the following line to your config:
set security ike gateway gw_lan_to_remote version v2-only
Ben
On 21/06/2013, at 4:35 AM, klauzi wrote:
> Just wanted to double check that t
Hi Andy,
On 19/06/2013, at 9:29 AM, Andy Litzinger
wrote:
>
> I will try rib groups next, but I think I read somewhere that EX switches
> don't support importing static routes via rib groups.
>
> I suppose this could also be solved by Filter Based Forwarding, but I'd like
> to avoid that
It's also now available on the SRX as of 12.1X44D10.
One to watch though - Mac OSX and most other non-windows clients will fail to
get an address from the JDHCP daemon because they set the BOOTP Unicast flag on
all requests, whereas Windows will fall-back to broadcast after 30 seconds.
The f
On 12/06/2013, at 11:29 AM, Morgan McLean wrote:
> I have an SRX cluster at an office with a single connection to the web at
> the moment. It has a couple ipsec connections out to our datacenters, and a
> couple local subnets hanging on RETH interfaces.
>
> For the life of me, I can't figure ou
On 28/05/2013, at 12:58 AM, Nick Kritsky wrote:
> Hi fellow J-users,
>
> I hope I will not trigger some long-forgotten flame-war by that question.
> But I do wonder: what are the best practices for interface/unit
> descriptions?
> Do you put them on interface-level or unit-level? Especially wh
Hi James,
On 15/05/2013, at 12:29 AM, James S. Smith wrote:
> I'm looking for people's experience with storm control on Juniper switches.
> We have a pair of EX4500 switches and I notice that storm control kicks in a
> lot. I'm concerned that it might be stopping legitimate broadcast and
>
As long as your tunnels don't breach the IPSEC Throughput numbers, you should
be right™.
I have a few SRX240s out there with upwards of 500 tunnels on them, some
dynamic routing (3 core sites only), and they're sitting at around 50% CPU.
They're all running DPD with intervals of 10 and 3 (wh
Hi Ala',
I think you are trying to do isn't going to work - when you bring up the
aggregated ethernet interfaces between the two MXs, your media
converters/management units will no longer be visible.
Picture the AE as a tunnel between the two MXs (even though frames aren't
actually tunnelled
Hi Jeff,
To use the USB port on the branch SRX 100,110 or 210 as 3G/4G backup you need a
sierra wireless modem.
There are very few listed on Juniper's supported list, but at least here in
Australia I've found that most available Sierra 3G modems tend to work
including:
USB306
SW312U
AC326U
AC
Hi Josh,
I would recommend putting the proxy in it's own subnet and zone (even just a
/30 off to the side). Then you can apply policy routing on your external
interface for inbound traffic, and the LAN interface for your outbound traffic.
If you let return connections go directly back to the c
On 14/04/2013, at 1:32 PM, Giuliano Medalha wrote:
> Hi,
>
> Does anyone has some experience implementing CoS using Radius for MX Series
> with PPPoE License ?
>
> We are looking for a specific solution that:
>
> - Can allocate bandwidth of 1 Mbps for a subscriber user (PPPoE dynamic
> interf
On 11/04/2013, at 10:08 PM, Luca Salvatore wrote:
> HI,
> Quick question just for my own sanity :-/
>
> If i make some config changes on a VC when one of the members is down, what
> happens to the config on the down member when it comes back up? I'm assuming
> it will just sync with the mas
Yep - listen to JTAC.
The parity error is definitely a sign that the memory on your switch is flakey
- I had an EX4200 completely lock-up and drop out of a VC after 6 months of
flawless operation. Rebooted it and it came good, 24 hours later it dropped
right back out again with the parity erro
>> Epic fail on Juniper's part to think that networks will
>> still go for "too big" boxes for "small box" deployments.
>> The ERBU head promised that they were looking at a 1U MX80
>> box that would rival the Cisco and Brocade options in the
>> access, but I think they thought coming up with
On 01/04/2013, at 5:55 AM, Mathias Sundman wrote:
> I've just upgraded two of my MX5-T boxes to 11.4R7.5 and after that my 3rd
> party 1000Base-T SFP (Transmode originals based on Finisar) started to show
> Link Up as soon as the SFP is inserted (no cable inserted).
>
> On 11.2R5.4 it worked
You must have just missed the thread on this the other day:
https://puck.nether.net/pipermail/juniper-nsp/2013-March/025910.html
tl;dr - PR842933, PR858565 to be fixed in 12.3R2
On 27/03/2013, at 2:10 PM, Julien Goodwin wrote:
> I upgraded a new EX2200-c to 12.3 the other day (was shipped with
On 27/03/2013, at 9:58 AM, Giuliano Medalha wrote:
> People,
>
> Is it possible to transport untagged ethernet frames using Q-in-Q in EX2200
> switches ?
Yes
>
> The client port is ever untagged ... but we would like to transport
> untagged frames, like a direct computer frames from one side
At the risk of asking the obvious - are the devices directly connected, or is
there interim equipment in the path (media converters, NTUs etc)
On 26/03/2013, at 5:30 PM, Riccardo S wrote:
> SIDE A
>
> @xx> show lldp statistics
> InterfaceParent Interface Received Unknown TLVs With E
On 25/03/2013, at 12:33 PM, Skeeve Stevens
wrote:
> Hey all,
>
> I've heard quite a few people have self-upgraded their SRX240's from v1 to
> v2's simply by upgrading the RAM from 1Gb to 2Gb.
>
> Couple of questions.
>
> 1. Any one got a photo of the inside of the SRX240 (can't find any on
On 21/03/2013, at 12:16 AM, Daniel Roesen wrote:
> On Wed, Mar 20, 2013 at 04:12:19PM +0400, Nick Kritsky wrote:
>> This rises the question that is more generic. Have anyone built custom
>> binaries that can be run on RE? I would love to see some additions to
>> /usr/bin and /usr/sbin .
>
> Bac
Giuliano,
What you may be referring to is the new EX9200 switches that sit in the
same-look chassis as the MX-Series.
There is a presentation from Tech Field Day that goes into more detail (3rd
video down):
http://techfieldday.com/appearance/juniper-presents-at-networking-field-day-5/
Cheers,
Technically it's ~3.3GB due to the 32-bit limitations of the JSR Junos builds,
but yes ; )
On 05/03/2013, at 5:14 AM, Brad Fleming wrote:
>
> On Mar 1, 2013, at 10:41 AM, Eugeniu Patrascu wrote:
>
>> I guess it has to do with the EOL announcement for the J series where the
>> SRX is promoted
It doesn't look like there is a build for the PowerPC-based MXs - but it is
available on the higher end boxes though seems to be some sort of tax^W license
required:
JWEB-1-LTU
I'm struggling to come up with a single reason why you'd want to though - using
the J-Web to drive an MX would be lik
show interfaces at-1/0/0 extensive | match "Bit"
First column is your downstream sync, third column is your upstream.
On 27/02/2013, at 2:52 PM, Ali Sumsam wrote:
> Hi,
> Does anyone know the equivalent of Cisco commands "show dsl interface" in
> Junos.
> I want to see the speed of DSL.
>
>
O-Series... *ducks*
On 26/02/2013, at 12:56 AM, Benny Amorsen wrote:
> Which Juniper platform would you pick for a dedicated route reflector?
>
> It does not currently seem obvious which Juniper router is best for
> dedicated route reflection duty for an MPLS network. It seems that the
> obvio
> Which SNMP trap *category* in JUNOS includes the three
> POWER-ETHERNET-MIB (RFC3621) traps?
>
> [1] pethPsePortOnOffNotification
> [2] pethMainPowerUsageOnNotification
> [3] pethMainPowerUsageOffNotification
Couldn't find any doco, but a quick test in the lab shows that category
"chassis" pi
Hi Guys,
I've got a requirement to run LFI (Link Fragmention & Interleaving) on an ADSL
Interface on an SRX - this requires the use of MLPPP even though there is only
a single interface.
The customer has a Cisco 877 doing exactly this and it works fine.
With my configuration as it stands,
On 07/02/2013, at 8:32 PM, Nikolay Abromov wrote:
> Is there any workaround like on Cisco by using RPS?
>
I assume you're comparing against the 3750X - if you are be sure to check the
data sheet very carefully - ignore the marketing blurb at the about full PoE+
at the top:
http://www.cisco.
Hi Jeff,
> The question is now how to proceed and how to improve the setup generally?
>From what you've described, it sounds like there is a misconfiguration or bug
>*somewhere* amongst your 3 vendors. As painful as it will probably be to
>locate, that is probably the best place to start.
-
I don't consider upgrading my own devices with equivalent/superior accessories
at fair market prices "going rogue", but yes - SRX240 takes off the shelf PC
memory and can be upgraded to 2G very cheaply ; )
If I recall correctly, the flash is a surface mount package rather than
removable card an
On 20/12/2012, at 4:58 PM, Michel de Nostredame wrote:
> Possibly Juniper is positioning ACX for that?
> But ACX has far lower port density and those
> 1U ACX has only DC power-supplier.
This was my feeling too, but there is *currently* no VPLS support on ACX. I'm
hoping that will change in
Oh boy.. I just spent the better part of this week doing exactly this with a
Citrix Branch Repeater and an SRX210, having to deploy hacks on top of hacks to
make up for the fact the Junos doesn't support something simple like WCCP, or
FBF on the st0 interface.
My solution ended up being:
st0
/InfoCenter/index?page=content&id=KB17223
Just ignore the security bits for M/MX.
>
> Luca
>
>
> -----Original Message-
> From: Ben Dale [mailto:bd...@comlinx.com.au]
> Sent: Monday, 17 December 2012 11:13 AM
> To: Luca Salvatore
> Cc: juniper-nsp@puck.neth
Hi Luca,
> So is it possible for me to somehow send traffic from one subnet, to a next
> hop address in the same routing instance?
Yes - FBF uses a routing-instance of type forwarding-instance to perform
next-hop look-up - think of it not as a VR, merely an alternative routing table
to consult
You can, but only 1-to-1 NAT (eg: static NAT)
Still waiting on a services module...
Config is a little different for inline - to turn it on you need an inline
services interface:
set chassis fpc 0 pic 0 inline-services bandwdith 10g
set interfaces si-0/0/0 unit 0 family inet
then you use servi
On 14/12/2012, at 12:29 AM, Chuck Anderson wrote:
> Regarding my previous comment about auto-negotiation, on the EX
> platform the correct command is:
>
> set/delete interfaces ge-x/y/z ether-options no-auto-negotiation
>
> On Thu, Dec 13, 2012 at 11:02:00AM +0100, Nicolas Hyvernat wrote:
>>
ooh VSTP/PVST+ interop. Boy have we had some fun here over the years..
Cisco PVST+ sends IEEE and Cisco BPDUs on the *native* VLAN and Cisco BPDUs for
each VLAN that is tagged on an interface.
Juniper VSTP only sends IEEE BPDUs on the native VLAN 1 (or did as of 11.4)
but sends Cisco BPDUs f
outer;
>routing-options {
>interface-routes {
>rib-group inet FBF-PBR;
>}
>}
> }
>
> [edit]
> root@srx210# commit check
> configuration check succeeds
>
>
> --Stacy
>
>
> On Nov 28, 2012, at 5:39 PM, Ben Dale wrot
Hi All,
I have a requirement for performing Filter-based Forwarding on traffic that is
ingressing via a routing-instance (instance-type virtual-router):
show routing-options:
interface-routes {
rib-group inet FBF-PBR;
}
rib-groups {
FBF-PBR {
import-rib [ CUSTOMER-A.inet.0 FBF-
If you're having packet loss (sporadic), run:
show spanning-tree bridge
on the SRX and confirm that your topology is actually stable - look for
topology age.
Cheers,
Ben
On 20/11/2012, at 4:07 PM, Jonathan Lassoff wrote:
> The other that that comes to mind for me is security policy.
>
> I
Hi Luca,
I have a funny feeling you'll need to plug the tunable into one of the built-in
XFP ports to make it work.
If this doesn't work:
- Confirm that the MUXes you are connecting to are definitely DWDM and not
CWDM. If they are CWDM, make sure you are connecting to the 1530nm (Channel
53)
On 04/11/2012, at 3:12 AM, Mihai wrote:
> Hello,
> I have an MX480 running 11.4R2.14 with a weird behavior of the
> pseudo-terminal (always ttyp3) allocated to the first user that login through
> telnet.After I enter the password I have to press ENTER twice to access the
> cli, but the cli
On 03/11/2012, at 3:55 AM, Dave Peters - Terabit Systems
wrote:
> Hey everybody--
>
> I got my hands on an EX-3200 PoE switch, and I don't need the PoE. Can I run
> it with a 320W power, rather than the 740W (which I don't have).
>
> I'm not seeing any errors. Does this just disable PoE, o
Hi Morgan,
On 31/10/2012, at 9:06 AM, Morgan McLean wrote:
> Can anybody give me an idea regarding typical failover times if the master
> in a two switch pair were to die? The quickest I've seen in my testing with
> EX3300's is 45 seconds, just for L2 forwarding to continue working, no
> routing
> My topology is a bit different though... There is no 'service provider' cloud
> between my MX routers.
> They are directly connected via dark fibre. Does the split horizon rule come
> into play here?
It does - although the physical topology looks like a ring, remember that it
will be all L3
Hi Luca,
> MX1-darkfibre--MX2
> | |
> | |
> MX3-darkfibre--MX4
>
> So above you see that there are dual links which will create a loop.
>
> How doe
On 27/10/2012, at 12:15 PM, Craig Askings wrote:
> On Saturday, October 27, 2012, Richard A Steenbergen wrote:
>>
>>
>>
>> I'm still sad that I couldn't get Juniper to bless the XRE200 as an
>> external route reflector, since it's an infinitely more useful form
>> factor than a JCS, but alas
On 18/10/2012, at 2:05 PM, Jeff Wheeler wrote:
> On Wed, Oct 17, 2012 at 8:38 PM, Ben Dale wrote:
>> Table Tot Paths Act Paths SuppressedHistory Damp State
>> Pending
>> inet.0 1056579 354871 0 0 0
>
Hi Skeeve,
On 18/10/2012, at 10:04 AM, Skeeve Stevens
wrote:
> Question is the specs say it can support a maximum of 700k routes.
>
> Now, if what I suspect is right, that is great, but I am getting
> conflicting information.
>
The way I read the data sheets is the maximum "supported/test
Hi Benny,
On 11/10/2012, at 1:03 AM, Benny Amorsen wrote:
> I am considering building a very simple setup with a number of ethernet
> interfaces on one switch each CCC-tunnelled through a common fiber to
> another switch. I.e. simply emulating a typical ethernet CWDM using
> EoMPLS.
>
> One fea
Hi Huan,
On 10/10/2012, at 10:18 PM, Huan Pham wrote:
> There seems to be a bug with this feature.
>
> http://www.juniper.net/techpubs/en_US/junos10.0/information-products/topic-collections/config-guide-cos/cos-assigning-fc-dscp-to-re-pkts.html
>
> Once I apply the Firewall Filter with QoS term
Hi Abdullah,
On 30/09/2012, at 7:09 PM, Abdullah Baheer wrote:
> Hi Experts,
> We have two ex-4200 switches placed in two buildings, 400 to 500 meters
> apart.The switches are connected through a Trunk interface (through a fiber
> link and media-converters on both sides)
> We are thinking of r
On 27/09/2012, at 6:51 AM, Spam wrote:
> Hey All,
> Here's another SRX issue I'm having and need help on..
> My SRX is connected on 3 Ports. Each in its own Security Domain and subnet.
> Sec-Domain: Inside
> Subnet1: 10.10.10.0/24
> Subnet2: 20.20.20.0/24
> Sec-Domain: Outside
> Subnet: 59.xx.xx
On 18/09/2012, at 11:56 AM, Frank Sweetser wrote:
>
> For what it's worth, we've been harassing pretty much everyone we talk to
> with a juniper.net email address about SPB. I suspect the biggest limitation
> is that nowhere in any EX or MX docs is there mention of support for 802.1ah
> mac
Hi Morgan,
> Just curious if anybody knew of a way to create a full mesh on SRX clusters
> that don't support layer 2 RSTP, ie SRX3400 cluster?
Yes, but it requires your switches to be a virtual-chassis, or support some
equivalent like MC-LAG.
> At present, a reth1 group we use hosts gateways
Hi Xu,
Do you have the box in packet or flow-mode?
If it's in flow-mode, you'll need to configure:
set security forwarding-options family inet6 mode flow; (or packet-based
depending on what you want)
Cheers,
Ben
On 10/09/2012, at 2:34 PM, Xu Hu wrote:
> Hi Experts,
>
> I have one J2350 b
other interface during
fail-over.
> On Aug 25, 2012, at 4:56 AM, Ben Dale wrote:
>
>> Hi Morgan,
>>
>>> My main issue is I can't seem to get the advertised routes from firewall A
>>> to be shared between the border routers. I know the nature of iBGP will
&g
Hi Morgan,
> My main issue is I can't seem to get the advertised routes from firewall A
> to be shared between the border routers. I know the nature of iBGP will
> block this, so I tried enabling advertise-peer-as for just the border to
> border peer relationship, but I still do not see it being a
There is no difference between the two.
...Until You jump on an SRX branch where you use both for completely different
things (eg: transparent mode) ; )
My (albeit limited) understanding is that bridging interfaces/bridge-domains
aren't bound to a specific ingress VLAN tag, allowin
Hi William,
On 01/08/2012, at 11:35 PM, William McLendon wrote:
>
> the link between the EX and the Cat6500 is provided by a 3rd party provider
> (I think via DWDM - Sienna and Infinera gear). Both the EX and the Cat6500
> GigE interfaces are configured as routed interfaces.
>
> I don't know
Hi Nicolas,
On 29/07/2012, at 8:25 PM, Nicolas DEFFAYET wrote:
> Is it a know issue that SNMP is broken in 11.4R4 for EX ?
It is indeed broken - you're most likely hitting PR 782231 (which is hidden),
but the excerpt is and I quote "The issue happen when restarting MIB2 and DCD
processes in a
> I'd say the idea of splitting a firewall cluster into two geographically
> remote parts is itself worth to be revised twice. The chassis
> interconnect pitfalls are not the main caveat in such a design.
>
> The most important thing about FW clusters (or even any other statefull
> devices, like,
curity-zone WAN apply-groups [HQ-UNTRUST-HOSTS
HQ-DMZ-HOSTS]
Neat!
On 12/06/2012, at 12:49 PM, Wayne Tucker wrote:
> On Mon, Jun 11, 2012 at 5:04 PM, Ben Dale wrote:
> What would really help though is if Junos allowed multiple address-books to
> be bound to a single zone - that way,
introduce you to my little friend called the global address
> book. Introduced in 11.4.
>
> set security address-book global address p1 192.168.1.13/32
>
> -Tim Eberhard
>
> On Mon, Jun 11, 2012 at 7:04 PM, Ben Dale wrote:
>>
>> What would really help though
Hi Morgan,
> I have a question regarding managing policies among multiple sets of
> firewalls. I don't know what industry standard / best practice is for
> managing rules among multiple devices.
If there is an industry standard, no one in any industry I've worked with is
aware of it ; )
> I do
Having just done this in the last week (strictly EXs), I'd suggest that neither
your OAM and G.8032 are configured correctly - post up some configuration if
you can.
Make sure you have your link-fault-management action-profile is set to
link-down and that you have an apply-action-profile bound
Yes they do, but it requires an Advanced Feature License. They provide - CCC
only (not EoMPLS/L2Circuit).
On 30/04/2012, at 1:06 PM, Skeeve Stevens wrote:
> Hey guys,
>
> I've tried googling and my foo is weak today.
>
> I am trying to confirm that the EX3200 and EX4200 have the same MPLS
> c
On 25/04/2012, at 4:53 PM, sth...@nethelp.no wrote:
>> Does anyone have experience with the compatibility of the generics?
>
> We've been using generic SFPs and XFPs in Juniper M and MX routers
> for many years. Never had a problem except, as others also have noted,
> not all 1000baseT SFPs work
Hi Bruno
>
> i don't know what did i miss?
"VPLS routing instances on J Series or SRX Series devices use BGP to send
signals to other PE routers. LDP signaling is not supported."
http://www.juniper.net/techpubs/en_US/junos11.4/information-products/topic-collections/security/software-all/mpls/
Hi Dave,
When you form a VC, the configuration for the second member's interfaces
doesn't always get generated - make sure you have
set interfaces ge-1/0/0 unit 0 family ethernet-switching (or whatever port you
are testing from) configured
Cheers,
Ben
On 04/04/2012, at 9:46 AM, Dave Peters w
> I am not saying braindumps are good at all, but...
>
> What engineer when architecting/building/supporting a solution doesn't have
> access to the internet or reference tools?
>
I'd hazard a guess that neither Dodo or Telstra engineers were able to google
for help last month : P
It's Junos
A timely discussion for sure:
MX80 - No LAC or LNS support [1] and none planned*
MX240, 480, 960 - LAC and LNS supported, MPCs only [1][2]
M120 (AS/AS2 & MS PICs) - LNS support only [2]
M7i/10i (AS/AS2 & MS PICs) - LNS support only [2]
BRAS is one of those features that is actually getting bette
I've got a number of customers with 10 of these on top of each other with the
dual 930W PSUs - after 18 months they do have a slight dip in them, but nothing
too serious.
If you want a cost-effective fix though, get the 4-post rail kit, but only for
the bottom switch (provided the switches ar
Hi Leigh,
On 20/03/2012, at 10:53 PM, Leigh Porter wrote:
>
> error: The number of destination NAT pools exceeds limit of 0
> [edit security nat destination rule-set incoming-connections rule
> port-forward then destination-nat]
> 'pool'
> failed to get pool (wilderness)
> error: configur
On 06/03/2012, at 7:38 PM, Jose María Carrera wrote:
> hello there
>
> Is there anyway to tear down the interface when the interface included in the
> VPLS is not directly connected to the CE, but to one switch in between?
> If the setup is as follows
>
> PE--SW--CE
>
> If the interfa
Hi David,
> Just curious about your experiences with the SRX J-Web GUI.
Woeful, just like everyone else's. You've got to wonder whether the monumental
failure that the SRX GUI is, is one of the major reasons why the SSG Product
line is still available.
> We have been testing the SRX-210 for a
If that is the actual config off the ASA, then another thing that may be
affecting connectivity:
> crypto map foo 5 match address MYACL
> crypto map foo 5 set pfs <
> crypto map foo 5 set peer x.y.w.z
> crypto map foo 5 set transform-set ipsec-p2
> crypto map foo interface outside
you ha
On 05/03/2012, at 9:57 PM, bizza wrote:
>gateway gw_vpn2remote {
>ike-policy ike_pol_vpn2remote;
>address X.Y.W.Z;
>local-identity inet A.B.C.D;
>external-interface fe-0/0/7.0;
>version v1-only;
>}
In your IKE gateway con
Hi Alex,
On 21/02/2012, at 8:38 PM, Alexander Bochmann wrote:
> we've been putting off converting our EX4500s to a virtual
> chassis for quite some time now. I've seen a few posts about
> mixed EX4500/4200 setups, but none with several EX4500s.
>
> Does anyone run something like that? Any spe
Hi Lukasz,
J-Series only needs a license to download signature updates for IDP - in order
to stop fragmentation, all you need to do is create a security policy that
matches on GRE traffic "match application junos-gre" and then references the
idp engine in the action "then permit application-ser
So my thoughts on managing SRXs with Space:
- Using the base platform, configuration templates and general Junos
configuration pushing, it seems to be reasonably stable and once you wrap your
head around the workflow for templating it is really quite straightforward.
(though documentation could
Ashish,
On 17/01/2012, at 1:19 PM, ashish verma wrote:
> In our SRX deployment I am seeing an issue where client does not receive a
> ICMP message back after getting denied by the policy.
>
> I can see that packet got dropped by the policy and SRX generates the
> tcp-rst but client does not re
On 12/01/2012, at 5:21 PM, Per Granath wrote:
>> Does anyone know if there is a special apply-group for referencing individual
>> virtual-chassis members?
>
> member0, member 1, member2, ...
> http://kb.juniper.net/InfoCenter/index?page=content&id=KB15556
>
Well that's nice and obvious - thank
Hi all,
Does anyone know if there is a special apply-group for referencing individual
virtual-chassis members?
The SRX has node0, node1 & apply-groups ${node} and M/T have re0 re1 plus the
lcc variants, but I have a hazy (though possibly imagined) recollection of
seeing some config that allo
Okay, it's ugly, but:
Write a policy on the SRX that is attached to a scheduler.
Make the "then" action of the policy permit application-services idp.
Write an IDP policy that has a "then" action to re-write DSCP markings for this
traffic.
Write a CoS policy on your EXs to police traffic mat
Hi John,
>
> My issue is that I have 2 trunk links on each firewall passing completely
> different VLAN's but when I enable any form of spanning tree, I'm seeing one
> of those links blocked (3 out of the 4 links get blocked by STP). I've tried
> rstp, stp and mstp - all with the same issue.
Hi there,
We are experiencing an issue caused by exactly this behaviour (Control traffic
from the RE being automatically marked as CoS 6), and I think the current
answer regarding changing the value is no. We are currently getting around it
by looping traffic back into the MX80 (using physical
Hi Chris,
On 27/09/2011, at 11:20 PM, Chris Gapske wrote:
> Sorry Very new at this but I would like to ask for help on an issue.
>
> I am getting conflicting stories on the ability of the SRX. TAC says they
> cannot get Mobile Devices such as Android or Idevices to connect with the
> pulse c
Hi Chris,
VLAN ID Translation support was added to the EX2200 in Junos 11.1 - it works on
the base license too (no AFL required).
Cheers,
Ben
On 10/09/2011, at 2:39 AM, Chris Adams wrote:
> While trying to solve a problem, I was wondering: is it possible to have
> two trunks connected to a sw
I just dropped some MRV CWDM optics (SFP-GDCWZX-xx-R) into an MX80 and they
work fine.
They show up as unknown vendor:
comlinx@bras1-bne# run show chassis hardware
Xcvr 0 0NON-JNPR 1JJ680083602548 SFP-SX
Xcvr 9 NON-JNPR A28T000100SFP-
Looks like add-path is now available Junos 11.3
Cheers,
Ben
On 30/08/2011, at 8:36 PM, Mark Tinka wrote:
> On Thursday, August 11, 2011 04:02:13 AM Zaid Hammoudi
> wrote:
>
>> Keegan,
>>
>> Look into add-path, something that is not supported in
>> JUNOS yet, but will be sometime this year.
>
ar dialler
interface, but it's not really out-of-band. Also, the "call" needs to be
initiated by the SRX to bring up the interface.
Ben
> -Original Message-
> From: juniper-nsp-boun...@puck.nether.net
> [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf O
On 06/08/2011, at 2:09 PM, Stefan Fouant wrote:
> The SRX 210 is the only device that I am aware of that has an internal
> ExpressCard slot for the CX111 3G modem. All the other platforms use an
> external bridge, so unfortunately you are out of luck here...
Slightly OT, but the SRX210 now su
Hi Jon,
On 28/07/2011, at 1:15 PM, Paulhamus, Jon wrote:
> Hello all -
>
> I am in the process of replacing an aging Cisco ASA-5540 with an SRX-650.
> The ASA has a large number of static NAT translations, as well as many
> outbound source NAT pools. Does anyone have any suggestions on creat
Hi Richard,
Depending on your topology you can scale this out by having a common "Untrust"
zone for all customers (which is has interfaces in the inet.0 instance) and
simply leaking routes (interface(s), default or otherwise) into specific
customer VRs.
Cheers,
Ben
On 22/07/2011, at 5:54 PM,
On 18/07/2011, at 9:37 AM, Ryan Finnesey wrote:
> Does anyone have any comments on the switches Dell OEMs from Juniper?
> Are they truly the same? We meet with them last week regarding server
> and storage for a new DaaS build out. They told us they can offer us
> Dell networking hardware that t
Hi Chris,
At a guess, It looks like you're trying to dump 170,000 routes from your Border:
> inet.0: 363930 destinations, 363932 routes (170427 active, 0 holddown, 193504
> hidden)
into your core EX4200:
> inet.0: 16384 destinations, 16384 routes (16384 active, 0 holddown, 0 hidden)
which is
> Hi,
>
>> I have a couple of EX4200's that are stacked currently and I am trying
>> to get a GRE tunnel working on them with the destination being a Linux box.
>
> I played around with GRE on EX4200s briefly and saw some strange
> behaviour too. I think I came to the conclusion that it's not s
On 29/06/2011, at 2:59 AM, Alex wrote:
> You can simulate it with source MAC filtering: allow fake MAC in and deny
> everything else.
> HTH
> Rgds
> Alex
Sorry to hijack this thread a bit, but this seems problematic on EX - I've been
trying filter OAM PDUs on an EX in order to simulate just tha
On 28/06/2011, at 7:24 PM,
wrote:
> Do you know if Junos provides ALS (Automatic Laser Shutdown) configuration ?
> Like Cisco
> (http://www.cisco.com/en/US/docs/routers/7600/install_config/ES40_config_guide/es40_chap11.pdf)
I can only vouch for the EX platform, but in some testing I did a wh
101 - 200 of 262 matches
Mail list logo
