Re: [j-nsp] [RESOLVED] MX204: 802.3ad LAG 2 x 1 G with a Palo Alto firewall

> On Mar 18, 2021, at 12:57 PM, Emmanuel Halbwachs > wrote: > > I feel ashemed not to have thinking about autoneg before, as it wasn't > necessary on the native 1G port of the MX5. I think the MX-204 may be picky about gigE and 10gigE negotiation. I recently had fits getting a 204 to talk

Re: [j-nsp] Fits with 10gig from MX-204 to Nexus 7700

> I’ve been tearing my hair out trying to turn up a direct patch over single > mode fiber using 10gig SFP+ between an MX-204 and a Nexus 7700. The MX can > see the light from the 7700, and vice versa, but it never shows the interface > as up. The Cisco eventually error disables the interface

[j-nsp] Fits with 10gig from MX-204 to Nexus 7700

Folks, I’ve been tearing my hair out trying to turn up a direct patch over single mode fiber using 10gig SFP+ between an MX-204 and a Nexus 7700. The MX can see the light from the 7700, and vice versa, but it never shows the interface as up. The Cisco eventually error disables the interface

Re: [j-nsp] ACL for lo0 template/example comprehensive list of 'things to think about'?

> On Jul 11, 2018, at 1:17 PM, Drew Weaver wrote: > > Is there a list of best practices or 'things to think about' when > constructing a firewall filter for a loopback on an MX series router running > version 15 of Junos? > > I'm slowly piecing it together by just 'seeing what is broken

Re: [j-nsp] Spine & leaf

> On Jun 25, 2018, at 11:22 AM, Scott Whyte wrote: > > BGP, as you say, provides excellent filtering capabilities. What does > OSPF/ISIS bring to the table? Less configuration for peer sessions since OSPF is multicast, but I suppose that tools like Ansible minimize that effort. —Chris

Re: [j-nsp] Spine & leaf

> On Jun 23, 2018, at 10:56 PM, joel jaeggli wrote: > > Personally I'm kind of done with large L2s so I would probably just use > ebgp with a private asn per server and eschew all these l2 topologies. Other than the administrative controls of mature route filtering tools in BGP, I’m curious

Re: [j-nsp] VPN interface naming on MX platforms

forums.juniper.net/t5/Routing/MS-MIC/td-p/292407 > > -Pasvorn > > On Fri, Jun 15, 2018 at 9:36 AM Chris Boyd wrote: > This is probably a noob question, but I can’t seem to find the answer in the > Juniper docs. On some MX routers where there are IPSec VPNs implemented, > they u

[j-nsp] VPN interface naming on MX platforms

This is probably a noob question, but I can’t seem to find the answer in the Juniper docs. On some MX routers where there are IPSec VPNs implemented, they use the sp-1/0/0 interface in the VPN, on other MX routers, they use the ms-0/2/0 interface. I suspect the answer lies in the details of

Re: [j-nsp] If there's anyone from Juniper on the list.....

> On May 15, 2018, at 12:34 PM, Karsten Thomann > wrote: > > If it is on a Web page you can simply use the star rating and leave feedback > with a comment. > My response rate from the documentation team is still 100%.‎ Thanks! Will go do that. —Chris

[j-nsp] If there's anyone from Juniper on the list.....

Who can get a message over to the Documentation group, it would be great if you could update the doc on the “insert” command to note that you have to create the object first, and then move it with the insert. May be common knowledge to old hands, but I’m still learning the ins and outs of

[j-nsp] SSH access with Radius auth issue

Starting to tear my hair out over this one. Recently wiped and upgraded an EX4200 to 15.1R6.7. Dropped in my standard Radius config that’s working on all my other devices. Users that are locally configured on the 4200 can log in normally, but SSH sessions that are Radius authenticated get the

Re: [j-nsp] IRB with VRRP configuration issue

> On Dec 7, 2017, at 4:33 PM, Rolf Hanßen wrote: > > maybe helps: > set routing-instances our-networks bridge-domains vlan30 interface xe-2/1/0.0 That was close—I needed to add the physical interface to the bridge domain: set routing-instances our-networks interfaces

[j-nsp] IRB with VRRP configuration issue

Howdy, I’ve got an odd issue with an IRB / VRRP configuration that’s driving me a bit crazy. The physical Ethernet interface is up, but the interface does not show up as part of the “show bridge domain” and the IRB interface shows "Flags: Hardware-Down” which is why I’m guessing the VRRP is