Re: [j-nsp] EX4200 egress analyzer (mirror) bogus 802.1Q tags

On Thu, Mar 25, 2010 at 11:35:39AM +0300, Alexandre Snarskii wrote: > On Wed, Mar 24, 2010 at 06:37:58PM -0400, Chuck Anderson wrote: > > EX4200 > > JUNOS 10.1R1.8 > > > > Anyone else notice that packets captured by an egress analyzer have > > bogus 802.1Q tags?

[j-nsp] EX4200 egress analyzer (mirror) bogus 802.1Q tags

EX4200 JUNOS 10.1R1.8 Anyone else notice that packets captured by an egress analyzer have bogus 802.1Q tags? Originally I thought that egress mirroring was broken because I saw no output when filtering on what I thought was the correct VLAN ID like this: tcpdump -i eth1 -n -s0 -e -v vlan 123

Re: [j-nsp] Low power warning

On Tue, Mar 23, 2010 at 03:48:21PM +0100, Wouter van den Bergh wrote: > Mar 22 16:14:20 chas[796]: link 1 SFP receive power low warning set > Mar 22 16:14:40 chas[796]: link 1 SFP receive power low warning cleared > > Does anyone know how I can link this to the interface these messages come

[j-nsp] Class E IP addresses

From 9.6 release notes: Class E addresses—The JUNOS Software now allows Class E addresses to be configured on interfaces. To allow Class E addresses to be configured on interfaces, remove the Class E prefix from the list of martian addresses by including the [edit routing-options martians

Re: [j-nsp] Strange IS-IS Problem

On Mon, Mar 08, 2010 at 01:43:57PM -0700, Sergio D. wrote: > Only the first few hellos are padded, please see link from Jeff Doyle's ISIS > OSPF book: > > http://gyazo.com/1b872a14f35bd27f859a722ecc3849c5.png > > (I have a hard copy of that book as well) I was testing with a not-yet-up adjacency

Re: [j-nsp] EX4200 upgrade

And now 10.0S3.1 is out with yet more fixes, but not yet on the "recommended releases" page. Wee! On Sat, Mar 06, 2010 at 11:06:19PM -0800, Dan Farrell wrote: > We use 10.0S1.1 in a heavy production environment (750+ RVI's across > 21 downstream switches in a two-stack VC chassis setup) with no

Re: [j-nsp] Strange IS-IS Problem

On Mon, Mar 08, 2010 at 12:55:29PM -0500, Chuck Anderson wrote: > On Mon, Mar 08, 2010 at 11:57:55AM -0500, Eric Van Tol wrote: > > Both MTUs are consistent and always have been. I started out with > > 9216 physical MTU and 1500 inet MTU, but have since just deleted the > >

Re: [j-nsp] Strange IS-IS Problem

On Mon, Mar 08, 2010 at 12:51:33PM -0500, Eric Van Tol wrote: > Sorry for responding to my own post here. Another helpful tip came > in to use 'point-to-point' in the ISIS config, which had been > brought up before but never tried. It appears that this actually > works. The person who suggest

Re: [j-nsp] Strange IS-IS Problem

On Mon, Mar 08, 2010 at 11:57:55AM -0500, Eric Van Tol wrote: > Both MTUs are consistent and always have been. I started out with > 9216 physical MTU and 1500 inet MTU, but have since just deleted the > custom MTU and went with the defaults. I am quite sure now that > this is not an MTU issue,

Re: [j-nsp] Strange IS-IS Problem

On Sat, Mar 06, 2010 at 11:06:16AM -0500, Chuck Anderson wrote: > On Sat, Mar 06, 2010 at 07:53:41AM -0500, Eric Van Tol wrote: > > MX960: > > xe-1/2/0 { > > vlan-tagging; > > mtu 9192; > > unit 1 { > > vlan-id 1; > >

Re: [j-nsp] Strange IS-IS Problem

On Sat, Mar 06, 2010 at 07:53:41AM -0500, Eric Van Tol wrote: > MX960: > xe-1/2/0 { > vlan-tagging; > mtu 9192; > unit 1 { > vlan-id 1; > family inet { > mtu 1500; > address x.x.x.99/28; > } > family iso; > } > } Can you try c

Re: [j-nsp] Virtual chassis

On Mon, Feb 15, 2010 at 02:22:23PM +1000, Paul Waller wrote: > Can you access other virtual chassis within a group directly from > the master EX4800 switch ?, like on routine-engines 'request > routing-engine login other-routing-engine re1' like on juniper > routers. Yes, by using "request sess

Re: [j-nsp] VOIP messages through IPSEC tunnel

On Sun, Jan 31, 2010 at 09:40:04AM +0300, Muhammad Rehan wrote: > For DHCP server i simply enable DHCP relay on both site,but i have a > confusion regarding IP phones. > > (In normal scnerio I just enter a TN number on my IP phone and it > automically gather all info from Call manager when I pluge

Re: [j-nsp] IPv6

On Sat, Jan 23, 2010 at 07:22:21PM +0500, Muhammad Aamir wrote: > We are planning to go with IPv6; currently we have all Junipers in the Core. > I just want to know does juniper supports all features related to IPv6. > Anybody faced any problem while configuring IPv6 on their Juniper routers. > Doe

Re: [j-nsp] BGP peer's

On Wed, Jan 13, 2010 at 09:26:57AM -0600, Onam Rubio wrote: > I have 2 BGP session with the same ISP but one of this one is for > the local BGP to save internet traffic, and the other one is for > internet redundancy I need to have but session running but my > advertisement goes for both of them

Re: [j-nsp] upgrading M120 directly from 8.5 to 9.3

On Mon, Jan 11, 2010 at 10:13:33PM -0600, Richard A Steenbergen wrote: > $10 says they just don't want to devote the QA cycles to testing every > possible combination of every version. Given that QA clearly has better > things to be doing with their time, I guess I don't mind that much. :) Their c

[j-nsp] upgrading M120 directly from 8.5 to 9.3

Juniper recommends not upgrading more than 3 releases, but 8.5 to 9.3 would be a 4-release upgrade (9.0 - 9.1 - 9.2 - 9.3). Has anyone done this with success? It seems strange to me that Juniper wouldn't test and support an upgrade from one E-EOL release to another without having to jump thro

Re: [j-nsp] vulnerability fix not available for 8.5 ?

On Thu, Jan 07, 2010 at 03:14:17PM -0500, Chuck Anderson wrote: > On Thu, Jan 07, 2010 at 01:55:21PM -0600, Kevin Hunt wrote: > > I just logged in and 8.5r4.2 seems to be the same build I have now, which is > > prior to 01/2009. > > Anyone gotten any word on a fix for i

Re: [j-nsp] vulnerability fix not available for 8.5 ?

On Thu, Jan 07, 2010 at 01:55:21PM -0600, Kevin Hunt wrote: > I just logged in and 8.5r4.2 seems to be the same build I have now, which is > prior to 01/2009. > Anyone gotten any word on a fix for it ? We don't want to upgrade to 9 > because of the possible removal of the GE-SX-B drivers and the n

Re: [j-nsp] Juniper 10GE XFP

> No, DOM works on SFP on EX4200 with 10.0. > > > On Tue, Dec 15, 2009 at 05:56:42PM -0600, Jay Hanke wrote: > > > > Does it also work on a non uplink module ie EX 4200-24F? Not sure. I don't have any EX 4200-24F's. ___ juniper-nsp mailing list juniper-

Re: [j-nsp] Juniper 10GE XFP

On Mon, Dec 14, 2009 at 03:53:16PM -0600, Jay Hanke wrote: > The EX is a different animal, I think there is only support for DOM > on the XFP ports unlike the MX where it is supported on all the SFP > and XFP ports. Also, I think DOM support is recent (10.0?) on the > EX. No, DOM works on SFP o

Re: [j-nsp] RE0 SNMP Problem

On Sun, Oct 18, 2009 at 03:48:37PM +0300, Walaa Abdel razzak wrote: > Hi > > We have the following config: > > groups { > re0 { > re1 { > apply-groups [ re0 re1 ]; Do you also have a separate master-only IP defined? E.g.: > show configuration interfaces fxp0 unit 0 { family inet

Re: [j-nsp] Testing a new BGP Policy Statement before applying

On Sat, Oct 10, 2009 at 09:08:40PM +0200, Jason Alex wrote: > Dear All, > I have configured a new Policy statement in my configuration , i > want to test it in the current routing table before applying it to a BGP > Peer as an export policy > > In cisco you can test a route-map before

Re: [j-nsp] LX SFP Question

On Fri, Sep 25, 2009 at 08:47:11AM -0500, Richard A Steenbergen wrote: > On Fri, Sep 25, 2009 at 07:32:12PM +0800, ?? wrote: > > You mean DOM(Digital Optical Monitoring)? it will be added to EX in > > 10.0(2009Q4) > > But not for GE, only 10GE. Not true. It works on GE SFPs with DOM support.

Re: [j-nsp] software version to use?

On Tue, Sep 15, 2009 at 04:29:26PM +0200, Matthias Gelbhardt wrote: > Hi! > > At the moment I am configuring a bunch of Js for a customer. What will > be the best practice to choose which version of JUNOS you should use? > Are you using no Release until it reaches R2 or something like that? Do

Re: [j-nsp] ex4200 throughput trouble on 10GE interface

I'm only using Layer2 features, so perhaps that is why I'm not having problems. On Thu, Aug 06, 2009 at 11:16:23AM +0400, Michael Schedrin wrote: > I had issue with bootp helper. It had stopped forwarding packets at the > moment. Also only reboot resolved the problem. >

Re: [j-nsp] ex4200 throughput trouble on 10GE interface

On Wed, Aug 05, 2009 at 11:00:31AM +0200, Malte von dem Hagen wrote: > Hi, > > Michael schrieb: > > I use 9.5R2.7. Very interesting information about 9.3. Where did you hear > > about it? > > we ran into several severe bugs on our EX switches, regarding different > functions (aggregated ethernet,

Re: [j-nsp] router protect policy

On Wed, Aug 05, 2009 at 08:11:58AM -0700, Bill Blackford wrote: > I'm trying to form a router protect policy on an EX3200 that is > being used as a layer3 border device receiving default routes only > (temporary until it's replaced by an M series). I was able to create > a policy that works fine

Re: [j-nsp] EX Feedback

On Tue, Jul 28, 2009 at 09:28:04AM +, Chris Morrow wrote: > > > On Tue, 28 Jul 2009, Michel de Nostredame wrote: > >> As for EX4200, does anyone able to config firewall filter that matches >> "established" flag of TCP? >> We are using EX4200 with JUNOS 9.3R2.8, but not able to do this matching.

Re: [j-nsp] EX Feedback

On Fri, Jul 24, 2009 at 03:05:23PM +0400, Alexandre Snarskii wrote: > Just a note: that 128Gbps looks to me like a 'true marketing number', > because of what ex-series show in cli is 32Gbps: > > s...@switch> show interfaces vcp-0 > Physical interface: vcp-0, Enabled, Physical link is Down >

Re: [j-nsp] EX native-vlan-id for transmitting untagged frames?

>} >native-vlan-id 3980; >} > } > > Some MAC's are present on this interface on native VLAN. > > Tomek > > Chuck Anderson pisze: >> I'm trying to configure a port on an EX4200 to send tagged frames for >> 1 or more VLANs, an

[j-nsp] EX native-vlan-id for transmitting untagged frames?

I'm trying to configure a port on an EX4200 to send tagged frames for 1 or more VLANs, and untagged frames for the "native" VLAN. For example: [edit interfaces ge-1/0/11] unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ 80 92 ]; }

Re: [j-nsp] equal-cost, multi-next-hop static routes

On Mon, Jul 20, 2009 at 11:02:31AM -0400, Joe Abley wrote: > A router of my acquaintance in Toronto has: > > load-balance per-packet; > > The idea is to do some crude load-sharing of outbound traffic from this > router towards 69.165.166.240/28. Both 69.165.167.156 69.165.167.20 are >

Re: [j-nsp] RE - 6. vlan-id 0 (Bit Gossip)

On Fri, Jul 10, 2009 at 01:23:05PM +0200, sth...@nethelp.no wrote: > Is your goal to be able to handle untagged traffic on this link? With > IQ2 PICs (or GigE ports on an MX) you can handle both untagged, single > tagged and dual tagged Ethernet frames on the same link. Forget about > VLAN id 0, th

Re: [j-nsp] Add vlan to multiple interfaces on EX series

On Fri, Jul 10, 2009 at 11:53:13AM +0200, Bjørn Mork wrote: > Seriously though, you should do mass edits. Or edits at all. You > should use an offline configuration system and upload configuration > diffs from these system after following some sort of quality assurance > procedure. Direct edits a

Re: [j-nsp] Rate limit ARP per interface (or JUNOS bug)?

On Fri, May 15, 2009 at 09:36:24AM +0300, Pekka Savola wrote: > On Thu, 14 May 2009, Chris Adams wrote: >> Is this behavior a JUNOS bug or am I supposed to be rate-limiting ARP >> requests (on a per-VLAN basis) somehow? > > I've seen LAN loops etc cause junos problems. That's why you need to > a

[j-nsp] EX4200 dhcp-snooping-file

Has anyone successfully used the EX4200 dhcp-snooping-file feature on JunOS 9.4? I have it configured and it created a zero-length file, but never becomes populated with dhcp snooping binding table information. ___ juniper-nsp mailing list juniper-nsp

Re: [j-nsp] Nantech-juniper-pb

On Sat, Apr 18, 2009 at 03:21:24PM +0100, Mohamed Jrad wrote: > There is no option for configuring Nantech TrafficGen to negotiate > inet-multicast. > The only think Ican do in Nantech is to put the source address, the > destination address, the local AS and the peer-AS. So Nantech TrafficGen is

Re: [j-nsp] Nantech-juniper-pb

On Fri, Apr 17, 2009 at 12:11:42PM +0100, Mohamed Jrad wrote: > I want to use nantech trafficgen to generate thousands of BGP routes. > > “Nantech trafficgen is a software which work on windows, it can generate > thousands of BGP updates with different attributes “ > > The router with which I wor

Re: [j-nsp] Urgently Need Sample of IP Address Plan

On Mon, Mar 16, 2009 at 05:58:34AM -0700, chenoi A wrote: > I need some advised and sample perhaps... I have being searching > net, reading books, get some advise, ARIN/APNIC guide, etc but i > still think i miss the idea. > > i have block of /22. What is the best way to manage and allocate the

Re: [j-nsp] Announcing aggregate route via BGP to peers

On Tue, Mar 03, 2009 at 10:43:02AM -0500, John Center wrote: >> I'm unclear on what you mean here. Do you mean that it is advertising >> 153.104.0.0/16, or that it is advertising all the contributing members >> of that aggregate? >> > It's announcing all aggregate routes being seen, plus the l

Re: [j-nsp] Announcing aggregate route via BGP to peers

On Tue, Mar 03, 2009 at 08:44:30AM -0500, John Center wrote: > What's happening is by specifying the aggregate route this way, it is > appears to be announcing the aggregate of all the ebgp routes it sees: I'm unclear on what you mean here. Do you mean that it is advertising 153.104.0.0/16, or

Re: [j-nsp] route into inactive state

On Thu, Feb 26, 2009 at 09:39:50AM +0200, fighter worker wrote: > actually my case is little difference , iam taking here about full > internet routing table i recieve from BGP peer and i dont want to put > these routes into routing table as i use a static default route with > differenet next hop t

Re: [j-nsp] Upgrade from M10i?

On Tue, Feb 03, 2009 at 02:30:32PM -, Mark Johnson wrote: > We need at least 4 x 10G ports and 8 x 1G ports, IPv4/IPv6, > OSPFv2/OSPFv3, full BGP (peering/transit), no MPLS and that's about it. M120 would be the next step up for M-Series. We have one and are very happy with it. You can do

Re: [j-nsp] REX RTR feature.

On Fri, Jan 30, 2009 at 11:36:15AM -0200, Flavio Schappo wrote: > I´m tring to use RTR feature to test the routing of ip-pools in my B-ras. > We are running about 100 /24 ip-pools and intend to run a test for each pool > 1 time per hour and collect statistics (traps to netcool plataform) Sending t

Re: [j-nsp] copy vpn routes to inet.0

On Tue, Dec 23, 2008 at 07:56:00PM -0500, Chuck Anderson wrote: > On Tue, Dec 23, 2008 at 03:27:13PM -0800, snort bsd wrote: > > Could those routes in the L3VPN table be copied to inet.0? I tried > > to use policy and it doesn't seem to be working: > > Yes, you can

Re: [j-nsp] copy vpn routes to inet.0

On Tue, Dec 23, 2008 at 03:27:13PM -0800, snort bsd wrote: > Could those routes in the L3VPN table be copied to inet.0? I tried > to use policy and it doesn't seem to be working: Yes, you can do that. > term l3vpn->inet.0 { > from { > rib l3vpn.inet.0; > route-filter 100.100.

Re: [j-nsp] cisco "network" command equivalent

On Wed, Nov 26, 2008 at 08:04:30AM -0800, Maurice Gil Cruz wrote: > I just would like to know the equivalent of the cisco command > "network mask " > in juniper. If there is none, I would like to know as to how junos is able to > advertise the routes without declaring the networks/unicast a

Re: [j-nsp] MPLS implicit null question

On Mon, Nov 17, 2008 at 05:56:26PM -0700, David Ball wrote: > This may sound strange, but if I don't explicitly have 'explicit > null' configured under [edit protocols mpls], I'm doing implicit null > by default, right? So adjacent LERs should be sending me label 3 to > instruct me to do penulti

Re: [j-nsp] JNCIA-m/JNCIS question

On Mon, Nov 10, 2008 at 10:12:00AM -0800, Jonathan Brashear wrote: > My JNCIA-M is nearing expiration so I've got to get back on the > saddle to re-up. I'm curious how much the test has changed in the > last 2 years. I know the book I have was at a premium for awhile, > have they updated the t

Re: [j-nsp] JNCIP-M Preparation

On Tue, Sep 23, 2008 at 02:46:05PM +0200, Jens Hoffmann wrote: > in preparation fort he JNCIP-M certification I'm using the "JNCIP Study > Guide" (Harry Reynolds). > But this book is about 5 years old. > Is this book nevertheless useful considering the content of the current > JNCIP certification

Re: [j-nsp] Multihoming servers to two Virtual Chassises

On Mon, Sep 15, 2008 at 11:16:47AM +0200, Tore Anderson wrote: > I'm about to deploy a stack of EX 4200 switches in a new data centre. > My original plan was to make a Virtual Chassis, split it in two stacks > and put those stacks in separate corners of the room, and then let the > servers (run

Re: [j-nsp] Route Reflecting & Next-Hop Self

On Thu, Sep 04, 2008 at 10:08:45PM -0400, Dan Armstrong wrote: > In IOS, if I set next-hop self in a neighbor relationship with an > RR-Client, it sets the next-hop to itself for routes learned from local > eBGP sessions, but leaves the next-hop unchanged for routes that it's > passing on fro

Re: [j-nsp] a simple interface setup question and something regarding layer-2 vpn

On Tue, Jul 01, 2008 at 04:47:34PM -0400, CHEN Xu wrote: > Hi folks, > > I have a stupid question regarding interface setup in juniper configuration. > > interfaces { > fe-0/1/0 { > unit 0 { > family mpls; > } > } > } > > protocol { > mpls { > interface fe-0/1/0.0 > } >

Re: [j-nsp] 3rd party DWDM SFPs

On Thu, Jun 12, 2008 at 10:53:31AM +0200, [EMAIL PROTECTED] wrote: > > The only real gotcha I've hit in Juniper's support for 3rd party optics is > > that they don't expose the actual optic EEPROM contents (with things like > > vendor name and part number) via the CLI. This make it very difficult

Re: [j-nsp] 3rd party DWDM SFPs

On Wed, Jun 11, 2008 at 01:06:26PM -0400, Matt Yaklin wrote: > On Wed, 11 Jun 2008, Chuck Anderson wrote: >> On Wed, Jun 11, 2008 at 06:32:34PM +0200, Jonas Frey wrote: >>> FWLF1613xx are multirate sonet-only SFP's. They can do OC3/OC12/OC48. >>> However they wont

Re: [j-nsp] 3rd party DWDM SFPs

On Wed, Jun 11, 2008 at 06:32:34PM +0200, Jonas Frey wrote: > FWLF1613xx are multirate sonet-only SFP's. They can do OC3/OC12/OC48. > However they wont work with ethernet applications. Actually, it looks like the FWLF1631xx are mult-rate and support Gigabit Ethernet speeds: http://www.finisar.co

Re: [j-nsp] 3rd party DWDM SFPs

On Wed, Jun 11, 2008 at 12:22:35PM -0400, Matt Yaklin wrote: >> Finisar FWLF1631xx 2.67 Gigabit RoHS Compliant DWDM SFP with APD >> Receiver: >> >> http://www.finisar.com/product-124-2.67_Gigabit_RoHS_Compliant_DWDM_SFP_with_APD_Receiver_(FWLF1631xx) > > That choice strikes me as something I would

[j-nsp] 3rd party DWDM SFPs

Does anyone have any experience, good or bad, with using 3rd party DWDM SFPs in M120 or M10i Gigabit Ethernet PICs? Specifically, I'm looking at using these SFPs: Finisar FWLF1631xx 2.67 Gigabit RoHS Compliant DWDM SFP with APD Receiver: http://www.finisar.com/product-124-2.67_Gigabit_RoHS_Co

Re: [j-nsp] Interface Errors

On Tue, Jun 03, 2008 at 12:52:23PM -0400, Brendan Mannella wrote: > Hello, i have a M7i with a FE-4FE-TX, and i am seeing collisions on > the interfaces. I am using two ports of the four, and both are > showing the errors. I am also seeing some FIFO errors. Are these > signs of a faulty PIC or s

Re: [j-nsp] VRRP for IPv6

On Thu, May 22, 2008 at 04:12:54PM -0400, Stefan Fouant wrote: > Does anyone know if and when when Juniper plans to support > draft-ietf-vrrp-unified-spec-02 (Virtual Router Redundancy Protocol > Version 3 for IPv4 and IPv6)? I need it for some IPv6 applications > which need redundancy. It is alr

Re: [j-nsp] 2.5 gig SFP modules?

On Wed, May 21, 2008 at 11:58:35PM +0200, Niels Bakker wrote: > * [EMAIL PROTECTED] (Richard A Steenbergen) [Wed 21 May 2008, 22:54 CEST]: > >Of course it would be remarkably easy for Ethernet to be extended to > >support higher data speeds without any real change in the structure or > >encoding,

[j-nsp] 2.5 gig SFP modules?

Has anyone tried to use 2.5 gig SFP's with Juniper M-series as a drop in replacement for regular 1 gig SFP's? The goal is to be able to have a 2.5 gig link between an M10i and an M120 over a regional optical network. Does this sort of thing work? Thanks, Chuck

Re: [j-nsp] j-series and clusterip / multicast mac addresses

On Tue, May 06, 2008 at 05:22:07PM -0400, Stefan Fouant wrote: > Not really sure but I would think that even with or without IGMP/PIM > enabled on the interface, the router probably doesn't know what to do > with that packet since it doesn't have corresponding IGMP/PIM join > state to match the inc

Re: [j-nsp] j-series and clusterip / multicast mac addresses

On Tue, May 06, 2008 at 04:55:12PM -0400, seph wrote: > I'm playing with linux's ClusterIP behind a couple of j2320 routers. It > works by having several machines share an ip address using a multicast > mac address. However, my j2320's don't seem to like it. > > tcpdump shows they as sending an ar

Re: [j-nsp] weird subinterfaces on T640

On Tue, Apr 15, 2008 at 12:48:05PM +0800, Plz wrote: > Alex, is there any reference about these autocreated interfaces, including > the lo0.16385 as Alain mentioned ? > i googled but got nth. I found this note in: http://www.juniper.net/techpubs/software/junos/junos73/swcmdref73-interfaces/downlo

Re: [j-nsp] J2300 T1 Load balancing

On Wed, Apr 02, 2008 at 02:10:00PM -0500, Peder @ NetworkOblivion wrote: > I have a J2300 running 8.3R1.5 and I am trying to do packet by packet > load balancing over two T1's. I tried the config below that I thought > then { > load-balance per-packet; I know on pl

[j-nsp] JUNOScript SSH sessions on 8.5: compression, hanging on close

Has anyone else experienced issues with their automated scripts making use of JUNOScript over SSH? We just upgraded to 8.5, and we encountered a few issues. 1. The new SSH server cannot negotiate compression properly with the old SSH client in the perl Net::SSH::Perl module that the JUNOScript

Re: [j-nsp] One router/two firewalls config question

st redundant piece of equipment we have. It's funny, > but it looks like it might have been better to have 2 separate boxes! > Then, we could have done VRRP, etc. > > Chuck Anderson wrote: > > The switch would have a single VLAN/subnet for both interfaces to be > >

Re: [j-nsp] family inet|inet6 - best practices

On Mon, Mar 10, 2008 at 05:22:58PM +0100, Jeroen Valcke wrote: > But I was wondering is this the best practise? So leave the configs > under the [firewall] level or split them off to the [firewall family > inet|inet6] level like we plan to do? > Is there a difference if you define the same firewall

Re: [j-nsp] One router/two firewalls config question

> > > John Center wrote: > > Hi Chuck, > > > > The only problem with using a switch is it's a single point of failure. > > I'm not sure how failover would work with each PIX on separate routed > > subnet. I'm looking into this now. > >

Re: [j-nsp] One router/two firewalls config question

On Fri, Mar 07, 2008 at 10:33:42AM -0500, John Center wrote: > interface Vlan376 > description "GE connection to DMZ" > ip address 192.168.1.254 255.255.255.240 > ... > > This way, either firewall can talk to the other & has a common address > to talk to the router. Failover is easy & quick.

[j-nsp] What is pc-2/0/0 Type: PIC-Peer?

On my shiny new M120 running 8.5 I have this "PIC-Peer" interface which was transmitting ~6000 pps / ~30 Mbps until I changed something in the config (not sure what caused it to stop--I can probably go back and correlate the time on the graph to the log in the router to see what changed). Now

Re: [j-nsp] MPLS issue

On Tue, Mar 04, 2008 at 09:05:59AM -0400, Ying Zhang wrote: > On the note of doing 9k frame on the core, for JUNOS, is it just to set > physical interface MTU to 9000? > > #set interface ge-0/0/0 mtu 9000 I generally set the physical interface MTU to 9192 or whatever the maximum supported value

Re: [j-nsp] SSH attack

On Wed, Feb 20, 2008 at 04:15:04PM -0400, Ying Zhang wrote: > Hello, all, > > On our Juniper router, we constantly see people trying to connect > through SSH. I've tried everything I can find to eliminate it. The > following is what I've done so far. Just wondering if there is a > better way to

Re: [j-nsp] SNMP and BGP prefix limit

On Tue, Feb 12, 2008 at 12:22:56PM +0100, Tomasz Klicki wrote: > Hi, > does Juniper support receiving via SNMP configured limits of prefixes for > BGP sessions? I can't find it in any of MIBs or Google. No, Juniper's SNMP implementation is read-only for statistics gathering. Instead of SNMP, Ju

Re: [j-nsp] Spam on extreme-nsp

On Fri, Jan 04, 2008 at 09:00:31AM -0500, Jared Mauch wrote: > I just caught someone else.. what they're doing is subbing to > the list (actually a lot of lists on puck) and there was that blogger > crap and just now there was some [EMAIL PROTECTED] address. > > sigh. > > hard t

Re: [j-nsp] Will PE-2OC3-SON-SMIR work in a M120?

On Tue, Dec 11, 2007 at 10:30:24PM -0600, Chris Adams wrote: > Once upon a time, Benny Sumitro <[EMAIL PROTECTED]> said: > > The PIC for M10i can only be reused for M5, M10 and M7i. For M120 PIC can > > only be interchangeable with M40e, M160, M320 and T series. > > See also: > > http://juniper.c

[j-nsp] Will PE-2OC3-SON-SMIR work in a M120?

I'm upgrading my M10 to an M120. I currently have an OC-3 circuit that will be going away soonish, so I'd rather not buy the new PB-4OC3-SON-SMIR (needs Type1 FPC) that was quoted for the M120. Can I reuse the PE-2OC3-SON-SMIR PIC I have currently in the new M120? What type of FPC would it li

Re: [j-nsp] GE/10GE link-mode config on M/T-series has no effect

On Tue, Dec 11, 2007 at 12:00:50PM -0500, Richard A Steenbergen wrote: > On Tue, Dec 11, 2007 at 08:21:53AM -0500, Chuck Anderson wrote: > > It is a requirement of the GigE standard to do autonegotiation. > > Turning it off would be a violation of the standard. Besides, when &

Re: [j-nsp] GE/10GE link-mode config on M/T-series has no effect

On Tue, Dec 11, 2007 at 03:17:17PM +0200, Pekka Savola wrote: > Just as a heads-up, apparently GE/10GE 'link-mode full-duplex' > configuration on M/T-series routers has no effect, the interface stays > with auto-negotiate. > > Some versions of current software report warnings on commits to syslo

Re: [j-nsp] load balancing between juniper routers for unequal cost path

On Thu, Nov 08, 2007 at 08:39:23AM -0800, Hamid Ahmed wrote: > 2) You are giving the explanation for equal cost paths. However in > my case there are two unequal cost paths. So my question still how > can u do that in using unequal cost paths ? > 3) Please explain when u say the followi

Re: [j-nsp] Virtual Router

On Wed, May 30, 2007 at 12:21:50PM +0800, wang yi wrote: > I have put some physical interface into my logical router. When I telnet to > it even with the logical router argument, I still get into the physical > router. How can I allowing people to telnet/ssh to the logical router so > that the use

Re: [j-nsp] RE 333-768 and RE 600-2048

On Wed, May 23, 2007 at 10:52:08PM -0600, David Ball wrote: >I have a couple of old m10s with 512MB in the lab running 8.2R1.7 > on RE-2s (aka. RE-333-768s as you mentioned above). No full/global > routing tables on them at present, but they 'do' run the code fine, > even without being full of

Re: [j-nsp] L2circuit local-switching

On Fri, May 11, 2007 at 10:25:17AM +0200, [EMAIL PROTECTED] wrote: > Same limitations as vlan-ccc - so you need VLAN id >= 512 unless you have > IQ PIC or modern SFP-based PIC. > > We use l2circuit local-switching quite a bit, works for us. Never tried > with an aggreated interface though. We hav

Re: [j-nsp] Exporting inet.0 BGP routes into a VRF instance

I'm getting a 404 on the URL below. Does anyone have a copy of L3VPN_migration.zip that they can share? Thanks. On Thu, Mar 16, 2006 at 10:00:43PM +0100, Andre Stiphout wrote: > > Nice example on inet.0/vrf route exchange: >

Re: [j-nsp] BGP Origin Issue

On Thu, Apr 19, 2007 at 04:17:53PM -0400, Warren Kumari wrote: > I would suggest checking that you are really getting all the routes: > show route receive-protocol bgp detail > show route protocol bgp all detail > > and look at the State: and Inactive reasons: Also, see if you have any hidden r

Re: [j-nsp] Load Balancing via BGP outbound at Colo

On Thu, Mar 15, 2007 at 02:28:20PM +0200, Tim Nagy wrote: > You'd like to send and receive all traffic on the links to ISP #1 except for > traffic that terminates in ISPs #2, #3, #10, or #20. Is that correct? > > For inbound, things are more complicated. The only way that you can really > influen

Re: [j-nsp] junoscript load-configuration w/restricted login account

On Thu, Mar 01, 2007 at 02:47:53PM -0800, Lei Zhang wrote: > Chuck Anderson wrote: > > > > > > > > > > > > > BAR > > > > > > > > > > > > > >This appears to succeed (no errors on commit) but has no effect

[j-nsp] junoscript load-configuration w/restricted login account

I'm trying to use Junoscript with a restricted login account to modify a prefix list. Here is the restricted account configuration: class foo-class { permissions [ configure view ]; allow-commands junoscript; allow-configuration "policy-options prefix-list BAR"; } user foo { uid

Re: [j-nsp] BGP session to self over loopback interface?

On Wed, Feb 07, 2007 at 09:12:09AM +0100, Sabri Berisha wrote: > -If- I understand you correctly, this example might help: > > routing-options { > aggregate { > route 195.16.84.0/22 community 31064:500; > route 194.126.235.0/24 community 31064:500; > } > router-id 194.1

Re: [j-nsp] BGP session to self over loopback interface?

> On Feb 6, 2007, at 6:22 PM, Chuck Anderson wrote: > >Can I create a BGP session from/to a loopback interface on the same > >router? I want to originate routes into my local BGP table so that I > >can apply the same export policies locally that I apply on the other > &

[j-nsp] BGP session to self over loopback interface?

Can I create a BGP session from/to a loopback interface on the same router? I want to originate routes into my local BGP table so that I can apply the same export policies locally that I apply on the other routers in my I-BGP mesh. ___ juniper-nsp mai

<    1   2   3   4