needed for creating virtual
> interfaces?
>
> Thanks.
>
> Robert
>
> On Sat, Apr 18, 2009 at 7:08 PM, Robert Kern wrote:
>>
>> Thanks guys for your answers.
>>
>> BR
>>
>> Robert
>>
>> On Sat, Apr 18, 2009 at 5:48 PM, Erdem Sen
Hi,
AFAIK lt- interfaces are treated like any other interface from a
firewall/policer and CoS perspective; e.g:
unit 0 {
encapsulation ethernet;
peer-unit 1;
family inet {
policer {
input policer_500meg;
output policer_500meg;
}
address
indeed, instance-import and instance-export are not supported in VRF instances:
http://www.juniper.net/techpubs/software/junos/junos93/swconfig-routing/configuring-policy-based-export-for-routing-instances.html#id-10898843
However, for non-vrf instances, it's much simpler to implement.
Cheers,
E
Hello,
Although you can't put fxp in a different routing instance, you could
put it in a logical router.Of course, you'll need to copy any static
routing or relevant
stuff to that logical router too.
HTH,
Erdem
On Mon, Feb 16, 2009 at 3:27 PM, Eric Van Tol wrote:
>> So probably its is better t
Hi Mohammed,
Max number of ECMP next-hops is 16.
Cheers,
Erdem
On Mon, Nov 17, 2008 at 1:19 PM, Mohamed Salaheldin
<[EMAIL PROTECTED]> wrote:
> Dear All
>
> I was wondering what is the maximum number of links that we can used
> in ECMP load balancing on a T-series router
>
> Thanks
>
Hello,
As far as I know, the activate/deactivate knobs are tied to user's
permissions; meaning that if an user can edit a level of the
configuration
he/she can also always use activate/deactivate; since they're not
really 'commands' from that perspective. (again, I may be wrong)
Another option
Hi,
TFTP is not supported in JUNOS, supported copy methods are
ftp,http,scp or 'file' knob which stores a copy of the file locally
If you like, you can also automate this task (or tie to each commit).
You might want to use the URL below as a starting point:
http://www.juniper.net/techpubs/sof
Hi Juan,
On top of Truman's suggestion, I'd say you might want to think about
different 'default' behaviors between IOS and JUNOS; such as
sending/receiving communities. Unlike IOS, JUNOS will send the
community information on bgp updates by default, so if you'd like to
'keep your communities to
Hi Andrew,
AFAIK there is not a direct equivalent in JUNOS. You may however want
to check following URLs for much complex
'alias' creation (op scripts) and other automation options.
http://www.juniper.net/techpubs/software/junos/junos92/swconfig-automation/automation-scripts-overview.html#id-117
Hey Otto,
You need to add "firewall-control" to your class' permissions, and
you should be fine.
Cheers,
Erdem
On Thu, Aug 14, 2008 at 1:49 PM, Otto Kreiter <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I'm trying to create a user with limited rights to access a single firewall
> filter in the firewall
Stefan,
Indeed, you could maybe try to configure a class like this:
class engineering {
permissions all;
allow-commands "^commit check|commit comment|^commit synchronize
comment|commit confirmed comment";
deny-commands "^commit$";
}
this might do what you want, with two exceptions:
Also, the service PICs (monitoring/adaptive/ms-) would only be a MUST
if you want to export the records to a cflowd server with version9 format.
Cheers,
Erdem
On Sat, Jul 19, 2008 at 10:17 AM, Stefan Fouant <[EMAIL PROTECTED]> wrote:
> Nope you can do flow export without the Monitoring/AS/MS-PIC
Hello,
IIRC, there are two bundles of M7i: either on-board Gigethernet OR
ASM (services module).
So, it doesn't necessarily mean that all M7i's would have built-in
tunnel functionality. The best way would be
to do a 'show chassis hardware' on the M7i and look for something like:
PIC 2
Hi,
You may also want to edit your input policy and refine this ANYof
yours a little, such as:
- reject prefixes that are smaller than /24
- reject private addresses
- delete community information that is used (has a meaning) within
your network from the prefixes you receive,
so that you won't _
Hi,
On J-Series, ls- interfaces behave the same way as lsq- interfaces on
M/T platforms:
http://www.juniper.net/techpubs/software/junos/junos83/swconfig83-services/html/lsq-config21.html
HTH
Erdem
On Wed, Jun 25, 2008 at 4:43 PM, Stefan Fouant <[EMAIL PROTECTED]> wrote:
> I think the naming is
Hi Brendan,
Are you sure you have a valid route to these destinations and/or your
lo0.0 filter doesn't block NTP requests?
HTH,
Erdem
On Wed, Jun 25, 2008 at 3:29 PM, Brendan Mannella
<[EMAIL PROTECTED]> wrote:
> Hello,
>
> I am trying to use the command, ³ set date ntp² on my M7i to update the
Hi Beny,
You're logging 'kernel any' two times in your config (both 'messages'
and 'new_log'.
I'm not sure if you would really need 'kernel any', 'pfe any'
locally, maybe you'd like to move
those statements to syslog server?
HTH
Erdem
On Sat, Jun 21, 2008 at 6:33 PM, Beny D Setyawan <[EMAIL
Hi Beny,
Also a general approach would be that you don't shouldn't need active
traceoptions during normal
operation. I would say the traceoptions are more troubleshooting
assistance than logging tools.
That said, I would also suggest to have a syslog server and have most
of the information sent
configuration {
> permissions all;
> }
> user temp {
> uid 2002;
> class configuration;
> authentication {
> encrypted-password "$1$F19g3YxD$APH9R1PpLWfEalP6mnU8W."; ##
> SECRET-DATA
> }
> }
>
> it's solved when rebooted perfectly
CTED]>
wrote:
> On Wed, Jun 18, 2008 at 11:56:46PM +0200, Erdem Sener wrote:
>> Hello,
>>
>> Current JUNOS versions only support CLI commands to be triggered via
>> op/event scripts. This means that you can't
>> currently trigger a configuration change
Hello,
Current JUNOS versions only support CLI commands to be triggered via
op/event scripts. This means that you can't
currently trigger a configuration change (delete route, deactivate
neighbor, change localpref etc) based on those.
Altering of the configuration via op/event scripts will be su
Hi Amin,
It sounds like PR/251722, and the strange is that none of the
versions you're using are affected.
Can you do a 'commit full' after you boot the box with 8.5R3.4 and see
if the problem's still happening?
Cheers,
Erdem
On Wed, Jun 18, 2008 at 3:01 AM, amin amin <[EMAIL PROTECTED]> wrote
You could maybe try to enable md5 auth for ISIS, which would serv as a
protection mechanism
as well for packet corruption.
HTH
Erdem
On Tue, Jun 10, 2008 at 3:59 PM, <[EMAIL PROTECTED]> wrote:
>
> Hi all,
>
> I encountered some problems to established ISIS between a T640 and a
> Redback SE800 th
Hi Andrew,
If ever you upgrade to 9.0+, you could use 'indexed-next-hop' knob:
http://www.juniper.net/techpubs/software/junos/junos90/swconfig-policy/indexed-next-hop.html
Following may also be interesting for you:
http://www.juniper.net/techpubs/software/junos/junos90/swconfig-policy/per-pref
Hi Matthew,
CDP, along with other Cisco proprietary protocols, is treated as a
multicast packet and forwarded to all the ports
within the vlan on EX boxes. It obviosly is not originated and/or terminated.
HTH
Erdem
On Wed, May 28, 2008 at 7:55 AM, matthew zeier <[EMAIL PROTECTED]> wrote:
>
Hi Mike,
hold-time does exactly what the documentation states; meaning that
instead of immediately bringing the interface
down, it waits as much as your hold time 'down' counter before making
the interface down and as much as your 'up'
counter before marking a down interface as up.
For example,
Hi Runt,
There shouldn't be any problems for both RSVP+LDP running
simultaneously. That said ,I'd suggest to rather
leave the ldp metric alone until you've done configuring LDP on all
the routers, since even with your LDP up
RSVP will have preference over the next-hops anyways.
Once you have yo
Hi Stefan,
Your groups configuration will match _all_ the interfaces at this
point already:
groups {
Management {
interfaces {
<*> {
What you're trying to do is possible via commit scripts, where you
can check for special condition/conditions
and take action (alter configu
Hi Stefan,
The SNMP indexes in JUNOS are consistent between reboots by default.
Thanks,
Erdem
On Thu, Apr 10, 2008 at 5:38 PM, Stefan Fouant <[EMAIL PROTECTED]> wrote:
> Hi folks,
>
> Does Juniper have a knob similar to Cisco which can enable ifIndex
> interface persistence, or is this enab
Hi,
You need to configure as 'qualified-next-hop', like:
route 172.29.0.0/24 {
next-hop 10.0.0.2;
qualified-next-hop 172.16.0.2 { ###
preference 10;
}
}
}
Erdem
On Wed, Apr 9, 2008 at 10:06 AM, Farhan Jaffer <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I am
Hi Jonas,
It seems to me your configuration database is corrupted since 'clear
system commit' is not working properly, which should.
Here's something else you can try. Be *VERY* careful though since
this process will erase your configuration
at some point, so I suggest you back it up in your wo
FWIW, I'd configure all ethernets with MTU 1600 as a policy and never
think about MTU again.
(including any switches in the middle as said)
Erdem
On Mon, Mar 3, 2008 at 5:11 PM, Mark Tinka <[EMAIL PROTECTED]> wrote:
> On Monday 03 March 2008, Ying Zhang wrote:
>
> > we are having a wired MPLS pr
Hey Ovais,
You're missing the 'template' user, as described in the following urls:
http://www.juniper.net/techpubs/software/junos/junos84/swconfig84-system-basics/id-10615692.html#id-10615692
http://www.juniper.net/techpubs/software/junos/junos84/swconfig84-system-basics/id-10674699.html#id-1067
Hey wang,
Assuming you're asking for a way to import set routing-options static
route ... commands
from a juniper router that has full table, here's something you can do
(although it's probably
not the most 'elegant' way)
router> show route protocol bgp terse | match \* |save bgp-routes
router>
Hi Scott,
You can check Juniper website:
http://www.juniper.net/techpubs/software/junos/junos84/syslog-messages84/html/part-messages.html
As per your example, I'm guessing you have something like 'kernel any'
(or any any???) somewhere in your syslog
configuration and you're having this inform
Hi Servet,
In order to apply different scheduler-maps for various subinterfaces
under the same physical port; you
will need IQ functionality (IQ PIC). If you have a 'regular' ethernet
port, then you can specify different classifiers
for different subinterfaces, but you will need to use the same
s
R4.3]
> JUNOS Kernel Software Suite [7.6R4.3]
> JUNOS Packet Forwarding Engine Support (M5/M10) [7.6R4.3]
> JUNOS Routing Software Suite [7.6R4.3]
> JUNOS Online Documentation [7.6R4.3]
> JUNOS Crypto Software Suite [7.6R4.3]
>
> [edit]
>
>
>
> > -Original
Hi,
Different units of the same physical interface cannot be in
different logical routers. You can configure vlans in a logical
router, but the whole physical port has to be assigned.
Cheers,
Erdem
On 9/19/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> Can the interfaces be logical interfa
Hi,
Apart from GRES, please be advised that if you configure 'graceful
restart' under routing options, rpd will restart upon commit to make
your change effective.
Cheers,
Erdem
On 9/19/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> Thanks everybody..
>
> We don´t have this statement
>
> re
gt; Just my 0.02 cents.
>
> Kind Regards,
> Louis
>
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Erdem Sener
> Sent: 2007年9月17日 14:30
> To: rendo
> Cc: juniper-nsp@puck.nether.net
> Subject: Re: [j-nsp] M120 hardware c
ote:
> Hi Erdem,
>
> PSN-2007-0-023 seems only valid for M5, M10, M20, M40, M40e, M160, M320,
> J20.
> Does it mean there is no limitation for M120?
>
> Thanks.
>
> -rendo-
>
> On 9/17/07, Erdem Sener <[EMAIL PROTECTED]> wrote:
> >
> > Hi Rendo,
>
Hello,
You should never configure the following interfaces they're
internally used for several hardware communication.
fxp1 / bcm0 : communication to forwarding engine.
fxp2 / em0 : communication between two routing engine in supported
platforms with two routing engines.
That said, what happe
Hi Rendo,
Juniper Technical Bulletin PSN-2007-01-023 summarizes the PIC
combination notes for different platforms (FPCs).
Cheers,
Erdem
On 9/17/07, rendo <[EMAIL PROTECTED]> wrote:
> Hi,
>
> Just wondering, does someone here know about the hardware configuration
> limitation in M120? Or maybe
Hey Pekka,
The apply-path feature will only act as a regular expression and will
never alter your configuration, only expand itself dynamically based
on your current configuration and the filtering you've configured.
If you want to 'correct' your configuration based on certain
additional (cust
Hi Pekka,
The following works for at least 8.2:
[edit policy-options]
[EMAIL PROTECTED] show prefix-list p1
apply-path "interfaces lo0 unit 0 family inet address <*>";
[edit policy-options]
[EMAIL PROTECTED] show prefix-list p1 | display inheritance
##
## apply-path was expanded to:
## 10.0
Hi,
What's your platform and JUNOS?
Erdem
On 9/5/07, Ras <[EMAIL PROTECTED]> wrote:
> I've just tried to set a port on an PE-4FE-TX to 10m (set interfaces
> fe-0/0/1 speed 10m). This works fine on our PE-12FE-TX and the 'commit
> check' says all is well, but when I commit I get:
>
> /kernel: %KE
typo:
'monitor traffic interface a/b/c' or 'monitor traffic interface
a/b/c.x' command.
Sorry for multiple emails,
Erdem
On 9/5/07, Erdem Sener <[EMAIL PROTECTED]> wrote:
> Hi,
> If you are pinging _from the router_, you should be able to see your
> icmp tr
Hi,
If you are pinging _from the router_, you should be able to see your
icmp traffic with 'monitor traffic a/b/c.x' command.
If rip updates are all you see, I'd say you're using another egress
interface than ge-0/0/1 for your destination.
You may check this with show route x.x.x.x and see you
Just a comment:
although this configuration will work as is, I'd suggest to use the
knob 'next term' as a second 'then' action for tag_connected term.
(In this example, since you're actually only adding a community
without any accept/reject action, you don't need it.)
On 8/10/07, Eric Van Tol <[
Monika,
I would say establishing neighborships, tunnels etc. with router
id's/loopbacks is generally a good idea, unless you need to otherwise
for a very good reason.
Doing so should not only let you easily use alternate paths between
your P/PE routers as mentioned before but also keep 'clean'
Youssef,
As long as you have a route information towards your tunnel
destination (including the default 0/0), your interface will stay up
since there are no GRE keepalive mechanisms.
As a workaround against link failures, I would suggest configuring a
dynamic routing protocol using tunnel inter
Hi Alex,
Any filters on [edit forwarding-options family inet] level ? Any
recent changes prior to this incident?
Cheers,
Erdem
On 6/24/07, Alex Campbell <[EMAIL PROTECTED]> wrote:
>
> Hi all,
>
> I'm seeing some strange behaviour on a J4350 running 8.2R2.4, and I'm
> hoping someone can cast som
ic route with discard?
> The route will be propagated throughout the whole VPN wouldn't it?
>
> --
> Leigh
>
>
> Erdem Sener wrote:
> > Here are the limitations:
> >
> > http://www.juniper.net/techpubs/software/junos/junos83/swconfig83-vpns/id-10993840.
Here are the limitations:
http://www.juniper.net/techpubs/software/junos/junos83/swconfig83-vpns/id-10993840.html
Cheers,
Erdem
On 6/19/07, Manu Chao <[EMAIL PROTECTED]> wrote:
> AFAIK vrf-table label only work on a broadcast interface
>
>
> On 6/18/07, Amos Rosenboim <[EMAIL PROTECTED]> wrote:
Hey,
You need to use eighter vrf-table-label in the routing instance, or
configure a vt- interface with family inet and mpls (no addresses) and
put it in the instance to have your 'direct' route(s) installed in
your mpls cloud.
Please note that you'll need a services pic for vt- interface.
Ch
ter with this config and never see
> any
> log messages in any of the message files or on our syslog server.
>
> % zcat /var/log/messages*.gz | grep -i bgp
> %
> % grep -i bgp /var/log/daemon
> Sep 9 10:34:36 host.name mgd[4421]: UI_COMMIT_EMPTY_CONTAINER: Skipped empty
> objec
Hi Jared,
You should see you neighbor going down in your 'messages' file at
least based on the configuration you've sent.
Are you trying to have this information somewhere else?
Thanks,
Erdem
On 6/13/07, Jared Gillis <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I manage a number of M40 routers runn
Hi Sergey,
4 byte ASN is currently no supported in JUNOS.
HTH
Erdem
On 5/29/07, Sergey <[EMAIL PROTECTED]> wrote:
> Hello.
>
> Has JunOS supported as4byte now ? Which version can I need ?
>
> --
> Regards,
> Sergey
> ___
> juniper-nsp mailing list jun
also be an option. It
really depends much on your current setup, exact need and your billing
system.
Cheers,
Erdem
On 5/24/07, TCIS List Acct <[EMAIL PROTECTED]> wrote:
>
>
> Erdem Sener wrote:
> > In case you're monitoring on a interface basis, and just the in/out
>
In case you're monitoring on a interface basis, and just the in/out
octets, I would aggree that SNMP is the way to go and using sampling
would just be complexing things unnecessarily.
However, if you not only need the interface counters but want to have
information on flows (e.g traffic from/to a
suggest using a services PIC, along with a very
good collector (maybe a database supported flow server)
Cheers,
Erdem
On 5/23/07, TCIS List Acct <[EMAIL PROTECTED]> wrote:
>
>
> Erdem Sener wrote:
>
> > You can technically do sampling without a services pic but in thi
Hi,
No, not all the M7i's come with an integrated ASM (Adaptive
Services Module). Some are bundled with on board GE interface, some
are bundled with ASM and some are 'plain', so to speak.
You can check which one you're logged in with 'show chassis hardware'
and see what you have on FPC1 PIC
Hi Juan,
Please check https://www.juniper.net/customers/csc/software/ and
http://www.juniper.net/techpubs/software/junos/junos82/swconfig82-net-mgmt/html/snmp-config.html
(you'll need to be a registered customer for the first one)
HTHs,
Erdem
On 4/27/07, Juan C. Crespo R. <[EMAIL PROTECTED]>
Hi,
For various versions, you can always use scp to fetch the config/diff
from a remote server like:
[EMAIL PROTECTED] load merge [EMAIL PROTECTED]:whatever.txt
(you will be asked for [EMAIL PROTECTED]'s password)
For an overview of available options, please see
http://www.juniper.net/techpub
Or,
you can use firewall filters that do rate-limiting on different units.
My point stands if you want to do CoS on these units. (sorry for the
'reply-before-reading' act) :)
Cheers,
Erdem
On 4/26/07, Erdem Sener <[EMAIL PROTECTED]> wrote:
> Hi Jose,
>
> You need
Hi Jose,
You need IQ pic to configuer 'per-unit-scheduler' (which is what
you're looking for)
Cheers,
Erdem
On 4/26/07, Jose Sanchez <[EMAIL PROTECTED]> wrote:
> Hi,
>
> Does anybody know if I can rate limit (ingress and egress) per VLAN in a
> Gigabit Ethernet Interface.
>
>
> Thank you
>
> Be
Hi Dave,
Just configure another rib-group on the opposite direction (with
keeping in mind that you need 'direct' routes for next-hop
availability) and you should be fine.
For example:
routing-options {
rib-groups {
Vrf_X-to-inet-default {
import-rib [ Vrf_X.inet.0 inet.0 ]
gt;
> Regards
>
> Amos
>
> On Apr 1, 2007, at 11:18 PM, Erdem Sener wrote:
>
> > Hi Amos,
> >
> > As per Harry's suggestion, you may use a vt interface (you need a
> > tunnel or other services pic for that)
> >
> > If you have a tunn
Hi Amos,
As per Harry's suggestion, you may use a vt interface (you need a
tunnel or other services pic for that)
If you have a tunnel/services PIC on the box, you can see a vt-
interface on 'show interfaces terse' command.
Then all you have to do is configure a unit with family inet (no ip
a
a little remark:
adding 'no-export' community to your advertised routes to ISP #x will
guarantee that ISP #x won't advertise these prefixes to any of its
ebgp peer, meaning "his peers won't use ISP #x to get to you".
On the other hand, this doesn't mean that ISP #x will certainly use
its direct l
Hi Juan,
Did you try with I2J tool on Juniper website with whole config?
https://i2j.juniper.net/release/index.jsp (you'll need to be a
registered customer)
If you provide more snippets of configuration (like interfaces
belonging to VRF, your bgp import/export policies) I'll try to help
more.
Hi Georgi,
On the logs:
Feb 27 10:34:37 Ruse-R-Edge rshd[7431]: [EMAIL PROTECTED] as root: cmd='rcp -T
-t /vat/tmp/juniper.conf1.gz'
I believe there's a typo "/vat" here, which might cause the problem.
Can you please check ?
Cheers,
Erdem
On 2/28/07, Georgi Yalamov <[EMAIL PROTECTED]> wrote:
Hi,
Can you try with disabling the name-server configuration (if you any)
and see if it makes a difference?
On 2/22/07, Vesselin Kostov <[EMAIL PROTECTED]> wrote:
> Hello All,
>
> We have problem when commiting the configuration after we upgraded to JUNOS
> 8.1R1.5.
>
> It is taking about 8 mi
Hi Jeorg,
Starting with the 'obvious' is always a good idea :)
What other events are taking place on the router at the same time of
(or prior to) relatively high loads? Any link flaps, neighborships
going down/up etc?
Also, you may check whether this is a particular issue (every n time)
or no
Hi,
It's (at least for me) hard to guess without relevant configuration
information for your 'core' interfaces and protocols
mpls/rsvp/ospf/is-is section.
The reason CSPF information is missing is usually eighter reservation
problems (not enough bandwith). Also, if you're using OSPF as igp for
will something like " show interfaces terse | match -0/1/ | match
down" work for you ?
(assuming that the PIC is in FPC0/Slot1
On 1/23/07, Josh L. Richesin <[EMAIL PROTECTED]> wrote:
> I have a bunch of t1's ds3's and oc3's hanging off of this interface.
> Is there a command that would show me wh
Hi,
you can do a ' show | compare' , if that's the information you're looking for.
HTH
On 1/23/07, Aamir Amin <[EMAIL PROTECTED]> wrote:
> Hi Guys,
>
>
>
> Is there a way of showing configuration that hasn't been committed?
>
>
>
> thanks
>
> ---
> The information in this email and any
Hi,
I would go with a firewall filter that accepts certain types of
traffic with multiple terms, and discards anything else with a last
'then discard' term.
Of course, such filter would require careful planning.
On 1/23/07, Alexander Serkin <[EMAIL PROTECTED]> wrote:
> hi, all.
> Please hel
Hi,
You can do a 'show log user' and see at least if the reboot was
initiated by a user, if there's no information on messages file.
such as:
[EMAIL PROTECTED]> show log user
lab ttyp010.10.1.34 Fri Jan 12 21:06 -
21:06 (00:00)
lab ttyp010.10.1.22
79 matches
Mail list logo