On Fri, Oct 28, 2016 at 2:29 PM, Roger Wiklund
wrote:
> Thanks, have you tested this? What happens to traffic/sessions on the
> link? Is it non disruptive, or at least less disruptive than disabling
> the interface?
>
Yes, I did.
You must also disable it on the remote peer at the same time (clo
On Fri, Oct 28, 2016 at 12:53 PM, Roger Wiklund
wrote:
> Hi
>
> Is there a way to remove one interface from an AE without disabling
> the interface?
>
> I was thinking about removing the 802.3ad aeX config from the
> interface but I have not tried it yet.
>
You configure the interface to not be
Yes, it is; and it is quite cheap.
For RR purposes, it will set you back only around $1,000 + hardware costs.
VMX-100M, 100M perpetual license. Includes all features in full scale.
Includes port based queuing and per-vlan queuing, 750 USD
You have to add support costs to the price to reach my es
The PFE forwards the packets, it doesn't matter if the switch is running
only Layer2 things.
If you run Layer2 only, then just enable non-stop-bridging so when things
go weird, the other switch will become active RE but without taking a hit
on the forwarding plane.
Regards,
Eugeniu
On Fri, Apr 1
If memory serves me right, the 5% bandwidth is actually prioritized when
you do something on the switch via SSH/Telnet/J-Web so that in case your
switch is running line-rate, you can actually log into it.
Also, disable flow-control, it's not helping.
Regards,
Eugeniu
On Wed, Oct 15, 2014 at 2:49
On Tue, Sep 23, 2014 at 7:11 AM, Ben Dale wrote:
>
> Love your work Phil : )
>
> That's a heck of a lot simpler/cleaner than the recursive monstrosity I've
> been putting together!
>
> Changes have been pulled into github, so if you're running 11.4 or
> earlier, give it another try now.
>
>
Wee,
On Mon, Sep 22, 2014 at 4:24 PM, Phil Shafer wrote:
> Ben Dale writes:
> >> https://github.com/dfex/DFEXjunoscripts/blob/master/show-bgp-neat.slax
>
> Very cool!
>
> >Hey Phil, when can we have git native in Junos?! ; )
>
> How about:
>
> op url
> https://raw.githubusercontent.com/dfex/DFEXjunos
On Tue, Aug 12, 2014 at 11:21 PM, Laurent CARON
wrote:
> On 12/08/2014 22:15, Darren O'Connor wrote:
>
>> You mean to say you're not using /64 on your subnet?
>>
>
> Is it a crime ? ;)
>
Is this fixed in any release? I'm planning on using a pair of SRX240 to do
just that - IPv6 VRRP.
Thanks.
__
I am also interested in experiences with the EX4300s in the same kind of
setup.
Thanks.
On Sat, Aug 2, 2014 at 6:13 AM, Paul S. wrote:
> Hi folks,
>
> We're considering the EX4300 to run routing (l3) for a few hypervisors of
> ours that are connected via l2.
>
> Primarily interested due to the
On Sat, May 17, 2014 at 11:55 AM, Mark Tinka wrote:
> On Friday, May 16, 2014 09:20:50 PM Saku Ytti wrote:
>
> > bill-of-material, pincount, thermal might be argument,
> > they are SOC so you get everything nicely in single
> > package.
>
> I know Juniper are not thinking of anything more powerfu
On Fri, May 16, 2014 at 10:04 PM, Saku Ytti wrote:
> On (2014-05-16 11:58 -0700), Tyler Christiansen wrote:
>
> > I don't have experience with the MX104s but do with the rest of the line
> > (MX80 to MX2010 [excluding MX104, of course]). MX80 isn't dual RE, but
> the
> > CPUs are the same family
On Sun, Feb 23, 2014 at 4:47 PM, Mohammad Khalil wrote:
> Hi all
> I got the below log message on one of my EX4200 switches
> Feb 23 16:00:10 B-AM022 login: LOGIN_PAM_AUTHENTICATION_ERROR: PAM
> authentication error for user cusadmin
> Feb 23 16:00:10 B-AM022 login: LOGIN_FAILED: Login failed f
Juniper recommends running 12.3R3.4 on EX4200, EX2200. You seem to be
running very bleeding edge code.
Can you try downgrading and see if the problem goes away ?
On Mon, Jan 6, 2014 at 11:15 AM, Maarten van der Hoek wrote:
> Hi Laurent,
>
> Had almost exactly the same this morning when I came
On Thu, Jan 2, 2014 at 11:18 PM, giovanni rana wrote:
> Ahahah that was just an example ;)) And of course i can put another
> standard L2 switch between the hosts and the qfx3500 which aggregates all
> the hosts and goes to the qfx3500 with a single 10ge port, if I don't mind
> about oversubscr.
On Thu, Jan 2, 2014 at 8:10 PM, giovanni rana wrote:
> I do, but how big is my DC is not relevant, like being flat or non flat
> does not matter...Since the data sheet clearly says 1.536.000 Mac addresses
> are supported, I need to understand if we are talking of unique Mac
> addresses or that's a
On Thu, Jan 2, 2014 at 4:20 PM, giovanni rana wrote:
> Even in the case you mentioned the node shall be able to keep a table
> where there's an index Made by 1536k entries. I can understand that some
> memory can be saved by using a vpls style approach, but if I got 1536k VMs
> with unique and Mac
On Tue, Dec 24, 2013 at 7:50 PM, Herro91 wrote:
> Hello J-NSP and Nanog members
>
> Hopefully this is the right forum for this discussion - if not my apologies
> for further clogging your inbox.
>
> Here it goes:
>
> Would you consider use of JSAM/WSAM to selectively proxy and tunnel certain
> ap
On Mon, Dec 23, 2013 at 9:49 AM, Skeeve Stevens <
skeeve+juniper...@eintellegonetworks.com> wrote:
> Hey all,
>
> I need to be able to re-write/translate/swap a VLAN on one trunk port out
> another trunk port.
>
> This document:
>
> http://kb.juniper.net/InfoCenter/index?page=content&id=KB16755&ca
On Fri, Dec 20, 2013 at 1:20 PM, wrote:
> > The successor for the J series is the ACX series but you need to skip the
> > lower end models as for some weird reason they come with E1 interfaces
> > stuck on them.
>
> Um, why do you believe the ACX is the successor for the J series? The
> ACX is a
On Fri, Dec 20, 2013 at 1:11 AM, Tom Storey wrote:
> Yeah I did see this, but Im looking to avoid flow mode on the whole.
>
>
On a J4350 with 2GB of RAM in packet mode I am able to push around 1Gbps
Enterprise IMIX traffic with 4 full routing tables for IPv4 and full
routing (~17K routes or so) I
On Thu, Dec 19, 2013 at 4:25 PM, Tom Storey wrote:
> Hi everyone.
>
> Whats the general consensus about using a J series entirely in packet mode?
>
>
When you enable packet-mode on J-Series you loose the stateful firewall
capabilities.
> Are there any gotchyas to be wary of, like missing featu
Basically they are two different things:
- Dynamic VPN is plain old IPSec based remote access VPN for users. They
need to install a client and that's it. It's licensed per user.
- SSL-VPN appliances offer a web portal for users to publish web based
applications securely and also offer the option t
On Thu, Nov 28, 2013 at 2:11 AM, Tom Storey wrote:
> Interesting. Has anyone tried this with protocols like IS-IS and with IPv6?
> I'd love to add an EX3200 to my lab, but shelling out for a license would
make it a bit too expensive.
>
I've used EX4200 with IS-IS and IPv6 and would just complai
First option would be to check to see if the IMAP client is using the
IMAP IDLE command. If so, you might want to disable this option. Or
configure the SRX to never timeout this connections (not sure if
possible).
Second option would be a check to see what screening options you have
from untrust (
In the Release Notes for JUNOS 12 something for EX, there is an
example of commit error when you use a protocol without a license and
you cannot use it. I am missing the right link now but it stood out as
it was the first time I saw it.
On Wed, May 1, 2013 at 12:32 AM, Mark Tinka wrote:
> On Frid
I guess it has to do with the EOL announcement for the J series where the
SRX is promoted as the successor platform.
For full tables, the J series were the smallest Juniper routers that you
could buy and with 2GB of RAM they work very well.
I'm sad to see them gone.
On Sun, Dec 16, 2012 at 4:13 AM, Michel de Nostredame
wrote:
> Hi There~
>
> One of my customers has some Cisco Nexus 7K but budget wise prevents
> him from buying N7K in new locations. His environment is pretty simple
> and straight forward. Lots of 10GE ports (around 2200 ports) divide
> into ar
On Wed, Jan 23, 2013 at 3:19 AM, Morgan McLean wrote:
> Hi,
>
> Just curious what the smallest v6 advertisement providers will accept is
> these days? I've seen no smaller than /48 mentioned on various boards, but
> I see arin will allocate all the way down to /32. We currently have a /48,
> and I
On Fri, Feb 1, 2013 at 7:47 PM, Mark Menzies wrote:
> That could potentially work but is a mighty big hammer to solve a small
> problem. :).
>
I'm not familiar with how SRX licenses work, but if the ID is always
the same when you add or remove them, you can make a "script" in
notepad with the req
On Mon, Jan 21, 2013 at 10:40 PM, Markus H wrote:
> Hi,
>
> I wonder what kind of redundancy the community would prefer for
> small-medium sized PoPs.
> This is what I have come up with so far:
>
> a) 2xMX80
> Pro: Two seperate devices so less prone to config errors and chassis failure
> Con: Usin
On Thu, Jan 31, 2013 at 9:00 PM, Mark Menzies wrote:
> If I enforced that, I would be training an empty room. :)
I wouldn't bet on it and you might go ahead and try it.
I also do training and have licenses for every feature (not on
Juniper, by the way) on the equipment and if the students ask, I
On Wed, Jan 30, 2013 at 5:34 PM, Mark Menzies wrote:
> Hi folks
>
> I have a quick question here.
>
> Is there any way other than the very slow "request system license delete
> " command, to get rid of multiple licenses all at once?
>
> Basically we have several SRX units for training purposes and
On Wed, Dec 19, 2012 at 12:33 PM, ahmad barakat
wrote:
>
> Dears,
>
> actually we enabled the logging on our Firewalls, 2-SRX1400 and 2-ISG2000 in
> stream mode and they send the log to a syslog server.
>
> we are facing a problem with the detailed report. because the log just
> appeared the ses
On Thu, Oct 4, 2012 at 5:55 AM, Muruganandham M wrote:
> Thanks all for your tips.
>
> When we have both nodes with the same priority 255, will there be any change
> in the mastership when both nodes powered off and powered on together?
>
> Further, is it mandatory to enable the "no-split-detectio
On Wed, Oct 3, 2012 at 8:51 AM, Muruganandham M wrote:
> Hello,
>
>I am referring the following link.
>
> http://www.juniper.net/techpubs/en_US/junos10.3/topics/task/configuration/virtual-chassis-gres-cli.html
>
> Is it mandatory to configure the mastership-priority to 255 to enable GRES
>
On Fri, Jun 1, 2012 at 11:22 PM, Payam Chychi wrote:
> hey everyone,
>
> I was wondering if anyone knew of a way to collect payload data from the
> Network Connect functionality of the Juniper SSL VPN.
> The logs clearly show URL requests if the user utilizes the web based login
> but does not sho
On Sat, Oct 10, 2009 at 7:05 AM, Richard A Steenbergen
wrote:
>
> On Fri, Oct 09, 2009 at 11:06:02AM +0400, Pavel Lunin wrote:
> > As the other have already said, the main difference between 3200 and 4200 is
> > virtual chassis. But I'd like to note that it is not just a fun gadget which
> > allo
Jonathan Brashear wrote:
That seems a bit dishonest, no? Given that the only part they won't support is the one you're switching out for the sake of getting support doesn't strike me as above board. Maybe I'm alone on this.
I was just saying that in case for some reason JTAC decides not to
Matthew Walster wrote:
2009/8/20 Nam, Nguyen Hoang
When I config ssh-rsa key begin "1024
The 1024 is there for you, not for the key - the parses already knows it's
1024-bit, hence the big long base-64 string.
My question is how to config ssh-rsa to affect the authenticat
Jonathan Brashear wrote:
With the caveat that Juniper doesn't support CFs you buy elsewhere, I believe
the 'Juniper' CFs are re-branded Sandisk CFs.
You can always buy one spare from Juniper and the rest from vendors that
won't charge you an arm and a leg for a one or two GB CF, and in case
Kevin Oberman wrote:
Date: Wed, 12 Aug 2009 12:19:41 -0400
From: Brendan Mannella
Sender: juniper-nsp-boun...@puck.nether.net
Hello,
I was wondering if anyone has successfully replaced a hard disk on a
M7i
RE-5.0. If so with what model disk, and once installed what is the
procedure
to get t
Ross Vandegrift wrote:
On Mon, Jan 19, 2009 at 10:16:47AM +0100, Benny Amorsen wrote:
In practice most vendors ignore the "multicast" word in that sentence.
The functionality is really useful and hard to achieve in any other
way.
RFC 1812 should be amended.
I disagree. It doesn't mak
Ivan c wrote:
anyone have any experience with the SSL and IPSec capabilities on the following:
Check Point Connectra
Connectra sucks.
Fortinet
Did not played with it.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.ne
waqas Mohammad wrote:
Hi,
I am facing problem with installation of Netscreen VPN client 10.7.7 on
windows Vista, dose it works on Vista or it is only design for XP?
10.8.3 build 6 works on Vista. Maybe you should upgrade.
___
juniper-nsp mailin
Stefan Fouant wrote:
And I thought privacy concerns were bad enough with all these apps on
my PC dialing "home", now I have to worry about my routers doing it
too? ;)
Well, Hitachi does it for their storage systems and nobody freaks out.
Having a router dial home seems to me that it has signi
Rubens Kuhl Jr. wrote:
Can I expand the question to what L2 and L3 VPNs methods are supported
on all J-series from J2320 to J3650 ?
Did a lab a while ago with 2 J4350 as PE routers and L2 and L3 VPNs
worked without any problems.
The only thing that did not worked very good was BFD with very
Rubens Kuhl Jr. wrote:
Hi...
I'm sizing a J-2320, and noticed the following RAM and flash defaults:
• 256 MB DRAM default, expandable to 1 GB DRAM
• 256 MB compact flash default, upgradeable to 1 G
What is possible and not with such a configuration, like installing
recent JunOS versions, FIB s
Jose Madrid wrote:
Going back to Christian's point, Rancid doesn't know who made the
changes and if there are multiple changes between rancid run-times, it
will pick up various changes and not just the one in particular. I
currently use a mixture of rancid and logs from devices to see who
logged
David Ball wrote:
Hey folks. They say the definition of insanity is repeating the
same thing over and over and expecting different results, and again I
found myself trying to use routing policy in a firewall filter,
unsuccessfully.
We have 4 upstream ISPs, 2 on 1 router and 2 on another. Un
Campbell, Alex wrote:
> We have J4350s taking several full tables each. Traffic peaks at about
> 100mbps and CPU sits constantly at about 10%. I'm not sure how much
> slower the CPU on the J2320 is but I would be surprised if it couldn't
> comfortably handle our traffic loads with full tables.
>
}
}
}
This is a router for testing and i needed to access it remotely for
trying out different configurations.
Regards,
Eugen.
> -Jon
>
> On Wed, Apr 2, 2008 at 9:11 AM, Eugeniu Patrascu
> <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote:
>
&g
Hello,
I have an issue with JunOS ES 9.0R2.10: I can't access it remotely
either by telnet/ssh/webmanagement. I tried creating a firewall filter
to accept all packets, put it inbound/outbound on my ge-0/0/3 interface.
Is there a catch to the Enhanced Services that it needs special tweaking
to
Jason Lixfeld wrote:
> I've been looking for GSR12406 alternatives and first was led to the
> M120, but then was led to the MX series. I need a device to fit into
> a provider network at the edge, facing transit, peer, backbone and
> core. Heavy layer 3, heavy BGP, heavy OSPF, no QoS, no MP
Bit Gossip wrote:
> I notice that a Juniper router doesn't forward packets between fxp0 and
> all other interfaces, even if a route exists. Is there a way to change
> this behaviour?
>
Hi,
The documentation clearly states that forwarding will not be done on
fxp0 and that is only intended for m
Lawrence Wong wrote:
> Hi everyone,
>
> I currently have a J4350 with 1GB RAM and 256MB FLASH in my lab. I'm thinking
> of upgrading it to 2GB RAM and 1GB FLASH to do further testing, but the
> "original" Juniper parts are too expensive for my lab tests.
>
> Does anyone know what sort of RAM and
M.Mihailidis wrote:
> it is only possible to do it on the linux?
> from the nsm itself isnt that possible?
afaik, no.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
M.Mihailidis wrote:
> Hello all
> is there a way to have some kind of access list for the NSM?
> i want to have for example only 2 IPs log to the NSM.
> thanks in advance
>
Hi,
Since the NSM runs on Linux, it's pretty easy to setup iptables rules
allowing only connections from your two IPs to
Eugeniu Patrascu wrote:
[...]
Hi,
The problem was solved by putting a crossover cable between one of the
netscreens :)
So now i'm happy pinging a directly connected host via an MPLS cloud.
Thank you all for the help provided.
Eugeniu Pat
From the documentation it seems it's not going to work:
http://www.juniper.net/techpubs/software/junos/junos84/swconfig84-vpns/swconfig84-vpns.pdf
says the following:
NOTE: A Layer 2 VPN or Layer 2 circuit is not supported if the
PE-router-to-P-router
interface has VLAN-tagging enabled and us
GAY Samuel wrote:
> Hi Eugeniu,
>
> I see 2 mistake in your configuration :
> - you use the same route-distinguisher on the pe-1 and pe-2
> - the interface connected to ce-1 / ce-2 is configured with the unit
> 0. In Junos you have to use unit from 512 to 4095 to the ccc
> encapsulation.
>
Hi,
ve guessed it, I cannot ping 192.168.20.2 from 192.168.20.1.
The question is: what am I doing wrong here ?
Thank you,
Eugeniu Patrascu
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
61 matches
Mail list logo