If it's an intermittent issue with Ping reachability, then check out
interface errors as well. On top of that find out if there are any memory
errors (where data gets buffered) in the Syslog i.e. CRC failing..
On Mon, Mar 27, 2017 at 8:55 AM, Jeff Haas wrote:
>
> > On Mar 5,
If you don't wanna pay then make use of a free collector (aka opensource)
i.e.
http://www.ntop.org/ (i have had and used this +1)
Or more here:
https://www.pcwdld.com/free-open-source-netflow-analyzers
On Sat, Dec 31, 2016 at 2:41 AM, Matthew Crocker
wrote:
>
> I’m
The maximum value is 4096 (0-4095), when you create more than 4095 logical
units with VLAN encapsulation, the message "limit of 4096 vlans/dlcis
exceeded"
Here is Juniper reference:
http://kb.juniper.net/InfoCenter/index?page=content=KB28265=search
P.S: It may varies hardware to hardware but I
Some of the alarms are transient (should generate Syslog trap though), and
they generate a Chassis alarm upon occurrence (i.e. PFE<>Fabric plane took
a hit of CRC errors and then got recovered through fabric healing).
Sometimes Chassis does not clear alarm when the transient state gets
cleared and
RE can only be installed into the SCBs labeled 0 and 1, third additional
multi-functioning slot labeled 2/6 supports either a SCB (NO RE) or FPC
(aka MPC,DPC). Something like
Raising LSP metric sounds good to me
On Wed, Dec 16, 2015 at 10:00 PM, tim tiriche wrote:
> Hello,
>
> i have 2 LSP to the same destination.
>
> 1st LSP name = R1-R2-a
> 2nd LSP name = R1-R2-b
>
> I have link protection enabled.
>
> i want to delete the 1st LSP and wanted
Hi - "commit check" is just there to verify the syntax and integrity of the
configuration, but do not activate it. Pretty self explanatory as you
already explained it :-)
On Tue, Sep 29, 2015 at 7:24 AM, Martin T wrote:
> Hi,
>
> when I commit the candidate configuration in
Here you have the official answer, pretty self explanatory:
http://www.juniper.net/techpubs/en_US/junos13.1/information-products/topic-collections/release-notes/13.1/index.html?topic-78897.html
On 10 Jun 2015 8:35 pm, james list jameslis...@gmail.com wrote:
Hi
My question is more related to
and not an MX that runs with DPC's etc.
On Sun, May 17, 2015 at 09:23:37PM +1000, Masood Ahmad Shah wrote:
Thanks for sharing, Mark!
Are you sure that it supports all Trio-bsaed cards and afterwards...
Juniper documentation confirm it for the Type-5 FPC (T4K) only though.
On Sun, May 17
Thanks for sharing, Mark!
Are you sure that it supports all Trio-bsaed cards and afterwards...
Juniper documentation confirm it for the Type-5 FPC (T4K) only though.
On Sun, May 17, 2015 at 7:02 AM, Mark Tinka mark.ti...@seacom.mu wrote:
Hi all.
Gosh, what a road this has been!
Some of you
on can be changed with host-outbound-traffic command (but still
cannot be changed with lo0 firewall outbound filter).
Thanks again,
Huan
On 15 May 2015, at 11:48 am, Masood Ahmad Shah masoodn...@gmail.com
wrote:
AFAIK host-outbound configuration or lo0 output filter will NOT influence
AFAIK host-outbound configuration or lo0 output filter will NOT influence
the PFE generated traffic. Only the output interface filter can match the
PFE generated traffic.
Cheers,
Masood
On Fri, May 15, 2015 at 10:22 AM, Huan Pham drie.huanp...@gmail.com wrote:
Hi list,
I've tested in the lab
I highly recommend Juniper day one books:
http://www.juniper.net/us/en/training/jnbooks/day-one/
In addition to that Network Mergers And Migrations book by Gonzalo and Jan
All the best!
Cheers,
Masood
On Thu, Apr 23, 2015 at 2:07 PM, Pyxis LX pyxi...@gmail.com wrote:
Hi, all.
I have just
Can you provide a show route hidden extensive through pastebin.com or
something like that... Your pasting is not easily readable and that makes
it hard to help..
Cheers,
Masood
On Thu, Apr 16, 2015 at 5:07 AM, Jonathan Call lordsit...@hotmail.com
wrote:
I apologize. The email looked fine when
AFAIK, router uses the preferred source address when it is configured for
an unnumbered Eth interface, for arp requests and replies. arp requests
need to match the preferred source address, which is by default primary
interfaces
lo0 {
unit 55 {
family inet {
Jordan,
How does CPU utilization looks during these 3 minutes (even a minute before
and after)?
How many routes (prefixes) you have in the RIB (not just active, the total
number of prefixes that are being scanned to find out the best routes
adj-in-rib)?
With 14.1R3.5, did you use rpd-64bit or
It could also be a hardware issue in either the referenced scb0 or back
connector. Have you tried the following:
Re-seat the scb in its slot, and then check for bent pins at this time (you
can use a flashlight)
Swap the scb0 with a spare (Or borrow one from another slot 1, 2)
Cheers,
Masood
On
Here is how I would do that:
1. Import the routes into inet.0 by rib-groups (that is what you have
already done, great)
2. Assuming PECE interface is 1.1.1.0/30 and working on the PE
3. Also I would not use “accept all” when doing import/export, so I created
a policy for that too.
See inline, prefixed [Masood] ...
On Thu, Apr 17, 2014 at 1:09 AM, John Neiberger jneiber...@gmail.comwrote:
Another question: if a link in a ECMP bundle goes down and then comes
back up later, do things end up hashed and balanced the same way they were
prior to the link going down, or is
Perhaps the file system became corrupted, most likely due to a sudden power
loss, or ungraceful shutdown. I would not worry, as long as both of the
partitions are healthy, then no issue with running switch on either of
them.
Just make sure that both of the partitions are healthy, so that fail
check de MTU
On 20-Nov-2010, at 3:53 PM, Sergey wrote:
On Saturday 20 November 2010, you wrote:
I attempted to remove point-to-point. No effect.:-(
You possibly need it on the interface - but you ALSO need it under
protocols
It has no effect. And I can not understand why I do not
check de MTU
On 20-Nov-2010, at 3:53 PM, Sergey wrote:
On Saturday 20 November 2010, you wrote:
I attempted to remove point-to-point. No effect.:-(
You possibly need it on the interface - but you ALSO need it under
protocols
It has no effect. And I can not understand why I do not
I would go with power-it; you cannot recover the password without resetting
the unit to factory defaults. On other devices of Juniper like routers there
are ways to do this but not on firewall devices.
As you do not have copy of the current configuration, then I would say let
it run as long as it
JUNOS gives you very flexible AAA services. I would suggest you should not
use remote user template on live production Box. Configuring a single remote
user template account requires that all users (once again keep in mind ALL
users) without individual configuration entries share the same class
You don't need to configure per packet-load balance during the JNCIP-M lab.
All you have to do is multipath..
Regards,
Masood
-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Aamir Saleem
Sent: Tuesday, March 24, 2009
Yea, Juniper M Series does not support L2TPv3 at this time, and there is no
roadmap for it anytime in the near future. You can use l2circuit over
GRE/IP-IP tunnel.
JUNOS now support MPLS-in-GRE MPLS-in-IP. You guys can now encapsulate the
MPLS label stack for a packet with an IP header, making
JUNOS software does not support ISPF but does perform partial route
calculations when the ospf topology is stble and only routing information
changes, you can mix this process up even further with spf-options...I guess
you will have ispf (enable/disable) in same hierarchy :)
ja...@r1# top set
I agreed with something Jared said. You never know whom you are going to
connect next to (Cisco :)).
Save yourself n Save Others
Regards,
Masood
-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Jared Mauch
Sent:
This is what it should be like r...@testcommunity
HTH
Regards,
Masood
-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Nilesh Khambal
Sent: Saturday, February 21, 2009 12:53 AM
To: Derick Winkworth
Cc:
This will take you on a snmp journey .
ja...@r1# run show snmp mib walk 1
Regards,
Masood
-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of shariq qamar
Sent: Monday, February 16, 2009 6:46 PM
To:
It's a simple UNIX file 'dcd.snmp_ix' (I believe Juniper guys don't change
format/syntax of the file with each upgrade.), if you back
/var/db/dcd.snmp_ix while upgrading your JUNOS software and then later
restore it.
ja...@r1 file list /var/db/dcd.snmp_ix
Regards,
Masood
-Original
Check if you can find something similar while sitting at your J series :)
set system services outbound-ssh client nsm
Regards,
Masood
-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of SunnyDay
Sent: Wednesday,
I would suggest check CRC and duplex mismatch twice :) if everything goes
fine then you better play with the following TCP tweaks..
flow no-tcp-seq-check
flow tcp-syn-check
flow tcp-syn-bit-check
Regards,
Masood
-Original Message-
From: juniper-nsp-boun...@puck.nether.net
Yea sure, but you need to keep an eye on redundant RSP, LM and interface
related configuration .e.g. less or more number of physical interfaces, LM
or RSP.
Regards,
Masood
Blog: http://weblogs.com.pk/jahil/
-Original Message-
From: juniper-nsp-boun...@puck.nether.net
I have replied to a Juniper forum topic on same issue. Please find the link
below..
http://tinyurl.com/ba4r7p
Regards,
Masood
-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Markus
Sent: Sunday, February 08, 2009
This has already been discussed on list... the following URL will take you
to the QPPB/DCU
http://markmail.org/message/et4gc4ysscxio7ra
-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Mark Tinka
Sent: Wednesday,
The following configuration should work for IPv6/IPv4 in same policy.
policy-statement O-R {
term 1 {
from {
protocol ospf;
route-filter fec0:0:0:4::/64 orlonger;
}
then accept;
}
term 2 {
from {
protocol ospf;
What's wrong in using two terms J
Regards,
Masood
From: Ahmad Alhady [mailto:ahmad.alh...@yahoo.com]
Sent: Sunday, December 28, 2008 10:23 PM
To: Masood Ahmad Shah; juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] merging IPv6 and IPv4 route in same policy
but in 2 different terms
http://weblogs.com.pk/jahil/archive/2008/12/26/juniper-switches.aspx
Regards,
Masood
-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Brendan Mannella
Sent: Saturday, December 27, 2008 5:10 AM
To:
Two minor points you can have multiple static routes for the same
destination address with the same preference (juniper) admin distance
(Cisco) and difference interfaces for load balancing. The exception is the
default gateway 0.0.0.0 which can only occur once per admin distance but you
can use
neighbor remove-private-as
Removes private AS numbers in updates sent to external peers. Private AS
numbers are only in the range 64,512-65,535.
Regards,
Masood
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of SunnyDay
Sent: Friday, November 14, 2008
The PPPoE interface to the access concentrator can be a Fast Ethernet
interface on any Services Router, a Gigabit Ethernet interface on J4350 and
J6350 Services Routers, an ATM-over-ADSL or ATM-over-SHDSL interface on all
J-series Services Routers except the J2300, or an ATM-over-SHDSL interface
Ahmad Shah
BLOG: http://www.weblogs.com.pk/jahil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Aamir Saleem
Sent: Friday, September 26, 2008 11:18 AM
To: juniper-nsp@puck.nether.net
Subject: [j-nsp] M-Series Authentication via Tacacs and authorization via
What you get when you do show helper statistics
You can also use some packet capturing applications like ethereal on DHCP
server; just to check the packets are being forward to DHCP server or not.
If you need include the maximum-hop-count statement, deault value is 4 hops.
set the routing
If Cisco to Cisco works fine than problem seems in interpreting domain id.
If the OSPF domain ID for the destination PE differs from the originating
PE, MP-BGP redistributes the route into OSPF as an OSPF type 5 external
route. There is another to preserve OSPF routes across the MPLS VPN OSPF
Yea you can set the route preferences ( In Cisco world administrative
distance ). For this you need to find the route preference radius attribute
... here is the list of supported radius attributes...
http://www.juniper.net/techpubs/software/erx/erx50x/swconfig-broadband/html/
Two things can prevent LDP adjacencies MTU, fragmentation or access list.
You need to check MTU size at both sides as you are using tunnel interfaces.
You may need to look at data fragmentation too, in both cases try adjusting
MTU size.
Look into IGP prefix lists, distribute lists or
Yea you can have established LSP without LDP. Guess how :)
What if you are running both LDP and RSVP... ;)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Junaid
Sent: Monday, August 25, 2008 8:35 PM
To: Farhan Jaffer
Cc: Juniper Puck
Subject: Re:
There can be multiple reasons for these input errors.
Policed Discards
Frames that the incoming packet match code discarded because they were not
recognized or of interest. Usually, this field reports protocols that the
JUNOS software does not handle, such as CDP.
L3 incompletes
This counter is
I came up with an issue, Juniper M Series router is inability to pop
explicit-null and decreasing IP TTL at the same time, making egress PE
disappear from traceroute, when using core-hiding and explicit-null.
Is there any workaround.
___
juniper-nsp
Im really getting confused while adding firewall for DSL subscribers. I
want to protect my PPPoE subscriber from malicious traffic. Adding a
firewall between DSLAMs and BRAS is kinda confused for me. The final
topology is going to be like
The full BGP table of the internet is big. The BGP table is held in memory.
If you use 1GB of RAM or more, you can store 3 full BGP table. M7i and M10i
both comes with fast CPU, You will not have to worry about processing, it's
juniper :)
Regards,
Masood
-Original Message-
From: [EMAIL
I am looking for a track-ip functionality in Junos, which will be able to
retire a route based on IP reachability (ping or something like this)
Is this anything we can do?
Regards,
Masood Ahmad Shah
___
juniper-nsp mailing list juniper-nsp
Many thanks for running one of the leading mailing lists. Keep it up.. you
are great
Regards,
Masood Ahmad Shah
BLOG: http://www.weblogs.com.pk/jahil
-Original Message-
From: Jared Mauch [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 18, 2008 10:40 PM
To: Masood Ahmad Shah
Cc: 'Erik
http://www.cisco.com/en/US/products/hw/routers/ps133/prod_system_test_report
0900aecd801b9424.html
:)
Regards,
Masood
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
network? Like in Cisco
Cisco#ip forward-protocol udp ?
0-65535 Port number
Juniper# I don't know :)
Regards,
Masood Ahmad Shah
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
56 matches
Mail list logo