Below are details that talk about rate-limiting on RVI interfaces:
http://kb.juniper.net/index?page=contentid=KB14250cat=FIREWALLactp=LIST
This KB talks about port filters as well:
http://kb.juniper.net/index?page=contentid=KB10968cat=JUNOS_EXactp=LIST
Cheers,
Truman
On 15/07/2010, at 9:37 AM,
http://kb.juniper.net/KB12167
On 2/07/2010, at 11:39 AM, Onam Rubio wrote:
Good day,
I forgot my username and password, so I can't access to my juniper.
How can I access to the Juniper?
Thanks
Yes you can do this on a J-series. If you can handle the full table in inet.0,
you can handle this full table in a VRF. Just make sure you have enough RAM to
hold a full table (regardless of the type of routing-instance) ...
Truman
On 20/06/2010, at 4:53 PM, Rolf Mendelsohn wrote:
Hi All,
How about VPLS over MPLS/GRE interfaces? This will work.
On 1/06/2010, at 2:35 PM, Peter Krupl wrote:
Hi,
I have looked through the Juniper doc's for GRE with bridging. But it doesn't
seem to exist at all.
Is is possible ? Can I do it on a MX/MS-DPC or another Juniper box ?
Med
Do you mean the same route being announced from two different PE's? A unique RD
for each VPN on each PE will help. Then I assume you working with BGP import
policy on the PE ... learning routes from the CE?
On 30/05/2010, at 9:16 PM, Sorilla, Edmar (NSN - AE/Dubai) wrote:
Hi Experts,
Hilarious! Very funny Richard!
Truman
On 17/05/2010, at 6:24 PM, Richard A Steenbergen wrote:
http://www.e-gerbil.net/juniper.jpg
--
Richard A Steenbergen r...@e-gerbil.net http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
Hi Richard,
You can likely achieve this a different way, (although you approach has
interested me to check it out), by using CBF based on communities. I would use
communities for the l2circuits, then associate those communities with a
cos-next-hop-map, and have a forwarding policy exported to
Let's say that you have the following stanza under your master routing instance:
routing-options {
interface-routes {
rib-group inet if-route;
}
static {
rib-group static-rg;
route 0.0.0.0/0 next-hop 30.30.30.13;
route 3.3.3.3/32 next-hop 30.30.30.10;
Possibly vlans would work for you. A vlan in and a vlan out.
On 2/05/2010, at 2:10 PM, Fahad Khan wrote:
Hi folks
How can I install IDP device in transparent mode by using only one port??
please reply urgently
thanks,
Muhammad Fahad Khan
JNCIP - M/T # 834
IT Specialist
Global
Hey Paul,
For what you want to do, you would be fine with a J-series. BGP instances means
the number of BGP processes you would run inside additional routing-instances
(ie. instance-type virtual-router, etc). If you are basically doing all your
routing from inet.0, then you have essentially
If there is not an OID you can make one for the purpose; see the jnxUtilityMib
and automation scripts.
Truman
On 8/04/2010, at 8:28 AM, Bjørn Tore Paulen wrote:
Richard A Steenbergen skrev:
(...)
Hrm... The lack of ability to do show interfaces diagnostic optics and
see all interfaces
Hi Richard, you bring up some good points. I will chat with some ex
people on the rpd memory limitation on ex. It doesn't seem to be
necessary but there may be some design considerations on the static
value.
Truman
On 10/03/2010, at 8:32 AM, Richard A Steenbergen r...@e-gerbil.net
Hi,
Only the IQ2 PIC supports ingress queue stats.
Truman
On 19/02/2010, at 9:48 PM, meryem Z wrote:
Hello Truman,
Thank you for your suggestion.
Finally i found that classification is correctly done but the interface is
unable to show ingress statistics (IQ PIC) unlike the IQ2 PICs.
On 17/02/2010, at 3:57 AM, Phil Shafer wrote:
Bill Marquette writes:
Is there any way to send email from an op script?
No, sorry. We do snmp, syslog, or transfer, but not email. My
thoughts were always that email notifications should be done at
a central server to avoid floods. But
The H.323 ALG is only supported on SRX100 / SRX 210 models in 9.6. The H.323
ALG is supported in 10.0 on the SRX240.
http://www.juniper.net/techpubs/software/junos-security/junos-security10.0/junos-srx-jseries-support-reference/junos-srx-jseries-support-reference.pdf
Kind regards,
Truman
Hi,
You can not run an EX-olive at this time.
Truman
On 3/02/2010, at 6:05 PM, Ashok Kumar wrote:
Dear Team;
Has any one configured/tested Olive with *jinstall-10.0R2.10-export-signed.tgz
*. Also is it possible to configure Olive for EX switches.
If yes then please share the
Something looks wrong with the passwd file being in sync with the [edit system
login] stanza.
Try to 'commit full'
Or delete the user and re-add them.
Truman
On 3/02/2010, at 8:34 PM, Taqdir Singh wrote:
Hi,
I am trying to login one of our juniper router remotelty with correct
How about a policy that is applied to all l2tp terminated subscribers that
restricts communication between the subscribers?
On 2/02/2010, at 4:11 PM, Faizal Rachman wrote:
Hi All,
Anybody know how to disable client-to-client communication in E320 which act
as LNS ?
Thanks,
FaizalR
On 3/02/2010, at 2:21 AM, Mike Kiefer wrote:
Pardon my ignorance with Juniper gear. I have a problem that probably pretty
easy to fix, but I'm not sure how to do it.
I have a single M10i with multiple routing-instances. It's running what Cisco
would call vrf-lite, i.e. no MPLS. Every
You can do this with SRC managing a JUNOS/JUNOSe device. SRC will use the
volume tracking application to provide a total count of traffic per subscriber.
A subscriber can be identified by username.
Cheers,
Truman
On 16/01/2010, at 8:25 AM, Paul Waller wrote:
Does anyone know if Juniper
Can you post the relevant configuration from the box? I expect that the host is
directly connect to the MX-960; and the interface that is facing the host is
running RA; furthermore if you look at the routing table on the host, you will
see a default route to the MX's link-local address?
Now is
Hi, the ERX does not support 802.1x. In a static environment you can restrict
MAC address on an interface though ... The ERX can provide RADIUS proxy support
to an 802.1x network that is downstream from the ERX.
Cheers,
Truman
On 14/12/2009, at 6:38 PM, guan wang wrote:
Hi All
As i
This is expected behaviour. All other IP packets will also have an ip-options
field and they are matching so they are then discarded. Maybe you need some
more terms to accomplish what you want. I suspect you might want to explicitly
discard specific ip-options.
Truman
On 21/12/2009, at
Hi,
Have you enabled the tunnel-services statement at the [ edit chassis fpc
slot-number pic pic-number] stanza?
Otherwise the ipip.0 tunnel is only from the RE, which can't forward transit
traffic.
Truman
On 23/12/2009, at 8:47 AM, Jonathan Lassoff wrote:
Excerpts from Truman Boyes's
Hi Jonathan,
You can use any of your DPCs. On non-MX JUNOS routers you need to have tunnel
pics (ie. packet that needs to be encapsulated/tunneled/etc will switch from
PFE to PIC to PFE). MX does not require this because you can make the DPC
perform tunnel-services.
Once you create the
Make sure that the FE-8 has 256MB of RAM. The FE-8 w/ 128MB is not supported
past 5.2.
If the line card the copper based one or the SFP one? If it's the SFP based one
make sure you have Juniper supported SFPs, otherwise it will fail BPOST.
Truman
On 24/11/2009, at 1:46 PM, guan wang wrote:
Yes, make a RIB group for BGP and you can move routes between instances. You
can define a RIB group for a specific family. This is done at the protocols bgp
stanza. When using rib groups you don't use instance-import.
Truman
On 24/11/2009, at 1:04 PM, aayan sulehri wrote:
On Tue, Nov 24,
On 11/11/2009, at 9:17 PM, Daniel Verlouw wrote:
On Wed, 2009-11-11 at 15:19 +0530, chandrasekaran iyer wrote:
Has anyone downgraded the PIC? how to do it? Which PICs are
supported by 6.1 release.
downgrade the PIC? What exactly do you want to achieve? And I'm more
curious about why you
Hi,
.REL files are actually text files that reference all the necessary
driver / os files. This is why you can't backup the .rel file via ftp.
When you load a new software release *onto* the JUNOSe device, the
copy command will make many ftp GET's.
Truman
On 10/11/2009, at 2:35 PM,
This will block some types of traceroute, but a client can always use
different ports.
Why do you want to block traceroute?
On 29/09/2009, at 8:42 PM, Iftikhar Ahmed wrote:
Atif,
Try to apply a filter to loop-back interface with somthing like
term traceroute { /* permit
Or rather OpenBGPD and XORP generate JUNOS-like configuration files. :)
On 25/09/2009, at 12:45 AM, Gregory Agerba wrote:
I've seen JunOS generates nice OpenBGPd-like configuration files.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
If RPD crashes or cores you will get syslog messages, which an event
script can match on, then I suppose you could issue 'restart routing'.
Truman
On 21/08/2009, at 1:33 AM, Noah Garrett Wallach wrote:
sth...@nethelp.no wrote:
I'd like to have an op script turn off some interfaces when
Yes, booting from alternate media would be preferred if you were
concerned about leaving something behind that may contain sensitive
information. Recently I worked on a grey market M5 that contained all
sorts of things that you would hope are never exposed outside a company.
Truman
On
Hi Tom,
Sometimes having double negatives in firewall terms is hard to read,
but I understand what you are trying to do with the except matches.
Here is a simple way to do it with 3 terms:
[edit firewall family inet filter tdb-foo]
l...@malaka# show
term 1 {
from {
Hi,
Wow that is old; I remember when 2.X came out for JUNOSe (UNISON as
the time). There may be an issue in the upgrade process for such an
old card. You can always console the line card directly (with a
straight through ribbon cable or even a regular ethernet cable on the
diag port if
On 24/07/2009, at 9:50 AM, Terje Krogdahl wrote:
Wow that is old; I remember when 2.X came out for JUNOSe (UNISON as
the time).
Unisphere, actually. Although, the box still identified itself as
a Redstone at the time :)
Right, Unisphere was the company, but the software used to called
You might want to turn on more traceoptions. You are receiving a
notification message which should indicate the problem. The
notification code and subcode will help to find out the issue.
Truman Boyes
On 22/07/2009, at 3:16 AM, Matthias Gelbhardt wrote:
Hi!
After deleting the local
There is not a specific book for the E-series. You can reach through
techpubs for JUNOSe on the Juniper website. The standard documentation
on JUNOSe will provide you with enough information to pass the test.
On 22/07/2009, at 11:29 AM, davidtaylor1...@yahoo.com wrote:
Hello guys,
Does
. (I see you have multihop enabled).
Also, do you have a route to reach your peer's loopback address?
Best,
Truman Boyes
On 21/07/2009, at 3:03 AM, Ivan c wrote:
Hi
Having a issue getting my J6350 to play BGP with a partners Cisco
router. I defined the local loopback address in the bgp config
On JUNOS you can run LDP and RSVP and even run LDP tunneling inside
RSVP. It all works very well in some of the largest networks in the
world.
Have fun,
Truman Boyes
On 16/07/2009, at 7:57 AM, Jeff Cadwallader wrote:
I've been told that I should go ahead and configure the network
60.60.60.3/32 gw 50.50.50.1
BGP pref 170/-111 metric 300/0 Int Ext as 1
Not sure why it was necessary to hard clear the BGP session; does the
upstream peer support BGP refresh?
Kind regards,
Truman Boyes
On 13/07/2009, at 6:35 PM, Will Orton wrote:
I have 2 POPs
The route reflectors are sending the best routes. Are there
different IGP costs between the 4 links? The routes will need to be
equal to have them all installed as equal. There is an option for VPN
routes to ignore the IGP metrics, but I assume these are standard inet.
0 routes.
Truman
Hi,
You can have the external DHCP server have two different pools and it
can key off the src address or src mac of the BRAS. Take a look at the
man page for ISC DHCPD. Search for address pools and subclasses.
An example of subclasses:
class allocation-class-1 {
match
Hi Erol,
Ifstate is an internal way to maintain kernel state. It's basically a
way that the kernel can interface with rpd and other daemons. I am not
sure how severe the issue is based on the log ... you might want to
speak with JTAC about this issue.
Truman
On 3/07/2009, at 1:35 AM,
Hi,
Please check that the subnet of your loopbacks is advertised to the
Internet and if you have a firewall filter on lo0.0 that you are
permitting icmp echo / reply.
Kind regards,
Truman
On 29/06/2009, at 5:41 AM, wang yi wrote:
Experts,
I have got router connected to the Internet. I
Make sure that you add the static arp entries into the configuration
and not from any shell commands; otherwise if the router reboots your
entries will need to be re-added.
I know you can configure 10k mac filters on the IQ2, not sure about
scaling higher than that. You could test this or
RSVP-TE LSPs work well on olives. Been using then since 5.x olives
through 9.3 ...
On 11/06/2009, at 4:26 AM, alaerte vidali wrote:
Do you know if RSVP LSPs are supported on Olive?
Not sure if it is limitation of Olive or if I have other problems
here.
Tks,
Alaerte
Some notes inline:
On 4/06/2009, at 9:13 PM, Jeff Meyers wrote:
Truman Boyes schrieb:
Hi,
thanks for your answer so far.
You then need to define a route-distinguisher, and route targets
(or simply vrf-target under the VRF) to import/export the routes
for this VPN from other PEs.
Can
Your PE routers can provide a way to reach your management segments
around the network. You can create a routing-instance (VRF) for
management, then put an IP address on the PE router for VLAN100. You
will do this at each M-series.
You then need to define a route-distinguisher, and route
Hi,
BGP is advertising your routes, however it is not responsible for the
offered load on your interfaces. This load is based upon real traffic
flows that traverse those links. What load are you looking to test?
You could advertise a longer prefix through the trial provider and
then test
that?
Maybe I first should get our prefix announced, before getting to the
complex questions ;)
Regards,
Matthias
Am 26.05.2009 um 07:17 schrieb Truman Boyes:
Hi,
Congrats! If you have MPLS in your backbone, you can continue to
use IPv4 as the transport for your MPLS signaling
Hi,
Congrats! If you have MPLS in your backbone, you can continue to use
IPv4 as the transport for your MPLS signaling. With this approach you
can run 6VPE and build a VPN for your inet6 traffic. This is a common
approach for getting things going. All v6 stuff just rides across
MPLS and
Hi Vikas,
Details are here:
http://www.juniper.net/techpubs/en_US/junose10.0/information-products/topic-collections/swconfig-bgp-mpls/signaled-mapping-for-rsvp-te-tunnels.html
and here:
Hi,
A couple comments:
A L3VPN customer could use MPLS over GRE from their CE devices. The SP
would play no part in the MPLS.
A prerequisite for signaling across the SP would be for routing
information in the core to be exposed (ie. typically joining the core
network's IGP), and this
WAN Phy vs. 10GE LAN Phy... the WAN Phy is using SONET/
SDH framing with ethernet payload I assume you are not using this.
Truman Boyes
On 20/04/2009, at 1:52 PM, chenoi A wrote:
Hai...
please need some explanation..
different between ethernet wan port and ethernet lan port. i mean
/ virtual routers) instances.
BGP peers, you should be able to get more than 2000+ ... and possibly
up to 4k depending on how many routes you are exchanging with your
peers.
Truman Boyes
On 21/04/2009, at 1:19 AM, Loopback EZ wrote:
All
Just wanted to get a feel for the reasonable
This appears to be the PFE firewall on a M/T/MX series
On 14/04/2009, at 4:49 AM, Murphy, Jay, DOH wrote:
What model firewall is this to begin, and ?
Jay Murphy
IP Network Specialist
NM Department of Health
ITSD - IP Network Operations
Santa Fe, New Mexico 87502
Bus. Ph.: 505.827.2851
Hi,
A simple example for FBF would look like this:
l...@cs-m10i show configuration groups tdb-fbf logical-routers
manhattan routing-instances
manhattan-alternate {
instance-type forwarding;
}
l...@cs-m10i show configuration groups tdb-fbf logical-routers
manhattan routing-options
inside the
VRF instance. Does juniper support this or is there any workaround?
-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Truman Boyes
Sent: Sunday, January 18, 2009 2:45 PM
To: Andrew Jimmy
Cc: juniper-nsp
Can you clarify what you looking for?
RR's can reflect family inet-vpn. Are you specifically interested in
having RR functionality *inside* the VRF?
Thanks,
Truman
On 14/01/2009, at 6:10 PM, Andrew Jimmy wrote:
BGP route reflection is not supported for VPN routing and forwarding
(VRF)
VPDN terminology in Cisco really equates to a concept rather than a
technology. The tunneling technology is L2TP or L2F. If you are
looking to offer IP termination of DSL lines, then you likely want to
use L2TP and be the LNS while the wholesaling provider will maintain
the LAC. The JUNOSe
will just pick some LSP and ride
across it. In order to provide the mapping of a forwarding class to a
particular LSP, a forwarding table policy will need to be installed.
Kind regards,
Truman Boyes
On 8/01/2009, at 12:26 AM, The Drifter wrote:
On top of this is it possible to assign b/w onto
Hi Amos,
Most of the snmp oid's support virtualization (ie. virtual-routers).
More details are here:
http://www.juniper.net/techpubs/software/erx/junose93/swconfig-system-basics/overview_2.html#jN17574
Basically you specify the virtual-router with the community string.
Ie.
the OSPF database and reset
BGP peers which may help to resolve a routing table inconsistency...
Kind regards,
Truman Boyes
On 15/12/2008, at 11:06 AM, a. rahman isnaini rst / netsoft wrote:
Hi,
Anybody can suggest me, what is the command exactly for clearing
routing instance cache also
Hi,
The JUNOSe documentation states:
* Compatibility of E120 router and E320 router modules with
software releases is in E120 and E320 Module Guide, Table 1, Modules
and IOAs.
* Layer 2 and layer 3 protocols and applications supported by
IOAs on the E120 router and the
Maurice,
You write an export policy to BGP. Take a look at policy documentation.
Kind regards,
Truman
On 26/11/2008, at 8:15 PM, Maurice Gil Cruz wrote:
Hi guys,
Well, I would like to ask on how will I be able to have self
originate bgp routes from junos. what i mean is that (when
;
accept;
}
}
term default {
then accept;
}
}
}
routing-options {
static {
route 192.168.0.0/24 {
discard;
preference 254;
}
}
}
Kind regards,
Truman Boyes
On 28/10/2008, at 10:25 AM, Juan C. Crespo R
Hey Marlon,
IFL 32767 is a control logical interface that is used for things like
send/receive of untagged control packets. Ie. STP, etc.. it is
automatically created.
Cheers,
Truman Boyes
On 23/10/2008, at 1:09 PM, Marlon Duksa wrote:
Does anyone know what is this ae1.32767 interface
Hi Marlon,
Licenses are required for BRAS termination on JUNOSe.
If you are working in a lab scenario you can contact your local team
for information on a license for testing purposes. When you are ready
to go live, you can buy the right license for your setup.
Truman
On 1/10/2008, at
Hi,
IP pools are meant to be configured inside the routing context where
they will be assigned. You will have to configure the ip local pool
inside of the VRF where you want that pool assigned.
It sounds quite handy to have a master pool that would be allocated
across the VRFs but at
Have you looked at :
http://www.mindrot.org/projects/flowd/
or
http://www.splintered.net/sw/flow-tools/
This programs are pretty easy to setup and I have seen good results
with them.
Truman
On 7/09/2008, at 10:54 PM, Amr wrote:
Dear All,
I need to configure J-flow on My M120
Hi Shaheen,
You will set the BGP communities for the peer via a route-map in
ScreenOS.
Something like:
set vrouter untrust-vr
set protocol bgp 64819
set community-list 1 permit 20100
set community-list 1 permit 12000
set route-map name bgp_community permit 1
set community 1
And then you
Bit,
http://www.juniper.net/techpubs/software/junos/junos92/swconfig-routing/multihop.html#id-13320727
Yes you can specify a maximum TTL value. This match is performed on
RE, not on the PFE as opposed to a firewall match.
Regards,
Truman
On 3/09/2008, at 5:58 PM, Bit Gossip wrote:
Just a follow up to my previous post. This maximum TTL value is not
the same as the cisco ttl-security feature (GTSM).
Truman
On 3/09/2008, at 5:20 PM, Truman Boyes wrote:
Bit,
http://www.juniper.net/techpubs/software/junos/junos92/swconfig-routing/multihop.html#id-13320727
Yes you can
Yup, seems to be a delay in the mailing list, as I replied to my own
message right after posting, but it hasn't come through yet :)
Cheers,
Truman
On 3/09/2008, at 7:23 PM, Stefan Fouant wrote:
Truman,
That's for BGP multihop... That's not the same as GTSM.
Cheers,
On 9/3/08, Truman
It is a fair question, and the blanket policy of not supporting any
third party components makes sense for the company; this policy rarely
presents an issue in the real world as long as the support issue is
not related to the third party component.
However, lets just take one example to
subnets for my users
Thanks
Amr
On Mon, Aug 25, 2008 at 3:37 PM, Truman Boyes
[EMAIL PROTECTED] wrote:
Hi Amr,
Your RADIUS server is located upstream from the E120 right? Ie. It
is not an access-internal route but rather it is reachable via
another protocol such as BGP, static, or OSPF
Hi Marlon,
BGP between logical routers works just like BGP between real physical
routers. Maybe you need to define the source address for your BGP
sessions. I use logical routers extensively with transport (GE/POS/
etc) interfaces as well as tunnel interfaces.
Kind regards,
Truman
On
Junaid,
I am assuming that you save HDLC on the E3s and that keepalives are
on. Basically the IFD (interface) went into a down state and the
sequence numbers between the peers differed
Based on the logs you provided, it was likely a physical issue on the
E3.
Kind regards,
Truman
79 matches
Mail list logo