,
Will
> On Jul 10, 2017, at 1:04 PM, Vincent Bernat <ber...@luffy.cx> wrote:
>
> ❦ 10 juillet 2017 12:36 -0400, William McLendon <wimcl...@gmail.com> :
>
>> if you are running a routing protocol over the particular VLAN on the
>> MC-LAG peers (which is a supported conf
if you are running a routing protocol over the particular VLAN on the MC-LAG
peers (which is a supported config in Junos MC-LAG implementation) make sure
you are running VRRP between the MC-LAG peers, even though it seems
unnecessary. VRRP seems required for any ARP sync to occur for a given
hey all,
curious if anyone has seen this and knows why it happens or if its anything to
be concerned about. we received new MX480s with the new 64G Routing Engines
where Junos is in a VM, and on both MX480s we have seen messages like the
following:
MX480-2-re0> show system alarms
2 alarms
In this case I think they may have over-engineered the process, or there are
cases of concern i’m not aware of as to why they did it this way. I have not
ever configured Cisco vPC, and I understand it is fairly complicated too, but
Juniper’s MC-LAG config requirements seem way too complicated.
I don’t know whether it is officially supported or not, but I was able to get
v6 working in a lab environment with MC-LAG, even with OSPF3 running and
working over it as well.
In v4 world you must configure VRRP to have the ARP sync work properly (this
bit us on a MC-LAG running OSPF where one
this is a working DHCP config on EX9200s — make sure you include the
forward-snooped-clients all-interfaces statement, or any transit DHCP packet
that traverses an interface without DHCP relay configured will be eaten by the
EX9200 — its the most asinine thing in the world to have (a carryover
The CLI changes right now only apply to new hardware — EX9200, EX4300, QFX5100.
The other EX products still use the “normal” way, even on the latest code.
I’m not sure if they are planning on running the ELS syntax on other EX
platforms or not.
will
On Feb 19, 2014, at 12:00 PM,
hey all,
we have an EX9208 that is reporting a Minor alarm as follows:
user@hostname show system alarms
2 alarms currently active
Alarm time Class Description
2013-09-27 17:40:56 EDT Minor CB 0 Fabric Chip 1 Not Online
2013-09-27 17:40:56 EDT Minor CB 0 Fabric Chip 0 Not
do you have Jumbo Frame support enabled across the whole L2 path between the
two cluster members?
On Sep 3, 2013, at 11:44 AM, juniper-nsp-requ...@puck.nether.net wrote:
--
Message: 10
Date: Tue, 3 Sep 2013 14:19:35 +
From: OBrien, Will
I think I may have been able to answer my own question. I stumbled across this
KB article which I think spells it out pretty well:
http://kb.juniper.net/KB20711
On Jul 18, 2013, at 2:04 PM, William McLendon wimcl...@gmail.com wrote:
hi all,
We have an issue where we have enough internal
hi all,
We have an issue where we have enough internal users and sessions using the
general outbound NAT that we are hitting the session limit for the single
public IP due to running out of ports. (really its due to how Source NAT is
carved up on an HA pair…see http://kb.juniper.net/KB14958 )
Do you have Jumbo Frames enabled on all paths between the two nodes? There is
a required frame MTU that must be supported across the network for connectivity
through intermediate switches to work / be supported. Also if i'm not mistaken
by default the control plane traffic is tagged with VLAN
hi all,
we have a home-grown OP script that we use to bulk upgrade EX switches for new
deployments. New switches come out of the box (lately on 11.4R1) and the
script executes and auto-upgrades the switch to 11.4R5 or 11.4R6 (tested fine
with these).
I have been trying to update the script
if memory serves the NSRP communication is actually L2 Multicast, so yes
enabling IGMP snooping on the switches for the NSRP VLAN likely will cause
issues. This same problem effects SRX clusters as well, if i'm not mistaken.
Presumably if you had an IGMP Querier on the VLAN then it wouldn't
I can only hope this is all some sort of terrible documentation error.
That list of features requiring an AFL (at least for the EX32/42/45/8200/xre)
is counter to how we have been selling and implementing this kit for years.
And our Juniper SE informed us a while back that 12.3 would no
NSR was not supported on EX3300s until 12.1 per the release notes, and 12.2
added NSSU for EX3300s.
I did not see mention of NSB in the release notes, but I have to believe it's
supported for NSSU to work properly. Unfortunately I do not have access to any
EX3300s to test / confirm.
hi everyone,
do SRX firewalls support a tap mode installation? Really just looking at it
for purposes of evaluation of IDP functionality where tap mode would be the
least intrusive method to see data vs having to put it inline (and then deal
with the inevitable you put a device inline and now
this helps,
-Tim Eberhard
On Wed, Sep 12, 2012 at 10:33 AM, William McLendon wimcl...@gmail.com wrote:
hi everyone,
do SRX firewalls support a tap mode installation? Really just looking at
it for purposes of evaluation of IDP functionality where tap mode would be
the least intrusive method
Your static NAT config looks correct. do you have any other static NAT
rule-sets defined that could match the traffic (initiated from either side)?
IIRC a session is only evaluated against a single NAT rule-set per NAT type,
and if multiple match, it will pick the most specific.
I think the
all,
this is an odd issue i'm having in turning up a new circuit, and hoping for
some input / ideas --
the link between the EX and the Cat6500 is provided by a 3rd party provider (I
think via DWDM - Sienna and Infinera gear). Both the EX and the Cat6500 GigE
interfaces are configured as
.
Thanks all that replied on and off list with ideas!
Will
Date: Wed, 1 Aug 2012 09:35:21 -0400
From: William McLendon wimcl...@gmail.com
To: juniper-nsp@puck.nether.net
Subject: [j-nsp] EX to Cat6500 link?
Message-ID: 5e853961-bb16-4049-97a3-351c484ea...@gmail.com
Content-Type: text
looks like you left out 'family mpls' on the core interface ge-0/0/0.14 config,
which is required for MPLS to function.
will
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
I think RAS probably has some insight into this, hopefully he will chime in. I
seem to recall reading somewhere (probably on this list) that by default the
FIB is somehow partitioned such that routes of certain lengths go into certain
sections of TCAM . . . perhaps you are running into that?
CB,
for STP to be detecting a loop, I assume either EX4500#1 is also directly
connected to EX4500#3? or does it form a ring with the MX80 bridging between
EX4500#1 and EX4500#3?
if there is a physical loop, but not a logical one as I believe you stated all
links are p2p VLANs, you could
you can definitely do MPLS on J-series and SRX gateways. It even says so on
the datasheet -- however, as was mentioned, you must put the device in
packet-based mode, and thus lose ALL security features (everything that is
configured under [edit security] -- so Zones, Stateful Policies, NAT,
Aloha,
does anyone out there have any experience deploying an SRX3k series (3400
cluster strictly A/P), with IDP services? Anyone know of any A/P IDP-specific
gotchas? or recommendations on running IDP in an A/P configuration?
we are looking to deploy this setup for a customer in the next
Make sure you have DHCP as an allowed service on the reth interface in the Zone
configuration:
set security zones security-zone zone interfaces reth0.0 host-inbound-traffic
system-services dhcp
I think that will do the trick.
good luck,
Will McLendon
On Aug 31, 2010, at 3:24 PM, juniper-nsp
As far as I know, you can not do any COS on st0 interfaces yet, and I haven't
seen a timeframe for when. I've seen mention of using Virtual Channels for
this (whatever those are), but I THINK that might be J-series only, and i've
never seen a working config of it -- only references on slide
Log viewing in J-Web is not available in 10.0 I know for sure. I think it is
due this year though in 10.3 or 10.4 (someone else able to confirm?).
Strange, but thats how it is, for now.
Good luck,
Will McLendon
On Jul 19, 2010, at 12:00 PM, juniper-nsp-requ...@puck.nether.net wrote:
Send
hopefully this works...first time posting to the list
one option might be to do an L2VPN or VPLS type solution where you tunnel the
MPLS traffic over a GRE tunnel (only necessary if the intermediate network
can't/doesn't run MPLS). I think someone might have mentioned that previously
as well.
30 matches
Mail list logo