Re: [j-nsp] Help with BGP as-path regex

Hi Alex, That looks like what I want, thanks! Here's a brief test I tried: Policy definitions: as-path 3257_originate "^3257+.*"; policy-statement as_3257_import { term gtt { from { protocol bgp; as-path 3257_originate; } then accept; }

Re: [j-nsp] Help with BGP as-path regex

--- Begin Message --- Hello, Does this help? https://www.juniper.net/documentation/en_US/junos/information-products/topic-collections/release-notes/16.1/m-mx-t-series-toc.html

[j-nsp] Help with BGP as-path regex

Hi All, I thought this would be in a cookbook somewhere but I can't find it. Is there a way to write an as-path regex so it will match a providers ASN (e.g. 1234) one or more times and then 1 or 2 more ASNs zero or more times? I'm hoping to be able to account for AS prepending. I'm an Enterpri

Re: [j-nsp] help with routing bypassing bgp path selection

On Mon, 1 Oct 2018 at 06:49, tim tiriche wrote: > > hello, > > i have 5 PE routers running with full iBGP/RSVP-TE MPLS Mesh. > > There is a CE connected to PE5 and PE4. > > Based on BGP Path selection all of the PE {1,2,3,4} are preferring route to > PE5 due to BGP Path selection based on AS PATH

Re: [j-nsp] help with routing bypassing bgp path selection

Hey, I'd go with BGP policy. On PE1 ingress increase local-pref for PE4? You could also have iBGP-IN policy like this: from community increase-local-pref-in-local-pe then local-preference add 100 and per PE community: set increase-local-pref-in-local-pe members large:MYAS:42:MYLOOP And then in

[j-nsp] help with routing bypassing bgp path selection

hello, i have 5 PE routers running with full iBGP/RSVP-TE MPLS Mesh. There is a CE connected to PE5 and PE4. Based on BGP Path selection all of the PE {1,2,3,4} are preferring route to PE5 due to BGP Path selection based on AS PATH tiebreaker. However, i would like PE1 to prefer PE4 and the res

Re: [j-nsp] help with new re-s-1800x4 and ssd

Hi, 1. Mixing REs is not recommended and not officially supported. I have mixed certain similar RE models fine (all 32-bit versions), and given similarity between these two (dual-core vs quad-core) I would say it *should *work. 2. There are couple of ways; probably the easiest is to boot from USB

[j-nsp] help with new re-s-1800x4 and ssd

Hi, We have an existing MX480 running a re-s-1800x2 on a single SCBE. I want to install a second SCBE and a re-s-1800x4 into the chassis. The SSD drive I have for the new RE is blank. So. 1. Can I mix RE's on the same chassis ? while maintaining production ? 2. How do go about formatting and ins

Re: [j-nsp] Help needed regarding the Eompls tunnel in Juniper & Cisco

r.net Subject: [j-nsp] Help needed regarding the Eompls tunnel in Juniper & Cisco Hi All, We are having some serious issue with one customer circuit.We are using eompls vlan based & we are unable to pass traffic over eompls (l2)tunnel between Cisco 3550 switches if we use specifically Cisco 650

[j-nsp] Help needed regarding the Eompls tunnel in Juniper & Cisco

Hi All, We are having some serious issue with one customer circuit.We are using eompls vlan based & we are unable to pass traffic over eompls (l2)tunnel between Cisco 3550 switches if we use specifically Cisco 6503 ,Cisco 6504 & 6506 etc. If we use Cisco switch 6524 instead of Cisco 6503 it is

[j-nsp] Help me research how commonly routers mangle packets

Hey, In two different networks, one Juniper, one Cisco, I've seen router silently mangle packets in transit, calculate correct Ethernet FCS on broken packet and forward it. In MPLS network this means, that you'll only occasionally know about this problem, when egress PE router notices IP-checksum

Re: [j-nsp] Help with routing-instance bgp session

Sure, the neighborship must be within the routing-instance because that’s where the neighbor is connected. I don’t believe you can create a peer using a leaked route. I don’t believe rib-groups will solve this either, but I’m not certain. It is worth the attempt, but I am not confident of th

Re: [j-nsp] Help with routing-instance bgp session

Hi Aaron, Perhaps can I do this using rib-groups within bgp neighbor family inet unicast knob? I also tried declare bgp neighbor in main table, but even leaking connected routes, they say "No route to host" but the routes are there. Thanks. 2016-07-05 0:07 GMT-03:00 Aaron Dewell : > > The route

Re: [j-nsp] Help with routing-instance bgp session

The routes have to exist in the table in order to be available to a policy. So you’ll have to leak them first. Any policy only has access to the routes within it’s context. You could route them to discard after they are leaked however. That way, they still exist even if they are inactive. (

[j-nsp] Help with routing-instance bgp session

Can I announce all prefixes from main table in a bgp session that is into a routing-instance? I can't leak the prefixes, only advertise them, because it's a looking glass session, like Routeviews. All tips are welcome. Thank you. Regards, -- Eduardo Schoedler __

[j-nsp] help

___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] help

Disregard this... -Original Message- From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Aaron Sent: Wednesday, March 30, 2016 6:54 PM To: juniper-nsp@puck.nether.net Subject: [j-nsp] help ___ juniper-nsp mailing list

[j-nsp] help

___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Help with an IPSec scenario

Hi everyone, Trying to establish an IPSec tunnel (route based) between a Juniper SRX and a Cisco IOS router. The topology is two routers with DSL services, the SRX is on a dynamic IP, the Cisco on a static. No NAT is involved in the path between the two routers. Heres the configs Im working on:

[j-nsp] Help, problem with ingress queues

Hi mates. I have problem with ingress queues at interface. My config: show configuration class-of-service forwarding-classes { class cs1 queue-num 1; } show configuration firewall filter test_input term rule_CS1 { from { dscp cs1; } then { count cnt_cs1;

Re: [j-nsp] Help with MSTP in EX8208

Jeff, Chuck, I really appreciate your help. Jeff, you were right. I had a VLAN mismatch between both EX8208 (the 'configuration digest' did't match). Sorry about that. I'm a newbie in MSTP. Once I fixed it, everything began to work as expected. Chuck, great recommendation about 'bridge-prioritie

Re: [j-nsp] Help with MSTP in EX8208

Good catch/reference. Slight typo, the section is 13.12 (in my copy from May 2006). /Per Sent from my iPad, please ignore stupid spelling corrections! > 3 apr 2014 kl. 01:14 skrev Jeff Wheeler : > > For more on the different MSTP Port Roles and their meanings, see IEEE > 802.1Q-2005 Section 12

Re: [j-nsp] Help with MSTP in EX8208

Octavio, notice that the Role of the ports is MSTR not ROOT. Your two EX8200s are not in the same MSTI Region. Compare the configuration-name, revision-level, and VLAN-to-Instance assignments on the two switches; they are not the same. For more on the different MSTP Port Roles and their meanings

Re: [j-nsp] Help with MSTP in EX8208

On Wed, Apr 02, 2014 at 01:29:46PM -0400, Chuck Anderson wrote: > On Wed, Apr 02, 2014 at 03:36:51PM +0200, Octavio Alfageme wrote: > > I would like to have ae2.0 blocked in instance 1 and ge-20/0/1.0 blocked in > > instance 2. That's why I modify the cost of ae2.0 interface within instance > > 1 i

Re: [j-nsp] Help with MSTP in EX8208

On Wed, Apr 02, 2014 at 03:36:51PM +0200, Octavio Alfageme wrote: > I would like to have ae2.0 blocked in instance 1 and ge-20/0/1.0 blocked in > instance 2. That's why I modify the cost of ae2.0 interface within instance > 1 in both switches: > > Could you, please, help me to discover what I'm doi

[j-nsp] Help with MSTP in EX8208

Hello everyone, I would be grateful if somebody could help me with a problem related to MSTP in EX8208s running JunOS 12.3R5. My scenario is pretty simple: 2 EX8208s connected to each other by two links (the first one, ae2.0 consisting of one GE interface and the second one, ge-20/0/1.0). Obvi

Re: [j-nsp] Help: Learning routes from same ASN, cisco vs juniper

Unless im mistaken... Thats a safety which detects a loop and rejects the prefix Allowas-in as well as as-override will get you around it but dont mod unless you know how its going to affect ur network -- Payam Chychi Network Engineer / Security Specialist On Tuesday, 10 September, 2013 at

Re: [j-nsp] Help: Learning routes from same ASN, cisco vs juniper

I was too busy yesterday working on this to say thanks. The loops threshold was exactly what I needed although my upstream was ALSO filtering. I have to admit that it did take me a few minutes to realize that the loops limit also applies to external routes learned by an ibgp neighbor! the inter

Re: [j-nsp] Help: Learning routes from same ASN, cisco vs juniper

On 9/10/2013 1:28 PM, OBrien, Will wrote: > I've found an interesting issue and I wanted to get some thoughts before > talking to JTAC about it. > > > I have a few of MX480s. In the past, I've advertised a dedicated /24 from my > lab to my providers upstream. > That /24 was never learned by

[j-nsp] Help: Learning routes from same ASN, cisco vs juniper

I've found an interesting issue and I wanted to get some thoughts before talking to JTAC about it. I have a few of MX480s. In the past, I've advertised a dedicated /24 from my lab to my providers upstream. That /24 was never learned by my primary MX. The issue comes down to either the MX or t

[j-nsp] help

Daniel Hilj JNCIE, CCIP M: 07920 202534 | T: 01252 500 751 | F: 01252 405 605 E: daniel.h...@synetrix.co.uk [cid:image001.jpg@01C9FA35.3FA41B60] Synetrix House, 49-51 Victoria Rd Farnborough, Hampshire, GU14 7PA www.synetrix.co.uk

Re: [j-nsp] Help with "DDoS fpc slot" and "loopback wedge" messages

Hi, Wedge problem is not the kind that can be solved using this maillist. There are two ways for you - JTAC case or upgrade to recommended Junos version which is 11.4R7 now and probably do not have such problem. On 03.04.2013 18:53, Brad Fleming wrote: Hello all, One of our MX10s appare

[j-nsp] Help with "DDoS fpc slot" and "loopback wedge" messages

Hello all, One of our MX10s apparently has a sense of humor; it decided to bounce all of its routing protocols early morning on the April 1st. We saw all OSPFv2, OSPFv3, LDP, and BGP neighbors bounce at the exact same time and restore roughly 45 seconds later. In the wake of the event we notice

Re: [j-nsp] Help needed with IPSEC VPN on J-Series

ust zone, as follows > >>>>>> > >>>>>> zones { > >>>>>> security-zone trust { > >>>>>> tcp-rst; > >>>>>> host-inbound-traffic { > >>>>>> system-service

Re: [j-nsp] Help needed with IPSEC VPN on J-Series

host-inbound-traffic { >>>>>> system-services { >>>>>> any-service; >>>>>> } >>>>>> protocols { >>>>>> all; >>>>>> } >>>>&

Re: [j-nsp] Help needed with IPSEC VPN on J-Series

{ >>>>>> any-service; >>>>>> } >>>>>> protocols { >>>>>> all; >>>>>> } >>>>>> } >>>>>> interfaces { >

Re: [j-nsp] Help needed with IPSEC VPN on J-Series

es { >>>>> all; >>>>> } >>>>> } >>>>> } >>>>> >>>>> Will this accomplish what you are suggesting? >>>>> >>>>> >>>>> >>>>> >>>>>

Re: [j-nsp] Help needed with IPSEC VPN on J-Series

} >>>>> } >>>>> interfaces { >>>>> all; >>>>> } >>>>> } >>>>> } >>>>> >>>>> Will this accomplish what you are suggesting? >>>>> &g

Re: [j-nsp] Help needed with IPSEC VPN on J-Series

t;>> Will this accomplish what you are suggesting? >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> On 2013-03-20 11:52 AM, "Patrick Dickey" wrote: >>>> >>>>> I don&

Re: [j-nsp] Help needed with IPSEC VPN on J-Series

>>>> Will this accomplish what you are suggesting? >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> On 2013-03-20 11:52 AM, "Patrick Dickey" >>>>wrote: >>>>

Re: [j-nsp] Help needed with IPSEC VPN on J-Series

t;>> >>>> I don't remember if the J series behaves exactly like the SRXs when it >>>> comes >>>> to IPSec, but if it is make sure to put the st0.x interface into a >>>> security >>>> zone and have a security policy allowing the traffic. >>&

Re: [j-nsp] Help needed with IPSEC VPN on J-Series

he st0.x interface into a >>> security >>> zone and have a security policy allowing the traffic. >>> >>> I believe that's only a requirement if you're running the enhanced >>> services/security code on the J, but I think you have to be to

Re: [j-nsp] Help needed with IPSEC VPN on J-Series

t; zone and have a security policy allowing the traffic. > >> > >> I believe that's only a requirement if you're running the enhanced > >> services/security code on the J, but I think you have to be to get > IPSec. > >> > >> HTH > >> > >>

Re: [j-nsp] Help needed with IPSEC VPN on J-Series

I believe that's only a requirement if you're running the enhanced >> services/security code on the J, but I think you have to be to get IPSec. >> >> HTH >> >> >> -Original Message- >> From: juniper-nsp-boun...@puck.nether.net >> [mailto:ju

Re: [j-nsp] Help needed with IPSEC VPN on J-Series

rity code on the J, but I think you have to be to get IPSec. > >HTH > > >-Original Message- >From: juniper-nsp-boun...@puck.nether.net >[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Bill Sandiford >Sent: Wednesday, March 20, 2013 8:47 AM >To: juniper-

Re: [j-nsp] Help needed with IPSEC VPN on J-Series

Check the MTU of the physical interface, some GigE interface modules on the J-Series routers only support 9014 bytes, Junos allows you to set to 9192, try to drop the MTU value to 9000 bytes. On Wednesday, March 20, 2013, Bill Sandiford wrote: > Here is some outputŠIP addresses sanitized with x.x

Re: [j-nsp] Help needed with IPSEC VPN on J-Series

s/security code on the J, but I think you have to be to get IPSec. HTH -Original Message- From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Bill Sandiford Sent: Wednesday, March 20, 2013 8:47 AM To: juniper-nsp@puck.nether.net Subjec

Re: [j-nsp] Help needed with IPSEC VPN on J-Series

Here is some outputŠIP addresses sanitized with x.x.x.x of course > show security ipsec security-associations Total active tunnels: 1 IDGateway Port Algorithm SPI Life:sec/kb Mon vsys <131073 x.x.x.x500 ESP:3des/md528c1a297 2675/ 838856 - root >1310

Re: [j-nsp] Help needed with IPSEC VPN on J-Series

Are the st-interfaces UP? What does show security ipsec security-associations say? (Am offline; spellcheck needed...) Bjørn Tore @ mobil Den 20. mars 2013 kl. 15:46 skrev Bill Sandiford : > Hi All, > > I need some help with an IPSEC tunnel that I just can't seem to get working > on a J-6350.

[j-nsp] Help needed with IPSEC VPN on J-Series

Hi All, I need some help with an IPSEC tunnel that I just can't seem to get working on a J-6350. I have been able to get the tunnels to come up, but can't seem to pass traffic over the tunnels I've done the usual things. I've created an st0.0 interface and bound it to the tunnel using the bi

Re: [j-nsp] Help Needed for Bonjour Routing/OSX Clients

Another option is to get the cheapest Areohive Access point and use their Bonjour Gateway (Currently in Beta I believe) to control announcements between vlans. On 11 May 2012 10:09, Jonathan Lassoff wrote: > > > > On the surface, this looks like a much cleaner way of doing things, > provided th

Re: [j-nsp] Help Needed for Bonjour Routing/OSX Clients

On 5/10/12 16:21 , Phil Mayers wrote: > On 10/05/12 17:12, Jonathan Lassoff wrote: >> On Thu, May 10, 2012 at 2:54 AM, Phil Mayers > > wrote: >> >> On 09/05/12 22:55, Jonathan Lassoff wrote: >> >> I've gotten this to work in the past, but it ended up bein

Re: [j-nsp] Help Needed for Bonjour Routing/OSX Clients

On Thu, May 10, 2012 at 5:02 PM, Joel jaeggli wrote: > On 5/10/12 16:21 , Phil Mayers wrote: > > On 10/05/12 17:12, Jonathan Lassoff wrote: > >> On Thu, May 10, 2012 at 2:54 AM, Phil Mayers >> > wrote: > >> > >> On 09/05/12 22:55, Jonathan Lassoff wrote: > >>

Re: [j-nsp] Help Needed for Bonjour Routing/OSX Clients

On Thu, May 10, 2012 at 9:21 AM, Phil Mayers wrote: > On 10/05/12 17:12, Jonathan Lassoff wrote: > >> On Thu, May 10, 2012 at 2:54 AM, Phil Mayers > > wrote: >> >>On 09/05/12 22:55, Jonathan Lassoff wrote: >> >>I've gotten this to work in the past, bu

Re: [j-nsp] Help Needed for Bonjour Routing/OSX Clients

On 10/05/12 17:12, Jonathan Lassoff wrote: On Thu, May 10, 2012 at 2:54 AM, Phil Mayers mailto:p.may...@imperial.ac.uk>> wrote: On 09/05/12 22:55, Jonathan Lassoff wrote: I've gotten this to work in the past, but it ended up being a LOT more work than just using DNS

Re: [j-nsp] Help Needed for Bonjour Routing/OSX Clients

On Thu, May 10, 2012 at 2:54 AM, Phil Mayers wrote: > On 09/05/12 22:55, Jonathan Lassoff wrote: > > I've gotten this to work in the past, but it ended up being a LOT more >> work >> than just using DNS names and routing (which I've subsequently done each >> time). >> > > Out of curiosity, how di

Re: [j-nsp] Help Needed for Bonjour Routing/OSX Clients

On 09/05/12 22:55, Jonathan Lassoff wrote: I've gotten this to work in the past, but it ended up being a LOT more work than just using DNS names and routing (which I've subsequently done each time). Out of curiosity, how did this work? Isn't most mDNS traffic TTL=1? ___

Re: [j-nsp] Help Needed for Bonjour Routing/OSX Clients

How big is the network? Will O'Brien On May 9, 2012, at 4:59 PM, "Jonathan Lassoff" wrote: > To get Bonjour to work across LANs, you would need to enable multicast > routing so that clients on the various LANs can join the same group. > > Bonjour is just Apple's name for mDNS (multicast DNS).

Re: [j-nsp] Help Needed for Bonjour Routing/OSX Clients

To get Bonjour to work across LANs, you would need to enable multicast routing so that clients on the various LANs can join the same group. Bonjour is just Apple's name for mDNS (multicast DNS). Provided that everyone can solicit queries and hear announcements, hosts should be able to resolve the

[j-nsp] Help Needed for Bonjour Routing/OSX Clients

Hello All, I am a complete noobie when it comes to Juniper so please don't bash me to bad :-) Hardware: Juniper SRX240 Problem : We have moved our client PCs from being all in 1 large subnet into 8 VLANs to better segment the various departments. All windows PCs/Servers are working fine

Re: [j-nsp] Help with vpn srx - asa

On Mon, Mar 5, 2012 at 2:55 PM, Ben Dale wrote: > If that is the actual config off the ASA, then another thing that may be > affecting connectivity: > >> crypto map foo 5 match address MYACL >> crypto map foo 5 set pfs < >> crypto map foo 5 set peer x.y.w.z >> crypto map foo 5 set transfo

Re: [j-nsp] Help with vpn srx - asa

If that is the actual config off the ASA, then another thing that may be affecting connectivity: > crypto map foo 5 match address MYACL > crypto map foo 5 set pfs < > crypto map foo 5 set peer x.y.w.z > crypto map foo 5 set transform-set ipsec-p2 > crypto map foo interface outside you ha

Re: [j-nsp] Help with vpn srx - asa

The ASAs are usually quite picky about Propxy-ID, and since you haven't specified one, the SRX will use "any, any, any" (all 0). That kind of Proxy-ID (or lack of) usually works well when you are using a route-based setup. The ASA on the other hand (almost) always use policy based VPN, where you

Re: [j-nsp] Help with vpn srx - asa

On 05/03/2012, at 9:57 PM, bizza wrote: >gateway gw_vpn2remote { >ike-policy ike_pol_vpn2remote; >address X.Y.W.Z; >local-identity inet A.B.C.D; >external-interface fe-0/0/7.0; >version v1-only; >} In your IKE gateway con

Re: [j-nsp] Help with vpn srx - asa

On Mon, Mar 5, 2012 at 1:28 PM, Asad Raza wrote: > Hi Marco, > > I see that you are using a custom proposal in phase-1 but using compatible > in phase-2, that could be the problem. You need to define exact proposal in > phase-2 aswell. Could you confirm if proposal mismatch is in phase-1 (ike) > o

Re: [j-nsp] Help with vpn srx - asa

Hi Marco, I see that you are using a custom proposal in phase-1 but using compatible in phase-2, that could be the problem. You need to define exact proposal in phase-2 aswell. Could you confirm if proposal mismatch is in phase-1 (ike) or phase-2 (ipsec) ot be more specific? regards, Asad On Mo

[j-nsp] Help with vpn srx - asa

Hi, I have some problem in to configure a vpn between a srx and a cisco asa. This is my configuration: ike { proposal trans-vpn { authentication-method pre-shared-keys; dh-group group5; authentication-algorithm sha-256; encryption-algorit

Re: [j-nsp] Help with logical systems

On Thursday, September 15, 2011 11:00:50 AM Jackson Jacobson wrote: > Gracious list members, > > I'm wondering if you guys could help me understand more > about logical systems. When would I use such a construct > and has anyone come across problems (functionally, > security, etc) Not sure what

[j-nsp] Help with logical systems

Gracious list members, I'm wondering if you guys could help me understand more about logical systems. When would I use such a construct and has anyone come across problems (functionally, security, etc) Salud, j.j.j. ___ juniper-nsp mailing list juniper

Re: [j-nsp] Help with DHCP relay issues on J2350 running 9.6 code

ct: RE: [j-nsp] Help with DHCP relay issues on J2350 running 9.6 code Thanks, Marc. I'll give it try and let you know that outcome. -Original Message- From: m...@westberg.cc [mailto:m...@westberg.cc] Sent: 01 September 2010 16:11 To: Baidoo, Joe Cc: juniper-nsp@puck.nether.net Subj

Re: [j-nsp] Help with DHCP relay issues on J2350 running 9.6 code

Thanks, Marc. I'll give it try and let you know that outcome. -Original Message- From: m...@westberg.cc [mailto:m...@westberg.cc] Sent: 01 September 2010 16:11 To: Baidoo, Joe Cc: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] Help with DHCP relay issues on J2350 running 9.6 cod

Re: [j-nsp] Help with DHCP relay issues on J2350 running 9.6 code

vpn; } ge-0/0/3 { vpn; Marc >-- Original Message -- >From: "Baidoo, Joe" >To: Jeff Cadwallader >Date: Wed, 1 Sep 2010 06:09:28 -0400 >Cc: "juniper-nsp@puck.nether.net" >Subject: Re: [j-nsp] Help with DHCP relay issues

Re: [j-nsp] Help with DHCP relay issues on J2350 running 9.6 code

Thanks all, for your help and support on this. I'm now going to upgrade the box to 10.0R3.10 code and see if that fixes the issue. From: Jeff Cadwallader [mailto:wom...@gmail.com] Sent: 31 August 2010 23:37 To: Baidoo, Joe Cc: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] Help with

Re: [j-nsp] Help with DHCP relay issues on J2350 running 9.6 code

Behalf Of Will McLendon Sent: 01 September 2010 00:39 To: juniper-nsp@puck.nether.net Subject: [j-nsp] Help with DHCP relay issues on J2350 running 9.6 code Make sure you have DHCP as an allowed service on the reth interface in the Zone configuration: set security zones security-zone interfaces

[j-nsp] Help with DHCP relay issues on J2350 running 9.6 code

Make sure you have DHCP as an allowed service on the reth interface in the Zone configuration: set security zones security-zone interfaces reth0.0 host-inbound-traffic system-services dhcp I think that will do the trick. good luck, Will McLendon On Aug 31, 2010, at 3:24 PM, juniper-nsp-requ

Re: [j-nsp] Help with DHCP relay issues on J2350 running 9.6 code

We also the same issue with certain versions of code for the 2350. Currently we are using 9.6R3. This was an undocumented feature I guess. Jeff On Aug 31, 2010 3:25 PM, "Baidoo, Joe" wrote: > Hi, > > I recently migrated from Cisco ASA firewall to Junos 9.6 on J2350 series but I cannot get DHCP r

Re: [j-nsp] Help with DHCP relay issues on J2350 running 9.6 code

Make sure the security settings for the interfaces/zones are correct. On Tue, Aug 31, 2010 at 11:38 AM, Baidoo, Joe wrote: > Hi, > > I recently migrated from Cisco ASA firewall to Junos 9.6 on J2350 series > but I cannot get DHCP relay to work with the DHCP clients sitting behind the > firewall.

[j-nsp] Help with DHCP relay issues on J2350 running 9.6 code

Hi, I recently migrated from Cisco ASA firewall to Junos 9.6 on J2350 series but I cannot get DHCP relay to work with the DHCP clients sitting behind the firewall. My configs below: set forwarding-options helpers bootp relay-agent-option set forwarding-options helpers bootp interface reth0.0 se

Re: [j-nsp] Help please..

an -Original Message- From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Juan C. Crespo R. Sent: Saturday, February 06, 2010 5:30 PM To: juniper-nsp@puck.nether.net Subject: [j-nsp] Help please.. Guys Does any one of you could tell me, whe

Re: [j-nsp] Help please..

On Sat, Feb 06, 2010 at 05:59:38PM -0430, Juan C. Crespo R. wrote: > Guys > >Does any one of you could tell me, where I can buy memory packs for > E-FPC, one of our E-FPC its showing a lot of troubles even it turn off > it self > > ssb at Feb 6 17:23:19 ... > ssb BCHIP 0: ECC from SDRAM b

[j-nsp] Help please..

Guys Does any one of you could tell me, where I can buy memory packs for E-FPC, one of our E-FPC its showing a lot of troubles even it turn off it self ssb at Feb 6 17:23:19 ... ssb BCHIP 0: ECC from SDRAM bank 0, at bit 65 was corrected ssb at Feb 6 17:23:19 ... ssb BCHIP 1: multiple

[j-nsp] Help with NAT configuration

Im sure this question has been asked before, but googling and reading examples and the JUNOS documentation has not yeilded an answer yet. I have a classic network example whereby my WAN IP address is dynamically assigned, but every configuration example I have seen specifically states the W

[j-nsp] [help] MTU between Juniper Netscreen and Router

Hi all I have problem about MTU jumboframe between Netscreen-5400 and Router MX480. On MX-480, i have set interface with MTU=9044 ( I know that MTU = IP Payload + 22 bytes header) On Netscreen, i have set MTU : envar max-frame-size = 9044 or 9022 too . But OSPF between netscreen and MX router

[j-nsp] Help: Retrieving Power Consumption Stats from Netscreen

I'm trying to obtain power consumption from a some netscreen NS5400, ISG2000, and SSG550. Is there a command for doing this? I've scrubbed the juniper knowledgebase and came up empty. I'm looking for stuff like total watts, watts in use, watts remaining.

Re: [j-nsp] Help with OSPF config

IMHO' In these modern times explicitly set ip mtu at all times. Will save a lot of trouble in the long run. I suggest this in view of PWE3, QinQ, etc. - original message - Subject:Re: [j-nsp] Help with OSPF config From: "Scott Morris" <[EMAIL PROTECTED]> Date:

Re: [j-nsp] Help with OSPF config

ECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sean Clarke Sent: Tuesday, February 19, 2008 2:13 AM To: Matthew Crocker Cc: Juniper-NSP Mailing list Subject: Re: [j-nsp] Help with OSPF config Try turning on some traceoptions in OSPF on the Juniper ... it'll probably tell you what the proble

Re: [j-nsp] Help with OSPF config

Check your MTUs as well. I've had problems with OSPF coming up between Juniper and Cisco due to MTU mismatch. David On 19/02/2008, Atul Kant <[EMAIL PROTECTED]> wrote: > Hi, > > 1. use simple auth or no auth to see if it works > 2. then turn on MD5 auth together with traceoptions enabled und

Re: [j-nsp] Help with OSPF config

Hi Matthew If you simply have your "neighborship" that does not come up between Juniper and cisco that's certainly a problem of Authentication like it has already been said to you. If it does come up and goes down after a moment, just have a look at your NSF feature installed in the C12000. The

Re: [j-nsp] Help with OSPF config

Hi, 1. use simple auth or no auth to see if it works 2. then turn on MD5 auth together with traceoptions enabled under OSPF on Juniper and enable ip ospf debugging on the Cisco 3. it maybe useful to use wireshark or any other network analyzer to capture OSPF packets from Cisco and Juniper and ob

Re: [j-nsp] Help with OSPF config

Try turning on some traceoptions in OSPF on the Juniper ... it'll probably tell you what the problem is ... maybe a typo'ed md5 key, or an unexpected router-id ? cheers Matthew Crocker wrote: > I need some Juniper-Foo for my OSPF config. > > I have 3 routers connected to a GigE switch. > >

[j-nsp] Help with OSPF config

I need some Juniper-Foo for my OSPF config. I have 3 routers connected to a GigE switch. Router A is a Cisco 12000 Router B is a Juniper J6350 Router C is a Redback SE-400 I have A&C talking OSPF and sharing routes just fine. I have A&B & C&B complaining about what the Juniper is sending ou

Re: [j-nsp] Help with NAT

Bill, Try the following (you'll have to replace w.x.y.z/32 with the IP to which you want to NAT your traffic): interfaces { ge-0/0/0 { unit 0 { family inet { service { input { service-set PAT-outbound;

[j-nsp] Help with NAT

Hello All: I need a bit of help with a NAT setup on a J-4350. I have tried to get it working with the various samples/examples that I have found either online or in the docs, but I can't seem to get it going like I could on the old Cisco box that this Juniper has recently replaced. Here is my