Is it possible to do layer 2 port mirroring for family inet/inet6 interfaces in Juniper MX series routers?

I have connected two logical systems using logical tunnels like this:[edit]root@mx1# show logical-systems r1 interfaces lt-0/0/10 unit 10 encapsulation ethernet;peer-unit 80;family inet { address 10.10.200.1/24;}[edit]root@mx1# show logical-systems r2 interfaces lt-0/0/10 unit 80 encapsulation ethernet;peer-unit 10;family inet { address 10.10.200.2/24;}[edit]root@mx1# Is it possible to do layer 2(i.e including the Ethernet header) port mirroring either for lt-0/0/10.10 or lt-0/0/10.80 both in ingress and egress direction?...Read more

Juniper SRX240 unstable uplink when client is connected to VPN

In an office setting, multiple clients (Mac OSX, Ubuntu, iOS, Android and Windows 8) connect to a VPN server in another location. These clients are behind an SRX240B router which is connected to a PPPoE fiber uplink. The SRX240B replaced the previous router, an SRX100H. The SRX100 was completely stable, but the SRX240B has some weird issues.When clients connect to VPN, the connection usually works for a couple of minutes, but then all internet traffic disappears. Every device, every browser, every connection is lost. I can SSH into the router, ...Read more

juniper junos - What's the difference between TPID of 0x88a8 or 0x8100

I was reading over some JNCIS-SP documentation on provider bridging and it had this to say regarding the TPID field for QinQ: IEEE 802.1ad has reserved a TPID of 0x88a8 for the S-TAG however the JUNOS operating system default behavior is to set the TPID equal to 0x8100.Wikipedia has the following listed for the notable protocols for these TPID values:0x8100 VLAN-tagged frame (IEEE 802.1Q) & Shortest Path Bridging IEEE 802.1aq0x88A8 Provider Bridging (IEEE 802.1ad) & Shortest Path Bridging IEEE 802.1aqWhat is the functional differe...Read more

Is the shaping-rate on a CoS scheduler per-port or aggregate on a Juniper EX?

I'm using a Juniper EX2200 as demarc/CPE device for a customer that has multiple handoff ports on the one switch. I need to make sure that, across all their ports, they don't use more bandwidth than they ordered.I've read the Juniper doc Defining CoS Schedulers and I'm still not sure if the egress shaper is applied per-interface or per-scheduler.My config snippit is below. Ports 0/1/0-3 are downstream to the customer and port 0/1/0 is upstream.# show class-of-serviceinterfaces { ge-0/0/0 { scheduler-map all-cust; } ge-0/0/1 { ...Read more

Juniper SRX240 and EX2200 network

I'm not a network engineer, so this must be a noob question.My task is simple, I need all clients to have internet access. Both EX2200 were configured before as layer 2 switches, so i assume their configuration is fine.On SRX240 i was able to setup internet access. If i connect my laptop to it, the internet works fine. But connection to EX2200 doesn't work. I tried different guides from the internet, but nothing seems to work.How should i configure SRX240, so all EX2200 clients have internet access. Ideally, i would love all clients to get ip f...Read more

juniper junos - next-table may loop

Help me to understand such situation. It is necessary translate a little of config from Screenos to Junos.Screenos issue:set vrouter "trust-vr"set route 217.118.52.149/32 vrouter "TrustGi-vr" preference 20set vrouter "TrustGi-vr"set route 172.30.2.8/29 vrouter "trust-vr" preference 20I would translate as here.Junos issue:set routing-instances trust-vr instance-type virtual-routerset routing-instances trust-vr routing-options static route 217.118.52.149/32 next-table TrustGi-vr.inet.0set routing-instances TrustGi-vr instance-type virtual-routers...Read more

FTP File copy command in Juniper showing [error: file-fetch failed error: could not fetch local copy of file]?

I Have two Juniper ACX 2200 Series Routers connected back to back and One Router running latest OS, But other is running Old OS, I want to copy Latest OS from One Junos to another Junos Router,I enabled FTP On both Routers[edit system services ftp]set rate-limit 2set connection-limit 2And Used The Command ikar@hostname> file copy ftp://ikar:ikar123@172.22.36.113/var/tmp/jinstall-ppc-15.1X54-D36.2-domestic.tgz /var/tmpAnd I got the Below Errorfetch: ftp://ikar:*@172.22.36.113/var/tmp/jinstall-ppc-15.1X54-D36.2-domestic.tgz: File unavailable (...Read more

how to copy the config of one port to another port on juniper

how to copy the config of one port to another port on juniper ?1) how to see all the configs that are applied to the port (ex: xe)2) then how to copy the config of this port to another port ?currently trying to configure a switch but trying to look at all the configurations pertaining a particular port, then trying to copy the config on that port to another port....Read more

Juniper Switch - Enabling Ports?

I have a Juniper EX2200-C switch that I am trying to setup and running into issues with. Unfortunately the Juniper website is not much help. I've managed to setup the device's root login and enabled DHCP on the management port for now. I have an Ethernet cable going from the management port on the switch (me0) to my internet provider's modem (Verizon FIOS). From the switch I can now ping external IP addresses so it looks like the default route it setup correctly.What I would like to do is hook-up ge-0/0/0 to the back of my Internet provider's m...Read more

juniper junos - Why are my equal cost LSP's not load balancing equally when using auto-bandwidth?

First, I'm adding this question and answering myself because this type of behavior was absolutely no where to be found, hopefully it will help someone.Problem:We use auto bandwidth to handle the bandwidth subscriptions for our LSPs. The LSPs are equal cost and appear in our forwarding/routing tables appropriately as available next hops for each destination.However for a single destination, the 4 equal cost LSPs are not load balancing equally (or even close to equally). We understand that JUNOS uses a per-flow load balancing algorithm despite ...Read more

juniper junos - SRX - Routed subnet - No NAT

I have a SRX 220 cluster running Junos 12.1XD46-D30.2. My ISP provides me with a /27 public IP range. Lets say 80.0.0.64/27The way this is configured is that they use the first two available IP addresses for a VRRP redundant router setup. These are our default gateway IP addresses.I have configured my SRX interface reth0.0 to use the IP address 80.0.0.71/27QuestionHow can I place a device in a DMZ zone that has the IP address 80.0.0.90?What have I tried?Config 1: reth0.0 configured as 80.0.0.71/27 in zone untrust reth1.110 configured as 80.0....Read more

vrf lite - Junos VRF equal-cost, multi-next-hop static routes not balancing

I am load balancing traffic on dual, same size links aggregating to the same VRF on the PE router (Juniper MX5 JunOS 11.4). Traffic from the CE (Cisco) is balancing nicely but I need get the reverse right.I am not NATing inside the multi-site network, the only NATing happens on the edge firewall to the Internet.I have configured the VRF as follows on the Juniper PE router:# show routing-instances {client}instance-type vrf;..vrf-export {client}-load-balance;..routing-options { static { . . route 10.0.0.0/24 next-hop [ 196...Read more

Juniper EX - disable multiple interfaces at the same time as a once off

I have used the Cisco interface range commands on many occasions to disable a large number of switching ports when the device is originally deployed as a once off and am looking for something similar in Junos.I don't want to use apply-groups or the juniper interface-range command set as there changes are permanent and to be honest it would confuse the Tier-1 / Tier 2 staff , aka inherited config is hidden by default and therefore will likely get missed when troubleshooting.I am just looking for verification that there is no way to do this nat...Read more

JunOS: Password recovery has failed

I am trying to recover a root password on an MX80 but I'm receiving some errors and have no idea what they mean (it's not live so suggestive "disruptive" steps is acceptable);The steps I have taken are as follows;Reboot the router, at the prompt Hit [Enter] to boot immediately, or space bar for command prompt - I hit spaceI enter boot -s to boot into single user modeAt the prompt Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh: I enter recoveryOnce into the CLI I enter configuration mode and then atte...Read more