manualshive.com logo in svg

Juniper JUNOS 10.1 - S REV 4, Release Note

Get the latest Juniper JUNOS 10.1 - S REV 4 release note manual for free download. Stay up-to-date with the latest features and updates of your Juniper product. Download it now from manualshive.com and enhance your user experience with this comprehensive manual.

Share
Download
background image

Juniper Networks

®

 JUNOS® 10.1 Software

Release Notes

Release 10.1R3
13 July 2010
Revision 4

These release notes accompany Release 10.1R3 of the JUNOS Software. They describe
device documentation and known problems with the software. JUNOS Software runs
on all Juniper Networks M Series, MX Series, and T Series routing platforms, SRX
Series Services Gateways, J Series Services Routers, and EX Series Ethernet Switches.

You can also find these release notes on the Juniper Networks JUNOS Software
Documentation Web page, which is located at

http://www.juniper.net/techpubs/software/junos.

Contents

JUNOS Software Release Notes for Juniper Networks M Series Multiservice

Edge Routers, MX Series Ethernet Service Routers, and T Series Core
Routers .....................................................................................................6
New Features in JUNOS Release 10.1 for M Series, MX Series, and T

Series Routers ....................................................................................6
Class of Service ..................................................................................6
High Availability ...............................................................................12
Interfaces and Chassis ......................................................................12
JUNOS XML API and Scripting ..........................................................18
MPLS Applications ............................................................................21
Multiplay ..........................................................................................22
Routing Policy and Firewall Filters ....................................................23
Routing Protocols .............................................................................24
Services Applications ........................................................................27
Subscriber Access Management .......................................................27
System Logging ................................................................................36

1

Summary of Contents for JUNOS 10.1 - S REV 4

Page 1: ...e notes on the Juniper Networks JUNOS Software Documentation Web page which is located at http www juniper net techpubs software junos Contents JUNOS Software Release Notes for Juniper Networks M Seri...

Page 2: ...Procedure for Upgrading to Release 10 1 98 Upgrading a Router with Redundant Routing Engines 101 Upgrading Juniper Routers Running Draft Rosen Multicast VPN to JUNOS Release 10 1 101 Upgrading the So...

Page 3: ...in JUNOS Release 10 1 for SRX Series Services Gateways and J Series Services Routers 162 Errata and Changes in Documentation for JUNOS Release 10 1 for SRX Series Services Gateways and J Series Servic...

Page 4: ...89 Changes in Default Behavior and Syntax in JUNOS Release 10 1 for EX Series Switches 189 Layer 2 and Layer 3 Protocols 190 Infrastructure 190 User Interface and Configuration 190 Limitations in JUNO...

Page 5: ...Upgrading from JUNOS Release 9 3R1 to Release 10 1 for EX Series Switches 200 Upgrading from JUNOS Release 9 2 to Release 10 1 for EX Series Switches 201 Downgrading from JUNOS Release 10 1 to Releas...

Page 6: ...ntrol packets Protocols such as telnet FTP and SSH that are mapped to queue 0 are classified as best effort No configuration is necessary but the queue assignments can be altered with a multifield cla...

Page 7: ...nfigure scheduler node scaling include the maximum hierarchy levels statement at the edit interfaces xe fpc pic port hierarchical scheduler hierarchy level The only supported value is 2 Class of Servi...

Page 8: ...s SA MAC learning MAC accounting and MAC policing Stacked virtual LAN VLAN tag and VLAN rewrite functionalities Network Interfaces Class of Service PIC Guide Intelligent oversubscription services MX S...

Page 9: ...are supported on the 16 port 10 Gigabit Ethernet MPC with SFP Accepts traffic destined for GRE tunnels or DVMRP IP in IP tunnels JUNOS Release 10 0R2 Bidirectional Forwarding Detection BFD protocol J...

Page 10: ...R2 Layer 2 frame filtering JUNOS Release 10 0R2 IEEE 802 3ad link aggregation JUNOS Release 10 0R2 Link Aggregation Control Protocol LACP JUNOS Release 10 0R2 Local loopback JUNOS Release 10 0R2 MAC l...

Page 11: ...service VPLS JUNOS Release 10 0R2 Virtual private network VPN JUNOS Release 10 0R2 Virtual Router Redundancy Protocol VRRP for IPv4 JUNOS Release 10 0R2 To support these features some modifications ha...

Page 12: ...ure which transparently applies scaling to oversubscribed queues Class of Service High Availability Enhancements to unified ISSU support on PICs T Series JUNOS Release 10 1 extends unified ISSU suppor...

Page 13: ...Layer 2 feature parity includes Layer 2 bridging VPLS forwarding MAC address learning aging and MAC address limit Mesh group support Implicit VLAN mapping Integrated routing and bridging IRB Multicas...

Page 14: ...unnel only statement at the chassis fpc number pic number hierarchy level You can use the show interfaces queue gr fpc pic port command to display statistics for the specified tunnel Network Interface...

Page 15: ...RE so that reassembly of the packets is possible after fragmentation The previous CLI constraint check that requires you to configure either the clear dont fragment bit statement or a tunnel key with...

Page 16: ...ration limits are changed to match the augmented capabilities of IQE PICs All functionality available on the 4 port Channelized OC12 IQ Type 2 PIC is supported by this PIC Network Interfaces Enhanced...

Page 17: ...0 PICs Adds support for stateful firewall rule sets in Dynamic Application Awareness for JUNOS Software service chains New application level gateways ALGs are available for FTP junos ftp TFTP junos tf...

Page 18: ...JUNOS XML API and Scripting 18 New Features in JUNOS Release 10 1 for M Series MX Series and T Series Routers JUNOS 10 1 Software Release Notes...

Page 19: ...essage clear vrrp clear vrrp information clear_vrrp_information vrrp message clear vrrp interface clear vrrp interface statistics clear_vrrp_interface_statistics NONE request system scripts refresh fr...

Page 20: ...information get_idp_policy_template_information idp detail status information show security idp status detail get idp detail status information get_idp_detail_status_information service nat mapping in...

Page 21: ...statement at the edit protocols mpls static label switched path static lsp name hierarchy level You must also configure either the pop or the swap statement at the edit protocols mpls static label swi...

Page 22: ...s command and the monitor static lsp lsp name command The show mpls static lsp statistics command includes the following options ingress transit bypass and name static lsp name This command displays t...

Page 23: ...enter the media release statement at the edit services border signaling gateway gateway name sip new call usage policy policy name term term name then media policy hierarchy level Multiplay Solutions...

Page 24: ...are sent on the same multiaccess network This improves scalability and efficiency by reducing the number of identical messages sent to the same router This feature is useful when there are a large nu...

Page 25: ...wait before processing the messages The next hop hold time statement can be configured at the edit routing instances routing instance name hierarchy level The hold time can be configured from 1 to 100...

Page 26: ...l on all PE routers participating in the MVPN Include the family inet mvpn statement and family inet6 mvpn statement at the edit routing instances routing instance name vrf advertise selective hierarc...

Page 27: ...shared between IPv4 and IPv6 For example you can install 3000 IPv4 filters or 3000 IPv6 filters or a combination of both that totals 3000 You cannot install 3000 IPv4 filters and 3000 IPv6 filters No...

Page 28: ...999 15 999 Dynamic PPPoE interfaces per chassis 4000 Dynamic PPPoE interfaces per IQ2 IQ2E PIC 32 000 32 000 Dynamic PPPoE interfaces per Trio MPC MIC 15 999 15 999 15 999 Static interfaces per chassi...

Page 29: ...bles you to configure CoS for dynamic PPPoE subscriber interfaces on Trio MPC MIC interfaces available on MX Series routers and the Intelligent Queuing 2 IQ2 PIC on M120 and M320 Series routers In ear...

Page 30: ...ng new predefined variables have been added to implement IPv6 addressing for subscriber services Definition Dynamic Profile Variable Route prefix of an IPv6 access route junos framed route ipv6 addres...

Page 31: ...e router uses the information configured in the dynamic profile to determine the properties of the dynamic PPPoE logical interface The use of dynamically created PPPoE interfaces gives you the flexibi...

Page 32: ...nterface unit predefined dynamic variable instead of the actual logical unit number for the unit statement and the junos underlying interface predefined dynamic variable instead of the actual name of...

Page 33: ...ess Support for PPPoE Layer 3 wholesale configuration in a subscriber access network Enables you to configure PPPoE Layer 3 wholesaling within a subscriber access network Wholesale access is the proce...

Page 34: ...ofiles profile name interfaces pp0 unit junos interface unit family inet hierarchy level To view the logical system and routing instance for each subscriber use the show subscriber operational command...

Page 35: ...over the Trio MPC MIC interfaces on MX Series routers To apply input and output filters for logical interfaces include the input input filter name and output output filter name statements To apply the...

Page 36: ...profiles profile name interfaces demux0 unit unit number demux options hierarchy level When configuring dynamic VLAN demux interfaces specify the VLAN ID variable junos vlan id for the vlan id stateme...

Page 37: ...ypes of attack WEBFILTER Describes messages with the WEBFILTER prefix They are generated by the Web filtering process webfilter which allows you to manage Internet usage by preventing access to inappr...

Page 38: ...more flexibility to load balance the traffic over as many as 64 LSPs To configure the maximum limit for ECMP next hops include the maximum ecmp next hops statement at the edit chassis hierarchy level...

Page 39: ...limit of 32 or 64 ECMP next hops is applicable To view the details of the ECMP next hops issue the show route command The show route summary command also shows the current configuration for the maximu...

Page 40: ...rewrite rules with a subscriber interface in a dynamic profile You must statically configure the classifiers and rewrite rules at the static edit class of service hierarchy level To associate a classi...

Page 41: ...fetime managed configuration max advertisement interval min advertisement interval no managed configuration no other stateful configuration other stateful configuration prefix reachable time and retra...

Page 42: ...learn configuration statement at the edit interfaces interface name unit interface unit number family inet and edit interfaces interface name unit interface unit number family inet6 hierarchy levels T...

Page 43: ...n the Packet Forwarding Engine configuration category host user show interfaces extensive ge 7 1 3 Packet Forwarding Engine configuration Destination slot 7 CoS information Direction Output CoS transm...

Page 44: ...ed number of configuration statements To configure an interface range group include the interface range statement and substatements at the edit interfaces hierarchy level To view an interface range gr...

Page 45: ...tes 45 seconds 4 Empty use show chassis fabric fpcs to determine which PFEs have destination errors However for JUNOS Release 9 3 and 9 5 the command only displays the message destination errors or no...

Page 46: ...MPLS statistics file you can view the statistics using SNMP instead This change helps to reduce disk space usage on the routing engine especially on routers on which numerous LSPs have been configure...

Page 47: ...vpls and bridge now support the interface set match condition for firewall filters To configure include the interface set interface set name statement at the edit firewall family bridge filter filter...

Page 48: ...application identification counter to view the APPID counters for the specified interface System Basics and Services Command Reference Session offloading on Multiservices PICs To enable session offloa...

Page 49: ...rfaces Permanent limitation for session timeout on APPID If session timeout is configured for an APPID application a session for that application will be cleared once the session timeout expires Once...

Page 50: ...00 New call usage policies per BSG 500 New transaction policies per BSG 10 Policies per service point 100 Service points per BSG 20 Terms per policy 10 000 Terms per BSG 4 Total of AND and OR operator...

Page 51: ...ration options or statements within the last level in the hierarchy is not supported For example in the following sample configuration hierarchy annotation is supported up to the level 1 parent hierar...

Page 52: ...terface to pop the service VLAN ID on input and push the service VLAN ID on output and in this way limit the impact of doubly tagged frames on scaling MX Series Layer 2 Configuration Layer 2 5 VPNs su...

Page 53: ...following hierarchy levels edit logical systems logical system name routing instances routing instance name protocols vpls mesh group mesh group name edit routing instances routing instance name prot...

Page 54: ...and Downgrade Instructions for JUNOS Release 10 1 for M Series MX Series and T Series Routers on page 98 Issues in JUNOS Release 10 1 for M Series MX Series and T Series Routers The current software r...

Page 55: ...Laser rx power low alarm field even if the transceiver is a type such as XENPAK that does not support this alarm PR 103444 On the M120 router hot swapping the fan tray might cause the Check CB alarm t...

Page 56: ...g is not supported on the PIC PR 482199 With JUNOS Releases 10 0 and 10 1 Trio DPCs do not support more than 31 remote PEs in a VPLS instance Also they do not support more than 31 AE bridging logical...

Page 57: ...arly ge 1 3 0 and ge 9 3 0 are the same slot PIC port but from different LCCs Actor Partner ge 0 3 0 ge 1 3 0 ge 8 3 0 ge 9 3 0 On MX960 routers duplicate LACP port numbers will result in aggregate bu...

Page 58: ...SCU name with an integer for example 100 and use this source class as a firewall filter match condition the class identifier might be misinterpreted as an integer which might cause the filter to disr...

Page 59: ...nother FPC that has more memory or After the ISSU is complete reboot only the FPC3 or Enhanced FPC3 PR 282146 For Routing Engines rated at 850 MHz which appear as RE 850 in the output of the show chas...

Page 60: ...ider edge interface in the other VRF the Internet Control Message Protocol reply returns the source interface IP of the provider edge that is connected directly instead of the interface IP of the othe...

Page 61: ...classes FECs with an ingress counter set to zero send rnhstats GET error ENOENT Item not found PR 67647 If ICMP tunneling is enabled on the router and you configure a new logical system that does not...

Page 62: ...PIC redundancy and a switchover to the backup Routing Engine occurs the redundant services interface rsp always activates the primary services interface sp even if the secondary interface was active b...

Page 63: ...turned PR 471677 The destination and destination profile options for address and unnumbered address within the family inet and inet6 are allowed to be specified within a dynamic profile but are not su...

Page 64: ...nt and date and time pages PR 433353 Selecting the monitor port for any port in the Chassis Viewer page displays the common Port Monitoring page instead of the corresponding Monitoring page of the sel...

Page 65: ...vel if a nonstop active routing switchover occurs after the configuration for routing instances changes in certain ways the BGP sessions between PE and CE routers might not be established after the sw...

Page 66: ...E tunnel with clear dont fragment bit enabled Additionally on an Enhanced FPC or M120 FEB the packet is also likely to be dropped if it is classified to a packet loss priority PLP other than low PR 51...

Page 67: ...essage upon commit once network service is configured under the chassis stanza WARNING network services flag has been changed please reboot system PR 505690 This issue has been resolved The Routing En...

Page 68: ...of two Ethernet connections to another Routing Engine is not present the mastership is not switched PR 521833 This issue has been resolved When multiple routed IPsec tunnels are configured and the tun...

Page 69: ...e performing a periodic auto bandwidth adjustment at the adjust interval This prevents periodic auto bandwidth adjustment from adjusting to a lower bandwidth when the traffic rate drops PR 528619 This...

Page 70: ...of an aggregate interface packet loss may occur after adding removing or changing the service configuration on the egress side of the aggregate interface As a workaround deactivate and activate the ou...

Page 71: ...when it receives a robust count value of 0 It uses the default value 2 instead of the configured value PR 520252 This issue has been resolved The new NSR master may not send the OSPF hello messages im...

Page 72: ...ivileges will sometimes have their access restricted to view permission only when they log in through TACACS PR 388053 This issue has been resolved If the time zone is set to Europe Berlin the command...

Page 73: ...uld cause an incorrect firewall filter evaluation PR 493356 This issue has been resolved When the MS PIC used for an RLSQ interface resides on an E3 FPC M320 traffic might stop flowing across the RLSQ...

Page 74: ...pplied PR 486424 This issue has been resolved The DPC remains in the ready state and the demux0 interface remains in a down state after a chassisd restart without graceful Routing Engine switchover GR...

Page 75: ...when a Trio based MPC or MX80 boots There is no workaround PR 505490 This issue has been resolved Under certain circumstances the E3 IQ PIC might report bogus CCV CES and CSES alarms PR 505921 This i...

Page 76: ...When an RSVP LSP is configured with the no install to address option and is not associated with CCC connection flaps the routing protocol process will crash when the LSP comes up again To avoid the pr...

Page 77: ...sh upon receiving certain corrupted IPv6 packets PR 458361 This issue has been resolved When an aggregated SONET with a Cisco High Level Data Link Control HDLC encapsulation is configured a member lin...

Page 78: ...DP entry is overwritten upon receiving NA from a connected device PR 499418 This issue has been resolved The static NDP entry remains permanent if the refcount is more than 1 even after deleting the s...

Page 79: ...he configuration includes a large number of routing instances This is caused by the routing protocol process on the backup Routing Engine leaking file descriptors during commit synchronization To reco...

Page 80: ...as been resolved When using a NAT DCE RPC ALG on a services PIC the PIC might crash while processing the binding request PR 510997 This issue has been resolved Route changes might not be updated in th...

Page 81: ...ubscribers under heavy login and logout conditions when the 802 1 classifiers are in use PR 470513 This issue has been resolved On a shared scheduler configuration with CoS configured the rate limit f...

Page 82: ...configuring a three color policer a dfwc core file is generated PR 509742 This issue has been resolved High Availability On an ISSU upgrade from JUNOS Release 9 3 to any of the current higher release...

Page 83: ...e one or more of the aggregate child links This can happen after an FPC reboot If the aggregate member links are located on the same FPC this problem is not triggered To recover from this condition de...

Page 84: ...ides in the link discovery mode as active PR 490886 This issue has been resolved On the IEEE 802 1ag CFM when the loss threshold is configured to 256 it displays a 0 PR 491422 This issue has been reso...

Page 85: ...e incorrectly dropped with the diagnostic L4 length too short 501526 This issue has been resolved The configured TTL set for GRE traffic is set properly for locally generated Routing Engine packets bu...

Page 86: ...1 0x08 group 0xe device 0x54 This is a cosmetic issue and has no impact on the router PR 500824 This issue has been resolved Network Management Under certain SNMP conditions the following log message...

Page 87: ...een resolved The NGEN MVPN multicast traffic might be dropped at the ingress router if a point to multipoint LSP reoptimization is performed PR 491533 This issue has been resolved A rare condition bet...

Page 88: ...se 9 3 to Release 9 5 the timestamps in the log files show the UTC time instead of the local time corresponding to the specified time zone PR 469175 This issue has been resolved On T640 and TX Series...

Page 89: ...e other FPC types in the same system are not affected PR 499233 This issue has been resolved When a next hop chain has multiple types of next hop dependencies including indirect next hop aggregate nex...

Page 90: ...and rejects the next hop add This problem persists until the multicast snooping process is restarted PR 467347 This issue has been resolved If a router modifies the next hop protocol to self for examp...

Page 91: ...around convert the interface to a regular numbered interface on both sides PR 493206 This issue has been resolved In a NSR configuration the backup Routing Engine can lose the connection to the active...

Page 92: ...unction process LPDFD on the master Routing Engine s restart local policy decision function PR 495363 This issue has been resolved Configuring different autonomous system types origin and peer toward...

Page 93: ...he entries PR 438164 This issue has been resolved In an MLAN scenario where two PEs are connected to the multicast receiver when the PE acting as the designated router DR has a link failure on the MLA...

Page 94: ...igh Availability TX Matrix Plus routers and T1600 routers that are configured as part of a routing matrix do not currently support nonstop active routing High Availability Integrated Multi Services Ga...

Page 95: ...s Management The Subscriber Access Configuration Guide contains the following dynamic variable errors The Configuring a Dynamic Profile for Client Access topic erroneously uses the junos underlying in...

Page 96: ...the subscriber VLANs are the same for both ANCP and multicast Subscriber Access The Guidelines for Configuring Dynamic CoS for Subscriber Access topic in the Subscriber Access Configuration Guide erro...

Page 97: ...Setup and Maintenance Using the Label Distribution Protocol LDP The JUNOS Software does not support Section 5 3 The Generalized PWid FEC Element RFC 4448 Encapsulation Methods for Transport of Ethern...

Page 98: ...ngrading the JUNOS Software always use the jinstall package Use other packages such as the jbundle package only when so instructed by a Juniper Networks support representative For information about th...

Page 99: ...n is retained but the contents of log files might be erased Stored files on the routing platform such as configuration templates and shell scripts the only exceptions are the juniper conf and ssh file...

Page 100: ...g the console because in band connections are lost during the upgrade process Customers in the United States and Canada use the following command user host request system software add validate reboot...

Page 101: ...ws 1 Disable graceful Routing Engine switchover GRES on the master Routing Engine and save the configuration change to both Routing Engines 2 Install the new JUNOS Software release on the backup Routi...

Page 102: ...re the new feature until all the PE routers in the network have been upgraded to JUNOS Release 10 1 2 After you have upgraded all routers configure each router s main instance loopback address as the...

Page 103: ...00 routers LCC are all re1 or are all re0 All master Routing Engines in all routers run the same version of software This is necessary for the routing matrix to operate All master and backup Routing E...

Page 104: ...abled For additional information about using unified in service software upgrade see the Junos High Availability Configuration Guide Upgrading from JUNOS Release 9 2 or Earlier on a Router Enabled for...

Page 105: ...ctions appropriate for the router type You can either use the standard procedure with reboot or use ISSU 3 After the router reboots and is running the upgraded JUNOS Software enter configuration mode...

Page 106: ...ries and T Series Routers on page 42 Issues in JUNOS Release 10 1 for M Series MX Series and T Series Routers on page 54 Errata and Changes in Documentation for JUNOS Software Release 10 1 for M Serie...

Page 107: ...teways and J Series Services Routers on page 123 Known Limitations in JUNOS Release 10 1 for SRX Series Services Gateways and J Series Services Routers on page 132 Issues in JUNOS Release 10 1 for SRX...

Page 108: ...existence of compression pointer loops and drop the traffic if one exists Note that the DNS ALG can translate the first 32 A records in a single DNS reply A records after the first 32 will not be hand...

Page 109: ...port address negotiation mechanism of the Sun RPC and to ensure program number based security policy enforcement You can define a security policy to permit or deny all RPC requests or to permit or den...

Page 110: ...Release 10 1 Junos OS Security Configuration Guide Redundancy group IP address monitoring through a secondary interface This feature is supported on SRX3400 SRX3600 SRX5600 and SRX5800 devices In JUNO...

Page 111: ...media policy statement in the edit services converged services hierarchy level set services convergence service service class name dscp bitmap set services convergence service service class media pol...

Page 112: ...to provide high bandwidth applications Triple Play services such as high speed Internet access telephone services like voice over IP VoIP high definition TV HDTV and interactive gaming services over...

Page 113: ...icate how much data the device can forward The device can then use the information provided in the PPPoE messages to dynamically adjust the interface speed of the PPP links Use the radio router statem...

Page 114: ...wnstream direction the extra 802 1Q tag is removed There are three ways to map C VLANs to an S VLAN All in one bundling Use the dot1q tunneling statement at the edit vlans hierarchy to map without spe...

Page 115: ...Management TLVs let the device ports advertise the power level and power priority needed For example the device can compare the power needed by an IP telephone running on a PoE interface with availab...

Page 116: ...th threat prevention support This feature is supported on SRX3400 SRX3600 SRX5600 and SRX5800 devices With the increased use of application protocol encapsulation the need arises to support the identi...

Page 117: ...constitutes a backup copy of U boot in addition to the active copy from which the system generally boots up Table 4 on page 117 provides details of BIOS components supported for different platforms T...

Page 118: ...OS BIOS Software Suite 10 2B3 NOTE Installing the jloader srxsme package puts the necessary images under directory boot 2 Verifying that images for upgrade are installed The show system firmware comma...

Page 119: ...0 RE FPGA 11 12 3 0 OK NOTE The device must be rebooted for the upgraded active BIOS to take effect Backup BIOS 1 Initiate the upgrade using the request system firmware upgade re bios backup command r...

Page 120: ...total numbers of source NAT rules There is no limitation on the number of rules that you can configure in a source NAT rule set as long as the maximum number of source NAT rules allowed on the device...

Page 121: ...th 80 threshold 5 NOTE The resource component variables attribute has been deprecated but has an alias to the radio router variable to minimize impact on existing routers that might have been configur...

Page 122: ...s data between the wired and the wireless network Multiple access points form a part of a bigger wireless network and can be clustered together The access point cluster is a dynamic configuration awar...

Page 123: ...he SRX210 Services Gateway Hardware Guide For more information on configuring the 3G interface see the JUNOS Software Interfaces and Routing Configuration Guide Related Topics Known Limitations in JUN...

Page 124: ...ps has been removed Instead a configurable hold down interval timer for all redundancy groups has been instituted See the Configuring a Dampening Time Between Back to Back Redundancy Group Failovers s...

Page 125: ...tmd command after making a configuration change to the MPIM ports On SRX210 devices with Integrated Convergence Services registrations do not work when PCS is configured and removed thorough the CLI T...

Page 126: ...le root partitioning user host show system storage partitions Boot Media internal da0 Partitions Information Partition Size Mountpoint s1a 898M s1e 24M config s1f 61M var show system storage partition...

Page 127: ...ically selected Example 2 user host set wlan access point ap6 radio 2 radio options channel number 1 Channel 1 2 Channel 2 3 Channel 3 4 Channel 4 5 Channel 5 6 Channel 6 7 Channel 7 8 Channel 8 9 Cha...

Page 128: ...security ipsec proposal proposal name hierarchy level has been changed from 28 800 seconds to 3600 seconds Flow and Processing On SRX Series devices the factory default for the maximum number of backu...

Page 129: ...le running commands in IDP ensure that you provide the service field values for custom attack definitions in lowercase In the following example the protocol service field value udp is specified in low...

Page 130: ...g the UTC time zone use the set system time zone utc and set security log utc timestamp CLI statements Configuring the External CompactFlash card on SRX650 Services Gateways The SRX650 Services Gatewa...

Page 131: ...password and the password entered is stored in encrypted form NOTE Without wlan config option enabled the AX411 Access Points will be managed with the default password Changing the wlan admin authenti...

Page 132: ...t Protocol MLPPP Multilink Frame Relay MLFR and Compressed Real Time Transport Protocol CRTP gr 0 0 0 Generic routing encapsulation GRE and tunneling ip 0 0 0 IP over IP IP IP encapsulation pd 0 0 0 p...

Page 133: ...g is not permitted on redundant Ethernet interface LAGs or on child interfaces of redundant Ethernet interface LAGs In service software upgrade ISSU does not support version downgrading That is ISSU d...

Page 134: ...thout a prompt Flow and Processing Maximum concurrent SSH Telnet and Web sessions On SRX210 SRX240 and SRX650 devices the maximum number of concurrent sessions is as follows SRX650 SRX240 SRX210 Sessi...

Page 135: ...er Packet loss priority as action of a policer Packet loss priority as action of a three color policer On SRX3400 SRX3600 SRX5600 and SRX5800 devices the following features are not supported by a fire...

Page 136: ...the RJ 45 medium is active and an SFP link is brought up the interface will transition to the SFP medium and this transition could also take a few seconds On SRX Series and J Series devices the user...

Page 137: ...e apply groups group family inet6 set protocols pim disable apply groups except group family inet6 set protocols pim disable export export join policy family inet6 set protocols pim disable dr electio...

Page 138: ...zone 2 On SRX3400 SRX3600 SRX5600 and SRX5800 devices the application level denial of service application level DDoS rulebase rulebase ddos does not support port mapping If you configure an applicati...

Page 139: ...chronization of the time binding state that is not currently supported On SRX100 SRX210 SRX240 and SRX650 devices maximum supported entries in ACS table for is 100 000 entries However since the user l...

Page 140: ...sets and up to 256 rules per rule set can be configured on a device For destination NAT up to 32 rule sets and up to 8 rules per rule set can be configured on a device For source NAT the following ar...

Page 141: ...run UTM VPNs On SRX3400 SRX3600 SRX5600 and SRX5800 devices the IPsec NAT T tunnels scaling and sustaining issues are as follows For a given private IP address the NAT device should translate both 500...

Page 142: ...security alg sip counters command while doing a bulk call generation it might bring down the SPU with a flowd core file error PR 292956 On SRX210 devices the SCCP call cannot be set up after disablin...

Page 143: ...mand on the secondary Routing Engine does not display the same details as that of the primary Routing Engine PR 237982 On J4350 Services Routers because the clear security alg sip call command trigger...

Page 144: ...On an SRX210 device in a chassis cluster the fabric monitoring option is enabled by default This can cause one of the nodes to move to a disabled state You can disable fabric monitoring by using the...

Page 145: ...tting full PR 454926 On SRX3400 SRX3600 SRX5600 and SRX5800 devices in a chassis cluster the ping operation to the redundant Ethernet interface reth fails when the cluster ID changes PR 458729 On SRX1...

Page 146: ...might degrade CoS performance with smaller sized 500 bytes or less packets PR 73054 On J Series devices with a CoS configuration when you try to delete all the flow sessions using the clear security...

Page 147: ...ets are Layer 2 terminating packets PR 252957 On SRX Series devices the show security flow session command currently does not display aggregate session information Instead it displays sessions on a pe...

Page 148: ...affic PR 434508 On SRX5800 devices when there are nonexistent PICs in the network processing bundle the traffic is sent out to the PICs and is lost PR 434976 The SRX5600 and SRX5800 devices create mor...

Page 149: ...0 SRX5600 and SRX5800 devices during end to end debugging with the jexec event packet summary trace messages have unknown IP addresses in the packet summary field PR 463534 On SRX3400 SRX3600 SRX5600...

Page 150: ...evice does not have an ARP entry for an IP address it drops the first packet from itself to that IP address PR 233867 On J Series devices when you press the F10 key to save and exit from BIOS configur...

Page 151: ...r survivable call server SRX Series SCS statistics PR 456454 When T1 lines for stations or trunks are configured you might hear a momentary burst of noise on the phone PR 467334 You must restart the f...

Page 152: ...interfaces at 5 0 0 unit 0 shaping cbr 62400 ATM COS set class of service interfaces at 5 0 0 unit 0 scheduler map sche_map IP COS set class of service interfaces at 5 0 0 unit 0 shaping rate 62400 AD...

Page 153: ...ion traffic testing with ALU 7302 DSLAM There is no impact on traffic except for the packet loss after long duration traffic testing which is also seen in the vendor CPE PR 467912 On SRX210 devices wi...

Page 154: ...ed before the new policy becomes effective During the update IDP will not inspect the traffic that is passing through the device for attacks As a result there is no IDP policy enforcement PR 392421 On...

Page 155: ...etting as default IDP uses application identification to detect applications running on standard and nonstandard ports hence the application level DDoS detection works properly PR 472522 J Flow SRX340...

Page 156: ...use it was not functioning properly PR 422898 On SRX210 SRX240 J2350 J4350 and J6350 devices when J Web users select the tabs on the bottom left menu the corresponding screen is not displayed fully so...

Page 157: ...if you have not made any changes PR 495603 Management and Administration On SRX3400 SRX3600 SRX5600 and SRX5800 devices the queue statistics are not correct after deletion and re creation of a logica...

Page 158: ...event logs is incorrect for JUNOS Release 10 1 Because of a bug the log output shows both source and destination IP from the client server instead of only the IP address with NAT The output incorrect...

Page 159: ...AX411 Access Points As a result the Ax411 Access Points retain the factory default configuration PR 476850 Security On SRX3400 SRX3600 SRX5600 and SRX5800 devices the egress filter based forwarding FB...

Page 160: ...Mail retrieval is slow and the EICAR test file is not detected PR 424797 On SRX650 devices operating under stress conditions the UTM subsystem file partition might fill up faster than UTM can process...

Page 161: ...aler interface on either the dial in or dial out interface goes down because no keepalive packets are exchanged As a workaround increase the ATS0 value to 4 or greater PR 492970 On SRX210 High Memory...

Page 162: ...policies match the address any instead of specific addresses and all cross zone traffic policies are pointing to the single site to site VPN tunnel As a workaround configure address books in differen...

Page 163: ...t loss occurred because of oversubscription and you had to reboot the SRX5800 device PR 433209 This issue has been resolved Hardware On SRX650 devices the 16 port Gigabit Ethernet switch GPIM was inco...

Page 164: ...in the VDSL driver PR 505347 This issue has been resolved J Web On SRX Series devices in J Web when Troubleshoot was clicked twice the left side menu items and page content disappeared PR 459936 This...

Page 165: ...based NAT configurations NAT configurations are now rule based The JUNOS Software Security Configuration Guide incorrectly states that ALGs are not supported in transparent mode on SRX3400 SRX3600 SR...

Page 166: ...and SRX5800 devices edit security flow aging early ageout edit security flow aging high watermark edit security flow aging low watermark The Understanding Selective Stateless Packet Based Services sec...

Page 167: ...x as disabled in factory default settings The J Web screenshot should indicate the Enable DHCP on ge 0 0 0 0 check box as enabled in factory default settings The show chassis environment cb 0 command...

Page 168: ...SRX240 devices only the ge 0 0 0 port supports TFTP in uboot and on the SRX650 device all front end ports support TFTP in uboot Step 2 of the Installing JUNOS Software Using TFTPBOOT instructions shou...

Page 169: ...curity TLS option for the SIP protocol transport is not supported in JUNOS Release 10 1 However it is documented in the Integrated Convergence Services entries of the JUNOS Software CLI Reference The...

Page 170: ...from future intrusions while permitting legitimate traffic You can configure one of the following IP action options in application level DDoS ip block ip close and ip notify The exclude context values...

Page 171: ...4 13 37 16 UTC 17 13 45 ago Packets second 0 Peak 0 2010 02 05 06 49 51 UTC KBits second 0 Peak 0 2010 02 05 06 49 51 UTC Latency microseconds min 0 max 0 avg 0 Packet Statistics ICMP 0 TCP 0 UDP 0 Ot...

Page 172: ...ribe how to configure screen options using the set security screen screen name CLI statements Instead you should use the set security screen ids option screen name CLI statements All screen configurat...

Page 173: ...and heat dissipation capacity of each PIM and troubleshooting procedures see the J Series Services Routers Hardware Guide Supported Third Party Hardware for J Series Services Routers The following th...

Page 174: ...nd DRAM Requirements Maximum DRAM Supported Minimum DRAM Required Minimum CompactFlash Card Required Model 1 GB 512 MB 512 MB J2320 1 GB 512 MB 512 MB J2350 2 GB 512 MB 512 MB J4350 2 GB 1 GB 512 MB J...

Page 175: ...d the system will be able to boot from the backup JUNOS Software image located in the other root partition and remain fully functional SRX Series devices that ship with JUNOS Release 10 1 are formatte...

Page 176: ...other root partition are erased The contents of the other root partition will not be valid unless the installation is completed successfully With the dual root partitioning scheme after a new JUNOS S...

Page 177: ...ot desired use the conventional CLI and J Web installation methods as described in the Junos OS Administration Guide for Security Devices Upgrading to JUNOS Release 10 1 with Dual Root Partitioning To...

Page 178: ...set the following variables ipaddr loader set ipaddr IP address of the device netmask loader set netmask netmask gatewayip loader set gatewayip gateway IP address serverip loader set severip TFTP ser...

Page 179: ...me 2 After the device reboots with JUNOS Release 10 1 upgrade the boot loader to version 1 5 See Upgrading the Boot Loader on page 179 3 Reinstall the 10 1 image from JUNOS CLI using the request syste...

Page 180: ...om the boot loader using a TFTP server 1 Upload the JUNOS Software image to a TFTP server 2 Stop the device at the loader prompt and set the following variables ipaddr loader set ipaddr IP address of...

Page 181: ...tition option This will copy the image to the device then reboot the device for installation The device will boot up with the 9 6 image installed with the single root partitioning scheme NOTE This pro...

Page 182: ...or rescue configuration The snapshot feature is modified to support dual root partitioning The options as primary swap size config size root size var size and data size are not supported on SRX Series...

Page 183: ...ioned before the software is installed When the partition option is used the format and install process is scheduled to run on the next reboot Therefore it is recommended that this option be used toge...

Page 184: ...Control Board SCB The second Routing Engine must be running JUNOS Release 10 1 or later Because you cannot run the CLI or enter configuration mode on the second Routing Engine you cannot upgrade the J...

Page 185: ...ster Routing Engine RE0 to the second Routing Engine RE1 if you do not already have a connection 9 Reboot the second Routing Engine RE1 Use the following command reboot When the following system outpu...

Page 186: ...umentation for JUNOS Release 10 1 for EX Series Switches on page 199 Upgrade and Downgrade Issues for JUNOS Release 10 1 for EX Series Switches on page 200 New Features in JUNOS Release 10 1 for EX Se...

Page 187: ...e card in EX8200 switches now supports one new optical transceiver EX SFP 10GE ER 10GBase ER 40 km Access Control and Port Security Captive portal authentication Captive portal authentication allows y...

Page 188: ...st reverse path forwarding RPF is available on EX8200 switches The unicast RPF feature can be enabled on specific interfaces on EX8200 switches and supports ECMP traffic Layer 2 and Layer 3 Protocols...

Page 189: ...ions using the interface match condition You can configure an ingress or egress firewall filter with an aggregated Ethernet interface as a match condition and apply the firewall filter to ports VLANs...

Page 190: ...he 100Base ZX interface If you enable PIM on all interfaces using the interface all command it is not enabled on the me0 and vme interfaces by default Therefore you do not need to explicitly disable P...

Page 191: ...OS Release 9 2 or Release 9 3 for EX Series switches and then attempt to upgrade to a later release or a later version of Release 9 3 than the one that is currently installed the switch might display...

Page 192: ...X Series switches do not support queued packet counters Therefore the queued packet counter in the output of the show interfaces interface name extensive command always displays a count of 0 and is ne...

Page 193: ...utstanding Issues in JUNOS Release 10 1 for EX Series Switches The following are outstanding issues in JUNOS Release 10 1R3 for EX Series switches The identifier following the description is the track...

Page 194: ...rwarded to other interfaces in the same VLAN PR 456700 The jnxFirewallMIB might not be populated in a firewall filter configuration As a workaround set up the following configuration to skip the firew...

Page 195: ...r Routing Route Information changing the Route Table to query other routes refreshes the page but does not return to page 1 For example if you run the query from page 3 and the new query returns very...

Page 196: ...might be found in the Ethernet switching process eswd after you delete VLANs or deactivate the Multiple VLAN Registration Protocol MVRP PR 471647 This issue has been resolved On an EX2200 switch when...

Page 197: ...0 switch when you add a syslog action modifier to the firewall filter the forwarding pfem process might create a core file when the filter binding is changed from an egress VLAN to an ingress VLAN PR...

Page 198: ...the NAND flash is not responding Workaround Power cycle the switch PR 482026 This issue has been resolved If you attempt to set the time zone to Europe Berlin on a switch with dual Routing Engines the...

Page 199: ...on page you might not be able to delete a configured next hop address because the Delete button is disabled PR 476572 This issue has been resolved In the J Web interface the OSPF Monitoring page might...

Page 200: ...upgrade to JUNOS Release 9 4R2 or later or downgrade to JUNOS Release 9 3R1 or earlier the switch will display configuration errors on booting up after the upgrade or downgrade As a workaround delete...

Page 201: ...multicast MAC addresses are not supported in a static MAC configuration If they exist and you try to commit the configuration the commit will fail Support for static MAC bypass in single or single se...

Page 202: ...v before upgrading from Release 9 2 to Release 9 3 or later If the switch does not have a config license directory create the config license_priv directory manually before you upgrade If you do not re...

Page 203: ...ical bookstores and book outlets around the world The current list can be viewed at http www juniper net books Documentation Feedback We encourage you to provide feedback comments and suggestions so t...

Page 204: ...itlement by product serial number use our Serial Number Entitlement SNE Tool located at https tools juniper net SerialNumberEntitlementSearch Opening a Case with JTAC You can open a case with JTAC on...

Page 205: ...emarks service marks registered trademarks or registered service marks are the property of their respective owners Juniper Networks assumes no responsibility for any inaccuracies in this document Juni...

Reviews:

No comments

Related manuals for JUNOS 10.1 - S REV 4

Cabletron Systems SmartSwitch 1800 User Manual preview
SmartSwitch 1800
Brand: Cabletron Systems Pages: 48
Yamaha Add-On Effects Owner'S Manual preview
Add-On Effects
Brand: Yamaha Pages: 5
Samsung MZ-7PC128N User Manual preview
MZ-7PC128N
Brand: Samsung Pages: 59
AMX RMS Administrator'S Manual preview
RMS
Brand: AMX Pages: 212
3Com 3C19250 - USB Ethernet Network Interface... User Manual preview
3C19250 - USB Ethernet Network Interface...
Brand: 3Com Pages: 16
Lucent Technologies CentreVu User Manual preview
CentreVu
Brand: Lucent Technologies Pages: 198
TC Electronic VSS3 Manual preview
VSS3
Brand: TC Electronic Pages: 22
Symantec PCANYWHERE - V12.1 User Manual preview
PCANYWHERE - V12.1
Brand: Symantec Pages: 321
Allied Telesis AT-9400 User Manual preview
AT-9400
Brand: Allied Telesis Pages: 668
DeLorme XMap 6 GIS Getting Started Manual preview
XMap 6 GIS
Brand: DeLorme Pages: 34
Texas Instruments InterActive! Getting Started Manual preview
InterActive!
Brand: Texas Instruments Pages: 63
Elecard AVC HD Player 5.7 User Manual preview
AVC HD Player 5.7
Brand: Elecard Pages: 39
GRASS VALLEY K2 SUMMIT Datasheet preview
K2 SUMMIT
Brand: GRASS VALLEY Pages: 4
Autodesk AUTOCAD ARCHITECTURE Brochure preview
AUTOCAD ARCHITECTURE
Brand: Autodesk Pages: 4
Ulead MEDIASTUDIO PRO 8.0 - SMART COMPOSITOR... User Manual preview
MEDIASTUDIO PRO 8.0 - SMART COMPOSITOR...
Brand: Ulead Pages: 308
Raining Data Corporation Raining DataCorp. mvEnterprise Installation Manual preview
Raining DataCorp. mvEnterprise
Brand: Raining Data Corporation Pages: 64
IBM VIAVOICE-SIMPLY DICTATION FOR MAC OS X User Manual preview
VIAVOICE-SIMPLY DICTATION FOR MAC OS X
Brand: IBM Pages: 92
IBM ZOS V1.12 Manual preview
ZOS V1.12
Brand: IBM Pages: 29

Brands by name

Popular brands

Load more brands