manualshive.com logo in svg

Juniper JUNOS OS 10.3 - SOFTWARE, Manual

Share
Download
Juniper JUNOS OS 10.3 - SOFTWARE Manual Download Page 3136

One Juniper Networks EX-UM-4SFP uplink module

One Juniper Networks J-series router

Before you configure and apply the firewall filters in this example, be sure you have:

An understanding of firewall filter concepts, policers, and CoS

Installed the uplink module in the distribution switch. See Installing an Uplink Module
in an EX3200 or EX4200 Switch.

Overview

This configuration example show how to configure and apply firewall filters to provide
rules to evaluate the contents of packets and determine when to discard, forward, classify,
count, and analyze packets that are destined for or originating from the EX Series switches
that handle all

voice-vlan

,

employee-vlan

, and

guest-vlan

traffic. Table 384 on page 3040

shows the firewall filters that are configured for the EX Series switches in this example.

Table 384: Configuration Components: Firewall Filters

Purpose/Description

Component

This firewall filter performs two functions:

Assigns priority queueing to packets with a source MAC address that matches the
phone MAC addresses. The forwarding class

expedited-forwarding

provides low

loss, low delay, low jitter, assured bandwidth, and end-to-end service for all

voice-vlan

traffic.

Performs rate limiting on packets that enter the ports for

employee-vlan

. The traffic

rate for TCP and ICMP packets is limited to 1 Mbps with a burst size up to 30,000
bytes.

This firewall filter is applied to port interfaces on the access switch.

Port firewall filter,

ingress-port-voip-class-limit-tcp-icmp

Prevents rogue devices from using HTTP sessions to mimic the gatekeeper device
that manages call registration, admission, and call status for VoIP calls. Only TCP or
UDP ports should be used; and only the gatekeeper uses HTTP. That is, all

voice-vlan

traffic on TCP ports should be destined for the gatekeeper device. This firewall filter
applies to all phones on

voice-vlan

, including communication between any two phones

on the VLAN and all communication between the gatekeeper device and VLAN
phones.

This firewall filter is applied to VLAN interfaces on the access switch.

VLAN firewall filter,

ingress-vlan-rogue-block

Accepts

employee-vlan

traffic destined for the corporate subnet, but does not monitor

this traffic. Employee traffic destined for the Web is counted and analyzed.

This firewall filter is applied to vlan interfaces on the access switch.

VLAN firewall filter,

egress-vlan-watch-employee

Prevents guests (non-employees) from talking with employees or employee hosts
on

employee-vlan

. Also prevents guests from using peer-to-peer applications on

guest-vlan

, but allows guests to access the Web.

This firewall filter is applied to VLAN interfaces on the access switch.

VLAN firewall filter,

ingress-vlan-limit-guest

Copyright © 2010, Juniper Networks, Inc.

3040

Complete Software Guide for Junos

®

OS for EX Series Ethernet Switches, Release 10.3

Summary of Contents for JUNOS OS 10.3 - SOFTWARE

Page 1: ...Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 Published 2010 08 11 Revision 1 Copyright 2010 Juniper Networks Inc ...

Page 2: ...er Networks Inc All other trademarks service marks registered trademarks or registered service marks are the property of their respective owners Juniper Networks assumes no responsibility for any inaccuracies in this document Juniper Networks reserves the right to change modify transfer or otherwise revise this publication without notice Products made or sold by Juniper Networks or components ther...

Page 3: ...n prohibitions against certain uses The software license may state conditions under which the license is automatically terminated You should consult the license for further details For complete product documentation please see the Juniper Networks Web site at www juniper net techpubs iii Copyright 2010 Juniper Networks Inc ...

Page 4: ...physically contained on a single chassis c Product purchase documents paper or electronic user documentation and or the particular licenses purchased by Customer may specify limits to Customer s use of the Software Such limits may restrict use to a maximum number of seats registered endpoints concurrent users sessions calls connections subscribers clusters nodes realms devices links ports or trans...

Page 5: ...RATE WITHOUT ERROR OR INTERRUPTION OR WILL BE FREE OF VULNERABILITY TO INTRUSION OR ATTACK In no event shall Juniper s or its suppliers or licensors liability to Customer whether in contract tort including negligence breach of warranty or otherwise exceed the price paid by Customer for the Software that gave rise to the claim or if the Software is embedded in another Juniper product the price paid...

Page 6: ...ee years from the date of distribution Such request can be made in writing to Juniper Networks Inc 1194 N Mathilda Ave Sunnyvale CA 94089 ATTN General Counsel You may obtain a copy of the GPL at http www gnu org licenses gpl html and a copy of the LGPL at http www gnu org licenses lgpl html 15 Miscellaneous This Agreement shall be governed by the laws of the State of California without reference t...

Page 7: ...Series Switches Overview 18 High Availability Features for EX Series Switches Overview 20 VRRP 20 Graceful Protocol Restart 20 Redundant Routing Engines 21 Graceful Routing Engine Switchover 21 Virtual Chassis Software Upgrade and Failover Features 22 Link Aggregation 22 Understanding Software Infrastructure and Processes 23 Routing Engine and Packet Forwarding Engine 23 Junos OS Processes 23 Chap...

Page 8: ... Statement Hierarchy 50 edit forwarding options Configuration Statement Hierarchy 51 edit interfaces Configuration Statement Hierarchy 52 edit poe Configuration Statement Hierarchy 56 edit protocols Configuration Statement Hierarchy 56 edit routing instances Configuration Hierarchy 63 edit snmp Configuration Statement Hierarchy 63 edit virtual chassis Configuration Statement Hierarchy 64 edit vlan...

Page 9: ...Software Upgrades by Uploading Files 84 Rebooting or Halting the EX Series Switch J Web Procedure 85 Chapter 6 Registering the Switch Booting the Switch Upgrading Software and Managing Licenses 87 Registering the Switch 87 Registering the EX Series Switch with the J Web Interface 87 Booting the Switch 87 Booting an EX Series Switch Using a Software Package Stored on a USB Flash Drive 88 Creating a...

Page 10: ... license add 106 request system license delete 107 request system license save 108 request system reboot 109 request system reboot 113 request system snapshot 115 request system software add 117 request system software delete 122 request system software rollback 125 request system software validate 128 show system autoinstallation status 131 show system boot messages 132 show system license 136 sh...

Page 11: ...Configuration 187 Connecting and Configuring an EX Series Switch CLI Procedure 187 Connecting and Configuring an EX Series Switch J Web Procedure 189 Configuring the LCD Panel on EX Series Switches CLI Procedure 192 Disabling or Enabling Menus and Menu Options on the LCD Panel 192 Configuring a Custom Display Message 193 Configuring Date and Time for the EX Series Switch J Web Procedure 194 Config...

Page 12: ... System Setup 229 clear chassis display message 230 clear system reboot 232 configure 235 op 236 request chassis pic 238 request chassis routing engine master 240 request system halt 244 request system logout 248 request system power off 249 request system reboot 253 request system reboot 257 request system scripts convert 259 request system scripts refresh from commit 260 request system scripts r...

Page 13: ...l Configuration 383 Configuring Power Supply Redundancy CLI Procedure 383 Configuring the Power Priority of Line Cards CLI Procedure 384 Chapter 20 Verifying Power Management 385 Verifying Power Configuration and Use 385 Chapter 21 Configuration Statements for Power Management 387 fpc 388 n plus n 389 power budget priority 389 psu 390 redundancy Power Management 390 Chapter 22 Operational Mode Com...

Page 14: ...playing Configuration History 424 Displaying Users Editing the Configuration 425 Comparing Configuration Files with the J Web Interface 425 Downloading a Configuration File with the J Web Interface 426 Loading a Previous Configuration File with the J Web Interface 426 Loading a Previous Configuration File CLI Procedure 426 Reverting to the Default Factory Configuration for the EX Series Switch 427...

Page 15: ...onfiguration rescue 474 show system rollback 475 test configuration 477 Part 8 User and Access Management on EX Series Switches Chapter 28 User and Access Management on EX Series Switches Overview 481 EX Series Switch Software Features Overview 481 Understanding Software Infrastructure and Processes 492 Routing Engine and Packet Forwarding Engine 493 Junos OS Processes 493 Chapter 29 User Access M...

Page 16: ... login 529 tacplus options 530 tacplus server 531 traceoptions Address Assignment Pool 532 uid 533 user Access 534 Chapter 33 Operational Mode Commands for User and Access Management 535 request message 536 show subscribers 537 Part 9 Junos OS for EX Series Switches System Services Chapter 34 System Services Overview 547 DHCP Overview 547 DHCP Services for EX Series Switches Overview 547 DHCP BOOT...

Page 17: ...nrollment url 571 file 571 ftp 572 helpers 573 http 575 https 576 interface BOOTP 577 interface DNS and TFTP Packet Forwarding or Relay Agent 578 ldap url 578 load key file 579 local 580 local certificate 581 maximum certificates 581 maximum hop count 582 maximum lease time 582 minimum wait time 583 name server 583 no listen 584 outbound ssh 585 path length 588 pool 589 port HTTP HTTPS 590 port SR...

Page 18: ...ow system services dhcp global 624 show system services dhcp pool 626 show system services dhcp statistics 628 show system services service deployment 630 ssh 631 telnet 633 Part 10 Junos OS for EX Series Switches System Monitoring Chapter 39 System Monitoring Overview 637 Understanding Alarm Types and Severity Levels on EX Series Switches 637 Dashboard for EX Series Switches 638 System Informatio...

Page 19: ... equals 675 event options 676 events Associating Events with a Policy 678 events Correlating Events with Each Other 678 event script 679 event script 680 execute commands 681 explicit priority 682 facility override 682 file 683 file System Logging 684 files 685 generate event 686 host 687 ignore 688 interface Accounting or Sampling 689 log prefix 689 match 690 not 690 output filename 691 output fo...

Page 20: ... request system configuration rescue delete 742 request system configuration rescue save 743 request system scripts refresh from commit 744 request system scripts refresh from event 745 request system scripts refresh from op 746 show chassis alarms 747 show chassis environment 750 show chassis environment fpc 766 show chassis environment routing engine 776 show chassis fpc 778 show chassis hardwar...

Page 21: ...rstanding Software Upgrade in a Virtual Chassis Configuration 928 Understanding Global Management of a Virtual Chassis Configuration 929 Understanding Nonvolatile Storage in a Virtual Chassis Configuration 932 Nonvolatile Memory Features 932 Understanding the High Speed Interconnection of the Virtual Chassis Members 932 Understanding Virtual Chassis Configurations and Link Aggregation 932 Understa...

Page 22: ...ample Configuring Automatic Software Update on Virtual Chassis Member Switches 1007 Chapter 45 Configuring Virtual Chassis 1011 Configuring a Virtual Chassis CLI Procedure 1011 Configuring a Virtual Chassis with a Preprovisioned Configuration File 1012 Configuring a Virtual Chassis with a Nonprovisioned Configuration File 1013 Configuring a Virtual Chassis J Web Procedure 1015 Adding a New Switch ...

Page 23: ...ational 1040 Monitoring Virtual Chassis Configuration Status and Statistics 1041 Replacing a Member Switch of a Virtual Chassis Configuration CLI Procedure 1042 Remove Repair and Reinstall the Same Switch 1043 Remove a Member Switch Replace with a Different Switch and Reapply the Old Configuration 1043 Remove a Member Switch and Make Its Member ID Available for Reassignment to a Different Switch 1...

Page 24: ...k Interfaces 1095 Special Interfaces 1096 Understanding Interface Naming Conventions on EX Series Switches 1097 Physical Part of an Interface Name 1098 Logical Part of an Interface Name 1099 Wildcard Characters in Interface Names 1099 Understanding Aggregated Ethernet Interfaces and LACP 1099 Link Aggregation Group LAG 1100 Link Aggregation Control Protocol LACP 1101 Understanding Interface Ranges...

Page 25: ... Switch 1138 Chapter 52 Configuring Interfaces 1143 Configuring Gigabit Ethernet Interfaces J Web Procedure 1143 Port Role Configuration with the J Web Interface with CLI References 1149 Configuring Gigabit Ethernet Interfaces CLI Procedure 1153 Configuring VLAN Options and Port Mode 1153 Configuring the Link Settings 1154 Configuring the IP Options 1155 Setting the Mode on an SFP Uplink Module CL...

Page 26: ...oes not work 1179 One of the last four network ports on an EX3200 switch with an SFP or SFP uplink module installed is disabled 1179 Chapter 55 Configuration Statements for Interfaces 1181 edit chassis Configuration Statement Hierarchy 1181 edit interfaces Configuration Statement Hierarchy 1182 802 3ad 1186 aggregated devices 1187 aggregated ether options 1188 auto negotiation 1189 chassis 1190 de...

Page 27: ...capsulation and Tags 1286 Assignment of Traffic to VLANs 1286 Ethernet Switching Tables 1287 Layer 2 and Layer 3 Forwarding of VLAN Traffic 1287 GVRP and MVRP 1287 Routed VLAN Interface 1288 Understanding Private VLANs on EX Series Switches 1289 Understanding Virtual Routing Instances on EX Series Switches 1290 Understanding Redundant Trunk Links on EX Series Switches 1291 Understanding Q in Q Tun...

Page 28: ...1349 Example Using Virtual Routing Instances to Route Among VLANs on EX Series Switches 1354 Example Configuring Automatic VLAN Administration Using MVRP on EX Series Switches 1357 Example Configuring Layer 2 Protocol Tunneling on EX Series Switches 1368 Chapter 59 Configuring Bridging and VLANs 1375 Configuring VLANs for EX Series Switches J Web Procedure 1375 Configuring VLANs for EX Series Swit...

Page 29: ...1 Troubleshooting Bridging and VLAN Configuration 1407 Troubleshooting Ethernet Switching 1407 MAC Address in the Switch s Ethernet Switching Table Is Not Updated After a MAC Address Move 1407 Chapter 62 Configuration Statements for Bridging and VLANs 1409 edit ethernet switching options Configuration Statement Hierarchy 1409 edit interfaces Configuration Statement Hierarchy 1411 edit protocols Co...

Page 30: ...VLANs 1469 clear ethernet switching layer2 protocol tunneling error 1470 clear ethernet switching layer2 protocol tunneling statistics 1471 clear ethernet switching table 1472 clear gvrp statistics 1473 clear mvrp statistics 1474 show ethernet switching interfaces 1475 show ethernet switching layer2 protocol tunneling interface 1478 show ethernet switching layer2 protocol tunneling statistics 1480...

Page 31: ...DU Protection on STP Interfaces to Prevent STP Miscalculations on EX Series Switches 1561 Example Configuring BPDU Protection on non STP Interfaces to Prevent STP Miscalculations on EX Series Switches 1565 Example Configuring Loop Protection to Prevent Interfaces from Transitioning from Blocking to Forwarding in a Spanning Tree on EX Series Switches 1569 Example Configuring Root Protection to Enfo...

Page 32: ...w spanning tree bridge 1644 show spanning tree interface 1648 show spanning tree interface 1653 show spanning tree mstp configuration 1657 show spanning tree mstp configuration 1659 show spanning tree statistics 1660 show spanning tree statistics 1662 Part 15 Layer 3 Protocols Chapter 70 Layer 3 Protocols Overview 1667 Layer 3 Protocols Supported on EX Series Switches 1667 Layer 3 Protocols Not Su...

Page 33: ...odic Packet Management for Link Aggregation Control Protocol LACP Packets 1698 Configuring VRRP for IPv6 CLI Procedure 1698 Using IPsec to Secure OSPFv3 Networks CLI Procedure 1699 Configuring Security Associations 1699 Securing OPSFv3 Networks 1700 Chapter 72 Verifying Layer 3 Protocols Configuration 1701 Monitoring BGP Routing Information 1701 Monitoring OSPF Routing Information 1703 Monitoring ...

Page 34: ...ized 1760 check zero 1761 checksum 1762 cluster 1763 community 1764 confederation 1765 csnp interval 1766 damping 1767 dead interval 1768 default lsa 1769 default metric 1770 description 1771 disable 1772 disable IS IS 1773 disable OSPF 1774 disable 1775 discard 1776 domain id 1777 domain vpn tag 1777 explicit null 1778 export 1779 export 1780 export 1781 export 1782 export 1782 export 1783 export...

Page 35: ...own 1812 hold time 1812 hold time 1813 hold time IS IS 1814 idle after switch over 1815 ignore attached bit 1816 ignore lsp metrics 1816 import 1817 import 1818 import 1819 import 1820 import 1821 import policy 1821 import rib 1822 include mp next hop 1823 indirect next hop 1823 inet6 advertise interval 1824 install 1825 instance export 1826 instance import 1826 inter area prefix export 1827 inter...

Page 36: ...854 max areas 1855 maximum bandwidth 1856 maximum paths 1857 maximum prefixes 1858 med igp update interval 1859 mesh group 1860 message size 1861 metric 1862 metric 1863 metric Aggregate Generated or Static Route 1864 metric in 1865 metric in 1866 metric out 1867 metric out 1869 metric out 1870 metric type 1871 mtu discovery 1872 multicast 1873 multihop 1874 multipath 1875 neighbor 1876 neighbor 1...

Page 37: ... 1897 ospf3 1897 out delay 1898 outbound route filter 1899 overload 1901 overload 1903 passive 1904 passive 1905 passive 1906 peer as 1908 pim to igmp proxy 1909 pim to mld proxy 1910 point to point 1910 policy 1911 policy Flow Maps 1912 policy SSM Maps 1912 ppm 1913 ppm 1914 preempt 1915 preference 1916 preference 1917 preference 1918 preference 1919 preference 1920 preference 1921 prefix 1922 pr...

Page 38: ... 1949 rib group 1950 rib group 1951 rib groups 1952 rip 1953 ripng 1953 route distinguisher id 1954 route record 1954 route timeout 1955 route timeout 1956 route type community 1956 router id 1957 routing options 1957 rpf check policy 1958 scope 1958 scope policy 1959 send 1960 send 1961 shortcuts 1962 source 1963 source routing 1963 spf options 1964 spf options 1965 ssm groups 1966 ssm map 1967 s...

Page 39: ... 2011 clear ospf ospf3 database 2012 clear ospf ospf3 io statistics 2015 clear ospf ospf3 neighbor 2016 clear ospf ospf3 statistics 2017 clear bgp damping 2019 clear bgp neighbor 2020 clear bgp table 2022 clear ipv6 neighbors 2023 clear isis adjacency 2024 clear isis database 2026 clear isis overload 2028 clear isis statistics 2030 clear ospf overload 2032 clear rip general statistics 2033 clear r...

Page 40: ...icy damping 2151 show rip general statistics 2153 show rip neighbor 2154 show rip statistics 2156 show ripng general statistics 2159 show ripng neighbor 2160 show ripng statistics 2162 show route 2164 show route active path 2168 show route all 2173 show route aspath regex 2175 show route best 2177 show route brief 2181 show route community 2183 show route community name 2185 show route damping 218...

Page 41: ...Snooping and Multicast Configuration 2323 Example Configuring IGMP Snooping on EX Series Switches 2323 Example Configuring Multicast VLAN Registration on EX Series Switches 2326 Chapter 77 Configuring IGMP Snooping and Multicast 2331 Configuring IGMP Snooping CLI Procedure 2331 Configuring IGMP Snooping J Web Procedure 2332 Changing the IGMP Snooping Group Query Membership Timeout Value CLI Proced...

Page 42: ... 2371 igmp snooping 2372 immediate leave 2373 immediate leave 2374 import Bootstrap 2375 import PIM 2375 infinity 2376 install 2376 interface 2377 interface 2378 interface 2379 join load balance 2380 local 2381 local address 2382 mapping agent election 2383 maximum rps 2384 mode 2385 multicast router interface 2385 neighbor policy 2386 pim 2387 priority Bootstrap 2390 priority PIM Interfaces 2391 ...

Page 43: ...nal Mode Commands for IGMP Snooping and Multicast 2421 clear igmp membership 2422 clear igmp statistics 2425 clear igmp snooping membership 2427 clear igmp snooping statistics 2428 clear multicast bandwidth admission 2429 clear multicast scope 2431 clear multicast sessions 2432 clear multicast statistics 2433 clear pim join 2434 clear pim register 2435 clear pim statistics 2436 mtrace 2438 mtrace ...

Page 44: ...of Authentication Methods 2530 802 1X for EX Series Switches Overview 2531 How 802 1X Authentication Works 2531 802 1X Features Overview 2532 Supported Features Related to 802 1X Authentication 2533 Authentication Process Flow for EX Series Switches 2533 Understanding Server Fail Fallback and Authentication on EX Series Switches 2536 Understanding Dynamic VLANs for 802 1X on EX Series Switches 253...

Page 45: ...609 Configuring 802 1X Authentication J Web Procedure 2610 Configuring Static MAC Bypass of Authentication CLI Procedure 2612 Configuring MAC RADIUS Authentication CLI Procedure 2613 Configuring Server Fail Fallback CLI Procedure 2615 Configuring 802 1X RADIUS Accounting CLI Procedure 2617 Filtering 802 1X Supplicants Using RADIUS Server Attributes 2618 Configuring Match Statements on the RADIUS S...

Page 46: ...n access deny 2653 accounting stop on failure 2653 accounting stop on failure 2654 address 2654 address pool 2655 address range 2655 advertisement interval 2656 attributes 2657 authentication order 2658 authentication order 2659 authentication profile name 2660 authentication server 2661 authentication whitelist 2661 authenticator 2662 captive portal 2663 ca type 2664 ca value 2665 civic based 266...

Page 47: ...er 2704 order 2704 port 2705 port RADIUS Server 2705 port TACACS Server 2706 profile 2707 ptopo configuration maximum hold time 2708 ptopo configuration trap interval 2708 quiet period 2709 quiet period Captive Portal 2709 radius 2710 radius Access Profile 2711 radius 2713 radius server 2714 reauthentication 2715 retries 2716 retries Captive Portal 2716 retry 2717 retry 2718 revert interval 2719 r...

Page 48: ... clear lldp neighbors 2749 clear lldp statistics 2750 show captive portal authentication failed users 2751 show captive portal firewall 2752 show captive portal interface 2754 show dot1x 2757 show dot1x authentication failed users 2762 show dot1x firewall 2763 show dot1x static mac address 2764 show ethernet switching interfaces 2766 show lldp 2769 show lldp local information 2774 show lldp neighb...

Page 49: ...ting 2799 edit ethernet switching options Configuration Statement Hierarchy 2799 action shutdown 2802 bandwidth 2803 disable timeout 2804 ethernet switching options 2805 interface 2808 interface 2809 no broadcast 2809 no unknown unicast 2810 port error disable 2811 storm control 2812 unknown unicast forwarding 2813 vlan 2814 Chapter 92 Operational Mode Commands for Rate Limiting 2815 show ethernet...

Page 50: ...ts of Option 82 2841 Configurations of the EX Series Switch That Support Option 82 2842 Switch and Clients Are on Same VLAN as DHCP Server 2842 Switch Acts as Relay Agent 2842 Understanding IP Source Guard for Port Security on EX Series Switches 2843 IP Address Spoofing 2844 How IP Source Guard Works 2844 The IP Source Guard Database 2844 Typical Uses of Other Junos Operating System Junos OS Featu...

Page 51: ...ing J Web Procedure 2911 Enabling a Trusted DHCP Server CLI Procedure 2912 Enabling a Trusted DHCP Server J Web Procedure 2912 Enabling Dynamic ARP Inspection CLI Procedure 2913 Enabling Dynamic ARP Inspection J Web Procedure 2914 Configuring MAC Limiting CLI Procedure 2915 Configuring MAC Limiting J Web Procedure 2917 Configuring MAC Move Limiting CLI Procedure 2919 Configuring MAC Move Limiting ...

Page 52: ...e MAC Limit or MAC Move Limit Are Not Listed in the Ethernet Switching Table 2945 Multiple DHCP Server Packets Have Been Received on Untrusted Interfaces 2945 Chapter 98 Configuration Statements for Port Security 2947 edit ethernet switching options Configuration Statement Hierarchy 2947 edit forwarding options Configuration Statement Hierarchy 2949 allowed mac 2951 arp inspection 2952 circuit id ...

Page 53: ...Packets on EX Series Switches 3007 Understanding How Firewall Filters Control Packet Flows 3008 Firewall Filter Match Conditions and Actions for EX Series Switches 3009 Understanding How Firewall Filters Are Evaluated 3030 Understanding Firewall Filter Match Conditions 3032 Filter Match Conditions 3032 Numeric Filter Match Conditions 3032 Interface Filter Match Conditions 3033 IP Address Filter Ma...

Page 54: ...erifying That Policers Are Operational 3084 Monitoring Firewall Filter Traffic 3084 Monitoring Traffic for All Firewall Filters and Policers That Are Configured on the Switch 3085 Monitoring Traffic for a Specific Firewall Filter 3085 Monitoring Traffic for a Specific Policer 3085 Chapter 104 Troubleshooting Firewall Filters 3087 Troubleshooting Firewall Filters 3087 Firewall Filter Configuration ...

Page 55: ...46 Default CoS Behavior on EX Series Switches 3147 Understanding Junos OS CoS Components for EX Series Switches 3148 Code Point Aliases 3148 Policers 3148 Classifiers 3148 Forwarding Classes 3149 Tail Drop Profiles 3149 Schedulers 3149 Rewrite Rules 3149 Understanding CoS Code Point Aliases 3150 Default Code Point Aliases 3150 Understanding CoS Classifiers 3153 Behavior Aggregate Classifiers 3153 ...

Page 56: ... Configuring CoS on EX Series Switches 3173 Example Combining CoS with MPLS on EX Series Switches 3188 Chapter 109 Configuring CoS 3201 Configuring CoS J Web Procedure 3201 Defining CoS Code Point Aliases J Web Procedure 3202 Defining CoS Code Point Aliases CLI Procedure 3204 Defining CoS Classifiers CLI Procedure 3204 Defining CoS Classifiers J Web Procedure 3206 Defining CoS Forwarding Classes C...

Page 57: ...Schedulers on a 40 port SFP Line Card in an EX8200 Switch 3235 The default scheduler map associated with a few ports in a port group is replaced with a configured scheduler map 3235 The scheduler maps configured on a few ports in a port group are replaced with the default scheduler map 3236 Chapter 112 Configuration Statements for CoS 3237 edit class of service Configuration Statement Hierarchy 32...

Page 58: ... 3304 PoE Power Budget 3304 Power Management Mode 3304 PoE Interface Power Priority 3305 PoE Configuration and Monitoring 3305 Chapter 115 Examples PoE Configuration 3307 Example Configuring PoE Interfaces on an EX Series Switch 3307 Example Configuring PoE Interfaces with Different Priorities on an EX Series Switch 3309 Chapter 116 Configuring PoE 3315 Configuring PoE CLI Procedure 3315 Configuri...

Page 59: ... Switches Overview 3351 Benefits of MPLS 3351 Additional Benefits of MPLS and Traffic Engineering 3352 Understanding Junos MPLS Components for EX Series Switches 3353 Provider Edge Switches 3353 MPLS Protocol and Label Switched Paths 3353 Circuit Cross Connect for Customer Edge Interfaces 3353 IP over MPLS For Customer Edge Interfaces 3354 Provider Switch 3354 Components Required for All Switches ...

Page 60: ...s of an MPLS Network CLI Procedure 3401 Configuring MPLS on Provider Edge Switches Using IP Over MPLS CLI Procedure 3401 Configuring the Ingress PE Switch 3402 Configuring the Egress PE Switch 3403 Configuring MPLS on Provider Edge Switches Using Circuit Cross Connect CLI Procedure 3405 Chapter 124 Verifying MPLS 3409 Verifying That MPLS Is Working Correctly 3409 Verifying the Physical Layer on th...

Page 61: ...nnections 3458 show link management 3462 show link management peer 3466 show link management routing 3468 show link management statistics 3471 show link management te link 3473 show mpls admin groups 3475 show mpls call admission control 3476 show mpls cspf 3478 show mpls diffserv te 3480 show mpls interface 3481 show mpls interface 3482 show mpls lsp 3483 show mpls path 3492 show route forwarding...

Page 62: ... Output for Port Mirroring Analyzers on EX Series Switches 3560 Configuration Statements for Port Mirroring 3561 edit ethernet switching options Configuration Statement Hierarchy 3561 analyzer 3564 egress 3565 ethernet switching options 3566 ingress 3569 input 3570 interface 3571 loss priority 3572 output 3573 ratio 3574 vlan 3574 Operational Mode Commands for Port Mirroring 3574 show analyzer 357...

Page 63: ...tement Hierarchy 3606 address 3607 address mask 3607 agent address 3608 alarm 3609 authorization 3610 bucket size 3610 categories 3611 client list 3611 client list name 3612 clients 3612 commit delay 3613 community 3614 community 3615 community name 3616 contact 3617 description 3617 description 3618 destination port 3618 engine id 3619 event 3620 falling event index 3620 falling threshold 3621 fa...

Page 64: ...stance 3642 routing instance 3643 sample type 3643 security level Generating SNMP Notifications 3644 security level Defining Access Privileges 3645 security model Access Privileges 3645 security model Group 3646 security model SNMP Notifications 3646 security name Security Group 3647 security name Community String 3648 security name SNMP Notifications 3649 security to group 3650 snmp 3650 snmp 365...

Page 65: ... of RPM on EX Series Switches 3703 Configuring Real Time Performance Monitoring RPM 3703 Configuring Real Time Performance Monitoring J Web Procedure 3704 Configuring the Interface for RPM Timestamping for Client Server on an EX Series Switch CLI Procedure 3711 Verifying Real Time Performance Monitoring 3713 Viewing Real Time Performance Monitoring Information 3713 Operational Mode Commands for Re...

Page 66: ...t management 3757 Chapter 132 Ethernet OAM Connectivity Fault Management 3763 Ethernet OAM Connectivity Fault Management Overview 3763 Understanding Ethernet OAM Connectivity Fault Management for an EX Series Switch 3763 Example of Ethernet OAM Connectivity Fault Management Configuration 3764 Example Configuring Ethernet OAM Connectivity Fault Management on EX Series Switches 3765 Configuring Ethe...

Page 67: ...nly 3792 remote mep EX Series Switch Only 3793 Operational Mode Commands for Ethernet OAM Connectivity Fault Management 3793 clear oam ethernet connectivity fault management statistics 3794 show oam ethernet connectivity fault management forwarding state 3795 show oam ethernet connectivity fault management interfaces 3799 show oam ethernet connectivity fault management linktrace path database 3805...

Page 68: ...31 transfer interval 3831 Chapter 135 Operational Mode Commands for General Network Management and Monitoring 3833 monitor traffic 3834 ping 3842 show snmp mib 3845 traceroute 3847 Copyright 2010 Juniper Networks Inc lxviii Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 69: ...to the Console Port on the EX Series Switch 505 Part 11 Virtual Chassis Chapter 43 Virtual Chassis Overview Components and Configurations 921 Figure 9 Console Session Redirection 930 Figure 10 Management Ethernet Port Redirection to VME 931 Figure 11 Normal Traffic Flow in a Ring Topology Using Dedicated VCPs 937 Figure 12 Traffic Redirected by Fast Failover After Dedicated VCP Link Failure 938 Fi...

Page 70: ... 2 Bridging and VLANs Chapter 57 Bridging and VLANs Overview 1283 Figure 28 Redundant Trunk Group Link 1 Active 1292 Figure 29 Redundant Trunk Group Link 2 Active 1292 Chapter 58 Examples Bridging and VLAN Configuration 1305 Figure 30 Topology for Configuration 1321 Figure 31 GVRP Configured on Two Access Switches and One Distribution Switch for Automatic VLAN Administration 1331 Figure 32 Topolog...

Page 71: ...uthentication Configuration 2561 Figure 55 Topology for MAC RADIUS Authentication Configuration 2565 Figure 56 Topology for Configuring Supplicant Modes 2570 Figure 57 Topology for Firewall Filter and RADIUS Server Attributes Configuration 2576 Figure 58 VoIP Topology 2583 Figure 59 Conceptual Model Dynamic Filter Updated for Each New User 2599 Figure 60 Multiple Supplicants on an 802 1X Enabled I...

Page 72: ...Routed Firewall Filters 3041 Part 21 Class of Service Chapter 107 Class of Service CoS Overview 3145 Figure 80 Packet Flow Across the Network 3147 Chapter 108 Examples CoS Configuration 3173 Figure 81 Topology for Configuring CoS 3174 Chapter 111 Troubleshooting CoS Configuration 3235 Figure 82 Port Numbering and Port Groups on a 40 port SFP Line Card 3236 Part 23 MPLS Chapter 121 MPLS Overview 33...

Page 73: ...Figure 90 Relationship Among MEPs MIPs and Maintenance Domain Levels 3764 lxxiii Copyright 2010 Juniper Networks Inc List of Figures ...

Page 74: ...Copyright 2010 Juniper Networks Inc lxxiv Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 75: ... 13 Table 15 Supported Junos OS Layer 3 Protocol Statements and Features 14 Table 16 Junos OS Layer 3 Protocol Statements and Features That Are Not Supported 16 Table 17 Junos OS Processes 24 Chapter 2 Supported Hardware 25 Table 18 EX3200 Switch Models 29 Table 19 EX4200 Switch Models 29 Table 20 EX4500 Switch Models and Their Components 32 Part 3 Software Installation Chapter 4 Software Installa...

Page 76: ... 183 Table 44 System Management Features 183 Table 45 Junos OS Processes 185 Chapter 15 Initial Configuration 187 Table 46 Date and Time Settings 194 Table 47 Set Up Configuration Summary 195 Chapter 17 Operational Mode Commands for System Setup 229 Table 48 show chassis firmware Output Fields 276 Table 49 show chassis lcd Output Fields 282 Table 50 show ntp associations Output Fields 292 Table 51...

Page 77: ...it Point Click Configuration Buttons 419 Table 78 Commit Options 421 Table 79 Commit Preference Options 421 Table 80 Options for the load command 422 Table 81 J Web Configuration History Summary 424 Table 82 J Web Configuration Database Information Summary 425 Chapter 27 Operational Mode Commands for Configuration Management 447 Table 83 show system commit Output Fields 471 Part 8 User and Access ...

Page 78: ...s 628 Part 10 Junos OS for EX Series Switches System Monitoring Chapter 39 System Monitoring Overview 637 Table 110 Alarm Terms 637 Table 111 System Information 638 Table 112 Health Status 639 Table 113 Capacity Utilization 640 Table 114 Chassis Viewer for EX2200 Switches 641 Table 115 Chassis Viewer for EX3200 and EX4200 Switches 641 Table 116 Chassis Viewer for EX4500 Switches 643 Table 117 Chas...

Page 79: ...4 Table 147 Components of a Virtual Chassis Interconnected Across Multiple Wiring Closets 965 Table 148 Components of the Topology for Connecting Virtual Chassis Access Switches to a Virtual Chassis Distribution Switch 973 Table 149 Components of a Preprovisioned Virtual Chassis Interconnected Across Multiple Wiring Closets 985 Chapter 45 Configuring Virtual Chassis 1011 Table 150 Virtual Chassis ...

Page 80: ... Table 176 Output Control Keys for the monitor interface traffic Command 1230 Table 177 monitor interface Output Fields 1230 Table 178 show ethernet switching interfaces Output Fields 1235 Table 179 show interfaces diagnostics optics Output Fields 1238 Table 180 show interfaces ge Output Fields 1245 Table 181 show interfaces queue Output Fields 1256 Table 182 show interfaces xe Output Fields 1263 ...

Page 81: ...le Output Fields 1494 Table 208 show gvrp Output Fields 1497 Table 209 show gvrp statistics Output Fields 1499 Table 210 show mvrp Output Fields 1501 Table 211 show mvrp dynamic vlan memberships Output Fields 1503 Table 212 show mvrp statistics Output Fields 1504 Table 213 show redundant trunk group Output Fields 1506 Table 214 show vlans Output Fields 1508 Part 14 Spanning Tree Protocols Chapter ...

Page 82: ...Global Settings 1687 Table 239 Static Routing Configuration Summary 1691 Table 240 Policies Global Configuration Parameters 1693 Table 241 Terms Configuration Parameters 1694 Chapter 72 Verifying Layer 3 Protocols Configuration 1701 Table 242 Summary of Key BGP Routing Output Fields 1701 Table 243 Summary of Key OSPF Routing Output Fields 1704 Table 244 Summary of Key RIP Routing Output Fields 170...

Page 83: ... ripng neighbor Output Fields 2160 Table 282 show ripng statistics Output Fields 2162 Table 283 show route Output Fields 2164 Table 284 show route damping Output Fields 2187 Table 285 show route detail Output Fields 2192 Table 286 Next Hop Types Output Field Values 2196 Table 287 State Output Field Values 2198 Table 288 Communities Output Field Values 2200 Table 289 show route export Output Fields...

Page 84: ...Fields 2477 Table 321 show multicast rpf Output Fields 2481 Table 322 show multicast scope Output Fields 2484 Table 323 show multicast sessions Output Fields 2486 Table 324 show multicast usage Output Fields 2488 Table 325 show pim bootstrap Output Fields 2491 Table 326 show pim interfaces Output Fields 2493 Table 327 show pim join Output Fields 2497 Table 328 show pim neighbors Output Fields 2501...

Page 85: ... show network access aaa statistics accounting Output Fields 2786 Table 361 show network access aaa statistics authentication Output Fields 2787 Table 362 show network access aaa statistics dynamic requests Output Fields 2788 Part 18 Rate Limiting Chapter 92 Operational Mode Commands for Rate Limiting 2815 Table 363 show ethernet switching interfaces Output Fields 2816 Table 364 show ethernet swit...

Page 86: ...le 388 Create a New Term 3070 Table 389 Advanced Options for Terms 3071 Table 390 Policies Global Configuration Parameters 3077 Table 391 Terms Configuration Parameters 3078 Chapter 105 Configuration Statements for Firewall Filters 3089 Table 392 Supported Options for Firewall Filter Statements 3090 Table 393 Firewall Filter Statements That Are Not Supported by Junos OS for EX Series Switches 3092...

Page 87: ...elds 3229 Table 424 Summary of Key CoS Interfaces Output Fields 3230 Table 425 Summary of Key CoS Rewrite Rules Output Fields 3231 Table 426 Summary of Key CoS Scheduler Maps Output Fields 3232 Table 427 Summary of Key CoS Value Alias Output Fields 3233 Table 428 Summary of the Key Output Fields for CoS Red Drop Profiles 3234 Chapter 113 Operational Mode Commands for CoS 3271 Table 429 show class ...

Page 88: ... 126 Operational Mode Commands for MPLS 3433 Table 456 show connections Output Fields 3456 Table 457 show connections Output Fields 3459 Table 458 show link management Output Fields 3462 Table 459 show link management peer Output Fields 3466 Table 460 show link management routing Output Fields 3468 Table 461 show link management statistics Output Fields 3471 Table 462 show link management te link ...

Page 89: ...RPM Probe Owner Concurrent Probes and Probe Servers Configuration Fields 3705 Table 495 Performance Probe Tests Configuration Fields 3706 Table 496 show services rpm active servers Output Fields 3714 Table 497 show services rpm history results Output Fields 3715 Table 498 show services rpm probe results Output Fields 3718 Chapter 131 Ethernet OAM Link Fault Management 3725 Table 499 show oam ether...

Page 90: ...5 Table 508 Logical Operators for the monitor traffic Command 3837 Table 509 Arithmetic and Relational Operators for the monitor traffic Command 3838 Table 510 show snmp mib Output Fields 3846 Table 511 traceroute Output Fields 3848 Copyright 2010 Juniper Networks Inc xc Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 91: ...s OS for EX Series Switches Release 10 3 collects together the software feature descriptions configuration examples and tasks for the Junos OS for EX Series switches Release 10 3 The release notes are at http www juniper net techpubs en_US junos10 3 information products topic collections release notes 10 3 junos release notes 10 3 pdf List of EX Series Guides for Junos OS Release 10 3 Description ...

Page 92: ...OS for EX Series Switches Release 10 3 Access Control Junos OS for EX Series Switches Release 10 3 Configuration Management Junos OS for EX Series Switches Release 10 3 Class of Service Junos OS for EX Series Switches Release 10 3 Device Security Junos OS for EX Series Switches Release 10 3 Ethernet Switching Junos OS for EX Series Switches Release 10 3 Interfaces Junos OS for EX Series Switches R...

Page 93: ...Access Management Junos OS for EX Series Switches Release 10 3 User Interfaces Junos OS for EX Series Switches Release 10 3 Virtual Chassis Downloading Software You can download Junos OS for EX Series switches from the Download Software area at http www juniper net customers support To download the software you must have a Juniper Networks user account For information about obtaining an account se...

Page 94: ...actions Junos System Basics Configuration Guide RFC 1997 BGP Communities Attribute Introduces important new terms Identifies book names Identifies RFC and Internet draft titles Italic text like this Configure the machine s domain name edit root set system domain name domain name Represents variables options for which you substitute a value in commands or configuration statements Italic text like t...

Page 95: ...a level in the configuration hierarchy Indention and braces Identifies a leaf statement at a configuration hierarchy level semicolon J Web GUI Conventions In the Logical Interfaces box select All Interfaces To cancel the configuration click Cancel Represents J Web graphical user interface GUI items you click or select Bold text like this In the configuration editor hierarchy select Protocols Ospf ...

Page 96: ...Search for known bugs http www2 juniper net kb Find product documentation http www juniper net techpubs Find solutions and answer questions using our Knowledge Base http kb juniper net Download the latest versions of software and review release notes http www juniper net customers csc software Search technical bulletins for relevant hardware and software notifications https www juniper net alerts ...

Page 97: ...PART 1 Junos OS for EX Series Switches Product Overview Software Overview on page 3 Supported Hardware on page 25 1 Copyright 2010 Juniper Networks Inc ...

Page 98: ...Copyright 2010 Juniper Networks Inc 2 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 99: ...er Networks Junos operating system Junos OS release in which they were introduced Table 1 on page 4 Access Control Features Table 2 on page 5 Administration Features Table 3 on page 5 Class of Service CoS Features Table 4 on page 5 High Availability and Resiliency Features Table 5 on page 7 Interfaces Features Table 6 on page 7 IP Address Management Features Table 7 on page 8 IPv6 Features Table 8...

Page 100: ... rate limiting For a list of supported firewall filter match conditions and actions see Firewall Filter Match Conditions and Actions for EX Series Switches on page 3009 Junos OS 10 0R1 Junos OS 10 2R1 Junos OS 9 0R2 Junos OS 10 1R1 Firewall filters on LAGs Junos OS 9 6R1 Junos OS 10 2R1 Junos OS 9 2R1 Junos OS 10 1R1 Firewall filter on loopback interface Junos OS 10 3R1 Not supported Junos OS 10 1...

Page 101: ...ifiers on routed VLAN interfaces RVIs Junos OS 9 5R1 Not applicable Not applicable Not applicable CoS multidestination Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 2R1 Junos OS 10 1R1 CoS support on LAGs Junos OS 9 4R1 Not supported Junos OS 9 4R1 Junos OS 10 3R1 CoS support on routed VLAN interfaces RVIs Junos OS 10 2R1 Not supported Junos OS 9 4R1 Junos OS 10 3R1 Interface specific CoS rewrite rule...

Page 102: ...rt for dual homing applications in data centers Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 0R2 Junos OS 10 1R1 Link aggregation groups LAGs Not applicable Not applicable Junos OS 9 6R1 EX4200 only Not applicable Link aggregation groups LAGs over Virtual Chassis ports VCPs Junos OS 9 4R1 Not supported Junos OS 9 0R2 Junos OS 10 1R1 Redundant trunk groups Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 0R2...

Page 103: ...2 Junos OS 10 1R1 Power over Ethernet PoE Not supported Not supported Not supported Junos OS 10 3R1 Power over Ethernet Plus PoE Not supported Not applicable Junos OS 9 3R2 Junos OS 10 1R1 PoE power management mode Junos OS 10 1R1 Not supported Junos OS 9 3R2 Not supported Unicastreverse pathforwarding RPF Junos OS 9 4R1 Not supported Junos OS 9 2R1 Not supported VLAN tagged Layer 3 subinterfaces ...

Page 104: ...ng Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 1R1 Junos OS 10 1R1 BPDU protection for spanning tree protocols Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 1R1 Not supported GARP VLAN Registration Protocol GVRP Not supported Not supported Junos OS 10 0 Not supported Layer 2 protocol tunneling L2PT Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 0R2 Junos OS 10 1R1 Link Layer Discovery Protocol LLDP Not suppo...

Page 105: ...R1 Spanning tree Spanning Tree Protocol STP Rapid Spanning Tree Protocol RSTP Multiple Spanning Tree Protocol MSTP Junos OS 9 6R1 Junos OS 10 2R1 Junos OS 9 4R1 Junos OS 10 1R1 Spanning tree VLAN Spanning Tree Protocol VSTP Junos OS 10 2R1 Junos OS 10 2R1 Junos OS 10 2R1 Not supported Spanning tree RSTP and VSTP concurrent configuration Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 1R1 Junos OS 10 1R1...

Page 106: ...ames on routed VLAN interfaces RVIs Junos OS 9 5R1 Not supported Junos OS 9 5R1 Not supported OSPF Multitopology Routing MT OSPF See the Junos OS Routing Protocols Configuration Guide at www juniper net techpubs software junos index html Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 0R2 Not supported OSPFv2 Not supported Not supported Junos OS 10 3R1 Not supported OSPFv3 IPSec support Junos OS 9 4R1 J...

Page 107: ...Switches EX3200 and EX4200 Switches EX2200Switches Feature Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 0R2 Not supported Internet Group Management Protocol IGMP version1 v1 and IGMPv2 Junos OS 9 6R1 Junos OS 10 2R1 Junos OS 9 3R2 Not supported IGMPv3 Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 1R1 Junos OS 10 1R1 IGMPv1 v2 snooping Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 2R1 Junos OS 10 1R1 IGMP sno...

Page 108: ...Network Management and Monitoring Features EX8200Switches EX4500Switches EX3200 and EX4200 Switches EX2200Switches Feature Not supported Not supported Junos OS 10 2R1 Not supported 802 1ag Ethernet OAM connectivity fault management CFM Junos OS 10 0R1 Not supported Junos OS 9 4R1 Not supported Ethernet OAM link fault management LFM Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 0R2 Junos OS 10 1R1 Port...

Page 109: ...nos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 3R2 Junos OS 10 1R1 DHCP option 82 Junos OS 10 3R1 Not supported Junos OS 9 0R2 Junos OS 10 1R1 DHCP snooping Junos OS 10 3R1 Not supported Junos OS 9 0R2 Junos OS 10 1R1 Dynamic ARP inspection DAI Junos OS 10 3R1 Not supported Junos OS 9 2R1 Junos OS 10 1R1 IP source guard Junos OS 10 3R1 Junos OS 10 2R1 Junos OS 9 0R2 Junos OS 10 1R1 MAC limiting Junos OS ...

Page 110: ...tches on page 15 EX2200 Switches Hardware Overview on page 25 EX3200 and EX4200 Switches Hardware Overview on page 26 EX4500 Switches Hardware Overview on page 30 EX8208 Switch Hardware Overview on page 33 EX8216 Switch Hardware Overview on page 36 Layer 3 Protocols Supported on EX Series Switches EX Series switches support the Junos OS Layer 3 features and configuration statements listed in Table...

Page 111: ...upported on EX Series Switches on page 15 OSPFv1 v2 and v3 See the Junos OS Multicast Configuration Guide at http www juniper net techpubs software junos Fully supported on EX3200 EX4200 and EX8200 switches PIM See the Junos OS Routing Protocols Configuration Guide at http www juniper net techpubs software junos Fully supported RIP See the Junos OS Routing Protocols Configuration Guide at http www...

Page 112: ...ate statements EX2200 and EX4500 switches MLD ldp and all subordinate statements MPLS Fast Reroute FRR Label Distribution Protocol LDP Layer 3 VPNs Multiprotocol BGP MP BGP for VPN IPv4 family Pseudowire emulation PWE3 Routing policy statements related to Layer 3 VPNs and MPLS Virtual Private LAN Service VPLS nat and subordinate statements Policy statements related to NAT Network Address Translati...

Page 113: ...nate statements route distinguisher id statement General routing options in the routing options hierarchy MPLS and label switched paths accounting and subordinate statements family mpls and family multiservice under hash key hierarchy Under monitoring group name family inet output hierarchy cflowd statement export format cflowd version 5 statement flow active timeout statement flow export destinat...

Page 114: ...rity CA with public key infrastructure PKI User Authentication Authorization and Accounting AAA Features include User and group accounts with password encryption and authentication Access privilege levels configurable for login classes and user templates RADIUS authentication TACACS authentication or both for authenticating users who attempt to access the switch Auditing of configuration changes t...

Page 115: ...es not matter whether the destination host has the same IP address as the incoming interface or a different remote IP address An ARP request for a broadcast address elicits no reply Device Security Storm control permits the switch to monitor unknown unicast and broadcast traffic and drop packets or shut down or temporarily disable the interface when a specified traffic level is exceeded thus preve...

Page 116: ...ting platforms is the master active and the others are backups If the master routing platform fails one of the backup routing platforms becomes the new master providing a virtual default routing platform and enabling traffic on the LAN to be routed without relying on a single routing platform Using VRRP a backup EX Series switch can take over a failed default switch within a few seconds This is do...

Page 117: ...of the Virtual Chassis configuration Runs other management and control processes for the entire Virtual Chassis configuration The master Routing Engine which is in the master of the Virtual Chassis configuration runs Juniper Networks Junos operating system Junos OS in the master role It receives and transmits routing information builds and maintains routing tables communicates with interfaces and ...

Page 118: ...hassis split and merge If there is a disruption to the Virtual Chassis configuration due to member switches failing or being removed from the configuration the Virtual Chassis configuration splits into two separate Virtual Chassis Link Aggregation You can combine multiple physical Ethernet ports to form a logical point to point link known as a link aggregation group LAG or bundle A LAG provides mo...

Page 119: ...ing components Packet Forwarding Engine Processes packets applies filters routing policies and other features and forwards packets to the next hop along the route to their final destination Routing Engine Provides three main functions Creates the packet forwarding switch fabric for the switch providing route lookup filtering and switching on incoming data packets then directing outbound packets to...

Page 120: ...rs dcd Interface process Provides communication between the other processes and an interface to the configuration database Populates the configuration database with configuration information and retrieves the information when queried by other processes to ensure that the system operates as configured Interacts with the other processes when commands are issued through one of the user interfaces on ...

Page 121: ...es Layer 2 and Layer 3 switching routing and security services The same Junos OS code base that runs on EX Series switches also runs on all Juniper Networks J Series M Series MX Series and T Series routers EX2200 Switches on page 25 Uplink Ports on page 26 Power over Ethernet PoE Ports on page 26 EX2200 Switches Juniper Networks EX2200 Ethernet switches provide connectivity for low density environ...

Page 122: ...e 10 2 or earlier can supply up to 15 4 W to individual PoE ports supporting powered devices that comply with IEEE 802 3af PoE Related Documentation EX2200 Switch Models Site Preparation Checklist for EX2200 Switches EX3200 and EX4200 Switches Hardware Overview Juniper Networks EX Series Ethernet Switches provide scalable connectivity for the enterprise market including branch offices campus locat...

Page 123: ... ports equipped for PoE All models provide ports that have 10 100 1000Base T Gigabit Ethernet connectors and optional 1 gigabit small form factor pluggable SFP transceivers 10 gigabit small form factor pluggable SFP transceivers or 10 gigabit small form factor pluggable XFP transceivers for use with fiber connections EX3200 switches include A field replaceable power supply and an optional addition...

Page 124: ...tchover and nonstop active routing Junos OS with its modular design that enables failed system processes to gracefully restart Uplink Modules Optional uplink modules are available for all EX3200 and EX4200 switches Uplink modules provide two 10 gigabit small form factor pluggable XFP transceivers four 1 gigabit small form factor pluggable SFP transceivers or two 10 gigabit small form factor plugga...

Page 125: ...age 29 Front Panel of an EX3200 Switch Rear Panel of an EX3200 Switch EX3200 and EX4200 Switches Hardware Overview on page 26 EX4200 Switch Models The EX4200 switch is available with 24 or 48 ports and with partial or full Power over Ethernet PoE capability Table 19 on page 29 lists the EX4200 switch models Table 19 EX4200 Switch Models Power Supply Minimum Number of PoE enabled Ports Ports Model ...

Page 126: ...security services The same Junos OS code base that runs on EX Series switches also runs on all Juniper Networks J Series M Series MX Series and T Series routers EX4500 Switches on page 30 Uplink Modules on page 31 EX4500 Switches EX4500 switches provide connectivity for high density 10 Gigabit Ethernet data center top of rack and aggregation deployments Typically EX4500 switches are used in data c...

Page 127: ... is the front of the switch To provide carrier class reliability EX4500 switches include Dual redundant load sharing power supplies that are field replaceable hot removable and hot insertable A field replaceable fan tray with five fans The switch remains operational if a single fan fails Junos OS with its modular design that enables failed system processes to gracefully restart Uplink Modules Opti...

Page 128: ...ble One AC power supply with orange ejector lever One power cord One power supply cover panel Two uplink module cover panels One intraconnect module Back to front 40 port GbE 10GbE SFP SFP EX4500 40F BF Chassis One fan tray with green intake label visible One AC power supply with green ejector lever One power cord One power supply cover panel Two uplink module cover panels One intraconnect module ...

Page 129: ... Ethernet Switches provide high performance scalable connectivity and carrier class reliability for high density environments such as campus aggregation and data center networks The EX8208 switch is a modular system that provides high availability and redundancy for all major hardware components including Routing Engines switch fabric fan tray and power supplies You can manage EX8208 switches usin...

Page 130: ... standard 42 U rack Each EX8208 switch is designed to optimize rack space and cabling See Figure 3 on page 34 Figure 3 EX8208 Switch The EX8208 switch has a chassis level LCD panel that displays Routing Engine and switch fabric status as well as chassis components alarm information for rapid problem identification The LCD panel provides a user friendly interface for performing initial switch confi...

Page 131: ...rizontal line card slots and supports the line rate for each line card The line cards in EX8200 switches combine a Packet Forwarding Engine and Ethernet interfaces on a single assembly Line cards are field replaceable units FRUs that can be installed in the line card slots labeled 0 through 7 on the front of the switch chassis See Slot Numbering for an EX8208 Switch All line cards are hot removabl...

Page 132: ...dundancy See AC Power Supply in an EX8200 Switch and EX8208 Switch Configurations The redundant DC configuration ships with four DC power supplies The dual inputs of the DC supplies provide direct support for N N power redundancy The redundant configuration also provides sufficient capacity for N 1 redundancy in most configurations if necessary up to two additional DC supplies can be added to the ...

Page 133: ... 41 Software The EX Series switches Juniper Networks EX3200 Ethernet Switch Juniper Networks EX4200 Ethernet Switch and Juniper Networks EX8200 Ethernet Switch models run under the Juniper Networks Junos OS which provides Layer 2 and Layer 3 switching routing and security services The same Junos OS code base that runs on EX Series switches also runs on all Juniper Networks J Series M Series MX Ser...

Page 134: ...Figure 4 EX8216 Switch Front Copyright 2010 Juniper Networks Inc 38 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 135: ...fault configuration See LCD Panel in an EX8200 Switch The EX8216 chassis midplane distributes the data control and management signals to system components and distributes power throughout the system See Midplane in an EX8216 Switch Routing Engines and Switch Fabric System management and system control functions of an EX8216 switch are performed by the Routing Engine RE module An RE module contains...

Page 136: ...for all packet sizes for the installed line cards The line cards in EX8200 switches combine a Packet Forwarding Engine and Ethernet interfaces on a single assembly They are field replaceable units FRUs and you can install them in the slots labeled 0 through 15 on the front of the switch chassis All line cards are hot insertable and hot removable The following line cards are available for EX8216 sw...

Page 137: ... in the range 40 VDC through 72 VDC The redundant AC configuration ships with six AC power supplies to provide the capacity to power the system using N 1 or N N power redundancy The redundant DC configuration ships with four DC power supplies The dual inputs of the DC supplies provide direct support for N N power redundancy The redundant configuration also provides sufficient capacity for N 1 redu...

Page 138: ...Copyright 2010 Juniper Networks Inc 42 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 139: ...PART 2 Complete Software Configuration Statement Hierarchy Complete Software Configuration Statement Hierarchy on page 45 43 Copyright 2010 Juniper Networks Inc ...

Page 140: ...Copyright 2010 Juniper Networks Inc 44 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 141: ...nt Hierarchy on page 56 edit protocols Configuration Statement Hierarchy on page 56 edit routing instances Configuration Hierarchy on page 63 edit snmp Configuration Statement Hierarchy on page 63 edit virtual chassis Configuration Statement Hierarchy on page 64 edit vlans Configuration Statement Hierarchy on page 64 edit access Configuration Statement Hierarchy access profileprofile name accounti...

Page 142: ...hes on page 90 Configuring the LCD Panel on EX Series Switches CLI Procedure on page 192 Configuring Graceful Routing Engine Switchover in a Virtual Chassis Configuration CLI Procedure on page 1033 Installing Software on an EX8200 Switch with Redundant Routing Engines CLI Procedure on page 79 edit class of service Configuration Statement Hierarchy class of service classifiers dscp ieee 802 1 inet ...

Page 143: ... name scheduler map map name rewrite rules dscp ieee 802 1 inet precedence rewrite name import rewrite name default forwarding class class name loss priority loss priority code point alias bits scheduler maps map name forwarding class class name scheduler scheduler name schedulers scheduler name buffer size percent percentage remainder drop profile map loss priority loss priority protocol protocol...

Page 144: ... or Defining CoS Rewrite Rules J Web Procedure on page 3217 Assigning CoS Components to Interfaces CLI Procedure on page 3219 or Assigning CoS Components to Interfaces J Web Procedure on page 3219 Configuring CoS Traffic Classification for Ingress Queuing on 40 port SFP Line Cards CLI Procedure on page 3225 edit ethernet switching options Configuration Statement Hierarchy ethernet switching option...

Page 145: ...rusted no dhcp trusted mac limit limit action action no allowed mac log static ip ip address vlan vlan name mac mac address vlan all vlan name arp inspection no arp inspection dhcp option82 circuit id prefix hostname use interface description use vlan id remote id prefix hostname mac none use interface description use string string vendor id string examine dhcp no examine dhcp ip source guard no i...

Page 146: ...for STP RSTP and MSTP on EX Series Switches on page 1522 Understanding Redundant Trunk Links on EX Series Switches on page 1291 Understanding Storm Control on EX Series Switches on page 2791 Understanding 802 1X and VoIP on EX Series Switches on page 2542 Understanding Q in Q Tunneling on EX Series Switches on page 1293 Understanding Unknown Unicast Forwarding on EX Series Switches on page 2792 Un...

Page 147: ...affic Rates CLI Procedure on page 3073 Firewall Filters for EX Series Switches Overview on page 3001 edit forwarding options Configuration Statement Hierarchy helpers bootp dhcp option82 circuit id prefix hostname use interface description use vlan id remote id prefix hostname mac none use interface description use string string vendor id string interface interface name dhcp option82 circuit id pr...

Page 148: ...ns see the Junos OS Policy Framework Configuration Guide at http www juniper net techpubs software junos index html edit interfaces Configuration Statement Hierarchy interfaces aex aggregated ether options flow control no flow control lacp mode periodic interval link speed speed minimum links number description text disable hold time up milliseconds down milliseconds mtu bytes no gratuitous arp re...

Page 149: ...link mode mode speed auto negotiation speed hold time up milliseconds down milliseconds mtu bytes no gratuitous arp request traceoptions traps no traps unit logical unit number description text disable family family name proxy arp restricted unrestricted rpm traps no traps vlan id vlan id number vlan tagging interface range interface range name description text disable ether options 802 3ad aex la...

Page 150: ...nit logical unit number description text disable family family name traps no traps me0 description text disable hold time up milliseconds down milliseconds no gratuitous arp request traceoptions traps no traps unit logical unit number description text disable family family name traps no traps vlan id vlan id number vlan tagging vlan description text disable hold time up milliseconds down milliseco...

Page 151: ...port description text disable ether options 802 3ad aex lacp force up auto negotiation no auto negotiation flow control no flow control link mode mode speed auto negotiation speed hold time up milliseconds down milliseconds mtu bytes no gratuitous arp request traceoptions traps no traps unit logical unit number description text disable family family name proxy arp restricted unrestricted rpm traps...

Page 152: ...tion Statement Hierarchy poe guard band watts interface all interface name disable maximum power watts priority high low telemetries disable duration hours interval minutes management class static notification control fpc slot number disable Related Documentation Example Configuring PoE Interfaces with Different Priorities on an EX Series Switch on page 3309 Configuring PoE CLI Procedure on page 3...

Page 153: ...eriod seconds static mac address interface interface name vlan assignment vlan id vlan name gvrp enable disable interface all interface name disable join timer millseconds leave timer milliseconds leaveall timer milliseconds igmp snooping traceoptions file filename files number size size world readable no world readable match regex flag flag detail disable receive send vlan vlan id vlan number dat...

Page 154: ...e seconds ptopo configuration trap interval seconds traceoptions file filename files number size size world readable no world readable match regex flag flag detail disable receive send lldp med disable fast start number interface all interface name disable location elin number civic based what number country code code ca type number ca value value mpls interface all interface name label switched p...

Page 155: ...priority priority revision level revision level traceoptions file filename files number size size no stamp world readable no world readable flag flag mvrp disable interface all interface name disable join timer milliseconds leave timer milliseconds leaveall timer milliseconds registration forbidden normal no dynamic vlan traceoptions file filename files number size size no stamp world readable no ...

Page 156: ...own interface interface name remote mep mep id action profile profile name link fault management action profile profile name action syslog link down event link adjacency loss link event rate frame error count frame period count frame period summary count symbol period count interface interface name link discovery active passive pdu interval interval event thresholds threshold value remote loopback...

Page 157: ...options file filename files number size size no stamp world readable no world readable flag flag sflow agent id collector ip address udp port port number disable interfaces interface name disable polling interval seconds sample rate number polling interval seconds sample rate number source ip stp disable bridge priority priority forward delay seconds hello time seconds interface all interface name...

Page 158: ...e mode no root port priority priority max age seconds traceoptions file filename files number size size no stamp world readable no world readable flag flag Related Documentation 802 1X for EX Series Switches Overview on page 2531 Example Configure Automatic VLAN Administration Using GVRP on page 1329 Understanding MAC RADIUS Authentication on EX Series Switches Understanding Server Fail Fallback a...

Page 159: ...ge 3577 Understanding VSTP for EX Series Switches on page 1525 edit routing instances Configuration Hierarchy routing instances routing instance name instance type virtual router interface interface name Related Documentation Example Using Virtual Routing Instances to Route Among VLANs on EX Series Switches on page 1354 Configuring Virtual Routing Instances CLI Procedure on page 1384 edit snmp Con...

Page 160: ...a Virtual Chassis Interconnected Across Multiple Wiring Closets on page 963 Example Configuring a Virtual Chassis Using a Preprovisioned Configuration File on page 982 Configuring a Virtual Chassis CLI Procedure on page 1011 Configuring a Virtual Chassis J Web Procedure on page 1015 Virtual Chassis Overview on page 921 edit vlans Configuration Statement Hierarchy vlans vlan name description text d...

Page 161: ...ng with Multiple VLANs for EX Series Switches on page 1312 Example Configure Automatic VLAN Administration Using GVRP on page 1329 Example Connecting an Access Switch to a Distribution Switch on page 1320 Example Setting Up Q in Q Tunneling on EX Series Switches on page 1347 Example Configuring Layer 2 Protocol Tunneling on EX Series Switches on page 1368 Creating a Private VLAN CLI Procedure on p...

Page 162: ...Copyright 2010 Juniper Networks Inc 66 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 163: ...ooting the Switch Upgrading Software and Managing Licenses on page 87 Verifying Software Installation on page 95 Troubleshooting Software Installation on page 99 Configuration Statements for Software Installation on page 103 Operational Mode Commands for Software Installation on page 105 67 Copyright 2010 Juniper Networks Inc ...

Page 164: ...Copyright 2010 Juniper Networks Inc 68 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 165: ...oftware Package Security on page 70 Installing Software on a Virtual Chassis on page 70 Installing Software on EX8200 Switches with Redundant Routing Engines on page 70 Installing Software Using Automatic Software Download on page 70 Troubleshooting Software Installation on page 70 Overview of the Software Installation Process An EX Series switch is delivered with Junos OS preinstalled When you co...

Page 166: ...particular member Installing Software on EX8200 Switches with Redundant Routing Engines To install software on a Juniper Networks EX8200 Ethernet Switch that has two Routing Engines with minimal network disruption you perform a Junos OS installation on each Routing Engine separately starting with the backup See Installing Software on an EX8200 Switch with Redundant Routing Engines CLI Procedure on...

Page 167: ...install ex 4200 m n is the software release with m representing the major release number and n representing the minor release number for example 9 5 Z indicates the type of software release where R indicates released software and B indicates beta level software x y represents the version of the major software release x and an internal tracking number y for example 1 6 domestic signed is appended t...

Page 168: ...file moving technique to move files from an internal memory source to USB memory on the switch System snapshots on EX Series switches have the following limitations You cannot use snapshots to move files to any destination outside of the switch other than an installed external USB flash drive or to move files between switches that are members of the same virtual chassis Snapshot commands like othe...

Page 169: ...you do not need additional licenses Features Requiring a License The following Junos OS features require an Advanced Feature License AFL Border Gateway Protocol BGP and multiprotocol BGP MBGP Intermediate System to Intermediate System IS IS IPv6 routing except multicast protocols MPLS with RSVP based label switched paths LSPs and MPLS based circuit cross connects CCCs Table 21 on page 73 lists the...

Page 170: ...scription 2009 09 03 06 00 11 UTC Minor BGP Routing Protocol usage requires a license Every time you edit or view the configuration a message displays the committed features that require a license For example when you edit the BGP configuration a warning message appears for example edit protocols user switch bgp warning requires bgp license Likewise viewing the configuration causes the system to d...

Page 171: ...ata Junos204558 aeaqea qmijhd amrqha ztfmbu gqzama uqceds ra32zr lsevik ftvjed o4jy5u fynzzj mgviyl kgioyf ardb5g sj7wnt rsfked wbjf5a sg The license data defines the device ID for which the license is valid and the version of the license Related Documentation Managing Licenses for the EX Series Switch CLI Procedure on page 91 Managing Licenses for the EX Series Switch J Web Procedure on page 92 U...

Page 172: ...Copyright 2010 Juniper Networks Inc 76 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 173: ... www juniper net registration Register jsp To download software upgrades from Juniper Networks 1 Using a Web browser follow the links to the download URL on the Juniper Networks webpage For EX Series there are not separate software packages for Canada the U S and other locations Therefore select Canada and U S Version regardless of your location https www juniper net support csc swdist domestic 2 ...

Page 174: ... that you use FTP to copy the file to the var tmp directory This step is optional because the Junos OS can also be upgraded when the software image is stored at a remote location These instructions describe the software upgrade process for both scenarios 4 Install the new package on the switch NOTE A reboot which will occur as part of the execution of the following command is required to complete ...

Page 175: ...u can minimize disrupting network operation during a Junos OS upgrade by upgrading the Routing Engines separately starting with the backup Routing Engine To upgrade the software package on an EX8200 switch with one installed Routing Engine see Installing Software on an EX Series Switch with a Single Routing Engine CLI Procedure on page 78 Install the new Junos OS Release on the backup Routing Engi...

Page 176: ...activate chassis redundancy graceful switchover 4 Save the configuration change on both Routing Engines edit user switch commit synchronize NOTE To ensure the most recent configuration changes are committed beforethesoftwareupgrade performthisstepevenifGRESwaspreviously disabled 5 Exit out of the CLI configuration mode edit user switch exit 6 Optional Back up the current software configuration to ...

Page 177: ...0 9 5R1 5 domestic signed tgz For more information on the request system software add command see the Junos OS System Basics and Services Command Reference at http www juniper net techpubs software junos index html NOTE To abort the installation do not reboot your device instead finish the installation and then issue the request system software delete package name m nZx distribution tgz command wh...

Page 178: ...Master default Routing Engine status Slot 1 Current state Master Election priority Backup default 4 Install the new software package using the request system software add command user switch request system software add validate var tmp jinstall ex 8200 9 5R1 5 domestic signed tgz 5 Reboot the Routing Engine user switch request system reboot Reboot the system yes no no yes When the reboot completes...

Page 179: ...e You will see Routing Engine status Slot 0 Current state Master Election priority Master default Routing Engine status Slot 1 Current state Backup Election priority Backup default Related Documentation Installing Software on EX Series Switches J Web Procedure on page 83 Troubleshooting Software Installation on page 99 Junos OS Package Names on page 71 Understanding Software Installation on EX Ser...

Page 180: ...ckage name http hostname pathname package name Specifies the FTP or HTTP server file path and software package name Package Location required Type the username Specifies the username if the server requires one User Type the password Specifies the password if the server requires one Password Check the box if you want the switching platform to reboot automatically when the upgrade is complete If thi...

Page 181: ...eboot 2 Select one Reboot Immediately Reboots the switching platform immediately Reboot in number of minutes Reboots the switch in the number of minutes from now that you specify Rebootwhenthesystemtimeishour minute Reboots the switch at the absolute time that you specify on the current day You must select a 2 digit hour in 24 hour format and a 2 digit minute Halt Immediately Stops the switching p...

Page 182: ...nterface Reboot page If the switch is halted all software processes stop and you can access the switching platform through the console port only Reboot the switch by pressing any key on the keyboard Related Documentation Starting the J Web Interface on page 152 Copyright 2010 Juniper Networks Inc 86 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 183: ...th the J Web Interface To register the EX Series switch 1 In the J Web interface select Maintain Customer Support Product Registration Note the serial number that is displayed 2 Click Register Enter the serial number in the page that is displayed Related Documentation EX Series Switch Software Features Overview on page 3 Booting the Switch Booting an EX Series Switch Using a Software Package Store...

Page 184: ...ns for an EX Series Switch A computer or other device that you can use to download the software package from the Internet and copy it to the USB flash drive To download a Junos OS package onto a USB flash drive before inserting the USB flash drive 1 Download the Junos OS package that you would like to place onto the EX Series switch from the Internet onto the USB flash drive using your computer or...

Page 185: ...shot on an Internal Flash Drive and Using it to Boot the Switch on page 90 Creating a Snapshot on a USB Flash Drive and Using It to Boot the Switch A snapshot can be created on USB flash memory after a switch is booted using files stored in internal memory Ensure that you have the following tools and parts available before creating a snapshot on a USB Flash drive A USB flash drive that meets the E...

Page 186: ...ystem reboot media internal slice 1 Related Documentation Verifying That a System Snapshot Was Created on an EX Series Switch on page 96 Understanding System Snapshot on EX Series Switches on page 72 Upgrading Software Upgrading Software Using Automatic Software Download on EX Series Switches on page 90 Upgrading Software Using Automatic Software Download on EX Series Switches The automatic softwa...

Page 187: ... Auto image upgrade started On successful installation system will reboot automatically The switch reboots automatically to complete the upgrade Related Documentation Verifying That Automatic Software Download Is Working Correctly on page 95 Understanding Software Installation on EX Series Switches on page 69 DHCP Services for EX Series Switches Overview on page 547 Managing Licenses Managing Lice...

Page 188: ...o delete one or more license keys from the switch with the CLI specify the license ID user switch request system license delete license id You can delete only one license at a time Saving License Keys To save the installed license keys to a file which can be a URL or to the terminal user switch request system license save filename url For example the following command saves the installed license k...

Page 189: ...lled Licenses click Add to add a new license key or keys 3 Do one of the following using a blank line to separate multiple license keys In the License File URL box type the full URL to the destination file containing the license key or keys to be added In the License Key Text box paste the license key text in plain text format for the license to be added 4 Click OK to add the license key or keys A...

Page 190: ...d Licenses click Download Keys to download all the license keys installed on the switch to a single file 3 Select Save it to disk and specify the file to which the license keys are to be written You can also download the license file to your system Related Documentation Managing Licenses for the EX Series Switch CLI Procedure on page 91 Monitoring Licenses for the EX Series Switch on page 96 Under...

Page 191: ...0a 12 00 12 12 Client Status bound Vendor Identifier ether Server Address 10 1 1 1 Address obtained 10 1 1 89 Lease Obtained at 2009 08 20 18 13 04 PST Lease Expires at 2009 08 22 18 13 04 PST DHCP Options Name name server Value 10 209 194 131 2 2 2 2 3 3 3 3 Name server identifier Value 10 1 1 1 Name router Value 10 1 1 80 Name boot image Value jinstall ex 4200 9 6R1 5 domestic signed tgz Name bo...

Page 192: ...726_0011_user jweb ex 10 0I20090726_0011_user jpfe ex42x 10 0I20090726_0011_user Meaning The output shows the date and time when the snapshot was created and the packages that are part of the snapshot The date and time match the time when you created the snapshot You can compare the output of this command to the output of the showsystemsoftware command to ensure that the snapshot contains the same...

Page 193: ...stalled needed bgp 1 1 0 permanent isis 0 1 0 permanent ospf3 0 1 0 permanent ripng 0 1 0 permanent mpls 0 1 0 permanent Licenses installed License identifier JUNOS204558 License version 2 Valid for device BN0208380000 Features ex series Licensed routing protocols in ex series permanent Meaning The output shows the license or licenses for Virtual Chassis deployments installed on the switch and lic...

Page 194: ...wnf rsdked wbjf5a sg Meaning The output shows the license key or keys for Virtual Chassis deployments installed on the switch Verify that each expected license key is present Related Documentation Managing Licenses for the EX Series Switch CLI Procedure on page 91 Managing Licenses for the EX Series Switch J Web Procedure on page 92 Understanding Software Licenses for the EX Series Switch on page ...

Page 195: ...ore the new installation proceeds If there is no Junos OS image on the system follow the instructions in Booting an EX Series Switch Using a Software Package Stored on a USB Flash Drive on page 88 to get an image on the system and boot the switch To perform a recovery installation 1 Power on the switch The loader script starts After the message Loading boot defaults loader conf displays you are pr...

Page 196: ...st time you upgrade the new software package is installed in partition 2 When you finish the installation and reboot partition 2 becomes the active partition Similarly subsequent software packages are installed in the inactive partition which becomes the active partition when you reboot at the end of the installation process If you performed an upgrade and rebooted the system resets the active par...

Page 197: ... is either 0 internal or 1 external and partition indicates the partition number either 1 or 2 You must include the colon at the end of this command 3 Boot Junos OS from the inactive partition loader boot Related Documentation Installing Software on an EX Series Switch with a Single Routing Engine CLI Procedure on page 78 Installing Software on EX Series Switches J Web Procedure on page 83 Underst...

Page 198: ...Copyright 2010 Juniper Networks Inc 102 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 199: ...odemode power budget priority priority lcd menu fpc slot number menu item menu name menu option psu redundancy n plus n redundancy graceful switchover Related Documentation Upgrading Software Using Automatic Software Download on EX Series Switches on page 90 Configuring the LCD Panel on EX Series Switches CLI Procedure on page 192 Configuring Graceful Routing Engine Switchover in a Virtual Chassis...

Page 200: ...ervices for the switch including configuring a path to a boot server and a boot file See the Junos OS System Basics Configuration Guide at http www juniper net techpubs software junos index html for information about using the CLI to configure DHCP services and settings See Configuring DHCP Services J Web Procedure on page 549 for information about using the J Web interface to configure DHCP servi...

Page 201: ...CHAPTER 10 Operational Mode Commands for Software Installation 105 Copyright 2010 Juniper Networks Inc ...

Page 202: ...he filename or the URL where the key is located terminal License key from the terminal Required Privilege Level maintenance List of Sample Output request system license add on page 106 Output Fields When you enter this command you are provided feedback on the status of your request requestsystemlicense add user host request system license add terminal requestsystemlicense add Copyright 2010 Junipe...

Page 203: ...ime Options license id License ID that uniquely identifies a license key Required Privilege Level maintenance List of Sample Output request system license delete on page 107 Output Fields When you enter this command you are provided feedback on the status of your request requestsystemlicense delete user host request system license delete G03000002223 requestsystemlicense delete 107 Copyright 2010 ...

Page 204: ...m a file or URL Specify the filename or the URL where the key is located terminal License key from the terminal Required Privilege Level maintenance List of Sample Output request system license save on page 108 Output Fields When you enter this command you are provided feedback on the status of your request requestsystemlicense save user host request system license save ftp user host license conf ...

Page 205: ...rtition 1 2 alternate at time in minutes media compact flash disk message text Release Information Command introduced before Junos OS Release 7 4 other routing engine option added in Junos OS Release 8 0 Command introduced in Junos OS Release 9 0 for EX Series switches sfc option introduced for the TX Matrix Plus router in Junos OS Release 9 6 Description Reboot the software Options none Reboot th...

Page 206: ...r On a TX Matrix Plus router the number of a T1600 router that is connected to the TX Matrix Plus router Replace number with a value from 0 through 3 local EX4200 switches only Optional Reboot the local Virtual Chassis member media compact flash disk removable compact flash usb Optional Boot medium for next boot The options removable compact flash and usb pertain to the J Series routers only media...

Page 207: ...nate partition AdditionalInformation Reboot requests are recorded in the system log files which you can view with the show log command see show log Also the names of any running processes that are scheduled to be shut down are changed You can view the process names with the show system processes command see show system processes On a TX Matrix or TX Matrix Plus router if you issue the request syst...

Page 208: ... request system reboot in 2 Hours The following example which assumes that the time is 5 PM 17 00 illustrates three different ways to request the system to reboot in two hours user host request system reboot at 120 user host request system reboot in 120 user host request system reboot at 19 00 request system reboot Immediately user host request system reboot at now request system reboot at 1 20 AM...

Page 209: ... the specified member switch of the Virtual Chassis at time Optional Time at which to reboot the software specified in one of the following ways minutes Number of minutes from now to reboot the software hh mm Absolute time on the current day at which to reboot the software specified in 24 hour time now Stop or reboot the software immediately This is the default yymmddhhmm Absolute time at which to...

Page 210: ...boot the system yes no no yes shutdown pid 186 System shutdown message from root berry network net System going down at 23 00 request system reboot in 2 Hours The following example which assumes that the time is 5 PM 17 00 illustrates three different ways to request the system to reboot in two hours user host request system reboot at 120 user host request system reboot in 120 user host request sys...

Page 211: ...l Specify where to place the snapshot in Virtual Chassis configurations all members Create a snapshot for each switch that is a member of the Virtual Chassis local Create a snapshot on the local switch only member member id Create a snapshot for the specified member or member switches of the Virtual Chassis as primary Optional Create a bootable snapshot NOTE The snapshot is always bootable on EX S...

Page 212: ...t boot the switch at the last bootup Required Privilege Level view Related Documentation show system snapshot on page 139 Creating a Snapshot and Using It to Boot an EX Series Switch on page 89 Output Fields When you enter this command you are provided feedback on the status of your request request system snapshot media external slice 1 user switch request system snapshot media external slice 1 re...

Page 213: ...t effort load and unlink options added in Junos OS Release 7 4 Command introduced in Junos OS Release 9 0 for EX Series switches sfc option introduced for the TX Matrix Plus router in Junos OS Release 9 6 Description Install a software package or bundle on the router or switch Options package name Location from which the software package or bundle is to be installed For example var tmp package nam...

Page 214: ...y in order to make room for the installation to be completed If you copy the software to a local directory on the router and then install the new package use the unlink option to achieve the same effect and allow the installation to be completed best effort load Optional Activate a partial load and treat parsing errors as warnings instead of errors delay restart Optional Install software package o...

Page 215: ...oftware on the router or switch when you have a known stable system issue the request system snapshot command to back up the software including the configuration to the altroot and altconfig file systems After you have upgraded the software on the router or switch and are satisfied that the new package or bundle is successfully installed and running issue the request system snapshot command again ...

Page 216: ...7 1R2 2 Using var tmp jinstall 7 2R1 7 domestic signed tgz Verified jinstall 7 2R1 7 domestic tgz signed by PackageProduction_7_2_0 Using var validate tmp jinstall signed jinstall 7 2R1 7 domestic tgz Using var validate tmp jinstall jbundle 7 2R1 7 domestic tgz Checking jbundle requirements on Using var validate tmp jbundle jbase 7 2R1 7 tgz Using var validate tmp jbundle jkernel 7 2R1 7 tgz Using...

Page 217: ...ion is WARNING complete To abort the installation do not reboot your system WARNING instead use the request system software delete jinstall WARNING command as soon as this operation completes Saving package file in var sw pkg jinstall 7 2R1 7 domestic signed tgz Saving state for rollback 121 Copyright 2010 Juniper Networks Inc Chapter 10 Operational Mode Commands for Software Installation ...

Page 218: ... can delete any or all of the following software bundles or packages jbase Optional Junos base software suite jcrypto Optional in domestic version only Junos security software jdocs Optional Junos online documentation file jkernel Optional Junos kernel software suite jpfe Optional Junos Packet Forwarding Engine support jroute Optional Junos routing software suite junos Optional Junos base software...

Page 219: ...ersion of the software because the running and backup copies of the software are identical Required Privilege Level maintenance Related Documentation request system software add on page 117 request system software rollback on page 125 request system software validate on page 128 List of Sample Output request system software delete jdocs on page 123 Output Fields When you enter this command you are...

Page 220: ...n for jbase Comment JUNOS Base OS Software Suite 7 2R1 7 Information for jcrypto Comment JUNOS Crypto Software Suite 7 2R1 7 Information for jkernel Comment JUNOS Kernel Software Suite 7 2R1 7 Copyright 2010 Juniper Networks Inc 124 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 221: ...ges on a T640 router or line card chassis connected to the TX Matrix router On a TX Matrix Plus router attempt to roll back to the previous set of packages on a T1600 router or line card chassis connected to the TX Matrix Plus router Replace number with a value from 0 through 3 local EX4200 switches only Optional Attempt to roll back to the previous set of packages on the local Virtual Chassis mem...

Page 222: ...in var sw pkg Required Privilege Level maintenance Related Documentation request system software add on page 117 request system software delete on page 122 request system software validate on page 128 request system configuration rescue delete on page 466 request system configuration rescue save on page 467 List of Sample Output request system software rollback on page 127 Output Fields When you e...

Page 223: ...nstall Reloading config juniper conf gz Activating config juniper conf gz mgd commit complete Restarting mgd Restarting aprobed Restarting apsd Restarting cosd Restarting fsad Restarting fud Restarting gcdrd Restarting ilmid Restarting irsd Restarting l2tpd Restarting mib2d Restarting nasd Restarting pppoed Restarting rdd Restarting rmopd Restarting rtspd Restarting sampled Restarting serviced Res...

Page 224: ...the software bundle or package on the specified member of the Virtual Chassis configuration Replace member id with a value from 0 through 9 package name Name of the software bundle or package to test scc TX Matrix routers only Optional Validate the software bundle or package for the TX Matrix router or switch card chassis sfc number TX Matrix Plus routers only Optional Validate the software bundle...

Page 225: ...re rollback on page 125 List of Sample Output request system software validate Successful Case on page 130 request system software validate Failure Case on page 130 Output Fields When you enter this command you are provided feedback on the status of your request 129 Copyright 2010 Juniper Networks Inc Chapter 10 Operational Mode Commands for Software Installation ...

Page 226: ...tmp jbundle jdocs 5 3I20020124_0520_sjg tgz Using var chroot var tmp jbundle jroute 5 3I20020124_0520_sjg tgz Validating against config juniper conf gz mgd commit complete WARNING cli has been replaced by an updated version CLI release 5 3I0 built by sjg on 2002 01 24 05 23 53 UTC Restart cli using the new version yes no yes request system software validate Failure Case user host request system so...

Page 227: ...ge Level view List of Sample Output show system autoinstallation status on page 131 show system autoinstallation status user host show system autoinstallation status Autoinstallation status Master state Active show system autoinstallation status Last committed file None Configuration server of last committed file 0 0 0 0 Interface Name fe 0 0 1 State None Address acquisition Protocol DHCP Client A...

Page 228: ...line card chassis connected to a TX Matrix router On a TX Matrix Plus router display boot time messages for all T1600 routers or line card chassis connected to a TX Matrix Plus router all members EX4200 switches only Optional Display boot time messages on all members of the Virtual Chassis configuration lcc number TX Matrix and TX Matrix Plus routers only Optional On a TX Matrix router display boo...

Page 229: ...993 The Regents of the University of California All rights reserved JUNOS 4 1 20000216 Zf8469 0 2000 02 16 12 57 28 UTC tlim single juniper net p build 20000216 0905 4 1 release_kernel sys compil e GENERIC CPU Pentium Pro 332 55 MHz 686 class CPU Origin GenuineIntel Id 0x66a Stepping 10 Features 0x183f9ff FPU VME DE PSE TSC MSR PAE MCE CX8 SEP MTRR PGE MCA CMOV b 16 b17 MMX b24 Teknor CPU Card Rec...

Page 230: ... S T 512 B S wdc1 not found at 0x170 wdc2 not found at 0x180 ep0 not found at 0x300 fxp0 Ethernet address 00 a0 a5 12 05 5a fxp1 Ethernet address 00 a0 a5 12 05 59 fxp2 Ethernet address 02 00 00 00 00 01 swapon adding dev wd1s1b as swap device Automatic reboot in progress dev rwd0s1a clean 16599 free 95 frags 2063 blocks 0 1 fragmentation dev rwd0s1e clean 9233 free 9 frags 1153 blocks 0 1 fragmen...

Page 231: ...1996 2009 Juniper Networks Inc All rights reserved Copyright c 1992 2006 The FreeBSD Project Copyright c 1979 1980 1983 1986 1988 1989 1991 1992 1993 1994 The Regents of the University of California All rights reserved JUNOS 9 6B3 3 0 2009 06 17 19 52 08 UTC builder lanath juniper net volume build junos 9 6 release 9 6B3 3 obj i386 bsd sys compile JUNIPER MPTable Timecounter i8254 frequency 119318...

Page 232: ...wsystemlicense command Output fields are listed in the approximate order in which they appear Table 24 show system license Output Fields Field Description Field Name Name assigned to the configured feature You use this information to verify that all the features for which you installed licenses are present Feature name Number of licenses used by a router or switch You use this information to verif...

Page 233: ...nses Licenses Licenses Expiry Feature name used installed needed subscriber accounting 2 2 0 permanent subscriber authentication 1 2 0 permanent subscriber address assignment 2 2 0 permanent subscriber vlan 2 2 0 permanent subscriber ip 0 2 0 permanent scale subscriber 2 3 0 permanent scale l2tp 4 5 0 permanent scale mobile ip 1 2 0 permanent Licenses installed License identifier XXXXXXXXXX Licens...

Page 234: ...st show system license usage License usage Licenses Licenses Licenses Expiry Feature name used installed needed subscriber accounting 2 2 0 permanent subscriber authentication 1 2 0 permanent subscriber address assignment 2 2 0 permanent subscriber vlan 2 2 0 permanent subscriber ip 0 2 0 permanent scale subscriber 2 3 0 permanent scale l2tp 4 5 0 permanent scale mobile ip 1 2 0 permanent t Copyri...

Page 235: ...The external option specifies the snapshot on an external mass storage device such as a USB flash drive The internal option specifies the snapshot on an internal memory source such as internal flash memory slice 1 2 alternate Display the snapshot in a partition 1 Display the snapshot in partition 1 2 Display the snapshot in partition 2 alternate Display the snapshot in the alternate partition whic...

Page 236: ..._user jroute ex 10 0I20090726_0011_user jswitch ex 10 0I20090726_0011_user jweb ex 10 0I20090726_0011_user jpfe ex42x 10 0I20090726_0011_user Copyright 2010 Juniper Networks Inc 140 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 237: ...PART 4 User Interfaces User Interfaces Overview on page 143 Using the Configuration Tools on page 151 Operational Mode Commands for User Interfaces on page 153 141 Copyright 2010 Juniper Networks Inc ...

Page 238: ...Copyright 2010 Juniper Networks Inc 142 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 239: ...ompletion on page 143 CLI Command Modes on page 144 CLI Overview Junos operating system Junos OS CLI is a Juniper Networks specific command shell that runs on top of a UNIX based operating system kernel The CLI provides command help and command completion The CLI also provides a variety of UNIX utilities such as Emacs style keyboard sequences that allow you to move around on a command line and scr...

Page 240: ...guration mode is indicated by the prompt and includes the current location in the configuration hierarchy for example edit interfaces ge 0 0 12 user switch In configuration mode you are actually viewing and changing the candidate configuration file The candidate configuration allows you to make configuration changes without causing operational changes to the current operating configuration called ...

Page 241: ...you do in a typical Web browser interface For information about the CLI user interface see CLI User Interface Overview on page 143 Use Microsoft Internet Explorer version 7 0 or Mozilla Firefox version 3 0 to access the J Web interface NOTE The browser and the network must support receiving and processing HTTP 1 1 GZIP compressed data Each page of the J Web interface is divided into panes Top pane...

Page 242: ...There are some pages on which configuration changes must be committed immediately For such pages if you configure the commit options for a single commit the system displays warning notifications that remind you to commit your changes immediately An example for such a page is Switching Commit Options Displays links to information on help and the J Web interface Help Contents View context sensitive ...

Page 243: ...tion hierarchy Related Documentation Using the Commit Options to Commit Configuration Changes J Web Procedure on page 420 EX Series Switch Software Features Overview on page 3 EX3200 and EX4200 Switches Hardware Overview on page 26 EX Series Switch Software Features Overview on page 3 Connecting and Configuring an EX Series Switch J Web Procedure on page 189 CLI User Interface Overview on page 143...

Page 244: ...n Roll back to a previous configuration Create or delete a rescue configuration Point Click CLI editor Use for complete configuration if you know the Junos OS CLI or prefer a command interface Configure all switching platform services System parameters User Accounting and Access Interfaces VLAN properties Virtual Chassis properties Secure Access Services Routing protocols Interface in which you do...

Page 245: ...SSH If the switch does not detect any activity through the J Web interface for 15 minutes the session times out and is terminated You must log in again to begin a new session To explicitly terminate a J Web session at any time click Logout in the top pane Related Documentation J Web User Interface for EX Series Switches Overview on page 145 Configuring Management Access for the EX Series Switch J ...

Page 246: ...Copyright 2010 Juniper Networks Inc 150 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 247: ...ore information To access the CLI through the J Web interface your management device requires the following features SSH access Enable Secure shell SSH on your system SSH provides a secured method of logging in to the switch to encrypt traffic so that it is not intercepted If SSH is not enabled on the system the CLI terminal page displays an error Java applet support Make sure that your Web browse...

Page 248: ... the login page type your username and password and click Log In To correct or change the username or password you typed click Reset type the new entry or entries and click Log In NOTE The default username is root with no password You must change this during initial configuration or the system does not accept the configuration The Chassis Dashboard information page appears To explicitly terminate ...

Page 249: ...CHAPTER 13 Operational Mode Commands for User Interfaces 153 Copyright 2010 Juniper Networks Inc ...

Page 250: ... view Related Documentation show cli on page 163 List of Sample Output set cli complete on space on page 154 Output Fields When you enter this command you are provided feedback on the status of your request set cli complete on space In the following example pressing the Spacebar changes the partial command entry from com to complete on space The example shows how adding the keyword off at the end ...

Page 251: ...e working directory Required Privilege Level view Related Documentation show cli directory on page 167 List of Sample Output set cli directory on page 155 Output Fields When you enter this command you are provided feedback on the status of your request set cli directory user host set cli directory var home regress Current directory var home regress set cli directory 155 Copyright 2010 Juniper Netw...

Page 252: ...his command and the user s login class does not specify this value the user is never forced off the system after extended idle times Setting the value to 0 disables the timeout Required Privilege Level view Related Documentation show cli on page 163 List of Sample Output set cli idle timeout on page 156 Output Fields When you enter this command you are provided feedback on the status of your reque...

Page 253: ...include spaces in the prompt enclose the string in quotation marks By default the string is username hostname Required Privilege Level view Related Documentation show cli on page 163 List of Sample Output set cli prompt on page 157 Output Fields When you enter this command the new CLI prompt is displayed set cli prompt user host set cli prompt lab1 router lab1 router set cli prompt 157 Copyright 2...

Page 254: ...re Options off Disables the prompt on Enables the prompt Required Privilege Level view Related Documentation show cli on page 163 List of Sample Output set cli restart on upgrade on page 158 Output Fields When you enter this command you are provided feedback on the status of your request set cli restart on upgrade user host set cli restart on upgrade on Enabling restart on upgrade set cli restart ...

Page 255: ...more prompt appears on the screen is a function of this setting and the settings for the set cli screen width and set cli terminal commands Required Privilege Level view Related Documentation set cli screen width on page 160 set cli terminal on page 161 show cli on page 163 List of Sample Output set cli screen length on page 159 Output Fields When you enter this command you are provided feedback o...

Page 256: ... is a function of this setting and the settings for the set cli screen length and set cli terminal commands Required Privilege Level view Related Documentation set cli screen length on page 159 set cli terminal on page 161 show cli on page 163 List of Sample Output set cli screen width on page 160 Output Fields When you enter this command you are provided feedback on the status of your request set...

Page 257: ...terminal 80 characters by 24 lines small xterm Small xterm window 80 characters by 24 lines vt100 VT100 compatible terminal 80 characters by 24 lines xterm Large xterm window 80 characters by 65 lines Required Privilege Level view Related Documentation show cli on page 163 List of Sample Output set cli terminal on page 161 Output Fields This command provides no output set cli terminal user host se...

Page 258: ...olders in any order m Two digit month d Two digit date T Six digit hour minute and seconds disable Remove the timestamp from the CLI Required Privilege Level view Related Documentation show cli on page 163 List of Sample Output set cli timestamp on page 162 Output Fields When you enter this command you are provided feedback on the status of your request set cli timestamp user host set cli timestam...

Page 259: ...the number of minutes is displayed Otherwise the state is disabled CLI idle timeout CLI is set to prompt you to restart the router or switch after upgrading the software on or off CLIrestart on upgrade Number of lines of text that the terminal screen displays CLI screen length Number of characters in a line on the terminal screen CLI screen width Terminal type CLI terminal Mode enhanced CLI is ope...

Page 260: ...eld Description Field Name Can view access configuration information access Can modify access configuration access control Can view user account information admin Can modify user account information admin control Can clear learned network information clear Can enter configuration mode configure Can modify any configuration control Can edit configuration files edit Reserved for field debugging supp...

Page 261: ... in the configuration secret control Can view security configuration information security Can modify security configuration information security control Can start a local shell shell Can view SNMP configuration information snmp Can modify SNMP configuration information snmp control Can view system configuration information system Can modify system configuration information system control Can view ...

Page 262: ...n modify trace file settings view Can view current values and statistics maintenance Can become the super user firewall Can view firewall configuration firewall control Can modify firewall configuration secret Can view secret configuration secret control Can modify secret configuration rollback Can rollback to previous configurations security Can view security configuration security control Can mo...

Page 263: ... cli directory on page 167 Output Fields Table 29 on page 167 lists the output fields for the show cli directory command Output fields are listed in the approximate order in which they appear Table 29 show cli directory Output Fields Field Description Field Name Pathname of the current working directory Current directory show cli directory user host show cli directory Current directory var home re...

Page 264: ...story on page 168 Output Fields Table 30 on page 168 lists the output fields for the show cli history command Output fields are listed in the approximate order in which they appear Table 30 show cli history Output Fields Field Description Field Name Time at which the command was entered timestamp Command that was entered command syntax show cli history user host show cli history 11 14 14 show arp ...

Page 265: ...onal Start the shell as another user AdditionalInformation When you are in the shell the shell prompt has the following format username hostname An example of the prompt is root router Required Privilege Level shell and maintenance List of Sample Output start shell csh on page 169 Output Fields When you enter this command you are provided feedback on the status of your request start shell csh star...

Page 266: ...Copyright 2010 Juniper Networks Inc 170 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 267: ...tches System Setup System Setup Overview on page 173 Initial Configuration on page 187 Configuration Statements for System Setup on page 197 Operational Mode Commands for System Setup on page 229 171 Copyright 2010 Juniper Networks Inc ...

Page 268: ...Copyright 2010 Juniper Networks Inc 172 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 269: ...cess Control Features Table 2 on page 5 Administration Features Table 3 on page 5 Class of Service CoS Features Table 4 on page 5 High Availability and Resiliency Features Table 5 on page 7 Interfaces Features Table 6 on page 7 IP Address Management Features Table 7 on page 8 IPv6 Features Table 8 on page 8 Layer 2 Network Protocols Features Table 9 on page 9 Layer 3 Protocols Features Table 10 on...

Page 270: ...rate limiting For a list of supported firewall filter match conditions and actions see Firewall Filter Match Conditions and Actions for EX Series Switches on page 3009 Junos OS 10 0R1 Junos OS 10 2R1 Junos OS 9 0R2 Junos OS 10 1R1 Firewall filters on LAGs Junos OS 9 6R1 Junos OS 10 2R1 Junos OS 9 2R1 Junos OS 10 1R1 Firewall filter on loopback interface Junos OS 10 3R1 Not supported Junos OS 10 1R...

Page 271: ...ers on routed VLAN interfaces RVIs Junos OS 9 5R1 Not applicable Not applicable Not applicable CoS multidestination Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 2R1 Junos OS 10 1R1 CoS support on LAGs Junos OS 9 4R1 Not supported Junos OS 9 4R1 Junos OS 10 3R1 CoS support on routed VLAN interfaces RVIs Junos OS 10 2R1 Not supported Junos OS 9 4R1 Junos OS 10 3R1 Interface specific CoS rewrite rules J...

Page 272: ...rt for dual homing applications in data centers Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 0R2 Junos OS 10 1R1 Link aggregation groups LAGs Not applicable Not applicable Junos OS 9 6R1 EX4200 only Not applicable Link aggregation groups LAGs over Virtual Chassis ports VCPs Junos OS 9 4R1 Not supported Junos OS 9 0R2 Junos OS 10 1R1 Redundant trunk groups Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 0R2...

Page 273: ...unos OS 10 1R1 Power over Ethernet PoE Not supported Not supported Not supported Junos OS 10 3R1 Power over Ethernet Plus PoE Not supported Not applicable Junos OS 9 3R2 Junos OS 10 1R1 PoE power management mode Junos OS 10 1R1 Not supported Junos OS 9 3R2 Not supported Unicastreverse pathforwarding RPF Junos OS 9 4R1 Not supported Junos OS 9 2R1 Not supported VLAN tagged Layer 3 subinterfaces Tab...

Page 274: ...ng Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 1R1 Junos OS 10 1R1 BPDU protection for spanning tree protocols Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 1R1 Not supported GARP VLAN Registration Protocol GVRP Not supported Not supported Junos OS 10 0 Not supported Layer 2 protocol tunneling L2PT Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 0R2 Junos OS 10 1R1 Link Layer Discovery Protocol LLDP Not suppo...

Page 275: ...panning tree Spanning Tree Protocol STP Rapid Spanning Tree Protocol RSTP Multiple Spanning Tree Protocol MSTP Junos OS 9 6R1 Junos OS 10 2R1 Junos OS 9 4R1 Junos OS 10 1R1 Spanning tree VLAN Spanning Tree Protocol VSTP Junos OS 10 2R1 Junos OS 10 2R1 Junos OS 10 2R1 Not supported Spanning tree RSTP and VSTP concurrent configuration Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 1R1 Junos OS 10 1R1 Sto...

Page 276: ...ames on routed VLAN interfaces RVIs Junos OS 9 5R1 Not supported Junos OS 9 5R1 Not supported OSPF Multitopology Routing MT OSPF See the Junos OS Routing Protocols Configuration Guide at www juniper net techpubs software junos index html Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 0R2 Not supported OSPFv2 Not supported Not supported Junos OS 10 3R1 Not supported OSPFv3 IPSec support Junos OS 9 4R1 J...

Page 277: ...tches EX3200 and EX4200 Switches EX2200Switches Feature Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 0R2 Not supported Internet Group Management Protocol IGMP version1 v1 and IGMPv2 Junos OS 9 6R1 Junos OS 10 2R1 Junos OS 9 3R2 Not supported IGMPv3 Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 1R1 Junos OS 10 1R1 IGMPv1 v2 snooping Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 2R1 Junos OS 10 1R1 IGMP snoopi...

Page 278: ...Network Management and Monitoring Features EX8200Switches EX4500Switches EX3200 and EX4200 Switches EX2200Switches Feature Not supported Not supported Junos OS 10 2R1 Not supported 802 1ag Ethernet OAM connectivity fault management CFM Junos OS 10 0R1 Not supported Junos OS 9 4R1 Not supported Ethernet OAM link fault management LFM Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 0R2 Junos OS 10 1R1 Port...

Page 279: ... OS 9 4R1 Junos OS 10 2R1 Junos OS 9 3R2 Junos OS 10 1R1 DHCP option 82 Junos OS 10 3R1 Not supported Junos OS 9 0R2 Junos OS 10 1R1 DHCP snooping Junos OS 10 3R1 Not supported Junos OS 9 0R2 Junos OS 10 1R1 Dynamic ARP inspection DAI Junos OS 10 3R1 Not supported Junos OS 9 2R1 Junos OS 10 1R1 IP source guard Junos OS 10 3R1 Junos OS 10 2R1 Junos OS 9 0R2 Junos OS 10 1R1 MAC limiting Junos OS 10 ...

Page 280: ...page 30 EX8208 Switch Hardware Overview on page 33 EX8216 Switch Hardware Overview on page 36 Understanding Software Infrastructure and Processes Each switch runs the Juniper Networks Junos operating system Junos OS for Juniper Networks EX Series Ethernet Switches on its general purpose processors Junos OS includes processes for Internet Protocol IP routing and for managing interfaces networks and...

Page 281: ...u can selectively upgrade all or part of the Junos OS for added flexibility Table 17 on page 24 describes the primary Junos OS processes Table 45 Junos OS Processes Description Name Process Detects hardware on the system that is used to configure network interfaces Monitors the physical status of hardware components and field replaceable units FRUs detecting when environment sensors such as temper...

Page 282: ...ber of times to prevent thrashing and logs any failure information for further investigation mgd Management process Defines how routing protocols such as RIP OSPF and BGP operate on the device including selecting routes and maintaining forwarding tables rpd Routing protocol process Related Documentation For more information about processes see the Junos OS Network Operations Guide at http www juni...

Page 283: ... an EX Series switch one method is through the console using the CLI and the other is using the J Web interface This topic describes the CLI procedure NOTE To run the ezsetup script the switch must have the factory default configuration as the active configuration If you have configured anything on the switch and want to run ezsetup revert to the factory default configuration See Reverting to the ...

Page 284: ...ter the root password 5 Enter yes to enable services like Telnet and SSH By default Telnet is not enabled and SSH is enabled NOTE When Telnet is enabled you will not be able to log in to an EX Series switch through Telnet using root credentials Root login is allowed only for SSH access 6 Use the Management Options page to select the management scenario NOTE On EX4500 and EX8200 switches only the o...

Page 285: ...n EX4500 Switch Installing and Connecting an EX8208 Switch Installing and Connecting an EX8216 Switch Connecting and Configuring an EX Series Switch J Web Procedure There are two ways to connect and configure an EX Series switch one method is through the console using the CLI and the other is using the J Web interface This topic describes the J Web procedure NOTE Before you begin the configuration...

Page 286: ...ernet port on the PC to the switch EX2200 EX3200 or EX4200 switch Connect the cable to port 0 ge 0 0 0 on the front panel of the switch EX4500 switch Connect the cable to the port labeled MGMT on the front panel of the switch EX8200 switch Connect the cable to the port labeled MGMT on the Switch Fabric and Routing Engine SRE module in slot SRE0 in an EX8208 switch or on the Routing Engine RE modul...

Page 287: ...D member interfaces management IP address and default gateway for the new VLAN Out of band Management Configure management port Select this option to configure only the management interface Click Next Specify the IP address and default gateway for the management interface 8 Click Next 9 On the Manage Access page you may select options to enable Telnet SSH and SNMP services For SNMP you can configu...

Page 288: ...enu options if you do not want switch users to use them You can also set a custom message that will be displayed on the panel This topic describes Disabling or Enabling Menus and Menu Options on the LCD Panel on page 192 Configuring a Custom Display Message on page 193 Disabling or Enabling Menus and Menu Options on the LCD Panel By default the Maintenance menu the Status menu and the options in t...

Page 289: ...an EX4200 switch in a Virtual Chassis configuration user switch set chassis display message message fpc slot slot number To display a custom message permanently On an EX3200 switch a standalone EX4200 switch or an EX8200 switch user switch set chassis display message message permanent On an EX4200 switch in a Virtual Chassis configuration user switch set chassis display message message fpc slot sl...

Page 290: ...ct the appropriate time zone from the list Identifies the timezone that the switching platform is located in Time Zone To immediately set the time click one SynchronizewithPCtime The switch synchronizes the time with that of the PC NTP Servers The switch sends a request to the NTP server and synchronizes the system time Manual A pop up window allows you to select the current date and time from a l...

Page 291: ...password The system encrypts the password NOTE After a root password has been defined it is required when you log in to the J Web user interface or the CLI Sets the root password that user root can use to log in to the switching platform Root Password Retype the password Verifies that the root password has been typed correctly Confirm Root Password To add an IP address click Add To edit an IP addr...

Page 292: ...Copyright 2010 Juniper Networks Inc 196 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 293: ... the time between updates can improve system performance passive learning Configures backupVRRP routersor switches to learnthe ARP mappings IP to MAC address for hosts sending the requests By default the backup VRRP router drops these requests therefore if the master router fails the backup router must learn all entries present in the ARP cache of the master router Configuring passive learning red...

Page 294: ...eme MD5 must be identical between a set of peers sharing the same key number Options key number Positive integer that identifies the key type type Authentication type It can only be md5 value password The key itself which can be from 1 through 8 ASCII characters If the key contains spaces enclose it in quotation marks Required Privilege Level system To view this statement in the configuration syst...

Page 295: ...isable super user access or root logins to establish terminal connection type terminal type Type of terminal that is connected to the port Range ansi vt100 small xterm xterm Default The terminal type is unknown and the user is prompted for the terminal type Required Privilege Level system To view this statement in the configuration system control To add this statement to the configuration Related ...

Page 296: ...configure a server that the router or switch uses to determine the time when the router or switch boots Otherwise NTP will not be able to synchronize to a time server if the server s time appears to be very far off of the local router s or switch s time Options address Address of an NTP server You must specify an address not a hostname Required Privilege Level system To view this statement in the ...

Page 297: ...oadcast address on one of the local networks or a multicast address assigned to NTP You must specify an address not a hostname If the multicast address is used it must be 224 0 1 1 key key number Optional All packets sent to the address include authentication fields that are encrypted using the specified key number Range Any unsigned 32 bit integer ttl value Optional Time to live TTL value to use ...

Page 298: ...tch to listen for broadcast messages on the local network to discover other servers on the same subnet Required Privilege Level system To view this statement in the configuration system control To add this statement to the configuration Related Documentation Configuring the Router or Switch to Listen for Broadcast Messages Using NTP Copyright 2010 Juniper Networks Inc 202 Complete Software Guide f...

Page 299: ...nfiguring the console port as insecure also prevents superusers and anyone with a user identifier UID of 0 from establishing terminal connections in multiuser mode log out on disconnect Log out the session when the data carrier on the console port is lost type terminal type Type of terminal that is connected to the port Range ansi vt100 small xterm xterm Default The terminal type is unknown and th...

Page 300: ...local address for broadcast and multicast packets sourced locally and sent out through the interface An interface s preferred address is the default local address used for packets sourced by the local router or switch to destinations on the subnet By default the numerically lowest local address configured for the interface is chosen as the preferred address on the subnet To configure a different p...

Page 301: ...r Switch gre path mtu discovery Syntax gre path mtu discovery no gre path mtu discovery Hierarchy Level edit system internet options Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure path MTU discovery for outgoing GRE tunnel connections gre path mtu discovery Path MTU discovery is enabled ...

Page 302: ...stem internet options Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure rate limiting parameters for ICMPv4 messages sent Options bucket size seconds Number of seconds in the rate limiting bucket Range 0 through 4294967295 seconds Default 5 packet rate pps Rate limiting packets earned per s...

Page 303: ...ions bucket size seconds Number of seconds in the rate limiting bucket Range 0 through 4294967295 seconds Default 5 packet rate pps Rate limiting packets earned per second Range 0 through 4294967295 pps Default 1000 Required Privilege Level admin To view this statement in the configuration admin control To add this statement to the configuration Related Documentation Configuring the JUNOS Software...

Page 304: ...s Options address Address of the default router destinationdestination address Optional Destinationaddressthatisreachablethrough the backup router Include this option to achieve network reachability while loading configuring and recovering the router or switch but without the risk of installing a default route in the forwarding table Default All hosts default route are reachable through the backup...

Page 305: ...ments are explained separately Required Privilege Level admin To view this statement in the configuration admin control To add this statement to the configuration Related Documentation Configuring the JUNOS Software ICMPv4 Rate Limit for ICMPv4 Routing Engine Messages Configuring the JUNOS Software ICMPv6 Rate Limit for ICMPv6 Routing Engine Messages Configuring the JUNOS Software for IP IP Path M...

Page 306: ... statement in the configuration system control To add this statement to the configuration Related Documentation Configuring the JUNOS Software for IP IP Path MTU Discovery on IP IP Tunnel Connections ipv6 duplicate addr detection transmits Syntax ipv6 duplicate addr detection transmits Hierarchy Level edit system internet options Release Information Statement introduced in Junos OS Release 9 1 Sta...

Page 307: ...t to the configuration Related Documentation Configuring the JUNOS Software for IPv6 Path MTU Discovery ipv6 path mtu discovery timeout Syntax ipv6 path mtu discovery timeout minutes Hierarchy Level edit system internet options Release Information Statement introduced in Junos OS Release 9 2 Statement introduced in Junos OS Release 9 2 for EX Series switches Description Set the IPv6 path MTU disco...

Page 308: ... Description Enable and disable rejecting incoming IPv6 packets with a zero hop limit value in their header Required Privilege Level system To view this statement in the configuration system control To add this statement to the configuration Related Documentation Configuring the JUNOS Software for Acceptance of IPv6 Packets with a Zero Hop Limit Copyright 2010 Juniper Networks Inc 212 Complete Sof...

Page 309: ...ly Disable or enable the specified menu or menu options where slot number is 0 On an EX3200 switch a standalone EX4200 switch or an EX4500 switch 0 9 On an EX4200 switch in a Virtual Chassis The value is the member ID of the switch The remaining statement is explained separately Required Privilege Level view level To view this statement in the configuration control level To add this statement to t...

Page 310: ...haracters in length If the string contains spaces enclose it in quotation marks country code code Two letter country code floor number Floor in the building hcoord horizontal coordinate Bellcore Horizontal Coordinate lata service area Long distance service area latitude degrees Latitude in degree format longitude degrees Longitude in degree format npa nxx number First six digits of the phone numbe...

Page 311: ...Related Documentation Configuring the Physical Location of the Router or Switch 215 Copyright 2010 Juniper Networks Inc Chapter 16 Configuration Statements for System Setup ...

Page 312: ...atus for an EX4200 switch in a Virtual Chassis configuration status menu sf status1 menu EX8200 switches only Status of the switch fabric on the Switch Fabric and Routing Engine SRE module in slot SRE0 on EX8208 switches Status of the switch fabric on the Switch Fabric SF modules in slots SF0 and SF1 on EX8216 switches status menusf status2 menu EX8200 switches only Status of the switch fabric on ...

Page 313: ...ent introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description For NTP configure the local router or switch to listen for multicast messages on the local network to discover other servers on the same subnet Options address Optional One or more IP addresses If you specify addresses the router or switch joins those multicast groups Default ...

Page 314: ...ng the JUNOS Software to Disable the Routing Engine Response to Multicast Ping Packets no ping record route Syntax no ping record route Hierarchy Level edit system Release Information Statement introduced in Junos OS Release 9 4 Statement introduced in Junos OS Release 9 4 for EX Series switches Description Configure the Junos OS to disable the reporting of the IP address in ping responses Require...

Page 315: ...Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 4 for EX Series switches Description Disable the sending of protocol redirect messages by the router or switch To disable the sending of redirect messages on a per interface basis include the no redirects statement at the edit interfaces interface name unit logical unit number family family hierarchy level ...

Page 316: ...ensions no tcp rfc1323 paws Syntax no tcp rfc1323 paws Hierarchy Level edit system internet options Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure the Junos OS to disable the RFC 1323 Protection Against Wrapped Sequence PAWS number extension Required Privilege Level system To view this s...

Page 317: ...o the configuration Related Documentation Synchronizing and Coordinating Time Distribution Using NTP path mtu discovery Syntax path mtu discovery no path mtu discovery Hierarchy Level edit system internet options Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure path MTU discovery for outgo...

Page 318: ...must specify an address not a hostname key key number Optional All packets sent to the address include authentication fields that are encrypted using the specified key number Range Any unsigned 32 bit integer prefer Optional Mark the remote system as the preferred host which means that if all other factors are equal this remote system is chosen for synchronization among a set of correctly operatin...

Page 319: ...rties of the console and auxiliary ports The ports are located on the router s craft interface See the switch s hardware documentation for port locations The remaining statements are explained separately Required Privilege Level system To view this statement in the configuration system control To add this statement to the configuration Related Documentation Configuring the JUNOS Software to Set Co...

Page 320: ...s the router or switch reboots from the alternate media or the other Routing Engine process name One of the valid process names You can obtain a complete list of process names by using the CLI command completion feature After specifying a process name command completion also indicates any additional options for that process timeout seconds Optional How often the system checks the watchdog timer in...

Page 321: ...his remote system is chosen for synchronization among a set of correctly operating systems versionvalue Optional Specify the version number to be used in outgoing NTP packets Range 1 through 4 Default 4 Required Privilege Level system To view this statement in the configuration system control To add this statement to the configuration Related Documentation Configuring the NTP Time Server and Time ...

Page 322: ...n If you specify a maximum number of files you must also specify a maximum file size with the size option and a filename Range 2 through 1000 Default 3 files match regex Optional Refine the output to include lines that contain the regular expression no world readable Optional Disable unrestricted file access size size Optional Maximum size of each trace file in kilobytes KB megabytes MB or gigabyt...

Page 323: ...d higher levels are captured Enter one of the following trace levels as the trace level debug Log all code flow of control error Log failures with a short term effect info Log summary for normal operations such as the policy decisions made for a call trace Log program trace START and EXIT macros warning Log failure recovery events or failure of an external entity ui trace level Trace user interfac...

Page 324: ... time with other systems on the network Options key numbers One or more key numbers Each key can be any 32 bit unsigned integer except 0 Required Privilege Level system To view this statement in the configuration system control To add this statement to the configuration Related Documentation Configuring NTP Authentication Keys authentication key on page 198 broadcast on page 201 peer on page 222 s...

Page 325: ...CHAPTER 17 Operational Mode Commands for System Setup 229 Copyright 2010 Juniper Networks Inc ...

Page 326: ...lear or stop a text message on the craft interface display lcc number TX Matrix and TX Matrix Plus routers only Optional On a TX Matrix router clear or stop a text message on the craft interface on a specific T640 router that is connected to the TX Matrix router On a TX Matrix Plus router clear or stop a text message on the craft interface on a specific T1600 router that is connected to the TX Mat...

Page 327: ...off Host OK LED On Host fail LED Off FPCs 0 1 2 3 4 5 6 7 Green Red LCD screen NOC contact Dusty 888 526 1234 user host clear chassis display message user host show chassis craft interface Red alarm LED off relay off Yellow alarm LED off relay off Host OK LED On Host fail LED Off FPCs 0 1 2 3 4 5 6 7 Green Red LCD screen host Up 0 17 05 47 Temperature OK 231 Copyright 2010 Juniper Networks Inc Cha...

Page 328: ...Matrix and TX Matrix Plus routers only Optional Clear all halt or reboot requests for all the Routing Engines in the chassis all lcc TX Matrix and TX Matrix Plus routers only Optional On a TX Matrix router clear all halt or reboot requests for all T640 routers or line card chassis connected to the TX Matrix router On a TX Matrix Plus router clear all halt or reboot requests for all T1600 routers o...

Page 329: ... Optional Clear all halt or reboot requests for the TX Matrix router or switch card chassis sfc number TX Matrix Plus routers only Optional Clear all halt or reboot requests for the TX Matrix Plus router or switch fabric chassis Replace number with 0 Required Privilege Level maintenance Related Documentation request system reboot on page 109 List of Sample Output clear system reboot on page 234 cl...

Page 330: ...ating clear system reboot clear system reboot TX Matrix Router user host clear system reboot scc re0 No shutdown reboot scheduled lcc0 re0 No shutdown reboot scheduled lcc2 re0 No shutdown reboot scheduled Copyright 2010 Juniper Networks Inc 234 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 331: ...s you remain in configuration mode allowing you to make changes without interference from other users Other users can enter and exit configuration mode but they cannot change the configuration private Optional Allow multiple users to edit different parts of the configuration at the same time and to commit only their own changes or to roll back without interfering with one another s changes You can...

Page 332: ...6 sha1 key value Optional With the url option specify a checksum hash to verify the integrity of the script You can include the key option if the checksum statement is included at the editsystemscriptsopfilefilename hierarchy level url url Optional Specify a URL where the script is located AdditionalInformation For more information about Junos op scripts see the Junos Configuration and Operations ...

Page 333: ...r request op user host op script1 interface ge 0 2 0 0 protocol inet op op url user host op url https www juniper net fa 2009 04 01 01 slax key md5 8de24d09e1d90b2581bb937d2a5ad590 interface ge 0 2 0 0 protocol inet 237 Copyright 2010 Juniper Networks Inc Chapter 17 Operational Mode Commands for System Setup ...

Page 334: ...ne fpc slot slot number Flexible PIC Concentrator FPC slot number Replace slot number with a value appropriate for your router or switch EX Series switches EX3200 switches and EX4200 standalone switches 0 EX4200 switches in a Virtual Chassis configuration 0 through 9 switch s member ID EX8208 switches 0 through 7 line card EX8216 switches 0 through 15 line card M5 M7i M10 and M10i routers 0 or 1 M...

Page 335: ...hes it is 0 for built in network interfaces and 1 for interfaces on uplink modules For EX8208 and EX8216 switches it is 0 lcc number TX Matrix and TX Matrix Plus routers only Optional On a TX Matrix router control the PIC in a specified T640 router that is connected to the TX Matrix router On a TX Matrix Plus router control the PIC in a specified T1600 router that is connected to the TX Matrix Plu...

Page 336: ...or routers or switches with multiple Routing Engines control which Routing Engine is the master CAUTION Routing matrix based on the TX Matrix or TX Matrix Plus routers only Within the routing matrix we recommend that all Routing Engines run the same Junos OS Release If you run different releases on the Routing Engines and a change in mastership occurs on any backup Routing Engine in the routing ma...

Page 337: ... Routing Engines in the routing matrix Likewise on a routing matrix composed of a TX Matrix Plus router and the attached T1600 routers switch mastership on all the Routing Engines in the routing matrix all lcc TX Matrix Plus routers only Request to acquire mastership for all line card chassis LCC lcc number TX Matrix and TX Matrix Plus routers only On a TX Matrix router the T640 router or LCC that...

Page 338: ...n page 836 List of Sample Output request chassis routing engine master acquire on page 242 request chassis routing engine master switch on page 242 Output Fields When you enter this command you are provided feedback on the status of your request request chassis routing engine master acquire user host request chassis routing engine master acquire warning Traffic will be interrupted while the PFE is...

Page 339: ...Resolving mastership Complete The local routing engine becomes the master 243 Copyright 2010 Juniper Networks Inc Chapter 17 Operational Mode Commands for System Setup ...

Page 340: ...h routing engines other routing engine in minutes media compact flash disk message text Release Information Command introduced before Junos OS Release 7 4 other routing engine option introduced in Junos OS Release 8 0 Command introduced in Junos OS Release 9 0 for EX Series switches sfc option introduced for the TX Matrix Plus router in Junos OS Release 9 6 Description Stop the router or switch so...

Page 341: ... Virtual Chassis member in minutes Optional Number of minutes from now to stop the software This option is an alias for the at minutes option media compact flash disk removable compact flash usb Optional Boot medium for next boot The options removable compact flash and usb pertain to J Series routers only media external internal EX Series switches only Optional Halt the boot media external Halt th...

Page 342: ... you issue the request system halt both routing engines command on the TX Matrix or TX Matrix Plus router all the Routing Engines on the routing matrix are halted NOTE If you have a router or switch with two Routing Engines and you want to shut the power off to the router or switch or remove a Routing Engine you must first halt the backup Routing Engine if it has been upgraded then halt the master...

Page 343: ...ent ways to request that the system stop 2 hours from now user host request system halt at 120 user host request system halt in 120 user host request system halt at 19 00 request system halt Immediately user host request system halt at now request system halt at 1 20 AM To stop the system at 1 20 AM enter the following command Because 1 20 AM is the next day you must specify the absolute time user...

Page 344: ...he user session using the specified management process identifier PID The PID type must be management process terminal terminal Log out the user for the specified terminal session user username Log out the specified user AdditionalInformation For information about using the configure exclusive command see the Junos System Basics Configuration Guide Required Privilege Level configure List of Sample...

Page 345: ...trixPlus Router request system power off all chassis all lcc lcc number sfc number both routing engines other routing engine at time in minutes media compact flash disk message text Release Information Command introduced in Junos OS Release 8 0 Command introduced in Junos OS Release 9 0 for EX Series switches Description Power off the software Options none Power off the router or switch software i...

Page 346: ...outer that is connected to the TX Matrix Plus router Replace number with a value from 0 through 3 local EX4200 switches only Optional Power off the local Virtual Chassis member media compact flash disk removable compact flash usb Optional Boot medium for next boot The options removable compact flash and usb pertain to the J Series routers only media external internal EX Series switches only Option...

Page 347: ...all the backup Routing Engines connected to the routing matrix are powered off Likewise on a routing matrix composed of a TX Matrix Plus router and T1600 routers if you issue the request system power off command on the TX Matrix Plus master Routing Engine all the master Routing Engines connected to the routing matrix are powered off If you issue this command on the backup Routing Engine all the ba...

Page 348: ...immediately Shutdown NOW pid 5177 Copyright 2010 Juniper Networks Inc 252 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 349: ...ne partition 1 2 alternate at time in minutes media compact flash disk message text Release Information Command introduced before Junos OS Release 7 4 other routing engine option added in Junos OS Release 8 0 Command introduced in Junos OS Release 9 0 for EX Series switches sfc option introduced for the TX Matrix Plus router in Junos OS Release 9 6 Description Reboot the software Options none Rebo...

Page 350: ...r On a TX Matrix Plus router the number of a T1600 router that is connected to the TX Matrix Plus router Replace number with a value from 0 through 3 local EX4200 switches only Optional Reboot the local Virtual Chassis member media compact flash disk removable compact flash usb Optional Boot medium for next boot The options removable compact flash and usb pertain to the J Series routers only media...

Page 351: ...alternate partition AdditionalInformation Reboot requests are recorded in the system log files which you can view with the show log command see show log Also the names of any running processes that are scheduled to be shut down are changed You can view the process names with the show system processes command see show system processes On a TX Matrix or TX Matrix Plus router if you issue the request...

Page 352: ... request system reboot in 2 Hours The following example which assumes that the time is 5 PM 17 00 illustrates three different ways to request the system to reboot in two hours user host request system reboot at 120 user host request system reboot in 120 user host request system reboot at 19 00 request system reboot Immediately user host request system reboot at now request system reboot at 1 20 AM...

Page 353: ...boots the specified member switch of the Virtual Chassis at time Optional Time at which to reboot the software specified in one of the following ways minutes Number of minutes from now to reboot the software hh mm Absolute time on the current day at which to reboot the software specified in 24 hour time now Stop or reboot the software immediately This is the default yymmddhhmm Absolute time at whi...

Page 354: ...boot the system yes no no yes shutdown pid 186 System shutdown message from root berry network net System going down at 23 00 request system reboot in 2 Hours The following example which assumes that the time is 5 PM 17 00 illustrates three different ways to request the system to reboot in two hours user host request system reboot at 120 user host request system reboot in 120 user host request sys...

Page 355: ...st xsl to test slax The software converts a source file called test1 slax to test1 xsl slax to xslt Convert a SLAX script to XSLT source source filename Specify a source file that you want to convert xslt to slax Convert an XSLT script to SLAX Required Privilege Level maintenance List of Sample Output request system scripts convert slax to xslt on page 259 request system scripts convert xslt to sl...

Page 356: ... to be downloaded Required Privilege Level maintenance Related Documentation Understanding Automatic Refreshing of Scripts on EX Series Switches on page 399 Junos OS Junos XML Management Protocol Guide at http www juniper net techpubs software junos index html Junos OS NETCONF XML Management Protocol Guide at http www juniper net techpubs software junos index html List of Sample Output request sys...

Page 357: ...RL of the file to be downloaded Required Privilege Level maintenance Related Documentation Understanding Automatic Refreshing of Scripts on EX Series Switches on page 399 Junos OS Junos XML Management Protocol Guide at http www juniper net techpubs software junos index html Junos OS NETCONF XML Management Protocol Guide at http www juniper net techpubs software junos index html List of Sample Outp...

Page 358: ...f the file to be downloaded Required Privilege Level maintenance Related Documentation Understanding Automatic Refreshing of Scripts on EX Series Switches on page 399 Junos OS Junos XML Management Protocol Guide at http www juniper net techpubs software junos index html Junos OS NETCONF XML Management Protocol Guide at http www juniper net techpubs software junos index html List of Sample Output r...

Page 359: ...value from 0 through 9 AdditionalInformation If logging is configured and being used the dry run option will rotate the log files In that case the output displays the message Currently rotating log files please wait If no logging is currently underway the output displays only a list of files to delete Required Privilege Level maintenance List of Sample Output request system storage cleanup dry run...

Page 360: ...1 8K Feb 22 13 00 var log messages 2 gz 3926B Mar 16 13 57 var log messages 0 gz 11 6K Mar 8 15 00 var log messages 5 gz 7254B Feb 5 15 00 var log messages 6 gz 12 9K Feb 22 13 00 var log messages 8 gz 3726B Mar 16 13 57 var log messages 7 gz 3962B Feb 22 12 47 var log sampled 1 gz 4146B Mar 8 12 20 var log sampled 0 gz 4708B Dec 21 11 39 var log sampled 2 gz 7068B Jan 16 18 00 var log messages 4 ...

Page 361: ...ow capture ecc error logging event processing firewall interface control ipsec key management kernel replication l2 learning l2tp service lacp link management mib process pgm pic services logging ppp pppoe redundancy interface process remote operations routing logical system logical system name sampling service deployment snmp all chassis all lcc lcc number scc gracefully immediately soft Syntax T...

Page 362: ...etwork Address Translation NAT intrusion detection services IDS and IP Security IPsec services on the Adaptive Services PIC all chassis TX Matrix and TX Matrix Plus routers only Optional Restart the software process on all chassis all lcc TX Matrix and TX Matrix Plus routers only Optional For a TX Matrix router restart the software process on all T640 routers connected to the TX Matrix router For ...

Page 363: ...c error logging Optional Restart the error checking and correcting ECC process which logs ECC parity errors in memory on the Routing Engine ethernet link fault management EX Series switch only Optional Restart the Ethernet OAM link fault management process ethernet switching EX Series switch only Optional Restart the Ethernet switching process event processing Optional Restart the event process ev...

Page 364: ...trol channels lldpd service EX Series switch only Optional Restart the Link Layer Discovery Protocol process mib process Optional Restart the Management Information Base MIB II process which provides the router s MIB II agent mountd service EX Series switch only Optional Restart the service for NFS mounts requests multicast snooping EX Series switch only Optional Restart the multicast snooping pro...

Page 365: ...EX Series switch only Optional Restart the secure Neighbor Discovery Protocol process sfc number TX Matrix Plus routers only Restart the software process on the TX Matrix Plus router or switch fabric chassis Replace number with 0 service deployment Optional Restart the service deployment service process services pgcp gateway gateway name Optional Restart the pgcpd process for a specific BGF runnin...

Page 366: ...ds List of Sample Output restart interfaces on page 270 Output Fields When you enter this command you are provided feedback on the status of your request restart interfaces user host restart interfaces interfaces process terminated interfaces process restarted restart interfaces Copyright 2010 Juniper Networks Inc 270 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 ...

Page 367: ...e next line Any portion of the message that does not fit on the display is truncated An empty pair of quotation marks deletes the text message from the craft interface display On the LCD panel display the message is limited to 16 characters fpc slot slot number TX Matrix Plus routers and EX4200 switches only On the router display the text message on the craft interface for a specific Flexible PIC ...

Page 368: ...and verify the result user host set chassis display message NOC contact Dusty 888 555 1234 set chassis display message Creating message sent user host show chassis craft interface Red alarm LED off relay off Yellow alarm LED off relay off Host OK LED On Host fail LED Off FPCs 0 1 2 3 4 5 6 7 Green Red LCD screen NOC contact Dusty 888 555 1234 set chassis display message Deleting The following exam...

Page 369: ... Temperature OK 273 Copyright 2010 Juniper Networks Inc Chapter 17 Operational Mode Commands for System Setup ...

Page 370: ...r Optional Specify the IP address of one or more NTP servers source address source address Optional Specify the source address that the router or switch uses to contact the remote NTP server Required Privilege Level view Related Documentation show cli on page 163 List of Sample Output set date on page 274 Output Fields When you enter this command you are provided feedback on the status of your req...

Page 371: ...ing on the Routing Engine RE modules and on the line cards shown as FPCs Options none Display the version levels of the firmware running For an EX4200 switch that is a member of a Virtual Chassis display version levels for all members For a TX Matrix router display version levels for the firmware on the TX Matrix router and on all the T640 routers connected to the TX Matrix router For a TX Matrix ...

Page 372: ...ters ROM or O S On switches uboot or loader Type Version of firmware running on the chassis part Version showchassisfirmware M10 Router user host show chassis firmware Part Type Version Forwarding engine board ROM Juniper ROM Monitor Version 4 1b2 O S Version 4 1I1 by tlim on 2000 04 24 11 27 showchassisfirmware M10 Router showchassisfirmware M20 Router user host show chassis firmware Part Type Ve...

Page 373: ...ersion 8 3b1 O S Version 9 0 20080103 0 by builder on 2008 0 showchassisfirmware MX480 Router user host show chassis firmware Part Type Version FPC 1 ROM Juniper ROM Monitor Version 8 3b1 O S Version 9 0 20070916 3 by builder on 2007 0 showchassisfirmware MX960 Router user host show chassis firmware Part Type Version FPC 4 ROM Juniper ROM Monitor Version 8 0b8 O S Version 8 2I59 by artem on 2006 1...

Page 374: ... Router user host show chassis firmware scc scc re0 Part Type Version SPMB 0 ROM Juniper ROM Monitor Version 6 4b18 O S Version 7 0 20040804 0 by builder on 2004 0 showchassisfirmware TX Matrix Plus Router user host show chassis firmware sfc0 re0 Part Type Version Global FPC 4 Global FPC 6 Global FPC 7 Global FPC 12 Global FPC 14 Global FPC 15 Global FPC 20 Global FPC 21 Global FPC 22 Global FPC 2...

Page 375: ...r on 2009 0 FPC 7 ROM Juniper ROM Monitor Version 7 5b4 O S Version 9 6 20090507 0 by builder on 2009 0 SPMB 0 ROM Juniper ROM Monitor Version 9 5b1 O S Version 9 6 20090507 0 by builder on 2009 0 SPMB 1 ROM Juniper ROM Monitor Version 9 5b1 O S Version 9 6 20090507 0 by builder on 2009 0 lcc3 re1 Part Type Version FPC 0 ROM Juniper ROM Monitor Version 9 0b2 O S Version 9 6 20090507 0 by builder o...

Page 376: ...r on 2009 0 showchassisfirmware sfc TX Matrix Plus Router user host show chassis firmware sfc 0 sfc0 re0 Part Type Version Global FPC 4 Global FPC 6 Global FPC 7 Global FPC 12 Global FPC 14 Global FPC 15 Global FPC 20 Global FPC 21 Global FPC 22 Global FPC 23 Global FPC 24 Global FPC 25 Global FPC 26 Global FPC 28 Global FPC 29 Global FPC 31 SPMB 0 ROM Juniper ROM Monitor Version 9 5b1 O S Version...

Page 377: ...l EX4200 switches in a Virtual Chassis fpc slot with no fpc slot number value specified For a specific Virtual Chassis member fpc slot number equals member ID value For the line card in the specified slot on an EX8200 switch fpc slot number equals slot number menu Optional Display the names of the menus and menu options that are currently enabled on the LCD panel menu all members EX4200 switches o...

Page 378: ... contents EX8200 switches The first line displays the hostname for Virtual Chassis members displays the member ID the current role and hostname for EX8200 switches displays RE and the hostname The second line displays the currently selected port parameter of the Status LED and the alarms counter The Status LED port parameters are ADM Administrative SPD Speed DPX Duplex POE Power over Ethernet EX32...

Page 379: ... 0 0 11 Off ge 0 0 12 Off ge 0 0 13 Off ge 0 0 14 Off ge 0 0 15 Off ge 0 0 16 Off ge 0 0 17 Off ge 0 0 18 Off ge 0 0 19 Off ge 0 0 20 Off ge 0 0 21 Off ge 0 0 22 Off ge 0 0 23 Off Front panel contents for slot 1 LCD screen 01 RE switch2 LED SPD ALARM 01 LEDs status Alarms LED Yellow System LED Green Master LED Green Interface LED ADM SPD DPX POE ge 1 0 0 Off ge 1 0 1 Off ge 1 0 2 Off ge 1 0 3 Off ...

Page 380: ...Alarms LED Yellow System LED Green Master LED Green Interface LED ADM SPD DPX POE ge 1 0 0 Off ge 1 0 1 Off ge 1 0 2 Off ge 1 0 3 Off ge 1 0 4 Off ge 1 0 5 Off ge 1 0 6 Off ge 1 0 7 Off ge 1 0 8 Off ge 1 0 9 Off ge 1 0 10 Off ge 1 0 11 Off ge 1 0 12 Off ge 1 0 13 Off ge 1 0 14 Off ge 1 0 15 Off ge 1 0 16 Off ge 1 0 17 Off ge 1 0 18 Off ge 1 0 19 Off ge 1 0 20 Off ge 1 0 21 Off ge 1 0 22 Off ge 1 0...

Page 381: ...0 21 Off ge 0 0 22 Off ge 0 0 23 Off ge 0 0 24 Off ge 0 0 25 Off ge 0 0 26 Off ge 0 0 27 Off ge 0 0 28 Off ge 0 0 29 Off ge 0 0 30 Off ge 0 0 31 Off ge 0 0 32 Off ge 0 0 33 Off ge 0 0 34 Off ge 0 0 35 Off ge 0 0 36 Off ge 0 0 37 Off ge 0 0 38 Off ge 0 0 39 Off ge 0 0 40 Off ge 0 0 41 Off ge 0 0 42 Off ge 0 0 43 Off ge 0 0 44 Off ge 0 0 45 Off ge 0 0 46 Off ge 0 0 47 Off xe 2 0 0 Off xe 2 0 1 Off x...

Page 382: ... power status status menu environ menu status menu show version maintenance menu maintenance menu halt menu maintenance menu system reboot maintenance menu rescue config maintenance menu vc uplink config maintenance menu factory default On an EX4200 switch in a Virtual Chassis the output for the show chassis lcd menu all members command is the same as the output for the show chassis lcd menu comma...

Page 383: ...u maintenance menu halt menu maintenance menu system reboot maintenance menu rescue config maintenance menu factory default 287 Copyright 2010 Juniper Networks Inc Chapter 17 Operational Mode Commands for System Setup ...

Page 384: ... Applications defined by protocol characteristics apply groups Groups from which configuration data is inherited chassis Chassis configuration chassis network services Current running mode class of service Class of service configuration diameter Diameter base protocol layer configuration ethernet switching options EX Series switch only Ethernet switching configuration event options Event processin...

Page 385: ... your user account the text SECRET DATA is substituted for that portion of the configuration If an identifier in the configuration contains a space the identifier is displayed in quotation marks Required Privilege Level view Related Documentation Displaying the Current JUNOS Software Configuration Overview of JUNOS CLI Operational Mode Commands List of Sample Output show configuration on page 289 ...

Page 386: ...tocol direct then accept show configuration policy options user host show configuration policy options policy options policy statement direct routes from protocol direct then accept Copyright 2010 Juniper Networks Inc 290 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 387: ...tname or address AdditionalInformation The show host command displays the raw data received from the DNS server Required Privilege Level view List of Sample Output show host on page 291 show host user host show host snark snark boojum net has address 192 168 1 254 user host show host 192 168 1 254 show host Name snark boojum net Address 192 168 1 254 Aliases 291 Copyright 2010 Juniper Networks Inc...

Page 388: ...e listed in the approximate order in which they appear Table 50 show ntp associations Output Fields Field Description Field Name Address or name of the remote NTP peer remote Reference identifier of the remote peer If the reference identifier is not known this field shows a value of 0 0 0 0 refid Stratum of the remote peer st Type of peer b broadcast l local m multicast or u unicast t When the las...

Page 389: ...by the clustering algorithm Included in the final selection set Selected for synchronization but the distance exceeds the maximum Selected for synchronization o Selected for synchronization but the packets per second pps signal is in use peer name show ntp associations user host show ntp associations remote refid st t when poll reach delay offset disp wolfe gw junipe tick ucla edu 2 u 43 64 377 1 ...

Page 390: ...age 292 List of Sample Output show ntp status on page 294 show ntp status user host show ntp status status 0644 leap_none sync_ntp 4 events event_peer strat_chg version ntpd 4 1 0 a Fri Jun 24 06 40 56 GMT 2005 1 show ntp status processor i386 system JUNOS7 4 20050624 0 leap 00 stratum 2 precision 28 rootdelay 6 849 rootdispersion 10 615 peer 38788 refid ntp server company a net reftime c66705d9 0...

Page 391: ... Physical part on the router or switch affected by the firmware Part Type of firmware on the router or switch Type Location of the firmware on the interface Tag Firmware version on the affected router or switch parts Current version New versions of firmware for upgrading or downgrading Available version Firmware condition on the router or switch Status Whether you can upgrade or downgrade or if no...

Page 392: ...ters in the chassis that are connected to the TX Matrix Plus router all members EX4200 switches only Optional Display halt or reboot request information for all members of the Virtual Chassis configuration all lcc TX Matrix and TX Matrix Plus routers only Optional On a TX Matrix router display system halt or reboot request information for all T640 routers or line card chassis connected to the TX M...

Page 393: ...ommand is broadcast to all the T640 in a routing matrix based on the TX Matrix router or T1600 in a routing matrix based on the TX Matrix Plus router master Routing Engines connected to it Likewise if you issue the same command on the TX Matrix or TX Matrix Plus backup Routing Engine the command is broadcast to all the T640 in a routing matrix based on the TX Matrix router or T1600 in a routing ma...

Page 394: ... No shutdown reboot scheduled lcc2 re0 No shutdown reboot scheduled show system reboot sfc TX Matrix Plus Router user host show system sfc 0 No shutdown reboot scheduled Copyright 2010 Juniper Networks Inc 298 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 395: ...hot The external option specifies the snapshot on an external mass storage device such as a USB flash drive The internal option specifies the snapshot on an internal memory source such as internal flash memory slice 1 2 alternate Display the snapshot in a partition 1 Display the snapshot in partition 1 2 Display the snapshot in partition 2 alternate Display the snapshot in the alternate partition ...

Page 396: ..._user jroute ex 10 0I20090726_0011_user jswitch ex 10 0I20090726_0011_user jweb ex 10 0I20090726_0011_user jpfe ex42x 10 0I20090726_0011_user Copyright 2010 Juniper Networks Inc 300 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 397: ...ers TX Matrix Router or all the T1600 routers TX Matrix Plus Router in the chassis all lcc TX Matrix and TX Matrix Plus routers only Optional On a TX Matrix router display system software information for all T640 routers or line card chassis connected to the TX Matrix router On a TX Matrix Plus router display system software information for all T1600 routers or line card chassis connected to the T...

Page 398: ...trix Plus router or switch fabric chassis Required Privilege Level maintenance List of Sample Output show system software on page 302 show system software TX Matrix Plus Router on page 303 show system software user host show system software Information for jbase show system software Comment JUNOS Base OS Software Suite 7 2R1 7 Information for jcrypto Comment JUNOS Crypto Software Suite 7 2R1 7 Inf...

Page 399: ...r jkernel Comment JUNOS Kernel Software Suite 9 6 20090515 0 Information for jpfe Comment JUNOS Packet Forwarding Engine Support T Series 9 6 20090515 0 Information for jpfe common Comment JUNOS Packet Forwarding Engine Support M T Common 9 6 20090515 0 Information for jroute Comment JUNOS Routing Software Suite 9 6 20090515 0 Information for jservices aacl Comment JUNOS Services AACL Container pa...

Page 400: ...es Stateful Firewall 9 6 20090515 0 Information for jservices voice Comment JUNOS Voice Services Container package 9 6 20090515 0 Information for junos Comment JUNOS Base OS boot 9 6 20090515 0 lcc0 re0 Information for jbase Comment JUNOS Base OS Software Suite 9 6 20090515 0 Information for jcrypto Comment JUNOS Crypto Software Suite 9 6 20090515 0 Information for jdocs Comment JUNOS Online Docum...

Page 401: ...6 20090515 0 Information for jservices aacl Comment JUNOS Services AACL Container package 9 6 20090515 0 Information for jservices appid Comment JUNOS AppId Services 9 6 20090515 0 Information for jservices bgf Comment JUNOS Border Gateway Function package 9 6 20090515 0 Information for jservices idp Comment JUNOS IDP Services 9 6 20090515 0 Information for jservices llpdf Comment JUNOS Services L...

Page 402: ...age 9 6 20090515 0 Information for junos Comment JUNOS Base OS boot 9 6 20090515 0 lcc1 re0 Information for jbase Comment JUNOS Base OS Software Suite 9 6 20090515 0 Information for jcrypto Comment JUNOS Crypto Software Suite 9 6 20090515 0 Copyright 2010 Juniper Networks Inc 306 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 403: ...age statistics for all the routers in the chassis all lcc TX Matrix and TX Matrix Plus routers only Optional On a TX Matrix router display system storage statistics for all T640 routers or line card chassis connected to the TX Matrix router On a TX Matrix Plus router display system storage statistics for all T1600 routers or line card chassis connected to the TX Matrix Plus router all members EX42...

Page 404: ...or T1600 in a routing matrix based on a TX Matrix Plus router backup Routing Engines that are connected to it Required Privilege Level view List of Sample Output show system storage on page 308 show system storage TX Matrix Plus Router on page 309 Output Fields Table 52 on page 308 describes the output fields for the show system storage command Output fields are listed in the approximate order in ...

Page 405: ...M 0B 100 packages mnt jcrypto 9 6 20090519 0 dev md6 34M 34M 0B 100 packages mnt jpfe common 9 6 20090519 0 dev md7 2 0G 10 0K 1 8G 0 tmp dev md8 2 0G 1 0M 1 8G 0 mfs dev ad0s1e 383M 82K 352M 0 config procfs 4 0K 4 0K 0B 100 proc dev ad1s1f 52G 7 5G 40G 16 var lcc0 re0 Filesystem Size Used Avail Capacity Mounted on dev ad0s1a 3 4G 178M 2 9G 6 devfs 1 0K 1 0K 0B 100 dev devfs 1 0K 1 0K 0B 100 dev d...

Page 406: ...1a 3 4G 178M 2 9G 6 devfs 1 0K 1 0K 0B 100 dev devfs 1 0K 1 0K 0B 100 dev dev md0 33M 33M 0B 100 packages mnt jbase dev md1 216M 216M 0B 100 packages mnt jkernel 9 6 20090519 0 dev md2 66M 66M 0B 100 packages mnt jpfe T 9 6 20090519 0 dev md3 4 1M 4 1M 0B 100 packages mnt jdocs 9 6 20090519 0 dev md4 57M 57M 0B 100 packages mnt jroute 9 6 20090519 0 dev md5 15M 15M 0B 100 packages mnt jcrypto 9 6 ...

Page 407: ...19 0 dev md5 15M 15M 0B 100 packages mnt jcrypto 9 6 20090519 0 dev md6 34M 34M 0B 100 packages mnt jpfe common 9 6 20090519 0 dev md7 2 0G 10 0K 1 8G 0 tmp dev md8 2 0G 540K 1 8G 0 mfs dev ad0s1e 383M 34K 352M 0 config procfs 4 0K 4 0K 0B 100 proc dev ad1s1f 23G 18G 3 5G 84 var 311 Copyright 2010 Juniper Networks Inc Chapter 17 Operational Mode Commands for System Setup ...

Page 408: ... fabric chassis router However in a routing matrix if you issue the show system switchover command on the master Routing Engine of the TX Matrix router or switch card chassis the CLI displays graceful switchover information for the master Routing Engine of the T640 routers or line card chassis in the routing matrix Likewise if you issue the show system switchover command on the master Routing Engi...

Page 409: ...ise if you issue the show system switchover command on a TX Matrix Plus backup Routing Engine the command is broadcast to all the T1600 backup Routing Engines that are connected to it Required Privilege Level view List of Sample Output show system switchover Backup Routing Engine on page 314 show system switchover all lcc Routing Matrix on page 314 Output Fields Table 53 on page 313 describes the ...

Page 410: ... Engine peer state Steady State Peer completed switchover transition Peer Connected Peer in switchover transition Peer state show system switchover Backup Routing Engine user host show system switchover Graceful switchover On Configuration database Ready Kernel database Ready Peer state Steady State show system switchover Backup Routing Engine show system switchover all lcc Routing Matrix user hos...

Page 411: ...0 routers or line card chassis connected to the TX Matrix router On a TX Matrix Plus router show time since the system rebooted and processes started for all T1600 routers or line card chassis connected to the TX Matrix Plus router all members EX4200 switches only Optional Show time since the system rebooted and processes started on all members of the Virtual Chassis configuration lcc number TX Ma...

Page 412: ...page 317 Output Fields Table 54 on page 316 describes the output fields for the show system uptime command Output fields are listed in the approximate order in which they appear Table 54 show system uptime Output Fields Field Description Field Name Current system time in UTC Current time Date and time when the Routing Engine on the router or switch was last booted and how long it has been running ...

Page 413: ...2009 05 25 00 24 30 PDT System booted 2009 05 24 06 39 46 PDT 17 44 44 ago error the routing subsystem is not running Last configured 2009 05 24 06 40 47 PDT 17 43 43 ago by root 12 24AM up 17 45 0 users load averages 0 00 0 00 0 00 lcc1 re0 Current time 2009 05 25 00 24 30 PDT System booted 2009 05 24 06 39 38 PDT 17 44 52 ago error the routing subsystem is not running Last configured 2009 05 24 ...

Page 414: ...ers only Optional Show users currently logged in to all the routers in the chassis all lcc TX Matrix and TX Matrix Plus routers only Optional On a TX Matrix router show users currently logged in to all T640 routers or line card chassis connected to the TX Matrix router On a TX Matrix Plus router show users currently logged in to all T1600 routers or line card chassis connected to the TX Matrix Plu...

Page 415: ...he show system users command Output fields are listed in the approximate order in which they appear Table 55 show system users Output Fields Field Description Field Name Current time in the local time zone and how long the router or switch has been operational time and up Number of users logged in to the router or switch users Load averages for the last 1 minute 5 minutes and 15 minutes load avera...

Page 416: ...p 26 mins 0 users load averages 0 00 0 02 0 03 lcc2 re0 1 41AM up 26 mins 0 users load averages 0 16 0 06 0 02 lcc3 re0 1 41AM up 26 mins 0 users load averages 0 12 0 04 0 04 regress aj show system users sfc0 re0 1 42AM up 28 mins 4 users load averages 0 02 0 03 0 02 USER TTY FROM LOGIN IDLE WHAT regress p0 pssraj t61 jnpr net 1 18AM 22 cli regress p1 eng shell4 juniper net 1 37AM cli regress p2 b...

Page 417: ... dynamic memory usage information for all T640 routers or line card chassis connected to the TX Matrix router On a TX Matrix Plus router display kernel dynamic memory usage information for all T1600 routers or line card chassis connected to the TX Matrix Plus router all members EX4200 switches only Optional Display kernel dynamic memory usage information for all members of the Virtual Chassis conf...

Page 418: ...Matrix Plus router backup Routing Engines that are connected to it NOTE The show system virtual memory command with the display XML pipe option now displays XML output for the command in the parent tags vmstat memstat malloc vmstat memstat zone vmstat sumstat vmstat intr and vmstat kernel state with each child element as a separate XML tag In Junos OS Releases 10 1 and earlier the display XML opti...

Page 419: ...Memory block size bytes Size Kernel modules that are using these memory blocks For a definition of each type refer to a FreeBSD book Type s Memory statistics by type Kernel module that is using dynamic memory Type Number of memory blocks used by this type The number is rounded up InUse Amount of memory in use in kilobytes KB MemUse Maximum memory ever used by this type HighUse Maximum memory that ...

Page 420: ...Free Requests HighWater Couldfree show system virtual memory 16 906 118 154876 1280 0 32 455 313 209956 640 0 64 4412 260 75380 320 20 128 3200 32 19361 160 81 256 1510 10 8844 80 4 512 446 2 5085 40 0 1K 18 2 5901 20 0 2K 1128 2 4445 10 1368 4K 185 1 456 5 0 8K 5 1 2653 5 0 16K 181 0 233 5 0 32K 2 0 1848 5 0 64K 20 0 22 5 0 128K 5 0 5 5 0 256K 2 0 2 5 0 512K 1 0 1 5 0 Memory usage type by bucket ...

Page 421: ...trees sem msg 8K temp devbuf syncache Gzip trees 16K indirdep temp devbuf shm msg 32K pagedep kld Gzip trees 64K VM pgdata devbuf MSDOSFS mount 128K UFS ihash inodedep NFS hash kld ISOFS mount 256K mbuf vfscache 512K SWAP Memory statistics by type Type Kern Type InUse MemUse HighUse Limit Requests Limit Limit Size s isadev 13 1K 1K127753K 13 0 0 64 atkbddev 2 1K 1K127753K 2 0 0 32 uc_devlist 24 3K...

Page 422: ...68 0 0 256 shm 1 12K 12K127753K 1 0 0 16K dev_t 286 36K 36K127753K 286 0 0 128 timecounter 10 2K 2K127753K 10 0 0 128 kld 11 117K 122K127753K 34 0 0 16 32 128 1K 4K AR driver 1 1K 3K127753K 5 0 0 64 512 2K AD driver 2 2K 3K127753K 2755 0 0 64 1K Gzip trees 0 0K 46K127753K 133848 0 0 32 64 128 256 ISOFS node 1136 142K 142K127753K 1189 0 0 128 ISOFS mount 9 132K 132K127753K 10 0 0 512 128K sem 3 6K ...

Page 423: ...pcb 576 25330 23 12 32 udpcb 192 25330 14 28 255 socket 256 25330 246 26 819 KNOTE 96 0 27 57 71 NFSNODE 352 0 0 0 0 NFSMOUNT 544 0 0 0 0 VNODE 224 0 2778 43 2778 NAMEI 1024 0 0 8 40725 VMSPACE 192 0 57 71 3906 PROC 448 0 73 17 3923 DP fakepg 64 0 0 0 0 PV ENTRY 28 499566 44530 152053 1525141 MAP ENTRY 48 0 1439 134 351075 KMAP ENTRY 48 35645 179 119 10904 MAP 108 0 7 3 7 VM OBJECT 92 0 2575 109 6...

Page 424: ...5 286 show system virtual memory scc TX Matrix Router user host show system virtual memory scc Memory statistics by bucket size Size In Use Free Requests HighWater Couldfree 16 898 126 749493 1280 0 32 2018 1310 980643 640 632 64 3490 13342 935420 320 5365 Memory usage type by bucket size Size Type s 16 uc_devlist COS BPF DEVFS mount DEVFS node vnodes mount pcb soname rman bus sysctl ifstate pfe_i...

Page 425: ...32 64 128 256 512 1024 16384 32768 65536 131072 ifmaddr 415 11K 415 16 32 rtable 329 28K 608066 16 32 64 128 1024 16384 sysctl 0 0K 887976 16 32 64 4096 16384 32768 ifaddr 64 5K 70 32 64 128 mkey 331 6K 12528 16 128 pfe_ipc 0 0K 7299115 16 32 64 128 256 512 1024 2048 4096 8192 16384 32768 65536 131072 ifstate 1245054 70088K 3040437 16 32 64 128 256 512 1024 2048 4096 8192 16384 32768 idxbucket 1 1...

Page 426: ...24 2048 rtnexthop 189 29K 1211988 32 256 512 1024 2048 4096 metrics 11 2K 16 256 rnode 135 3K 606391 16 32 rcache 4 8K 4 65536 iflist 0 0K 6 16 64 ifdevice 11 8K 17 16 32768 ifstat 412 471K 415 512 16384 65536 ipfw 42 23K 91 16 32 64 128 256 512 1024 16384 32768 65536 131072 ifmaddr 415 11K 415 16 32 rtable 225 20K 606584 16 32 64 128 1024 16384 sysctl 0 0K 2302479 16 32 64 ifaddr 53 4K 69 32 64 1...

Page 427: ...25K 4 32768 131072 sem 4 7K 4 16384 32768 131072 shm 2 13K 4 32768 ttys 93 16K 195 512 32768 soname 31 3K 389284 16 32 64 256 pcb 101 16K 4374 16 32 64 128 1024 2048 4096 16384 65536 BIO buffer 40 80K 750 65536 vfscache 1 512K 1 65536 cluster_save buffer 0 0K 55 32 64 VFS hash 1 256K 1 32 64 vnodes 1 1K 1 512 mount 266 21K 481 16 32 64 128 256 4096 32768 vnodemarker 0 0K 2497 16384 pfs_nodes 25 3K...

Page 428: ... CAM queue 3 1K 3 16 KTRACE 100 10K 100 128 kbdmux 5 9K 5 128 2048 65536 131072 ITEM SIZE LIMIT USED FREE REQUESTS UMA Kegs 136 0 71 1 71 show system virtual memory display xml user host show system virtual memory display xml rpc reply xmlns junos http xml juniper net junos 10 2R1 junos system virtual memory information vmstat memstat malloc memstat name CAM dev queue memstat name inuse 1 inuse me...

Page 429: ...nuse 1 inuse memuse 1 memuse high use high use memstat req 1 memstat req memstat size 64 memstat size memstat name in6grentry memstat name inuse 1 inuse memuse 1 memuse high use high use memstat req 1 memstat req memstat size 64 memstat size memstat name iflogical memstat name inuse 13 inuse memuse 3 memuse high use high use memstat req 13 memstat req memstat size 64 2048 memstat size memstat name...

Page 430: ...emstat req 4 memstat req memstat size 16 memstat size memstat name ifstat memstat name inuse 40 inuse memuse 22 memuse high use high use memstat req 40 memstat req memstat size 512 16384 32768 memstat size memstat name ipfw memstat name inuse 42 inuse memuse 23 memuse high use high use memstat req 91 memstat req memstat size 16 32 64 128 256 512 1024 16384 32768 65536 131072 memstat size memstat n...

Page 431: ...64 128 256 1024 2048 4096 16384 32768 memstat size memstat name itable16 memstat name inuse 276 inuse memuse 52 memuse high use high use memstat req 294 memstat req memstat size 1024 4096 memstat size memstat name itable32 memstat name inuse 160 inuse memuse 10 memuse high use high use memstat req 160 memstat req memstat size 64 memstat size memstat name itable64 memstat name inuse 2 inuse memuse ...

Page 432: ...ze 131072 memstat size memstat name module memstat name inuse 249 inuse memuse 16 memuse high use high use memstat req 249 memstat req memstat size 64 128 memstat size memstat name mtx_pool memstat name inuse 1 inuse memuse 8 memuse high use high use memstat req 1 memstat req memstat size 64 128 memstat size memstat name DEVFS3 memstat name inuse 109 inuse memuse 12 memuse high use high use memsta...

Page 433: ...at name uidinfo memstat name inuse 3 inuse memuse 1 memuse high use high use memstat req 6 memstat req memstat size 32 512 memstat size memstat name sysctloid memstat name inuse 1117 inuse memuse 34 memuse high use high use memstat req 1117 memstat req memstat size 16 32 64 memstat size memstat name sysctltmp memstat name inuse 0 inuse memuse 0 memuse high use high use memstat req 743 memstat req ...

Page 434: ... size memstat name DEVFS memstat name inuse 8 inuse memuse 1 memuse high use high use memstat req 9 memstat req memstat size 16 64 memstat size memstat name rman memstat name inuse 71 inuse memuse 5 memuse high use high use memstat req 433 memstat req memstat size 16 32 64 memstat size memstat name sbuf memstat name inuse 0 inuse memuse 0 memuse high use high use memstat req 522 memstat req memsta...

Page 435: ...ze memstat name sem memstat name inuse 4 inuse memuse 7 memuse high use high use memstat req 4 memstat req memstat size 16384 32768 131072 memstat size memstat name shm memstat name inuse 9 inuse memuse 20 memuse high use high use memstat req 14 memstat req memstat size 32768 memstat size memstat name ttys memstat name inuse 321 inuse memuse 61 memuse high use high use memstat req 528 memstat req ...

Page 436: ...emstat name inuse 1 inuse memuse 128 memuse high use high use memstat req 1 memstat req memstat size 32 64 memstat size memstat name vnodes memstat name inuse 1 inuse memuse 1 memuse high use high use memstat req 1 memstat req memstat size 512 memstat size memstat name mount memstat name inuse 290 inuse memuse 23 memuse high use high use memstat req 535 memstat req memstat size 16 32 64 128 256 40...

Page 437: ...8 131072 memstat size memstat name NFS daemon memstat name inuse 1 inuse memuse 8 memuse high use high use memstat req 1 memstat req memstat size 16 32 64 128 256 512 2048 16384 32768 131072 memstat size memstat name p1003 1b memstat name inuse 1 inuse memuse 1 memuse high use high use memstat req 1 memstat req memstat size 16 memstat size memstat name MD disk memstat name inuse 10 inuse memuse 20...

Page 438: ...emstat name pagedep memstat name inuse 1 inuse memuse 32 memuse high use high use memstat req 106 memstat req memstat size 64 memstat size memstat name inodedep memstat name inuse 1 inuse memuse 128 memuse high use high use memstat req 464 memstat req memstat size 256 memstat size memstat name newblk memstat name inuse 1 inuse memuse 1 memuse high use high use memstat req 336 memstat req memstat s...

Page 439: ...memstat name diradd memstat name inuse 0 inuse memuse 0 memuse high use high use memstat req 465 memstat req memstat size 64 memstat size memstat name mkdir memstat name inuse 0 inuse memuse 0 memuse high use high use memstat req 136 memstat req memstat size 32 memstat size memstat name dirrem memstat name inuse 0 inuse memuse 0 memuse high use high use memstat req 168 memstat req memstat size 32 ...

Page 440: ...data memstat name inuse 2 inuse memuse 65 memuse high use high use memstat req 2 memstat req memstat size 64 memstat size memstat name sigio memstat name inuse 1 inuse memuse 1 memuse high use high use memstat req 20 memstat req memstat size 32 memstat size memstat name kenv memstat name inuse 24 inuse memuse 5 memuse high use high use memstat req 27 memstat req memstat size 16 32 64 131072 memsta...

Page 441: ...mstat name inuse 1 inuse memuse 4 memuse high use high use memstat req 1 memstat req memstat size 131072 memstat size memstat name nexusdev memstat name inuse 2 inuse memuse 1 memuse high use high use memstat req 2 memstat req memstat size 16 memstat size memstat name CAM queue memstat name inuse 3 inuse memuse 1 memuse high use high use memstat req 3 memstat req memstat size 16 memstat size memst...

Page 442: ...one name zone size 128 zone size count limit 0 count limit used 4 used free 26 free zone req 5 zone req zone name 16 Bucket zone name zone size 76 zone size count limit 0 count limit used 30 used free 20 free zone req 30 zone req zone name 32 Bucket zone name zone size 140 zone size count limit 0 count limit used 33 used free 23 free zone req 33 zone req zone name 64 Bucket zone name zone size 268...

Page 443: ...ame zone size 72 zone size count limit 0 count limit used 0 used free 0 free zone req 0 zone req zone name mt_zone zone name zone size 64 zone size count limit 0 count limit used 238 used free 57 free zone req 238 zone req zone name 16 zone name zone size 16 zone size count limit 0 count limit used 2114 used free 119 free zone req 80515 zone req zone name 32 zone name zone size 32 zone size count ...

Page 444: ...it used 204 used free 36 free zone req 1225 zone req zone name 288 zone name zone size 288 zone size count limit 0 count limit used 2 used free 24 free zone req 10 zone req zone name 512 zone name zone size 512 zone size count limit 0 count limit used 49 used free 7 free zone req 911 zone req zone name 1024 zone name zone size 1024 zone size count limit 0 count limit used 213 used free 11 free zon...

Page 445: ...e 73 free zone req 131 zone req zone name UPCALL zone name zone size 44 zone size count limit 0 count limit used 0 used free 0 free zone req 0 zone req zone name SLEEPQUEUE zone name zone size 32 zone size count limit 0 count limit used 145 used free 194 free zone req 145 zone req zone name VMSPACE zone name zone size 268 zone size count limit 0 count limit used 57 used free 13 free zone req 1335 ...

Page 446: ...one req zone name g_bio zone name zone size 132 zone size count limit 0 count limit used 0 used free 174 free zone req 69750 zone req zone name ata_request zone name zone size 200 zone size count limit 0 count limit used 0 used free 57 free zone req 5030 zone req zone name ata_composite zone name zone size 192 zone size count limit 0 count limit used 0 used free 0 free zone req 0 zone req zone nam...

Page 447: ...me NFSNODE zone name zone size 460 zone size count limit 0 count limit used 0 used free 0 free zone req 0 zone req zone name PIPE zone name zone size 404 zone size count limit 0 count limit used 27 used free 9 free zone req 717 zone req zone name KNOTE zone name zone size 72 zone size count limit 0 count limit used 42 used free 64 free zone req 3311 zone req zone name socket zone name zone size 41...

Page 448: ...e size count limit 15360 count limit used 0 used free 60 free zone req 55 zone req zone name tcpreass zone name zone size 20 zone size count limit 1690 count limit used 0 used free 0 free zone req 0 zone req zone name sackhole zone name zone size 20 zone size count limit 0 count limit used 0 used free 0 free zone req 0 zone req zone name ripcb zone name zone size 232 zone size count limit 25194 co...

Page 449: ...aults 48364 copy on write faults copy on write optimized faults 31 copy on write optimized faults zero fill pages zeroed 74665 zero fill pages zeroed zero fill pages prezeroed 70061 zero fill pages prezeroed transit blocking page faults 85 transit blocking page faults total vm faults 191824 total vm faults pages affected by kernel thrd creat 0 pages affected by kernel thrd creat pages affected by ...

Page 450: ...9 cbb1 fxp0 intr name intr cnt 28490 intr cnt intr rate 22 intr rate intr name irq10 fxp1 intr name intr cnt 20593 intr cnt intr rate 16 intr rate intr name irq14 ata0 intr name intr cnt 5031 intr cnt intr rate 4 intr rate intr name Total intr name intr cnt 1457873 intr cnt intr rate 1171 intr rate vmstat intr vm kernel state vm kmem map free 248524800 vm kmem map free vm kernel state system virtu...

Page 451: ...Output Fields Field Description Field Name Displays whether or not graceful Routing Engine switchover is configured The status can be Enabled or Disabled Stateful replication Displays the Routing Engine on which the command is issued Master Backup or Not applicable when the router has only one Routing Engine RE mode Protocol that are supported by nonstop active routing Protocol Nonstop active rout...

Page 452: ...nning on all T640 routers or line card chassis connected to the TX Matrix router On a TX Matrix Plus router display the hostname and version information about the software running on all T1600 routers or line card chassis connected to the TX Matrix Plus router all members EX4200 switches only Optional Display standard information about the hostname and version of the software running on all member...

Page 453: ...on By default when you issue the show version command on a TX Matrix or TX Matrix Plus master Routing Engine the command is broadcast to all the T640 in a routing matrix based on a TX Matrix router or T1600 in a routing matrix based on a TX Matrix Plus router master Routing Engines connected to it Likewise if you issue the same command on the TX Matrix or TX Matrix Plus backup Routing Engine the c...

Page 454: ...Router user host show version sfc0 re0 Type InUse MemUse HighUse Requests Size s file desc 164 35K 4034 16 1024 2048 16384 sigio 1 1K 50 32 kenv 28 5K 31 16 32 64 131072 kqueue 5 3K 119 1024 4096 32768 proc args 66 3K 2951 16 32 64 128 256 512 1024 2048 zombie 0 0K 3513 128 ithread 100 7K 100 16 64 256 CAM queue 3 1K 3 16 KTRACE 100 10K 100 128 entropy 1024 64K 1024 64 USB 127 10K 127 16 32 64 128...

Page 455: ...24 2048 4096 16384 32768 65536 131072 rtsmsg 0 0K 16 131072 DEVFS2 108 2K 108 16 DEVFS3 204 23K 205 256 module 247 16K 247 64 128 mtx_pool 1 8K 1 DEVFS1 108 27K 108 4096 pgrp 20 2K 275 64 session 14 2K 173 512 proc 2 1K 2 16384 subproc 302 601K 3815 4096 131072 cred 45 5K 33092 256 plimit 22 5K 1363 2048 uidinfo 3 1K 6 32 512 sysctloid 2548 78K 2548 16 32 64 sysctltmp 0 0K 1449 16 32 64 1024 umtx ...

Page 456: ... allocdirect 0 0K 605 128 indirdep 0 0K 6 32 allocindir 0 0K 5 64 freefrag 0 0K 91 32 freeblks 0 0K 93 2048 freefile 0 0K 161 32 diradd 0 0K 603 64 mkdir 0 0K 166 32 dirrem 0 0K 312 32 newdirblk 0 0K 1 32 savedino 0 0K 294 512 UFS mount 15 36K 15 4096 65536 131072 UMAHash 1 16K 7 4096 16384 32768 65536 131072 MD disk 9 18K 9 65536 ata_generic 2 2K 21 16 16384 32768 ISOFS mount 7 1K 13 512 VM pgdat...

Page 457: ...22 3160 512 512 0 666 14 5529 1024 1024 0 420 12 15128 2048 2048 0 1909 17 13067 4096 4096 0 228 19 7877 Files 72 0 586 103 124488 PROC 544 0 139 22 3652 THREAD 416 0 161 1 162 KSEGRP 88 0 161 39 162 UPCALL 44 0 0 0 0 SLEEPQUEUE 32 0 163 176 163 VMSPACE 268 0 66 18 3569 mbuf_packet 256 180000 256 128 27221 mbuf 256 180000 4110 501 2286155 mbuf_cluster 2048 30000 4487 351 697551 mbuf_jumbo_pagesize...

Page 458: ...ge daemon wakeups 0 pages examined by the page daemon 56570 pages reactivated 127752 copy on write faults 39 copy on write optimized faults 200992 zero fill pages zeroed 196746 zero fill pages prezeroed 27 intransit blocking page faults 443499 total VM faults taken 0 pages affected by kernel thread creation 441644 pages affected by fork 52141 pages affected by vfork 0 pages affected by rfork 42018...

Page 459: ...irq17 uhci1 uhci 386684 95 cpu0 timer 8131301 2017 Total 8687317 2155 vm kmem_map_free 618377216 363 Copyright 2010 Juniper Networks Inc Chapter 17 Operational Mode Commands for System Setup ...

Page 460: ...Copyright 2010 Juniper Networks Inc 364 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 461: ... Management Overview on page 367 Initial Configuration on page 383 Verifying Power Management on page 385 Configuration Statements for Power Management on page 387 Operational Mode Commands for Power Management on page 391 365 Copyright 2010 Juniper Networks Inc ...

Page 462: ...Copyright 2010 Juniper Networks Inc 366 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 463: ...atures Table 2 on page 5 Administration Features Table 3 on page 5 Class of Service CoS Features Table 4 on page 5 High Availability and Resiliency Features Table 5 on page 7 Interfaces Features Table 6 on page 7 IP Address Management Features Table 7 on page 8 IPv6 Features Table 8 on page 8 Layer 2 Network Protocols Features Table 9 on page 9 Layer 3 Protocols Features Table 10 on page 11 MPLS F...

Page 464: ...rate limiting For a list of supported firewall filter match conditions and actions see Firewall Filter Match Conditions and Actions for EX Series Switches on page 3009 Junos OS 10 0R1 Junos OS 10 2R1 Junos OS 9 0R2 Junos OS 10 1R1 Firewall filters on LAGs Junos OS 9 6R1 Junos OS 10 2R1 Junos OS 9 2R1 Junos OS 10 1R1 Firewall filter on loopback interface Junos OS 10 3R1 Not supported Junos OS 10 1R...

Page 465: ...s on routed VLAN interfaces RVIs Junos OS 9 5R1 Not applicable Not applicable Not applicable CoS multidestination Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 2R1 Junos OS 10 1R1 CoS support on LAGs Junos OS 9 4R1 Not supported Junos OS 9 4R1 Junos OS 10 3R1 CoS support on routed VLAN interfaces RVIs Junos OS 10 2R1 Not supported Junos OS 9 4R1 Junos OS 10 3R1 Interface specific CoS rewrite rules Jun...

Page 466: ...rt for dual homing applications in data centers Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 0R2 Junos OS 10 1R1 Link aggregation groups LAGs Not applicable Not applicable Junos OS 9 6R1 EX4200 only Not applicable Link aggregation groups LAGs over Virtual Chassis ports VCPs Junos OS 9 4R1 Not supported Junos OS 9 0R2 Junos OS 10 1R1 Redundant trunk groups Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 0R2...

Page 467: ...os OS 10 1R1 Power over Ethernet PoE Not supported Not supported Not supported Junos OS 10 3R1 Power over Ethernet Plus PoE Not supported Not applicable Junos OS 9 3R2 Junos OS 10 1R1 PoE power management mode Junos OS 10 1R1 Not supported Junos OS 9 3R2 Not supported Unicastreverse pathforwarding RPF Junos OS 9 4R1 Not supported Junos OS 9 2R1 Not supported VLAN tagged Layer 3 subinterfaces Table...

Page 468: ...ng Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 1R1 Junos OS 10 1R1 BPDU protection for spanning tree protocols Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 1R1 Not supported GARP VLAN Registration Protocol GVRP Not supported Not supported Junos OS 10 0 Not supported Layer 2 protocol tunneling L2PT Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 0R2 Junos OS 10 1R1 Link Layer Discovery Protocol LLDP Not suppo...

Page 469: ...nning tree Spanning Tree Protocol STP Rapid Spanning Tree Protocol RSTP Multiple Spanning Tree Protocol MSTP Junos OS 9 6R1 Junos OS 10 2R1 Junos OS 9 4R1 Junos OS 10 1R1 Spanning tree VLAN Spanning Tree Protocol VSTP Junos OS 10 2R1 Junos OS 10 2R1 Junos OS 10 2R1 Not supported Spanning tree RSTP and VSTP concurrent configuration Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 1R1 Junos OS 10 1R1 Storm...

Page 470: ...ames on routed VLAN interfaces RVIs Junos OS 9 5R1 Not supported Junos OS 9 5R1 Not supported OSPF Multitopology Routing MT OSPF See the Junos OS Routing Protocols Configuration Guide at www juniper net techpubs software junos index html Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 0R2 Not supported OSPFv2 Not supported Not supported Junos OS 10 3R1 Not supported OSPFv3 IPSec support Junos OS 9 4R1 J...

Page 471: ...hes EX3200 and EX4200 Switches EX2200Switches Feature Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 0R2 Not supported Internet Group Management Protocol IGMP version1 v1 and IGMPv2 Junos OS 9 6R1 Junos OS 10 2R1 Junos OS 9 3R2 Not supported IGMPv3 Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 1R1 Junos OS 10 1R1 IGMPv1 v2 snooping Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 2R1 Junos OS 10 1R1 IGMP snooping...

Page 472: ...Network Management and Monitoring Features EX8200Switches EX4500Switches EX3200 and EX4200 Switches EX2200Switches Feature Not supported Not supported Junos OS 10 2R1 Not supported 802 1ag Ethernet OAM connectivity fault management CFM Junos OS 10 0R1 Not supported Junos OS 9 4R1 Not supported Ethernet OAM link fault management LFM Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 0R2 Junos OS 10 1R1 Port...

Page 473: ...S 9 4R1 Junos OS 10 2R1 Junos OS 9 3R2 Junos OS 10 1R1 DHCP option 82 Junos OS 10 3R1 Not supported Junos OS 9 0R2 Junos OS 10 1R1 DHCP snooping Junos OS 10 3R1 Not supported Junos OS 9 0R2 Junos OS 10 1R1 Dynamic ARP inspection DAI Junos OS 10 3R1 Not supported Junos OS 9 2R1 Junos OS 10 1R1 IP source guard Junos OS 10 3R1 Junos OS 10 2R1 Junos OS 9 0R2 Junos OS 10 1R1 MAC limiting Junos OS 10 3R...

Page 474: ...e 33 EX8216 Switch Hardware Overview on page 36 Power Management Understanding Power Management on EX Series Switches on page 378 Understanding Power Management on EX Series Switches The power management feature for Juniper Networks EX8200 Ethernet Switches helps ensure that normal operation of the system is not disrupted because of insufficient power to the switch It does so by employing a power ...

Page 475: ...h powers on power management provides power to the line cards in the order of their slot priority with line cards in high priority slots receiving power first Thus if available power including redundant power is exhausted before all line cards receive power higher priority cards are powered on while lower priority cards remain powered off If the switch starts receiving insufficient power because o...

Page 476: ...a higher priority slot but is sufficient for a line card in a lower priority slot the lower priority slot receives the power For example if an 8 port SFP line card requiring 450 W is in a higher priority slot than a 48 port SFP line card requiring 330 W the 48 port SFP line card receives the power if there is more than 330 W but less than 450 W available In an operating switch that has insufficien...

Page 477: ...ach 1 x n W 1 x n W 2 2 x n W 2 x n W 3 2 x n W 3 x n W 4 3 x n W 4 x n W 5 3 x n W 5 x n W 6 To compensate for the reduced normal operating power power management reserves less power to the chassis in an N N configuration than in an N 1 configuration This reduction in reserved chassis power allows a switch in an N N configuration to power more line cards than it could without the reduction For th...

Page 478: ...comes a major red alarm If one or more line cards are down because of insufficient power including redundant power power management raises a major red alarm Power management clears all alarms when sufficient power is available to meet normal operating and redundant power requirements Related Documentation Understanding Alarm Types and Severity Levels on EX Series Switches on page 637 Configuring t...

Page 479: ... N redundancy and how to revert back to N 1 redundancy if your deployment needs change Before you configure power management for N N redundancy ensure that you have sufficient power supplies to meet the power requirements of this configuration Use the show chassis power budget statistics command to display your current power budget NOTE Toallowmorepowertobeavailabletolinecards powermanagement comp...

Page 480: ...cards When assigning power priority to slots keep these points in mind 0 is the highest priority For an EX8208 switch you can assign a priority of 0 through 7 to a slot For an EX8216 switch you can assign a priority of 0 through 15 to a slot All slots are assigned the lowest priority by default If a group of slots shares the same assigned priority each slot s power priority within the group is bas...

Page 481: ...iguration N N Power Reserved for the Chassis 1200 W FPC 5 EX8200 48F 330 W Priority 7 FPC 6 EX8200 8XS 450 W Priority 0 Actual Power Used 1980 W Power Available Redundant case 420 W Total Power Available 2820 W Meaning The switch is configured for N N redundancy As shown by the Power Available Redundant case field the switch has sufficient power to meet the N N power requirements and has an additi...

Page 482: ...nents Because the power budget allocation is based on maximum power use actual power consumption is likely to be much less Related Documentation Configuring Power Supply Redundancy CLI Procedure on page 383 Configuring the Power Priority of Line Cards CLI Procedure on page 384 Copyright 2010 Juniper Networks Inc 386 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 483: ...CHAPTER 21 Configuration Statements for Power Management 387 Copyright 2010 Juniper Networks Inc ...

Page 484: ...s The FPC refers to the switch itself 0 9 EX4200 switch in a Virtual Chassis configuration The value corresponds to the switch s member ID 0 7 EX8200 switch The slot is a line card slot 0 15 EX8216 switch The slot is a line card slot The remaining statements are explained separately Required Privilege Level interface To view this statement in the configuration interface control To add this stateme...

Page 485: ...lease Information Statement introduced in Junos OS Release 10 2 for EX Sries switches Description Assign a power priority to the specified line card slot on an EX8200 switch Default All line card slots are initially assigned the lowest priority Options priority Assigned power priority for the slot with 0 being the highest priority Range 0 through 7 for an EX8208 switch 0 through 15 for an EX8216 s...

Page 486: ...edundancy Power Management Syntax redundancy n plus n Hierarchy Level edit chassis psu Release Information Statement introduced in Junos OS Release 10 2 for EX Series switches Description Configure N N power supply redundancy for power management on an EX8200 switch The remaining statement is explained separately Default N 1 power supply redundancy is configured by default Required Privilege Level...

Page 487: ...CHAPTER 22 Operational Mode Commands for Power Management 391 Copyright 2010 Juniper Networks Inc ...

Page 488: ...plied by all currently operating power supplies Power supplied by all Online PSUs Configured power redundancy setting either N 1 or N N Power Redundancy Configuration Power reserved for the chassis For an EX8208 switch 1600 W in an N 1 configuration 1200 W in an N N configuration For an EX8216 switch 2400 W in an N 1 configuration 1800 W in an N N configuration The power reserved for the chassis i...

Page 489: ...dant power Total Power Available show chassis power budget statistics show chassis power budget statistics user switch show chassis power budget statistics PSU 0 EX8200 AC2K 2000 W PSU 1 EX8200 AC2K 2000 W PSU 2 EX8200 AC2K 2000 W Total Power supplied by all Online PSUs 6000 W Power Redundancy Configuration N N Power Reserved for the Chassis 1600 W FPC 6 EX8200 8XS 450 W Priority 7 Actual Power Us...

Page 490: ...Copyright 2010 Juniper Networks Inc 394 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 491: ...nagement Overview on page 397 Managing Junos OS Configuration on page 417 Verifying Configuration on page 435 Configuration Statements for Configuration Management on page 437 Operational Mode Commands for Configuration Management on page 447 395 Copyright 2010 Juniper Networks Inc ...

Page 492: ...Copyright 2010 Juniper Networks Inc 396 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 493: ...t recently committed configuration files on the switch so that you can return to a previous configuration The configuration files are named juniper conf gz The current active configuration juniper conf 1 gz to juniper conf 49 gz Rollback configurations To make changes to the configuration file you have to work in the configuration mode in the CLI or use the configuration tools in the J Web interfa...

Page 494: ...tements and leaf statements which do not contain other statements All the container and leaf statements together form the configuration hierarchy configuration hierarchy The default configuration contains the initial values set for each configuration parameter when a switch is shipped default configuration Well known configuration that recovers a switch from a configuration that denies management ...

Page 495: ...work from a pre existing configuration file that you create and store on a configuration server typically a Trivial File Transfer Protocol TFTP server You can use autoinstallation to automatically configure new devices and to deploy multiple devices from a central location in the network Autoinstallation takes place automatically when you connect an Ethernet port on a new switch to the network and...

Page 496: ...quired by the network you must configure an intermediate device directly attached to the new switch through which the new switch can send TFTP boot protocol BOOTP and Domain Name System DNS requests In this case you specify the IP address of the intermediate device as the location to receive TFTP requests for autoinstallation Typical Autoinstallation Process on a New Switch When an EX Series switc...

Page 497: ...ame it sends TFTP requests for the default configuration file switch conf The TFTP request procedure is the same as for the network conf file 3 After the new switch locates a configuration file on a TFTP server the autoinstallation process downloads the file installs the file on the switch and commits the configuration Related Documentation Configuring Autoinstallation of Configuration Files CLI P...

Page 498: ...han 24 ports this default configuration file has more interfaces For models without PoE the poe stanza does not appear All models have four uplink ports as listed below ge 0 1 0 to ge 0 1 3 ethernet switching options storm control interface all level 50 protocols igmp snooping vlan all lldp interface all lldp med interface all rstp poe interface all interfaces ge 0 0 0 unit 0 family ethernet switc...

Page 499: ...ily ethernet switching ge 0 0 8 unit 0 family ethernet switching ge 0 0 9 unit 0 family ethernet switching ge 0 0 10 unit 0 family ethernet switching ge 0 0 11 unit 0 family ethernet switching ge 0 0 12 unit 0 family ethernet switching ge 0 0 13 unit 0 family ethernet switching ge 0 0 14 unit 0 403 Copyright 2010 Juniper Networks Inc Chapter 23 Configuration Management Overview ...

Page 500: ...unit 0 family ethernet switching ge 0 0 20 unit 0 family ethernet switching ge 0 0 21 unit 0 family ethernet switching ge 0 0 22 unit 0 family ethernet switching ge 0 0 23 unit 0 family ethernet switching ge 0 1 0 unit 0 family ethernet switching ge 0 1 1 unit 0 family ethernet switching Copyright 2010 Juniper Networks Inc 404 Complete Software Guide for Junos OS for EX Series Ethernet Switches Re...

Page 501: ...the values set for each configuration parameter when a switch is shipped The default configuration file sets values for system parameters such as syslog and commit configures Power over Ethernet PoE storm control and Ethernet switching on all interfaces and enables the LLDP and RSTP protocols When you commit changes to the configuration a new configuration file is created that becomes the active c...

Page 502: ...yslog user any emergency file messages any notice authorization info file interactive commands interactive commands any commit factory settings reset chassis lcd menu reset virtual chassis configuration interfaces ge 0 0 0 unit 0 family ethernet switching ge 0 0 1 unit 0 family ethernet switching ge 0 0 2 unit 0 family ethernet switching ge 0 0 3 unit 0 family ethernet switching ge 0 0 4 unit 0 fa...

Page 503: ...t 0 family ethernet switching ge 0 0 10 unit 0 family ethernet switching ge 0 0 11 unit 0 family ethernet switching ge 0 0 12 unit 0 family ethernet switching ge 0 0 13 unit 0 family ethernet switching ge 0 0 14 unit 0 family ethernet switching ge 0 0 15 unit 0 family ethernet switching ge 0 0 16 407 Copyright 2010 Juniper Networks Inc Chapter 23 Configuration Management Overview ...

Page 504: ...tching ge 0 0 21 unit 0 family ethernet switching ge 0 0 22 unit 0 family ethernet switching ge 0 0 23 unit 0 family ethernet switching xe 0 1 0 unit 0 family ethernet switching xe 0 1 1 unit 0 family ethernet switching ge 0 1 0 unit 0 family ethernet switching ge 0 1 1 unit 0 Copyright 2010 Juniper Networks Inc 408 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 505: ...d Configuring an EX Series Switch J Web Procedure on page 189 Understanding Configuration Files for EX Series Switches on page 397 EX Series Switches Interfaces Overview on page 1095 EX4500 Default Configuration Each EX Series switch is programmed with a factory default configuration that contains the values set for each configuration parameter when a switch is shipped The default configuration fi...

Page 506: ...lways revert to the factory default configuration See Reverting to the Default Factory Configuration for the EX Series Switch on page 427 This topic shows the factory default configuration file of an EX4500 switch system syslog user any emergency file messages any notice authorization info file interactive commands interactive commands any commit factory settings reset chassis lcd menu reset virtu...

Page 507: ...ching xe 0 0 8 unit 0 family ethernet switching xe 0 0 9 unit 0 family ethernet switching xe 0 0 10 unit 0 family ethernet switching xe 0 0 11 unit 0 family ethernet switching xe 0 0 12 unit 0 family ethernet switching xe 0 0 13 unit 0 family ethernet switching xe 0 0 14 unit 0 family ethernet switching 411 Copyright 2010 Juniper Networks Inc Chapter 23 Configuration Management Overview ...

Page 508: ...ethernet switching xe 0 0 20 unit 0 family ethernet switching xe 0 0 21 unit 0 family ethernet switching xe 0 0 22 unit 0 family ethernet switching xe 0 0 23 unit 0 family ethernet switching xe 0 0 24 unit 0 family ethernet switching xe 0 0 25 unit 0 family ethernet switching Copyright 2010 Juniper Networks Inc 412 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 509: ...0 30 unit 0 family ethernet switching xe 0 0 31 unit 0 family ethernet switching xe 0 0 32 unit 0 family ethernet switching xe 0 0 33 unit 0 family ethernet switching xe 0 0 34 unit 0 family ethernet switching xe 0 0 35 unit 0 family ethernet switching xe 0 0 36 unit 0 family ethernet switching 413 Copyright 2010 Juniper Networks Inc Chapter 23 Configuration Management Overview ...

Page 510: ...y ethernet switching xe 0 1 2 unit 0 family ethernet switching xe 0 1 3 unit 0 family ethernet switching xe 0 2 0 unit 0 family ethernet switching xe 0 2 1 unit 0 family ethernet switching xe 0 2 2 unit 0 family ethernet switching xe 0 2 3 unit 0 family ethernet switching Copyright 2010 Juniper Networks Inc 414 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 511: ...at contains the values set for each configuration parameter when a switch is shipped The default configuration file sets values for system parameters such as the ARP aging timer the system log and file messages while also enabling the LLDP protocol the RSTP protocol IGMP snooping and storm control When you commit changes to the configuration a new configuration file is created that becomes the act...

Page 512: ...Files Terms on page 398 Connecting and Configuring an EX Series Switch CLI Procedure on page 187 Connecting and Configuring an EX Series Switch J Web Procedure on page 189 Understanding Configuration Files for EX Series Switches on page 397 EX8208 Switch Hardware Overview on page 33 EX8216 Switch Hardware Overview on page 36 Copyright 2010 Juniper Networks Inc 416 Complete Software Guide for Junos...

Page 513: ...icate each statement s relative position in the hierarchy Each level is generally set off with braces with an open brace at the beginning of each hierarchy level and a closing brace at the end If the statement at a hierarchy level is empty the braces are not displayed Each leaf statement ends with a semicolon as does the last statement in the hierarchy This indented representation is used when the...

Page 514: ... the configured hierarchy and the main pane displays configured hierarchy options and the Icon Legend To expand or hide the hierarchy of all the statements in the side pane click Expand all or Hide all To expand or hide an individual statement in the hierarchy click the expand or collapse icon to the left of the statement TIP Only those statements included in the committed configuration are displa...

Page 515: ... your cursor over them Table 76 on page 419 describes these icons Table 76 J Web Edit Point Click Configuration Icons Function Icon Displays a comment about a statement C Indicates that a statement is inactive I Indicates that a statement has been added or modified but has not been committed M Indicates that the statement or identifier is required in the configuration Provides online help informat...

Page 516: ...hanges When you commit the configuration the candidate file is checked for proper syntax activated and marked as the current operational software configuration file If multiple users are editing the configuration when you commit the candidate configuration changes made by all users take effect You can configure the commit options to either commit all configuration changes together or commit each c...

Page 517: ... The Commit Preference page is displayed 2 Configure the commit options by selecting your preference See Table 79 on page 421 for details on preference options Indicates your choice of committing all global configurations together or committing each configuration change immediately Preference Table 79 Commit Preference Options Function Option Sets the system to validate and force an immediate comm...

Page 518: ...red action when the file is loaded Table 80 on page 422 lists and describes some options for the load command Table 80 Options for the load command Description Options Combines the current active configuration and the configuration in filename or the one that you type at the terminal A merge operation is useful when you are adding a new section to an existing configuration If the active configurat...

Page 519: ...ly using the CLI and commit it at a later time Related Documentation Uploading a Configuration File J Web Procedure on page 423 Understanding Configuration Files for EX Series Switches on page 397 Uploading a Configuration File J Web Procedure You can create a configuration file on your local system copy the file to the EX Series switch and then load the file into the CLI After you have loaded the...

Page 520: ...ement History The main pane displays History Database Information page Table 81 on page 424 summarizes the contents of the display The configuration history display allows you to View a configuration Compare two configurations Download a configuration file to your local system Roll back the configuration to any of the previous versions stored on the switch Table 81 J Web Configuration History Summ...

Page 521: ...age 425 summarizes the Database Information display Table 82 J Web Configuration Database Information Summary Description Field Name of user editing the configuration User Name Time of day the user logged in to the switch Start Time Elapsed time since the user issued a configuration command from the CLI Idle Time Terminal on which the user is logged in Terminal Process identifier assigned to the u...

Page 522: ...urrent and previous 49 configurations is displayed as Configuration History in the main pane 2 In the Action column click Rollback for the version of the configuration you want to load The main pane displays the results of the rollback operation NOTE WhenyouclickRollback theswitchloadsandcommitstheselected configuration This behavior is different from the switch s behavior that occurs after you en...

Page 523: ...ration Files Terms on page 398 For more information on rollback see the Junos OS CLI User Guide at http www juniper net techpubs software junos index html Reverting to the Default Factory Configuration for the EX Series Switch If for any reason the current active configuration fails you can revert to the default factory configuration You can also roll back to a previous configuration as described ...

Page 524: ...gure 7 EX Series Switch LCD Panel NOTE If you want to convert an EX4200 switch from a member of a multimember Virtual Chassis configuration to a standalone switch first disconnect the cables connected to the Virtual Chassis ports VCPs See Disconnecting a Virtual Chassis Cable from an EX4200 Switch The Menu button procedure deletes all modified configuration parameters including Virtual Chassis par...

Page 525: ...Chassis CLI Procedure on page 1011 EX2200 Switch Default Configuration on page 401 EX3200 and EX4200 Default Configuration on page 405 EX4500 Default Configuration on page 409 EX8200 Switch Default Configuration on page 415 Understanding Configuration Files for EX Series Switches on page 397 For more information about the load factory default command see the Junos OS CLI User Guide at http www jun...

Page 526: ...cue Configuration CLI Procedure A rescue configuration is a well known configuration that recovers a switch from a configuration that denies management access You set a current committed configuration to be the rescue configuration through the J Web interface or CLI If someone inadvertently commits a configuration that denies management access to an EX Series switch and the console port is not acc...

Page 527: ...the console port is not accessible you can overwrite the invalid configuration and replace it with the rescue configuration by using the LCD panel on the switch The rescue configuration is a previously committed valid configuration We recommend that the rescue configuration include the IP address accessible from the network for the management port To view set or delete the rescue configuration usi...

Page 528: ...FTP server in the network A host specific file with the name hostname conf for each switch undergoing autoinstallation Replace hostname with the name of a switch The hostname conf file typically contains all the configuration information necessary for the switch with this hostname A default configuration file named switch conf with the minimum configuration necessary to enable you to telnet into t...

Page 529: ... of one or more servers from which to obtain configuration files edit system user switch set autoinstallation configuration servers tftp tftpconfig sp com NOTE You can also use an FTP address for example ftp user password sftpconfig sp com 2 Configure one or more Ethernet interfaces to perform autoinstallation and one or two procurement protocols for each interface The switch uses the protocols to...

Page 530: ...Copyright 2010 Juniper Networks Inc 434 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 531: ... Configuration Acquisition Acquired Address 192 168 124 75 Hostname host ge 000 Hostname source DNS Configuration filename switch ge 000 conf Configuration filename server 10 25 100 3 Address acquisition Protocol DHCP Client Acquired address None Protocol RARP Client Acquired address None Interface Name ge 0 0 1 State None Address acquisition Protocol DHCP Client Acquired address None Protocol RAR...

Page 532: ...Copyright 2010 Juniper Networks Inc 436 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 533: ...os OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure copying of the currently active configuration to an archive site Options The remaining statements are explained separately Required Privilege Level admin To view this statement in the configuration admin control To add this statement to the configuration Related Documentation Using JUNOS Sof...

Page 534: ...an one archive site the router or switch attempts to transfer the configuration files to the first archive site in the list moving to the next only if the transfer fails The format for the destination filename is router name_juniper conf gz _YYYYMMDD_HHMMSS NOTE The time included in the destination filename is always in Coordinated Universal Time UTC regardless of whether the time on the router or...

Page 535: ...ts an IP address from a Dynamic Host Configuration Protocol DHCP server Once the router or switch has an address it sends a request to a configuration server and downloads and installs a configuration Options The remaining statements are explained separately Required Privilege Level system To view this statement in the configuration system control To add this statement to the configuration Related...

Page 536: ...configuration file being committed If no errors are found the configuration is activated and becomes the current operational configuration on all Routing Engines Starting with Junos OS Release 9 3 accounting of events and operations on a backup Routing Engine is not supported on accounting servers such as TACACS or RADIUS Logging of accounting events is supported only for events and operations on ...

Page 537: ...hes Description Configure the router or switch to transfer its currently active configuration by means of FTP periodically or after each commit Options The remaining statements are explained separately Required Privilege Level system To view this statement in the configuration system control To add this statement to the configuration Related Documentation Using JUNOS Software to Configure a Router...

Page 538: ...nfiguration files Examples of URLs tftp hostname path filename ftp username prompt ftp hostname net filename Required Privilege Level system To view this statement in the configuration system control To add this statement to the configuration Related Documentation Upgrading Software Using Automatic Software Download on EX Series Switches on page 90 Getting Started Guide for your router model autoi...

Page 539: ...ement protocol Options bootp Send requests over serial interfaces with Frame Relay rarp Send requests over Ethernet interfaces slarp On J Series Services Routers only Send requests over serial interfaces with HDLC Required Privilege Level system To view this statement in the configuration system control To add this statement to the configuration Related Documentation Upgrading Software Using Autom...

Page 540: ...Options interval Interval at which to transfer the current configuration to an archive site Range 15 through 2880 minutes Required Privilege Level system To view this statement in the configuration system control To add this statement to the configuration Related Documentation Using JUNOS Software to Configure a Router or Switch to Transfer Its Configuration to an Archive Site archive on page 668 ...

Page 541: ...tement using an IPv6 host address you must enclose the entire URL in quotation marks and enclose the IPv6 host address in brackets For example ftp username password ipv6 host address port url path Required Privilege Level system To view this statement in the configuration system control To add this statement to the configuration Related Documentation Using JUNOS Software to Configure a Router or S...

Page 542: ...Copyright 2010 Juniper Networks Inc 446 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 543: ...CHAPTER 27 Operational Mode Commands for Configuration Management 447 Copyright 2010 Juniper Networks Inc ...

Page 544: ... clear log on page 448 Output Fields See file list for an explanation of output fields clear log The following sample commands list log file information clear the contents of a log file and then display the updated log file information clear log user host file list lcc0 re0 var log sampled detail lcc0 re0 rw r 1 root wheel 26450 Jun 23 18 47 var log sampled total 1 user host clear log lcc0 re0 sam...

Page 545: ...mmit on page 449 clear system commit None Pending on page 449 clear system commit User Does Not Have Required Privilege Level on page 449 Output Fields When you enter this command you are provided feedback on the status of your request clear system commit user host clear system commit Pending commit cleared clear system commit clear system commit None Pending user host clear system commit No commi...

Page 546: ...tenance List of Sample Output file archive Multiple Files on page 450 file archive Single File on page 450 file archive with Compression on page 451 Output Fields When you enter this command you are provided feedback on the status of your request file archive Multiple Files The following sample command archives all message files in the local directory var log messages as the single file messages a...

Page 547: ...as the single file messages archive tgz in the same directory user host file archive compress source var log messages destination var log messages archive tgz usr bin tar Removing leading from absolute path names in the archive user host 451 Copyright 2010 Juniper Networks Inc Chapter 27 Operational Mode Commands for Configuration Management ...

Page 548: ...ipt in the Junos Configuration and Operations Automation Guide Configuring Checksum Hashes for an Op Script in the Junos Configuration and Operations Automation Guide Executing an Op Script from a Remote Site in the JUNO Configuration and Operations Automation Guide file checksum sha 256 on page 454 file checksum sha1 on page 453 op on page 236 List of Sample Output file checksum md5 on page 452 O...

Page 549: ...vent Script in the Junos Configuration and Operations Automation Guide Configuring Checksum Hashes for an Op Script in the Junos Configuration and Operations Automation Guide Executing an Op Script from a Remote Site in the Junos Configuration and Operations Automation Guide file checksum md5 on page 452 file checksum sha 256 on page 454 op on page 236 List of Sample Output file checksum sha1 on p...

Page 550: ...the Junos Configuration and Operations Automation Guide Configuring Checksum Hashes for an Op Script in the Junos Configuration and Operations Automation Guide Executing an Op Script from a Remote Site in the Configuration and Operations Automation Guide file checksum md5 on page 452 file checksum sha1 on page 453 op on page 236 List of Sample Output file checksum sha 256 on page 454 Output Fields...

Page 551: ...second file Output lines preceded by an exclamation point have changed Additions are marked with a plus sign and deletions are marked with a minus sign Unified Display is preceded by the line number from the first and the second file xx xxx x Before the line number additions to the file are marked with a plus sign and deletions to the file are marked with a minus sign The body of the output contai...

Page 552: ...not defined authentication encrypted password SECRET 97 105 user bill full name Bill Smith uid 1089 class super user authentication encrypted password SECRET file compare files unified user host file compare files tmp one tmp two unified tmp one Wed Dec 3 17 12 50 2003 tmp two Wed Dec 3 09 13 14 2003 97 8 97 9 user bill full name Bill Smith class foo foo is not defined full name Bill Smith uid 108...

Page 553: ... tmp one Wed Dec 3 09 13 10 2003 tmp two Wed Dec 3 09 13 14 2003 99 7 99 7 user bill full name Bill Smith uid 1089 class foo foo is not defined class super user authentication encrypted password SECRET SECRET DATA 457 Copyright 2010 Juniper Networks Inc Chapter 27 Operational Mode Commands for Configuration Management ...

Page 554: ...s on page 458 file copy A File From the TX Matrix Plus Router to a T1600 Router Connected to the TX Matrix Plus Router on page 458 Output Fields When you enter this command you are provided feedback on the status of your request file copy A File from the Router to a PC user host file copy var tmp rpd core 4 berry c junipero tmp transferring file 0 KB 0 3 kB s ETA 00 00 00 100 file copy A File from...

Page 555: ...ing them Required Privilege Level maintenance List of Sample Output file delete on page 459 file delete Routing Matrix on page 459 Output Fields When you enter this command you are provided feedback on the status of your request file delete user host file list var tmp dcd core rpd core snmpd core user host file delete var tmp snmpd core file delete user host file list var tmp dcd core rpd core fil...

Page 556: ...alInformation The default directory is the home directory of the user logged into the router or switch To view available directories enter a space and then a backslash after the file list command To view files within a specific directory include a backslash followed by the directory and optionally subdirectory name after the file list command Required Privilege Level maintenance List of Sample Out...

Page 557: ...athan check_time cores diagTestPrep diagtest diagtest regress do_switchovers dump_test err manoj log esw_clearstats esw_counter esw_debug esw_debug_ge esw_filt_test esw_filter_tnp_addr esw_getstats esw_phy esw_stats 461 Copyright 2010 Juniper Networks Inc Chapter 27 Operational Mode Commands for Configuration Management ...

Page 558: ...put file rename on page 462 file rename Routing Matrix on page 463 Output Fields When you enter this command you are provided feedback on the status of your request file rename The following example lists the files in var tmp renames one of the files and then displays the list of files again to reveal the newly named file file rename user host file list var tmp dcd core rpd core snmpd core user ho...

Page 559: ... host file list lcc0 re1 var tmp lcc0 re1 var tmp pccardd sartre conf snmpd syslogd core tarball 0 tgz user host file rename lcc0 re0 var tmp snmpd var tmp snmpd rr user host file list lcc0 re1 var tmp lcc0 re1 var tmp pccardd sartre conf snmpd rr syslogd core tarball 0 tgz 463 Copyright 2010 Juniper Networks Inc Chapter 27 Operational Mode Commands for Configuration Management ...

Page 560: ... var log messages Apr 13 21 00 08 romney kernel so 1 1 2 loopback suspected going to standby Apr 13 21 00 40 romney kernel so 1 1 2 loopback suspected going to standby file show Apr 13 21 02 48 romney last message repeated 4 times Apr 13 21 07 04 romney last message repeated 8 times Apr 13 21 07 13 romney kernel so 1 1 0 Clearing SONET alarm s RDI P Apr 13 21 07 29 romney kernel so 1 1 0 Asserting...

Page 561: ... printf x x ch j ch j printf x ch j set j j 1 if j 16 printf n end end end 465 Copyright 2010 Juniper Networks Inc Chapter 27 Operational Mode Commands for Configuration Management ...

Page 562: ...ntenance Related Documentation request system configuration rescue save on page 467 request system software rollback on page 125 show system commit on page 471 List of Sample Output request system configuration rescue delete on page 466 Output Fields This command produces no output request system configuration rescue delete user host request system configuration rescue delete request system config...

Page 563: ...and Options This command has no options Required Privilege Level maintenance Related Documentation request system software delete on page 122 request system software rollback on page 125 show system commit on page 471 List of Sample Output request system configuration rescue save on page 467 Output Fields This command produces no output request system configuration rescue save user host request sy...

Page 564: ... to be downloaded Required Privilege Level maintenance Related Documentation Understanding Automatic Refreshing of Scripts on EX Series Switches on page 399 Junos OS Junos XML Management Protocol Guide at http www juniper net techpubs software junos index html Junos OS NETCONF XML Management Protocol Guide at http www juniper net techpubs software junos index html List of Sample Output request sys...

Page 565: ...the file to be downloaded Required Privilege Level maintenance Related Documentation Understanding Automatic Refreshing of Scripts on EX Series Switches on page 399 Junos OS Junos XML Management Protocol Guide at http www juniper net techpubs software junos index html Junos OS NETCONF XML Management Protocol Guide at http www juniper net techpubs software junos index html List of Sample Output req...

Page 566: ...f the file to be downloaded Required Privilege Level maintenance Related Documentation Understanding Automatic Refreshing of Scripts on EX Series Switches on page 399 Junos OS Junos XML Management Protocol Guide at http www juniper net techpubs software junos index html Junos OS NETCONF XML Management Protocol Guide at http www juniper net techpubs software junos index html List of Sample Output r...

Page 567: ...Field Name Displays the last 50 commit operations listed most recent to first The identifier rescue designates a configuration created for recovery using the request system configuration rescue save command Commit History Date and time of the commit operation Timestamp User who executed the commit operation User name Method used to execute the commit operation cli CLI interactive user performed th...

Page 568: ...ue 2002 05 10 15 32 03 PDT by root via other show system commit At a Particular Time user host show system commit commit requested by root via cli at Tue May 7 15 59 00 2002 show system commit At the Next Reboot user host show system commit commit requested by root via cli at reboot show system commit Rollback Pending user host show system commit 0 2005 01 05 15 00 37 PST by root via cli commit co...

Page 569: ...umber of files queued for archival transfer Options This command has no options Required Privilege Level maintenance List of Sample Output show system configuration archival on page 473 show system configuration archival user host show system configuration archival var transfer config total 8 show system configuration archival 473 Copyright 2010 Juniper Networks Inc Chapter 27 Operational Mode Com...

Page 570: ...e on page 474 show system configuration rescue user host show system configuration rescue version 7 3 groups global show system configuration rescue system host name router1 domain name customer net domain search customer net backup router 192 168 124 254 name server 172 17 28 11 172 17 28 101 172 17 28 100 172 17 28 10 login user regress uid 928 class shell csh authentication encrypted password 1...

Page 571: ...nother previously committed rollback configuration to compare to rollback number The output displays the differences between the two configurations The range of values is 0 through 49 Required Privilege Level view List of Sample Output show system rollback compare on page 475 show system rollback compare user host show system rollback 3 compare 1 edit interfaces show system rollback compare ge 1 1...

Page 572: ... Copyright 2010 Juniper Networks Inc 476 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 573: ... Required Privilege Level view List of Sample Output test configuration on page 477 Output Fields When you enter this command you are provided feedback on the status of your request test configuration test configuration user host test configuration terminal Type D to end input system host name bluesky paris 23 login terminal 3 8 syntax error paris edit system paris 23 syntax error terminal 4 11 st...

Page 574: ...Copyright 2010 Juniper Networks Inc 478 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 575: ...n page 481 User Access Management Configuration on page 495 Monitoring Users on page 501 Troubleshooting User Access Management on page 505 Configuration Statements for User and Access Management on page 509 Operational Mode Commands for User and Access Management on page 535 479 Copyright 2010 Juniper Networks Inc ...

Page 576: ...Copyright 2010 Juniper Networks Inc 480 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 577: ...ontrol Features Table 2 on page 5 Administration Features Table 3 on page 5 Class of Service CoS Features Table 4 on page 5 High Availability and Resiliency Features Table 5 on page 7 Interfaces Features Table 6 on page 7 IP Address Management Features Table 7 on page 8 IPv6 Features Table 8 on page 8 Layer 2 Network Protocols Features Table 9 on page 9 Layer 3 Protocols Features Table 10 on page ...

Page 578: ...rate limiting For a list of supported firewall filter match conditions and actions see Firewall Filter Match Conditions and Actions for EX Series Switches on page 3009 Junos OS 10 0R1 Junos OS 10 2R1 Junos OS 9 0R2 Junos OS 10 1R1 Firewall filters on LAGs Junos OS 9 6R1 Junos OS 10 2R1 Junos OS 9 2R1 Junos OS 10 1R1 Firewall filter on loopback interface Junos OS 10 3R1 Not supported Junos OS 10 1R...

Page 579: ... interfaces RVIs Junos OS 9 5R1 Not applicable Not applicable Not applicable CoS multidestination Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 2R1 Junos OS 10 1R1 CoS support on LAGs Junos OS 9 4R1 Not supported Junos OS 9 4R1 Junos OS 10 3R1 CoS support on routed VLAN interfaces RVIs Junos OS 10 2R1 Not supported Junos OS 9 4R1 Junos OS 10 3R1 Interface specific CoS rewrite rules Junos OS 9 4R1 Juno...

Page 580: ...rt for dual homing applications in data centers Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 0R2 Junos OS 10 1R1 Link aggregation groups LAGs Not applicable Not applicable Junos OS 9 6R1 EX4200 only Not applicable Link aggregation groups LAGs over Virtual Chassis ports VCPs Junos OS 9 4R1 Not supported Junos OS 9 0R2 Junos OS 10 1R1 Redundant trunk groups Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 0R2...

Page 581: ...er over Ethernet PoE Not supported Not supported Not supported Junos OS 10 3R1 Power over Ethernet Plus PoE Not supported Not applicable Junos OS 9 3R2 Junos OS 10 1R1 PoE power management mode Junos OS 10 1R1 Not supported Junos OS 9 3R2 Not supported Unicastreverse pathforwarding RPF Junos OS 9 4R1 Not supported Junos OS 9 2R1 Not supported VLAN tagged Layer 3 subinterfaces Table 89 IP Address M...

Page 582: ...ng Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 1R1 Junos OS 10 1R1 BPDU protection for spanning tree protocols Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 1R1 Not supported GARP VLAN Registration Protocol GVRP Not supported Not supported Junos OS 10 0 Not supported Layer 2 protocol tunneling L2PT Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 0R2 Junos OS 10 1R1 Link Layer Discovery Protocol LLDP Not suppo...

Page 583: ...ing Tree Protocol STP Rapid Spanning Tree Protocol RSTP Multiple Spanning Tree Protocol MSTP Junos OS 9 6R1 Junos OS 10 2R1 Junos OS 9 4R1 Junos OS 10 1R1 Spanning tree VLAN Spanning Tree Protocol VSTP Junos OS 10 2R1 Junos OS 10 2R1 Junos OS 10 2R1 Not supported Spanning tree RSTP and VSTP concurrent configuration Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 1R1 Junos OS 10 1R1 Storm control Junos O...

Page 584: ...ames on routed VLAN interfaces RVIs Junos OS 9 5R1 Not supported Junos OS 9 5R1 Not supported OSPF Multitopology Routing MT OSPF See the Junos OS Routing Protocols Configuration Guide at www juniper net techpubs software junos index html Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 0R2 Not supported OSPFv2 Not supported Not supported Junos OS 10 3R1 Not supported OSPFv3 IPSec support Junos OS 9 4R1 J...

Page 585: ...X4200 Switches EX2200Switches Feature Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 0R2 Not supported Internet Group Management Protocol IGMP version1 v1 and IGMPv2 Junos OS 9 6R1 Junos OS 10 2R1 Junos OS 9 3R2 Not supported IGMPv3 Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 1R1 Junos OS 10 1R1 IGMPv1 v2 snooping Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 2R1 Junos OS 10 1R1 IGMP snooping with routed VLA...

Page 586: ...Network Management and Monitoring Features EX8200Switches EX4500Switches EX3200 and EX4200 Switches EX2200Switches Feature Not supported Not supported Junos OS 10 2R1 Not supported 802 1ag Ethernet OAM connectivity fault management CFM Junos OS 10 0R1 Not supported Junos OS 9 4R1 Not supported Ethernet OAM link fault management LFM Junos OS 9 4R1 Junos OS 10 2R1 Junos OS 9 0R2 Junos OS 10 1R1 Port...

Page 587: ... 10 2R1 Junos OS 9 3R2 Junos OS 10 1R1 DHCP option 82 Junos OS 10 3R1 Not supported Junos OS 9 0R2 Junos OS 10 1R1 DHCP snooping Junos OS 10 3R1 Not supported Junos OS 9 0R2 Junos OS 10 1R1 Dynamic ARP inspection DAI Junos OS 10 3R1 Not supported Junos OS 9 2R1 Junos OS 10 1R1 IP source guard Junos OS 10 3R1 Junos OS 10 2R1 Junos OS 9 0R2 Junos OS 10 1R1 MAC limiting Junos OS 10 3R1 Not supported ...

Page 588: ...page 30 EX8208 Switch Hardware Overview on page 33 EX8216 Switch Hardware Overview on page 36 Understanding Software Infrastructure and Processes Each switch runs the Juniper Networks Junos operating system Junos OS for Juniper Networks EX Series Ethernet Switches on its general purpose processors Junos OS includes processes for Internet Protocol IP routing and for managing interfaces networks and...

Page 589: ...upgrade all or part of the Junos OS for added flexibility Table 17 on page 24 describes the primary Junos OS processes Table 98 Junos OS Processes Description Name Process Detects hardware on the system that is used to configure network interfaces Monitors the physical status of hardware components and field replaceable units FRUs detecting when environment sensors such as temperature sensors are ...

Page 590: ...ber of times to prevent thrashing and logs any failure information for further investigation mgd Management process Defines how routing protocols such as RIP OSPF and BGP operate on the device including selecting routes and maintaining forwarding tables rpd Routing protocol process Related Documentation For more information about processes see the Junos OS Network Operations Guide at http www juni...

Page 591: ...terfaces and ports as needed Navigate to the Secure Access Configuration page by selecting Configure System Properties ManagementAccess On this page you can enable HTTP and HTTPS access on interfaces for managing the EX Series switch through the J Web interface You can also install SSL certificates and enable Junos XML management protocol over SSL with the Secure Access page 1 Click Edit to modify...

Page 592: ...IP and IPv6 address NOTE IPv6 is not supported on EX2200 and EX 4500 switches Management Port IP Management Port IPv6 For IPv4 address type a 32 bit IP address in dotted decimal notation Type a 128 bit IP address for IPv6 address type Defines a default gateway through which to direct packets addressed to networks that are not explicitly listed in the bridge table constructed by the switch Default ...

Page 593: ...interfaces Enable HTTP To enable HTTPS access select the Enable HTTPS access check box Select and deselect interfaces by clicking the direction arrows To enable HTTPS access on an interface add the interface to the HTTPS Interfaces list You can either select all interfaces or specific interfaces NOTE Specify the certificate to be used for HTTPS access Enables HTTPS access on interfaces Enable HTTP...

Page 594: ...file in which you want the SSL certificate to be written for example my certificate 2 When prompted type the appropriate information in the identification form For example type US for the country name 3 Display the contents of the file that you created cat my certificate pem You can use the J Web Configuration page to install the SSL certificate on the switch To do this copy the file containing th...

Page 595: ...assword change support ensure that you have Configured RADIUS server authentication Configure users on the authentication server and set the first tried option in the authentication order to radius See Example Connecting a RADIUS Server for 802 1X to an EX Series Switch on page 2545 To configure MS CHAPv2 specify the following edit system radius options user switch set password protocol mschap v2 ...

Page 596: ...Copyright 2010 Juniper Networks Inc 500 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 597: ...r Enter details as described in Table 100 on page 502 Edit Select this option to edit an existing user s details Enter details as described in Table 100 on page 502 Delete Select this option to delete a user 4 Click an option on the Authentication Methods and Order tab Authentication Order Drag and drop the authentication type from the Available Methods section to the Selected Methods Click the up...

Page 598: ...clude spaces colons or commas in the username Specifies the name that identifies the user Username required Type the user s ID Specifies the user identification User Id Type the user s full name If the full name contains spaces enclose it in quotation marks Do not include colons or commas Specifies the user s full name Full Name Select the user s login class from the list operator read only super ...

Page 599: ...rd of the server is entered correctly Confirm Password Type the port number Specifies the port with which the server is associated Server Port Type the server s 32 bit IP address in dotted decimal notation Specifies the source address of the server Source Address Type the number NOTE Only 1 retry is permitted for a TACACS server Specifies the number of login retries allowed after a login failure R...

Page 600: ...Copyright 2010 Juniper Networks Inc 504 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 601: ...eed physical access to the switch to recover the root password Solution To recover the root password 1 Power off your switch by unplugging the power cord or turning off the power at the wall switch 2 Insert one end of the Ethernet cable into the serial port on the management device and connect the other end to the console port on the back of the switch See Figure 8 on page 505 Figure 8 Connecting ...

Page 602: ...t the root password recovery procedure Enter full path name of shell or recovery for root password recovery or RETURN for bin sh recovery A series of messages describe consistency checks mounting of filesystems and initialization and checkout of management services Then the CLI prompt appears 9 Enter configuration mode in the CLI user switch configure 10 Set the root password For example user swit...

Page 603: ...X Series Switch J Web Procedure on page 189 For information about configuring an encrypted root password configuring SSH keys to authenticate root logins and configuring special requirements for plain text passwords see the Junos OS System Basics Configuration Guide at http www juniper net techpubs software junos index html 507 Copyright 2010 Juniper Networks Inc Chapter 31 Troubleshooting User Ac...

Page 604: ...Copyright 2010 Juniper Networks Inc 508 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 605: ...e deny commands statement users can issue only those commands for which they have access privileges through the permissions statement Options regular expression Extended modern regular expression as defined in POSIX 1003 2 If the regular expression contains any spaces operators or wildcard characters enclose it in quotation marks Required Privilege Level admin To view this statement in the configu...

Page 606: ... permissions statement Options regular expression Extended modern regular expression as defined in POSIX 1003 2 If the regular expression contains any spaces operators or wildcard characters enclose it in quotation marks Required Privilege Level admin To view this statement in the configuration admin control To add this statement to the configuration Related Documentation Specifying Access Privile...

Page 607: ...ppears after a user logs in Options text Text of the announcement If the text contains any spaces enclose it in quotation marks Required Privilege Level system To view this statement in the configuration system control To add this statement to the configuration Related Documentation Configuring the JUNOS Software to Display a System Login Announcement message on page 522 511 Copyright 2010 Juniper...

Page 608: ... using blank quotation marks You must configure a password whose number of characters range from 1 through 128 characters and enclose the password in quotation marks plain text password Plain text password The command line interface CLI prompts you for the password and then encrypts it ssh dsa public key SSH version 2 authentication Specify the SSH public key You can specify one or more public key...

Page 609: ...n their configured passwords Options authentication methods One or more authentication methods listed in the order in which they should be tried The method can be one or more of the following password Use the password configured for the user with the authentication statement at the edit system login user hierarchy level radius Use RADIUS authentication services tacplus Use TACACS authentication se...

Page 610: ...sitions between character sets Required Privilege Level system To view this statement in the configuration system control To add this statement to the configuration Related Documentation Special Requirements for JUNOS Software Plain Text Passwords minimum changes on page 523 class Assigning a Class to an Individual User Syntax class class name Hierarchy Level edit system login user username Releas...

Page 611: ...Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Define a login class Options class name A name you choose for the login class The remaining statements are explained separately Required Privilege Level admin To view this statement in the configuration admin control To add this statement to the configuration Related Documentation Defining JUNOS Software Lo...

Page 612: ...ue only those commands for which they have access privileges through the permissions statement Options regular expression Extended modern regular expression as defined in POSIX 1003 2 If the regular expression contains any spaces operators or wildcard characters enclose it in quotation marks Required Privilege Level admin To view this statement in the configuration admin control To add this statem...

Page 613: ...users can issue only those commands for which they have access privileges through the permissions statement Options regular expression Extended modern regular expression as defined in POSIX 1003 2 If the regular expression contains any spaces operators or wildcard characters enclose it in quotation marks Required Privilege Level admin To view this statement in the configuration admin control To ad...

Page 614: ...his statement in the configuration system control To add this statement to the configuration Related Documentation Special Requirements for JUNOS Software Plain Text Passwords full name Syntax full name complete name Hierarchy Level edit system login user Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Descrip...

Page 615: ...imes out after remaining at the CLI operational mode prompt for the specified time Default If you omit this statement a user is never forced off the system after extended idle times Options minutes Maximum idle time Range 0 through 100 000 minutes Required Privilege Level admin To view this statement in the configuration admin control To add this statement to the configuration Related Documentatio...

Page 616: ...te name uid uid value class class name authentication authentication encrypted password password plain text password ssh rsa public key ssh dsa public key Hierarchy Level edit system Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure user access to the router or switch Options The remaining ...

Page 617: ...ng JUNOS Software to Configure System Alarms to Appear Automatically on J Series Routers and EX Series Ethernet Switches J Series Services Router Administration Guide login tip Syntax login tip Hierarchy Level edit system login class class name Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Enable...

Page 618: ...e configuration system control To add this statement to the configuration Related Documentation Special Requirements for JUNOS Software Plain Text Passwords message Syntax message text Hierarchy Level edit system login Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure a system login message...

Page 619: ...password is checked against the specified minimum If change type is set transitions then the number of character set changes in the password is checked against the specified minimum Default For Junos OS the minimum number of changes is 1 For Junos FIPS Software the minimum number of changes is 3 Options number The minimum number of character sets or character set changes required for the password ...

Page 620: ... of characters for plain text passwords is six For Junos FIPS software the minimum number of characters for plain text passwords is 10 Options length The minimum number of characters the password must include Range 6 to 20 characters Required Privilege Level system To view this statement in the configuration system control To add this statement to the configuration Related Documentation Special Re...

Page 621: ...onfiguration Related Documentation Special Requirements for JUNOS Software Plain Text Passwords maximum length on page 522 permissions Syntax permissions permissions Hierarchy Level edit system login class Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure the login access privileges to be p...

Page 622: ...eries switches Description Configure RADIUS options for the NAS IP address for outgoing RADIUS packets and password protocol used in RADIUS packets Options ip address IP address of the network access server NAS that requests user authentication mschap v2 Protocol MS CHAPv2 used for password authentication and password changing Required Privilege Level system To view this statement in the configura...

Page 623: ...lay in seconds Range 1 through 3 Default 2 backoff factor seconds Length of delay after each failed login attempt The length of delay increases by this value for each subsequent login attempt after the value specified in the backoff threshold option Range 5 through 10 Default 5 maximum time seconds Maximum length of time that the connection remains open for the user to enter a username and passwor...

Page 624: ...crypted password using blank quotation marks You must configure a password whose number of characters range from 1 through 128 characters and enclose the password in quotation marks plain text password Plain text password The CLI prompts you for the password and then encrypts it The CLI displays the encrypted version and the software places the encrypted version in its user database You can specif...

Page 625: ... logging in to the router or switch as root through SSH deny password Allow users to log in to the router or switch as root through SSH when the authentication method for example RSA authentication does not require a password Required Privilege Level admin To view this statement in the configuration admin control To add this statement to the configuration Related Documentation Configuring SSH Serv...

Page 626: ... use the same authentication service Default junos exec no cmd attribute value Set the cmd attribute value to an empty string in the TACACS accounting start and stop requests to enable logging of accounting records in the correct log file on a TACACS server exclude cmd attribute Exclude the cmd attribute value completely from start and stop accounting records to enable logging of accounting record...

Page 627: ...for EX Series switches Description Configure the TACACS server Options server address Address of the TACACS authentication server The remaining statements are explained separately Required Privilege Level system To view this statement in the configuration system control To add this statement to the configuration Related Documentation Configuring TACACS Authentication 531 Copyright 2010 Juniper Net...

Page 628: ...d in the directory var log files number Optional Maximum number of trace files When a trace file named trace file reaches its maximum size it is renamed trace file 0 then trace file 1 and so on until the maximum number of trace files is reached Then the oldest trace file is overwritten If you specify a maximum number of files you also must specify a maximum file size with the size option and a fil...

Page 629: ...guration admin control To add this statement to the configuration Related Documentation Tracing Address Assignment Pool Processes Configuring Address Assignment Pools uid Syntax uid uid value Hierarchy Level edit system login user Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure a user ide...

Page 630: ...oduced in Junos OS Release 9 0 for EX Series switches Description Configure access permission for individual users Options The remaining statements are explained separately Required Privilege Level admin To view this statement in the configuration admin control To add this statement to the configuration Related Documentation Configuring JUNOS Software User Accounts class on page 514 Copyright 2010...

Page 631: ...CHAPTER 33 Operational Mode Commands for User and Access Management 535 Copyright 2010 Juniper Networks Inc ...

Page 632: ...xt Message to display terminal terminal name Name of the terminal on which to display the message user user name Name of the user to whom to direct the message Required Privilege Level maintenance List of Sample Output request message message on page 536 Output Fields When you enter this command you are provided feedback on the status of your request request message message user host request messa...

Page 633: ...nt type matches the specified client type DHCP L2TP PPP PPPOE or VLAN count Optional Display the count of total subscribers and active subscribers for any specified option You can use the count option alone or with the address client type interface logical system mac address profile name routing instance stacked vlan id subscriber state and vlan id options interface Optional Display subscribers wh...

Page 634: ...detail on page 541 show subscribers stacked vlan id detail on page 541 show subscribers stacked vlan id vlan id detail Combined Output on page 541 show subscribers stacked vlan id vlan id interface detail Combined Output for a Specific Interface on page 542 show subscribers client type dhcp detail on page 542 show subscribers extensive on page 542 show subscribers summary on page 543 show subscrib...

Page 635: ...he subscriber in the form tpid vlan id VLAN Id Stacked VLAN ID associated with the subscriber in the form tpid vlan id Stacked VLAN Id RADIUS accounting ID associated with the subscriber RADIUS Accounting ID Option 82 agent circuit ID associated with the subscriber Agent Circuit ID Option 82 agent remote ID associated with the subscriber Agent Remote ID IP address used by the DHCP relay agent DHCP...

Page 636: ...bscriber counts per client type and the total number of subscribers Subscribers by Client Type Number of subscribers summarized by logical system routing instance LS RI combination Summary information includes subscriber counts per LS RI and the total number of subscribers Subscribers by LS RI show subscribers show subscribers user host show subscribers Interface IP Address VLAN ID User Name LS RI...

Page 637: ...how subscribers vlan id 100 Interface IP Address User Name ge 1 0 0 1073741824 ge 1 2 0 1073741825 show subscribers vlan id detail user host show subscribers vlan id 100 detail Type VLAN Interface ge 1 0 0 1073741824 Interface type Dynamic Dynamic Profile Name vlan prof tpid State Active VLAN Id 100 Login Time 2009 03 11 06 48 54 PDT Type VLAN Interface ge 1 2 0 1073741825 Interface type Dynamic D...

Page 638: ... Profile Name dhcp demux prof MAC Address 00 10 95 00 00 98 State Active Radius Accounting ID jnpr 2304 Login Time 2009 08 25 14 43 52 PDT Type DHCP IP Address 100 20 10 7 IP Netmask 255 255 0 0 Logical System default Routing Instance default Interface demux0 1073744383 Interface type Dynamic Dynamic Profile Name dhcp demux prof MAC Address 00 10 94 00 01 f3 State Active Radius Accounting ID jnpr ...

Page 639: ...ed 1 TOTAL 191 Subscribers by Client Type DHCP 107 PPP 76 VLAN 8 TOTAL 191 Subscribers by LS RI default default 1 default ri1 28 default ri2 16 ls1 default 22 ls1 riA 38 ls1 riB 44 logsysX routinstY 42 TOTAL 191 show subscribers terse user host show subscribers summary terse Interface IP Address VLAN ID User Name LS RI ge 1 3 0 1073741824 100 default default demux0 1073741824 100 0 0 10 WHOLESALER...

Page 640: ...Copyright 2010 Juniper Networks Inc 544 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 641: ...ervices Overview on page 547 System Services Configuration on page 549 Monitoring System Services on page 553 Configuration Statements for System Services on page 557 Operational Mode Commands for System Services on page 613 545 Copyright 2010 Juniper Networks Inc ...

Page 642: ...Copyright 2010 Juniper Networks Inc 546 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 643: ... this path to EX Series switches acting as DHCP clients as part of the DHCP message exchange process The DHCP clients that have been configured for automatic software download receive these messages and when the software package name in the DHCP server message is different from that of the software package that booted the DHCP client switch download and install the software package See Upgrading S...

Page 644: ...iled information about configuring a DHCP BOOTP relay agent see the Junos OS Policy Framework Configuration Guide at http www juniper net techpubs software junos index html software junos junos101 index html You can configure an EX Series Switch to use the gateway IP address giaddr as the source IP address of the switch for relayed DHCP packets when the switch is used as the DHCP relay agent For i...

Page 645: ...figuration page To configure the DHCP server 1 Select Configure Services DHCP 2 Access a DHCP Configuration page To configure a DHCP pool for a subnet click Add in the DHCP Pools box To configure a static binding for a DHCP client click Add in the DHCP Static Binding box To globally configure settings for existing DHCP pools and static bindings click Configure Global DHCP Parameters 3 Enter inform...

Page 646: ...conds Type a number from 60 through 2 147 483 647 seconds You can also type infinite to specify a lease that never expires Specifies the length of time a client can hold a lease for clients that do not request a specific lease length Default Lease Time Seconds Server Information Type the IP address of the server If you do not specify a server identifier the primary address of the interface on whic...

Page 647: ...uired To add an IP address type it next to the Add button and click Add To remove an IP address select it in the Fixed IP Addresses box and click Delete Defines a list of IP addresses permanently assigned to the client A static binding must have at least one fixed address assigned to it but multiple addresses are also allowed Fixed IP Addresses required Type a client hostname Specifies the name of...

Page 648: ...nd name in the same statement To configure a SIP server using the address option edit system services dhcp user switch set sip server address For example to configure one address edit system services dhcp user switch set sip server 172 168 0 11 To configure a SIP server using the name option edit system services dhcp user switch set sip server name For example to configure a name edit system servi...

Page 649: ...vices DHCP To monitor the DHCP server in the CLI enter the following CLI commands show system services dhcp binding show system services dhcp conflict show system services dhcp pool show system services dhcp statistics show system services dhcp relay statistics show system services dhcp global show system services dhcp client Meaning Table 104 on page 553 summarizes the output fields in DHCP displ...

Page 650: ...address of the client MAC Address DHCP servers can assign a dynamic binding from a pool of IP addresses or a static binding to one or more specific IP addresses Type of binding assigned to the client dynamic or static Binding Type Date and time the lease expires or never for leases that do not expire Lease Expires Pools tab Subnet on which the IP address pool is defined Pool Name Lowest address in...

Page 651: ...her states it performs no action Renew Clears other resources received earlier from the server and reinitializes the client state to INIT for the particular interface Release Conflicts tab Date and time the client detected the conflict Detection Time Only client detected conflicts are displayed How the conflict was detected Detection Method The addresses in the conflicts list remain excluded until...

Page 652: ... and DHCPREQUEST messages sent from DHCP clients and received by the DHCP server Messages received Number of BOOTREPLY DHCPACK DHCPOFFER and DHCPNAK messages sent from the DHCP server to DHCP clients Messages sent Related Documentation Configuring DHCP Services J Web Procedure on page 549 DHCP Services for EX Series Switches Overview on page 547 Copyright 2010 Juniper Networks Inc 556 Complete Sof...

Page 653: ...tised to DHCP clients After the client receives an IP address and the boot file location from the DHCP server the client uses the boot image stored in the boot file to complete DHCP setup Options filename The location of the boot file on the boot server The filename can include a pathname Required Privilege Level system To view this statement in the configuration system control To add this stateme...

Page 654: ...ed to DHCP clients The client uses a boot file located on the boot server to complete DHCP setup Options address Address of a boot server You must specify an IPv4 address not a hostname Required Privilege Level system To view this statement in the configuration system control To add this statement to the configuration Related Documentation Configuring the Router Switch or Interface to Act as a DHC...

Page 655: ...lease 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configures a router switch or interface to act as a Dynamic Host Configuration Protocol DHCP or bootstrap protocol BOOTP relay agent DHCP relaying is disabled Options The remaining statements are explained separately Required Privilege Level interface To view this statement in the configuration interface cont...

Page 656: ...cates for an ES PIC cache size Syntax cache size bytes Hierarchy Level edit security certificates Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Encryption interface on M Series and T Series routers and EX Series switches only Configure the cache size for digital certificates Options bytes Cache s...

Page 657: ...ure a negative cache for digital certificates Options seconds Negative time to cache digital certificates in seconds Range 10 through 4 294 967 295 Default 20 CAUTION Configuring a large negative cache value can lead to a denial of service attack Required Privilege Level admin To view this statement in the configuration admin control To add this statement to the configuration Related Documentation...

Page 658: ...e Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Encryption interface on M Series and T Series and EX Series switches routers only Configure the digital certificates for IPsec The remaining statements are explained separately Required Privilege Level admin To view this statement in the configuration admin...

Page 659: ...nt id Hierarchy Level edit system services dhcp static binding Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description For J Series Services Routers and EX Series switches only Configure the client s unique identifier This identifier is used by the DHCP server to index its database of address bindings Eith...

Page 660: ...v4 Options limit Optional Maximum number of established connections Range 1 through 250 Default 75 Required Privilege Level system To view this statement in the configuration system control To add this statement to the configuration Related Documentation Configuring clear text or SSL Service for JUNOScript Client Applications Configuring DTCP over SSH Service for the Flow Tap Application Configuri...

Page 661: ...ntax default lease time seconds Hierarchy Level edit system services dhcp edit system services dhcp pool edit system services dhcp static binding Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description For J Series Services Routers and EX Series switches only Specify the length of time in seconds that a cl...

Page 662: ...e 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Describe a BOOTP DHCP Domain Name System DNS or Trivial File Transfer Protocol TFTP service or an interface that is configured for the service Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation Configuri...

Page 663: ...ss wins server address Hierarchy Level edit system services Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description For J Series Services Routers and EX Series switches only Configure a router switch or interface as a DHCP server A DHCP server can allocate network addresses and deliver configuration inform...

Page 664: ...ame routing instance routing instance name Hierarchy Level edit forwarding options helpers Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Enable DNS request packet forwarding The remaining statements are explained separately Required Privilege Level interface To view this statement in the configur...

Page 665: ...ervices Routers and EX Series Ethernet Switches domain search Syntax domain search domain list Hierarchy Level edit system edit system services dhcp edit system services dhcp pool edit system services dhcp static binding Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure a list of domains to...

Page 666: ...ocumentation Configuring Digital Certificates for an ES PIC Configuring an IKE Policy for Digital Certificates for an ES PIC enrollment retry Syntax enrollment retry attempts Hierarchy Level edit security certificates Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Encryption interface on M Series ...

Page 667: ... the configuration Related Documentation Configuring Digital Certificates for an ES PIC file Syntax file certificate filename Hierarchy Level edit security certificates certification authority ca profile name Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Encryption interface on M Series and T Ser...

Page 668: ...ests from remote systems to the local router or switch Options The remaining statements are explained separately Required Privilege Level system To view this statement in the configuration system control To add this statement to the configuration Related Documentation Configuring FTP Service for Remote Access to the Router or Switch Copyright 2010 Juniper Networks Inc 572 Complete Software Guide f...

Page 669: ...adcast description text description no listen server address logical system logical system name routing instance routing instance name server address logical system logical system name routing instance routing instance name port port number description text description interface interface name broadcast description text description no listen server address logical system logical system name routin...

Page 670: ... 9 0 for EX Series switches Description Enable TFTP or DNS request packet forwarding or configure the router switch or interface to act as a DHCP BOOTP relay agent Use only one server address per interface or global configuration The remaining statements are explained separately Required Privilege Level interface To view this statement in the configuration interface control To add this statement t...

Page 671: ...ch to allow the HTTP service By default HTTP access is allowed through built in Fast Ethernet or Gigabit Ethernet interfaces only The remaining statement is explained separately Required Privilege Level system To view this statement in the configuration system control To add this statement to the configuration Related Documentation Configuring Management Access for the EX Series Switch J Web Proce...

Page 672: ...d through built in Fast Ethernet or Gigabit Ethernet interfaces only local certificate name Name of the X 509 certificate for a Secure Sockets Layer SSL connection An SSL connection is configured at the edit security certificates local hierarchy The remaining statements are explained separately Required Privilege Level system To view this statement in the configuration system control To add this s...

Page 673: ...the interface for a DHCP and BOOTP relay agent Options interface group Sets a logical interface or group of logical interfaces with a specific DHCP relay configuration The remaining statements are explained separately Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation Configuring Routers ...

Page 674: ...ce control To add this statement to the configuration Related Documentation Configuring DNS and TFTP Packet Forwarding ldap url Syntax ldap url url name Hierarchy Level edit security certificates certification authority ca profile name Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Encryption inte...

Page 675: ...Description Load RSA SSH version 1 and SSH version 2 and DSA SSH version 2 public keys from a file The file is a URL containing one or more SSH keys Required Privilege Level admin To view this statement in the configuration admin control To add this statement to the configuration Related Documentation Configuring the Root Password Configuring JUNOS Software User Accounts 579 Copyright 2010 Juniper...

Page 676: ...te certificate name Name that uniquely identifies the certificate load key file URL or path File that contains the private key and certificate It can be one of two types of values Pathname of a file on the local disk assuming you have already used another method to copy the certificate file to the router s or switch s local disk URL to the certificate file location for instance on the computer whe...

Page 677: ...cates for JUNOScript Support maximum certificates Syntax maximum certificates number Hierarchy Level edit security certificates Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Encryption interface on M Series and T Series routers and EX Series switches only Configure the maximum number of peer digi...

Page 678: ...ervices dhcp Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description For J Series Services Routers and EX Series switches only Specify the maximum length of time in seconds for which a client can request and hold a lease on a DHCP server An exception is that the dynamic BOOTP lease length can exceed the ma...

Page 679: ... Level edit system edit system services dhcp edit system services dhcp pool edit system services dhcp static binding Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure one or more Domain Name System DNS name servers Options address Address of the name server To configure multiple name server...

Page 680: ...ches Description Disable recognition of DNS requests or stop packets from being forwarded on a logical interface a group of logical interfaces a router or a switch Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation Configuring DNS and TFTP Packet Forwarding Configuring Routers Switches an...

Page 681: ...Default To configure transmission of the router s or switch s device ID to the application include the device id statement at the edit system services hierarchy level Options client id Identifies the outbound ssh configuration stanza on the router or switch Each outbound ssh stanza represents a single outbound SSH connection This attribute is not sent to the client device id Identifies the router ...

Page 682: ... a client the router or switch attempts to reconnect to the client based on the retry and timeout values for each client listed address Hostname or the IPv4 address of the NSM application server You can list multiple clients by adding each client s IP address or hostname along with the following connection parameters port Outbound SSH port for the client The default is port 22 retry Number of time...

Page 683: ...he trace operation only or by any user By default log files are only accessible by the user that started the trace operation no world readable all configuration connectivity Optional Type of tracing operation to perform all Log all events configuration Log all events pertaining to the configuration of the router or switch connectivity Log all events pertaining to the establishment of a connection ...

Page 684: ...Series switches only Configure the digital certificate path length Options certificate path length Digital certificate path length Range 2 through 15 certificates Default 15 certificates Required Privilege Level admin To view this statement in the configuration admin control To add this statement to the configuration Related Documentation Configuring Digital Certificates for an ES PIC Copyright 20...

Page 685: ...ailable for dynamic address assignment If no range is specified the pool will use all available addresses within the subnet specified Broadcast addresses interface addresses and excluded addresses are not available exclude address Addresses within the range that are not used for dynamic address assignment You can exclude one or more addresses within the range The remaining statements are explained...

Page 686: ... page 575 https on page 576 web management on page 611 port SRC Server Syntax port port number Hierarchy Level edit system services service deployment servers server address Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure the port number on which to contact the SRC server Options port num...

Page 687: ...l edit system services finger edit system services ftp edit system services ssh edit system services telnet edit system services xnm clear text edit system services xnm ssl Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Maximum number of connection attempts on an access service Options rate limit ...

Page 688: ...s a DHCP and BOOTP relay agent Options address One or more addresses of the server logical system logical system name Optional Logical system of the server routing instance routing instance names Optional Routing instance name or names that belong to the DHCP or BOOTP relay agent Required Privilege Level interface To view this statement in the configuration interface control To add this statement ...

Page 689: ...es Description Specify the DNS or TFTP server for forwarding DNS or TFTP requests Only one server can be specified for each interface Options address Address of the server logical system logical system name Optional Logical system of the server routing instance routing instance names Optional Set the routing instance name or names that belong to the DNS server or TFTP server Required Privilege Lev...

Page 690: ...messages to specific DHCP servers to renew a current lease This address must be a manually assigned static IP address The server cannot send a request and receive an IP address from itself or another DHCP server Default If no server identifier is set the DHCP server sets the server identifier based on the primary interface address used by the server to receive a client request For example if the c...

Page 691: ...on Configuring the JUNOS Software to Work with SRC Software service deployment Syntax service deployment servers server address port port number source address source address Hierarchy Level edit system services Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Enable Junos OS to work with the Sessio...

Page 692: ... source address source address telnet connection limit limit rate limit limit web management http interfaces interface names port port https interfaces interface names local certificate name port port session idle timeout minutes session limit session limit xnm clear text connection limit limit rate limit limit xnm ssl connection limit limit local certificate name rate limit limit Copyright 2010 J...

Page 693: ... Junos OS to work with the Session and Resource Control SRC software The remaining statements are explained separately Required Privilege Level system To view this statement in the configuration system control To add this statement to the configuration Related Documentation Configuring clear text or SSL Service for JUNOScript Client Applications Configuring the Router Switch or Interface to Act as...

Page 694: ...b user login sessions Options idle timeout minutes Configure the number of minutes a session can be idle before it times out Range 1 through 1440 Default 1440 session limit session limit Configure the maximum number of simultaneous J Web user login sessions Range 1 through 1024 Default Unlimited Required Privilege Level system To view this statement in the configuration system control To add this ...

Page 695: ...nding Required Privilege Level system To view this statement in the configuration system control To add this statement to the configuration Related Documentation Configuring a DHCP SIP Server CLI Procedure on page 552 source address SRC Software Syntax source address source address Hierarchy Level edit system services service deployment Release Information Statement introduced before Junos OS Rele...

Page 696: ...iting the specified interface of the switch In Junos OS Release 10 1 for EX Series switches and later releases the IP address of the interface that the DHCP packet exits on the switch acting as a DHCP relay agent is used as the source IP address for relayed DHCP packets by default In Junos OS Releases 9 6 and 10 0 for EX Series switches the gateway IP address of the switch is always used as the so...

Page 697: ...r EX Series switches Description Allow SSH requests from remote systems to the local router or switch The remaining statements are explained separately Required Privilege Level system To view this statement in the configuration system control To add this statement to the configuration Related Documentation Configuring SSH Service for Remote Access to the Router or Switch 601 Copyright 2010 Juniper...

Page 698: ...can assign more host client hostname Hostname of the client requesting the DHCP server The name can include the local domain name Otherwise the name is resolved based on the domain name statement client identifier ascii client id hexadecimal client id Used by the DHCP server to index the database of address bindings The client identifier is an ASCII string or hexadecimal number and can include a t...

Page 699: ...terface interface name broadcast description text description no listen server address logical system logical system name routing instance routing instance name server address logical system logical system name routing instance routing instance name Hierarchy Level edit forwarding options helpers Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS ...

Page 700: ...es When a trace file for example kmd reaches its maximum size it is renamed kmd 0 then kmd 1 and so on until the maximum number of trace files is reached Then the oldest trace file is overwritten If you specify a maximum number of files you must also specify a maximum file size with the size option Range 2 through 1000 files Default 0 files size size Optional Maximum size of each trace file in kil...

Page 701: ...outing socket messages timer Trace internal timer events Required Privilege Level admin To view the configuration admin control To add this statement to the configuration Related Documentation Configuring Tracing Operations for Security Services 605 Copyright 2010 Juniper Networks Inc Chapter 37 Configuration Statements for System Services ...

Page 702: ...m size it is renamed trace file 0 then trace file 1 and so on until the maximum number of trace files is reached Then the oldest trace file is overwritten If you specify a maximum number of files you also must specify a maximum file size with the size option and a filename Range 2 through 1000 Default 3 files flag flag Tracing operation to perform To specify more than one tracing operation include...

Page 703: ...t Trace important events ifdb Trace interface database operations io Trace I O operations lease Trace lease operations main Trace main loop operations match regex Refine the output to include lines that contain the regular expression misc Trace miscellaneous operations packet Trace DHCP packets options Trace DHCP options pool Trace address pool operations protocol Trace protocol operations rtsock ...

Page 704: ...ify a maximum file size you also must specify a maximum number of trace files with the files option and filename Syntax xk to specify KB xm to specify MB or xg to specify GB Range 10 KB through 1 GB Default 128 KB world readable Optional Enable unrestricted file access Required Privilege Level system To view this statement in the configuration system control To add this statement to the configurat...

Page 705: ... include the file statement you must specify a filename files number Optional Maximum number of trace files When a trace file named trace file reaches its maximum size it is renamed trace file 0 then trace file 1 and so on until the maximum number of trace files is reached Then the oldest trace file is overwritten If you specify a maximum number of files you also must specify a maximum file size w...

Page 706: ...aches its maximum size trace file 0 is renamed trace file 1 and trace file is renamed trace file 0 This renaming scheme continues until the maximum number of trace files is reached Then the oldest trace file is overwritten If you specify a maximum file size you also must specify a maximum number of trace files with the files option and filename Syntax xk to specify KB xm to specify MB or xg to spe...

Page 707: ...e browser based J Web graphical user interface HTTPS access allows secure management of the router or switch using the J Web interface With HTTPS access communication between the router or switch Web server and your browser is encrypted The remaining statements are explained separately Required Privilege Level system To view this statement in the configuration system control To add this statement ...

Page 708: ...WindowsInternetNameService WINS database that matches IP addresses such as 192 168 1 3 to Windows NetBIOS names such as Marketing List servers in order of preference Options address IPv4 address of the NetBIOS Name Server running WINS To configure multiple servers include multiple address options Required Privilege Level system To view this statement in the configuration system control To add this...

Page 709: ...CHAPTER 38 Operational Mode Commands for System Services 613 Copyright 2010 Juniper Networks Inc ...

Page 710: ...tions address Optional Remove a specific IP address binding and return it to the address pool Required Privilege Level view and system Related Documentation show system services dhcp binding on page 621 List of Sample Output clear system services dhcp binding on page 614 Output Fields When you enter this command you are provided feedback on the status of your request clear system services dhcp bin...

Page 711: ...ol Options address Optional Remove a specific IP address from the conflict list and return it to the address pool Required Privilege Level view and system Related Documentation show system services dhcp conflict on page 623 List of Sample Output clear system services dhcp conflict on page 615 Output Fields When you enter this command you are provided feedback on the status of your request clear sy...

Page 712: ... command has no options Required Privilege Level view and system Related Documentation show system services dhcp statistics on page 628 List of Sample Output clear system services dhcp statistics on page 616 Output Fields When you enter this command you are provided feedback on the status of your request clear system services dhcp statistics user host clear system services dhcp statistics clear sy...

Page 713: ... from the primary to the backup IP Security IPsec tunnel Options interface es fpc pic port Switch to the backup encryption interface security associations sa name Switch to the backup tunnel Required Privilege Level view Related Documentation show ipsec redundancy List of Sample Output request ipsec switch on page 617 Output Fields When you enter this command you are provided feedback on the statu...

Page 714: ... certificate authority profile in the configuration encoding binary pem File format used for the certificate The format can be a binary file or privacy enhanced mail PEM an ASCII base64 encoded format The default format is binary key file key file File containing a local private key domain name domain name Fully qualified domain name Required Privilege Level maintenance List of Sample Output reque...

Page 715: ... size key size Optional Key size in bits The key size can be 512 1024 or 2048 The default value is 1024 type Optional Algorithm used to encrypt the key rsa RSA algorithm This is the default dsa Digital signature algorithm with Secure Hash Algorithm SHA Required Privilege Level maintenance List of Sample Output request security key pair on page 619 Output Fields When you enter this command you are ...

Page 716: ...ed for the certificate The format can be a binary file or privacy enhanced mail PEM an ASCII base64 encoded format The default value is binary url url Certificate authority URL Required Privilege Level maintenance List of Sample Output request security certificate unsigned on page 620 Output Fields When you enter this command you are provided feedback on the status of your request request security...

Page 717: ...ibes the output fields for the show system services dhcp binding command Output fields are listed in the approximate order in which they appear Table 105 show system services dhcp binding Output Fields Level of Output Field Description Field Name All levels List of IP addresses the DHCP server has assigned to clients Allocated address All levels Corresponding media access control MAC hardware addr...

Page 718: ...vices dhcp binding address user host show system services dhcp binding 192 168 1 3 DHCP binding information Allocated address 192 168 1 3 Mac address 00 a0 12 00 12 ab Client identifier 61 63 65 64 2d 30 30 3a 61 30 3a 31 32 3a 30 30aced 00 a0 12 00 3a 31 33 3a 30 32 13 02 Lease information Binding Type dynamic Obtained at 2004 05 02 13 01 42 PDT Expires at 2004 05 03 13 01 42 PDT show system serv...

Page 719: ...ibes the output fields for the show system services dhcp conflict command Output fields are listed in the approximate order in which they appear Table 106 show system services dhcp conflict Output Fields Field Description Field Name Date and time the client detected the conflict Detection time How the conflict was detected Detection method IP address where the conflict occurs The addresses in the ...

Page 720: ...ple Output show system services dhcp global on page 625 Output Fields Table 107 on page 624 describes the output fields for the show system services dhcp global command Output fields are listed in the approximate order in which they appear Table 107 show system services dhcp global Output Fields Field Description Field Name Length of lease time assigned to BOOTP clients BOOTP lease length Lease ti...

Page 721: ... Default lease time 1 hour Minimum lease time 2 hours Maximum lease time infinite DHCP options Name name server Value 6 6 6 6 6 6 6 7 Name domain name Value mydomain tld Code 19 Type flag Value off Code 40 Type string Value domain tld Code 32 Type ip address Value 3 3 3 33 625 Copyright 2010 Juniper Networks Inc Chapter 38 Operational Mode Commands for System Services ...

Page 722: ...ommand Output fields are listed in the approximate order in which they appear Table 108 show system services dhcp pool Output Fields Level of Output Field Description Field Name None specified Subnet on which the IP address pool is defined Pool name None specified Lowest address in the IP address pool Low address None specified Highest address in the IP address pool High address None specified Add...

Page 723: ...vices dhcp pool show system services dhcp pool subnet address user host show system services dhcp pool 3 3 3 0 24 Pool information Subnet 3 3 3 0 24 Address range 3 3 3 2 3 3 3 254 Addresses assigned 2 253 show system services dhcp pool subnet address detail user host show system services dhcp pool 3 3 3 0 24 detail Pool information Subnet 3 3 3 0 24 Address range 3 3 3 2 3 3 3 254 Addresses assig...

Page 724: ...dhcp statistics command Output fields are listed in the approximate order in which they appear Table 109 show system services dhcp statistics Output Fields Field Description Field Name Lease time assigned to clients that do not request a specific lease time Default lease time Minimum time a client can retain an IP address lease on the server Minimum lease time Maximum time a client can retain an I...

Page 725: ...t show system services dhcp statistics DHCP lease times show system services dhcp statistics Default lease time 1 hour Minimum lease time 2 hours Maximum lease time infinite Packets dropped Total 0 Bad hardware address 0 Bad opcode 0 Invalid server address 0 No available addresses 0 No interface match 0 No routing instance match 0 No valid local address 0 Packet too short 0 Read error 0 Send error...

Page 726: ...ired Privilege Level view and system List of Sample Output show system services service deployment on page 630 show system services service deployment user host show system services service deployment Connected to 192 4 4 4 port 10288 since 2004 05 03 11 04 34 PDT Keepalive settings Interval 15 seconds Keepalives sent 750 Notifications sent 0 Last update from peer 00 00 06 ago show system services...

Page 727: ...ssh address cli command1 cli command2 Options host Name or address of the remote system bypass routing Optional Bypass the normal routing tables and send ping requests directly to a system on an attached network If the system is not on a directly attached network an error is returned Use this option to ping a local system through an interface that has no route through it inet inet6 Optional Create...

Page 728: ...SSH To specify the number of times a user can attempt to enter a password to log in through SSH include the retry options statement at the edit system login hierarchy level For details see the Junos System Basics Configuration Guide Required Privilege Level network List of Sample Output ssh on page 632 Output Fields When you enter this command you are provided feedback on the status of your reques...

Page 729: ...onal Bypass the normal routing tables and send ping requests directly to a system on an attached network If the system is not on a directly attached network an error is returned Use this option to ping a local system through an interface that has no route through it inet inet6 Optional Open an IPv4 or IPv6 session respectively interface interface name Optional Interface name for the telnet session...

Page 730: ... through telnet include the retry options statement at the edit system login hierarchy level For details see the Junos System Basics Configuration Guide Required Privilege Level network List of Sample Output telnet on page 634 Output Fields When you enter this command you are provided feedback on the status of your request telnet telnet user host telnet 192 154 1 254 Trying 192 154 169 254 Connect...

Page 731: ...g System Monitoring Overview on page 637 Administering and Monitoring System Functions on page 649 Configuration Statements for System Monitoring on page 667 Operational Mode Commands for System Monitoring on page 721 635 Copyright 2010 Juniper Networks Inc ...

Page 732: ...Copyright 2010 Juniper Networks Inc 636 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 733: ...rm The level of severity can be either major red or minor yellow alarm severity Predefined alarm triggered by a physical condition on the switch such as a power supply failure excessive component temperature or media failure chassis alarm Predefined alarm triggered by a missing rescue configuration or failure to install a license for a licensed software feature system alarm Alarm Types The switch ...

Page 734: ...n page 638 Dashboard for EX Series Switches When you log in to the J Web user interface the dashboard for the EX Series switch appears Use the dashboard to view system information The dashboard comprises four panels and a graphical chassis viewer You can click Preferences to choose which panels are to be displayed and set the refresh interval for chassis viewer information Click OK to save your pr...

Page 735: ... 16 FPC Control board CB refers to RE modules FPC refers to line cards Inventory details Indicates the version of the Junos OS image Junos image Indicates the version of the boot image that is used Boot image Indicates the time since the last reboot Device uptime Indicates the time when the switch was last configured Last configured time Health Status Panel Table 112 Health Status Description Fiel...

Page 736: ... and capacity of internal flash memory and any external USB flash drive Flash Capacity Utilization Panel Table 113 Capacity Utilization Description Field Indicates the number of active ports in the switch Number of active ports Indicates the number of ports in the switch Total number of ports Indicates the number of MAC Table entries Used up MAC Table entries Indicates the maximum number of MAC Ta...

Page 737: ...erface is up but is nonoperational Gray Interface is down and nonoperational Hover the mouse pointer over the interface port to view more information Interface status Rear View The management port is used to connect the switch to a management device for out of band management Management me0 port The console port is used to connect the switch to a management console or to a console server You might...

Page 738: ...urrent character display LCD panel Rear View of the EX3200 Switch The management port is used to connect the switch to a management device for out of band management Management me0 port The console port is used to connect the switch to a management console or to a console server You might do this for initial switch configuration Console port Indicates the USB port for the switch NOTE We recommend ...

Page 739: ...r over the interface port to view more information If an SFP uplink module is installed in the switch hover the mouser pointer over the interface ports on the module for more information For SFP and SFP ports the interfaces appear dimmed if no transceiver is inserted The chassis viewer displays Transceiver not plugged in when you hover the mouse pointer over the port icon The two M1 modules provid...

Page 740: ...OTE We recommend you use USB flash drives purchased from Juniper Networks for your EX Series switch Auxiliary port This port is not enabled on the switch It is reserved for future use Management me0 port The management port is used to connect the switch to a management device for out of band management Console port The console port is used to connect the switch to a management console or to a cons...

Page 741: ...configured for the LEDs on the ports Hover the mouse pointer over the icon to view the current character display LCD panel The EX8208 switch does not have any components on the rear of the chassis Rear View 645 Copyright 2010 Juniper Networks Inc Chapter 39 System Monitoring Overview ...

Page 742: ...nfiguration Interface status Slots on the switch are labeled from the top of the switch down RE0 RE module RE1 RE module 0 15 line cards Slot numbers The active slots contain a gray temperature icon Hover the mouse pointer over the icon to display temperature information for the slot Temperature Hover the mouse pointer over the fan tray icon to display consolidated fan information Fan status Hover...

Page 743: ...500 Switches Hardware Overview on page 30 EX8208 Switch Hardware Overview on page 33 EX8216 Switch Hardware Overview on page 36 647 Copyright 2010 Juniper Networks Inc Chapter 39 System Monitoring Overview ...

Page 744: ...Copyright 2010 Juniper Networks Inc 648 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 745: ...erface select Monitor Events and Alarms View Events Apply a filter or a combination of filters to view messages You can use filters to display relevant events Table 119 on page 649 describes the different filters their functions and the associated actions To view events in the CLI enter the following command show log Table 119 Filtering System Log Messages Your Action Function Field To specify eve...

Page 746: ...l or complete ID for example TFTPD_AF_ERR Specifies the event ID for which you want to display the messages Allows you to type part of the ID and completes the remainder automatically An event ID also known as a system log message code uniquely identifies a system log message It begins with a prefix that indicates the generating software process or library Event ID To specify events with a specifi...

Page 747: ...ess serious consequences than errors in the emergency alert and critical levels Critical Pink Indicates critical conditions such as hard drive errors Alert Orange Indicates conditions that require immediate correction such as a corrupted system database Emergency Red Indicates system panic or other conditions that cause the switch to stop functioning Severity The event ID begins with a prefix that...

Page 748: ...alues Field Category of the alarm Chassis Indicates an alarm condition on the chassis typically an environmental alarm such as one related to temperature System Indicates an alarm condition in the system Type Alarm severity either major red or minor yellow Severity Brief synopsis of the alarm Description Date and time when the failure was detected Time Related Documentation Monitoring System Log M...

Page 749: ...s with the J Web Interface on page 652 Table122onpage653listssomeofthechassisalarmsthatanEX8200switchcangenerate Table 122 Chassis Alarms for EX8200 Switches Additional Information Severity Remedy Alarm Condition Component The switch will eventually get too hot to operate if a fan tray is removed Temperature alarms will follow This alarm is expected during fan tray removal and installation Yellow ...

Page 750: ... output failure or due to temperature issues Power supply Red Remove and reinsert the power supply If removing and reinserting the power supply does not resolve the problem reboot the switch A power supply s internal connection to the switch is not operating properly Power supply The chassis is warm and should be cooled down The switch is still functioning normally To monitor temperature user swit...

Page 751: ...ted The chassis warm temperature threshold has been exceeded and one or more fans are not operating properly The operating fans are running at full speed Temperature The chassis is hot and should be cooled down The switch might still function normally but is close to shutting down if it hasn t already To monitor temperature user switch show chassis environment To monitor temperature thresholds use...

Page 752: ...eria to specify the packets that you want to capture You can decode and view the captured packets in the J Web interface as they are captured The packet capture feature does not capture transient traffic Table 123 Packet Capture Field Summary Your Action Function Field From the list select an interface for example ge 0 0 0 Specifies the interface on which the packets are captured If you select def...

Page 753: ...ers are to be displayed Layer 2 Headers To read all packets that reach the interface select this check box Specifies not to place the interface in promiscuous mode so that the interface reads only packets addressed to it In promiscuous mode the interface reads every packet that reaches it Non Promiscuous To display the packet headers in hexadecimal format select this check box Specifies that packe...

Page 754: ...on page 151 Monitoring System Properties Purpose Use the monitoring functionality to view system properties such as the name and IP address of the switch and resource usage Action To monitor system properties in the J Web interface select Monitor System View System Information To monitor system properties in the CLI enter the following commands show system uptime show system users show system stor...

Page 755: ...is field also shows the name of the user who issued the last commit command through either the J Web interface or the CLI Last Configured Time The CPU load average for 1 5 and 15 minutes Load Average Storage Media Memory usage details of internal flash Internal Flash Memory Usage details of external flash memory External Flash Memory Logged in Users Details Username of any user logged in to the sw...

Page 756: ...iew chassis properties in the CLI enter the following commands show chassis environment show chassis fpc show chassis hardware Meaning Table125onpage660givesinformationaboutthekeyoutputfieldsforchassisinformation NOTE For an EX2200 switch an EX3200 switch or an EX4200 standalone switch FPC refers to the switch itself In a Virtual Chassis configuration FPC refers to the member switch In an EX8200 s...

Page 757: ... an FPC to view General Temperature Resource and Sub component details Select component Select the General tab to view the general information about the chassis components General Displays general information Version Revisionlevel Supplytheversionnumberwhenreportinghardwareproblems to customer support Part Number Serial Number Supply the serial number when contacting customer support about the swi...

Page 758: ... for EX Series Switches on page 638 Monitoring System Process Information Purpose Use the monitoring functionality to view the processes running on the switch Action To view the software processes running on the switch in the J Web interface select Monitor System View Process Details To view the software processes running on the switch in the CLI enter the following command show system processes M...

Page 759: ... are running low on storage space use the file cleanup procedure to quickly identify files to delete The file cleanup procedure performs the following tasks Rotates log files Archives the current log files and creates fresh log files Deletes log files in var log Deletes files that are not currently being written to Deletes temporary files in var tmp Deletes files that have not been accessed within...

Page 760: ...Core Files Lists the core files in the var crash directory on the switching platform The J Web interface displays the files located in the directory 3 Select the files that you want to download and click Download 4 Choose a location for the saved file The file is saved as a text file with a txt file extension Deleting Files You can use the J Web interface to delete an individual log temporary and ...

Page 761: ... switching platform The J Web interface displays the files in the directory 3 Select the box next to each file you plan to delete 4 Click Delete The J Web interface displays the files you can delete and the amount of space that will be freed on the file system 5 Click one of the following buttons on the confirmation page To delete the files and return to the Files page click OK To cancel your entr...

Page 762: ...Copyright 2010 Juniper Networks Inc 666 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 763: ...CHAPTER 41 Configuration Statements for System Monitoring 667 Copyright 2010 Juniper Networks Inc ...

Page 764: ...ve log file reaches the maximum size the contents of the oldest archive file are lost overwritten by the next oldest file Range 1 through 1000 Default 10 files sizesize Maximum amount of data that the Junos logging utility writes to a log file logfile before archiving it closing it compressing it and changing its name to logfile 0 gz The utility then opens and writes to a new file called logfile S...

Page 765: ...in into the archive site Required Privilege Level maintenance To view this statement in the configuration maintenance control To add this statement to the configuration Related Documentation Defining Destinations for File Archiving by Event Policies arguments Syntax arguments argument name argument value Hierarchy Level edit event options policy policy name then event script filename Release Infor...

Page 766: ...ession If the attributes match statement includes the equals or starts with options or if it includes a matches option that includes a clause for an event that is not specified at the edit event options policy policy name events hierarchy level you must include one or more within statements in the same policy configuration The statements are explained separately Required Privilege Level maintenanc...

Page 767: ...tribute name the command variable is replaced by the value of the attribute name of the triggering event event attribute name The dollar sign with the event name event notation represents the most recent event that matches the specified event The variable is replaced by the value of the attribute name of the most recent event that matches event attribute name The dollar sign with the asterisk nota...

Page 768: ...ogging Facilities and Message Severity Levels severity Severity of the messages that belong to the facility specified by the paired facility name Messages with severities the specified level and higher are logged For a list of the severities see JUNOS System Logging Facilities and Message Severity Levels Required Privilege Level system To view this statement in the configuration system control To ...

Page 769: ...or EX Series switches Description Assign a location to which to upload command or script output for the specified policy Options destination name Name of a destination defined in the destinations statement at the edit event options hierarchy level The remaining statements are explained separately Required Privilege Level maintenance To view this statement in the configuration maintenance control T...

Page 770: ... can use the destination as a storage location for command output and for various files such as system log files and core files Options destination name Name of a destination The remaining statements are explained separately Required Privilege Level maintenance To view this statement in the configuration maintenance control To add this statement to the configuration Related Documentation Defining ...

Page 771: ... only if the specified attribute of event1 equals the specified attribute of event2 Options event1 attribute name Attribute of one event event2 attribute name Attribute of another event Required Privilege Level maintenance To view this statement in the configuration maintenance control To add this statement to the configuration Related Documentation Using Correlated Events to Trigger an Event Poli...

Page 772: ...ote trace generate event event name time interval seconds time of day hh mm ss policy policy name attributes match event1 attribute name equals event2 attribute name event attribute name matches regular expression event1 attribute name starts with event2 attribute name events events within seconds not events events then event script filename arguments argument name argument value output filename f...

Page 773: ...ename files number size size world readable no world readable flag flag Hierarchy Level edit Release Information Statement introduced in Junos OS Release 7 5 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure event policies The statements are explained separately Required Privilege Level maintenance To view this statement in the configuration maintenance cont...

Page 774: ...ed Events to Trigger an Event Policy events Correlating Events with Each Other Syntax events events Hierarchy Level edit event options policy policy name within seconds Release Information Statement introduced in Junos OS Release 7 5 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Create a list of events that must occur within a specified time interval for the polic...

Page 775: ... event options Release Information Statement introduced in Junos OS Release 7 6 Statement introduced in Junos OS Release 9 0 for EX Series switches Description For Junos OS event scripts configure scripting mechanisms The statements are explained separately Required Privilege Level maintenance To view this statement in the configuration maintenance control To add this statement to the configuratio...

Page 776: ...ced in Junos OS Release 9 0 for EX Series switches Description On receipt of an event specify operational mode commands to be issued the format of the command output and a name and destination for the output file The statements are explained separately Required Privilege Level maintenance To view this statement in the configuration maintenance control To add this statement to the configuration Rel...

Page 777: ...os OS Release 9 0 for EX Series switches Description On receipt of an event specify operational mode commands to be issued the format of the command output and a name and destination for the output file The statements are explained separately Required Privilege Level maintenance To view this statement in the configuration maintenance control To add this statement to the configuration Related Docum...

Page 778: ... Log Messages Reference structured data on page 700 facility override Syntax facility override facility Hierarchy Level edit system syslog host Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Substitute an alternate facility for the default facilities used when messages are directed to a remote des...

Page 779: ...nt scripts enable an event script that is located in the var db scripts event directory Options filename The name of an Extensible Stylesheet Language Transformations XSLT or Stylesheet Language Alternative Syntax SLAX file containing an event script The statements are explained separately Required Privilege Level maintenance To view this statement in the configuration maintenance control To add t...

Page 780: ...e filename File in the var log directory in which to log messages from the specified facility To log messages to more than one file include more than one file statement severity Severity of the messages that belong to the facility specified by the paired facility name Messages with severities the specified level and higher are logged For a list of the severities see JUNOS System Logging Facilities...

Page 781: ...mum size the logfile 0 gz file is renamed to logfile 1 gz and the new file is closed compressed and renamed logfile 0 gz By default the logging facility creates up to ten archive files in this manner Once the maximum number of archive files exists each time the active log file reaches the maximum size the contents of the oldest archive file are lost overwritten by the next oldest file Options numb...

Page 782: ...al event based on a time interval or the time of day Options event name Name of an internally generated event The statements are explained separately Required Privilege Level maintenance To view this statement in the configuration maintenance control To add this statement to the configuration Related Documentation Generating Internal Events to Trigger Event Policies Copyright 2010 Juniper Networks...

Page 783: ...ssages to log To specify multiple classes include multiple facility severity statements For a list of the facilities see JUNOS System Logging Facilities and Message Severity Levels hostname IPv4 address IPv6 address or fully qualified hostname of the remote machine to which to direct messages To direct messages to multiple remote machines include a host statement for each one other routing engine ...

Page 784: ...x ignore Hierarchy Level edit event options policy policy name then Release Information Statement introduced in Junos OS Release 7 5 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Define a policy that ignores particular events If one or more of the listed events occur a system log message for the event is not generated and no further policies associated with this e...

Page 785: ...this statement in the configuration interface control To add this statement to the configuration log prefix Syntax log prefix string Hierarchy Level edit system syslog host Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Include a text string in each message directed to a remote destination Options...

Page 786: ...ine the Set of Logged Messages not Syntax not events events Hierarchy Level edit event options policy policy name within seconds Release Information Statement introduced in Junos OS Release 7 5 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Create a list of events that must not occur within the specified time interval for the policy to be triggered Options events L...

Page 787: ...ption Assign a filename to which to write command or script output for the specified commands or script For op scripts this statement is optional Options filename Name of a file in which to write command or script output Required Privilege Level maintenance To view this statement in the configuration maintenance control To add this statement to the configuration Related Documentation Configuring a...

Page 788: ...utput of the specified commands or script Options text Formatted ASCII text xml Junos Extensible Markup Language XML tags Default xml at the edit event options policy policy name then execute commands hierarchy level and text at the edit event options policy policy name then event script filename hierarchy level Required Privilege Level maintenance To view this statement in the configuration maint...

Page 789: ... argument name argument value destination destination name retry count count retry interval seconds transfer delay seconds output filename filename output format text xml user name username execute commands commands command destination destination name retry count count retry interval seconds transfer delay seconds output filename filename output format text xml user name username ignore raise tra...

Page 790: ...ired Privilege Level maintenance To view this statement in the configuration maintenance control To add this statement to the configuration Related Documentation Unresolved xref raise trap Syntax raise trap Hierarchy Level edit event options policy policy name then Release Information Statement introduced in Junos OS Release 8 1 Statement introduced in Junos OS Release 9 0 for EX Series switches D...

Page 791: ...om Syntax refresh from url Hierarchy Level edit event options event script edit event options event script file filename Release Information Statement introduced in Junos OS Release 9 6 Statement introduced in Junos OS Release 9 6 for EX Series switches Description For Junos OS event scripts overwrite the local copy of all enabled event scripts or a single enabled script located in the var db scri...

Page 792: ... local or remote host Options passphrase user password User s password for the remote host remote hostname Name of the remote host with which the event script will communicate username username User s login name for the remote host Required Privilege Level maintenance To view this statement in the configuration maintenance control To add this statement to the configuration Related Documentation Us...

Page 793: ...s OS Release 9 0 for EX Series switches Description Configure an event policy to retry a file upload operation if the first attempt fails Default If you do not include this statement the file upload operation is attempted one time only Options number Number of retries retry interval seconds Length of time to wait between retries Required Privilege Level maintenance To view this statement in the co...

Page 794: ... number of archive files that the utility creates in this way see files Options size Maximum size of each system log file in kilobytes KB megabytes MB or gigabytes GB Syntax xk to specify the number of kilobytes xm for the number of megabytes or xg for the number of gigabytes Range 64 KB through 1 GB Default 1 MB for MX Series routers Required Privilege Level system To view this statement in the c...

Page 795: ...esh statement at the same hierarchy level the local copy is overwritten by the version stored at the specified URL Options url Master source file for an event script specified as an HTTP URL FTP URL or scp style remote file specification Required Privilege Level maintenance To view this statement in the configuration maintenance control To add this statement to the configuration Related Documentat...

Page 796: ...nt is included other statements that specify the format for messages written to the file are ignored the explicit priority statement at the edit system syslog file filename hierarchy level and the time format statement at the edit system syslog hierarchy level Required Privilege Level system To view this statement in the configuration system control To add this statement to the configuration Relat...

Page 797: ...rity explicit priority facility override facility log prefix string match regular expression source address source address time format millisecond year year millisecond user username facility severity match regular expression Hierarchy Level edit system Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Descripti...

Page 798: ...em control To add this statement to the configuration Related Documentation JUNOS Software System Log Configuration Overview Junos System Log Messages Reference Copyright 2010 Juniper Networks Inc 702 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 799: ...econds user name username Hierarchy Level edit event options policy policy name Release Information Statement introduced in Junos OS Release 7 5 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Define actions to take if an event occurs For each policy you can configure multiple actions The statements are explained separately Required Privilege Level maintenance To vi...

Page 800: ...t not to destinations configured by a host statement By default the timestamp specifies the month date hour minute and second when the message was logged for example Aug 21 12 36 30 NOTE When the structured data statement is included at the edit system syslog file filename hierarchy level this statement is ignored for the file Options millisecond Include the millisecond in the timestamp year Inclu...

Page 801: ...lated Documentation Generating Internal Events to Trigger Event Policies time of day Syntax time of day hh mm ss Hierarchy Level edit event options generate event event name Release Information Statement introduced in Junos OS Release 7 5 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure a time of day at which to generate a particular event Options hh mm ss ...

Page 802: ... Africa Ndjamena Africa Niamey Africa Nouakchott Africa Ouagadougou Africa Porto Novo Africa Sao_Tome Africa Timbuktu Africa Tripoli Africa Tunis Africa Windhoek America Adak America Anchorage America Anguilla America Antigua America Aruba America Asuncion America Barbados America Belize America Bogota America Boise America Buenos_Aires America Caracas America Catamarca America Cayenne America Cay...

Page 803: ...tlantic Stanley Australia Adelaide Australia Brisbane Australia Broken_Hill Australia Darwin Australia Hobart Australia Lindeman Australia Lord_Howe Australia Melbourne Australia Perth Australia Sydney Europe Amsterdam Europe Andorra Europe Athens Europe Belfast Europe Belgrade Europe Berlin Europe Bratislava Europe Brussels Europe Bucharest Europe Budapest Europe Chisinau Europe Copenhagen Europe...

Page 804: ... the Default Time Zone for a Router or Switch Running JUNOS Software System Management Configuration Statements Copyright 2010 Juniper Networks Inc 708 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 805: ...g as the filename files number Optional Maximum number of trace files When a trace file named trace file reaches its maximum size it is renamed and compressed to trace file 0 gz then trace file 1 gz and so on until the maximum number of trace files is reached Then the oldest trace file is overwritten If you specify a maximum number of files you also must specify a maximum file size with the size o...

Page 806: ...en the oldest trace file is overwritten If you specify a maximum file size you also must specify a maximum number of trace files with the files option and a filename Syntax xk to specify KB xm to specify MB or xg to specify GB Range 10 KB through 1 GB Default 128 KB world readable Enable unrestricted file access Required Privilege Level maintenance To view this statement in the configuration maint...

Page 807: ...ile reaches its maximum size it is renamed and compressed to trace file 0 gz then trace file 1 gz and so on until the maximum number of trace files is reached Then the oldest trace file is overwritten If you specify a maximum number of files you also must specify a maximum file size with the size option and a filename Range 2 through 1000 Default 3 files flag Tracing operation to perform To specif...

Page 808: ... the oldest trace file is overwritten If you specify a maximum file size you also must specify a maximum number of trace files with the files option and filename Syntax xk to specify KB xm to specify MB or xg to specify GB Range 10 KB through 1 GB Default 128 KB world readable Optional Enable unrestricted file access Required Privilege Level maintenance To view this statement in the configuration ...

Page 809: ...ename To retain the default you can specify cscript log or op script log as the filename files number Optional Maximum number of trace files When a trace file named trace file reaches its maximum size it is renamed and compressed to trace file 0 gz then trace file 1 gz and so on until the maximum number of trace files is reached Then the oldest trace file is overwritten If you specify a maximum nu...

Page 810: ...race file is overwritten If you specify a maximum file size you also must specify a maximum number of trace files with the files option and a filename Syntax xk to specify KB xm to specify MB or xg to specify GB Range 10 KB through 1 GB Default 128 KB world readable Enable unrestricted file access Required Privilege Level maintenance To view this statement in the configuration maintenance control ...

Page 811: ...elay before transferring files This allows the files to be completely generated before the upload starts If you configure a transfer delay at the edit event options destinationdestination name hierarchy level and at one of the editevent optionspolicy policy name then hierarchy levels the resulting delay is the sum of the two delays Default If you do not include this statement there is no transfer ...

Page 812: ...after event count The policy is executed when the number of matching events received equals event count 1 on event count The policy is executed when the number of matching events received equals event count until event count The policy is executed each time a matching event is received and stops being executed when the number of matching events received equals event count Required Privilege Level ...

Page 813: ... destination destination name Name of the destination for the uploaded file It must be defined in the destinations statement at the edit event options hierarchy level filename filename committed Name of the file to upload Specify either the word committed to upload the most recently committed configuration file or the filename of another file The remaining statements are explained separately Requi...

Page 814: ... to the facility specified by the paired facility name Messages with severities the specified level and higher are logged For a list of the severities see JUNOS System Logging Facilities and Message Severity Levels username Junos login name of the user whose terminal session is to receive system log messages To log messages to more than one user s terminal session include more than one user statem...

Page 815: ...tenance To view this statement in the configuration maintenance control To add this statement to the configuration Related Documentation Changing the User Privilege Level for an Event Policy Action within Syntax within seconds events events not events events trigger after on until event count Hierarchy Level edit event options policy policy name Release Information Statement introduced in Junos OS...

Page 816: ... read log files or restrict the permission only to the root user and users who have the Junos maintenance permission Default no world readable Required Privilege Level system To view this statement in the configuration system control To add this statement to the configuration Related Documentation Specifying Log File Size Number and Archiving Properties Junos System Log Messages Reference Copyrigh...

Page 817: ...CHAPTER 42 Operational Mode Commands for System Monitoring 721 Copyright 2010 Juniper Networks Inc ...

Page 818: ... clear log on page 722 Output Fields See file list for an explanation of output fields clear log The following sample commands list log file information clear the contents of a log file and then display the updated log file information clear log user host file list lcc0 re0 var log sampled detail lcc0 re0 rw r 1 root wheel 26450 Jun 23 18 47 var log sampled total 1 user host clear log lcc0 re0 sam...

Page 819: ...e Level maintenance List of Sample Output file archive Multiple Files on page 723 file archive Single File on page 723 file archive with Compression on page 724 Output Fields When you enter this command you are provided feedback on the status of your request file archive Multiple Files The following sample command archives all message files in the local directory var log messages as the single fil...

Page 820: ...ingle file messages archive tgz in the same directory user host file archive compress source var log messages destination var log messages archive tgz usr bin tar Removing leading from absolute path names in the archive user host Copyright 2010 Juniper Networks Inc 724 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 821: ...n Event Script in the Junos Configuration and Operations Automation Guide Configuring Checksum Hashes for an Op Script in the Junos Configuration and Operations Automation Guide Executing an Op Script from a Remote Site in the JUNO Configuration and Operations Automation Guide file checksum sha 256 on page 454 file checksum sha1 on page 453 op on page 236 List of Sample Output file checksum md5 on...

Page 822: ...ipt in the Junos Configuration and Operations Automation Guide Configuring Checksum Hashes for an Op Script in the Junos Configuration and Operations Automation Guide Executing an Op Script from a Remote Site in the Junos Configuration and Operations Automation Guide file checksum md5 on page 452 file checksum sha 256 on page 454 op on page 236 List of Sample Output file checksum sha1 on page 726 ...

Page 823: ... Script in the Junos Configuration and Operations Automation Guide Configuring Checksum Hashes for an Op Script in the Junos Configuration and Operations Automation Guide Executing an Op Script from a Remote Site in the Configuration and Operations Automation Guide file checksum md5 on page 452 file checksum sha1 on page 453 op on page 236 List of Sample Output file checksum sha 256 on page 727 Ou...

Page 824: ...ile Output lines preceded by an exclamation point have changed Additions are marked with a plus sign and deletions are marked with a minus sign Unified Display is preceded by the line number from the first and the second file xx xxx x Before the line number additions to the file are marked with a plus sign and deletions to the file are marked with a minus sign The body of the output contains the a...

Page 825: ...foo foo is not defined authentication encrypted password SECRET 97 105 user bill full name Bill Smith uid 1089 class super user authentication encrypted password SECRET file compare files unified user host file compare files tmp one tmp two unified tmp one Wed Dec 3 17 12 50 2003 tmp two Wed Dec 3 09 13 14 2003 97 8 97 9 user bill full name Bill Smith class foo foo is not defined full name Bill Sm...

Page 826: ... Wed Dec 3 09 13 10 2003 tmp two Wed Dec 3 09 13 14 2003 99 7 99 7 user bill full name Bill Smith uid 1089 class foo foo is not defined class super user authentication encrypted password SECRET SECRET DATA Copyright 2010 Juniper Networks Inc 730 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 827: ...ting Engines on page 731 file copy A File From the TX Matrix Plus Router to a T1600 Router Connected to the TX Matrix Plus Router on page 731 Output Fields When you enter this command you are provided feedback on the status of your request file copy A File from the Router to a PC user host file copy var tmp rpd core 4 berry c junipero tmp transferring file 0 KB 0 3 kB s ETA 00 00 00 100 file copy ...

Page 828: ... Required Privilege Level maintenance List of Sample Output file delete on page 732 file delete Routing Matrix on page 732 Output Fields When you enter this command you are provided feedback on the status of your request file delete user host file list var tmp dcd core rpd core snmpd core user host file delete var tmp snmpd core file delete user host file list var tmp dcd core rpd core file delete...

Page 829: ...ion AdditionalInformation The default directory is the home directory of the user logged into the router or switch To view available directories enter a space and then a backslash after the file list command To view files within a specific directory include a backslash followed by the directory and optionally subdirectory name after the file list command Required Privilege Level maintenance List o...

Page 830: ...eck_time cores diagTestPrep diagtest diagtest regress do_switchovers dump_test err manoj log esw_clearstats esw_counter esw_debug esw_debug_ge esw_filt_test esw_filter_tnp_addr esw_getstats esw_phy esw_stats Copyright 2010 Juniper Networks Inc 734 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 831: ...f Sample Output file rename on page 735 file rename Routing Matrix on page 736 Output Fields When you enter this command you are provided feedback on the status of your request file rename The following example lists the files in var tmp renames one of the files and then displays the list of files again to reveal the newly named file file rename user host file list var tmp dcd core rpd core snmpd ...

Page 832: ...le list lcc0 re1 var tmp lcc0 re1 var tmp pccardd sartre conf snmpd syslogd core tarball 0 tgz user host file rename lcc0 re0 var tmp snmpd var tmp snmpd rr user host file list lcc0 re1 var tmp lcc0 re1 var tmp pccardd sartre conf snmpd rr syslogd core tarball 0 tgz Copyright 2010 Juniper Networks Inc 736 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 833: ...st file show var log messages Apr 13 21 00 08 romney kernel so 1 1 2 loopback suspected going to standby Apr 13 21 00 40 romney kernel so 1 1 2 loopback suspected going to standby file show Apr 13 21 02 48 romney last message repeated 4 times Apr 13 21 07 04 romney last message repeated 8 times Apr 13 21 07 13 romney kernel so 1 1 0 Clearing SONET alarm s RDI P Apr 13 21 07 29 romney kernel so 1 1...

Page 834: ... printf x x ch j ch j printf x ch j set j j 1 if j 16 printf n end end end Copyright 2010 Juniper Networks Inc 738 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 835: ...it routing options edit interfaces and edit protocols protocol hierarchy levels Required Privilege Level trace Related Documentation monitor start on page 740 monitor stop on page 741 List of Sample Output monitor list on page 739 Output Fields Table 127 on page 739 describes the output fields for the monitor list command Output fields are listed in the approximate order in which they appear Table...

Page 836: ...op on page 741 List of Sample Output monitor start on page 740 Output Fields Table 128 on page 740 describes the output fields for the monitorstart command Output fields are listed in the approximate order in which they appear Table 128 monitor start Output Fields Field Description Field Name Name of the file from which entries are being displayed This line is displayed initially and when the comm...

Page 837: ...statement at the edit system hierarchy level and the options statement at the edit routing options hierarchy level The trace files generated by the routing protocol process are those configured with traceoptions statements at the edit routing options edit interfaces and edit protocols protocol hierarchy levels Required Privilege Level trace Related Documentation monitor list on page 739 monitor st...

Page 838: ...ntenance Related Documentation request system configuration rescue save on page 467 request system software rollback on page 125 show system commit on page 471 List of Sample Output request system configuration rescue delete on page 742 Output Fields This command produces no output request system configuration rescue delete user host request system configuration rescue delete request system config...

Page 839: ...command Options This command has no options Required Privilege Level maintenance Related Documentation request system software delete on page 122 request system software rollback on page 125 show system commit on page 471 List of Sample Output request system configuration rescue save on page 743 Output Fields This command produces no output request system configuration rescue save user host reques...

Page 840: ... to be downloaded Required Privilege Level maintenance Related Documentation Understanding Automatic Refreshing of Scripts on EX Series Switches on page 399 Junos OS Junos XML Management Protocol Guide at http www juniper net techpubs software junos index html Junos OS NETCONF XML Management Protocol Guide at http www juniper net techpubs software junos index html List of Sample Output request sys...

Page 841: ... of the file to be downloaded Required Privilege Level maintenance Related Documentation Understanding Automatic Refreshing of Scripts on EX Series Switches on page 399 Junos OS Junos XML Management Protocol Guide at http www juniper net techpubs software junos index html Junos OS NETCONF XML Management Protocol Guide at http www juniper net techpubs software junos index html List of Sample Output...

Page 842: ...f the file to be downloaded Required Privilege Level maintenance Related Documentation Understanding Automatic Refreshing of Scripts on EX Series Switches on page 399 Junos OS Junos XML Management Protocol Guide at http www juniper net techpubs software junos index html Junos OS NETCONF XML Management Protocol Guide at http www juniper net techpubs software junos index html List of Sample Output r...

Page 843: ...ter or switch card chassis sfc number TX Matrix Plus router only Optional Show information about the TX Matrix Plus router or switch fabric chassis Replace number with 0 AdditionalInformation You cannot clear the alarms for chassis components Instead you must remedy the cause of the alarm When a chassis alarm is lit it indicates that you are running the router or switch in a manner that we do not ...

Page 844: ...s currently active Alarm time Class Description 2004 08 05 18 43 53 PDT Minor LCC 0 Minor Errors 2004 08 05 18 43 53 PDT Minor SIB 3 Not Online 2004 08 05 18 43 52 PDT Major SIB 2 Absent 2004 08 05 18 43 52 PDT Major SIB 1 Absent 2004 08 05 18 43 52 PDT Major SIB 0 Absent 2004 08 05 18 43 33 PDT Major LCC 2 Major Errors 2004 08 05 18 43 28 PDT Major LCC 0 Major Errors 2004 08 05 18 43 05 PDT Minor...

Page 845: ...ajor SIB F2S 3 4 Absent 2009 05 06 17 33 47 PDT Major SIB F2S 3 2 Absent 2009 05 06 17 33 47 PDT Major SIB F2S 3 0 Absent 2009 05 06 17 33 47 PDT Major SIB F2S 2 6 Absent 2009 05 06 17 33 47 PDT Major SIB F13 12 Absent 2009 05 06 17 33 47 PDT Major SIB F13 11 Absent 2009 05 06 17 33 47 PDT Major SIB F13 9 Absent 2009 05 06 17 33 47 PDT Major SIB F13 8 Absent 2009 05 06 17 33 47 PDT Major SIB F13 7...

Page 846: ... Matrix Plus routers only Optional On a TX Matrix router display chassis environmental information for a specified T640 router or line card chassis that is connected to the TX Matrix router On a TX Matrix Plus router display chassis environmental information for a specified T1600 router or line card chassis that is connected to the TX Matrix Plus router Replace number with a value from 0 through 3...

Page 847: ...elds Table 130 on page 751 lists the output fields for the show chassis environment command Output fields are listed in the approximate order in which they appear Table 130 show chassis environment Output Fields Field Description Field Name Item Status Measurement Class Power information M5 M10 M20 and M40 routers only Information about each power supply Status can be OK Testing during initial pow...

Page 848: ...assis environment Class Item Status Measurement Power Power Supply 0 OK Power Supply 1 Absent Temp Intake OK 22 degrees C 71 degrees F FPC 0 OK 23 degrees C 73 degrees F Power Supplies OK 23 degrees C 73 degrees F CFEB Intake OK 24 degrees C 75 degrees F CFEB Exhaust OK 29 degrees C 84 degrees F Routing Engine OK 26 degrees C 78 degrees F Fans Fan 1 OK Spinning at normal speed Fan 2 OK Spinning at...

Page 849: ... Absent Fan Tray 1 Fan 3 Absent Fan Tray 1 Fan 4 Absent Fan Tray 1 Fan 5 Absent Fan Tray 1 Fan 6 Absent Fan Tray 1 Fan 7 Absent Fan Tray 1 Fan 8 Absent show chassis environment M20 Router user host show chassis environment Class Item Status Measurement Power Power Supply A OK Power Supply B Absent Temp FPC 0 OK 28 degrees C 82 degrees F FPC 1 OK 27 degrees C 80 degrees F Power Supply A OK 22 degre...

Page 850: ...09 degrees F FPM CMB OK 28 degrees C 82 degrees F FPM Display OK 28 degrees C 82 degrees F Fans Rear Bottom Blower OK Spinning at normal speed Rear Top Blower OK Spinning at normal speed Front Top Blower OK Spinning at normal speed Fan Tray Rear Left OK Spinning at normal speed Fan Tray Rear Right OK Spinning at normal speed Fan Tray Front Left OK Spinning at normal speed Fan Tray Front Right OK S...

Page 851: ...al speed Rear Top Tray Fan 6 OK Spinning at normal speed Rear Top Tray Fan 7 OK Spinning at normal speed Rear Top Tray Fan 8 OK Spinning at normal speed Rear Bottom Tray Fan 1 OK Spinning at normal speed Rear Bottom Tray Fan 2 OK Spinning at normal speed Rear Bottom Tray Fan 3 OK Spinning at normal speed Rear Bottom Tray Fan 4 OK Spinning at normal speed Rear Bottom Tray Fan 5 OK Spinning at norma...

Page 852: ...rees F FPC 6 Exhaust OK 39 degrees C 102 degrees F FPC 7 Intake OK 27 degrees C 80 degrees F FPC 7 Exhaust OK 42 degrees C 107 degrees F FPM GBUS OK 30 degrees C 86 degrees F Fan Top Left Front fan OK Spinning at normal speed Top Right Rear fan OK Spinning at normal speed Top Right Front fan OK Spinning at normal speed Top Left Rear fan OK Spinning at normal speed Bottom Left Front fan OK Spinning...

Page 853: ...st A OK 40 degrees C 104 degrees F FPC 2 Exhaust B OK 52 degrees C 125 degrees F FPC 2 I3 0 TSensor OK 52 degrees C 125 degrees F FPC 2 I3 0 Chip OK 56 degrees C 132 degrees F FPC 2 I3 1 TSensor OK 52 degrees C 125 degrees F FPC 2 I3 1 Chip OK 55 degrees C 131 degrees F FPC 2 I3 2 TSensor OK 49 degrees C 120 degrees F FPC 2 I3 2 Chip OK 52 degrees C 125 degrees F FPC 2 I3 3 TSensor OK 44 degrees C...

Page 854: ...grees C 118 degrees F FPC 1 I3 1 Chip OK 52 degrees C 125 degrees F FPC 1 I3 2 TSensor OK 46 degrees C 114 degrees F FPC 1 I3 2 Chip OK 50 degrees C 122 degrees F FPC 1 I3 3 TSensor OK 42 degrees C 107 degrees F FPC 1 I3 3 Chip OK 46 degrees C 114 degrees F FPC 1 IA 0 TSensor OK 49 degrees C 120 degrees F FPC 1 IA 0 Chip OK 48 degrees C 118 degrees F FPC 1 IA 1 TSensor OK 46 degrees C 114 degrees ...

Page 855: ... F Routing Engine 1 OK 30 degrees C 86 degrees F CB 0 OK 32 degrees C 89 degrees F CB 1 OK 32 degrees C 89 degrees F SIB 0 OK 33 degrees C 91 degrees F SIB 1 OK 33 degrees C 91 degrees F SIB 2 OK 34 degrees C 93 degrees F FPC 0 Top OK 38 degrees C 100 degrees F FPC 0 Bottom OK 32 degrees C 89 degrees F FPC 1 Top OK 38 degrees C 100 degrees F FPC 1 Bottom OK 33 degrees C 91 degrees F FPC 2 Top OK 3...

Page 856: ...g at normal speed Top Right Middle fan OK Spinning at normal speed Top Right Rear fan OK Spinning at normal speed Bottom Left Front fan OK Spinning at normal speed Bottom Left Middle fan OK Spinning at normal speed Bottom Left Rear fan OK Spinning at normal speed Bottom Right Front fan OK Spinning at normal speed Bottom Right Middle fan OK Spinning at normal speed Bottom Right Rear fan OK Spinning...

Page 857: ...al speed Misc CIP 0 OK CIP 1 OK SPMB 0 OK SPMB 1 OK lcc0 re0 Class Item Status Measurement Temp PEM 0 OK 29 degrees C 84 degrees F PEM 1 Absent SCG 0 OK 35 degrees C 95 degrees F SCG 1 Absent Routing Engine 0 OK 39 degrees C 102 degrees F Routing Engine 1 OK 36 degrees C 96 degrees F CB 0 OK 32 degrees C 89 degrees F CB 1 OK 32 degrees C 89 degrees F SIB 0 OK 40 degrees C 104 degrees F SIB 0 B OK ...

Page 858: ...Spinning at normal speed Top Left Middle fan OK Spinning at normal speed show chassis environment T1600 Router user host show chassis environment Class Item Status Measurement Temp PEM 0 OK 27 degrees C 80 degrees F PEM 1 Absent SCG 0 OK 31 degrees C 87 degrees F SCG 1 OK 35 degrees C 95 degrees F Routing Engine 0 OK 30 degrees C 86 degrees F Routing Engine 1 OK 30 degrees C 86 degrees F CB 0 OK 3...

Page 859: ... 29 degrees C 84 degrees F CB 0 Intake OK 26 degrees C 78 degrees F CB 0 Exhaust A OK 25 degrees C 77 degrees F CB 0 Exhaust B OK 25 degrees C 77 degrees F CB 1 Intake OK 26 degrees C 78 degrees F CB 1 Exhaust A OK 26 degrees C 78 degrees F CB 1 Exhaust B OK 26 degrees C 78 degrees F SIB F13 0 OK 47 degrees C 116 degrees F SIB F13 0 B OK 48 degrees C 118 degrees F SIB F13 1 OK 38 degrees C 100 deg...

Page 860: ...an 9 OK Spinning at normal speed Fan Tray 4 Fan 1 OK Spinning at normal speed Fan Tray 4 Fan 2 OK Spinning at normal speed Fan Tray 4 Fan 3 OK Spinning at normal speed Fan Tray 4 Fan 4 OK Spinning at normal speed Fan Tray 4 Fan 5 OK Spinning at normal speed Fan Tray 4 Fan 6 OK Spinning at normal speed Fan Tray 4 Fan 7 OK Spinning at normal speed Fan Tray 4 Fan 8 OK Spinning at normal speed Fan Tra...

Page 861: ...d Top Right Middle fan OK Spinning at normal speed Top Right Rear fan OK Spinning at normal speed Bottom Left Front fan OK Spinning at normal speed Bottom Left Middle fan OK Spinning at normal speed Bottom Left Rear fan OK Spinning at normal speed Bottom Right Front fan OK Spinning at normal speed Bottom Right Middle fan OK Spinning at normal speed Bottom Right Rear fan OK Spinning at normal speed...

Page 862: ...formation about the FPC in a T1600 router or line card chassis that is connected to the TX Matrix Plus router Replace number with a value from 0 through 3 slot Optional Display environmental information about an individual FPC TX Matrix and TX Matrix Plus routers only On a TX Matrix router if you specify the number of the T640 router by using only the lcc number option the recommended method repla...

Page 863: ... order in which they appear Table 131 show chassis environment fpc Output Fields Field Description Field Name Status of the FPC Unknown FPC is not detected by the router Empty No FPC is present Present FPC is detected by the chassis daemon but is either not supported by the current version of the Junos OS or the FPC is coming up but not yet online Ready FPC is in intermediate or transition state A...

Page 864: ...s F show chassis environmentfpc M120 Router Temperature Exhaust B 31 degrees C 87 degrees F Power A Board 1 2 V 1202 mV 1 5 V 1508 mV 1 8 V 1798 mV 2 5 V 2507 mV 3 3 V 3351 mV 5 0 V 4995 mV 3 3 V bias 3296 mV 1 2 V Rocket IO 1205 mV 1 5 V Rocket IO 1501 mV I2C Slave Revision 12 FPC 3 status State Online Temperature Exhaust A 31 degrees C 87 degrees F Temperature Exhaust B 33 degrees C 91 degrees F...

Page 865: ... mV 2 5 V 2501 mV 3 3 V 3319 mV 5 0 V 5020 mV 5 0 V bias 5025 mV 8 0 V bias 8307 mV CMB Revision 12 show chassis environment fpc M320 Router user host show chassis environment fpc FPC 0 status State Online Temperature Intake 27 degrees C 80 degrees F Temperature Exhaust 38 degrees C 100 degrees F Temperature MMB1 31 degrees C 87 degrees F Power 1 5 V 1487 mV 1 5 V 1494 mV 1 8 V 1821 mV 2 5 V 2533 ...

Page 866: ...or 50 degrees C 122 degrees F Temperature I3 1 Chip 53 degrees C 127 degrees F Temperature I3 2 TSensor 48 degrees C 118 degrees F Temperature I3 2 Chip 51 degrees C 123 degrees F Temperature I3 3 TSensor 45 degrees C 113 degrees F Temperature I3 3 Chip 48 degrees C 118 degrees F Temperature IA 0 TSensor 45 degrees C 113 degrees F Temperature IA 0 Chip 45 degrees C 113 degrees F Temperature IA 1 T...

Page 867: ...ent fpc FPC 1 status State Online Temperature Intake 36 degrees C 96 degrees F Temperature Exhaust A 41 degrees C 105 degrees F Temperature Exhaust B 55 degrees C 131 degrees F Temperature I3 0 TSensor 55 degrees C 131 degrees F Temperature I3 0 Chip 57 degrees C 134 degrees F Temperature I3 1 TSensor 53 degrees C 127 degrees F Temperature I3 1 Chip 53 degrees C 127 degrees F Temperature I3 2 TSen...

Page 868: ...2 V PFE 1 1179 mV 1 2 V PFE 2 1179 mV 1 2 V PFE 3 1185 mV I2C Slave Revision 6 FPC 6 status State Online Temperature Intake 25 degrees C 77 degrees F Temperature Exhaust A 38 degrees C 100 degrees F Temperature Exhaust B 38 degrees C 100 degrees F Temperature I3 0 TSensor 40 degrees C 104 degrees F Temperature I3 0 Chip 40 degrees C 104 degrees F Temperature I3 1 TSensor 40 degrees C 104 degrees F...

Page 869: ...782 mV 3 3 V bias 3277 mV 5 0 V bias 4989 mV 8 0 V bias 7289 mV BUS Revision 40 FPC 2 status State Online Temperature Top 43 degrees C 109 degrees F Temperature Bottom 39 degrees C 102 degrees F Temperature MMB1 41 degrees C 105 degrees F Power 1 8 V 1963 mV 2 5 V 2503 mV 3 3 V 3340 mV 5 0 V 5042 mV 1 8 V bias 1797 mV 3 3 V bias 3311 mV 5 0 V bias 5013 mV 8 0 V bias 7221 mV BUS Revision 40 show ch...

Page 870: ... degrees C 114 degrees F Temperature Bottom 47 degrees C 116 degrees F Power 1 8 V 1788 mV 1 8 V bias 1787 mV 3 3 V 3321 mV 3 3 V bias 3306 mV 5 0 V bias 5018 mV 5 0 V TOP 5037 mV 8 0 V bias 7223 mV Power Base PMB MMB 1 2 V 1205 mV 1 5 V 1503 mV 5 0 V BOT 5084 mV 12 0 V TOP Base 11775 mV 12 0 V BOT Base 11794 mV 1 1 V PMB 1108 mV 1 2 V PMB 1196 mV 1 5 V PMB 1499 mV 1 8 V PMB 1811 mV 2 5 V PMB 2515...

Page 871: ...12 0 V MMB BOT 11691 mV 3 3 V MMB BOT 3308 mV APS 00 1484 mV APS 01 2503 mV APS 02 3313 mV 5 0 V PIC 0 5025 mV APS 10 1501 mV APS 11 2466 mV APS 12 3311 mV 5 0 V PIC 1 5081 mV Bus Revision 49 775 Copyright 2010 Juniper Networks Inc Chapter 42 Operational Mode Commands for System Monitoring ...

Page 872: ...uter On a TX Matrix Plus router display environmental information about the Routing Engine in a specified T1600 router or line card chassis that is connected to the TX Matrix Plus router Replace number with a value from 0 through 3 scc TX Matrix router only Optional Display environmental information about the Routing Engine in the TX Matrix router or switch card chassis sfc TX Matrix Plus router o...

Page 873: ...re 27 degrees C 80 degrees routing engine Nonredundant routing engine Nonredundant show chassis environment user host show chassis environment routing engine Route Engine 0 status State Online Master routing engine Redundant Temperature 26 degrees C 78 degrees F Route Engine 1 status State Online Standby Temperature 26 degrees C 78 degrees F show chassis environment user host show chassis environm...

Page 874: ...he recommended method replace fpc slot with a value from 0 through 7 Otherwise replace fpc slot with a value from 0 through 31 Likewise on a TX Matrix Plus router if you specify the number of the T1600 router or line card chassis by using the lcc number option the recommended method replace fpc slot with a value from 0 through 7 Otherwise replace fpc slot with a value from 0 through 31 For example...

Page 875: ...PIC 1 Present 10x10GE LAN WAN SFPP Not Supported Slot 4 Offline FPC Type 1 ES Slot 5 Offline FPC Type 2 ES Slot 6 Online E2 FPC Type 3 PIC 0 Online 1x OC 192 SONET XFP PIC 1 Online 4x OC 48 SONET PIC 2 Online 4x OC 48 SONET PIC 3 Online MultiServices 500 Slot 7 Online FPC Type 4 ES PIC 0 Online 4x 10GE LAN WAN XFP PIC 1 Online 4x 10GE LAN WAN XFP In addition an entry is logged in the system log me...

Page 876: ...on page 780 lists the output fields for theshow chassis fpc command Output fields are listed in the approximate order in which they appear Table 133 show chassis fpc Output Fields Level of Output Field Description Field Name all levels Slot number and state The state can be one of the following conditions Dead Held in reset because of errors Diag Slot is being ignored while the FPC is running diag...

Page 877: ...om access memory DDR DRAM available to the FPC CPU Total DDR DRAM detail Amount of static RAM SRAM used by the FPC s CPU Total SRAM detail Total amount of memory used for storing packets and notifications Total SDRAM detail I O Manager version number manufacturer and part number I OManagerASICs information detail Time when the Routing Engine detected that the FPC was running Start time detail How ...

Page 878: ...es F Total CPU DRAM 1024 MB Total SRAM 331 MB Total SDRAM 1280 MB Start time 2010 02 08 12 25 33 PST Uptime 2 hours 13 minutes 19 seconds show chassis fpc MX240 Router user host show chassis fpc Temp CPU Utilization Memory Utilization Slot State C Total Interrupt DRAM MB Heap Buffer 0 Empty 1 Online 34 6 0 1024 18 30 2 Online 33 9 0 1024 24 30 show chassis fpc MX480 Router user host show chassis f...

Page 879: ... Not Supported user host show chassis fpc detail Slot 0 information State Online Total CPU DRAM CPU less FPC Start time 2006 07 07 03 21 00 UTC Uptime 27 minutes 51 seconds Slot 1 information State Present Reason Hardware Not In Right Slot Slot 2 information State Online Total CPU DRAM 32 MB Start time 2006 07 07 03 20 59 UTC Uptime 27 minutes 52 seconds Slot 3 information State Present Reason Har...

Page 880: ...R PIC 2 Online 2x G E IQ 1000 BASE PIC 3 Online 8x 1GE LAN IQ2 Slot 4 Online M120 FPC Type 3 proto PIC 0 Online 10x 1GE LAN 1000 BASE Slot 5 Online M120 FPC Type 1 proto PIC 0 Present 1x G E 1000 BASE LX Not Supported PIC 1 Online 1x CHOC3 IQ SONET SMLR PIC 2 Online 4x CHDS3 IQ PIC 3 Online 1x G E SFP 1000 BASE show chassis fpc lcc TX Matrix Router user host show chassis fpc lcc 0 lcc0 re0 Temp CP...

Page 881: ...st show chassis fpc lcc 0 lcc0 re0 Temp CPU Utilization Memory Utilization Slot State C Total Interrupt DRAM MB Heap Buffer 0 Empty 1 Online 27 2 0 256 8 44 2 Online 27 3 0 256 15 44 3 Empty 4 Empty 5 Empty 6 Empty 7 Empty show chassis fpc pic status TX Matrix Router user host show chassis fpc pic status lcc0 re0 Slot 0 Online FPC Type 4 ES PIC 0 Online 4x 10GE LAN WAN XFP Slot 6 Online FPC Type 4...

Page 882: ...line 4x OC 192 SONET XFP Slot 7 Online FPC Type 3 ES PIC 0 Online 10x 1GE LAN 1000 BASE PIC 1 Online 1x Tunnel show chassis fpc pic status lcc TX Matrix Router user host show chassis fpc pic status lcc 0 lcc0 re0 Slot 0 Online FPC Type 4 ES PIC 0 Online 4x 10GE LAN WAN XFP Slot 6 Online FPC Type 4 ES PIC 0 Online 4x 10GE LAN WAN XFP PIC 1 Online 4x 10GE LAN WAN XFP Slot 7 Online FPC Type 3 ES PIC ...

Page 883: ... hardware version level and serial number In EX Series switch command output FPC refers to the following On EX2200 switches EX3200 switches EX4200 standalone switches and EX4500 switches Refers to the switch FPC number is always 0 On EX4200 switches in a Virtual Chassis configuration Refers to the member of a Virtual Chassis FPC number equals the member ID from 0 through 9 On EX8208 and EX8216 swi...

Page 884: ...ter on page 791 show chassis hardware J6300 Router on page 792 show chassis hardware M7i Router on page 792 show chassis hardware M10 Router on page 793 show chassis hardware models M10 Router on page 793 show chassis hardware M20 Router on page 793 show chassis hardware models M20 Router on page 794 show chassis hardware M40 Router on page 794 show chassis hardware M40e Router on page 795 show ch...

Page 885: ...idplane and SIBs SF modules is displayed for EX8200 switches MX Series routers Information about the backplane Routing Engine Power Entry Modules PEMs and fan trays Also displays information about Flexible PIC Concentrators FPCs and associated Physical Interface Cards PICs Modular Port Concentrators MPCs and associated Modular Interface Cards MICs or Dense Port Concentrators DPCs MX80 routers have...

Page 886: ...of the FPC On the J Series routers the FPC type corresponds to the Physical Interface Module PIM The following list shows the PIM abbreviation in the output and the corresponding PIM name 2x FE Either two built in Fast Ethernet interfaces fixed PIM or dual port Fast Ethernet PIM 4x FE 4 port Fast Ethernet ePIM 1x GE Copper Copper Gigabit Ethernet ePIM one 10 Mbps 100 Mbps or 1000 Mbps port 1x GE S...

Page 887: ...8327733 EX4200 24T 8 POE Routing Engine 0 BM0208327733 EX4200 24T 8 POE FPC 0 REV 11 750 021256 BM0208327733 EX4200 24T 8 POE CPU BUILTIN BUILTIN FPC CPU PIC 0 BUILTIN BUILTIN 24x 10 100 1000 Base T PIC 1 REV 03B 711 021270 AR0208162285 4x GE SFP BRD REV 08 711 021264 AK0208328289 EX4200 24T 8 POE Power Supply 0 REV 03 740 020957 AT0508346354 PS 320W AC Fan Tray Fan Tray showchassishardware clei m...

Page 888: ...Power Supply 0 Rev 04 740 008537 PD10272 AC Power Supply Routing Engine REV 01 740 008846 1000396803 RE 5 0 CFEB REV 02 750 009492 CA0166 Internet Processor IIv1 FPC 0 E FPC PIC 0 REV 04 750 003163 HJ6416 1x G E 1000 BASE SX PIC 1 REV 04 750 003163 HJ6423 1x G E 1000 BASE SX PIC 2 REV 04 750 003163 HJ6421 1x G E 1000 BASE SX PIC 3 REV 02 750 003163 HJ0425 1x G E 1000 BASE SX FPC 1 E FPC PIC 2 REV ...

Page 889: ... Part number CLEI code FRU model number Midplane REV 04 710 008920 CHAS MP M10i S Power Supply 0 Rev 06 740 008537 PWR M10i M7i AC S Power Supply 1 Rev 06 740 008537 PWR M10i M7i AC S HCM 0 REV 03 710 010580 HCM M10i S HCM 1 REV 03 710 010580 HCM M10i S Routing Engine 0 REV 09 740 009459 RE 400 256 S CFEB 0 REV 05 750 010465 FEB M10i M7i S FPC 0 PIC 0 REV 10 750 002971 PE 4OC3 SON MM PIC 1 REV 11 ...

Page 890: ... N A FPC 0 REV 03 710 003308 FPC E PIC 0 REV 08 750 002303 P 4FE TX PIC 1 REV 07 750 004745 P 2MCDS3 PIC 2 REV 03 750 002965 PE 4CHDS3 FPC 1 REV 03 710 003308 FPC E PIC 0 REV 03 750 002914 P 2OC3 ATM MM Fan Tray 0 FANTRAY F M20 S Fan Tray 1 FANTRAY F M20 S Fan Tray 2 FANTRAY F M20 S Fan Tray 3 FANTRAY R M20 S showchassishardware M40 Router user host show chassis hardware Hardware inventory Item Ve...

Page 891: ...ay REV 03 710 001647 AR7331 CIP REV 04 710 002649 BB4449 PEM 0 Rev 01 740 003787 MC12364 Power Entry Module PEM 1 Rev 01 740 003787 MC12383 Power Entry Module PCG 0 REV 07 710 001568 AG1332 PCG 1 REV 07 710 001568 AR3789 Host 0 3e000007c8176601 Present MCS 0 REV 11 710 001226 AN5813 SFM 0 SPP REV 07 710 001228 AG4676 SFM 0 SPR REV 05 710 002189 AE4735 Internet Processor II SFM 1 SPP REV 07 710 001...

Page 892: ...50 007141 NB2855 10x 1GE LAN 1000 BASE Xcvr 0 REV 01 740 011782 P922A1F SFP SX Xcvr 1 REV 01 740 011782 P922A16 SFP SX Xcvr 2 REV 01 740 011782 P922A0U SFP SX Xcvr 3 REV 01 740 011782 P9229UZ SFP SX Xcvr 4 REV 01 740 009029 P11JXWP SFP LX Xcvr 6 REV 01 740 011613 P9F1ALW SFP SX FPC 5 REV 01 710 011388 CJ9088 M120 FPC Type 1 PIC 0 Hardware Not Supported PIC 1 REV 05 750 012052 NB0410 1x CHOC3 IQ SO...

Page 893: ...EV 01 740 011782 P9229UZ SFP SX Xcvr 4 REV 01 740 009029 P11JXWP SFP LX Xcvr 6 REV 01 740 011613 P9F1ALW SFP SX FPC 5 REV 01 710 011388 CJ9088 M120 FPC Type 1 PIC 0 Hardware Not Supported PIC 1 REV 05 750 012052 NB0410 1x CHOC3 IQ SONET SMLR PIC 2 REV 01 750 013167 CM3824 4x CHDS3 IQ PIC 3 REV 01 750 010240 CB5366 1x G E SFP 1000 BASE Board B REV 01 710 011390 CJ9103 M120 FPC Mezz Board FEB 3 REV ...

Page 894: ... 2 REV 05 750 000616 S N AA1535 1x OC 12 ATM MM PIC 3 REV 01 750 000616 S N AA1519 1x OC 12 ATM MM FPC 1 REV 02 710 001611 S N AA9523 FPC Type 2 CPU REV 02 710 001217 S N AA9571 PIC 0 REV 03 750 001900 S N AA9626 1x STM 16 SDH SMIR PIC 1 REV 01 710 002381 S N AD3633 2x G E 1000 BASE SX FPC 2 FPC Type OC192 CPU REV 03 710 001217 S N AB3329 PIC 0 REV 01 1x OC 192 SM SR 2 Fan Tray 0 Rear Bottom Blowe...

Page 895: ...mber Serial number Description Chassis 101 M160 Midplane REV 02 710 001245 S N AB4107 FPM CMB REV 01 710 001642 S N AA2911 FPM Display REV 01 710 001647 S N AA2999 CIP REV 02 710 001593 S N AA9563 PEM 0 Rev 01 740 001243 S N KJ35769 DC PEM 1 Rev 01 740 001243 S N KJ35765 DC PCG 0 REV 01 710 001568 S N AA9794 PCG 1 REV 01 710 001568 S N AA9804 Host 1 da000004f8d57001 teknor MCS 1 REV 03 710 001226 ...

Page 896: ...RAM REV 01 710 000077 S N 306466 1 Mbyte showchassishardware M320 Router user host show chassis hardware Hardware inventory Item Version Part number Serial number Description Chassis 67245 M320 Midplane REV 05 710 009120 RB1202 M320 Midplane FPM GBUS REV 04 710 005928 HZ5697 M320 Board FPM Display REV 05 710 009351 HR1464 M320 FPM Display CIP REV 04 710 005926 HT8672 M320 CIP PEM 0 Rev 05 740 0091...

Page 897: ...OC12SMIR QPP PIC 3 REV 07 750 005634 PB 1CHOC12SMIR QPP PIC 1 REV 10 750 005634 PB 1CHOC12SMIR QPP PIC 2 REV 07 750 005634 PB 1CHOC12SMIR QPP PIC 3 REV 07 750 005634 PB 1CHOC12SMIR QPP FPC 3 PIC 0 REV 03 750 001895 PB 1OC12 SON MM PIC 1 REV 04 750 001894 PB 1GE SX PIC 3 REV 04 750 003141 PB 1GE SX B FPC 4 REV 02 710 010419 M320 FPC1 FPC 5 REV 02 710 010419 M320 FPC1 FPC 6 REV 02 710 010419 M320 FP...

Page 898: ... BUILTIN 1x 10GE XFP Xcvr 0 REV 01 740 014289 T07M86365 XFP 10G SR PIC 1 BUILTIN BUILTIN 1x 10GE XFP Xcvr 0 REV 01 740 014289 T07M71094 XFP 10G SR MIC 1 REV 02 750 028380 JG8548 3D 2x 10GE XFP PIC 2 BUILTIN BUILTIN 1x 10GE XFP Xcvr 0 REV 02 740 014289 T08L86302 XFP 10G SR PIC 3 BUILTIN BUILTIN 1x 10GE XFP Xcvr 0 REV 02 740 014289 C810XU0BA XFP 10G SR Fan Tray Fan Tray showchassishardware MX240 Rou...

Page 899: ...cription Chassis JN10C7F7FAFB MX480 Midplane REV 04 710 017414 TR2071 MX480 Midplane FPM Board REV 02 710 017254 KB8459 Front Panel Display PEM 0 Rev 02 740 017330 QCS07519029 PS 1 2 1 7kW 100 240V AC in PEM 1 Rev 02 740 017330 QCS07519041 PS 1 2 1 7kW 100 240V AC in PEM 2 Rev 02 740 017330 QCS07519097 PS 1 2 1 7kW 100 240V AC in Routing Engine 0 REV 07 740 013063 1000733381 RE S 2000 Routing Engi...

Page 900: ... 01 740 020426 4910551 SFP 1000BASE BX40 D Xcvr 5 REV 01 740 021340 77E245N00006 SFP 1000BASE BX10 U Xcvr 6 REV 01 740 020425 4882821 SFP 1000BASE BX40 U Xcvr 8 REV 01 740 020425 4882820 SFP 1000BASE BX40 U PIC 1 BUILTIN BUILTIN 10x 1GE LAN Xcvr 0 REV 01 740 020465 77E555N00894 SFP 1000BASE BX10 D Xcvr 1 REV 01 740 020465 75E467X00818 SFP 1000BASE BX10 D Xcvr 2 REV 01 740 020465 75E467X00573 SFP 1...

Page 901: ...1 740 011782 P8J1W25 SFP SX Fan Tray 0 Fan Tray 1 showchassishardware T320 Router user host show chassis hardware Hardware inventory Item Version Part number Serial number Description Chassis 19093 T320 Midplane REV 04 710 004339 BC1436 T320 Backplane FPM GBUS REV 03 710 004461 BC1407 T320 FPM Board FPM Display REV 04 710 002897 BE0763 FPM Display CIP REV 05 710 002895 BB2311 T Series CIP PEM 0 Re...

Page 902: ...1 710 005803 AZ2123 FPC Type 3 showchassishardware T640 Router user host show chassis hardware Hardware inventory Item Version Part number Serial number Description Chassis 19182 T640 Midplane REV 04 710 002726 AX5608 T640 Backplane FPM GBUS REV 02 710 002901 HE3064 T640 FPM Board FPM Display REV 02 710 002897 HE7864 FPM Display CIP REV 05 710 002895 HA5024 T Series CIP PEM 0 Rev 02 740 029522 VH2...

Page 903: ...2 SON SMIR FPC 6 REV 03 710 001721 T640 FPC3 PIC 1 REV 01 750 009553 PC 4OC48 SON SFP SIB 4 REV 02 750 005486 SIB I T640 S Fan Tray 0 FANTRAY T S Fan Tray 1 FANTRAY T S Fan Tray 2 FAN REAR TX T640 S showchassishardware extensive T640 Router user host show chassis hardware extensive Hardware inventory Item Version Part number Serial number Description Chassis T640 Jedec Code 0x7fb0 EEPROM Version 0...

Page 904: ... 06 710 002895 HT0684 T Series CIP PEM 0 Rev 11 740 002595 PM18483 Power Entry Module PEM 1 Rev 11 740 002595 qb13984 Power Entry Module SCG 0 REV 11 710 003423 HT0022 T640 Sonet Clock Gen Routing Engine 0 REV 13 740 005022 210865700363 RE 3 0 RE 600 CB 0 REV 03 710 007655 HW1195 Control Board CB T FPC 1 REV 05 710 007527 HM3245 FPC Type 2 CPU REV 14 710 001726 HM1084 FPC CPU PIC 0 REV 02 750 0072...

Page 905: ...1F27AHA T1600 Midplane REV 04 710 017247 RC5317 T Series Backplane FPM GBUS REV 10 710 002901 DS8197 T640 FPM Board FPM Display REV 01 710 021387 DS6433 T1600 FPM Display CIP REV 06 710 002895 DS1493 T Series CIP PEM 0 Rev 02 740 029522 VH26235 AC PEM 10kW US PEM 1 Rev 02 740 029522 VH26230 AC PEM 10kW US SCG 0 REV 15 710 003423 DP5847 T640 Sonet Clock Gen SCG 1 REV 15 710 003423 DR0924 T640 Sonet...

Page 906: ...EV 04 750 024564 DW5762 F13 SIB B Board REV 03 710 023431 DW9059 F13 SIB SIB F13 4 REV 04 750 024564 DW5797 F13 SIB B Board REV 03 710 023431 DW9041 F13 SIB SIB F13 6 REV 04 750 024564 DW5770 F13 SIB B Board REV 03 710 023431 DW9079 F13 SIB Mezz SIB F13 7 REV 04 750 024564 DW5758 F13 SIB B Board REV 03 710 023431 DW9047 F13 SIB SIB F13 8 REV 04 750 024564 DW5761 F13 SIB B Board REV 03 710 023431 D...

Page 907: ... Fan Tray 3 REV 06 760 024502 DV9616 Rear Fan Tray Fan Tray 4 REV 06 760 024502 DV7807 Rear Fan Tray Fan Tray 5 REV 06 760 024502 DV7828 Rear Fan Tray lcc0 re1 Hardware inventory Item Version Part number Serial number Description Chassis JN1103199AHA T1600 Midplane REV 03 710 017247 RC3765 T Series Backplane FPM GBUS REV 10 710 002901 DR1407 T640 FPM Board FPM Display REV 01 710 021387 DN5441 T160...

Page 908: ...82 PB81NBQ SFP SX Xcvr 9 REV 01 740 011782 PCH2UDP SFP SX PIC 1 REV 08 750 015749 WE9598 1x OC 192 SONET XFP Xcvr 0 REV 01 740 014279 AA0716N10AQ XFP OC192 SR PIC 2 REV 10 750 009450 HX6466 1x OC 192 SM SR2 PIC 3 REV 08 750 015749 WH0361 1x OC 192 SONET XFP MMB 0 REV 04 710 016036 DP3271 ST MMB2 SPMB 0 REV 04 710 023321 DW3635 LCC Switch CPU SPMB 1 REV 04 710 023321 DW4350 LCC Switch CPU SIB 0 REV...

Page 909: ...1 REV 13 750 017405 DS7639 4x 10GE LAN WAN XFP MMB 0 REV 01 710 025563 DS8557 ST MMB2 MMB 1 REV 01 710 025563 DS8376 ST MMB2 FPC 7 REV 03 710 013035 DF5564 FPC Type 3 ES CPU REV 01 710 016744 JT0000 ST PMB2 PIC 0 REV 16 750 007141 JJ8063 10x 1GE LAN 1000 BASE Xcvr 0 REV 01 740 011782 P8910GM SFP SX Xcvr 1 REV 01 740 011782 P8910TT SFP SX Xcvr 2 REV 01 740 011782 P8918S9 SFP SX Xcvr 3 REV 01 740 01...

Page 910: ...023431 DW9043 F13 SIB Mezz SIB F13 9 REV 04 750 024564 DW5754 F13 SIB B Board REV 03 710 023431 DW9078 F13 SIB Mezz SIB F13 11 REV 04 710 022600 DX0826 F13 SIB B Board REV 03 710 023431 DX0967 F13 SIB Mezz SIB F13 12 REV 04 750 024564 DW5794 F13 SIB B Board REV 03 710 023431 DW9044 F13 SIB Mezz SIB F2S 0 0 REV 05 710 022603 DW7897 F2S SIB B Board REV 05 710 023787 DW7657 NEO PMB SIB F2S 0 2 REV 05...

Page 911: ...y ID 0x052c Assembly Version 00 00 Date 00 00 0000 Assembly Flags 0x00 ID TXP Board Information Record Address 0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 I2C Hex Data Address 0x00 7f b0 02 ff 05 2c 00 00 00 00 00 00 00 00 00 00 Address 0x10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Address 0x20 4a 4e 31 31 32 46 30 30 37 41 48 42 00 00 00 00 Address 0x30 00 00 00 00 00 00 00 00 00 ...

Page 912: ...RU Model Number CIP TXP Board Information Record Address 0x00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff showchassishardware clei models TXMatrix Plus Router user host show chassis hardware clei models sfc0 re0 Hardware inventory Item Version Part number CLEI code FRU model number FPM Display REV 03 710 024027 CRAFT TXP CIP 0 REV 04 710 023792 CIP TXP CIP 1 REV 04 710 023792 CIP TXP PEM 0 Rev...

Page 913: ... 750 017405 PD 4XGE XFP PIC 1 REV 11 750 017405 PD 4XGE XFP FPC 6 REV 14 710 013037 T1600 FPC4 ES PIC 0 REV 13 750 017405 PD 4XGE XFP PIC 1 REV 13 750 017405 PD 4XGE XFP FPC 7 REV 07 710 013035 T1600 FPC3 ES PIC 0 REV 16 750 007141 PC 10GE SFP PIC 1 REV 08 750 015749 PC 1OC192 SON XFP PIC 2 REV 10 750 009450 PC 1OC192 SON SR2 PIC 3 REV 08 750 015749 PC 1OC192 SON XFP SIB 0 REV 08 710 022594 SIB TX...

Page 914: ...03 710 022603 DV0100 F2S SIB B Board REV 03 710 023787 DT9925 NEO PMB SIB F2S 2 2 REV 03 710 022603 DV0050 F2S SIB B Board REV 03 710 023787 DV0005 NEO PMB SIB F2S 2 4 REV 03 710 022603 DV0097 F2S SIB B Board REV 03 710 023787 DT9936 NEO PMB Fan Tray 0 REV 02 760 024497 DR8286 Front Fan Tray Fan Tray 1 REV 06 760 024497 DV9624 Front Fan Tray Fan Tray 2 REV 02 760 024502 DR8259 Rear Fan Tray Fan Tr...

Page 915: ...show chassis hardware models sfc0 re0 Hardware inventory Item Version Part number Serial number FRU model number FPM Display REV 03 710 024027 DX0282 CRAFT TXP CIP 0 REV 04 710 023792 DW4889 CIP TXP CIP 1 REV 04 710 023792 DW4887 CIP TXP PEM 0 Rev 07 740 027463 UM26368 ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ Routing Engine 0 REV 01 740 026942 737A 1064 RE TXP SFC DUO 2600 16G Routing Engine 1 REV 01 740 026942 73...

Page 916: ... 017405 DP8795 PD 4XGE XFP PIC 1 REV 11 750 017405 DP8794 PD 4XGE XFP FPC 6 REV 14 710 013037 DS5335 T1600 FPC4 ES PIC 0 REV 13 750 017405 DS7634 PD 4XGE XFP PIC 1 REV 13 750 017405 DS7637 PD 4XGE XFP FPC 7 REV 07 710 013035 DM0990 T1600 FPC3 ES PIC 0 REV 16 750 007141 JJ8067 PC 10GE SFP PIC 1 REV 08 750 015749 WE9598 PC 1OC192 SON XFP PIC 2 REV 10 750 009450 HX6466 PC 1OC192 SON SR2 SIB 0 REV 08 ...

Page 917: ...013037 DR1184 T1600 FPC4 ES PIC 1 REV 11 750 017405 DP4744 PD 4XGE XFP FPC 6 REV 12 710 013037 DN8622 T1600 FPC4 ES PIC 0 REV 14 750 012518 JY9924 PD 4OC192 SON XFP PIC 1 REV 11 750 017405 DP8776 PD 4XGE XFP FPC 7 REV 04 710 013560 JR3968 T640 FPC3 E2 PIC 0 REV 16 750 007141 NC9330 PC 10GE SFP SIB 0 REV 07 710 022594 DW4217 SIB TXP T1600 S SIB 1 REV 07 710 022594 DW4213 SIB TXP T1600 S SIB 2 REV 0...

Page 918: ...tem Version Part number Serial number Description Ethernet MPC with Chassis JN112D865AFA MX960 SFP Optics MX Series Routers Midplane REV 03 710 013698 TS3339 MX960 Backplane FPM Board REV 03 710 014974 WW6267 Front Panel Display PDM Rev 03 740 013110 QCS12485026 Power Distribution Module PEM 0 Rev 04 740 013682 QCS12434086 PS 1 7kW 200 240VAC in PEM 1 Rev 04 740 013682 QCS1243408Z PS 1 7kW 200 240...

Page 919: ...onal Not on EX2200 switches Display the information as follows For the EX3200 the standalone EX4200 or the EX4500 switch fpc slot number equals 0 For all EX4200 switches in a Virtual Chassis fpc slot with no fpc slot number value specified For a specific Virtual Chassis member fpc slot number equals member ID value For the line card in the specified slot on an EX8200 switch fpc slot number equals ...

Page 920: ... is the master in the Virtual Chassis configuration On other switches indicates that the Routing Engine is operational Off On an EX4200 Virtual Chassis switch indicates that this switch is not the master in the Virtual Chassis configuration On EX3200 standalone EX4200 and EX8200 switches indicates that the Routing Engine is not operational Master LED On an EX2200 switch only displays the currently...

Page 921: ...l Duplex ge 0 0 17 Full Duplex ge 0 0 18 Full Duplex ge 0 0 19 Full Duplex ge 0 0 20 Full Duplex ge 0 0 21 Full Duplex ge 0 0 22 Off ge 0 0 23 Off ge 0 0 24 Full Duplex ge 0 0 25 Full Duplex ge 0 0 26 Off ge 0 0 27 Off ge 0 0 28 Full Duplex ge 0 0 29 Full Duplex show chassis led user switch show chassis led Front panel contents for slot 0 show chassis led LEDs status Alarms LED Off System LED Gree...

Page 922: ...user switch show chassis led fpc slot 0 Front panel contents for slot 0 show chassis led fpc slot 0 LEDs status Alarms LED Red System LED Green Master LED Green Interface LED ADM SPD DPX POE ge 0 0 0 Off ge 0 0 1 Off ge 0 0 2 Off ge 0 0 3 Off ge 0 0 4 Off ge 0 0 5 Off ge 0 0 6 Off ge 0 0 7 Off ge 0 0 8 Off ge 0 0 9 Off ge 0 0 10 Off ge 0 0 11 Off ge 0 0 12 Off ge 0 0 13 Off ge 0 0 14 Off ge 0 0 15...

Page 923: ...the physical location of a specified interface name On a TX Matrix router this option displays the FPC number and T640 router or line card chassis number associated with the specified interface On a TX Matrix Plus router this option displays the FPC number and T1600 router or line card chassis number associated with the specified interface interface by slot fpc number lcc number TX Matrix and TX M...

Page 924: ...fields are listed in the approximate order in which they appear Table 136 show chassis location Output Fields Field Description Field Name Country code information country code Postal code information postal code Building information Building Floor information Floor Global FPC number The FPC slot number when all FPC slots in the Routing Matrix are considered The range of values is 0 through 31 Glo...

Page 925: ...user host show chassis location country code US postal code 94404 Building Building 2 Floor 2 show chassis location show chassis location fpc TX Matrix Plus Router user host show chassis location fpc Global FPC LCC Local FPC 0 0 0 1 0 1 show chassis location interface by slot user host show chassis location interface by slot fpc 2 lcc 1 Global FPC 10 TX Matrix Plus Router 829 Copyright 2010 Junipe...

Page 926: ...the recommended method replace slot number with a value from 0 through 7 Otherwise replace slot number with a value from 0 through 31 For example the following commands have the same result user host show chassis pic fpc slot 1 lcc 1 pic slot 1 user host show chassis pic fpc slot 9 pic slot 1 M120 routers only Replace slot number with a value from 0 through 5 MX80 routers only Replace slot number ...

Page 927: ...ot FPC Not Present on page 833 show chassis pic fpc slot pic slot PIC Not Present on page 833 show chassis pic fpc slot 3 pic slot 0 M120 Router on page 833 show chassis pic fpc slot pic slot MX960 Router Bidirectional Optics on page 833 show chassis pic fpc slot pic slot lcc TX Matrix Router on page 833 show chassis pic fpc slot pic slot lcc TX Matrix Plus Router on page 834 show chassis pic fpc ...

Page 928: ...nlinks are either 1490 nm or 1550 nm PIC Port Information MX960 Router Bidirectional Optics Port level information for the next generation SONET SDH SFP PIC Port Port number Cable type Type of small form factor pluggable SFP optical transceiver installed Fiber type Type of fiber SM single mode or MM multimode Xcvr vendor Transceiver vendor name Xcvr vendor part number Transceiver vendor part numbe...

Page 929: ...4 pic slot 1 FPC slot 4 PIC slot 1 information Type 10x 1GE LAN MX960 Router Bidirectional Optics State Online PIC version 0 0 Uptime 18 days 5 hours 41 minutes 54 seconds PIC port information Fiber Xcvr vendor Port Cable type type Xcvr vendor part number Wavelength 0 SFP 1000BASE BX10 D SM SumitomoElectric SBP6H44 J3 BW 49 1490 nm 1 SFP 1000BASE BX10 D SM SumitomoElectric SBP6H44 J3 BW 49 1490 nm...

Page 930: ...cvr vendor Port Cable type type Xcvr vendor part number Wavelength 0 OC48 short reach SM FINISAR CORP FTRJ1321P1BTL J2 1310 nm 1 OC3 short reach MM OCP TRPA03MM3BAS JE 1310 nm 2 OC3 short reach MM OCP TRXA03MM3BAS JW 1310 nm 3 OC12 inter reach SM FINISAR CORP FTLF1322P1BTR 1310 nm show chassis pic fpc slot pic slot 12 port T1 E1 user host show chassis pic fpc slot 0 pic slot 3 FPC slot 0 PIC slot ...

Page 931: ...O HFBR 57E0P JU2 n a 1 OC3 short reach MM AVAGO HFBR 57E0P JU2 n a 3 OC3 long reach SM OPNEXT INC TRF5456AVLB314 1310 nm show chassis pic fpc slotpic slot OTN user host show chassis pic fpc slot 5 pic slot 0 PIC fpc slot 5 pic slot 0 information Type 1x10GE LAN OTN ASIC type H chip State Online PIC version 1 0 Uptime 5 minutes 50 seconds 835 Copyright 2010 Juniper Networks Inc Chapter 42 Operation...

Page 932: ...ay the basic input output system BIOS firmware version lcc number TX Matrix and TX Matrix Plus routers only Optional On a TX Matrix router display Routing Engine information for a specified T640 router or line card chassis that is connected to the TX Matrix router On a TX Matrix Plus router display Routing Engine information for a specified T1600 router or line card chassis that is connected to th...

Page 933: ...ssis routing engine Output Fields Field Description Field Name Systems with multiple Routing Engines Slot number Slot Systems with multiple Routing Engines Current state of the Routing Engine Master Backup or Disabled Current state Systems with multiple Routing Engines Election priority for the Routing Engine Master or Backup Election priority Temperature of the air flowing past the Routing Engine...

Page 934: ...due to an undetermined reason Router rebooted after a normal shutdown Reboot due to a normal shutdown Last reboot reason Routing Engine load averages for the last 1 5 and 15 minutes Load averages show chassis routing engine M5 Router user host show chassis routing engine Routing Engine status Temperature 25 degrees C 77 degrees F DRAM 768 MB show chassis routing engine M5 Router Memory utilization...

Page 935: ...es 1 minute 5 minute 15 minute 0 00 0 02 0 00 Routing Engine status Slot 1 Current state Backup Election priority Backup default Temperature 29 degrees C 84 degrees F DRAM 768 MB Memory utilization 0 percent CPU utilization User 0 percent Background 0 percent Kernel 1 percent Interrupt 0 percent Idle 99 percent Model RE 2 0 Serial ID d800000734745701 Start time 2003 06 17 16 37 33 PDT Uptime 195 d...

Page 936: ...621154 Start time 2006 10 31 17 10 05 PST Uptime 14 minutes 31 seconds Last reboot reason Router rebooted after a normal shutdown Load averages 1 minute 5 minute 15 minute 0 02 0 07 0 07 Routing Engine status Slot 1 Current state Backup Election priority Backup default Temperature 45 degrees C 113 degrees F CPU temperature 42 degrees C 107 degrees F DRAM 2048 MB Memory utilization 15 percent CPU u...

Page 937: ...PU utilization User 0 percent Background 0 percent Kernel 0 percent Interrupt 0 percent Idle 100 percent Model RE 3 0 Serial ID 210865700332 Start time 2003 12 23 12 25 55 PST Uptime 6 days 22 hours 33 minutes 21 seconds Last reboot reason Router rebooted after a normal shutdown show chassis routing engine MX240 Router user host show chassis routing engine Routing Engine status Slot 0 Current stat...

Page 938: ... C 98 degrees F CPU temperature 37 degrees C 98 degrees F DRAM 2048 MB Memory utilization 18 percent CPU utilization User 0 percent Background 0 percent Kernel 4 percent Interrupt 0 percent Idle 96 percent Model RE S 1300 Serial ID 1000617944 Start time 2006 10 26 12 37 13 PDT Uptime 6 days 4 hours 59 minutes 40 seconds Last reboot reason Router rebooted after a normal shutdown Load averages 1 min...

Page 939: ...st reboot reason Router rebooted after a normal shutdown Load averages 1 minute 5 minute 15 minute 0 00 0 02 0 00 lcc2 re0 Routing Engine status Slot 0 Current state Master Election priority Master default Temperature 34 degrees C 93 degrees F CPU temperature 35 degrees C 95 degrees F DRAM 2048 MB Memory utilization 12 percent CPU utilization User 0 percent Background 0 percent Kernel 2 percent In...

Page 940: ...Routing Engine BIOS Version V1 0 0 show chassis routing engine TX Matrix Plus Router user host show chassis routing engine sfc0 re0 Routing Engine status Slot 0 Current state Master Election priority Master default Temperature 27 degrees C 80 degrees F CPU temperature 42 degrees C 107 degrees F DRAM 3327 MB Memory utilization 12 percent CPU utilization User 0 percent Background 0 percent Kernel 2 ...

Page 941: ...t 0 percent Idle 98 percent Model RE TXP LCC Serial ID 737F 1024 Start time 2009 05 11 17 40 32 PDT Uptime 3 hours 44 minutes 51 seconds Last reboot reason Router rebooted after a normal shutdown Load averages 1 minute 5 minute 15 minute 0 00 0 00 0 00 Routing Engine status Slot 1 Current state Backup Election priority Backup default Temperature 30 degrees C 86 degrees F CPU temperature 43 degrees...

Page 942: ... 15 minute 0 00 0 00 0 00 Routing Engine status Slot 1 Current state Backup Election priority Backup default Temperature 30 degrees C 86 degrees F CPU temperature 43 degrees C 109 degrees F DRAM 3327 MB Memory utilization 9 percent CPU utilization User 0 percent Background 0 percent Kernel 0 percent Interrupt 0 percent Idle 100 percent Model RE TXP LCC Serial ID 737F 1024 Start time 2009 05 06 17 ...

Page 943: ...tails of the TX Matrix router or switch card chassis sfc number TX Matrix Plus routers only Optional Display the temperature threshold details of the TX Matrix Plus router or switch fabric chassis Replace number with 0 Required Privilege Level view List of Sample Output show chassis temperature thresholds on page 848 show chassis temperature thresholds TX Matrix Plus Router on page 848 show chassi...

Page 944: ... alarm when the fans are running at full speed Bad fan The temperature that must be exceeded on the component to trigger a red alarm when one or more fans have failed or are missing Red alarm show chassis temperature thresholds user host show chassis temperature thresholds Fan speed Yellow alarm Red alarm Item Normal High Normal Bad fan Normal Bad fan show chassis temperature thresholds Chassis de...

Page 945: ...64 70 76 72 90 84 SIB F2S 35 64 70 76 72 90 84 lcc0 re0 Fan speed Yellow alarm Red alarm Item Normal High Normal Bad fan Normal Bad fan Chassis default 48 54 65 55 75 65 Routing Engine 0 48 54 85 85 100 100 Routing Engine 1 48 54 85 85 100 100 FPC 4 56 62 75 63 83 76 FPC 6 56 62 75 63 83 76 FPC 7 56 62 75 63 83 76 SIB 0 48 54 65 60 80 75 SIB 1 48 54 65 60 80 75 SIB 2 48 54 65 60 80 75 SIB 3 48 54 ...

Page 946: ...show chassis temperature thresholds user host show chassis temperature thresholds lcc 1 lcc1 re0 lcc TX Matrix Plus Router Fan speed Yellow alarm Red alarm Item Normal High Normal Bad fan Normal Bad fan Chassis default 48 54 65 55 75 65 Routing Engine 0 48 54 85 85 100 100 Routing Engine 1 48 54 85 85 100 100 FPC 4 56 62 75 63 83 76 FPC 6 56 62 75 63 83 76 FPC 7 56 62 75 63 83 76 SIB 0 48 54 65 60...

Page 947: ...90 84 SIB F2S 21 64 70 76 72 90 84 SIB F2S 22 64 70 76 72 90 84 SIB F2S 23 64 70 76 72 90 84 SIB F2S 24 64 70 76 72 90 84 SIB F2S 25 64 70 76 72 90 84 SIB F2S 26 64 70 76 72 90 84 SIB F2S 27 64 70 76 72 90 84 SIB F2S 28 64 70 76 72 90 84 SIB F2S 29 64 70 76 72 90 84 SIB F2S 30 64 70 76 72 90 84 SIB F2S 31 64 70 76 72 90 84 SIB F2S 32 64 70 76 72 90 84 SIB F2S 33 64 70 76 72 90 84 SIB F2S 34 64 70 ...

Page 948: ... Optional Display logging information about users who have recently logged in to the router or switch If you include username display logging information about the specified user Required Privilege Level trace List of Sample Output show log on page 852 show log filename on page 852 show log user on page 853 show log user host show log total 57518 rw r r 1 root bin 211663 Oct 1 19 44 dcd show log r...

Page 949: ...v len 144 V9 seq 151 op chnge Type ifdev devindex 44 Oct 1 18 00 19 KRT recv len 144 V9 seq 152 op chnge Type ifdev devindex 45 Oct 1 18 00 19 KRT recv len 144 V9 seq 153 op chnge Type ifdev devindex 46 Oct 1 18 00 19 KRT recv len 1272 V9 seq 154 op chnge Type ifdev devindex 47 show log user user host show log user darius mg2546 Thu Oct 1 19 37 still logged in darius mg2529 Thu Oct 1 19 08 19 36 0...

Page 950: ...y the number of a T1600 router by using the lcc number option the recommended method replace slot with a value from 0 through 7 Otherwise replace slot with a value from 0 through 31 For example the following commands have the same result user host show pfe next hop fpc 1 lcc 1 user host show pfe next hop fpc 9 interface interface name Optional Display the Packet Forwarding Engine next hop interfac...

Page 951: ...18 Reject IPV6 0 24 Discard None 0 68 Local 192 168 66 113 IPv4 0 69 Resolve fxp0 0 IPv4 Unspecified 0 70 Unicast fxp0 0 192 168 71 254 IPv4 Unspecified 0 256 Local 10 71 71 1 IPv4 0 257 Local 127 0 0 1 IPv4 0 258 Mcast local 1 default IPv4 Unspecified 0 259 Bcast local 1 IPv4 Unspecified 0 261 Discard local 1 IPv4 Unspecified 0 262 MDiscard local 1 IPv4 Unspecified 0 269 Mcast local 1 default IPV...

Page 952: ...esolve em0 0 IPv4 Unspecified 0 350 Unicast em0 0 192 168 178 126 IPv4 Unspecified 0 357 Local fe80 201 1ff fe01 5 IPv6 0 512 Local 10 255 178 11 IPv4 0 513 Local 127 0 0 1 IPv4 0 515 Local abcd 10 255 178 11 IPv6 0 516 Local fe80 200 ff fe00 0 IPv6 0 517 Local 127 0 0 1 IPv4 0 518 Mcast local 3 default IPv4 Unspecified 0 519 Bcast local 3 IPv4 Unspecified 0 521 Discard local 3 IPv4 Unspecified 0 ...

Page 953: ...e 7 0 9 0 11 1 1 2 IPv4 Ethernet 0 557 Aggreg ae1 0 MPLS Ethernet 0 558 Unicast ge 23 0 8 0 MPLS Ethernet 0 559 Unicast ge 7 0 9 0 MPLS Ethernet 0 560 Aggreg ae1 0 MPLS Ethernet 0 561 Unicast ge 23 0 8 0 MPLS Ethernet 0 562 Unicast ge 7 0 9 0 MPLS Ethernet 0 857 Copyright 2010 Juniper Networks Inc Chapter 42 Operational Mode Commands for System Monitoring ...

Page 954: ...the routes in the Routing Engine forwarding table use the show route forwarding table command For more information see the Junos Routing Protocols and Policies Command Reference Options none Display all Packet Forwarding Engine forwarding table information fpc slot TX Matrix and TX Matrix Plus router only Optional Show the next hops for a Flexible PIC Concentrator FPC slot On a TX Matrix router if...

Page 955: ...page 859 show pfe route iso on page 859 show pfe route lcc summary TX Matrix Router on page 860 show pfe route lcc summary TX Matrix Plus Router on page 861 show pfe route ip user host show pfe route ip IPv4 Route Table 0 default 0 0x0 show pfe route ip Destination NH IP Addr Type NH ID Interface default Discard 8 127 0 0 1 127 0 0 1 Local 256 172 16 12 192 168 71 254 Unicast 68 fxp0 0 192 168 0 1...

Page 956: ...v4 Route Tables Index Routes Size b Default 43 3081 1 4 281 MPLS Route Tables Index Routes Size b Default 1 68 IPV6 Route Tables Index Routes Size b Default 9 717 1 5 389 Slot 16 IPv4 Route Tables Index Routes Size b Default 41 2938 1 4 281 MPLS Route Tables Index Routes Size b Default 1 68 IPV6 Route Tables Index Routes Size b Default 9 717 1 5 389 Copyright 2010 Juniper Networks Inc 860 Complete...

Page 957: ...lcc 2 summary Slot 0 IPv4 Route Tables Index Routes Size b Default 25 2266 1 9 815 2 6 545 3 5 453 4 15 1371 5 5 453 6 13 1187 MPLS Route Tables Index Routes Size b Default 1 88 4 5 452 IPv6 Route Tables Index Routes Size b Default 7 697 1 13 1305 3 4 385 4 4 385 5 4 385 6 18 1833 Slot 6 IPv4 Route Tables Index Routes Size b Default 25 2266 1 9 815 2 6 545 861 Copyright 2010 Juniper Networks Inc C...

Page 958: ...ndex Routes Size b Default 1 88 4 5 452 IPv6 Route Tables Index Routes Size b Default 7 697 1 13 1305 3 4 385 4 4 385 5 4 385 6 18 1833 Copyright 2010 Juniper Networks Inc 862 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 959: ...ket Forwarding Engine information for the TX Matrix router or switch card chassis sfc TX Matrix Plus routers only Optional Display Packet Forwarding Engine information for the TX Matrix Plus router or switch fabric chassis Required Privilege Level admin List of Sample Output show pfe terse TX Matrix Router on page 863 show pfe terse TX Matrix Plus Router on page 863 show pfe terse sfc TX Matrix Pl...

Page 960: ...Plus Router user host show pfe terse sfc 0 sfc0 re0 Slot Type Slot State Uptime 0 LCC Present Online 2d 05 25 Copyright 2010 Juniper Networks Inc 864 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 961: ...rs when a software feature is configured and no valid license is configured for the feature For more information about system alarms see the Junos System Basics Configuration Guide Required Privilege Level admin List of Sample Output show system alarms on page 865 show system alarms user host show system alarms 2 alarms currently active Alarm time Class Description show system alarms 2005 02 24 17...

Page 962: ...rmissions information for all T640 routers or line card chassis connected to the TX Matrix router On a TX Matrix Plus router display file system MD5 hash and permissions information for all T1600 routers or line card chassis connected to the TX Matrix Plus router all members EX4200 switches only Optional Display file system MD5 hash and permissions information on all members of the Virtual Chassis...

Page 963: ...a TX Matrix Plus router master Routing Engines connected to it If you issue the command on the TX Matrix or TX Matrix Plus backup Routing Engine the command is broadcast to all the T640 in a routing matrix based on a TX Matrix router or T1600 in a routing matrix based on a TX Matrix Plus router backup Routing Engines that are connected to it Required Privilege Level admin List of Sample Output sho...

Page 964: ...time 1094982121 0 COPYRIGHT mode 0644 size 4735 time 986012708 0 md5digest 78396df1404ad742e6eb1be28f0cd63b kernel type link mode 0700 size 17 time 1090266262 0 link packages jkernel altconfig altconfig type dir nlink 2 size 512 time 1089801320 0 altconfig altroot altroot type dir nlink 2 size 512 time 1089801320 0 altroot b b type dir mode 0755 nlink 2 size 512 time 1093961429 0 b bin set type fi...

Page 965: ... bin pwd rcp type link size 27 time 1090266270 0 link packages mnt jbase bin rcp red type link size 26 time 1090266270 0 link packages mnt jbase bin ed rm type link size 26 time 1090266270 0 link packages mnt jbase bin rm rmdir type link size 29 time 1090266270 0 link packages mnt jbase bin rmdir sh type link size 26 time 1090266270 0 link packages mnt jbase bin sh sleep type link size 29 time 109...

Page 966: ...k mode 0777 size 8 time 1242346935 0 link var tmp snap snap type dir mode 0775 nlink 2 size 512 time 1242346922 0 snap altconfig altconfig type dir mode 0500 nlink 2 size 512 time 1242319843 0 altconfig altroot altroot type dir mode 0500 nlink 2 size 512 time 1242319843 0 altroot bin bin type dir nlink 2 size 512 time 1242346944 0 133 type link size 28 time 1242346942 0 link packages mnt jbase bin...

Page 967: ...time 1242346944 0 link packages mnt jbase bin pax ps type link size 26 time 1242346941 0 link packages mnt jbase bin ps pwd type link size 27 time 1242346941 0 link packages mnt jbase bin pwd rcp type link size 27 time 1242346942 0 link packages mnt jbase bin rcp red type link size 26 time 1242346941 0 link packages mnt jbase bin ed rm type link size 26 time 1242346942 0 link packages mnt jbase bi...

Page 968: ...onfiguration all lcc TX Matrix and TX Matrix Plus routers only Optional On a TX Matrix router show buffer statistics for all T640 routers or line card chassis connected to the TX Matrix router On a TX Matrix Plus router show buffer statistics for all T1600 routers or line card chassis connected to the TX Matrix Plus router all chassis TX Matrix and TX Matrix Plus routers only Optional Show buffer ...

Page 969: ...trix router backup Routing Engines or T1600 in a routing matrix based on the TX Matrix Plus router backup Routing Engines that are connected to it A special type of memory buffer called a cluster is 2 KB in size For more information see The Design and Implementation of the 4 4BSD Operation System by McKusic Bostic Karels and Quarterman Required Privilege Level view List of Sample Output show syste...

Page 970: ...f clusters mbuf clusters in use Total amount of memory in use by the networking and interprocess communication IPC code allocated to network Number of times a memory allocation request within the IPC and networking code failed requests for memory denied Number of times a memory allocation request within the IPC and networking code was postponed requests for memory delayed Number of times a memory ...

Page 971: ... denied 4k 9k 16k 0 10 1024 sfbufs in use current peak max 0 requests for sfbufs denied 0 requests for sfbufs delayed 0 requests for I O initiated by sendfile 0 calls to protocol drain routines show system buffers all chassis TX Matrix Plus Router user host show system buffers all chassis sfc0 re0 4363 2807 7170 mbufs in use current cache total 4358 1968 6326 30000 mbuf clusters in use current cac...

Page 972: ...tal 0 0 0 requests for mbufs denied mbufs clusters mbuf clusters 0 0 0 requests for jumbo clusters denied 4k 9k 16k 0 7 1024 sfbufs in use current peak max 0 requests for sfbufs denied 0 requests for sfbufs delayed 0 requests for I O initiated by sendfile 0 calls to protocol drain routines lcc2 re0 816 2514 3330 mbufs in use current cache total 816 554 1370 30000 mbuf clusters in use current cache...

Page 973: ... active IP sockets on the Routing Engine Use this command to verify which servers are active on a system and what connections are currently in progress Options none Display information about all active IP sockets on the Routing Engine extensive Optional Display exhaustive system process information which for TCP connections includes the TCP control block This option is useful for debugging TCP con...

Page 974: ...tionalInformation By default when you issue the show system connections command on a TX Matrix or TX Matrix Plus master Routing Engine the command is broadcast to all the T640 in a routing matrix based on a TX Matrix router master Routing Engines or T1600 in a routing matrix based on a TX Matrix Plus router master Routing Engines connected to it Likewise if you issue the same command on the TX Mat...

Page 975: ...ayed only when the show routing instance option is used For TCP the protocol state of the socket state show system connections user host show system connections Active Internet connections including servers Proto Recv Q Send Q Local Address Foreign Address state show system connections tcp 0 2 192 168 4 16 513 208 197 169 254 894 ESTABLISHED tcp 0 0 192 168 4 16 513 208 197 169 195 945 ESTABLISHED...

Page 976: ...ion 125814 mss 1448 flags REQ_SCALE RCVD_SCALE REQ_TSTMP RCVD_TSTMP 0x1e0 udp0 0192 168 4 16 1634208 197 169 249 2049 udp0 0192 168 4 16 1627208 197 169 254 2049 udp0 0192 168 4 16 1371208 197 169 195 2049 udp 0 0 udp0 0 9999 udp 0 0 161 udp0 0192 168 4 16 1039192 168 4 16 1023 udp0 0192 168 4 16 1038192 168 4 16 1023 udp0 0192 168 4 16 1037192 168 4 16 1023 udp0 0192 168 4 16 1036192 168 4 16 102...

Page 977: ..._ ESTABLISHED tcp4 0 0 32012 __juniper_private1__ LISTEN tcp4 0 0 9000 __juniper_private1__ LISTEN tcp4 0 0 33007 __juniper_private2__ LISTEN tcp46 0 0 179 default LISTEN tcp4 0 0 179 default LISTEN tcp4 0 0 6154 __juniper_private1__ LISTEN tcp4 0 0 6153 __juniper_private1__ LISTEN tcp4 0 0 7000 __juniper_private1__ LISTEN tcp4 0 0 6152 __juniper_private1__ LISTEN tcp4 0 0 6156 __juniper_private1_...

Page 978: ...BLISHED tcp4 0 0 33005 LISTEN tcp4 0 0 162 0 0 4 9000 162 0 0 4 51611 ESTABLISHED tcp4 0 0 162 0 0 4 51611 162 0 0 4 9000 ESTABLISHED tcp4 0 0 6151 LISTEN tcp4 0 0 6154 LISTEN tcp4 0 0 6153 LISTEN tcp4 0 0 31343 LISTEN tcp4 0 0 31341 LISTEN tcp4 0 0 9000 LISTEN tcp4 0 0 6152 LISTEN tcp4 0 0 32003 LISTEN tcp4 0 0 33009 LISTEN tcp4 0 0 3221 LISTEN tcp4 0 0 23 LISTEN tcp4 0 0 22 LISTEN tcp4 0 0 514 L...

Page 979: ... Internet connections including servers Proto Recv Q Send Q Local Address Foreign Address state tcp4 0 0 192 168 178 3 23 172 24 26 227 50399 ESTABLISHED tcp4 0 0 6234 LISTEN tcp4 0 0 7000 LISTEN tcp4 0 0 9000 LISTEN tcp4 0 0 33009 LISTEN tcp4 0 0 3221 LISTEN tcp4 0 0 23 LISTEN tcp4 0 0 22 LISTEN tcp4 0 0 514 LISTEN tcp4 0 0 513 LISTEN tcp4 0 0 21 LISTEN tcp4 0 0 79 LISTEN tcp4 0 0 514 LISTEN tcp4...

Page 980: ...4 0 0 21 LISTEN tcp4 0 0 79 LISTEN tcp4 0 0 514 LISTEN tcp4 0 0 513 LISTEN tcp4 0 0 33009 LISTEN udp46 0 0 514 udp4 0 0 514 udp46 0 0 59924 udp4 0 0 59412 udp4 0 0 31342 udp46 0 0 161 udp4 0 0 161 udp4 0 0 6333 lcc2 re0 Active Internet connections including servers Proto Recv Q Send Q Local Address Foreign Address state tcp4 0 0 6234 LISTEN tcp4 0 0 7000 LISTEN tcp4 0 0 9000 LISTEN tcp4 0 0 33009 ...

Page 981: ...9 0 0 4 514 TIME_WAIT tcp4 0 0 192 168 178 11 21 172 17 28 204 64662 TIME_WAIT tcp4 0 0 192 168 178 11 21 172 17 28 204 51612 TIME_WAIT tcp4 0 0 6156 LISTEN tcp4 0 0 9000 LISTEN tcp4 0 0 666 LISTEN tcp4 0 2 192 168 178 11 23 172 17 28 19 3565 ESTABLISHED tcp4 0 0 192 168 178 11 23 172 17 28 204 62719 ESTABLISHED tcp4 0 0 192 168 178 11 23 192 168 69 199 51255 ESTABLISHED tcp4 0 0 192 168 178 11 23...

Page 982: ...EN tcp4 0 0 514 LISTEN tcp4 0 0 513 LISTEN tcp4 0 0 6234 LISTEN udp4 0 0 127 0 0 1 123 udp4 0 0 10 255 178 11 123 udp4 0 0 123 udp46 0 0 514 udp4 0 0 514 udp46 0 0 50895 udp4 0 0 50794 udp4 0 0 31342 udp46 0 0 161 udp4 0 0 161 udp4 0 0 31340 udp4 0 0 31340 udp46 0 0 49152 udp46 0 0 4784 udp46 0 0 3784 udp4 0 0 49152 udp4 0 0 4784 udp4 0 0 3784 udp4 0 0 6333 ip4 104 0 ip4 0 0 ip4 0 0 Copyright 2010...

Page 983: ...LISHED tcp4 0 0 32012 __juniper_private1__ LISTEN tcp4 0 0 33007 __juniper_private2__ LISTEN tcp4 0 0 162 0 0 4 6161 162 0 0 5 62026 __juniper_private1__ ESTABLISHED tcp4 0 0 33005 __juniper_private2__ LISTEN tcp4 0 0 162 0 0 4 9000 162 0 0 4 51611 __juniper_private1__ FIN_WAIT_2 tcp4 0 0 162 0 0 4 51611 162 0 0 4 9000 __juniper_private1__ CLOSE_WAIT tcp4 0 0 6151 __juniper_private1__ LISTEN tcp4 ...

Page 984: ...fault udp4 0 0 31340 __juniper_private2__ udp4 0 0 31340 __juniper_private1__ udp46 0 0 49152 default udp46 0 0 4784 default udp46 0 0 3784 default udp4 0 0 49152 default udp4 0 0 4784 default udp4 0 0 3784 default udp4 0 0 6333 __juniper_private1__ ip4 0 0 default ip4 0 0 default ip4 0 0 default lcc0 re0 Active Internet connections including servers including routing instances Proto Recv Q Send Q...

Page 985: ... 0 0 514 default udp4 0 0 514 default udp46 0 0 59924 default udp4 0 0 59412 default udp46 0 0 161 default udp4 0 0 161 default udp4 0 0 31342 __juniper_private1__ udp4 0 0 6333 __juniper_private1__ lcc1 re0 Active Internet connections including servers including routing instances Proto Recv Q Send Q Local Address Foreign Address Routing Instance state tcp4 0 0 7000 __juniper_private1__ LISTEN tcp...

Page 986: ...servers including routing instances Proto Recv Q Send Q Local Address Foreign Address Routing Instance state tcp4 0 0 7000 __juniper_private1__ LISTEN tcp4 0 0 6234 __juniper_private1__ LISTEN tcp4 0 0 9000 __juniper_private1__ LISTEN tcp4 0 0 33009 __juniper_private2__ LISTEN tcp4 0 0 3221 default LISTEN tcp4 0 0 23 default LISTEN tcp4 0 0 22 default LISTEN tcp4 0 0 514 default LISTEN tcp4 0 0 51...

Page 987: ...te1__ LISTEN tcp4 0 0 9000 __juniper_private1__ LISTEN tcp4 0 0 33009 __juniper_private2__ LISTEN tcp4 0 0 3221 default LISTEN tcp4 0 0 23 default LISTEN tcp4 0 0 22 default LISTEN tcp4 0 0 514 default LISTEN tcp4 0 0 513 default LISTEN tcp4 0 0 21 default LISTEN tcp4 0 0 79 default LISTEN tcp4 0 0 514 __juniper_private1__ LISTEN tcp4 0 0 513 __juniper_private1__ LISTEN udp46 0 0 514 default udp4 ...

Page 988: ...default udp4 0 0 6333 __juniper_private1__ Copyright 2010 Juniper Networks Inc 892 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 989: ...h has failed This command can be useful for diagnostic purposes Each list item includes the file permissions number of links owner group size modification date and path filename You can use the option core filename and its options core file info brief and detail to display more information about the specified core dump files Options none Display a list of all existing core dump files all chassis T...

Page 990: ...tem core files on the TX Matrix router or switch card chassis sfc TX Matrix Plus routers only Optional Display system core files on the TX Matrix Plus router or switch fabric chassis Required Privilege Level view List of Sample Output show system core dumps on page 895 show system core dumps on page 895 show system core dumps TX Matrix Plus Router on page 895 Output Fields Table 142 on page 894 de...

Page 991: ... Router user host show system core dumps sfc0 re0 var crash kernel No such file or directory tftpboot corefiles core No such file or directory var crash cores total 8 var tmp cores total 1627592 rw r r 1 root field 535346090 May 15 07 36 rpd core tarball 0 090515 0736 tgz rw r r 1 root field 105632057 May 15 07 37 rpd core tarball 1 090515 0737 tgz rw r r 1 root field 101981681 May 15 07 38 rpd co...

Page 992: ... r r 1 root wheel 754271232 May 5 06 33 core LCC2 EGFPC7 core 1 090505 0633 rw r r 1 root wheel 264897536 May 6 11 12 core LCC2 EGFPC7 core 1 090506 1112 rw r r 1 root wheel 1022376528 May 2 07 22 core LCC2 EGFPC7 core 2 090502 0722 rw r r 1 root wheel 163633152 May 5 06 52 core LCC2 EGFPC7 core 2 090505 0652 rw r r 1 root wheel 171312128 May 6 12 13 core LCC2 EGFPC7 core 2 090506 1213 rw r r 1 ro...

Page 993: ...outing matrix based on a TX Matrix Plus router in the chassis all lcc TX Matrix and TX Matrix Plus routers only Optional On a TX Matrix router display directory information for all T640 routers or line card chassis connected to the TX Matrix router On a TX Matrix Plus router display directory information for all T1600 routers or line card chassis connected to the TX Matrix Plus router all members ...

Page 994: ...on for the TX Matrix Plus router or switch fabric chassis Replace number with 0 Required Privilege Level view List of Sample Output show system directory usage scc TX Matrix Router on page 899 show system directory usage sfc TX Matrix Plus Router on page 899 Output Fields Table 143 on page 898 describes the output fields for the show system directory usage command Output fields are listed in the a...

Page 995: ...l 89K var tmp instmp oMIDbl bin var tmp instmp byhMjR 4 6M var tmp instmp byhMjR packages var tmp instmp 6fqHf3 1 7M var tmp instmp 6fqHf3 packages var tmp instmp mljECe 4 6M var tmp instmp mljECe packages show system directory usage sfc user host show system directory usage var tmp sfc 0 sfc0 re0 TX Matrix Plus Router var tmp 46K var tmp gres tp var tmp sec download 2 0K var tmp sec download sub ...

Page 996: ...n Display information about software processes that are running on the router or switch and that have controlling terminals Options none Display standard information about system processes all chassis TX Matrix and TX Matrix Plus routers only Optional Display standard system process information about all the T640 routers in a routing matrix based on the TX Matrix router or all the T1600 routers in...

Page 997: ...ss information for the TX Matrix Plus router or switch fabric chassis Replace number with 0 wide Optional Display process information that might be wider than 80 columns AdditionalInformation By default when you issue the show system processes command on a TX Matrix or TX Matrix Plus master Routing Engine the command is broadcast to all the T640 in a routing matrix based on the TX Matrix router or...

Page 998: ... process state The state is given by a sequence of letters The first letter indicates the run state of the process D In disk or other short term uninterruptible wait I Idle sleeping longer than about 20 seconds R Runnable S Sleeping for less than 20 seconds T Stopped Z Dead zombie The process is in the foreground process group of its control terminal The process has raised CPU scheduling priority ...

Page 999: ... SIZE extensive summary Current amount of resident memory in kilobytes RES extensive summary Current state of the process for example sleep wait run idle zombie or stop STATE detail extensive summary S Number of system and user CPU seconds that the process has used None D and E Total amount of time that the command has been running TIME extensive summary Weighted CPU usage WCPU detail extensive su...

Page 1000: ...M Ss 0 00 07 usr loca 206 0 1 0 18 0 72 pause 1 52PM S 0 00 51 sbin wat 207 0 1 0 2 0 520 select 1 52PM I 0 00 16 usr sbin 208 0 1 0 2 0 536 select 1 52PM S 0 08 21 sbin dcd 210 0 1 255 2 12 740 select 1 52PM S 0 05 83 usr sbin 211 0 1 0 2 0 376 select 1 52PM S 0 00 03 usr sbin 215 0 1 0 2 0 548 select 1 52PM I 0 00 50 usr sbin 219 0 1 0 3 0 540 ttyin 1 52PM v0 Is 0 00 02 usr libe 220 0 1 0 3 0 54...

Page 1001: ...9 daemon 2 0 176K 492K select 0 00 0 00 0 00 portmap 163 root 2 0 572K 420K select 0 00 0 00 0 00 nsrexecd 192 root 2 0 560K 400K select 0 10 0 00 0 00 snmpd 191 root 2 0 1284K 376K select 0 00 0 00 0 00 mgd 537 aviva 2 0 636K 364K select 0 00 0 00 0 00 cli 193 root 2 0 312K 204K select 0 07 0 00 0 00 mib2d 5 root 2 0 0K 12K pfesel 0 00 0 00 0 00 if_pfe 2 root 18 0 0K 12K psleep 0 00 0 00 0 00 pag...

Page 1002: ...how system processes TX Matrix Plus Router user host show system processes sfc0 re0 PID TT STAT TIME COMMAND 0 WLs 0 00 00 swapper 1 ILs 0 00 18 packages mnt jbase sbin init 2 DL 0 00 20 g_event 3 DL 0 00 39 g_up 4 DL 0 00 32 g_down 5 DL 0 00 00 thread taskq 6 DL 0 00 09 kqueue taskq 7 DL 0 00 01 pagedaemon 8 DL 0 00 00 vmdaemon 9 DL 0 06 63 pagezero 10 DL 0 00 00 ktrace 11 RL 310 52 98 idle 12 WL...

Page 1003: ...05 md8 1341 SL 0 01 34 bcmTX 1342 SL 0 01 68 bcmXGS3AsyncTX 1343 SL 0 41 40 bcmLINK 0 1345 SL 0 33 83 bcmLINK 1 1350 Is 0 00 01 usr sbin cron 1502 S 0 00 01 sbin watchdog t 1 1503 S 0 00 86 usr libexec bslockd mp N 1504 S 0 00 01 usr sbin tnetd N 1507 S 0 01 32 usr sbin alarmd N 1508 S 0 14 54 usr sbin craftd N 1509 S 0 01 19 usr sbin mgd N 1512 I 0 00 05 usr sbin inetd N 1513 S 0 00 10 usr sbin t...

Page 1004: ...n lpdfd N 45748 S 0 00 63 sbin dcd N 45750 S 0 00 45 usr sbin mib2d N 45751 S 0 00 15 usr sbin dfwd N 45752 S 0 00 15 usr sbin irsd N 45764 S 0 20 59 usr sbin snmpd N 56479 Ss 0 00 00 mgd mgd root mgd 56480 R 0 00 00 bin ps ax 1142 d0 I 0 00 01 usr sbin usbd N 1160 d0 S 0 29 17 usr sbin eventd N r s A 6527 d0 Is 0 00 00 usr libexec getty std 9600 ttyd0 2392 p1 Is 0 00 00 login pam login 2393 p1 I ...

Page 1005: ... 0 00 01 syncer 41 DL 0 00 00 softdepflush 42 DL 0 00 00 netdaemon 43 DL 0 00 00 vmuncachedaemon 44 DL 0 00 00 if_pic_listen 45 DL 0 00 02 vmkmemdaemon 46 DL 0 00 01 cb_poll 47 DL 0 00 00 if_pfe_listen 48 DL 0 00 00 scs_housekeeping 49 IL 0 00 00 kern_dump_proc 50 IL 0 00 00 nfsiod 0 51 IL 0 00 00 nfsiod 1 52 IL 0 00 00 nfsiod 2 53 IL 0 00 00 nfsiod 3 54 DL 0 00 01 schedcpu 55 DL 0 00 73 md0 77 DL...

Page 1006: ...N 1182 d0 S 0 00 34 usr sbin eventd N r s A 1543 d0 Is 0 00 00 usr libexec getty std 9600 ttyd0 lcc1 re0 PID TT STAT TIME COMMAND 0 WLs 0 00 00 swapper 1 ILs 0 00 17 packages mnt jbase sbin init 2 DL 0 00 01 g_event 3 DL 0 00 16 g_up 4 DL 0 00 11 g_down 5 DL 0 00 00 thread taskq 6 DL 0 00 00 kqueue taskq 7 DL 0 00 00 pagedaemon 8 DL 0 00 00 vmdaemon 9 DL 0 01 77 pagezero 10 DL 0 00 00 ktrace 11 RL...

Page 1007: ... md8 1052 DL 0 00 00 jsr_kkcm 1337 SL 0 00 09 bcmTX 1338 SL 0 00 10 bcmXGS3AsyncTX 1339 SL 0 03 10 bcmLINK 0 1344 Is 0 00 00 usr sbin cron 1496 S 0 00 00 sbin watchdog t 1 1497 S 0 00 05 usr libexec bslockd mp N 1498 I 0 00 01 usr sbin tnetd N 1500 S 0 04 97 usr sbin chassisd N 1501 S 0 00 04 usr sbin alarmd N 1502 I 0 00 40 usr sbin craftd N 1503 S 0 00 08 usr sbin mgd N 1506 I 0 00 04 usr sbin i...

Page 1008: ...L 0 00 00 swi9 task queue 20 WL 0 03 03 irq10 bcm0 uhci1 21 WL 0 00 02 irq11 cb0 uhci0 22 DL 0 00 00 usb0 23 DL 0 00 00 usbtask 24 DL 0 00 00 usb1 25 DL 0 00 05 usb2 26 DL 0 00 00 usb3 27 DL 0 00 00 usb4 28 DL 0 00 00 usb5 29 DL 0 00 04 usb6 30 DL 0 00 00 usb7 31 WL 0 00 00 irq14 ata0 32 WL 0 00 00 irq15 ata1 33 WL 0 00 00 irq1 atkbd0 34 WL 0 00 00 swi0 sio 35 WL 0 00 00 swi3 ip6opt ipopt 36 WL 0 ...

Page 1009: ...bin jcsd N 1515 S 0 00 17 usr sbin idpd N 1516 I 0 00 00 usr libexec getty Pc ttyv0 2591 DL 0 00 01 peer proxy 2592 DL 0 00 01 peer proxy 2593 DL 0 00 01 peer proxy 2597 DL 0 00 00 peer proxy 3192 S 0 00 01 usr sbin irsd N 3193 S 0 00 05 usr sbin snmpd N 3194 S 0 00 02 sbin dcd N 3195 S 0 00 01 usr sbin pfed N 3196 S 0 00 01 usr sbin mib2d N 3197 S 0 00 02 usr sbin dfwd N 3198 S 0 00 13 usr sbin k...

Page 1010: ...00 00 irq11 isab0 37 WL 0 00 00 swi3 ip6opt ipopt 38 WL 0 00 00 swi4 ip6mismatch 39 WL 0 00 00 swi1 ipfwd 40 DL 0 00 02 bufdaemon 41 DL 0 00 02 vnlru 42 DL 0 00 39 syncer 43 DL 0 00 05 softdepflush 44 DL 0 00 00 netdaemon 45 DL 0 00 02 vmuncachedaemon 46 DL 0 00 00 if_pic_listen 47 DL 0 00 35 vmkmemdaemon 48 DL 0 00 00 cb_poll 49 DL 0 00 06 if_pfe_listen 50 DL 0 00 00 scs_housekeeping 51 IL 0 00 0...

Page 1011: ...bin ppmd N 36907 S 0 26 63 usr sbin chassisd N 37775 S 0 00 01 usr sbin bdbrepd N 45727 S 0 00 02 usr sbin xntpd j N g ntpd 45729 S 0 00 40 usr sbin l2ald N 45730 S 0 00 13 usr sbin apsd N 45731 SN 0 00 10 usr sbin sampled N 45732 S 0 00 03 usr sbin ilmid N 45733 S 0 00 09 usr sbin rmopd N 45734 S 0 00 31 usr sbin cosd 45735 I 0 00 00 usr sbin rtspd N 45736 S 0 00 06 usr sbin fsad N 45737 S 0 00 0...

Page 1012: ...DL 0 00 13 g_down 5 DL 0 00 00 thread taskq 6 DL 0 00 00 kqueue taskq 7 DL 0 00 00 pagedaemon 8 DL 0 00 00 vmdaemon 9 DL 0 01 77 pagezero 10 DL 0 00 00 ktrace 11 RL 20 33 81 idle 12 WL 0 00 38 swi2 net 13 WL 0 01 43 swi7 clock sio 14 WL 0 00 00 swi6 vm 15 DL 0 00 14 yarrow 16 WL 0 00 00 swi9 17 WL 0 00 00 swi8 18 WL 0 00 00 swi5 cambio 19 WL 0 00 00 swi9 task queue 20 WL 0 03 18 irq10 bcm0 uhci1 2...

Page 1013: ... N 1500 S 0 09 93 usr sbin chassisd N 1501 S 0 00 05 usr sbin alarmd N 1502 I 0 00 39 usr sbin craftd N 1503 S 0 00 09 usr sbin mgd N 1506 I 0 00 05 usr sbin inetd N 1507 I 0 00 00 usr sbin tnp sntpd N 1508 I 0 00 00 usr sbin tnp sntpc N 1510 S 0 00 01 usr sbin smartd N 1514 I 0 00 07 usr sbin jcsd N 1515 S 0 00 17 usr sbin idpd N 1516 I 0 00 00 usr libexec getty Pc ttyv0 2591 DL 0 00 01 peer prox...

Page 1014: ...Copyright 2010 Juniper Networks Inc 918 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1015: ...on Examples on page 947 Configuring Virtual Chassis on page 1011 Verifying Virtual Chassis Configuration on page 1035 Troubleshooting Virtual Chassis on page 1047 Configuration Statements for Virtual Chassis on page 1049 Operational Mode Commands for Virtual Chassis on page 1067 919 Copyright 2010 Juniper Networks Inc ...

Page 1016: ...Copyright 2010 Juniper Networks Inc 920 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1017: ... in a Virtual Chassis Configuration on page 936 Understanding Split and Merge in a Virtual Chassis Configuration on page 942 Understanding Automatic Software Update on Virtual Chassis Member Switches on page 945 Virtual Chassis Overview The Juniper Networks EX4200 Ethernet Switch is the basis for the Virtual Chassis flexible scaling switch solution You can connect individual EX4200 switches togeth...

Page 1018: ...cated in multiple wiring closets or in multiple data center racks by installing the optional SFP SFP or XFP uplink modules and connecting the uplink module ports or by connecting the 1 gigabit network interfaces in an EX4200 24F switch The small form factor pluggable SFP uplink module provides four ports for 1 gigabit transceivers The SFP uplink module provides two ports for 10 gigabit SFP transce...

Page 1019: ...page 20 for further information on redundant Routing Engines and additional high availability features Adaptability as an Access Switch or Distribution Switch A Virtual Chassis configuration supports a variety of user environments because it can be composed of different models of EX4200 switches with either 24 or 48 access ports and with these having either full 24 or 48 ports or partial 8 ports P...

Page 1020: ...4200 switch across a wider distance by installing an optional SFP SFP or XFP uplink module in an EX4200 switch or by using the network interfaces in an EX4200 24F switch To do this using uplink module ports you need to install one uplink module in at least one EX4200 switch at each end of the link You must set the uplink module ports or the EX4200 24F network interfaces to function as VCPs in orde...

Page 1021: ...ster role if the master fails Runs Junos OS for EX Series switches in a backup role Synchronizes with the master in terms of protocol states forwarding tables and so forth so that it is prepared to preserve routing information and maintain network connectivity without disruption in case the master is unavailable You must have at least two member switches in a Virtual Chassis configuration in order...

Page 1022: ... removed from the Virtual Chassis configuration its member ID is not available for assignment as part of the standard sequential assignment by the master For example you might have a Virtual Chassis configuration composed of member 0 member 2 and member 3 because member 1 was removed When you add another member switch and power it on the master assigns it as member 4 However you can use the reques...

Page 1023: ...p when other members are added to the Virtual Chassis configuration Any other members of the Virtual Chassis configuration members with lower mastership priority are considered linecard members In a preprovisioned configuration the mastership priority value is assigned by the software based on the specified role Virtual Chassis Identifier VCID All members of a Virtual Chassis configuration share o...

Page 1024: ... power ons of the individual interconnected member switches 4 Choose the member with the lowest MAC address The variations among switch models such as whether the switch has 48 or 24 ports do not impact the master election algorithm To ensure that a specific member is elected as the master 1 Power on only the switch that you want to configure as master of the Virtual Chassis configuration 2 Config...

Page 1025: ...Installing Software on an EX Series Switch with a Single Routing Engine CLI Procedure on page 78 Understanding Global Management of a Virtual Chassis Configuration AVirtualChassisconfigurationiscomposedofmultipleJuniperNetworksEX4200Ethernet Switches so ithasmultipleconsoleports and multipleout of bandmanagementEthernet ports located on the rear panels of the switches You can connect a PC or lapto...

Page 1026: ...manage the switch by remote control The Virtual Chassis configuration can be managed remotely through SSH or Telnet using a global management interface called the virtual management Ethernet VME interface VME is a logical interface representing any and all of the out of band management ports on the member switches When you connect to the Virtual Chassis configuration using the VME IP address the c...

Page 1027: ...mber with the lowest member ID as its first choice You can configure an IP address for the VME global management interface at any time You can perform remote configuration and administration of all members of the Virtual Chassis configuration through the VME interface Related Documentation Understanding Virtual Chassis Components on page 924 Example Configuring a Virtual Chassis with a Master and ...

Page 1028: ...5 Monitoring System Properties on page 658 Understanding the High Speed Interconnection of the Virtual Chassis Members Two high speed Virtual Chassis ports VCPs on the rear panel of the Virtual Chassis member switches enable the members to be interconnected and operate as a single powerful switch Each VCP interface is 32 Gbps bidirectional When VCP interfaces are used to form a ring topology each ...

Page 1029: ... Virtual Chassis LAGs can be created per member See Setting an Uplink Module Port as a Virtual Chassis Port CLI Procedure on page 1023 for information about configuring uplink module ports and SFP network ports on EX4200 24F switches as uplink VCPs To verify that the LAG has been created view the output of the command show virtual chassis vc port NOTE The interfaces that are included within a bund...

Page 1030: ...ber Because the to be added switch is not yet a member the master switch will not recognize that added switch unless the latter has an uplink VCP A link aggregation group LAG will be formed automatically when the new switch is added to the configuration if more than one such link with the same speed is detected between uplink VCPs on the new member and an existingmember See UnderstandingVirtualCha...

Page 1031: ...47 request virtual chassis vc port on page 1072 Understanding Virtual Chassis EX4200 Switch Version Compatibility For Juniper Networks EX4200 Ethernet Switches to be interconnected as a Virtual Chassis configuration the switches must be running the same software versions The master checks the hardware version the Juniper Networks Junos operating system Junos OS version and other component versions...

Page 1032: ... failover is supported only in a ring topology that uses identical port types for example either a topology that uses all dedicated VCPs or one that uses all uplink module VCPs Fast failover is not supported in a ring topology that includes both dedicated VCPs and uplink module VCPs Fast failover is supported however in a Virtual Chassis configuration that consists of multiple rings How Fast Failo...

Page 1033: ...affic Flow in a Ring Topology Using Dedicated VCPs Figure 12 on page 938 shows traffic redirected by fast failover 937 Copyright 2010 Juniper Networks Inc Chapter 43 Virtual Chassis Overview Components and Configurations ...

Page 1034: ...ogy that uses uplink module VCPs each uplink module VCP is automatically configured with a backup uplink module VCP If an uplink module VCP fails its backup portisusedtosendtraffic Figure13onpage939showsnormaltrafficflowinaringtopology using SFP uplink module VCPs Normal traffic flow in a ring topology using XFP uplink module VCPs is the same Copyright 2010 Juniper Networks Inc 938 Complete Softwa...

Page 1035: ... they will be converted into VCPs For example xe 0 1 0 will become vcp 255 1 0 after you configure it to be a VCP Figure 13 Normal Traffic Flow in a Ring Topology Using SFP Uplink Module VCPs Figure 14 on page 940 shows traffic redirected by fast failover 939 Copyright 2010 Juniper Networks Inc Chapter 43 Virtual Chassis Overview Components and Configurations ...

Page 1036: ...s ge 0 1 2 and ge 0 1 3 are automatically configured as the backup port for the other port in the pair Similarly in a ring topology that uses XFP uplink module VCPs there are only two ports per uplink module Each port is automatically configured to back up the other port in the uplink module for example xe 0 1 0 is the backup for xe 0 1 1 Fast Failover in a Virtual Chassis Configuration Using Mult...

Page 1037: ...ly each SFP uplink module VCP is backed up by another SFP uplink module VCP Fast failover does not support a ring topology consisting of a mix of dedicated VCPs and uplink module VCPs Effects of Topology Changes on a Fast Failover Configuration Once the fast failover feature has been activated topology changes to the Virtual Chassis configuration do not affect the fast failover configuration In th...

Page 1038: ...sis configuration NOTE If a Virtual Chassis configuration splits into separate parts we recommend that you resolve the problem that caused the Virtual Chassis configuration to split as soon as possible You can also use this feature to merge two active but separate Virtual Chassis that have not previously been part of the same configuration into one Virtual Chassis configuration NOTE The split and ...

Page 1039: ...e inactive members to become active again one of the following things must happen The problem that caused the original Virtual Chassis configuration to split is resolved allowing the two Virtual Chassis configurations to merge You load the factory default configuration on the inactive members which causes the inactive members to function as standalone switches or become part of a different Virtual...

Page 1040: ... SPF algorithm The SPF algorithm computes the network topology and then triggers the master election algorithm The master election algorithm waits for the members to synchronize the topology information before running 2 The master election algorithm merges the Virtual Chassis IDs of all the members 3 Each member runs the master election algorithm to select a master and a backup from among all memb...

Page 1041: ...of Juniper Networks EX4200 Ethernet Switches so the new member switch immediately joins the Virtual Chassis configuration and is put in the active state For a standalone EX4200 switch to join an existing Virtual Chassis configuration it must be running the same version of Junos OS that is running on the Virtual Chassis master When the master in a Virtual Chassis configuration detects that a new sw...

Page 1042: ...Copyright 2010 Juniper Networks Inc 946 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1043: ...e 977 Example Configuring a Virtual Chassis Using a Preprovisioned Configuration File on page 982 Example Configuring Fast Failover on Uplink Module VCPs to Reroute Traffic When a Virtual Chassis Member Switch or Intermember Link Fails on page 993 Example Assigning the Virtual Chassis ID to Determine Precedence During a Virtual Chassis Merge on page 997 Example Configuring Link Aggregation Groups ...

Page 1044: ...a two member Virtual Chassis includes a master and a backup switch In addition to providing more access ports than a single EX4200 switch can provide a Virtual Chassis configuration provides high availability through redundancy This example shows a Virtual Chassis configuration composed of two EX4200 switches One of the switches has an uplink module with ports that can be configured to connect to ...

Page 1045: ...topology for this example consists of two switches one of which contains an uplink module One EX4200 48P switch SWA 0 with 48 access ports all of which support PoE One EX4200 24T switch SWA 1 with 24 access ports including eight ports that support PoE One XFP uplink module with two 10 Gigabit Ethernet ports is installed in the EX4200 48P switch Table 145 on page 949 shows the default configuration...

Page 1046: ...e SWA 0 with the virtual management Ethernet VME interface for out of band management of the Virtual Chassis configuration if desired edit user SWA 0 set interfaces vme unit 0 family inet address ip address mask 6 Power on SWA 1 Verification To confirm that the Virtual Chassis configuration is operational perform these tasks Verifying That the Mastership Priority Is Assigned Appropriately on page ...

Page 1047: ...e default assignment is satisfactory Verifying That the VCPs Are Operational Purpose Verify that the dedicated Virtual Chassis ports interconnecting the switches are operational Action Display the Virtual Chassis ports of all the members user SWA 0 show virtual chassis vc port all members fpc0 Interface Type Status Speed Neighbor or mbps ID Interface PIC Port vcp 0 Dedicated Up 32000 1 vcp 1 vcp 1...

Page 1048: ...and high availability Related Documentation Example ExpandingaVirtualChassisConfigurationinaSingleWiringClosetonpage952 Example Setting Up a Multimember Virtual Chassis Access Switch with a Default Configuration on page 957 Example Configuring a Virtual Chassis Using a Preprovisioned Configuration File on page 982 Configuring a Virtual Chassis CLI Procedure on page 1011 Configuring a Virtual Chass...

Page 1049: ...nfiguration to include member switches in another wiring closet see Example Configuring a Virtual Chassis Interconnected Across Multiple Wiring Closets on page 963 If you want to retain the roles of the existing master and backup switches explicitly configure the mastership priority of these switches specifying the highest possible value 255 for both the master and the backup During expansion the ...

Page 1050: ...le Port as a Virtual Chassis Port CLI Procedure on page 1023 Table 146 on page 954 shows the configuration settings for the expanded Virtual Chassis Table 146 Components of the Expanded Virtual Chassis Access Switch Role in Virtual Chassis Member ID Hardware Member Switch master mastership priority 255 0 EX4200 48P switch SWA 0 backup mastership priority 255 1 EX4200 24T switch SWA 1 linecard mast...

Page 1051: ...ing is recommended for high availability and smooth transition of mastership in case the original master becomes unavailable edit virtual chassis user SWA 1 set member 1 mastership priority 255 3 Interconnect the unpowered SWA 2 with SWA 0 and SWA 1 using the dedicated VCPs on the rear panel See Virtual Chassis Cabling Configuration Examples for EX4200 Switches for additional information 4 Power o...

Page 1052: ...been assigned member ID 2 and has the default mastership priority value 128 Because the mastership priority is lower than the mastership priority of the other members SWA 2 functions in the linecard role You can continue to add more member switches following the same procedure It is possible to have multiple members in linecard roles with the same mastership priority value Verifying That the VCPs ...

Page 1053: ... master 1 Lower the mastership priority of the existing master member 0 edit virtual chassis user SWA 0 set member 0 mastership priority 1 2 Set the mastership priority of the member that you want to be the master to the highest possible value 255 edit virtual chassis user SWA 2 set member 2 mastership priority 255 Troubleshooting Nonoperational VCPs Problem The VCP interface shows a status of dow...

Page 1054: ...omponents Junos OS Release 9 0 or later for EX Series switches Two EX4200 48P switches Four EX4200 24P switches Overview and Topology A Virtual Chassis configuration is easily expandable This example shows a Virtual Chassis configuration composed of six EX4200 switches It provides networking access for 180 onsite workers who are sitting within range of a single wiring closet The six combined switc...

Page 1055: ...s been selected as the master check the LCD on the front panel It should be the first switch that you power on The backup should be the second switch that you power on The other switches are all linecards Wait at least one minute after powering on the master before continuing to power on the other switches Step by Step Procedure To configure a multimember Virtual Chassis with default role assignme...

Page 1056: ...nels as you proceed Verification To confirm that the configuration is working properly perform these tasks Verifying the Member IDs and Roles of the Member Switches on page 960 Verifying That the VCPs Are Operational on page 961 Verifying the Member IDs and Roles of the Member Switches Purpose Verify that all the interconnected member switches are included within the Virtual Chassis configuration ...

Page 1057: ...Ps interconnecting the member switches are operational Action Display the Virtual Chassis interfaces user SWA 0 show virtual chassis vc port all members fpc0 Interface Type Status or PIC Port vcp 0 Dedicated Up vcp 1 Dedicated Up fpc1 Interface Type Status or PIC Port vcp 0 Dedicated Up vcp 1 Dedicated Up fpc2 Interface Type Status or PIC Port vcp 0 Dedicated Up vcp 1 Dedicated Up fpc3 Interface T...

Page 1058: ...ation of a multimember Virtual Chassis in a single wiring closet perform these tasks Troubleshooting Mastership Priority Problem You want to explicitly designate one member as the master and another as backup Solution Change the mastership priority value of the member that you want to function as master designating the highest mastership priority value that member NOTE These configuration changes ...

Page 1059: ...ssis members that are located too far apart to be connected using the dedicated VCPs Uplink VCPs can also be used to connect Virtual Chassis members to form link aggregation groups LAGs For the latter usage see Example Configuring Link Aggregation Groups Using Uplink Virtual Chassis Ports on page 999 NOTE You can also configure the SFP networks ports on EX4200 24F switches as VCPs to connect Virtu...

Page 1060: ...Virtual Chassis we installed uplink modules in each of the member switches In this example uplink modules are installed in all four members so that there are redundant VCP connections across the wiring closets If you want to expand this configuration to include more members within these wiring closets you do not need to add any more uplink modules Simply use the dedicated VCPs on the rear panel Th...

Page 1061: ...values for the master and backup members prevents the previous master from pre empting the master role from the new master when the previous master comes back online After we have configured SWA 2 and set one of its uplink module ports as an uplink VCP we will interconnect its uplink VCP with an uplink VCP on SWA 0 Finally we will power on SWA 3 Because SWA 3 is interconnected with SWA 2 using the...

Page 1062: ...uration edit virtual chassis user SWA 0 set member 0 mastership priority 255 2 Prepare the members in wiring closet A for interconnecting with the member switches in wiring closet B by setting uplink VCPs for member 0 and member 1 user SWA 0 request virtual chassis vc port set pic slot 1 port 0 user SWA 0 request virtual chassis vc port set pic slot 1 port 0 member 1 NOTE For redundancy this examp...

Page 1063: ...uration as member 2 user SWA 2 request virtual chassis vc port set pic slot 1 port 0 5 Physically interconnect SWA 0 and SWA 2 across wiring closets using their uplink VCPs Although SWA 0 and SWA 2 have the same mastership priority value 255 SWA 0 was powered on first and thus has longer uptime This results in SWA 0 retaining mastership while SWA 2 reboots and joins the now expanded Virtual Chassi...

Page 1064: ...perational on page 969 Verifying the Member IDs and Roles of the Member Switches Purpose Verify that all the interconnected member switches are included within the Virtual Chassis configuration and that their roles are assigned appropriately Action Display the members of the Virtual Chassis configuration user SWA 0 show virtual chassis status Virtual Chassis ID 0000 e255 00e0 Mastership Neighbor L...

Page 1065: ...isplay the Virtual Chassis interfaces user SWA 0 show virtual chassis status all members fpc0 Interface Type Trunk Status Speed Neighbor or ID mbps ID Interface PIC Port vcp 0 Dedicated 1 Up 32000 vcp 1 Dedicated 2 Up 32000 1 vcp 0 1 0 Auto Configured 1 Up 1000 2 vcp 255 1 0 fpc1 Interface Type Trunk Status Speed Neighbor or ID mbps ID Interface PIC Port vcp 0 Dedicated 1 Up 32000 0 vcp 0 vcp 1 De...

Page 1066: ...s an uplink VCP If the VCP is an uplink module port make sure that you have specified the options pic slot port and member correctly Related Documentation Example Configuring a Virtual Chassis with a Master and Backup in a Single Wiring Closet on page 947 Example ExpandingaVirtualChassisConfigurationinaSingleWiringClosetonpage952 Example Setting Up a Multimember Virtual Chassis Access Switch with ...

Page 1067: ...ution switch into LAGs Using LAGs can be particularly effective when connecting a multimember Virtual Chassis access switch to a multimember Virtual Chassis distribution switch The Virtual Chassis access switch in this example is composed of two member switches Each member switch has an uplink module with two 10 Gigabit Ethernet ports These ports are configured as trunk ports connecting the access...

Page 1068: ... 0 and one uplink port from SWA 1 are combined as LAG ae0 to SWD 0 This link is used for one VLAN The remaining uplink ports from SWA 0 and from SWA 1 are combined as a second LAG connection ae1 to SWD 1 LAG ae1 is used for another VLAN NOTE If the remote end of the LAG link is a security device LACP might not be supported because security devices require a deterministic configuration In this case...

Page 1069: ...itch Trunk Port Member ID Uplink Module Base Hardware Hostname and VCID Switch xe 0 1 0 to SWD 0 xe 0 1 1 to SWD 1 0 One XFP uplink module EX4200 48P switch Host A Access switch VCID 1 SWA 0 xe 1 1 0 to SWD 0 xe 1 1 1 to SWD 1 1 One XFP uplink module EX4200 48P switch Host A Access switch VCID 1 SWA 1 xe 0 1 0 to SWA 0 xe 0 1 1 to SWA 1 0 One XFP uplink module EX4200 L 24F switch Host D Distributi...

Page 1070: ...unit 0 family inet address 192 0 2 0 25 set interfaces ae1 unit 1 family inet address 192 0 2 128 25 set interfaces xe 0 1 0 ether options 802 ad ae0 set interfaces xe 1 1 0 ether options 802 ad ae0 set interfaces xe 0 1 1 ether options 802 ad ae1 set interfaces xe 1 1 1 ether options 802 ad ae1 Step by Step Procedure To configure aggregated Ethernet high speed uplinks between a Virtual Chassis ac...

Page 1071: ...ployee broadcast domain edit interfaces user Host A set ae0 unit 0 family inet address 192 0 2 0 25 9 Specify that LAG ae1 belongs to the subnet for the guest broadcast domain edit interfaces user Host A set ae1 unit 1 family inet address 192 0 2 128 25 Results Display the results of the configuration edit chassis aggregated devices ethernet device count 2 interfaces ae0 aggregated ether options l...

Page 1072: ...the switch Action show interfaces ae0 terse Interface Admin Link Proto Local Remote ae0 up up ae0 0 up up inet 10 10 10 2 24 Meaning The output confirms that the ae0 link is up and shows the family and IP address assigned to this link Verifying That LAG ae1 Has Been Created Purpose Verify that LAG ae1 has been created on the switch Action show interfaces ae1 terse Interface Admin Link Proto Local ...

Page 1073: ...thernet High Speed Uplinks with LACP Between a Virtual Chassis Access Switch and a Virtual Chassis Distribution Switch EX Series switches allow you to combine multiple Ethernet links into one logical interface for higher bandwidth and redundancy The ports that are combined in this manner are referred to as a link aggregation group LAG or bundle The number of Ethernet links you can combine into a L...

Page 1074: ...on Switch The topology in this example is exactly the same as the topology in that other example This example shows how to use LACP to enhance the LAG functionality LACP exchanges are made between actors the transmitting link and partners the receiving link The LACP mode can be either active or passive NOTE If the actor and partner are both in passive mode they do not exchange LACP packets which r...

Page 1075: ...ctive periodic fast Configuring LACP for the LAGs on the Virtual Chassis Distribution Switch To configure LACP for the two uplink LAGs from the Virtual Chassis access switch to the Virtual Chassis distribution switch perform these tasks CLI Quick Configuration To quickly configure LACP for the distribution switch LAGs copy the following commands and paste them into the switch terminal window edit ...

Page 1076: ...e end user Host A show lacp interfaces xe 0 1 0 Aggregated interface ae0 LACP state Role Exp Def Dist Col Syn Aggr Timeout Activity xe 0 1 0 Actor No Yes No No No Yes Fast Active xe 0 1 0 Partner No Yes No No No Yes Fast Passive LACP protocol Receive State Transmit State Mux State xe 0 1 0 Defaulted Fast periodic Detached Meaning The output indicates that LACP has been set up correctly and is acti...

Page 1077: ... Addresses Flags Dest route down Is Preferred Is Primary Destination 10 10 10 24 Local 10 10 10 1 Broadcast 10 10 10 255 Meaning The output here shows that the link is down and that no PDUs are being exchanged Troubleshooting These are some tips for troubleshooting Troubleshooting a Nonworking LACP Link Problem The LACP link is not working Solution Check the following Remove the LACP configuration...

Page 1078: ...nate additional members which are not eligible for election as master has having the linecard role in the preprovisioned configuration file NOTE When you use a preprovisioned configuration you cannot modify the mastership priority or member ID of member switches through the user interfaces NOTE After you have created a preprovisioned Virtual Chassis configuration you can use the autoprovisioning f...

Page 1079: ... the Virtual Chassis configuration Thus the properties that you specify for SWA 0 will apply to the entire Virtual Chassis configuration including all the member switches that you specify in the preprovisioned configuration file 7 Configured SWA 0 with the virtual management Ethernet VME interface for out of band management of the Virtual Chassis configuration if desired edit user SWA 0 set interf...

Page 1080: ...e Virtual Chassis configuration in stages First we power on SWA 0 without powering on any other switches and create the preprovisioned configuration file Then we power on the remaining switches in wiring closet A If we check the status of the Virtual Chassis configuration at this point by using the showvirtual chassisstatus command it will display only member0 through member 4 The members that hav...

Page 1081: ...ur XFP uplink modules Two are installed in wiring closet A and two are installed in wiring closet B Table149onpage985showstheVirtualChassisconfigurationsettingsforapreprovisioned Virtual Chassis composed of member switches in different wiring closets Table 149 Components of a Preprovisioned Virtual Chassis Interconnected Across Multiple Wiring Closets Location Hardware UplinkModule Ports Role Memb...

Page 1082: ...sed for this Virtual Chassis configuration The rear view shows that the member switches within each wiring closet are interconnected to each other using the dedicated VCPs The front view shows that the uplink module ports that have been set as VCPs and interconnected across the wiring closets The uplink module ports that are not set as VCPs can be configured as trunk ports to connect to a distribu...

Page 1083: ...ssis across multiple wiring closets using a preprovisioned configuration NOTE We recommend that you use the commit synchronize command to save any configuration changes that you make to a multimember Virtual Chassis configuration 987 Copyright 2010 Juniper Networks Inc Chapter 44 Virtual Chassis Configuration Examples ...

Page 1084: ...for interconnecting with the member switches in wiring closet B by setting uplink VCPs for member 0 and member 2 user SWA 0 request virtual chassis vc port set pic slot 1 port 0 user SWA 2 request virtual chassis vc port set pic slot 1 port 0 member 2 NOTE For redundancy this example sets an uplink VCP in both SWA 0 and SWA 2 This example omits the specification of the member 0 in setting the upli...

Page 1085: ...f you check the status of the Virtual Chassis configuration at this point all the members that were specified in the preprovisioned configuration file should be displayed as present Additional configuration for member switches can now be done through the master switch 10 Set one uplink module port of SWA 7 to function as a VCP user SWA 0 request virtual chassis vc port set pic slot 1 port 0 member...

Page 1086: ...witches Purpose Verify that the member IDs and roles are all set as expected Action Display the members of the Virtual Chassis configuration user SWA 0 show virtual chassis status Preprovisioned Virtual Chassis Virtual Chassis ID 0000 e255 0000 Mastership Neighbor List Member ID Status Serial No Model Priority Role ID Interface 0 FPC 0 Prsnt abc123 ex4200 48p 129 Master 1 vcp 0 4 vcp 1 5 1 0 1 FPC...

Page 1087: ... configured with the routing engine role SWA 5 is functioning as the backup The Neighbor List displays the interconnections of the member VCPs Verifying That the Dedicated VCPs and Uplink VCPs Are Operational Purpose Verify that the dedicated VCPs interconnecting the member switches within each wiring closet and the uplink module VCPs interconnecting the member switches across wiring closets are o...

Page 1088: ...0 Dedicated Up vcp 1 Dedicated Up 1 0 Configured Up fpc6 Interface Type Status Speed Neighbor or mbps ID Interface PIC Port vcp 0 Dedicated Up vcp 1 Dedicated Up fpc7 Interface Type Status Speed Neighbor or mbps ID Interface PIC Port vcp 0 Dedicated Up vcp 1 Dedicated Up 1 0 Configured Up fpc8 Interface Type Status Speed Neighbor or mbps ID Interface PIC Port vcp 0 Dedicated Up vcp 1 Dedicated Up ...

Page 1089: ... Across Multiple Wiring Closets on page 963 Configuring a Virtual Chassis CLI Procedure on page 1011 Configuring a Virtual Chassis J Web Procedure on page 1015 Example Configuring Fast Failover on Uplink Module VCPs to Reroute Traffic When a Virtual Chassis Member Switch or Intermember Link Fails The Virtual Chassis fast failover feature is a hardware assisted failover mechanism that automatically...

Page 1090: ... traffic and reduces traffic loss in the event of a link failure or a member switch failure By default fast failover is enabled on all dedicated Virtual Chassis ports VCPs If you configure uplink module ports as VCPs you must manually configure fast failover on these ports For fast failover to be effective the Virtual Chassis members must be configured in a ring topology The ring topology can be f...

Page 1091: ...tches Six EX4200 24T switches four of which have an SFP uplink module installed switches 1 3 4 and 6 Configuration To configure the fast failover feature on uplink module VCPs CLI Quick Configuration To configure fast failover on all SFP uplink module VCPs copy the following command and paste it into the terminal window on switch 1 995 Copyright 2010 Juniper Networks Inc Chapter 44 Virtual Chassis...

Page 1092: ...n perform these tasks Verifying That Fast Failover Is Enabled on page 996 Verifying That Fast Failover Is Enabled Purpose Verify that fast failover has been enabled in a Virtual Chassis configuration Action Issue the show virtual chassis fast failover command 1 2 Check to see that fast failover is enabled user switch1 show virtual chassis fast failover Fast failover on dedicated VCP ports Enabled ...

Page 1093: ...or EX Series switches Two EX4200 48P switches Two EX4200 24T switches Before you begin be sure you have 1 Installed the switches See Mounting an EX3200 or EX4200 Switch on Two Posts in a Rack or Cabinet Mounting an EX3200 or EX4200 Switch on a Desk or Other Level Surface or Mounting an EX3200 or EX4200 Switch on a Wall 2 Cabled the switches to create the Virtual Chassis configuration See Connectin...

Page 1094: ...d 9622 6ac8 5345 NOTE We recommend that you use the commit synchronize command to save any configuration changes that you make to a multimember Virtual Chassis configuration Verification To verify that the Virtual Chassis ID has been assigned as you intended perform these tasks Verifying That the Virtual Chassis ID Is Assigned on page 998 Verifying That the Virtual Chassis ID Is Assigned Purpose V...

Page 1095: ...o uplink or network VCPs on each of those members You can connect uplink or network VCPs operating at different link speeds but they will not form a LAG NOTE The LAGs formed by VCPs are different from LAGs formed by Virtual Chassis network interfaces For more information on LAGs formed by network interfaces see Understanding Virtual Chassis Configurations and Link Aggregation on page 932 This exam...

Page 1096: ... 4 are not powered on They are not connected in any way so when initially powered up they will be standalone switches Overview and Topology In this example five EX4200 switches will be interconnected to form LAGs for ease of monitoring and manageability Two of these switches SWA 0 and SWA 1 are located in wiring closet A and the three others SWA 2 SWA 3 and SWA 4 are located in wiring closet B SWA...

Page 1097: ...ink VCPs on SWA 1 with the two XFP uplink VCPs on SWA 3 Finally we will connect the two remaining SFP uplink VCPs on SWA 0 with two network VCPs on SWA 4 As a result three LAGs will be automatically formed Figure 23 on page 1001 shows the interconnections used to form LAGs using uplink VCPs and the network VCPs after the procedure below has been completed Figure 23 Virtual Chassis Interconnected A...

Page 1098: ...example omits the specification of the member member id option in configuring the uplink VCPs for SWA 0 and later for SWA 2 The command applies by default to the switch where it is executed 4 Power on SWA 2 5 If SWA 2 was previously configured revert to the factory default configuration 6 Prepare SWA 2 in wiring closet B by configuring its mastership priority to be the highest possible value 255 I...

Page 1099: ...pecify both XFP uplink module interfaces in SWA 3 as uplink VCPs user SWA 3 request virtual chassis vc port set pic slot 1 port 0 user SWA 3 request virtual chassis vc port set pic slot 1 port 1 14 Power down SWA 3 15 Physically interconnect SWA 3 with SWA 2 using their dedicated VCPs 16 Physically interconnect SWA 1 and SWA 3 across wiring closets using their uplink VCPs 17 Power on SWA 3 It join...

Page 1100: ...e tasks Verifying the Member IDs and Roles of the Member Switches on page 1004 Verifying That the VCPs Are Operational on page 1005 Verifying the Member IDs and Roles of the Member Switches Purpose Verify that all the interconnected member switches are included within the Virtual Chassis configuration and that their roles are assigned appropriately Action Display the members of the Virtual Chassis...

Page 1101: ...dedicated VCPs interconnecting member switches in wiring closets A and B and the uplink and network VCPs interconnecting the member switches between wiring closets are operational Action Display the Virtual Chassis interfaces user SWA 0 show virtual chassis vc port all members fpc0 Interface Type Trunk Status Speed Neighbor or ID mbps ID Interface PIC Port vcp 0 Dedicated 1 Up 32000 1 vcp 0 vcp 1 ...

Page 1102: ...work VCPs are of the form vcp 255 pic port for example vcp 255 1 0 In that name vcp 255 indicates that the interface is a VCP 1 is the uplink PIC number and 0 is the port number The fpc number is the same as the member ID The trunk ID is a positive number ID assigned to the LAG formed by the Virtual Chassis If no LAG is formed the value is 1 NOTE Each switch assigns the trunk IDs to its local inte...

Page 1103: ...Default Factory Configuration for the EX Series Switch on page 427 Example ConfiguringAutomaticSoftwareUpdateonVirtualChassisMemberSwitches The automatic software update feature automatically updates the Juniper Networks Junos OS version on prospective member switches as they are added to a Virtual Chassis configuration of Juniper Networks EX4200 Ethernet Switches so the new member switch immediat...

Page 1104: ...e therefore running the same version of the Junos OS for EX Series switches The third switch is a standalone switch that is running a different software version than the Virtual Chassis member switches In this example we will enable the automatic software update feature on the Virtual Chassis configuration and then add the third switch to the configuration The master will detect the presence of th...

Page 1105: ...ow virtual chassis status Virtual Chassis ID 0019 e250 47a0 Mastership Neighbor List Member ID Status Serial No Model priority Role ID Interface 0 FPC 0 Prsnt AK0207360276 ex4200 24t 255 Master 1 vcp 1 2 vcp 0 1 FPC 1 Prsnt AK0207360281 ex4200 24t 255 Backup 2 vcp 1 0 vcp 0 2 FPC 2 Prsnt AJ0207391130 ex4200 48p 128 Linecard 0 vcp 1 1 vcp 0 Meaning Because in the initial two member Virtual Chassis ...

Page 1106: ...Copyright 2010 Juniper Networks Inc 1010 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1107: ...assis Configuration on page 1030 Disabling Split and Merge in a Virtual Chassis Configuration CLI Procedure on page 1031 Assigning the Virtual Chassis ID to Determine Precedence During a Virtual Chassis Merge CLI Procedure on page 1031 Configuring Automatic Software Update on Virtual Chassis Member Switches CLI Procedure on page 1032 Configuring Graceful Routing Engine Switchover in a Virtual Chas...

Page 1108: ...tual Chassis with a Preprovisioned Configuration File To configure a Virtual Chassis using a preprovisioned configuration 1 Make a list of the serial numbers of all the switches to be connected in a Virtual Chassis configuration 2 Note the desired role routing engine or linecard of each switch If you configure the member with a routing engine role it is eligible to function as a master or backup I...

Page 1109: ...r SWA 0 set member 4 serial number mno345 role linecard user SWA 0 set member 5 serial number pqr678 role routing engine user SWA 0 set member 6 serial number stu901 role linecard user SWA 0 set member 7 serial number vwx234 role linecard user SWA 0 set member 8 serial number yza567 role linecard user SWA 0 set member 9 serial number bcd890 role linecard 9 Power on the member switches NOTE You can...

Page 1110: ...virtual chassis user SWA 0 set member 0 mastership priority 255 user SWA 0 set member 5 mastership priority 255 6 Power on the member switches in sequential order one by one NOTE If you do not edit the Virtual Chassis configuration file a nonprovisioned configuration is generated by default The mastership priority value for each member switch is 128 The master role is selected by default You can c...

Page 1111: ...nect them using uplinks configured as VCP interfaces See Setting an Uplink Module Port as a Virtual Chassis Port CLI Procedure on page 1023 To configure a Virtual Chassis for EX Series switches using the J Web interface 1 Select Configure Virtual Chassis NOTE After you make changes to the configuration in this page you must commit the changes for them to take effect To commit all changes to the ac...

Page 1112: ...eshooting you can remove that port from being part of the Virtual Management Ethernet VME Disable Management VLAN Click to refresh the operational status Refreshes the operational status of Virtual Chassis members Refresh Related Documentation Configuring a Virtual Chassis CLI Procedure on page 1011 Example Configuring a Virtual Chassis with a Master and Backup in a Single Wiring Closet on page 94...

Page 1113: ...ember switch when you add its serial number in the Virtual Chassis configuration file The parameters specified in the master Virtual Chassis configuration file are applied after the new member switch has been interconnected to an existing member switch NOTE After you have created a preprovisioned Virtual Chassis configuration you can use the autoprovisioning feature to add member switches to that ...

Page 1114: ...onfiguration made a note of the serial number on the back of the switch You will need to edit the Virtual Chassis configuration to include the serial number of the new member switch If you are expanding a preprovisioned configuration edited the existing Virtual Chassis configuration to include the serial number of the new member switch You can specify the role of the new member switch when you add...

Page 1115: ...witch 7 Confirm that the new member switch is now included within the Virtual Chassis configuration by checking the front panel display for the member ID It should display a member ID that is higher than 0 1 through 9 because there is already at least one member of the Virtual Chassis configuration NOTE If you are using a preprovisioned configuration the member ID is automatically assigned to the ...

Page 1116: ...w switch using the appropriate cable If these conditions are not met autoprovisioning will not work and you will need to manually configure uplink module ports on the switch to be added to the configuration to be VCPs For more information see Setting an Uplink Module Port as a Virtual Chassis Port CLI Procedure on page 1023 To add a switch to an existing preprovisioned Virtual Chassis configuratio...

Page 1117: ...h Routing Engines This topic describes Configuring Mastership Using a Preprovisioned Configuration File on page 1021 ConfiguringMastershipUsingaConfigurationFileThatIsNotPreprovisionedonpage1022 Configuring Mastership Using a Preprovisioned Configuration File To configure mastership using a preprovisioned configuration 1 Note the serial numbers of the switches that you want to function in the mast...

Page 1118: ...want to function in the master role SWA 0 2 Configure the highest possible mastership priority value 255 for the member that you want to function in the master role edit virtual chassis user SWA 0 set member 0 mastership priority 255 3 Configure the same mastership priority value continue to edit the Virtual Chassis configuration on the master for the member that you want to be the backup SWA 1 ed...

Page 1119: ...nk mode as an uplink to a distribution switch Before you set an uplink port as a VCP 1 Install the uplink module in the member switches that you want to interconnect 2 Power on and connect to the switch that you plan to designate as the master of the Virtual Chassis configuration NOTE Do not power on the other switches at this point 3 Run EZSetup on the switch that you are configuring to be the ma...

Page 1120: ...at is beyond the reach of a Virtual Chassis cable by setting at least one uplink VCP on an existing member of Virtual Chassis configuration Prepare the potential member switch for interconnecting with the existing Virtual Chassis configuration by setting at least one uplink VCP on the standalone switch NOTE We recommend that you set two uplink VCPs within each wiring closet for redundancy This top...

Page 1121: ...ration To set one uplink VCP on the potential member SWA 2 which is currently operating as a standalone switch 1 Power on the standalone switch 2 Set one uplink port as a VCP interface You do not need to specify the member member id option because the command applies by default on the member where it is executed user SWA 2 request virtual chassis vc port set pic slot 1 port 0 NOTE If you do specif...

Page 1122: ...hassis configuration by installing the optional SFP uplink module SFP uplink module or XFP uplink module and connecting the uplink module ports You can also use the network ports on EX4200 24F switches to interconnect Virtual Chassis member switches To use the uplink module ports or the EX4200 24F network ports for interconnecting member switches you must explicitly set the ports as VCPs This topi...

Page 1123: ... EX4200 Switches Configuring a Virtual Chassis CLI Procedure on page 1011 Configuring a Virtual Chassis J Web Procedure on page 1015 Setting an Uplink Module Port as a Virtual Chassis Port CLI Procedure on page 1023 Understanding Interface Naming Conventions on EX Series Switches on page 1097 Configuring the Virtual Management Ethernet Interface for Global Management of a Virtual Chassis CLI Proce...

Page 1124: ...o longer a member of the Virtual Chassis configuration because it has been physically disconnected or removed If the old master does not rejoin the Virtual Chassis configuration before the timer elapses the new master starts using its own MAC address The default timer value is 10 minutes There are no minimum or maximum limits Before you begin configuring the timer ensure that you have at least two...

Page 1125: ...VCPs in a ring edit user switch delete virtual chassis fast failover vcp disable To configure the fast failover feature on all XFP uplink module VCPs in a ring edit user switch set virtual chassis fast failover xe To configure the fast failover feature on all SFP uplink module VCPs in a ring edit user switch set virtual chassis fast failover ge Related Documentation Example Configuring Fast Failov...

Page 1126: ...lover feature on all SFP uplink module VCPs in a ring edit user switch delete virtual chassis fast failover ge Related Documentation Example Configuring Fast Failover on Uplink Module VCPs to Reroute Traffic When a Virtual Chassis Member Switch or Intermember Link Fails on page 993 Configuring Fast Failover in a Virtual Chassis Configuration on page 1029 Setting an Uplink Module Port as a Virtual ...

Page 1127: ...ssis Merge on page 997 Configuring a Virtual Chassis CLI Procedure on page 1011 Configuring a Virtual Chassis J Web Procedure on page 1015 Understanding Split and Merge in a Virtual Chassis Configuration on page 942 Understanding Virtual Chassis Configuration on page 934 Assigning the Virtual Chassis ID to Determine Precedence During a Virtual Chassis Merge CLI Procedure Every Virtual Chassis conf...

Page 1128: ...irtual chassis auto sw update package name package name If the software package is located on a local directory on the switch use the following format for package name pathname package name If the software package is to be downloaded and installed from a remote location use one of the following formats ftp hostname pathname package name ftp username prompt ftp hostname net package name http hostna...

Page 1129: ... minimum of two EX 4200 switches in a Virtual Chassis configuration with mastership priority of 255 edit user switch set virtual chassis member 0 mastership priority 255 edit user switch set virtual chassis member 1 mastership priority 255 2 Set up graceful Routing Engine switchover edit user switch set chassis redundancy graceful switchover Commit the configuration Related Documentation Example C...

Page 1130: ...Copyright 2010 Juniper Networks Inc 1034 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1131: ...ommand Forwarding Usage with a Virtual Chassis Configuration Some CLI commands can be run either on all members or on a specific member of a Virtual Chassis configuration This functionality is referred to as command forwarding For example to collect information about your system prior to contacting Juniper Networks Technical Assistance Center JTAC use the command request support information all me...

Page 1132: ... the contents of altroot and altconfig are saved and restored All other data on the hard disk is at risk of being lost request system partition hard disk Reboots the specified member switch Reboots all members of the Virtual Chassis configuration Reboot Junos OS for EX Series switches after a software upgrade and occasionally to recover from an error condition request system reboot Backs up the fi...

Page 1133: ...e specified member switch Displays information for all members of the Virtual Chassis configuration Display pending system reboots or halts show system reboot Displays information for the specified member switch Displays information for all members of the Virtual Chassis configuration Display information about the backup software that is located in the altroot and altconfig file systems To back up...

Page 1134: ...hanged between the Routing Engine and the Packet Forwarding Engine within the switch as well as the routing and management traffic from IP that is from OSPF BGP SNMP ping operations and so on show system buffers Display information about the active IP sockets on the Routing Engine Use this command to verify which servers are active on a system and which connections are currently in progress show s...

Page 1135: ...2 FPC 2 Prsnt abd231 ex4200 24p 128 Linecard 0 vcp 0 1 vcp 1 Meaning This output verifies that three EX4200 switches have been interconnected as a Virtual Chassis configuration using their dedicated VCPs The display shows which of the VCPs is connected to which neighbor The first port vcp 0 of member 0 is connected to member 1 and the second port of member 0 vcp 1 is connected to member 2 The FPC ...

Page 1136: ...00 4 vcp 255 0 21 fpc1 Interface Type Trunk Status Speed Neighbor or ID mbps ID Interface PIC Port vcp 0 Dedicated 1 Up 32000 0 vcp 0 vcp 1 Dedicated 2 Up 32000 0 vcp 1 1 0 Configured 3 Up 10000 3 vcp 255 1 0 1 1 Configured 3 Up 10000 3 vcp 255 1 1 fpc2 Interface Type Trunk Status Speed Neighbor or ID mbps ID Interface PIC Port vcp 0 Dedicated 1 Up 32000 3 vcp 0 vcp 1 Dedicated 2 Up 32000 3 vcp 1 ...

Page 1137: ...tion Monitoring Virtual Chassis Configuration Status and Statistics on page 1041 Configuring a Virtual Chassis CLI Procedure on page 1011 Configuring a Virtual Chassis J Web Procedure on page 1015 Example Configuring a Virtual Chassis Interconnected Across Multiple Wiring Closets on page 963 Monitoring Virtual Chassis Configuration Status and Statistics Purpose Use the monitoring functionality to ...

Page 1138: ...an specify the interval at which the member details and statistics must be refreshed The bottom half of the screen displays a chart of the Virtual Chassis statistics and the port packet counters For details about the output from CLI commands see show virtual chassis status and show virtual chassis vc port statistics Related Documentation Configuring a Virtual Chassis CLI Procedure on page 1011 Con...

Page 1139: ...ove a Member Switch Replace with a Different Switch and Reapply the Old Configuration If you are unable to repair a member switch you can replace it with a different member switch and retain the old configuration The master stores the configuration of the member that was removed When you connect a different member switch the master assigns a new member ID But the old configuration is still stored ...

Page 1140: ...figuration Status and Statistics on page 1041 Adding a New Switch to an Existing Virtual Chassis Configuration CLI Procedure on page 1016 Verifying That Graceful Routing Engine Switchover Is Working in the Virtual Chassis Configuration Purpose Verify that graceful Routing Engine switchover is working in the Virtual Chassis configuration Action On the master switch verify the member ID of the backu...

Page 1141: ...witch show virtual chassis status Virtual Chassis ID 5efa 4b7a aae6 Mastership Neighbor List Member ID Status Serial No Model priority Role ID Interface 0 FPC 0 Prsnt BM0208105281 ex4200 24t 255 Backup 1 vcp 0 1 FPC 1 Prsnt BP0208192350 ex4200 48t 255 Master 0 vcp 0 Member ID for next new member 2 FPC 2 Meaning With graceful Routing Engine switchover enabled when you initiated a switchover from th...

Page 1142: ...Copyright 2010 Juniper Networks Inc 1046 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1143: ...figuration in its configuration database The show virtual chassis status command continues to display the member ID of the disconnected member with a status of NotPrsnt If want to permanently disconnect the member switch you can free up the member ID by using the request virtual chassis recycle command This will also clear the status of that member Load Factory Default Does Not Commit on a Multime...

Page 1144: ... and to rename the switch s interfaces accordingly enter the following operational mode commands 1 To change the member ID to 0 user switch request virtual chassis renumber member id 1 new member id 0 2 To rename the interfaces to match the new member ID user switch replace pattern ge 1 with ge 0 Related Documentation Monitoring Virtual Chassis Configuration Status and Statistics on page 1041 Conf...

Page 1145: ...ioned traceoptions file filename files number size size world readable no world readable match regex flag flag Related Documentation Example Configuring a Virtual Chassis with a Master and Backup in a Single Wiring Closet on page 947 Example Configuring a Virtual Chassis Interconnected Across Multiple Wiring Closets on page 963 Example Configuring a Virtual Chassis Using a Preprovisioned Configura...

Page 1146: ...efault The automatic software update feature is disabled Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Configuring Automatic Software Update on Virtual Chassis Member Switches on page 1007 Configuring Automatic Software Update on Virtual Chassis Member Switches CLI Procedure on p...

Page 1147: ...uplink module VCPs in the ring vcp disable Disable fast failover on all dedicated VCPs in the ring xe Enable fast failover on all 10 Gigabit Ethernet uplink module VCPs in the ring Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Configuring Fast Failover on Uplink Module VCPs to Re...

Page 1148: ...itch with Redundant Routing Engines CLI Procedure on page 79 id Syntax id id Hierarchy Level edit virtual chassis Release Information Statement introduced in Junos OS Release 9 3 for EX Series switches Description Configure the alphanumeric string that identifies a Virtual Chassis configuration Options id ID of the Virtual Chassis configuration which uses the ISO family address format for example ...

Page 1149: ... When the MAC persistence timer expires the backup new master begins to use its own MAC address There are no minimum or maximum timer limits Default 10 minutes Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Configuring the Timer for the Backup Member to Start Using Its Own MAC Address as ...

Page 1150: ...assign the same mastership priority value to both the master and the backup Secondary factors in the master election algorithm determine which of these two members that is the two members that are assigned the highest mastership priority value functions as the master of the Virtual Chassis configuration Default 128 Options number Mastership priority value Range 1 through 255 Required Privilege Lev...

Page 1151: ...0 Options member id Identifies a specific member switch of a Virtual Chassis configuration Range 0 through 9 The remaining statements are explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Configuring a Virtual Chassis Using a Preprovisioned Configuration File on ...

Page 1152: ...vlan You cannot configure the IP address for a local management Ethernet port using the CLI or the J Web interface To do this you need to use the shell ifconfig command Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Setting Up a Multimember Virtual Chassis Access Switch with a Def...

Page 1153: ...the configuration routing control To add this statement to the configuration Related Documentation Example Assigning the Virtual Chassis ID to Determine Precedence During a Virtual Chassis Merge on page 997 Disabling Split and Merge in a Virtual Chassis Configuration CLI Procedure on page 1031 Assigning the Virtual Chassis ID to Determine Precedence During a Virtual Chassis Merge CLI Procedure on ...

Page 1154: ...e following format for package name pathname package name If the software package is to be downloaded and installed from a remote location use one of the following formats ftp hostname pathname package name ftp username prompt ftp hostname net package name http hostname pathname package name Required Privilege Level routing To view this statement in the configuration routing control To add this st...

Page 1155: ... this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Configuring a Virtual Chassis Using a Preprovisioned Configuration File on page 982 Configuring a Virtual Chassis CLI Procedure on page 1011 Configuring a Virtual Chassis J Web Procedure on page 1015 Adding a New Switch to an Existing Virtual Chassis Configuration CLI Proce...

Page 1156: ...is explained separately Default Redundancy is enabled for the Routing Engines Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation Configuring Graceful Routing Engine Switchover in a Virtual Chassis Configuration CLI Procedure on page 1033 Installing Software on an EX8200 Switch with Redund...

Page 1157: ...ssis configuration other than the master or backup functions in the linecard role and runs only a subset of Junos OS for EX Series switches A member functioning in the linecard role does not run the chassis control protocols A Virtual Chassis configuration must have at least three members in order to include a member that functions in the linecard role When you use a preprovisioned configuration y...

Page 1158: ...tion Example Configuring a Virtual Chassis Using a Preprovisioned Configuration File on page 982 Configuring a Virtual Chassis CLI Procedure on page 1011 Configuring a Virtual Chassis J Web Procedure on page 1015 Adding a New Switch to an Existing Virtual Chassis Configuration CLI Procedure on page 1016 Replacing a Member Switch of a Virtual Chassis Configuration CLI Procedure on page 1042 Underst...

Page 1159: ... s permanent serial number which is located on the back of the switch Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Configuring a Virtual Chassis Using a Preprovisioned Configuration File on page 982 Configuring a Virtual Chassis CLI Procedure on page 1011 Configuring a Virtual C...

Page 1160: ...e named trace file reaches its maximum size it is renamed trace file 0 then trace file 1 and so on until the maximum number of trace files is reached Then the oldest trace file is overwritten If you specify a maximum number of files you also must specify a maximum file size with the size option Range 2 through 1000 Default 3 files flag flag Tracing operation to perform To specify more than one tra...

Page 1161: ...ytes KB megabytes MB or gigabytes GB When a trace file named trace file reaches its maximum size it is renamed trace file 0 then trace file 1 and so on until the maximum number of trace files is reached Then the oldest trace file is overwritten If you specify a maximum number of files you also must specify a maximum file size with the files option Syntax xk to specify KB xm to specify MB or xg to ...

Page 1162: ...ining statements are explained separately Default A standalone EX4200 switch is a Virtual Chassis by default It has a default member ID of 0 a default mastership priority of 128 and a default role as master Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Configuring a Virtual Chass...

Page 1163: ...CHAPTER 49 Operational Mode Commands for Virtual Chassis 1067 Copyright 2010 Juniper Networks Inc ...

Page 1164: ...e switch on which this command is entered membermember id Optional ClearVCPtrafficstatisticsfromonlythespecifiedmember of a Virtual Chassis configuration Required Privilege Level clear Related Documentation show virtual chassis vc port statistics on page 1086 show virtual chassis vc port on page 1083 Monitoring Virtual Chassis Configuration Status and Statistics on page 1041 Understanding Virtual ...

Page 1165: ... member of a Virtual Chassis configuration Options member id Select the specific member of the Virtual Chassis configuration with which you want to establish a session Required Privilege Level maintenance Related Documentation member on page 1055 Understanding Virtual Chassis Components on page 924 1069 Copyright 2010 Juniper Networks Inc Chapter 49 Operational Mode Commands for Virtual Chassis ...

Page 1166: ...sis master only Options member id member id Specify the member id that you want to make available for reassignment to a different member switch Required Privilege Level system control Related Documentation request virtual chassis renumber on page 1071 Replacing a Member Switch of a Virtual Chassis Configuration CLI Procedure on page 1042 List of Sample Output request virtual chassis recycle member...

Page 1167: ...new member id Specify an unassigned member ID from 0 through 9 Required Privilege Level system control Related Documentation request virtual chassis recycle on page 1070 Replacing a Member Switch of a Virtual Chassis Configuration CLI Procedure on page 1042 List of Sample Output request virtual chassis renumber member id 5 new member id 4 on page 1071 request virtual chassis renumber member id 5 n...

Page 1168: ...ol Related Documentation request virtual chassis vc port on page 1073 dedicated port show virtual chassis vc port on page 1083 show virtual chassis vc port statistics on page 1086 clear virtual chassis vc port statistics on page 1068 Understanding Virtual Chassis Components on page 924 List of Sample Output request virtual chassis vc port set pic slot 1 port 0 on page 1072 request virtual chassis ...

Page 1169: ...ration Required Privilege Level system control Related Documentation request virtual chassis vc port on page 1072 show virtual chassis vc port on page 1083 show virtual chassis vc port statistics on page 1086 clear virtual chassis vc port statistics on page 1068 Understanding Virtual Chassis Components on page 924 List of Sample Output request virtual chassis vc port set interface vcp 0 disable on...

Page 1170: ...e 658 For more information about show system uptime see the Junos OS System Basics Services and Command Reference at http www juniper net techpubs software junos index html List of Sample Output show system uptime member 0 on page 1075 Output Fields Table153onpage1074liststheoutputfieldsfortheshowsystemuptime command Output fields are listed in the approximate order in which they appear Table 153 ...

Page 1171: ...ember 0 user host show system uptime member 0 fpc0 show system uptime member 0 Current time 2008 02 06 05 24 20 UTC System booted 2008 01 31 08 26 54 UTC 5d 20 57 ago Protocols started 2008 01 31 08 27 56 UTC 5d 20 56 ago Last configured 2008 02 05 03 26 43 UTC 1d 01 57 ago by root 5 24AM up 5 days 20 57 1 user load averages 0 14 0 06 0 01 1075 Copyright 2010 Juniper Networks Inc Chapter 49 Operat...

Page 1172: ...tus and Statistics on page 1041 Understanding Virtual Chassis Configuration on page 934 List of Sample Output show virtual chassis active topology on page 1076 Output Fields Table 154 on page 1076 lists the output fields for the showvirtual chassisactive topology command Output fields are listed in the approximate order in which they appear Table 154 show virtual chassis active topology Output Fie...

Page 1173: ...5 8 vcp 0 1 vcp 1 6 8 vcp 0 7 8 vcp 0 8 8 vcp 0 1077 Copyright 2010 Juniper Networks Inc Chapter 49 Operational Mode Commands for Virtual Chassis ...

Page 1174: ...over on page 1078 Output Fields Table 155 on page 1078 lists the output fields for the show virtual chassis fast failover command Output fields are listed in the approximate order in which they appear Table 155 show virtual chassis fast failover Output Fields Field Description Field Name Indicates fast failover status on dedicated VCPs Fast failover on dedicated VCP ports Indicates fast failover s...

Page 1175: ...tual Chassis configuration Virtual Chassis ID Assigned member ID and FPC slot from 0 through 9 Member ID For a nonprovisioned configuration Prsnt for a member that is currently connected to the Virtual Chassis configuration NotPrsnt for a member ID that has been assigned but is not currently connected For a preprovisioned configuration Prsnt for a member that is specified in the preprovisioned con...

Page 1176: ...Linecard 1 vcp 0 3 vcp 1 3 FPC 3 Prsnt AK0207360280 ex4200 24t 246 Linecard 2 vcp 0 4 vcp 1 4 FPC 4 Prsnt AJ0207391113 ex4200 48p 245 Linecard 3 vcp 0 5 vcp 1 5 FPC 5 Prsnt BP0207452204 ex4200 48t 244 Linecard 4 vcp 0 6 vcp 1 6 FPC 6 Prsnt BP0207452222 ex4200 48t 243 Linecard 5 vcp 0 7 vcp 1 7 FPC 7 Prsnt BR0207432028 ex4200 24f 242 Linecard 6 vcp 0 8 vcp 1 8 FPC 8 Prsnt BR0207431996 ex4200 24f 24...

Page 1177: ... Output Fields Field Description Field Name The number of hops between the source and destination interfaces Hop The Virtual Chassis ID of the member switch that contains the Packet Forwarding Engine for each intermediate hop Member The number of the Packet Forwarding Engine in each Virtual Chassis member through which a packet passes Each Packet Forwarding Engine is the next hop of the preceding ...

Page 1178: ...2 1 3 vcp 0 3 1 4 ge 1 0 1 Copyright 2010 Juniper Networks Inc 1082 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1179: ...ssis vc port statistics on page 1086 Monitoring Virtual Chassis Configuration Status and Statistics on page 1041 Understanding Virtual Chassis Configuration on page 934 List of Sample Output show virtual chassis vc port on page 1084 show virtual chassis vc port all members on page 1084 Output Fields Table158onpage1083liststheoutputfieldsfortheshowvirtual chassisvc portcommand Output fields are lis...

Page 1180: ...hen allocated or deallocated Trunk ID Interface status down or up Status Speed of the interface in megabits per second Speed mbps The Virtual Chassis member ID and interface of a VCP on a member switch that is connected to the interface or PIC Port field in the same row as this interface Neighbor ID Interface show virtual chassis vc port user switch show virtual chassis vc port fpc0 show virtual c...

Page 1181: ...ce PIC Port vcp 0 Dedicated 1 Up 32000 3 vcp 1 vcp 1 Dedicated 2 Up 32000 3 vcp 0 1 0 Auto Configured 3 Up 1000 0 vcp 255 1 0 1 1 Auto Configured 3 Up 1000 0 vcp 255 1 1 fpc3 Interface Type Trunk Status Speed Neighbor or ID mbps ID Interface PIC Port vcp 0 Dedicated 1 Up 32000 2 vcp 0 vcp 1 Dedicated 2 Up 32000 2 vcp 1 1 0 Auto Configured 1 Up 1000 1 vcp 255 1 0 1085 Copyright 2010 Juniper Network...

Page 1182: ...hich to display traffic statistics Specify either vcp 0 or vcp 1 or an internal port in the VCP subsystem for example internal 0 24 local Optional Display VCP traffic statistics for only the switch on which this command is entered membermember id Optional DisplayVCPtrafficstatisticsforonlythespecifiedmember of a Virtual Chassis configuration Required Privilege Level view Related Documentation clea...

Page 1183: ... received and transmitted on the VCP interface Total packets detail extensive Number of unicast packets received and transmitted on the VCP interface Unicast packets detail extensive Number of broadcast packets received and transmitted on the VCP interface Broadcast packets detail extensive Number of multicast packets received and transmitted on the VCP interface Multicast packets detail extensive...

Page 1184: ...mber of packets received on the VCP interface including invalid packets that were 64 octets in length excluding framing bits but including FCS octets 64 octets frames detail extensive Number of packets received on the VCP interface including invalid packets that were between 65 and 127 octets in length inclusive excluding framing bits but including FCS octets 65 127 octets frames detail extensive ...

Page 1185: ... internal 1 26 0 0 0 0 internal 1 27 0 0 0 0 vcp 0 0 0 0 0 vcp 1 0 0 0 0 internal 0 26 0 0 0 0 internal 0 27 0 0 0 0 internal 1 24 0 0 0 0 internal 1 25 0 0 0 0 master 0 show virtual chassis vc port statistics extensive user SWA 0 show virtual chassis vc port statistics extensive fpc0 RX TX Port internal 0 24 Total octets 0 0 Total packets 0 0 Unicast packets 0 0 Broadcast packets 0 0 Multicast pa...

Page 1186: ... 0 Unicast packets 0 0 Broadcast packets 0 0 Multicast packets 0 0 MAC control frames 0 0 CRC alignment errors 0 Oversize packets 0 Undersize packets 0 Jabber packets 0 Fragments received 0 Ifout errors 0 Packet drop events 0 64 octets frames 0 65 127 octets frames 0 128 255 octets frames 0 256 511 octets frames 0 512 1023 octets frames 0 1024 1518 octets frames 0 Rate packets per second 0 0 Rate ...

Page 1187: ... 27 0 0 0 0 vcp 0 0 0 0 0 vcp 1 0 0 0 0 internal 0 26 0 0 0 0 internal 0 27 0 0 0 0 internal 1 24 0 0 0 0 internal 1 25 0 0 0 0 master 0 1091 Copyright 2010 Juniper Networks Inc Chapter 49 Operational Mode Commands for Virtual Chassis ...

Page 1188: ...Copyright 2010 Juniper Networks Inc 1092 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1189: ...faces Configuration on page 1115 Configuring Interfaces on page 1143 Verifying Interfaces on page 1167 Troubleshooting Interfaces on page 1175 Configuration Statements for Interfaces on page 1181 Operational Mode Commands for Interfaces on page 1227 1093 Copyright 2010 Juniper Networks Inc ...

Page 1190: ...Copyright 2010 Juniper Networks Inc 1094 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1191: ...erfaces For additional information see the Junos OS Network Interfaces Configuration Guide at http www juniper net techpubs software junos index html For information on interface naming conventions on EX Series Switches see Understanding Interface Naming Conventions on EX Series Switches on page 1097 This topic describes Network Interfaces on page 1095 Special Interfaces on page 1096 Network Inter...

Page 1192: ...ovides access to the switch On EX4200 switches that are configured as a Virtual Chassis you can access the master and configure all members of the Virtual Chassis through any member s console port For more information on the console port in a Virtual Chassis see Understanding Global Management of a Virtual Chassis Configuration on page 929 Console port All EX Series switches have this software onl...

Page 1193: ...4200 switches have a VME interface This is a logical interface that is used for Virtual Chassis configurations and allows you to manage all the members of the Virtual Chassis through the master For more information on the VME interface see Understanding Global Management of a Virtual Chassis Configuration on page 929 VirtualmanagementEthernet VME interface Related Documentation EX2200 Switches Har...

Page 1194: ...uilt in interfaces interfaces that are not an uplink port On EX2200 EX3200 and EX4200 switches the PIC number is 1 for uplink ports On EX4500 switches the PIC number is 1 for uplink ports on the left hand uplink module and 2 for uplink ports on right hand uplink module On EX8200 switches the PIC number is always 0 port EX Series interfaces use the following convention for port numbers On EX2200 EX...

Page 1195: ...e each name individually You must enclose all wildcard characters except the asterisk in quotation marks Related Documentation EX Series Switches Interfaces Overview on page 1095 Front Panel of an EX2200 Switch Front Panel of an EX3200 Switch Front Panel of an EX4200 Switch Front Panel of an EX4500 Switch Slot Numbering for an EX8208 Switch Slot Numbering for an EX8216 Switch Understanding Aggrega...

Page 1196: ...ries switches and the maximum number of interfaces per LAG and maximum number of LAGs they support Table 162 Maximum Interfaces per LAG and Maximum LAGs per Switch Maximum LAGs Maximum Interfaces per LAG Switch Model 32 8 EX2200 32 8 EX3200 64 8 EX4200 64 8 EX4500 255 12 EX8200 When configuring LAGs consider the following guidelines The LAG must be configured on both sides of the link The interfac...

Page 1197: ...hem from another link The transmitting link is known as the actor and the receiving link is known as the partner In a scenario where a dual homed server is deployed with a switch the network interface cards form a LAG with the switch During a server upgrade the server may not be able to exchange LACP PDUs In such a situation you can configure an interface to be in the UP state even if no PDUs are ...

Page 1198: ...with member ranges and individual members but without any common configurations is also a valid definition NOTE The interface range definition is supported only for Gigabit 10 Gigabit and Fast Ethernet interfaces The common configurations defined in the interface range will be overridden by the local configuration The defined interface ranges can be used at places where the interface node is used ...

Page 1199: ...r protocols router advertisement interface protocols router discovery interface protocols rsvp interface protocols sflow interfaces protocols stp interface protocols vstp vlan vlan id interface vlans vlan name interface Related Documentation EX Series Switches Interfaces Overview on page 1095 Configuring Gigabit Ethernet Interfaces CLI Procedure on page 1153 Configuring Aggregated Ethernet Interfa...

Page 1200: ...ou use the VLAN ID as the subinterface number when you configure the subinterface Juniper Networks Junos operating system Junos OS reserves VLAN IDs 0 and 4095 VLAN tagging places the VLAN ID in the frame header allowing each physical interface to handle multiple VLANs When you configure multiple VLANs on an interface you must also enable tagging on that interface Junos OS on EX Series switches su...

Page 1201: ... the Unicast RPF Implementation on EX3200 and EX4200 Switches on page 1108 Unicast RPF for EX Series Switches Overview Unicast RPF functions as an ingress filter that reduces the forwarding of IP packets that might be spoofing an address By default unicast RPF is disabled on the switch interfaces The type of unicast RPF provided on the switches that is strict mode unicast RPF is especially useful ...

Page 1202: ... BOOTP packets and DHCP request packets without performing unicast RPF checks Default Route Handling If the best return path to the source is the default route 0 0 0 0 and the default route points to reject the switch discards all unicast RPF packets If the default route points to a valid network interface the switch performs a normal unicast RPF check on the packets When to Enable Unicast RPF Ena...

Page 1203: ...e that all interfaces are symmetrically routed before you enable unicast RPF on those switches Enabling unicast RPF on asymmetrically routed interfaces results in packets from legitimate sources being filtered TIP Enabling unicast RPF as close as possible to the traffic source stops spoofed traffic before it can proliferate or reach interfaces that do not have unicast RPF enabled When Not to Enabl...

Page 1204: ...s unicast RPF on a global basis You cannot enable unicast RPF on a per interface basis Unicast RPF is globally disabled by default When you enable unicast RPF on any interface it is automatically enabled on all switch interfaces including link aggregation groups LAGs and routed VLAN interfaces RVIs When you disable unicast RPF on the interface or interfaces on which you enabled unicast RPF it is a...

Page 1205: ... a destination IP address that is a valid broadcast address for the subnet that is the target of the directed broadcast the target subnet The intent of an IP directed broadcast is to flood the target subnet with the broadcast packets without broadcasting to the entire network IP directed broadcast packets cannot originate from the target subnet When you send an IP directed broadcast packet as it t...

Page 1206: ... malicious attacker can spoof a source IP address use a source IP address that is not the actual source of the transmission to deceive a network into identifying the attacker as a legitimate source and send IP directed broadcasts containing Internet Control Message Protocol ICMP echo ping packets When the hosts on the network with IP directed broadcast enabled receive the ICMP echo packets they al...

Page 1207: ...calculate adjacencies with neighboring switches restore routing table entries and update other protocol specific information An unprotected restart of a switch can result in forwarding delays route flapping wait times stemming from protocol reconvergence and even dropped packets Graceful protocol restart allows a restarting switch and its neighbors to continue forwarding packets without disrupting...

Page 1208: ... Routing Engine performs Graceful Routing Engine Switchover You can configure graceful Routing Engine switchover GRES in a Virtual Chassis configuration allowing the configuration to switch from the master Routing Engine in the master to the backup Routing Engine in the backup with minimal interruption to network communications When you configure GRES the backup Routing Engine automatically synchr...

Page 1209: ...oint link known as a link aggregation group LAG or bundle A LAG provides more bandwidth than a single Ethernet link can provide Additionally link aggregation provides network redundancy by load balancing traffic across all available links If one of the links should fail the system automatically load balances traffic across all remaining links You can select up to eight Ethernet interfaces and incl...

Page 1210: ...Copyright 2010 Juniper Networks Inc 1114 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1211: ...ual Chassis Distribution Switch EX Series switches allow you to combine multiple Ethernet links into one logical interface for higher bandwidth and redundancy The ports that are combined in this manner are referred to as a link aggregation group LAG or bundle The number of Ethernet links you can combine into a LAG depends on your EX Series switch model See Understanding Aggregated Ethernet Interfa...

Page 1212: ...bles the speed of each uplink from 10 Gbps to 20 Gbps If one physical port is lost for any reason a cable is unplugged or a switch port fails or one member switch is unavailable the logical port transparently continues to function over the remaining physical port The topology used in this example consists of one Virtual Chassis access switch and one Virtual Chassis distribution switch The access s...

Page 1213: ... Connecting a Virtual Chassis Access Switch to a Virtual Chassis Distribution Switch Table 148 on page 973 details the topology used in this configuration example Table 163 Components of the Topology for Connecting Virtual Chassis Access Switches to a Virtual Chassis Distribution Switch Trunk Port Member ID Uplink Module Base Hardware Hostname and VCID Switch xe 0 1 0 to SWD 0 xe 0 1 1 to SWD 1 0 ...

Page 1214: ...ae0 aggregated ether options minimum links 2 set interfaces ae0 aggregated ether options link speed 10g set interfaces ae1 aggregated ether options minimum links 2 set interfaces ae1 aggregated ether options link speed 10g set interfaces ae0 unit 0 family inet address 192 0 2 0 25 set interfaces ae1 unit 1 family inet address 192 0 2 128 25 set interfaces xe 0 1 0 ether options 802 ad ae0 set inte...

Page 1215: ...dit interfaces user Host A set xe 0 1 1 ether options 802 ad ae1 user Host A set xe 1 1 1 ether options 802 ad ae1 8 Specify that LAG ae0 belongs to the subnet for the employee broadcast domain edit interfaces user Host A set ae0 unit 0 family inet address 192 0 2 0 25 9 Specify that LAG ae1 belongs to the subnet for the guest broadcast domain edit interfaces user Host A set ae1 unit 1 family inet...

Page 1216: ... Has Been Created on page 1120 Verifying That LAG ae0 Has Been Created Purpose Verify that LAG ae0 has been created on the switch Action show interfaces ae0 terse Interface Admin Link Proto Local Remote ae0 up up ae0 0 up up inet 10 10 10 2 24 Meaning The output confirms that the ae0 link is up and shows the family and IP address assigned to this link Verifying That LAG ae1 Has Been Created Purpos...

Page 1217: ...tual Chassis Access Switch and a Virtual Chassis Distribution Switch on page 977 Example Connecting an Access Switch to a Distribution Switch on page 1320 Virtual Chassis Cabling Configuration Examples for EX4200 Switches Installing an Uplink Module in an EX3200 or EX4200 Switch Example Configuring Aggregated Ethernet High Speed Uplinks with LACP Between a Virtual Chassis Access Switch and a Virtu...

Page 1218: ...rts See Configuring Gigabit Ethernet Interfaces CLI Procedure on page 1153 Configured the LAGs See Example Configuring Aggregated Ethernet High Speed Uplinks Between a Virtual Chassis Access Switch and a Virtual Chassis Distribution Switch on page 970 Overview and Topology This example assumes that you are already familiar with the Example Configuring Aggregated Ethernet High Speed Uplinks between...

Page 1219: ...nd ae1 1 Specify the aggregated Ethernet options for both bundles edit interfaces user Host A set ae0 aggregated ether options lacp active periodic fast user Host A set ae1 aggregated ether options lacp active periodic fast Results Display the results of the configuration edit interfaces user Host A show ae0 aggregated ether options lacp active periodic fast ae1 aggregated ether options lacp activ...

Page 1220: ...these tasks Verifying the LACP Settings on page 1124 Verifying That the LACP Packets Are Being Exchanged on page 1125 Verifying the LACP Settings Purpose Verify that LACP has been set up correctly Action Use the show lacp interfaces interface name command to check that LACP has been enabled as active on one end user Host A show lacp interfaces xe 0 1 0 Aggregated interface ae0 LACP state Role Exp ...

Page 1221: ...ss 02 19 e2 50 45 e0 Last flapped Never Statistics last cleared Never Input packets 0 Output packets 0 Input errors 0 Output errors 0 Logical interface ae0 0 Index 71 SNMP ifIndex 34 Flags Hardware Down Device Down SNMP Traps Encapsulation ENET2 Statistics Packets pps Bytes bps Bundle Input 0 0 0 0 Output 0 0 0 0 Protocol inet Flags None Addresses Flags Dest route down Is Preferred Is Primary Dest...

Page 1222: ...er detail command Related Documentation Example Connecting an Access Switch to a Distribution Switch on page 1320 Virtual Chassis Cabling Configuration Examples for EX4200 Switches Installing an Uplink Module in an EX3200 or EX4200 Switch Copyright 2010 Juniper Networks Inc 1126 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1223: ...y four 1 Gigabit Ethernet fiber SFP ports and an EX UM 2XFP uplink module with two 10 Gigabit Ethernet XFP ports For the access switch any Layer 2 switch that supports 802 1Q VLAN tags Junos OS Release 9 2 or later for EX Series switches Before you connect the switches make sure you have Connected the two switches Configured the necessary VLANs See Configuring VLANs for EX Series Switches CLI Proc...

Page 1224: ...t interfaces Configuring the Access Switch Subinterfaces CLI Quick Configuration To quickly create and configure subinterfaces on the access switch copy the following commands and paste them into the switch terminal window edit set interfaces ge 0 1 0 vlan tagging set interfaces ge 0 1 0 unit 0 vlan id 101 family inet address 1 1 1 1 24 set interfaces ge 0 1 0 unit 1 vlan id 102 family inet addres...

Page 1225: ... 1 1 1 24 8 Bind vlan4 s VLAN ID to the logical interface edit interfaces ge 0 1 0 user access switch set unit 3 vlan id 104 9 Set vlan4 s subinterface IP address edit interfaces ge 0 1 0 user access switch set unit 3 family inet address 4 1 1 1 24 10 Bind vlan5 s VLAN ID to the logical interface edit interfaces ge 0 1 0 user access switch set unit 4 vlan id 105 11 Set vlan5 s subinterface IP addr...

Page 1226: ...4 family inet address 4 1 1 2 24 set interfaces ge 0 0 0 unit 4 vlan id 105 family inet address 5 1 1 2 24 Step by Step Procedure To configure subinterfaces on the distribution switch 1 On the trunk interface of the distribution switch enable VLAN tagging edit interfaces ge 0 0 0 user distribution switch set vlan tagging 2 Bind vlan1 s VLAN ID to the logical interface edit interfaces ge 0 0 0 user...

Page 1227: ... 0 0 0 user distribution switch set unit 3 family inet address 4 1 1 2 24 10 Bind vlan5 s VLAN ID to the logical interface edit interfaces ge 0 0 0 user distribution switch set unit 4 vlan id 105 11 Set vlan5 s subinterface IP address edit interfaces ge 0 0 0 user distribution switch set unit 4 family inet address 5 1 1 2 24 Results user distribution switch show configuration interfaces ge 0 0 0 v...

Page 1228: ...t 4 1 1 1 24 ge 0 1 0 4 up up inet 5 1 1 1 24 ge 0 1 0 32767 up up 2 Use the show interfaces command on the distribution switch user distribution switch show interfaces ge 0 0 0 terse Interface Admin Link Proto Local Remote ge 0 0 0 up up ge 0 0 0 0 up up inet 1 1 1 2 24 ge 0 0 0 1 up up inet 2 1 1 2 24 ge 0 0 0 2 up up inet 3 1 1 2 24 ge 0 0 0 3 up up inet 4 1 1 2 24 ge 0 0 0 4 up up inet 5 1 1 2...

Page 1229: ...tl 64 time 0 167 ms 2 1 1 2 ping statistics 4 packets transmitted 4 packets received 0 packet loss round trip min avg max stddev 0 113 0 171 0 241 0 046 ms 3 From the access switch ping the address of the vlan3 subinterface on the distribution switch user access switch ping 3 1 1 2 count 4 PING 3 1 1 2 3 1 1 2 56 data bytes 64 bytes from 3 1 1 2 icmp_seq 0 ttl 64 time 0 341 ms 64 bytes from 3 1 1 ...

Page 1230: ...nterface CLI Procedure on page 1165 Example Configuring Unicast RPF on an EX Series Switch Unicast reverse path forwarding RPF helps protect the switch against denial of service DoS and distributed denial of service DDoS attacks by verifying the unicast source address of each packet that arrives on an ingress interface where unicast RPF is enabled This example shows how to help defend the switch i...

Page 1231: ...ast RPF On EX3200 and EX4200 switches the switch applies unicast RPF globally to all interfaces on the switch See Understanding Unicast RPF for EX Series Switches on page 1105 for more information on limitations regarding the configuration of unicast RPF on EX3200 and EX4200 switches In this example an enterprise network s system administrator wants to protect Switch A against potential DoS and DD...

Page 1232: ... 10 Enabled Physical link is Down Interface index 139 SNMP ifIndex 58 Generation 140 Link level type Ethernet MTU 1514 Speed Auto MAC REWRITE Error None Loopback Disabled Source filtering Disabled Flow control Enabled Auto negotiation Enabled Remote fault Online Device flags Present Running Interface flags Hardware Down SNMP Traps Internal 0x0 Link flags None CoS queues 8 supported 8 maximum usabl...

Page 1233: ... 0 0 MAC pause frames 0 0 Oversized frames 0 Jabber frames 0 Fragment frames 0 VLAN tagged frames 0 Code violations 0 Filter statistics Input packet count 0 Input packet rejects 0 Input DA rejects 0 Input SA rejects 0 Output packet count 0 Output packet pad count 0 Output packet error count 0 CAM destination filters 0 CAM source filters 0 Autonegotiation information Negotiation status Incomplete P...

Page 1234: ...a specified subnet without broadcasting those packets to hosts on the entire network This example shows how to enable a subnet to receive IP directed broadcast packets so you can perform backups and other network management tasks remotely Requirements on page 1138 Overview and Topology on page 1139 Configuration on page 1139 Requirements This example uses the following software and hardware compon...

Page 1235: ...in subnet 10 1 2 1 24 When the switch receives a packet with the broadcast IP address of the target subnet as its destination address it forwards the packet to the subnet s Layer 3 interface and broadcasts it to all the hosts within the subnet Figure 27 Topology for IP Directed Broadcast Table 165 on page 1139 shows the settings of the components in this example Table 165 Components of the IP Dire...

Page 1236: ... v1 2 Add logical interface ge 0 0 1 0 to VLAN v1 edit interfaces user switch set ge 0 0 1 0 family ethernet switching vlan members v1 3 Configure the IP address for the egress VLAN v1 edit interfaces user switch set vlan 1 family inet address 10 1 2 1 24 4 Add logical interface ge 0 0 3 0 to VLAN v0 edit interfaces user switch set ge 0 0 3 0 family ethernet switching vlan members v0 5 Configure t...

Page 1237: ...0 family inet targeted broadcast address 10 1 1 1 24 unit 1 family inet targeted broadcast address 10 1 2 1 24 vlans default v0 l3 interface vlan 0 v1 l3 interface vlan 1 Related Documentation Configuring IP Directed Broadcast CLI Procedure on page 1164 1141 Copyright 2010 Juniper Networks Inc Chapter 51 Examples Interfaces Configuration ...

Page 1238: ...Copyright 2010 Juniper Networks Inc 1142 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1239: ...e CLI Procedure on page 1165 Configuring Gigabit Ethernet Interfaces J Web Procedure An Ethernet interface must be configured for optimal performance in a high traffic network To configure properties on a Gigabit Ethernet interface or a 10 Gigabit Ethernet interface on an EX Series switch 1 Select Interfaces Ports The page lists Gigabit Ethernet and 10 Gigabit Ethernet interfaces and their link st...

Page 1240: ...ere are interfaces in the VLAN that have static IP addresses those interfaces might lose connectivity because those static IP addresses might not be present in the DHCP pool Therefore when you are selecting a port role ensure that the corresponding port security settings for the VLAN are applicable to the interface For basic information on port security features such as DHCP snooping CLI option ex...

Page 1241: ...ociated with the interface 2 Click Details to view CLI commands for this role 3 Click OK Applies the desktop role The interface family is set to ethernet switching port mode is set to access RSTP is enabled with the edge and point to point options and port security parameters MAC limit 1 dynamic ARP inspection and DHCP snooping enabled are set Desktop 1 Select an existing VLAN configuration or typ...

Page 1242: ...upported on EX2200 and EX4500 switches Applies the routed uplink role The interface family is set to inet and recommended CoS parameters are set for schedulers and classifiers See Table 167 on page 1148 for more CoS information Routed Uplink 1 For this port role you can select a VLAN member and associate a native VLAN with the interface 2 Click Details to view CLI commands for this role 3 Click OK...

Page 1243: ...ace MTU bytes Select one of the following values 10 Mbps 100 Mbps 1000 Mbps or Auto Negotiation Specifies the speed for the mode Speed Select one automatic half or full Specifies the link mode Duplex Enter a brief description for the link Describes the link NOTE If the interface is part of a link aggregation group LAG only the option Description is enabled Description Select the check box to enabl...

Page 1244: ...o 5 assured forwarding Queue number is set to 1 best effort Queue number is set to 0 Forwarding Classes The schedulers and their settings are Strict priority Transmission rate is set to 10 percent and buffer size to 5 percent Expedited scheduler Transmission rate is set to 30 percent buffer size to 30 percent and priority to low Assured scheduler Transmission rate is set to 25 percent buffer size ...

Page 1245: ... port role configuration it is cleared before the new port role configuration is applied Table 168 Port Role Configuration Summary CLI Commands Configuration Description Default Port Role set interfaces interfaceapply macro juniper port profile Default Set the port role to Default set interfaces interface unit 0 family ethernet switching port mode access Set port family to ethernet switching Set p...

Page 1246: ...ing options secure access port vlan MacTest arp inspection Set port security parameters set ethernet switching options voip interface interface 0 vlan vlan vlan name Set VOIP VLAN set class of service interfaces interfacescheduler map juniper port profile map set class of service interfaces interface unit 0 classifiers ieee 802 1 juniper_ieee_classifier set class of service interfaces interfaceuni...

Page 1247: ...r port profile Layer2 Uplink Set the port role to Layer 2 Uplink set interfaces interface unit 0 family ethernet switching port mode trunk Set port family to ethernet switching Set port mode to trunk set interfaces interface unit 0 family ethernet switching native vlan id vlan name Set Native VLAN name set interfaces interface unit 0 family ethernet switching vlan members vlan members Set the port...

Page 1248: ...ed forwarding queue num 1 assured forwarding set class of service forwarding classes class best effort queue num 0 best effort Schedulers The CLI commands are set class of service schedulers strict priority scheduler transmit rate percent 10 set class of service schedulers strict priority scheduler buffer size percent 5 set class of service schedulers strict priority scheduler priority strict high...

Page 1249: ...d Documentation Configuring Gigabit Ethernet Interfaces J Web Procedure on page 1143 Configuring Gigabit Ethernet Interfaces CLI Procedure on page 1153 Configuring Gigabit Ethernet Interfaces CLI Procedure An Ethernet interface must be configured for optimal performance in a high traffic network EX Series switches include a factory default configuration that Enables all the network interfaces on t...

Page 1250: ...rnet switching port mode trunk Configuring the Link Settings EX Series switches include a factory default configuration that enables interfaces with the following link settings All Gigabit Ethernet interfaces are set to auto negotiation The speed for Gigabit Ethernet interfaces is set to auto allowing the interface to operate at 10m 100m or 1g The link operates at the highest possible speed depend...

Page 1251: ... EX8200 switch fpc refers to the line card number The ether options statement allows you to modify the configuration 802 3ad Specify an aggregated Ethernet bundle See Configuring Aggregated Ethernet Interfaces CLI Procedure on page 1157 auto negotiation Enable or disable autonegotation of flow control link mode and speed flow control Enable or disable flow control link mode Specify full duplex hal...

Page 1252: ... the SFP uplink module operates in the 10 gigabit mode and supports only SFP transceivers If you have not changed the module from the default setting and you want to use SFP transceivers you do not need to configure the operating mode To set the operating mode of an SFP uplink module 1 Change the operating mode to the appropriate mode for the transceiver type you want to use by using one of the fo...

Page 1253: ...aggregated Ethernet interfaces using the CLI 1 Specify the number of aggregated Ethernet interfaces to be created edit chassis user switch set aggregated devices ethernet device count 2 2 Specify the minimum number of links for the aggregated Ethernet interface aex that is the defined bundle to be labeled up NOTE By default only one link must be up for the bundle to be labeled up edit interfaces u...

Page 1254: ...vailability You can use the J Web interface to configure aggregated Ethernet interfaces or a LAG on the switch NOTE Interfaces that are already configured with MTU duplex flow control or logical interfaces are listed but are not available for aggregation To configure an aggregated Ethernet interface also referred to as a LAG 1 Select Configure Interfaces Link Aggregation The list of aggregated int...

Page 1255: ...n the interfaces The modes are None Indicates that no mode is applicable Active Indicates that the interface initiates transmission of LACP packets Passive Indicates that the interface responds only to LACP packets LACP Mode Enter a description Specifies a description for the LAG Description To add interfaces to the LAG select the interfaces and click Add Click OK To remove an interface from the L...

Page 1256: ... an IPv4 address for the selected LAG IPv4 Address 1 Select the check box IPv6 address 2 Type an IP address for example 2001 ab8 85a3 8a2e 370 7334 3 Enter the subnet mask or address prefix 4 Click OK Specifies an IPv6 address for the selected LAG IPv6 Address Related Documentation Configuring Aggregated Ethernet Interfaces CLI Procedure on page 1157 Example Configuring Aggregated Ethernet High Sp...

Page 1257: ... link to be up NOTE Do not add LACP to a LAG if the remote end of the LAG link is a security device unless the security device supports LACP Security devices often do not support LACP because they require a deterministic configuration To configure LACP 1 Enable one side of the aggregated Ethernet link as active edit interfaces user switch set aex aggregated ether options lacp active 2 Specify the ...

Page 1258: ...ion On an EX3200 or EX4200 switch ensure that all switch interfaces are symmetrically routed before you enable unicast RPF on an interface When you enable unicast RPF on any interface it is enabled globally on all switch interfaces Do not enable unicast RPF on asymmetrically routed interfaces An asymmetrically routed interface uses different paths to send and receive packets between the source and...

Page 1259: ...ure Unicast reverse path forwarding RPF can help protect your LAN from denial of service DoS and distributed denial of service DDoS attacks on untrusted interfaces Unicast RPF filters traffic with source addresses that do not use the incoming interface as the best return path back to the source If the network configuration changes so that an interface that has unicast RPF enabled becomes a trusted...

Page 1260: ...cified subnet without broadcasting to the entire network IP directed broadcast packets are broadcast on only the target subnet The rest of the network treats IP directed broadcast packets as unicast packets and forwards them accordingly Before you begin to configure IP directed broadcast Ensure that the subnet on which you want broadcast packets using IP direct broadcast is not directly connected ...

Page 1261: ...ng a Layer 3 Subinterface CLI Procedure EX Series switches use Layer 3 subinterfaces to divide a physical interface into multiple logical interfaces each corresponding to a VLAN The switch uses the Layer 3 subinterfaces to route traffic between subnets To configure Layer 3 subinterfaces you enable VLAN tagging and partition one or more physical ports into multiple logical interfaces each correspon...

Page 1262: ...Layer 3 Subinterfaces Are Working on page 1170 Understanding Layer 3 Subinterfaces on page 1104 Copyright 2010 Juniper Networks Inc 1166 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1263: ... utilization and plots real time charts to display input and output rates in bytes per second In addition the Interface monitoring page displays input and output packet counters and error counters in the form of charts Alternatively you can enter the show commands in the CLI to view interface status and traffic statistics Action To view general interface information in the J Web interface such as ...

Page 1264: ... the number of broadcast unicast and multicast packet counters For details about output from the CLI commands see show interfaces ge Gigabit Ethernet or show interfaces xe 10 Gigabit Ethernet Related Documentation Configuring Gigabit Ethernet Interfaces J Web Procedure on page 1143 Configuring Gigabit Ethernet Interfaces CLI Procedure on page 1153 Verifying the Status of a LAG Interface Purpose Ve...

Page 1265: ...e LACP protocol Receive State Transmit State Mux State xe 0 1 0 Defaulted Fast periodic Detached Meaning This example shows that LACP has been configured with one side as active and the other as passive When LACP is enabled one side must be set as active in order for the bundled link to be up Verifying That the LACP Packets Are Being Exchanged Purpose Verify that LACP packets are being exchanged b...

Page 1266: ...h on page 977 Verifying That Layer 3 Subinterfaces Are Working Purpose After configuring Layer 3 subinterfaces verify they are set up properly and transmitting data Action Use the show interfaces command to determine if you successfully created the subinterfaces and the links are up 1 user switch show interfaces interface name terse Interface Admin Link Proto Local Remote ge 0 0 0 up up ge 0 0 0 0...

Page 1267: ...WRITE Error None Loopback Disabled Source filtering Disabled Flow control Enabled Auto negotiation Enabled Remote fault Online Device flags Present Running Interface flags Hardware Down SNMP Traps Internal 0x0 Link flags None CoS queues 8 supported 8 maximum usable queues Hold times Up 0 ms Down 0 ms Current address 00 19 e2 50 95 ab Hardware address 00 19 e2 50 95 ab Last flapped Never Statistics...

Page 1268: ... CAM source filters 0 Autonegotiation information Negotiation status Incomplete Packet Forwarding Engine configuration Destination slot 1 Logical interface ge 1 0 10 0 Index 69 SNMP ifIndex 59 Generation 135 Flags Device Down SNMP Traps 0x0 Encapsulation ENET2 Traffic statistics Input bytes 0 Output bytes 0 Input packets 0 Output packets 0 IPv6 transit statistics Input bytes 0 Output bytes 0 Input...

Page 1269: ...ly configured unicast RPF Thus the uRPF flag is not displayed on interfaces for which you have not explicitly configured unicast RPF even though unicast RPF is implicitly enabled on all interfaces on EX3200 and EX4200 switches Related Documentation show interfaces xe on page 1262 Example Configuring Unicast RPF on an EX Series Switch on page 1134 Configuring Unicast RPF CLI Procedure on page 1162 ...

Page 1270: ...Copyright 2010 Juniper Networks Inc 1174 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1271: ...he interface on one of the last four built in network ports in an EX3200 switch for example interface ge 0 0 23 is down Problem The interface on one of the last four built in ports ge 0 0 20 through ge 0 0 23 on 24 port models or ge 0 0 44 through ge 0 0 47 on 48 port models of an EX3200 switch is down An SFP or SFP uplink module is installed in the switch and a transceiver is installed in one of ...

Page 1272: ...e the 1 gigabit operating mode See Setting the Mode on an SFP Uplink Module CLI Procedure on page 1156 Related Documentation Troubleshooting Uplink Module Installation or Replacement on EX3200 and EX4200 Switches on page 1178 Monitoring Interface Status and Traffic on page 1167 Configuring Gigabit Ethernet Interfaces CLI Procedure on page 1153 Configuring Gigabit Ethernet Interfaces J Web Procedur...

Page 1273: ...and connectivity related problems To use the J Web interface port troubleshooter 1 Select the option Troubleshoot from the main menu 2 Click Troubleshoot Port The Port Troubleshooting wizard is displayed Click Next 3 Select the ports to troubleshoot 4 Select the test cases to be executed on the selected port Click Next When the selected test cases are executed the final result and the recommended ...

Page 1274: ...ing packet If the best return path uses the same interface as the interface that received the packet the switch forwards the packet If the best return path uses a different interface than the interface that received the packet the switch discards the packet NOTE On EX3200 and EX4200 switches unicast RPF works properly only ifallswitchinterfaces includingaggregatedEthernetinterfaces alsoreferred to...

Page 1275: ...ast four built in ports use the same ASIC as the SFP uplink module Therefore if you install a transceiver in an SFP or SFP uplink module installed in an EX3200 switch a corresponding base port from the last four built in ports is disabled Solution If you need to use the disabled built in port you must remove the transceiver from the SFP or SFP uplink module Alternatively you can install an XFP upl...

Page 1276: ...Copyright 2010 Juniper Networks Inc 1180 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1277: ...c pic number sfpplus pic modemode power budget priority priority lcd menu fpc slot number menu item menu name menu option psu redundancy n plus n redundancy graceful switchover Related Documentation Upgrading Software Using Automatic Software Download on EX Series Switches on page 90 Configuring the LCD Panel on EX Series Switches CLI Procedure on page 192 Configuring Graceful Routing Engine Switc...

Page 1278: ... traps unit logical unit number description text disable family family name proxy arp restricted unrestricted traps no traps vlan id vlan id number vlan tagging fe fpc pic port description text disable mtu bytes no gratuitous arp request speed speed traceoptions traps no traps unit logical unit number description text disable family family name proxy arp restricted unrestricted traps no traps vlan...

Page 1279: ...terface range interface range name description text disable ether options 802 3ad aex lacp force up auto negotiation no auto negotiation flow control no flow control link mode mode speed auto negotiation speed hold time up milliseconds down milliseconds member interface name member range starting interface name to ending interface name mtu bytes unit logical unit number description text disable fa...

Page 1280: ...agging vlan description text disable hold time up milliseconds down milliseconds mtu bytes no gratuitous arp request traceoptions traps no traps unit logical unit number description text disable family family name proxy arp restricted unrestricted traps no traps vme description text disable hold time up milliseconds down milliseconds mtu bytes no gratuitous arp request traceoptions traps no traps ...

Page 1281: ...umber vlan tagging Related Documentation Configuring Gigabit Ethernet Interfaces CLI Procedure on page 1153 Configuring Aggregated Ethernet Interfaces CLI Procedure on page 1157 Configuring a Layer 3 Subinterface CLI Procedure on page 1165 Configuring Routed VLAN Interfaces CLI Procedure on page 1379 Configuring the Virtual Management Ethernet Interface for Global Management of a Virtual Chassis C...

Page 1282: ...hernet High Speed Uplinks Between a Virtual Chassis Access Switch and a Virtual Chassis Distribution Switch on page 970 Example Configuring Aggregated Ethernet High Speed Uplinks with LACP Between a Virtual Chassis Access Switch and a Virtual Chassis Distribution Switch on page 977 Configuring Aggregated Ethernet Interfaces CLI Procedure on page 1157 Configuring Aggregated Ethernet LACP CLI Proced...

Page 1283: ...atement in the configuration interface control To add this statement to the configuration Related Documentation Example Configuring Aggregated Ethernet High Speed Uplinks Between a Virtual Chassis Access Switch and a Virtual Chassis Distribution Switch on page 970 Configuring Aggregated Ethernet Interfaces CLI Procedure on page 1157 Understanding Aggregated Ethernet Interfaces and LACP on page 109...

Page 1284: ...Related Documentation Example Configuring Aggregated Ethernet High Speed Uplinks Between a Virtual Chassis Access Switch and a Virtual Chassis Distribution Switch on page 970 Example Configuring Aggregated Ethernet High Speed Uplinks with LACP Between a Virtual Chassis Access Switch and a Virtual Chassis Distribution Switch on page 977 Configuring Aggregated Ethernet Interfaces CLI Procedure on pa...

Page 1285: ...s Default Autonegotiation is automatically enabled No explicit action is taken after the autonegotiation is complete or if the negotiation fails Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation Configuring Gigabit Ethernet Interfaces CLI Procedure on page 1153 Configuring Gigabit Ethern...

Page 1286: ...tion Configure chassis specific properties for the switch The remaining statements are explained separately Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation Configuring Aggregated Ethernet Interfaces CLI Procedure on page 1157 Configuring the Power Priority of Line Cards CLI Procedure o...

Page 1287: ...e switch Default No textual description is configured Options text Text to describe the interface If the text includes spaces enclose the entire text in straight quotation marks Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation Configuring Gigabit Ethernet Interfaces CLI Procedure on pag...

Page 1288: ... EX4200 in a Virtual Chassis configuration and EX4500 switches Range 1 through 255 for EX8200 switches Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation Example Configuring Aggregated Ethernet High Speed Uplinks Between a Virtual Chassis Access Switch and a Virtual Chassis Distribution S...

Page 1289: ...ault Enabled Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation Configuring Gigabit Ethernet Interfaces CLI Procedure on page 1153 Configuring Gigabit Ethernet Interfaces J Web Procedure on page 1143 Understanding Aggregated Ethernet Interfaces and LACP on page 1099 EX Series Switches Int...

Page 1290: ...s explained separately Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation Configuring Aggregated Ethernet Interfaces CLI Procedure on page 1157 Junos OS Network System Basics Configuration Guide at http www juniper net techpubs software junos index html Copyright 2010 Juniper Networks Inc...

Page 1291: ... inet address address primary vrrp group group id advertise interval milliseconds preempt no preempt hold time seconds priority number virtual address addresses virtual link local address ip address filter input filter name filter output filter name primary rpf check targeted broadcast family inet6 family inet6 address address primary vrrp inet6 group group id inet6 advertise interval milliseconds...

Page 1292: ... that you commonly use when configuring protocol families for interfaces on EX Series switches as well as statements that are used to configure protocol families only on switch interfaces For information about additional standard Junos OS statements that you can configure on interfaces see the Junos OS Network Interfaces Configuration Guide at http www juniper net techpubs software junos index htm...

Page 1293: ...nterface types support all family substatements Check your switch CLI for supported substatements for a particular protocol family configuration Table 173 Protocol Families and Supported Interface Types Supported Interface Types Description Family xe vme vlan me0 lo0 ge ae Circuit cross connect protocol family ccc Ethernet switching protocol family ethernet switching IPv4 protocol family inet IPv6...

Page 1294: ...t or Layer 3 interface and all outgoing traffic is sent unmodified from the port or Layer 3 interface Options filter name Name of a firewall filter defined in the filter statement input Apply a firewall filter to traffic entering the port or Layer 3 interface output Apply a firewall filter to traffic exiting the Layer 3 interface Required Privilege Level interface To view this statement in the con...

Page 1295: ...iguring Gigabit Ethernet Interfaces CLI Procedure on page 1153 Junos OS Network Interfaces Configuration Guide at http www juniper net techpubs software junos index html force up Syntax force up Hierarchy Level edit interfaces interface name ether options 802 3ad lacp Release Information Statement introduced in Junos OS Release 10 0 for EX Series switches Description Set the state of the interface...

Page 1296: ...ace range name Name of the interface range NOTE Youcanuseregularexpressionsandwildcardstospecifytheinterfaces in the member range configuration Do not use wildcards for interface types The remaining statements are explained separately Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation Con...

Page 1297: ... hold time up milliseconds down milliseconds mtu bytes no gratuitous arp request traceoptions traps no traps unit logical unit number description text disable family family name proxy arp restricted unrestricted traps no traps vlan id vlan id number vlan tagging interfaces ge ge fpc pic port description text disable ether options 802 3ad aex lacp force up auto negotiation no auto negotiation flow ...

Page 1298: ... auto negotiation no auto negotiation flow control no flow control link mode mode speed auto negotiation speed hold time up milliseconds down milliseconds member interface name member range starting interface name to ending interface name mtu bytes unit logical unit number description text disable family family name proxy arp restricted unrestricted rpm traps no traps vlan id vlan id number Copyri...

Page 1299: ...t traceoptions traps no traps unit logical unit number description text disable family family name traps no traps vlan id vlan id number vlan tagging interfaces vlan vlan description text disable hold time up milliseconds down milliseconds mtu bytes no gratuitous arp request traceoptions traps no traps unit logical unit number description text disable family family name proxy arp restricted unrest...

Page 1300: ... auto negotiation flow control no flow control link mode mode speed auto negotiation speed hold time up milliseconds down milliseconds mtu bytes no gratuitous arp request traceoptions traps no traps unit logical unit number description text disable family family name proxy arp restricted unrestricted rpm traps no traps vlan id vlan id number vlan tagging Hierarchy Level edit Release Information St...

Page 1301: ...syntax of the protocol families supported for switch interfaces Not all interface types support all family substatements Check your switch CLI for supported substatements for a particular protocol family configuration Table 174 Interface Types and Their Supported Protocol Families Supported Protocol Families Description Interface Type mpls iso inet6 inet ethernet switching ccc Aggregated Ethernet ...

Page 1302: ... the Link Aggregation Control Protocol LACP Default LACP is not enabled Options mode LACP mode active Initiate transmission of LACP packets passive Respond to LACP packets The remaining statement is explained separately Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation Example Configurin...

Page 1303: ...ernet High Speed Uplinks Between a Virtual Chassis Access Switch and a Virtual Chassis Distribution Switch on page 970 Example Configuring Aggregated Ethernet High Speed Uplinks with LACP Between a Virtual Chassis Access Switch and a Virtual Chassis Distribution Switch on page 977 Configuring Aggregated Ethernet Interfaces CLI Procedure on page 1157 Configuring Aggregated Ethernet LACP CLI Procedu...

Page 1304: ...ether options you can select only full duplex or half duplex If auto negotiation is specified in ether options you can select any mode Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation Configuring Gigabit Ethernet Interfaces CLI Procedure on page 1153 Configuring Gigabit Ethernet Interfa...

Page 1305: ... 1 000 000 or g 1 000 000 000 Aggregated Ethernet links on EX Series switches can have one of the following speed values 1g Links are 1 Gbps 10g Links are 10 Gbps Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation Example Configuring Aggregated Ethernet High Speed Uplinks Between a Virtua...

Page 1306: ...ilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation Configuring Gigabit Ethernet Interfaces CLI Procedure on page 1153 Understanding Interface Ranges on EX Series Switches on page 1102 EX Series Switches Interfaces Overview on page 1095 Junos OS Network Interfaces Configuration Guide at http www junipe...

Page 1307: ...ly becomes a member of the VLAN NOTE Each VLAN that is configured must have a specified VLAN ID when youattempttocommittheconfiguration otherwise theconfigurationcommit fails Also all cannot be the name of a VLAN on the switch names Name of one or more VLANs vlan ids Numeric identifier of one or more VLANs For a series of tagged VLANs specify a range for example 10 20 or 10 20 23 27 30 Required Pr...

Page 1308: ...range Options Range Starting interface name to ending interface name The name of the first member and the name of the last member in the interface sequence Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation Configuring Gigabit Ethernet Interfaces CLI Procedure on page 1153 Understanding I...

Page 1309: ... for EX Series switches other than EX8200 switches 1 through 12 for EX8200 switches Default 1 Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation Example Configuring Aggregated Ethernet High Speed Uplinks Between a Virtual Chassis Access Switch and a Virtual Chassis Distribution Switch on ...

Page 1310: ...d not on the RVI itself the vlan interface However for jumbo control packets for example to ping the RVI with a packet size of 6000 bytes or more you must explicitly configure the jumbo MTU size on the interface named vlan the RVI CAUTION Setting or deleting the jumbo MTU size on the RVI the vlan interface while the switch is transmitting packets might result in dropped packets Default 1514 bytes ...

Page 1311: ...l routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation show vlans on page 1507 show ethernet switching interfaces on page 1235 Configuring Gigabit Ethernet Interfaces CLI Procedure on page 1153 Configuring Gigabit Ethernet Interfaces J Web Procedure on page 1143 Understanding Bridging and VLANs on EX Series Switches on...

Page 1312: ...Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation Example Configuring Aggregated Ethernet High Speed Uplinks with LACP Between a Virtual Chassis Access Switch and a Virtual Chassis Distribution Switch on page 977 Configuring Aggregated Ethernet LACP CLI Procedure on page 1161 Understanding Aggregated Ether...

Page 1313: ...the configuration Related Documentation Setting the Mode on an SFP Uplink Module CLI Procedure on page 1156 pic mode Syntax pic mode mode Hierarchy Level edit chassis fpc slot pic pic number sfpplus Release Information Statement introduced in Junos OS Release 9 4 for EX Series switches Description Configure the operating mode for the specified port on the SFP uplink module on an EX3200 or EX4200 s...

Page 1314: ...perate in trunk mode In this mode the interface can be in multiple VLANs and can multiplex traffic between different VLANs Trunk interfaces typically connect to other switches and to routers on the LAN Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation Example Connecting an Access Switch ...

Page 1315: ...ches enable an RPF check on unicast traffic including ECMP packets on the selected ingress interface Default Unicast RPF is disabled on all interfaces Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation Example Configuring Unicast RPF on an EX Series Switch on page 1134 Configuring Unicast...

Page 1316: ... transceivers NOTE The SFP uplink module provides two ports for 10 gigabit small form factor pluggable SFP transceivers when configured to operate in 10 gigabit mode or four ports for 1 gigabit small form factor pluggable SFP transceivers when configured to operate in 1 gigabit mode Required Privilege Level interface To view this statement in the configuration interface control To add this stateme...

Page 1317: ...ce speed If the auto negotiation statement at the edit interfaces interface name ether options hierarchy level is disabled you must specify a specific value This value sets the speed that is used on the link If the auto negotiation statement is enabled you might want to configure a specific speed value to advertise the desired speed to the remote end 10m 10 Mbps 100m 100 Mbps 1g 1 Gbps Required Pr...

Page 1318: ...cast is disabled Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation Example Configuring IP Directed Broadcast on an EX Series Switch on page 1138 Configuring IP Directed Broadcast CLI Procedure on page 1164 Understanding IP Directed Broadcast for EX Series Switches on page 1109 Copyright ...

Page 1319: ...number Number of the logical unit Range 0 through 16 384 The remaining statements are explained separately Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation Configuring Gigabit Ethernet Interfaces CLI Procedure on page 1153 Configuring Aggregated Ethernet Interfaces CLI Procedure on page...

Page 1320: ...t in the configuration interface control To add this statement to the configuration Related Documentation show ethernet switching interfaces on page 1235 Example Setting Up Bridging with Multiple VLANs for EX Series Switches on page 1312 Configuring Routed VLAN Interfaces CLI Procedure on page 1379 Understanding Bridging and VLANs on EX Series Switches on page 1283 Junos OS Network Interfaces Conf...

Page 1321: ...vel interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation vlan tagging on page 1226 Example Configuring Layer 3 Subinterfaces for a Distribution Switch and an Access Switch on page 1127 Configuring Gigabit Ethernet Interfaces CLI Procedure on page 1153 Configuring Gigabit Ethernet Interfaces J Web Procedure on page ...

Page 1322: ...terface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation vlan id on page 1225 Example Configuring Layer 3 Subinterfaces for a Distribution Switch and an Access Switch on page 1127 Configuring a Layer 3 Subinterface CLI Procedure on page 1165 Junos OS Network Interfaces Configuration Guide at http www juniper net techpubs...

Page 1323: ...CHAPTER 56 Operational Mode Commands for Interfaces 1227 Copyright 2010 Juniper Networks Inc ...

Page 1324: ...ighbor cache information host hostname Optional Clear the information for the specified IPv6 neighbors Required Privilege Level view Related Documentation show ipv6 neighbors on page 1275 List of Sample Output clear ipv6 neighbors on page 1228 Output Fields When you enter this command you are provided feedback on the status of your request clear ipv6 neighbors user host clear ipv6 neighbors clear ...

Page 1325: ...Interfaces Command Reference To control the output of the monitorinterfaceinterface name command while it is running use the keys listed in Table 175 on page 1229 The keys are not case sensitive Table 175 Output Control Keys for the monitor interface interface name Command Action Key Clears returns to zero the delta counters since monitor interface was started This does not clear the accumulative ...

Page 1326: ...il on page 1234 Output Fields Table 177 on page 1230 describes the output fields for the monitor interface command Output fields are listed in the approximate order in which they appear Table 177 monitor interface Output Fields Level of Output Field Description Field Name All levels Hostname of the router router1 All levels How long the monitor interface command has been running or how long since ...

Page 1327: ...46 29 monitor interface Physical Interface so 0 0 0 Enabled Link is Up Encapsulation PPP Keepalives Speed OC48 Traffic statistics Current Delta Input packets 6045 0 pps 11 Input bytes 6290065 0 bps 13882 Output packets 10376 0 pps 10 Output bytes 10365540 0 bps 9418 Encapsulation statistics Input keepalives 1901 2 Output keepalives 1901 2 NCP state Opened LCP state Opened Error statistics Input er...

Page 1328: ... Policed discards 0 L3 incompletes 0 L2 channel errors 0 L2 mismatch timeouts 0 Carrier transitions 5 Output errors 0 Output drops 0 Aged packets 0 Active alarms None Active defects None Input MAC Filter statistics Unicast packets 0 Broadcast packets 0 Multicast packets 0 Oversized frames 0 Packet reject count 0 DA rejects 0 SA rejects 0 Output MAC Filter Statistics Unicast packets 0 Broadcast pac...

Page 1329: ...xt n Quit q or ESC Freeze f Thaw t Clear c Interface i monitor interface traffic user host monitor interface traffic host name Seconds 15 Time 12 31 09 Interface Link Input packets pps Output packets pps so 1 0 0 Down 0 0 0 0 so 1 1 0 Down 0 0 0 0 so 1 1 1 Down 0 0 0 0 so 1 1 2 Down 0 0 0 0 so 1 1 3 Down 0 0 0 0 t3 1 2 0 Down 0 0 0 0 t3 1 2 1 Down 0 0 0 0 t3 1 2 2 Down 0 0 0 0 t3 1 2 3 Down 0 0 0 ...

Page 1330: ...e 12 31 09 Interface Link Input packets pps Output packets pps Description t1 0 1 1 0 Up 19769 0 0 0 To OSAKA 1 Bytes b Clear c Delta d Packets p Quit q or ESC Rate r Up U Down D Copyright 2010 Juniper Networks Inc 1234 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1331: ...ge 1485 show ethernet switching table on page 1493 Configuring Autorecovery From the Disabled State on Secure or Storm Control Interfaces CLI Procedure on page 2796 List of Sample Output show ethernet switching interfaces on page 1236 show ethernet switching interfaces ge 0 0 15 brief on page 1237 showethernet switchinginterfacesge 0 0 2detail BlockedbyRTGrtggroup onpage1237 show ethernet switchin...

Page 1332: ...isable timeout expires MAC move limit exceeded The interface is temporarily disabled due to a MAC move limiting error The disabled interface is automatically restored to service when the disable timeout expires Storm control in effect The interface is temporarily disabled due to a storm control error The disabled interface is automatically restored to service when the disable timeout expires Block...

Page 1333: ...ti id 0 blocked by RTG rtggroup Number of MACs learned on IFL 0 show ethernet switching user switch show ethernet switching interfaces ge 0 0 15 detail Interface ge 0 0 15 0 Index 70 State up Port mode Trunk interfaces ge 0 0 15 VLAN membership detail Blocked by STP vlan100 802 1Q Tag 100 tagged msti id 0 blocked by STP vlan200 802 1Q Tag 200 tagged msti id 0 blocked by STP Number of MACs learned ...

Page 1334: ... a Transceiver from an EX Series Switch Junos OS Network Interfaces Configuration Guide at http www juniper net techpubs software junos index html List of Sample Output show interfaces diagnostics optics ge 0 1 0 SFP Transceiver on page 1242 show interfaces diagnostics optics xe 0 1 0 SFP Transceiver on page 1243 show interfaces diagnostics optics xe 0 1 0 XFP Transceiver on page 1243 Output Field...

Page 1335: ...s On or Off Laser output power high alarm Displays whether the laser output power low alarm is On or Off Laser output power low alarm Displays whether the laser output power high warning is On or Off Laser output power high warning Displays whether the laser output power low warning is On or Off Laser output power low warning Displays whether the module temperature high alarm is On or Off Module t...

Page 1336: ...ether the Tx data not ready alarm is On or Off Tx data not ready alarm Not available for SFP and SFP transceivers Any condition leading to invalid data on the transmit path Displays whether the Tx not ready alarm is On or Off Tx not ready alarm Not available for SFP and SFP transceivers Laser fault condition Displays whether the Tx laser fault alarm is On or Off Tx laser fault alarm Not available ...

Page 1337: ...re high alarm Module temperature high alarm threshold Displays the vendor specified threshold for the module temperature low alarm Module temperature low alarm threshold Displays the vendor specified threshold for the module temperature high warning Module temperature high warning threshold Displays the vendor specified threshold for the module temperature low warning Module temperature low warnin...

Page 1338: ...Off Module temperature low warning Off Module voltage high alarm Off Module voltage low alarm Off Module voltage high warning Off Module voltage low warning Off Laser rx power high alarm Off Laser rx power low alarm Off Laser rx power high warning Off Laser rx power low warning Off Laser bias current high alarm threshold 15 000 mA Laser bias current low alarm threshold 1 000 mA Laser bias current ...

Page 1339: ... threshold 9 000 mA Laser bias current low warning threshold 2 500 mA Laser output power high alarm threshold 1 4120 mW 1 50 dBm Laser output power low alarm threshold 0 0740 mW 11 31 dBm Laser output power high warning threshold 0 7070 mW 1 51 dBm Laser output power low warning threshold 0 1860 mW 7 30 dBm Module temperature high alarm threshold 75 degrees C 167 degrees F Module temperature low a...

Page 1340: ...w alarm threshold 2 000 mA Laser bias current high warning threshold 12 000 mA Laser bias current low warning threshold 3 000 mA Laser output power high alarm threshold 0 8310 mW 0 80 dBm Laser output power low alarm threshold 0 1650 mW 7 83 dBm Laser output power high warning threshold 0 7410 mW 1 30 dBm Laser output power low warning threshold 0 1860 mW 7 30 dBm Module temperature high alarm thr...

Page 1341: ...s Required Privilege Level view Related Documentation Monitoring Interface Status and Traffic on page 1167 Troubleshooting Network Interfaces on EX3200 and EX4200 Switches on page 1175 Troubleshooting an Aggregated Ethernet Interface on page 1176 Junos OS Network Interfaces Configuration Guide at http www juniper net techpubs software junos index html List of Sample Output show interfaces ge 0 0 0...

Page 1342: ...ring All levels Flow control status Enabled or Disabled Flow control All levels Autonegotiation status Enabled or Disabled Auto negotiation All levels Remote fault status Online Autonegotiation is manually configured as online Offline Autonegotiation is manually configured as offline Remote fault All levels Information about the physical device Device flags All levels Information about the interfa...

Page 1343: ...acket that is dropped by the ASIC s RED mechanism Framing errors Number of packets received with an invalid frame checksum FCS Runts Number of frames received that are smaller than the runt threshold Policed discards Number of frames that the incoming packet match code discarded because they were not recognized or not of interest Usually this field reports protocols that the Junos OS does not hand...

Page 1344: ...re FIFO errors Number of FIFO errors in the send direction as reported by the ASIC on the PIC If this value is ever nonzero the PIC is probably malfunctioning HS link CRC errors Number of errors on the high speed links between the ASICs responsible for handling the switch interfaces MTU errors Number of packets whose size exceeded the MTU of the interface Resource errors Sum of transmit drops Outp...

Page 1345: ...h pause operational code Oversized frames Number of frames that exceed 1518 octets Jabber frames Number of frames that were longer than 1518 octets excluding framing bits but including FCS octets and had either an FCS error or an alignment error This definition of jabber is different from the definition in IEEE 802 3 section 8 2 1 5 10BASE5 and section 10 3 1 4 10BASE2 These documents define jabbe...

Page 1346: ...tner speed Speed of the link partner Local resolution Information from the link partner Flow control Types of flow control supported by the remote Ethernet device For Gigabit Ethernet interfaces types are Symmetric link partner supports PAUSE on receive and transmit Asymmetric link partner supports PAUSE on transmit and Symmetric Asymmetric link partner supports PAUSE on both receive and transmit ...

Page 1347: ...tensive Names of any input filters applied to this interface Input Filters detail extensive Names of any output filters applied to this interface Output Filters detail extensive Information about protocol family flags If unicast reverse path forwarding RPF is explicitly configured on the specified interface the uRPF flag is displayed If unicast RPF was configured on a different interface and there...

Page 1348: ...ion voice priority and tcp and icmp traffic rate limiting filter at i ngress port Link level type Ethernet MTU 1514 Speed Unspecified Loopback Disabled Source filtering Disabled Flow control Enabled Auto negotiation Enabled Remote fault Online Device flags Present Running Down Interface flags Hardware Down SNMP Traps Internal 0x0 Link flags None Logical interface ge 0 0 0 0 Flags Device Down SNMP ...

Page 1349: ...ol eth switch Generation 146 Route table 0 Flags Is Primary Input Filters f1 Output Filters f2 show interfaces ge 0 0 4 extensive user switch show interfaces ge 0 0 4 extensive Physical interface ge 0 0 4 Enabled Physical link is Up Interface index 165 SNMP ifIndex 152 Generation 168 Link level type Ethernet MTU 1514 Speed Auto Duplex Auto MAC REWRITE Error None Loopback Disabled Source filtering ...

Page 1350: ...e Transmit Total octets 0 2989761 Total packets 0 24307 Unicast packets 0 0 Broadcast packets 0 0 Multicast packets 0 24307 CRC Align errors 0 0 FIFO errors 0 0 MAC control frames 0 0 MAC pause frames 0 0 Oversized frames 0 Jabber frames 0 Fragment frames 0 Code violations 0 Autonegotiation information Negotiation status Complete Link partner Link mode Full duplex Flow control None Remote fault OK...

Page 1351: ...es 0 Output bytes 4107883 Input packets 0 Output packets 24307 Transit statistics Input bytes 0 0 bps Output bytes 0 0 bps Input packets 0 0 pps Output packets 0 0 pps IPv6 transit statistics Input bytes 0 Output bytes 0 Input packets 0 Output packets 0 Protocol eth switch Generation 159 Route table 0 Flags None Input Filters f2 Output Filters f1 1255 Copyright 2010 Juniper Networks Inc Chapter 56...

Page 1352: ...ace name interface name Optional Show queue statistics for the specified interface Required Privilege Level view Related Documentation Monitoring Interface Status and Traffic on page 1167 Monitoring Interfaces That Have CoS Components on page 3229 Defining CoS Schedulers CLI Procedure on page 3209 Configuring CoS Traffic Classification for Ingress Queuing on 40 port SFP Line Cards CLI Procedure on...

Page 1353: ...Ingress Queues Information not shown for all interfaces Number of input queues supported and in use on the specified interface For an interface on an oversubscribed line card such as the 40 port SFP line card the ingress queue handles low priority traffic on the interface Ingress queues Transmission statistics for the queue Packets Number of packets transmitted by this queue Bytes Number of bytes ...

Page 1354: ...of Packet Forwarding Engine chassis queues supported and in use for the port group to which the interface belongs The queue statistics reflect the traffic flowing on all the interfaces in the port group Packet Forwarding Engine Chassis Queues show interfaces queue ge 0 0 0 EX2200 Switch user switch show interfaces queue ge 0 0 0 Physical interface ge 0 0 0 Enabled Physical link is Down Interface i...

Page 1355: ...1399932 Bytes 44151544791024 Tail dropped packets 0 Queue 1 Forwarding classes assured forwarding Queued Transmitted Packets 0 Bytes 0 Tail dropped packets 0 Queue 2 Forwarding classes mcast be Queued Transmitted Packets 274948977 Bytes 36293264964 Tail dropped packets 0 Queue 4 Forwarding classes mcast ef Queued Transmitted Packets 0 Bytes 0 Tail dropped packets 0 Queue 5 Forwarding classes exped...

Page 1356: ...h 0 Queue 2 Forwarding classes mcast be Queued Transmitted Packets 0 Bytes 0 Tail dropped packets 0 RED dropped packets 0 Low 0 High 0 RED dropped bytes 0 Low 0 High 0 Queue 4 Forwarding classes mcast ef Queued Transmitted Packets 0 Bytes 0 Tail dropped packets 0 RED dropped packets 0 Low 0 High 0 RED dropped bytes 0 Low 0 High 0 Queue 5 Forwarding classes expedited forwarding Queued Transmitted P...

Page 1357: ...Low 0 High 0 RED dropped bytes 0 Low 0 High 0 Queue 7 Forwarding classes network control Queued Transmitted Packets 97990 Bytes 14987506 Tail dropped packets 0 RED dropped packets 0 Low 0 High 0 RED dropped bytes 0 Low 0 High 0 1261 Copyright 2010 Juniper Networks Inc Chapter 56 Operational Mode Commands for Interfaces ...

Page 1358: ...tistics For 10 Gigabit Ethernet interfaces using the statistics option does not provide you with new or additional information The output is the same as when the statistics option is not used Required Privilege Level view Related Documentation Monitoring Interface Status and Traffic on page 1167 Troubleshooting Network Interfaces on EX3200 and EX4200 Switches on page 1175 Troubleshooting an Aggreg...

Page 1359: ...sical link is inoperable and cannot pass packets even when it is enabled Adminstratively down Physical link is Up The interface is turned off but the physical link is operational and can pass packets when it is enabled Enabled Physical link is Down The interface is turned on but the physical link is inoperable and cannot pass packets Enabled Physical link is Up The interface is turned on and the p...

Page 1360: ...witches BPDU Error detail extensive none Not supported on EX Series switches MAC REWRITE Error brief detail extensive none Loopback status Enabled or Disabled If loopback is enabled type of loopback Local or Remote Loopback brief detail extensive none Source filtering status Enabled or Disabled Source filtering brief detail extensive none Flow control status Enabled or Disabled Flow control brief ...

Page 1361: ...nd bps and packets per second pps Input Rate none Output rate in bps and pps Output Rate detail extensive Date time and how long ago the statistics for the interface were cleared The format is year month day hour minute second timezone weekswdaysd hours minutes seconds ago For example 2010 05 17 07 51 28 PDT 00 04 33 ago Statistics last cleared detail extensive Number and rate of bytes and packets...

Page 1362: ... are smaller than the runt threshold Policed discards Number of frames that the incoming packet match code discarded because they were not recognized or not of interest Usually this field reports protocols that the Junos OS does not handle L3 incompletes Number of incoming packets discarded because they failed Layer 3 sanity checks of the header For example a frame with less than 20 bytes of avail...

Page 1363: ...lue in this field should never increment If it does it is most likely a software bug or possibly malfunctioning hardware FIFO errors Number of FIFO errors in the send direction as reported by the ASIC on the PIC If this value is ever nonzero the PIC is probably malfunctioning HS link CRC errors Number of errors on the high speed links between the ASICs responsible for handling the switch interface...

Page 1364: ...l frames Number of MAC control frames MAC pause frames Number of MAC control frames with pause operational code Oversized frames Number of frames that exceed 1518 octets Jabber frames Number of frames that were longer than 1518 octets excluding framing bits but including FCS octets and had either an FCS error or an alignment error This definition of jabber is different from the definition in IEEE ...

Page 1365: ... queue Possible values are none and exact If exact is configured the queue transmits only up to the configured bandwidth even if excess bandwidth is available If none is configured the queue transmits beyond the configured bandwidth if bandwidth is available CoS Information Fields for Logical Interfaces brief detail extensive none Name of the logical interface Logical interface detail extensive no...

Page 1366: ...utput filters applied to this interface Output Filters detail extensive Information about protocol family flags If unicast reverse path forwarding RPF is explicitly configured on the specified interface the uRPF flag is displayed If unicast RPF was configured on a different interface and therefore is enabled on all switch interfaces but was not explicitly configured on the specified interface the ...

Page 1367: ...al interface xe 4 1 0 0 Index 66 SNMP ifIndex 417 Flags SNMP Traps Encapsulation ENET2 Input packets 0 Output packets 0 Protocol eth switch Flags None show interfaces xe 0 1 0 brief user switch show interfaces xe 0 1 0 brief Physical interface xe 0 1 0 Enabled Physical link is Up Link level type Ethernet MTU 1514 Speed 1000mbps Loopback Disabled Source filtering Disabled Flow control Enabled Devic...

Page 1368: ...s Input bytes 0 Output bytes 0 Input packets 0 Output packets 0 Transit statistics Input bytes 0 0 bps Output bytes 0 0 bps Input packets 0 0 pps Output packets 0 0 pps Protocol eth switch Generation 174 Route table 0 Flags None Input Filters f1 Output Filters f2 show interfaces xe 6 0 39 extensive user switch show interfaces xe 6 0 39 extensive Physical interface xe 6 0 39 Enabled Physical link i...

Page 1369: ... in use Queue counters Queued packets Transmitted packets Dropped packets 0 best effort 0 333760130103 0 1 assured forw 0 0 0 2 mcast be 0 274948977 0 3 queue3 0 0 0 4 mcast ef 0 0 0 5 expedited fo 0 0 0 6 mcast af 0 0 0 7 network cont 0 46613 0 PFE Egress queues 8 supported 8 in use Queue counters Queued packets Transmitted packets Dropped packets 0 best effort 0 737867061290 5595302082 1 assured...

Page 1370: ...gs SNMP Traps 0x0 Encapsulation ENET2 Traffic statistics Input bytes 0 Output bytes 9375416 Input packets 0 Output packets 48901 Local statistics Input bytes 0 Output bytes 9375416 Input packets 0 Output packets 48901 Transit statistics Input bytes 0 0 bps Output bytes 0 0 bps Input packets 0 0 pps Output packets 0 0 pps Protocol eth switch Generation 1937 Route table 0 Flags Trunk Mode Copyright ...

Page 1371: ...Description Field Name Name of the IPv6 interface IPv6 Address Link layer address Linklayer Address State of the link up down incomplete reachable stale or unreachable State Number of seconds until the entry expires Exp Whether the neighbor is a routing device yes or no Rtr Whether this entry was created using the Secure Neighbor Discovery SEND protocol yes or no Secure Name of the interface Inter...

Page 1372: ...Speed Uplinks with LACP Between a Virtual Chassis Access Switch and a Virtual Chassis Distribution Switch on page 977 Configuring Aggregated Ethernet Interfaces CLI Procedure on page 1157 Configuring Aggregated Ethernet LACP CLI Procedure on page 1161 Understanding Aggregated Ethernet Interfaces and LACP on page 1099 Junos OS Network Interfaces Configuration Guide at http www juniper net techpubs ...

Page 1373: ...Yes indicates collection of incoming frames on the link is currently enabled and is not expected to be disabled Otherwise the value is No Syn Synchronization If the value is Yes the link is considered synchronized It has been allocated to the correct link aggregation group the group has been associated with a compatible aggregator and the identity of the link aggregation group is consistent with t...

Page 1374: ...e Mux State State of the multiplexer state machine for the aggregation port The state is one of the following values Attached Multiplexer state machine initiates the process of attaching the port to the selected aggregator Collecting Yes indicates that the receive function of this link is enabled with respect to its participation in an aggregation Received frames are passed to the aggregator for c...

Page 1375: ...es No No No Yes Fast Active ge 1 0 2 Partner No Yes No No No Yes Fast Passive LACP protocol Receive State Transmit State Mux State ge 1 0 1FUP CURRENT Fast periodic Collecting distributing ge 1 0 2 CURRENT Fast periodic Collecting distributing ge 1 0 1 active CURRENT Fast periodic Collecting distributing ge 1 0 2 standby CURRENT Fast periodic WAITING LACP Statistics LACP Rx LACP Tx Unknown Rx Ille...

Page 1376: ... interface name Interface name fe fpc pic port or ge fpc pic port Required Privilege Level view List of Sample Output test interface restart auto negotiation on page 1280 Output Fields Use the show interfaces extensive command to see the state for auto negotiation test interface restart auto negotiation test interface restart auto negotiation user host test interface restart auto negotiation fe 1 ...

Page 1377: ...305 Configuring Bridging and VLANs on page 1375 Verifying Bridging and VLAN Configuration on page 1397 Troubleshooting Bridging and VLAN Configuration on page 1407 Configuration Statements for Bridging and VLANs on page 1409 Operational Mode Commands for Bridging and VLANs on page 1469 1281 Copyright 2010 Juniper Networks Inc ...

Page 1378: ...Copyright 2010 Juniper Networks Inc 1282 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1379: ...Ns on EX Series Switches Network switches use Layer 2 bridging protocols to discover the topology of their LAN and to forward traffic toward destinations on the LAN This topic explains the following concepts regarding bridging and VLANs on Juniper Networks EX Series Ethernet Switches Ethernet LANs Transparent Bridging and VLANs on page 1283 How Bridging Works on page 1284 Types of Switch Ports on ...

Page 1380: ...et interfaces on LANs has resulted in exponential increases in traffic on the network The IEEE 802 1D 2004 standard addresses some of the problems caused by the increase in LAN and complexity This standard defines transparent bridging generally called simply bridging Bridging divides a single physical LAN a single broadcast domain into two or more virtual LANs or VLANs Each VLAN is a collection of...

Page 1381: ...t switching table does not contain an entry for the desired destination address the switch uses flooding which is the third bridging mechanism Flooding is how the switch learns about destinations not in its Ethernet switching table If this table has no entry for a particular destination MAC address the switch floods the traffic out all interfaces except the interface on which it was received If tr...

Page 1382: ... single VLAN all traffic has the same 802 1Q tag When an Ethernet LAN is divided into VLANs each VLAN is identified by a unique 802 1Q tag The tag is applied to all frames so that the network nodes receiving the frames know which VLAN the frames belong to Trunk ports which multiplex traffic among a number of VLANs use the tag to determine to origin of frames and where to forward them VLANs 0 and 4...

Page 1383: ... pass traffic within a VLAN the switch uses Layer 2 forwarding protocols including IEEE 802 1Q Spanning Tree Protocol STP and GARP VLAN Registration Protocol GVRP To pass traffic between two VLANs the switch uses standard Layer 3 routing protocols such as static routing OSPF and RIP On EX Series switches the same interfaces that support Layer 2 bridging protocols also support Layer 3 routing proto...

Page 1384: ... routing functions using it to route data to other Layer 3 interfaces The RVI functions as a logical router eliminating the need for having both a switch and a router The RVI the vlan interface must be configured as part of a broadcast domain or virtual private LAN service VPLS routing instance for Layer 3 traffic to be routed out of it The RVI supports IPv4 IPv6 MPLS and IS IS traffic At least on...

Page 1385: ... unicast traffic and for limiting the communication between known hosts NOTE Configuring a voice over IP VoIP VLAN on PVLAN interfaces is not supported In a private VLAN one VLAN is designated the primary VLAN and other VLANs are nested inside that VLAN as secondary VLANs Primary A VLAN used to forward frames downstream to isolated and community VLANs Isolated A secondary VLAN that receives packet...

Page 1386: ...es to isolate customer traffic on your network and to bind customer specific instances to customer owned interfaces Virtual routing and forwarding VRF is often used in conjunction with Layer 3 subinterfaces allowing traffic on a single physical interface to be differentiated and associated with multiple virtual routers Each logical Layer 3 subinterface can belong to only one routing instance EX Se...

Page 1387: ...or example an LLDP session can be run between two Juniper Networks EX Series Ethernet Switches on the secondary link STP is enabled by default on EX Series switches to create a loop free topology When trunk links are placed in a redundant group they cannot be part of an STP topology The Juniper Networks Junos operating system Junos OS for EX Series switches does not allow an interface to be in a r...

Page 1388: ...e 1292 illustrates how the redundant trunk link topology works when the primary link goes down Figure 29 Redundant Trunk Group Link 2 Active Copyright 2010 Juniper Networks Inc 1292 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1389: ... VLAN C VLAN to a service provider s VLAN a customer specific 802 1Q tag is added to the packet This additional tag is used to segregate traffic into service provider defined service VLANs S VLANs The original customer 802 1Q tag of the packet remains and is transmitted transparently passing through the service provider s network As the packet leaves the S VLAN in the downstream direction the extr...

Page 1390: ...t both the interface level and the VLAN level Disabling MAC address learning on an interface disables learning for all the VLANs of which that interface is a member When you disable MAC address learning on a VLAN MAC addresses that have already been learned are flushed If you disable MAC address learning on an interface or a VLAN you cannot include MAC move limiting or 802 1X authentication in tha...

Page 1391: ...n S VLAN to a specific C VLAN on an interface The mapping a specific interface configuration only applies to the configured interface not to all access interfaces as in the cases of the all in one bundling and many to one bundling approaches The mapping a specific interface approach is configured using the mapping option to indicate a specific S VLAN for a given C VLAN The mapping a specific inter...

Page 1392: ...ally create VLANs in switching networks MVRP is an application protocol of the Multiple Registration Protocol MRP and is defined in the IEEE 802 1ak standard MRP and MVRP were designed by IEEE to perform the same functions as Generic Attribute Registration Protocol GARP and GARP VLAN Registration Protocol GVRP while overcoming some GARP and GVRP limitations in particular limitations involving band...

Page 1393: ...y Basics of MVRP on EX Series Switches MVRP is disabled by default on all EX Series switches You can configure MVRP on EX Series switch interfaces to participate in MVRP for the switching network MVRP can only be enabled on trunk interfaces and dynamic VLAN configuration through MVRP is enabled by default when MVRP is enabled MVRP Registration Modes The MVRP registration mode defines whether an in...

Page 1394: ... being declared and is registered Leave VLAN information that was previously registered is being withdrawn LeaveAll All registrations will be de registered Participants that want to participate in MVRP will need to re register New VLAN information is new and possibly not previously registered MVRP Limitations MVRP does not work with all spanning tree protocols on EX Series switches Table 185 on pa...

Page 1395: ...ches L2PT on EX Series switches supports the following Layer 2 protocols 802 1X authentication 802 3ah Operation Administration and Maintenance OAM link fault management LFM NOTE IfyouenableL2PTforuntaggedOAMLFMpackets donotconfigure LFM on the corresponding access interface Cisco Discovery Protocol CDP Ethernet local management interface E LMI GARP VLAN Registration Protocol GVRP Link Aggregation...

Page 1396: ...d Layer 2 protocol is disabled on the access interfaces L2PT only acts on logical interfaces of the family ethernet switching NOTE Access interfaces in an L2PT enabled VLAN should not receive L2PT tunneled PDUs If an access interface does receive L2PT tunneled PDUs it might mean that there is a loop in the network As a result the interface will be shut down L2PT is configured under the edit vlans ...

Page 1397: ...mapping of MAC addresses to IP addresses The switch maintains this mapping in a cache that it consults when forwarding packets to network devices If the ARP cache does not contain an entry for the destination device the host the DHCP client broadcasts an ARP request for that device s address and stores the response in the cache Proxy ARP Overview When proxy ARP is enabled if the switch receives an...

Page 1398: ...e addition or removal of the MAC address This process is known as MAC notification The MAC Notification MIB controls MAC notification for the network management system For general information on the MAC Notification MIB see the Junos OS Network Management Configuration Guide at http www juniper net techpubs software junos index html The MAC notification interval defines how often these SNMP notifi...

Page 1399: ...s enabled the default MAC notification interval is 30 seconds Related Documentation Configuring MAC Notification CLI Procedure on page 1393 Configuring SNMP J Web Procedure on page 3603 1303 Copyright 2010 Juniper Networks Inc Chapter 57 Bridging and VLANs Overview ...

Page 1400: ...Copyright 2010 Juniper Networks Inc 1304 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1401: ...le Configuring Automatic VLAN Administration Using MVRP on EX Series Switches on page 1357 Example Configuring Layer 2 Protocol Tunneling on EX Series Switches on page 1368 Example Setting Up Basic Bridging and a VLAN for an EX Series Switch EX Series switches use bridging and virtual LANs VLANs to connect network devices in a LAN desktop computers IP telephones printers file servers wireless acce...

Page 1402: ...ll interfaces are in access mode and all interfaces belong to a VLAN called default which is automatically configured When you plug access devices such as desktop computers Avaya IP telephones file servers printers and wireless access points into the switch they are joined immediately into the default VLAN and the LAN is up and running The topology used in this example consists of one EX4200 24T s...

Page 1403: ...do not need to perform any other configuration on the switch to set up bridging and VLANs To use the switch simply plug the Avaya IP phones into the PoE enabled ports ge 0 0 1 through ge 0 0 7 and plug in the PCs file servers and printers to the non PoE ports ge 0 0 8 through ge 0 0 12 and ge 0 0 17 through ge 0 0 20 Step by Step Procedure To configure bridging and VLANs 1 Make sure the switch is ...

Page 1404: ...rnet switching ge 0 0 1 unit 0 family ethernet switching ge 0 0 2 unit 0 family ethernet switching ge 0 0 3 unit 0 family ethernet switching ge 0 0 4 unit 0 family ethernet switching ge 0 0 5 unit 0 family ethernet switching ge 0 0 6 unit 0 family ethernet switching ge 0 0 7 unit 0 family ethernet switching Copyright 2010 Juniper Networks Inc 1308 Complete Software Guide for Junos OS for EX Series...

Page 1405: ...unit 0 family ethernet switching ge 0 0 13 unit 0 family ethernet switching ge 0 0 14 unit 0 family ethernet switching ge 0 0 15 unit 0 family ethernet switching ge 0 0 16 unit 0 family ethernet switching ge 0 0 17 unit 0 family ethernet switching ge 0 0 18 unit 0 family ethernet switching 1309 Copyright 2010 Juniper Networks Inc Chapter 58 Examples Bridging and VLAN Configuration ...

Page 1406: ...ly ethernet switching ge 0 1 0 unit 0 family ethernet switching xe 0 1 0 unit 0 family ethernet switching ge 0 1 1 unit 0 family ethernet switching xe 0 1 1 unit 0 family ethernet switching ge 0 1 2 unit 0 family ethernet switching ge 0 1 3 unit 0 family ethernet switching Copyright 2010 Juniper Networks Inc 1310 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1407: ...0 ge 0 0 16 0 ge 0 0 17 0 ge 0 0 18 0 ge 0 0 19 0 ge 0 0 20 0 ge 0 0 21 0 ge 0 0 22 0 ge 0 0 23 0 ge 0 1 0 0 ge 0 1 1 0 ge 0 1 2 0 ge 0 1 3 0 mgmt me0 0 Meaning The show vlans command lists the VLANs configured on the switch This output shows that the VLAN default has been created Verifying That Interfaces Are Associated with the Proper VLANs Purpose Verify that Ethernet switching is enabled on sw...

Page 1408: ...ve on the interfaces in the VLAN members column The output in this example shows all the connected interfaces ge 0 0 0 through ge 0 0 12 and ge 0 0 17 through ge 0 0 20 and that they are all part of VLAN default Notice that the interfaces listed are the logical interfaces not the physical interfaces For example the output shows ge 0 0 0 0 instead of ge 0 0 0 This is because Junos OS creates VLANs ...

Page 1409: ...g separate network segments reduces the span of the broadcast domain and allows you to group related users and network resources without being limited by physical cabling or by the location of a network device in the building or on the LAN This example shows a simple configuration to illustrate the basic steps for creating two VLANs on a single switch One VLAN called sales is for the sales and mar...

Page 1410: ...cedure to add more LAN devices Configuration Configure Layer 2 switching for two VLANs CLI Quick Configuration To quickly configure Layer 2 switching for the two VLANs sales and support and to quickly configure Layer 3 routing of traffic between the two VLANs copy the following commands and paste them into the switch terminal window edit set interfaces ge 0 0 0 unit 0 description Sales wireless ac...

Page 1411: ...t interfaces ge 0 0 22 unit 0 user switch set description Sales printer port user switch set family ethernet switching vlan members sales 4 Configure the interface for the file server in the sales VLAN edit interfaces ge 0 0 20 unit 0 user switch set description Sales file server port user switch set family ethernet switching vlan members sales 5 Configure the interface for the wireless access poi...

Page 1412: ...terface edit vlans user switch set sales l3 interface user switch set support l3 interface vlan 1 Display the results of the configuration user switch show configuration interfaces ge 0 0 0 unit 0 description Sales wireless access point port family ethernet switching vlan members sales ge 0 0 3 unit 0 description Sales phone port family ethernet switching vlan members sales ge 0 0 22 unit 0 descri...

Page 1413: ...46 unit 0 description Support file server port family ethernet switching vlan members support vlans unit 0 family inet address 192 0 2 0 25 unit 1 family inet address 192 0 2 128 25 vlans sales vlan id 100 interface ge 0 0 0 0 interface ge 0 0 3 0 interface ge 0 0 20 0 interface ge 0 0 22 0 l3 interface vlan 0 support vlan id 200 interface ge 0 0 24 0 interface ge 0 0 26 0 interface ge 0 0 44 0 in...

Page 1414: ...rfaces on the switch are members of the correct VLAN Action List all VLANs configured on the switch Use the operational mode commands user switch show vlans Name Tag Interfaces default ge 0 0 1 0 ge 0 0 2 0 ge 0 0 4 0 ge 0 0 5 0 ge 0 0 6 0 ge 0 0 7 0 ge 0 0 8 0 ge 0 0 9 0 ge 0 0 10 0 ge 0 0 11 0 ge 0 0 12 0 ge 0 0 13 0 ge 0 0 14 0 ge 0 0 15 0 ge 0 0 16 0 ge 0 0 17 0 ge 0 0 18 0 ge 0 0 19 0 ge 0 0 ...

Page 1415: ...route traffic to each other Verifying That Traffic Is Being Switched Between the Two VLANs Purpose Verify that learned entries are being added to the Ethernet switching table Action List the contents of the Ethernet switching table user switch show ethernet switching table Ethernet switching table 8 entries 5 learned VLAN MAC address Type Age Interfaces default Flood All members default 00 00 05 0...

Page 1416: ...P which has twenty four 1 Gigabit Ethernet ports all of which support Power over Ethernet PoE and an uplink module with four 1 Gigabit Ethernet ports Junos OS Release 9 0 or later for EX Series switches Before you connect an access switch to a distribution switch be sure you have Installed the two switches See Installing and Connecting an EX3200 or EX4200 Switch Performed the initial software conf...

Page 1417: ... 4SFP Access switch hardware EX4200 24F 24 1 Gigabit Ethernet fiber SPF ports ge 0 0 0 through ge 0 0 23 one 2 port 10 Gigabit Ethernet XFP uplink module EX UM 4SFP Distribution switch hardware sales tag 100 support tag 200 VLAN names and tag IDs sales 192 0 2 0 25 addresses 192 0 2 1 through 192 0 2 126 support 192 0 2 128 25 addresses 192 0 2 129 through 192 0 2 254 VLAN subnets On the access sw...

Page 1418: ...rfaces ge 0 0 26 unit 0 description Support phone port set interfaces ge 0 0 26 unit 0 family ethernet switching vlan members support set interfaces ge 0 0 44 unit 0 description Support printer port set interfaces ge 0 0 44 unit 0 family ethernet switching vlan members support set interfaces ge 0 0 46 unit 0 description Support file server port set interfaces ge 0 0 46 unit 0 family ethernet switc...

Page 1419: ... description Support VLAN user access switch set vlan id 200 user access switch set l3 interface vlan 1 6 Create the subnet for the sales broadcast domain edit interfaces user access switch set vlan unit 0 family inet address 192 0 2 1 25 7 Create the subnet for the support broadcast domain edit interfaces user access switch set vlan unit 1 family inet address 192 0 2 129 25 8 Configure the interf...

Page 1420: ...s and support VLANs edit vlans user access switch set sales vlan description Sales VLAN user access switch set sales vlan id 100 user access switch set support vlan description Support VLAN user access switch set support vlan id 200 11 To route traffic between the sales and support VLANs and associate a Layer 3 interface with each VLAN edit vlans user access switch set sales l3 interface vlan 0 us...

Page 1421: ... ge 0 0 44 unit 0 description Support printer port family ethernet switching vlan members sales ge 0 0 46 unit 0 description Support file server port family ethernet switching vlan members support ge 0 1 0 unit 0 description Uplink module port connection to distribution switch family ethernet switching port mode trunk vlan members sales support native vlan id 1 vlan unit 0 family inet address 192 ...

Page 1422: ...upport set interfaces ge 0 0 0 ethernet switching native vlan id 1 set interfaces vlan unit 0 family inet address 192 0 2 2 25 set interfaces vlan unit 1 family inet address 192 0 2 130 25 set vlans sales vlan description Sales VLAN set vlans sales vlan id 100 set vlans sales l3 interface vlan 0 set vlans support vlan description Support VLAN set vlans support vlan id 200 set vlans support l3 inte...

Page 1423: ...0 user distribution switch set l3 interface vlan 1 6 Create the subnet for the sales broadcast domain edit interfaces user distribution switch set vlan unit 0 family inet address 192 0 2 2 25 7 Create the subnet for the support broadcast domain edit interfaces user distribution switch set vlan unit 1 family inet address 192 0 2 130 25 Results Display the results of the configuration user distribut...

Page 1424: ...ANs configured on the switch user switch show vlans Name Tag Interfaces default ge 0 0 1 0 ge 0 0 2 0 ge 0 0 4 0 ge 0 0 5 0 ge 0 0 6 0 ge 0 0 7 0 ge 0 0 8 0 ge 0 0 9 0 ge 0 0 10 0 ge 0 0 11 0 ge 0 0 12 0 ge 0 0 13 0 ge 0 0 14 0 ge 0 0 15 0 ge 0 0 16 0 ge 0 0 17 0 ge 0 0 18 0 ge 0 0 19 0 ge 0 0 21 0 ge 0 0 23 0 ge 0 0 25 0 ge 0 0 27 0 ge 0 0 28 0 ge 0 0 29 0 ge 0 0 30 0 ge 0 0 31 0 ge 0 0 32 0 ge 0...

Page 1425: ...ociated to interface ge 0 0 0 0 Interface ge 0 0 0 0 is the trunk interface connected to the access switch Related Documentation Example Setting Up Basic Bridging and a VLAN for an EX Series Switch on page 1305 Example Setting Up Bridging with Multiple VLANs for EX Series Switches on page 1312 Example Configure Automatic VLAN Administration Using GVRP on page 1329 Understanding Bridging and VLANs ...

Page 1426: ...figure all VLANs on all switches even though some switches are not actively participating in a VLAN Then enable GVRP on the trunk interface of each switch GVRP ensures that the VLAN membership information on the trunk interface is updated as the switch s access interfaces become active or inactive in the configured VLANs You do not need to take an extra step of explicitly binding a VLAN to the tru...

Page 1427: ... configured to support the three VLANs finance lab sales However the Distribution Switch does not have any access interfaces that are connecting devices as members of these VLANs The Distribution Switch has two trunk interfaces xe 0 1 1 Connects Distribution Switch to Access Switch A xe 0 1 0 Connects Distribution Switch to Access Switch B Figure 31 on page 1331 shows GVRP configured on two access...

Page 1428: ...hus the Distribution Switch does not forward traffic to inactive VLANs Configuring VLANs and GVRP on Access Switch A To configure three VLANs on the switch bind access interfaces for PC1 PC2 and PC3 to the VLANs finance lab sales and enable GVRP on the trunk interface of Access Switch A perform these tasks CLI Quick Configuration To quickly configure Access Switch A to support the three VLANs bind...

Page 1429: ...e VLAN edit user Access Switch A set vlans finance vlan id 100 2 Configure the lab VLAN edit user Access Switch A set vlans lab vlan id 200 3 Configure the sales VLAN edit user Access Switch A set vlans sales vlan id 300 4 Configure an Ethernet interface as a member of the finance VLAN edit does user Access Switch A setinterfacesge 0 0 1unit0familyethernet switching vlan members finance 5 Configur...

Page 1430: ...ernet switching vlan members lab ge 0 0 3 unit 0 family ethernet switching vlan members sales xe 0 1 1 unit 0 family ethernet switching port mode trunk ge 0 1 2 unit 0 family ethernet switching ge 0 1 3 unit 0 family ethernet switching protocols igmp snooping vlan all Copyright 2010 Juniper Networks Inc 1334 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1431: ...gure Access Switch B to support the three VLANs bind interfaces for the two PCs to the appropriate VLANs and enable GVRP on the trunk interface copy the following commands and paste them into the switch terminal window of Switch B edit set vlans finance vlan id 100 set vlans lab vlan id 200 set vlans sales vlan id 300 set interfaces ge 0 0 0 unit 0 family ethernet switching vlan members finance se...

Page 1432: ...1 unit 0 family ethernet switching vlan members lab 6 Configure a trunk interface user Access Switch B set interfaces xe 0 1 0 unit 0 family ethernet switching port mode trunk 7 Enable GVRP on the trunk interface edit user Access Switch B set protocols gvrp xe 0 1 0 0 NOTE As we recommend default GVRP timers are used in this example The default values associated with each GVRP timer are 200 ms for...

Page 1433: ...y ethernet switching ge 0 0 3 unit 0 family ethernet switching ge 0 1 0 unit 0 family ethernet switching xe 0 1 0 unit 0 family ethernet switching port mode trunk ge 0 1 1 unit 0 family ethernet switching xe 0 1 1 unit 0 family ethernet switching ge 0 1 2 unit 0 family ethernet switching 1337 Copyright 2010 Juniper Networks Inc Chapter 58 Examples Bridging and VLAN Configuration ...

Page 1434: ...tion Switch and to enable GVRP on the trunk interface of the Distribution Switch copy the following commands and paste them into the switch terminal window of the Distribution Switch edit set vlans finance vlan id 100 set vlans lab vlan id 200 set vlans sales vlan id 300 set interfaces xe 0 1 1 unit 0 family ethernet switching port mode trunk set interfaces xe 0 1 0 unit 0 family ethernet switchin...

Page 1435: ... 0 familyethernet switching port mode trunk 5 Configure the trunk interface to Access Switch B edit user Distribution Switch setinterfacesxe 0 1 0unit0familyethernet switching port mode trunk 6 Enable GVRP on the trunk interface for xe 0 1 1 edit user Distribution Switch set protocols gvrp interface xe 0 1 1 0 7 Enable GVRP on the trunk interface for xe 0 1 0 edit user Distribution Switch set prot...

Page 1436: ...k ge 0 1 2 unit 0 family ethernet switching ge 0 1 3 unit 0 family ethernet switching protocols igmp snooping vlan all lldp interface all lldp med interface all gvrp interface xe 0 1 0 0 interface xe 0 1 1 0 rstp ethernet switching options storm control interface all level 50 Copyright 2010 Juniper Networks Inc 1340 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1437: ...ch on page 1343 Verifying That GVRP Is Enabled on Access Switch A Purpose Verify that GVRP is enabled on the switch Action Show the GVRP configuration using the show gvrp command user Access Switch A show gvrp Global GVRP configuration GVRP status Enabled GVRP Timers ms Join 200 Leave 600 LeaveAll 10000 Interface Name Protocol Status xe 0 1 1 0 Enabled Meaning The results show that GVRP is enabled...

Page 1438: ... Enabled Meaning The results show that GVRP is enabled on the trunk interface of Switch B and that the default timers are used Verifying That GVRP Is Updating VLAN Membership on Switch B Purpose To verify that GVRP is updating VLAN membership display the Ethernet switching interfaces and associated VLANs that are active on switch B Action List Ethernet switching interfaces on the switch user Acces...

Page 1439: ...tch A Any traffic for those VLANs will be passed on from the Distribution Switch to Access Switch A through interface xe 0 1 1 0 Interface xe 0 1 0 0 connects the Distribution Switch to Access Switch B and is updated to show that it is a member of the two VLANs that are active on Access Switch B Thus the Distribution Switch sends traffic for finance and lab to both Access Switch A and Access Switc...

Page 1440: ...ink For example if the two interfaces are ge 0 1 0 and ge 0 1 1 the software assigns ge 0 1 1 as the active link Whether a primary link is specified as the active link or whether it is calculated by the software traffic is handled in the same manner Traffic passes through the active link but is blocked on the secondary link If the active link goes down or is disabled administratively the secondary...

Page 1441: ...s used in this redundant trunk group Figure 32 Topology for Configuring the Redundant Trunk Links Table 190 Components of the Redundant Trunk Link Topology Settings Property Switch 1 1 EX4200 distribution switch Switch 2 1 EX4200 distribution switch Switch 3 1 EX3200 access switch Switch hardware On Switch 3 access switch ge 0 0 9 0 and ge 0 0 10 0 Trunk port interfaces group1 Redundant trunk grou...

Page 1442: ...t ge 0 0 9 0 as the primary link and ge 0 0 10 as the secondary link edit ethernet switching options user switch set redundant trunk group group name group1 interface ge 0 0 9 0 primary user switch set redundant trunk group group name group1 interface ge 0 0 10 0 Results Display the results of the configuration user switch show ethernet switching options redundant trunk group group name group1 int...

Page 1443: ...ork to another customer site without removing or changing the customer VLAN tags or class of service CoS settings You can configure Q in Q tunneling on EX Series switches This example describes how to set up Q in Q Requirements on page 1347 Overview and Topology on page 1347 Configuration on page 1348 Verification on page 1349 Requirements This example requires one EX Series switch with Junos OS R...

Page 1444: ...net switching options dot1q tunneling ether type 0x9100 Step by Step Procedure To configure Q in Q tunneling 1 Set the VLAN ID for the S VLAN edit vlans user switch set qinqvlan vlan id 4001 2 Enable Q in Q tuennling and specify the customer VLAN ranges edit vlans user switch set qinqvlan dot1q tunneling customer vlans 1 100 user switch set qinqvlan dot1q tunneling customer vlans 201 300 3 Set the...

Page 1445: ...e 0 ge 0 0 11 0 tagged trunk ge 0 0 14 0 tagged trunk ge 0 0 12 0 untagged access ge 0 0 13 0 untagged access Meaning The output indicates that Q in Q tunneling is enabled and that the VLAN is tagged and shows the associated customer VLANs Related Documentation Configuring Q in Q Tunneling CLI Procedure on page 1386 Example Configuring a Private VLAN on an EX Series Switch For security reasons it ...

Page 1446: ...partition the broadcast domain This configuration example shows a simple topology to illustrate how to create a private VLAN with one primary VLAN and two community VLANs one for HR and one for finance as well as two isolated ports for the mail server and the backup server Table 192 on page 1350 lists the settings for the example topology Table 192 Components of the Topology for Configuring a Priv...

Page 1447: ...ce ge 0 0 12 0 set vlans finance comm interface ge 0 0 13 0 set vlans finance comm interface ge 0 0 14 0 set vlans hr comm primary vlan pvlan set vlans finance comm primary vlan pvlan Step by Step Procedure To configure the private VLAN 1 Set the VLAN ID for the primary VLAN edit vlans user switch set pvlan vlan id 1000 2 Set the interfaces and port modes edit interfaces user switch set ge 0 0 0 u...

Page 1448: ... comm interface ge 0 0 14 0 6 For each community VLAN set the primary VLAN edit vlans user switch set hr comm primary vlan pvlan user switch set finance comm primary vlan pvlan 7 Add each isolated interface to the primary VLAN edit vlans user switch set pvlan interface ge 0 0 15 0 user switch set pvlan interface ge 0 0 16 0 Results Check the results of the configuration user switch show configurat...

Page 1449: ...0 0 14 0 untagged access ge 0 0 15 0 untagged access ge 0 0 16 0 untagged access ge 1 0 0 0 tagged trunk Secondary VLANs Isolated 2 Community 2 Isolated VLANs __pvlan_pvlan_ge 0 0 15 0__ __pvlan_pvlan_ge 0 0 16 0__ Community VLANs finance comm hr comm user switch show vlans hr comm extensive VLAN hr comm Created at Tue Sep 16 17 59 47 2008 Internal index 22 Admin State Enabled Origin Static Privat...

Page 1450: ... access ge 1 0 0 0 tagged trunk Meaning The output shows that the primary VLAN was created and identifies the interfaces and secondary VLANs associated with it Related Documentation Creating a Private VLAN CLI Procedure on page 1385 Example UsingVirtualRoutingInstancestoRouteAmongVLANsonEXSeriesSwitches Virtual routing instances allow each EX Series switch to have multiple routing tables on a devi...

Page 1451: ... 1 24 set routing instances r1 instance type virtual router set routing instances r1 interface ge 0 0 1 0 set routing instances r1 interface ge 0 0 3 0 set routing instances r2 instance type virtual router set routing instances r2 interface ge 0 0 2 0 set routing instances r2 interface ge 0 0 3 1 Step by Step Procedure To configure virtual routing instances 1 Create a VLAN tagged interface edit us...

Page 1452: ...e type virtual router interface ge 0 0 1 0 interface ge 0 0 3 0 r2 instance type virtual router interface ge 0 0 2 0 interface ge 0 0 3 1 Verification To confirm that the configuration is working properly perform these tasks Verifying That the Routing Instances Were Created on page 1356 Verifying That the Routing Instances Were Created Purpose Verify that the virtual routing instances were properl...

Page 1453: ...automate VLAN administration you can enable Multiple VLAN Registration Protocol MVRP on the network MVRP can also be used to dynamically create VLANs further simplifying the network overhead required to statically configure VLANs NOTE Only trunk interfaces can be enabled for MVRP This example describes how to use MVRP to automate administration of VLAN membership changes within your network and ho...

Page 1454: ...the benefit of reducing network overhead by limiting the scope of broadcast unknown unicast and multicast BUM traffic to interested devices only When VLAN access interfaces become active or inactive MVRP ensures that the updated information is advertised on the trunk interface Thus in this example distribution Switch C does not forward traffic to inactive VLANs This example shows a network with th...

Page 1455: ...inistration Table 193 on page 1359 explains the components of the example topology Table 193 Components of the Network Topology Settings Property Access Switch A Access Switch B Distribution Switch C Switch hardware finance tag 100 lab tag 200 sales tag 300 VLAN names and tag IDs 1359 Copyright 2010 Juniper Networks Inc Chapter 58 Examples Bridging and VLAN Configuration ...

Page 1456: ... Configuration To quickly configure access Switch A for MVRP copy the following commands and paste them into the switch terminal window of Switch A edit set vlans finance vlan id 100 set vlans lab vlan id 200 set vlans sales vlan id 300 set interfaces ge 0 0 1 unit 0 family ethernet switching vlan members finance set interfaces ge 0 0 2 unit 0 family ethernet switching vlan members lab set interfa...

Page 1457: ...it user Access Switch A set interfaces ge 0 0 2 unit 0 family ethernet switching vlan members lab 6 Configure an Ethernet interface as a member of the sales VLAN edit user Access Switch A set interfaces ge 0 0 3 unit 0 family ethernet switching vlan members sales 7 Configure a trunk interface edit user Access Switch A set interfaces xe 0 1 1 unit 0 family ethernet switching port mode trunk 8 Enabl...

Page 1458: ...interfaces for PC4 and PC5 to the VLANs and enable MVRP on the trunk interface of access Switch B perform these tasks CLI Quick Configuration To quickly configure Access Switch B for MVRP copy the following commands and paste them into the switch terminal window of Switch B edit set vlans finance vlan id 100 set vlans lab vlan id 200 set vlans sales vlan id 300 set interfaces ge 0 0 0 unit 0 famil...

Page 1459: ...hernet interface as a member of the lab VLAN edit user Access Switch B set interfaces ge 0 0 1 unit 0 family ethernet switching vlan members lab 6 Configure a trunk interface user Access Switch B set interfaces xe 0 1 0 unit 0 family ethernet switching port mode trunk 7 Enable MVRP on the trunk interface edit user Access Switch B set protocols mvrp xe 0 1 0 0 NOTE As we recommend as a best practic...

Page 1460: ...k Configuration To quickly configure distribution Switch C for MVRP copy the following commands and paste them into the switch terminal window of distribution Switch C edit set interfaces xe 0 1 1 unit 0 family ethernet switching port mode trunk set interfaces xe 0 1 0 unit 0 family ethernet switching port mode trunk set protocols mvrp interface xe 0 1 1 0 set protocols mvrp interface xe 0 1 0 0 C...

Page 1461: ... 0 1 0 edit user Distribution Switch C set protocols mvrp interface xe 0 1 0 0 Results Check the results of the configuration edit user Distribution Switch D show interfaces xe 0 1 0 unit 0 family ethernet switching port mode trunk xe 0 1 1 unit 0 family ethernet switching port mode trunk protocols mvrp interface xe 0 1 0 0 interface xe 0 1 1 0 Verification To confirm that the configuration is upd...

Page 1462: ...erifying That MVRP Is Updating VLAN Membership on Access Switch A Purpose Verify that MVRP is updating VLAN membership by displaying the Ethernet switching interfaces and associated VLANs that are active on Switch A Action List Ethernet switching interfaces on the switch user Access Switch A show ethernet switching interfaces Interface State VLAN members Blocking ge 0 0 1 0 up finance unblocked ge...

Page 1463: ...et switching interfaces Interface State VLAN members Blocking ge 0 0 0 0 up finance unblocked ge 0 0 1 0 up lab unblocked xe 0 1 1 0 up finance unblocked lab unblocked sales unblocked Meaning MVRP has automatically added finance lab and sales as VLAN members on the trunk interface because they are being advertised by access Switch A Verifying That MVRP Is Enabled on Distribution Switch C Purpose V...

Page 1464: ...e passed on from distribution Switch C to Switch A through interface xe 0 1 1 0 Interface xe 0 1 0 0 connects distribution Switch C to Switch B and is updated to show that it is a member of the two VLANs that are active on Switch B Thus distribution Switch C sends traffic for finance and lab to both Switch A and Switch B But distribution Switch C sends traffic for sales only to Switch A Distributi...

Page 1465: ... Junos OS Release 10 0 or later for EX Series switches Overview and Topology L2PT allows you to send Layer 2 PDUs across a service provider network and deliver them to EX Series switches that are not part of the local broadcast domain Figure34onpage1370showsacustomernetworkthatincludestwositesthatareconnected across a service provider network Site 1 contains three switches connected in a Layer 2 n...

Page 1466: ...Layer 2 protocols Tunneled Layer 2 PDUs do not normally arrive at high rate If the tunneled Layer 2 PDUs do arrive at high rate there might be a problem in the network Typically you would want to shut down the interface that is receiving a high rate of tunneled Layer 2 PDUs so that problem can be isolated However if you do not want to completely shut down the interface you can configure the switch...

Page 1467: ...his is done If L2PT encapsulated packets are received on an access interface the switch reacts as it does when there is a loop between the service provider network and the customer network and shuts down disables the access interface Once an interface is disabled you must explicitly reenable it using the clear ethernet switching layer2 protocol tunneling error command or else the interface will re...

Page 1468: ...s extensive customer 1 VLAN customer 1 Created at Thu Jun 25 05 07 38 2009 802 1Q Tag 100 Internal index 4 Admin State Enabled Origin Static Dot1q Tunneling status Enabled Layer2 Protocol Tunneling status Enabled Protocol Port Mode Mac aging time 300 seconds Number of interfaces Tagged 0 Active 0 Untagged 3 Active 0 ge 0 0 7 0 untagged access ge 0 0 8 0 untagged access ge 0 0 9 0 untagged access C...

Page 1469: ...mer 1 command shows that L2PT is tunneling the STP protocol on VLAN customer 1 the drop threshold is set to 50 and the shutdown threshold is set to 100 The show ethernet switching layer2 protocol tunneling interface command shows the type of operation being performed on each interface the state of each interface and if the state is Shutdown the reason why the interface is shut down Related Documen...

Page 1470: ...Copyright 2010 Juniper Networks Inc 1374 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1471: ...RP J Web Procedure on page 1386 Configuring Redundant Trunk Groups J Web Procedure on page 1388 Configuring Multiple VLAN Registration Protocol MVRP CLI Procedure on page 1389 Configuring Layer 2 Protocol Tunneling on EX Series Switches CLI Procedure on page 1392 Configuring MAC Notification CLI Procedure on page 1393 Configuring Proxy ARP CLI Procedure on page 1395 Configuring VLANs for EX Series...

Page 1472: ...ication number from 1 through 4094 If no value is specified it defaults to 0 VLAN Range Type a number range to create VLANs with IDs corresponding to the range For example the range 2 3 will create two VLANs with the IDs 2 and 3 Specifies the identifier or range for the VLAN VLAN Id Range Enter a brief description for the VLAN Describes the VLAN Description Type the number of seconds from 60 throu...

Page 1473: ...P address and MAC address in the window that is displayed Specifies IPv4 address options for the VLAN IPv4 address Select IPv6 address to enable the IPv6 address options To configure IPv6 1 Enter the IP address for example 2001 ab8 85a3 8a2e 370 7334 2 Specify the subnet mask Specifies IPv6 address options for the VLAN IPv6 address Voip tab Click one Add Select the ports from the available list Re...

Page 1474: ...N ID range for the VLAN edit vlans user switch set vlan name vlan id vlan id number or edit vlans user switch set vlan name vlan range vlan id low vlan id high 5 To specify the maximum time that an entry can remain in the forwarding table before it ages out optional edit vlans user switch set vlan name mac table aging time time 6 To specify a VLAN firewall filter to be applied to incoming or outgo...

Page 1475: ... example to ping the RVI with a packet size of 6000 bytes or more you must explicitly configure the jumbo MTU size on the interface named vlan the RVI CAUTION Setting or deleting the jumbo MTU size on the RVI the vlan interface while the switch is transmitting packets might result in dropped packets To configure the routed VLAN interface RVI 1 Create a Layer 2 VLAN by assigning it a name for examp...

Page 1476: ... 20 0 ge 1 0 30 0 support 111 ge 0 0 18 0 mgmt bme0 32769 bme0 32771 user switch show ethernet switching table Ethernet switching table 1 entries 0 learned VLAN MAC address Type Age Interfaces support 00 19 e2 50 95 a0 Static Router Related Documentation Example Setting Up Bridging with Multiple VLANs for EX Series Switches on page 1312 Example Connecting an Access Switch to a Distribution Switch ...

Page 1477: ... EX Series switches support receiving and forwarding routed or bridged Ethernet frames with 802 1Q VLAN tags The logical interface on which untagged packets are to be received must be configured with the same native VLAN ID as that configured on the physical interface To configure the native VLAN ID using the CLI 1 Configure the port mode so that the interface is in multiple VLANs and can multiple...

Page 1478: ...twork nodes receiving the frames know which VLAN the frames belong to Trunk ports which multiplex traffic among a number of VLANs use the tag to determine the origin of frames and where to forward them For example you could configure the VLAN employee and specify a tag range of 10 12 This creates the following VLANs and tags VLAN employee 10 tag 10 VLAN employee 11 tag 11 VLAN employee 12 tag 12 C...

Page 1479: ...ries of tagged VLANS to an interface by name or by VLAN range have the same result VLANs __employee_120__ through __employee_130__ are created NOTE When a series of VLANs are created using the vlan range command the VLAN names are prefixed and suffixed with a double underscore Related Documentation Verifying That a Series of Tagged VLANs Has Been Created on page 1397 Example Setting Up Basic Bridg...

Page 1480: ...uting instance nameinterfaceinterface name logical unit number 3 Create the logical interfaces that are bound to the routing instance To create a logical interface with an IPv4 address edit interfaces user switch set interface name unit logical unit number family inet address ip address To create a logical interface with an IPv6 address edit interfaces user switch set interface name unit logical u...

Page 1481: ...t the primary VLAN to have no local switching NOTE The primary VLAN must be a tagged VLAN edit vlans user switch set primary vlan name no local switching 2 For each community VLAN configure access interfaces NOTE The secondary VLANs must be untagged VLANs edit vlans user switch set community vlan name interface interface name 3 For each community VLAN set the primary VLAN edit vlans user switch se...

Page 1482: ...dress learning on the S VLAN optional edit vlans user switch set s vlan name no mac learning Related Documentation Example Setting Up Q in Q Tunneling on EX Series Switches on page 1347 Verifying That Q in Q Tunneling Is Working on page 1400 Understanding Q in Q Tunneling on EX Series Switches on page 1293 Configuring GVRP J Web Procedure As a network expands and the number of clients and VLANs in...

Page 1483: ...odify GVRP timers click Global Settings For modifying GVRP Timer settings for the interface enter information as described in Table 195 on page 1387 4 Click OK to apply changes to the configuration or click Cancel to cancel without saving changes To disable an interface select the interface and click Disable Port Table 195 GVRP Timer Settings Your Action Function Field Type a number Specifies the ...

Page 1484: ...uration To configure an RTG using the J Web interface 1 Select Configure Switching RTG The RTG Configuration page displays a list of existing RTGs If you select a specific RTG the details of the selected RTG are displayed in the Details of group section NOTE After you make changes to the configuration in this page you must commit the changes for them to take effect To commit all changes to the act...

Page 1485: ... for Faster Recovery on page 1343 Understanding Redundant Trunk Links on EX Series Switches on page 1291 Configuring Multiple VLAN Registration Protocol MVRP CLI Procedure MultipleVLANRegistrationProtocol MVRP isusedtomanagedynamicVLANregistration in a LAN You can use MVRP on EX Series switches MVRP is disabled by default on EX Series switches To enable MVRP or set MVRP options follow these instru...

Page 1486: ...efine the amount of time an interface waits to join or leave MVRP or to send or process the MVRP information for the switch after receiving an MVRP PDU The join timer controls the amount of time the switch waits to accept a registration request the leave timer controls the period of time that the switch waits in the Leave state before changing to the unregistered state and the leaveall timer contr...

Page 1487: ...e participates in MVRP when MVRP is enabled on the switch An interface in forbidden registration mode does not participate in MVRP even if MVRP is enabled on the switch To set all interfaces to forbidden registration mode edit protocols mvrp user switch set interface all registration forbidden To set one interface to forbidden registration mode edit protocols mvrp user switch set interface xe 0 0 ...

Page 1488: ...r of packets tunneled per second might be limited by other factors You can specify a drop threshold value without specifying a shutdown threshold value and you can specify a shutdown threshold value without specifying a drop threshold value If you specify both threshold values then the drop threshold value must be less than or equal to the shutdown threshold value If the drop threshold value is gr...

Page 1489: ...value If the shutdown threshold value is less than the drop threshold value and you to try to commit the configuration changes the commit will fail edit user switch set vlans customer 1 dot1q tunneling layer2 protocol tunneling stp shutdown threshold 100 NOTE Once an interface is disabled you must explicitly reenable it using the clear ethernet switching layer2 protocol tunneling error command Oth...

Page 1490: ...on interval here the MAC notification interval is set to 60 seconds edit ethernet switching options user switch set mac notification notification interval 60 Disabling MAC Notification MAC Notification is disabled by default Perform this procedure only if MAC notification was previously enabled on your switch To disable MAC notification on the switch edit ethernet switching options user switch del...

Page 1491: ...tricted mode the switch is not a proxy if the source and target IP addresses are on the same subnet If you use unrestricted mode disable gratuitous ARP requests on the interface to avoid the situation of the switch s response to a gratuitous ARP request appearing to the host to be an indication of an IP conflict To configure proxy ARP on a routed VLAN interface RVI edit interfaces user switch set ...

Page 1492: ...Copyright 2010 Juniper Networks Inc 1396 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1493: ...ge 1405 Verifying That Proxy ARP Is Working Correctly on page 1406 Verifying That a Series of Tagged VLANs Has Been Created Purpose Verify that a series of tagged VLANs is created on the switch Action Display the VLANs in the ascending order of their VLAN ID user switch show vlans sort by tag Name Tag Interfaces __employee_120__ 120 ge 0 0 22 0 __employee_121__ 121 ge 0 0 22 0 __employee_122__ 122...

Page 1494: ...loyee_129__ 129 ge 0 0 22 0 __employee_130__ 130 ge 0 0 22 0 Display the VLANs by specifying the VLAN range name here the VLAN range name is employee user switch show vlans employee Name Tag Interfaces __employee_120__ 120 ge 0 0 22 0 __employee_121__ 121 ge 0 0 22 0 __employee_122__ 122 ge 0 0 22 0 __employee_123__ 123 ge 0 0 22 0 __employee_124__ 124 ge 0 0 22 0 __employee_125__ 125 ge 0 0 22 0 ...

Page 1495: ...mmand to list all of the routing instances and their properties 1 user switch show route instance Instance Type Primary RIB Active holddown hidden master forwarding inet 0 3 0 0 __juniper_private1__ forwarding __juniper_private1__ inet 0 1 0 3 __juniper_private2__ forwarding instance1 forwarding r1 virtual router r1 inet 0 1 0 0 r2 virtual router r2 inet 0 1 0 0 2 Use the show route forwarding tab...

Page 1496: ...VLAN configurations 1 user switch show configuration vlans svlan vlan id 300 dot1q tunneling customer vlans 101 200 2 Use the show vlans command to view VLAN information and link status user switch show vlans s vlan name extensive VLAN svlan Created at Thu Oct 23 16 53 20 2008 802 1Q Tag 300 Internal index 2 Admin State Enabled Origin Static Dot1q Tunneling Status Enabled Customer VLAN ranges 101 ...

Page 1497: ...d to view VLAN information and link status user switch show vlans pvlan extensive VLAN pvlan Created at time 802 1Q Tag vlan id Internal index index number Admin State Enabled Origin Static Private VLAN Mode Primary Protocol Port Mode Number of interfaces Tagged 2 Active 0 Untagged 6 Active 0 trunk1 tagged trunk interface a untagged access interface b untagged access interface c untagged access in...

Page 1498: ...ch maintains in its Ethernet switching table These are details about the nodes on the LAN such as VLAN name VLAN ID member interfaces MAC addresses and so on Action To display Ethernet switching details in the J Web interface select Monitor Switching Ethernet Switching To view Ethernet switching details in the CLI enter the following commands show ethernet switching table show vlans show ethernet ...

Page 1499: ...es MAC Learning Log The VLAN name VLAN Name The learned MAC address associated with the VLAN ID MAC Address Timestamp for the time at which when the MAC address was added or deleted from the MAC learning log Time Operating state of the interface Values are Up and Down State Related Documentation Configuring MAC Table Aging CLI Procedure on page 1381 Understanding Bridging and VLANs on EX Series Sw...

Page 1500: ...n page 1386 Example Configure Automatic VLAN Administration Using GVRP on page 1329 Verifying That MVRP Is Working Correctly Purpose After configuring your EX Series switch to participate in MVRP verify that the configuration is properly set and that MVRP messages are being sent and received on your switch Action Confirm that MVRP is enabled on your switch 1 user switch show mvrp Global MVRP confi...

Page 1501: ...Switches on page 1357 Configuring Multiple VLAN Registration Protocol MVRP CLI Procedure on page 1389 Verifying That MAC Notification Is Working Properly Purpose Verify that MAC notification is enabled or disabled and that the MAC notification interval is set to the specified value Action Verify that MAC notification is enabled while also verifying the MAC notification interval setting user switch...

Page 1502: ... source address 0 with source address duplicate to mine 29555 which were not for me 0 packets discarded waiting for resolution 4 packets sent after waiting for resolution 27 ARP requests sent 47 ARP replies sent 0 requests for memory denied 0 requests dropped on entry 0 requests dropped during retry 0 requests dropped due to interface deletion 0 requests on unnumbered interfaces 0 new requests on ...

Page 1503: ...itous ARP packet when switching an IP address from one device to another The switch updates its ARP cache table after receipt of such gratuitous ARP messages and then it also updates its Ethernet switching table However sometimes silent devices such as SYSLOG servers or SNMP Trap receivers that receive UDP traffic but do not return acknowledgement ACK messages to the traffic source do not send gra...

Page 1504: ...ice expire within the times specified by the aging timer values After the entries expire the switch sends a new ARP message to the IP address of the device The device responds to the ARP thereby refreshing the entries in the switch s ARP cache table and Ethernet switching table Related Documentation arp on page 197 mac table aging time on page 1452 Copyright 2010 Juniper Networks Inc 1408 Complete...

Page 1505: ...figuration Statement Hierarchy on page 1422 edit ethernet switching options Configuration Statement Hierarchy ethernet switching options analyzer name loss priority priority ratio number input ingress interface all interface name vlan vlan id vlan name egress interface all interface name output interface interface name vlan vlan id vlan name bpdu block disable timeout timeout interface all interfa...

Page 1506: ...lowed mac log static ip ip address vlan vlan name mac mac address vlan all vlan name arp inspection no arp inspection dhcp option82 circuit id prefix hostname use interface description use vlan id remote id prefix hostname mac none use interface description use string string vendor id string examine dhcp no examine dhcp ip source guard no ip source guard mac move limit limit action action storm co...

Page 1507: ... Redundant Trunk Links on EX Series Switches on page 1291 Understanding Storm Control on EX Series Switches on page 2791 Understanding 802 1X and VoIP on EX Series Switches on page 2542 Understanding Q in Q Tunneling on EX Series Switches on page 1293 Understanding Unknown Unicast Forwarding on EX Series Switches on page 2792 Understanding MAC Notification on EX Series Switches on page 1302 edit i...

Page 1508: ...cted traps no traps vlan id vlan id number vlan tagging ge fpc pic port description text disable ether options 802 3ad aex lacp force up auto negotiation no auto negotiation flow control no flow control link mode mode speed auto negotiation speed hold time up milliseconds down milliseconds mtu bytes no gratuitous arp request traceoptions traps no traps unit logical unit number description text dis...

Page 1509: ...umber description text disable family family name proxy arp restricted unrestricted rpm traps no traps vlan id vlan id number lo0 description text disable hold time up milliseconds down milliseconds traceoptions traps no traps unit logical unit number description text disable family family name traps no traps me0 description text disable hold time up milliseconds down milliseconds no gratuitous ar...

Page 1510: ...bytes no gratuitous arp request traceoptions traps no traps unit logical unit number description text disable family family name traps no traps vlan id vlan id number vlan tagging xe fpc pic port description text disable ether options 802 3ad aex lacp force up auto negotiation no auto negotiation flow control no flow control link mode mode speed auto negotiation speed hold time up milliseconds dow...

Page 1511: ...nterfaces Overview on page 1095 Junos OS Network Interfaces Configuration Guide at http www juniper net techpubs software junos index html edit protocols Configuration Statement Hierarchy protocols connections remote interface switch connection name interface interface name unit number transmit lsp label switched path receive lsp label switched path dot1x authenticator authentication profile name ...

Page 1512: ...le no world readable match regex flag flag detail disable receive send vlan vlan id vlan number data forwarding source groups group prefix receiver source vlans vlan list install disable interface interface name immediate leave interface interface name group limit limit multicast router interface static group ip address proxy query interval seconds query last member interval seconds query response...

Page 1513: ...ber interface all interface name disable location elin number civic based what number country code code ca type number ca value value mpls interface all interface name label switched path lsp name to remote provider edge switch path destination address hostname strict loose mstp disable bpdu block on edge bridge priority priority configuration name name forward delay seconds hello time seconds int...

Page 1514: ... forbidden normal no dynamic vlan traceoptions file filename files number size size no stamp world readable no world readable flag flag oam ethernet connectivity fault management action profile profile name default actions interface down linktrace age 30m 10m 1m 30s 10s path database size path database size maintenance domain domain name level number mip half function none default explicit name fo...

Page 1515: ...riod count interface interface name link discovery active passive pdu interval interval event thresholds threshold value remote loopback event thresholds frame errorcount frame period count frame period summary count symbol period count negotiation options allow remote loopback no allow link events rstp disable bpdu block on edge bridge priority priority forward delay seconds hello time seconds in...

Page 1516: ...mple rate number polling interval seconds sample rate number source ip stp disable bridge priority priority forward delay seconds hello time seconds interface all interface name disable bpdu timeout action block alarm cost cost edge mode mode no root port priority priority max age seconds traceoptions file filename files number size size no stamp world readable no world readable flag flag Copyrigh...

Page 1517: ...Series Switches Understanding Server Fail Fallback and 802 1X Authentication on EX Series Switches on page 2536 IGMP Snooping on EX Series Switches Overview on page 2315 Understanding 802 1X and LLDP and LLDP MED on EX Series Switches on page 2540 Understanding MSTP for EX Series Switches on page 1521 Understanding Multiple VLAN Registration Protocol MVRP on EX Series Switches on page 1296 Underst...

Page 1518: ...umber shutdown threshold number filter input filter name filter output filter name interface interface name mapping native push swap policy tag push swap l3 interface vlan logical interface number mac limit number mac table aging time seconds no local switching no mac learning primary vlan vlan name vlan id number vlan range vlan id low vlan id high Related Documentation Example Setting Up Basic B...

Page 1519: ...utes Time interval in minutes between ARP updates In environments where the number of ARP entries to update is high increasing the time between updates can improve system performance Range 5 to 240 minutes Default 20 minutes Required Privilege Level system To view this statement in the configuration system control To add this statement to the configuration Related Documentation For more informatio...

Page 1520: ...termines which bridge becomes the designated bridge for a LAN segment Default 32 768 Options priority Bridge priority It can be set only in increments of 4096 Range 0 through 61 440 Default 32 768 Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation show spanning tree bridge on page 1644 show s...

Page 1521: ...ged packets from access interfaces and assigns the configured S VLAN to the packet range Range of numeric identifiers for VLANs Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation dot1q tunneling on page 1428 ether type on page 1431 Example Setting Up Q in Q Tunneling on EX Series Switches on ...

Page 1522: ...ext description Text to describe the interface It can contain letters numbers and hyphens and can be up to 256 characters long If the text includes spaces enclose the entire text in quotation marks Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation show vlans on page 1507 Example Setting Up B...

Page 1523: ...atement to the configuration Related Documentation show gvrp on page 1497 Example Configure Automatic VLAN Administration Using GVRP on page 1329 disable MVRP Syntax disable Hierarchy Level edit protocols mvrp edit protocols mvrp interface all interface name Release Information Statement introduced in Junos OS Release 10 0 for EX Series switches Description Disable the MVRP configuration on the in...

Page 1524: ... a global value for the Ethertype for Q in Q tunneling Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation dot1q tunneling on page 1429 Example Setting Up Q in Q Tunneling on EX Series Switches on page 1347 Configuring Q in Q Tunneling CLI Procedure on page 1386 Copyright 2010 Juniper Networks...

Page 1525: ...n Q tunneling on the specified VLAN NOTE The VLAN on which you enable Q in Q tunneling must be a tagged VLAN The remaining statements are explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation dot1q tunneling on page 1428 Example Setting Up Q in Q Tunneling on EX Series Switc...

Page 1526: ... commit will fail You can specify a drop threshold value without specifying a shutdown threshold value Default No drop threshold is specified Options number Maximum number of Layer 2 PDUs of the specified protocol that can be received per second on the interfaces in a specified VLAN before the switch begins dropping the Layer 2 PDUs Range 1 through 1000 Required Privilege Level routing To view thi...

Page 1527: ...ppears in the Ethernet type field of the packet It specifies the protocol being transported in the Ethernet frame Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation dot1q tunneling on page 1429 Example Setting Up Q in Q Tunneling on EX Series Switches on page 1347 Configuring Q in Q Tunneling...

Page 1528: ...0 0x88a8 0x9100 interfaces interface name no mac learning mac notification notification interval seconds mac table aging time seconds port error disable disable timeout timeout redundant trunk group group name name interface interface name primary interface interface name secure access port dhcp snooping file location local_pathname remote_URL timeout seconds write interval seconds interface all i...

Page 1529: ...d no ip source guard mac move limit limit action action storm control action shutdown interface all interface name bandwidth bandwidth no broadcast no unknown unicast traceoptions file filename files number no stamp replace size size world readable no world readable flag flag disable unknown unicast forwarding vlan all vlan name interface interface name voip interface all interface name access por...

Page 1530: ... Ethernet switching options The remaining statements are explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Understanding Port Mirroring on EX Series Switches on page 3539 Port Security for EX Series Switches Overview on page 2825 Understanding BPDU Protection for STP RST...

Page 1531: ...t input Apply a firewall filter to VLAN ingress traffic output Apply a firewall filter to VLAN egress traffic Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation Example Configuring Firewall Filters for Port VLAN and Router Traffic on EX Series Switches on page 3039 Configuring Firewall Fi...

Page 1532: ...e must start with a letter and can consist of letters numbers dashes and underscores The remaining options are explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Configuring Redundant Trunk Links for Faster Recovery on page 1343 Understanding Redundant Trunk Links...

Page 1533: ...on the trunk interface is updated as the switch s access interfaces become active or inactive in the configured VLANs The statements are explained separately Default GVRP is disabled by default Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation show gvrp on page 1497 Example Setting Up Bridgi...

Page 1534: ...nterface all interface name enable disable Hierarchy Level edit protocols gvrp Release Information Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure GARP VLAN Registration Protocol GVRP for one or more interfaces Default By default GVRP is disabled Options all All interfaces interface name The list of interfaces to be configured for GVRP The remaining statem...

Page 1535: ...t MVRP is disabled Options all All interfaces on the switch interface name Names of interface to be configured for MVRP The remaining statements are explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Configuring Automatic VLAN Administration Using MVRP on EX Serie...

Page 1536: ...ces in the redundant group as the primary link The interface without this option is the secondary link in the redundant group If a link is not specified as primary the software compares the two links and selects the link with the highest port number as the active link For example if the two interfaces are ge 0 1 0 and ge 0 1 1 the software assigns ge 0 1 1 as the active link Required Privilege Lev...

Page 1537: ...p Hierarchy Level edit vlans vlan name Release Information Statement introduced in Junos OS Release 9 3 for EX Series switches Option mapping introduced in Junos OS Release 9 6 for EX Series switches Option swap introduced in Junos OS Release 10 0 for EX Series switches Description For a specific VLAN configure an interface Options interface name Name of a Gigabit Ethernet interface The remaining ...

Page 1538: ...g on EX Series Switches on page 1293 join timer Syntax join timer milliseconds Hierarchy Level edit protocols gvrp Release Information Statement introduced in Junos OS Release 9 0 for EX Series switches Description For GARP VLAN Registration Protocol GVRP configure the maximum number of milliseconds interfaces must wait before sending VLAN advertisements Default 20 milliseconds Options millisecond...

Page 1539: ...propriate values might cause an imbalance in the operation of MVRP Default 200 milliseconds Options milliseconds Number of milliseconds that the interface must wait before sending MVRP PDUs Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation leave timer on page 1447 leaveall timer on page 1449...

Page 1540: ...d with a set interfacesvlanunit command For the logical interface number use the same number you configure in the unit statement Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation show ethernet switching interfaces on page 1235 show vlans on page 1507 Example Setting Up Basic Bridging and a V...

Page 1541: ...ah IEEE 802 3ah Operation Administration and Maintenance OAM link fault management LFM NOTE IfyouenableL2PTforuntaggedOAMLFMpackets donotconfigure LFM on the corresponding access interface cdp Cisco Discovery Protocol e lmi Ethernet local management interface gvrp GARP VLAN Registration Protocol lacp Link Aggregation Control Protocol NOTE If you enable L2PT for untagged LACP packets do not configu...

Page 1542: ...ntroduced in Junos OS Release 9 0 for EX Series switches Description For GARP VLAN Registration Protocol GVRP configure the number of milliseconds an interface waits after receiving a leave message before the interface leaves the VLAN specified in the message If the interface receives a join message before the timer expires the software keeps the interface in the VLAN Default 60 centiseconds Optio...

Page 1543: ...nappropriate values might cause an imbalance in the operation of MVRP Default 1000 milliseconds Options milliseconds Number of milliseconds that the switch retains a VLAN in the Leave state before the VLAN is unregistered At a minimum set the leave timer interval at twice the join timer interval Required Privilege Level routing To view this statement in the configuration routing control To add thi...

Page 1544: ...e the GVRP state for all its VLANs to a leaving state and remove them unless a Join message is received before the leave timer expires Default 1000 centiseconds Options milliseconds Number of milliseconds Range 5 times leave timer value Default 1000 centiseconds Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration R...

Page 1545: ...ropriate values might cause an imbalance in the operation of MVRP Default 10000 milliseconds Options milliseconds Number of milliseconds between the sending of Leave All messages Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation join timer on page 1443 leave timer on page 1447 Example Config...

Page 1546: ...the forwarding database is the MAC address of the RVI For Aggregated Ethernet bundles using LACP the first MAC address inserted into the forwarding database in the forwarding table is the source address of the protocol packet The switch will therefore not learn MAC addresses other than the automatic addresses when the mac limit is set to 1 and this will cause problems with MAC learning and forward...

Page 1547: ...fication interval MAC notification is enabled with the default MAC notification interval of 30 seconds The remaining statement is explained separately Default MAC notification is disabled by default Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Configuring MAC Notification CLI Procedure ...

Page 1548: ...ified VLAN Default Entries remain in the Ethernet switching table for 300 seconds Options seconds Time that entries remain in the Ethernet switching table before being removed Range 60 through 1 000 000 seconds Default 300 seconds Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation show ethern...

Page 1549: ...ed using the vlan action for a match condition in the firewall filter stanza for firewall filters to map traffic from an interface for a VLAN Options native Maps untagged and priority tagged packets to an S VLAN policy Maps the interface to a firewall filter policy to an S VLAN push Retains the incoming tag and add an additional VLAN tag instead of replacing the original tag swap Swaps the incomin...

Page 1550: ...ber of the VLAN NOTE Each VLAN that is configured must have a specified VLAN ID when youattempttocommittheconfiguration otherwise theconfigurationcommit fails Also all cannot be the name of a VLAN on the switch names Name of one or more VLANs vlan ids Numeric identifier of one or more VLANs For a series of tagged VLANs specify a range for example 10 20 or 10 20 23 27 30 Required Privilege Level in...

Page 1551: ...witches Description Configure Multiple VLAN Registration Protocol MVRP on a trunk interface to ensure that the VLAN membership information on the trunk interface is updated as the switch s access interfaces become active or inactive in the configured VLANs The remaining statements are explained separately Default MVRP is disabled by default Required Privilege Level routing To view this statement i...

Page 1552: ...w this statement in the configuration routing control To add this statement to the configuration Related Documentation show vlans on page 1507 show ethernet switching interfaces on page 1235 Configuring Gigabit Ethernet Interfaces CLI Procedure on page 1153 Configuring Gigabit Ethernet Interfaces J Web Procedure on page 1143 Understanding Bridging and VLANs on EX Series Switches on page 1283 Junos...

Page 1553: ...s a result of MVRP protocol exchange messages is enabled Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Configuring Multiple VLAN Registration Protocol MVRP CLI Procedure on page 1389 no local switching Syntax no local switching Hierarchy Level edit vlans vlan name Release Information Sta...

Page 1554: ...ing Syntax no mac learning Hierarchy Level edit ethernet switching options interfaces interface name Release Information Statement introduced in Junos OS Release 9 5 for EX Series switches Description Disable MAC address learning for the specified interface Disabling MAC address learning on an interface disables learning for all the VLANs of which that interface is a member Options There are no op...

Page 1555: ... the network management server For instance if the MAC notification interval is set to 10 all of the MAC address addition and removal SNMP notifications will be sent to the network management system every 10 seconds Options seconds The MAC notification interval in seconds Range 1 through 60 Default 30 Required Privilege Level routing To view this statement in the configuration routing control To a...

Page 1556: ...perate in trunk mode In this mode the interface can be in multiple VLANs and can multiplex traffic between different VLANs Trunk interfaces typically connect to other switches and to routers on the LAN Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation Example Connecting an Access Switch ...

Page 1557: ...ged TIP To display a list of all configured VLANs on the system including VLANs that are configured but not committed type after vlan or vlans in your configuration mode command line Note that only one VLAN is displayed for a VLAN range Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Examp...

Page 1558: ...ding Redundant Trunk Links on EX Series Switches on page 1291 registration Syntax registration forbidden normal Hierarchy Level edit protocols mvrp interface all interface name Release Information Statement introduced in Junos OS Release 10 0 for EX Series switches Description Specifies the Multiple VLAN Registration Protocol MVRP registration mode for the interface if MVRP is enabled Default norm...

Page 1559: ...ame Name for this routing instance The remaining statements are explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Using Virtual Routing Instances to Route Among VLANs on EX Series Switches on page 1354 Configuring Virtual Routing Instances CLI Procedure on page 1...

Page 1560: ...down threshold value is less than the drop threshold value the drop threshold value has no effect You can specify a shutdown threshold value without specifying a drop threshold value Default No shutdown threshold is specified Options number Maximum number of Layer 2 PDUs of the specified protocol that can be received per second on the interfaces in a specified VLAN before the interface is disabled...

Page 1561: ...age 1283 Junos OS Network Interfaces Configuration Guide at http www juniper net techpubs software junos index html vlan id Syntax vlan id number Hierarchy Level edit vlans vlan name Release Information Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure an 802 1Q tag to apply to all traffic that originates on the VLAN Default If you use the default factory co...

Page 1562: ...e group of VLANs Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Configuring VLANs for EX Series Switches CLI Procedure on page 1378 Configuring VLANs for EX Series Switches J Web Procedure on page 1375 Configuring Routed VLAN Interfaces CLI Procedure on page 1379 Understanding Bridging an...

Page 1563: ... in Junos OS Release 9 4 for EX Series switches Option no mac learning introduced in Junos OS Release 9 5 for EX Series switches Option mapping introduced in Junos OS Release 9 6 for EX Series switches Option swap introduced in Junos OS Release 10 0 for EX Series switches Description Configure VLAN properties on EX Series switches The following configuration guidelines apply Only private VLAN PVLA...

Page 1564: ... for EX Series Switches CLI Procedure on page 1378 Configuring VLANs for EX Series Switches J Web Procedure on page 1375 Configuring Q in Q Tunneling CLI Procedure on page 1386 Creating a Series of Tagged VLANs CLI Procedure on page 1382 Configuring Routed VLAN Interfaces CLI Procedure on page 1379 Understanding Q in Q Tunneling on EX Series Switches on page 1293 Understanding Bridging and VLANs o...

Page 1565: ...CHAPTER 63 Operational Mode Commands for Bridging and VLANs 1469 Copyright 2010 Juniper Networks Inc ...

Page 1566: ...face Required Privilege Level view Related Documentation Example Configuring Layer 2 Protocol Tunneling on EX Series Switches on page 1368 Configuring Layer 2 Protocol Tunneling on EX Series Switches CLI Procedure on page 1392 List of Sample Output clear ethernet switching layer2 protocol tunneling error on page 1470 clear ethernet switching layer2 protocol tunneling error interface ge 0 1 1 0 on ...

Page 1567: ...1368 Configuring Layer 2 Protocol Tunneling on EX Series Switches CLI Procedure on page 1392 List of Sample Output clear ethernet switching layer2 protocol tunneling statistics on page 1471 clear ethernet switching layer2 protocol tunneling error interface ge 0 1 1 0 on page 1471 clear ethernet switching layer2 protocol tunneling error vlan v2 on page 1471 clear ethernet switching clear ethernet s...

Page 1568: ...he specified learned MAC address from the Ethernet switching table management vlan Optional Clear all MAC addresses learned for the management VLAN from the Ethernet switching table Note that you do not specify a VLAN name because only one management VLAN exists vlan vlan name Optional Clear all MAC addresses learned for the specified VLAN from the Ethernet switching table Required Privilege Level...

Page 1569: ... Required Privilege Level clear Related Documentation show spanning tree statistics on page 1662 Example Configure Automatic VLAN Administration Using GVRP on page 1329 List of Sample Output clear gvrp statistics on page 1473 clear gvrp statistics user switch clear gvrp statistics clear gvrp statistics 1473 Copyright 2010 Juniper Networks Inc Chapter 63 Operational Mode Commands for Bridging and V...

Page 1570: ...ics on page 1504 Example Configuring Automatic VLAN Administration Using MVRP on EX Series Switches on page 1357 List of Sample Output clear mvrp statistics on page 1474 clear mvrp statistics interface ge 0 0 1 0 on page 1474 Output Fields When you enter this command you are provided feedback on the status of your request clear mvrp statistics user switch clear mvrp statistics clear mvrp statistic...

Page 1571: ...485 show ethernet switching table on page 1493 Configuring Autorecovery From the Disabled State on Secure or Storm Control Interfaces CLI Procedure on page 2796 List of Sample Output show ethernet switching interfaces on page 1476 show ethernet switching interfaces ge 0 0 15 brief on page 1477 showethernet switchinginterfacesge 0 0 2detail BlockedbyRTGrtggroup onpage1477 show ethernet switching in...

Page 1572: ...isable timeout expires MAC move limit exceeded The interface is temporarily disabled due to a MAC move limiting error The disabled interface is automatically restored to service when the disable timeout expires Storm control in effect The interface is temporarily disabled due to a storm control error The disabled interface is automatically restored to service when the disable timeout expires Block...

Page 1573: ...d 0 blocked by RTG rtggroup Number of MACs learned on IFL 0 show ethernet switching user switch show ethernet switching interfaces ge 0 0 15 detail Interface ge 0 0 15 0 Index 70 State up Port mode Trunk interfaces ge 0 0 15 VLAN membership detail Blocked by STP vlan100 802 1Q Tag 100 tagged msti id 0 blocked by STP vlan200 802 1Q Tag 200 tagged msti id 0 blocked by STP Number of MACs learned on I...

Page 1574: ...tunnelinginterface command Output fields are listed in the approximate order in which they appear Table 200 show ethernet switching layer2 protocol tunneling interface Output Fields Field Description Field Name Name of an interface on the switch Interface Type of operation being performed on the interface Values are Encapsulation and Decapsulation Operation State of the interface Values are active...

Page 1575: ... ge 0 0 0 0 Layer2 Protocol Tunneling information layer2 protocol tunneling interface ge 0 0 0 0 Interface Operation State Description ge 0 0 0 0 Encapsulation Shutdown Shutdown threshold exceeded 1479 Copyright 2010 Juniper Networks Inc Chapter 63 Operational Mode Commands for Bridging and VLANs ...

Page 1576: ...ion clear ethernet switching layer2 protocol tunneling statistics on page 1471 show ethernet switching layer2 protocol tunneling interface on page 1478 show ethernet switching layer2 protocol tunneling vlan on page 1483 show vlans on page 1507 Example Configuring Layer 2 Protocol Tunneling on EX Series Switches on page 1368 Configuring Layer 2 Protocol Tunneling on EX Series Switches CLI Procedure...

Page 1577: ...0 v2 ge 0 0 0 0 cdp Encapsulation 0 0 0 v2 ge 0 0 0 0 gvrp Encapsulation 0 0 0 v2 ge 0 0 0 0 lldp Encapsulation 0 0 0 show ethernet switching user switch show ethernet switching layer2 protocol tunneling statistics interface ge 0 0 0 0 Layer2 Protocol Tunneling Statistics layer2 protocol tunneling statistics interface ge 0 0 0 0 VLAN Interface Protocol Operation Packets Drops Shutdowns v1 ge 0 0 0...

Page 1578: ... Decapsulation 0 0 0 v2 ge 0 0 1 0 mvrp Decapsulation 0 0 0 v2 ge 0 0 1 0 stp Decapsulation 0 0 0 v2 ge 0 0 1 0 vtp Decapsulation 0 0 0 Copyright 2010 Juniper Networks Inc 1482 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1579: ...page 1483 show ethernet switching layer2 protocol tunneling vlan v2 on page 1484 Output Fields Table 202 on page 1483 lists the output fields for the show ethernet switching layer2 protocol tunneling vlan command Output fields are listed in the approximate order in which they appear Table 202 show ethernet switching layer2 protocol tunneling vlan Output Fields Field Description Field Name Name of ...

Page 1580: ...hernet switching user switch show ethernet switching layer2 protocol tunneling vlan v2 Layer2 Protocol Tunneling VLAN information layer2 protocol tunneling vlan v2 VLAN Protocol Drop Shutdown Threshold Threshold v2 cdp 0 0 v2 cdp 0 0 v2 gvrp 0 0 Copyright 2010 Juniper Networks Inc 1484 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1581: ...earning log command Output fields are listed in the approximate order in which they appear Table 203 show ethernet switching mac learning log Output Fields Field Description Field Name Timestamp when the MAC address was added or deleted from the log Date and Time VLAN name A value defined by the user for all user configured VLANs vlan_name Learned MAC address MAC MAC address deleted or added to th...

Page 1582: ...was added Mon Feb 25 08 07 05 2008 vlan_name HR_vlan mac 00 00 00 00 00 00 was added Mon Feb 25 08 07 05 2008 vlan_name employee2 mac 00 00 00 00 00 00 was added Mon Feb 25 08 07 05 2008 vlan_name employee1 mac 00 00 00 00 00 00 was added Mon Feb 25 08 07 05 2008 vlan_name employee2 mac 00 00 05 00 00 05 was learned Mon Feb 25 08 07 05 2008 vlan_name employee1 mac 00 30 48 90 54 89 was learned Mon...

Page 1583: ...ription Field Name Displays the MAC notification status Enabled MAC notification is enabled Disabled MAC notification is disabled Notification Status Displays the MAC notification interval in seconds Notification Interval show ethernet switching show ethernet switching user switch show ethernet switching mac notification Notification Status Enabled Notification Interval 30 mac notification MAC Not...

Page 1584: ...ing messages received from the hardware Total age messages received All levels Aging message indicating that the entry should be removed immediately Immediate aging All levels Aging message indicating that the MAC address has been detected by hardware and that the aging timer should be stopped MAC address seen All levels Aging message indicating that the MAC address has not been detected by the ha...

Page 1585: ...Error age messages 0 Invalid VLAN 0 No such entry 0 Static entry 0 1489 Copyright 2010 Juniper Networks Inc Chapter 63 Operational Mode Commands for Bridging and VLANs ...

Page 1586: ...page 1312 Example Configure Automatic VLAN Administration Using GVRP on page 1329 List of Sample Output show ethernet switching statistics mac learning on page 1491 show ethernet switching statistics mac learning detail on page 1491 show ethernet switching statistics mac learning interface ge 0 0 1 on page 1492 Output Fields Table 206 on page 1490 lists the output fields for the show ethernet swit...

Page 1587: ...s is learned on an interface that does not have a unicast next hop MAC learning disabled The MAC address is learned on an interface on which MAC learning has been disabled Others The message contains some other error Learning message with error show ethernet switching statisticsmac learning user switch show ethernet switching statistics mac learning Learning stats 0 learn msg rcvd 0 error Interfac...

Page 1588: ...terface not learning 0 No nexthop 0 MAC learning disabled 0 Others 0 show ethernet switching user switch show ethernet switching statistics mac learning interface ge 0 0 1 Interface Local pkts Transit pkts Error ge 0 0 1 0 0 1 1 statisticsmac learning interface ge 0 0 1 Copyright 2010 Juniper Networks Inc 1492 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1589: ...in ascending order of VLAN IDs or VLAN names vlan vlan name Optional Display the Ethernet switching table for a specific VLAN Required Privilege Level view Related Documentation clear ethernet switching table on page 1472 Example Setting Up Basic Bridging and a VLAN for an EX Series Switch on page 1305 Example Setting Up Bridging with Multiple VLANs for EX Series Switches on page 1312 Example Conf...

Page 1590: ...ethernet switching table Ethernet switching table 57 entries 17 learned VLAN MAC address Type Age Interfaces F2 Flood All members show ethernet switching table F2 00 00 05 00 00 03 Learn 0 ge 0 0 44 0 F2 00 19 e2 50 7d e0 Static Router Linux Flood All members Linux 00 19 e2 50 7d e0 Static Router Linux 00 30 48 90 54 89 Learn 0 ge 0 0 47 0 T1 Flood All members T1 00 00 05 00 00 01 Learn 0 ge 0 0 4...

Page 1591: ...rn 0 ge 0 0 15 0 T111 00 19 e2 50 7d e0 Static Router T111 00 19 e2 50 ac 00 Learn 0 ge 0 0 15 0 T2 Flood All members T2 00 00 5e 00 01 01 Static Router T2 00 19 e2 50 63 e0 Learn 0 ge 0 0 46 0 T2 00 19 e2 50 7d e0 Static Router T3 Flood All members T3 00 00 5e 00 01 02 Static Router T3 00 19 e2 50 63 e0 Learn 0 ge 0 0 46 0 T3 00 19 e2 50 7d e0 Static Router T4 Flood All members T4 00 00 5e 00 01 ...

Page 1592: ... 0 8 0 ge 0 0 10 0 ge 0 0 0 0 Type Flood Nexthop index 567 VLAN v1 Tag 10 MAC 00 21 59 c6 93 22 Interface Router Type Static Nexthop index 0 VLAN v1 Tag 10 MAC 00 21 59 c9 9a 4e Interface ge 0 0 14 0 Type Learn Age 0 Learned 18 40 50 Nexthop index 564 show ethernet switching user switch show ethernet switching table interface ge 0 0 1 Ethernet switching table 1 unicast entries VLAN MAC address Typ...

Page 1593: ...Name Displays global GVRP information GVRP status Displays whether GVRP is enabledor disabled Join The maximum number of milliseconds the interfaces must wait before sending VLAN advertisements Leave The number of milliseconds an interface must wait after receiving a Leave message to remove the interface from the VLAN specified in the message Leaveall The interval at which Leave All messages are s...

Page 1594: ...Interface based configuration Interface GVRP status ge 0 0 0 0 Enabled Copyright 2010 Juniper Networks Inc 1498 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1595: ... the switch Join Empty received Number of GIP Join In messages received on the switch Join In received Number of GIP Empty messages received on the switch Empty received Number of GIP Leave In messages received on the switch Leave In received Number of GIP Leave Empty messages received on the switch Leave Empty received Number of GIP Leave All messages received on the switch Leave All received Num...

Page 1596: ... received 0 Leave In received 0 Leave Empty received 0 Leave All received 0 Join Empty transmitted 0 Join In transmitted 48 Empty transmitted 4 Leave In transmitted 0 Leave Empty transmitted 0 Leave All transmitted 4 Copyright 2010 Juniper Networks Inc 1500 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1597: ...bal MVRP dynamic VLAN creation is Dnabled or Disabled Global MVRP configuration Displays MVRP timer information Interface The interface on which MVRP is configured Join The maximum number of milliseconds the interfaces must wait before sending VLAN advertisements Leave The number of milliseconds an interface must wait after receiving a Leave message to remove the interface from the VLAN specified ...

Page 1598: ...Interface Join Leave LeaveAll all 200 600 10000 xe 0 1 1 0 200 600 10000 Interface based configuration Interface Status Registration Dynamic VLAN Creation all Disabled Normal Enabled xe 0 1 1 0 Enabled Normal Enabled Copyright 2010 Juniper Networks Inc 1502 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1599: ...how mvrp dynamic vlan memberships on page 1503 Output Fields Table211onpage1503liststheoutputfieldsfortheshowmvrpdynamic vlan memberships command Output fields are listed in the approximate order in which they appear Table 211 show mvrp dynamic vlan memberships Output Fields Field Description Field Name The name of the dynamically created VLAN VLAN Name The interface or interfaces that are bound t...

Page 1600: ...n page 1505 Output Fields Table212onpage1504liststheoutputfieldsfortheshowmvrpstatisticscommand Output fields are listed in the approximate order in which they appear Table 212 show mvrp statistics Output Fields Field Description Field Name Number of MRPDU messages received on the switch MRPDU received Number of invalid MRPDU messages received on the switch InvalidPDUreceived Number of new message...

Page 1601: ...ber of MRP Leave Empty messages sent from the switch Leave transmitted Number of MRP LeaveAll messages sent from the switch LeaveAlltransmitted show mvrp statistics interface xe 0 1 1 0 user switch show mvrp statistics interface xe 0 1 1 0 MVRP statistics MRPDU received 3342 show mvrp statistics interface xe 0 1 1 0 Invalid PDU received 0 New received 2 Join Empty received 1116 Join In received 22...

Page 1602: ...ppear Table 213 show redundant trunk group Output Fields Field Description Field Name Name of the redundant trunk port group Group Name Name of an interface belonging to the trunk port group P denotes a primary interface A denotes an active interface Lack of A denotes a blocking interface Interface Operating state of the interface UP or DOWN State Date and time at which the advertised link became ...

Page 1603: ... configured to support a VoIP VLAN and a data VLAN the show vlans command displays both tagged and untagged membership for those VLANs NOTE When a series of VLANs is created with the vlan range statement such VLAN names are prefixed and suffixed with a double underscore For example a series of VLANs using the VLAN range 1 3 and the base VLAN name marketing are displayed as __marketing_1__ __market...

Page 1604: ... Example Setting Up Q in Q Tunneling on EX Series Switches on page 1347 Understanding Bridging and VLANs on EX Series Switches on page 1283 List of Sample Output show vlans on page 1511 show vlans brief on page 1511 show vlans detail on page 1511 show vlans extensive MAC based on page 1512 show vlans extensive Port based on page 1512 show vlans sort by tag on page 1514 show vlans sort by name on p...

Page 1605: ...ith a VLAN are displayed Numberofinterfaces detail extensive The spanning tree associated with a VLAN STP detail extensive The redundant trunk group associated with a VLAN RTG detail extensive The tagged interfaces to which a VLAN is associated Tagged interfaces detail extensive The untagged interfaces to which a VLAN is associated Untagged interfaces extensive Lists the customer VLAN C VLAN range...

Page 1606: ...ip Temporary VLANs Number of VLANs from the previous configuration that the system retains for a limited time after restart Temporary VLANs are converted into one of the other types of VLAN or are removed from the system if the current configuration does not require them VLANs summary All levels 802 1Q VLAN counts Total Total number of 802 1Q VLANs on the switch Tagged VLANs Number of tagged 802 1...

Page 1607: ...0 ge 0 0 27 0 ge 0 0 26 0 ge 0 0 25 0 ge 0 0 19 0 ge 0 0 18 0 ge 0 0 17 0 ge 0 0 16 0 ge 0 0 15 0 ge 0 0 14 0 ge 0 0 13 0 ge 0 0 11 0 ge 0 0 9 0 ge 0 0 8 0 ge 0 0 3 0 ge 0 0 2 0 ge 0 0 1 0 v0001 1 ge 0 0 24 0 ge 0 0 23 0 ge 0 0 22 0 ge 0 0 21 0 v0002 2 None v0003 3 None v0004 4 None v0005 5 None show vlans brief user switch show vlans brief Ports Name Tag Address Active Total default None 0 23 v00...

Page 1608: ... Tagged interfaces None VLAN vlan4000 802 1Q Tag Untagged Admin State Enabled MAC learning Status Disabled Number of interfaces 0 Active 0 show vlans extensive MAC based user switch show vlans extensive VLAN default Created at Thu May 15 13 43 09 2008 Internal index 3 Admin State Enabled Origin Static Protocol Port Mode Mac aging time 300 seconds Number of interfaces Tagged 0 Active 0 Untagged 2 A...

Page 1609: ...ntagged access ge 0 0 2 0 untagged access ge 0 0 1 0 untagged access Secondary VLANs Isolated 1 Community 1 Isolated VLANs __pvlan_pvlan_ge 0 0 3 0__ Community VLANs comm1 VLAN v0001 created at Mon Feb 4 12 13 47 2008 Tag 1 Internal index 1 Admin state Enabled Origin static Description None Protocol Port based Layer 3 interface None IP addresses None STP None RTG None Number of interfaces Tagged 4...

Page 1610: ...None __vlan x_8__ 8 None __vlan x_9__ 9 None __vlan x_10__ 10 None __vlan x_11__ 11 None __vlan x_12__ 12 None __vlan x_13__ 13 None __vlan x_14__ 14 None __vlan x_15__ 15 None __vlan x_16__ 16 None __vlan x_17__ 17 None __vlan x_18__ 18 None __vlan x_19__ 19 None __vlan x_20__ 20 None show vlans sort by name user switch show vlans sort by name Name Tag Interfaces __employee_120__ 120 ge 0 0 22 0 ...

Page 1611: ...124 ge 0 0 22 0 __employee_125__ 125 ge 0 0 22 0 __employee_126__ 126 ge 0 0 22 0 __employee_127__ 127 ge 0 0 22 0 __employee_128__ 128 ge 0 0 22 0 __employee_129__ 129 ge 0 0 22 0 __employee_130__ 130 ge 0 0 22 0 show vlans summary user switch show vlans summary VLANs summary Total 8 Configured VLANs 5 Internal VLANs 1 Temporary VLANs 0 Dot1q VLANs summary Total 8 Tagged VLANs 2 Untagged VLANs 6 ...

Page 1612: ...Copyright 2010 Juniper Networks Inc 1516 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1613: ...Protocols Configuration on page 1527 Configuring Spanning Tree Protocols on page 1579 Verifying Spanning Tree Protocols on page 1587 Configuration Statements for Spanning Tree Protocols on page 1591 Operational Mode Commands for Spanning Tree Protocols on page 1635 1517 Copyright 2010 Juniper Networks Inc ...

Page 1614: ...Copyright 2010 Juniper Networks Inc 1518 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1615: ... convergence times than STP However some legacy networks require the slower convergence times of basic STP If your network includes 802 1D 1998 bridges you can remove RSTP and explicitly configure STP See Configuring STP CLI Procedure on page 1580 When you explicitly configure STP the EX Series switches use the IEEE 802 1D 2004 specification force version 0 This configuration runs a version of RST...

Page 1616: ...rovide better reconvergence time than that provided by the base Spanning Tree Protocol STP RSTP identifies certain links as point to point When a point to point link fails the alternate link can transition to the forwarding state Although STP provides basic loop prevention functionality it does not provide fast network convergence when there are topology changes STP s process to determine network ...

Page 1617: ...EEE 802 1D 2004 specification VSTP and RSTP can be configured concurrently You can selectively configure up to 253 VLANs using VSTP the remaining VLANs will be configured using RSTP VSTP and RSTP are the only spanning tree protocols that can be configured concurrently on the switch Related Documentation Understanding STP for EX Series Switches on page 1519 Understanding MSTP for EX Series Switches...

Page 1618: ...er a user bridge application running on a PC can also generate BPDUs If these BPDUs are picked up by STP applications running on the switch they can trigger STP miscalculations and those miscalculations can lead to network outages Enable BPDU protection on switch interfaces connected to user devices or on interfaces on which no BPDUs are expected such as edge ports If BPDUs are received on a prote...

Page 1619: ...l type of frame called bridge protocol data unit BPDU Peer STP applications running on the switch interfaces use BPDUs to communicate Ultimately the exchange of BPDUs determines which interfaces block traffic preventing loops and which interfaces become root ports and forward traffic However a blocking interface can transition to the forwarding state in error if the interface stops receiving BPDUs...

Page 1620: ...t elected through this process has the possibility of being wrongly elected A user bridge application running on a PC can generate BPDUs too and interfere with root port election Root protection allows network administrators to manually enforce the root bridge placement in the network Enable root protection on interfaces that should not receive superior BPDUs from the root bridge and should not be...

Page 1621: ...apid Spanning Tree Protocol RSTP instances for each VLAN on which VSTP is enabled For networks with multiple VLANs VSTP improves intelligent tree spanning by defining best paths within the VLANs instead of within the entire network You can configure VSTP for a maximum of 253 VLANs If you need to run a spanning tree protocol on more than 253 VLANs you must configure VSTP and RSTP concurrently When ...

Page 1622: ...Copyright 2010 Juniper Networks Inc 1526 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1623: ...Trees on EX Series Switches on page 1573 Example Configuring Faster Convergence and Improving Network Stability with RSTP on EX Series Switches EX Series switches use Rapid Spanning Tree Protocol RSTP to provide a loop free topology RSTP identifies certain links as point to point When a point to point link fails the alternate link can transition to the forwarding state RSTP provides better reconve...

Page 1624: ...witches See Installing and Connecting an EX3200 or EX4200 Switch Overview and Topology In this example four EX Series switches are connected in the topology displayed in Figure 35 on page 1528 to create a loop free topology Figure 35 Network Topology for RSTP The interfaces shown in Table 215 on page 1529 will be configured for RSTP NOTE You can configure RSTP on logical or physical interfaces Thi...

Page 1625: ...LAN names and tag IDs This configuration example creates a loop free topology between four EX Series switches using RSTP An RSTP topology contains ports that have specific roles The root port is responsible for forwarding data to the root bridge The alternate port is a standby port for the root port When a root port goes down the alternate port becomes the active root port The designated port forw...

Page 1626: ... 9 0 cost 1000 set protocols rstp interface ge 0 0 9 0 mode point to point set protocols rstp interface ge 0 0 11 0 cost 1000 set protocols rstp interface ge 0 0 11 0 mode point to point Step by Step Procedure To configure interfaces and RSTP on Switch 1 1 Configure the VLANs voice vlan employee vlan guest vlan and camera vlan edit vlans user switch1 set voice vlan description Voice VLAN user swit...

Page 1627: ...cost 1000 user switch1 rstp interface ge 0 0 11 0 mode point to point Results Check the results of the configuration user switch1 show configuration interfaces ge 0 0 13 unit 0 family ethernet switching port mode trunk vlan members 10 20 30 40 ge 0 0 9 unit 0 family ethernet switching port mode trunk vlan members 10 20 30 40 ge 0 0 11 unit 0 family ethernet switching port mode trunk vlan members 1...

Page 1628: ... VLAN set vlans guest vlan vlan id 30 set vlans camera vlan description Camera VLAN set vlans camera vlan vlan id 40 set interfaces ge 0 0 14 unit 0 family ethernet switching vlan members 10 20 30 40 set interfaces ge 0 0 18 unit 0 family ethernet switching vlan members 10 20 30 40 set interfaces ge 0 0 14 unit 0 family ethernet switching port mode trunk set interfaces ge 0 0 18 unit 0 family ethe...

Page 1629: ...e 0 0 18 unit 0 family ethernet switching vlan members 10 20 30 40 3 Configure the port mode for the interfaces edit interfaces user switch2 set ge 0 0 14 unit 0 family ethernet switching port mode trunk user switch2 set ge 0 0 18 unit 0 family ethernet switching port mode trunk 4 Configure RSTP on the switch edit protocols user switch2 rstp bridge priority 32k user switch2 rstp interface ge 0 0 1...

Page 1630: ...set vlans guest vlan description Guest VLAN set vlans guest vlan vlan id 30 set vlans camera vlan description Camera VLAN set vlans camera vlan vlan id 40 set interfaces ge 0 0 26 unit 0 family ethernet switching vlan members 10 20 30 40 set interfaces ge 0 0 28 unit 0 family ethernet switching vlan members 10 20 30 40 set interfaces ge 0 0 24 unit 0 family ethernet switching vlan members 10 20 30...

Page 1631: ...ing vlan members 10 20 30 40 user switch3 set ge 0 0 28 unit 0 family ethernet switching vlan members 10 20 30 40 user switch3 set ge 0 0 24 unit 0 family ethernet switching vlan members 10 20 30 40 3 Configure the port mode for the interfaces edit interfaces user switch3 set ge 0 0 26 unit 0 family ethernet switching port mode trunk user switch3 set ge 0 0 28 unit 0 family ethernet switching port...

Page 1632: ...dge priority 8k interface ge 0 0 26 0 cost 1000 mode point to point interface ge 0 0 28 0 cost 1000 mode point to point interface ge 0 0 24 0 cost 1000 mode point to point bridge priority 8k vlans voice vlan vlan id 10 employee vlan vlan id 20 guest vlan vlan id 30 Copyright 2010 Juniper Networks Inc 1536 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1633: ...p interface ge 0 0 23 0 mode point to point set protocols rstp interface ge 0 0 19 0 cost 1000 set protocols rstp interface ge 0 0 19 0 mode point to point Step by Step Procedure To configure interfaces and RSTP on Switch 4 1 Configure the VLANs voice vlan employee vlan guest vlan and camera vlan edit vlans user switch4 set voice vlan description Voice VLAN user switch4 set voice vlan vlan id 10 u...

Page 1634: ...e 0 0 19 0 mode point to point Results Check the results of the configuration user switch4 show configuration interfaces ge 0 0 23 unit 0 family ethernet switching port mode trunk vlan members 10 20 30 40 ge 0 0 19 unit 0 family ethernet switching port mode trunk vlan members 10 20 30 40 protocols rstp bridge priority 16k interface ge 0 0 23 0 cost 1000 mode point to point interface ge 0 0 19 0 co...

Page 1635: ... Cost ge 0 0 13 0 128 527 128 525 16384 0019e25040e0 1000 BLK ALT ge 0 0 9 0 128 529 128 513 32768 0019e2503d20 1000 BLK ALT ge 0 0 11 0 128 531 128 513 8192 0019e25051e0 1000 FWD ROOT Meaning Refer to the topology in Figure 35 on page 1528 The operational mode command show spanning tree interface shows that ge 0 0 13 0 is in a forwarding state The other interfaces on Switch 1 are blocking Verifyi...

Page 1636: ... page 1528 The operational mode command show spanning tree interface shows that no interface is the root interface Verifying RSTP Configuration on Switch 4 Purpose Verify the RSTP configuration on Switch 4 Action Use the operational mode commands user switch4 show spanning tree interface Spanning tree interface parameters for instance 0 Interface Port ID Designated Designated Port State Role port ...

Page 1637: ...figuring MSTP on Switch 4 on page 1552 Verification on page 1555 Requirements This example uses the following hardware and software components Junos OS Release 9 0 or later for EX Series switches Four EX Series switches Before you configure the switches for MSTP be sure you have Installed the four switches See Connecting and Configuring an EX Series Switch J Web Procedure on page 189 Performed the...

Page 1638: ...ring MSTP on EX Series Switches Settings Property The following ports on Switch 1 are connected in this way ge 0 0 9 is connected to Switch 2 ge 0 0 13 is connected to Switch 4 ge 0 0 11 is connected to Switch 3 Switch 1 The following ports on Switch 2 are connected in this way ge 0 0 14 is connected to Switch 1 ge 0 0 18 is connected to Switch 3 Switch 2 Copyright 2010 Juniper Networks Inc 1542 C...

Page 1639: ...oot port When a root port goes down the alternate port becomes the active root port The designated port forwards data to the downstream network segment or device The backup port is a backup port for the designated port When a designated port goes down the backup port becomes the active designated port and starts forwarding data In this example one MSTP region region1 contains Switch 1 Switch 2 Swi...

Page 1640: ... interface ge 0 0 9 0 cost 1000 set protocols mstp interface ge 0 0 9 0 mode point to point set protocols mstp interface ge 0 0 11 0 cost 1000 set protocols mstp interface ge 0 0 11 0 mode point to point set protocols mstp msti 1 bridge priority 16k set protocols mstp msti 1 vlan 10 20 set protocols mstp msti 1 interface ge 0 0 11 0 cost 4000 set protocols mstp msti 2 bridge priority 8k set protoc...

Page 1641: ... interface ge 0 0 9 0 mode point to point user switch1 mstp interface ge 0 0 11 0 cost 4000 user switch1 mstp interface ge 0 0 11 0 mode point to point user switch1 mstp msti 1 bridge priority 16k user switch1 mstp msti 1 vlan 10 20 user switch1 mstp msti 1 interface ge 0 0 11 0 cost 4000 user switch1 mstp msti 2 bridge priority 8k user switch1 mstp msti 2 vlan 30 40 Results Check the results of t...

Page 1642: ... 1000 mode point to point interface ge 0 0 11 0 cost 4000 mode point to point msti 1 bridge priority 16k vlan 10 20 interface ge 0 0 11 0 cost 4000 msti 2 bridge priority 8k vlan 30 40 vlans voice vlan vlan id 10 employee vlan vlan id 20 guest vlan vlan id 30 camera vlan vlan id 40 Copyright 2010 Juniper Networks Inc 1546 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release...

Page 1643: ...interface ge 0 0 18 0 mode point to point set protocols mstp msti 1 bridge priority 32k set protocols mstp msti 1 vlan 10 20 set protocols mstp msti 2 bridge priority 4k set protocols mstp msti 2 vlan 30 40 Step by Step Procedure To configure interfaces and MSTP on Switch 2 1 Configure the VLANs voice vlan employee vlan guest vlan and camera vlan edit vlans user switch2 set voice vlan description ...

Page 1644: ...stp msti 1 vlan 10 20 user switch2 mstp msti 2 bridge priority 4k user switch2 mstp msti 2 vlan 30 40 Results Check the results of the configuration user switch2 show configuration interfaces ge 0 0 14 unit 0 family ethernet switching port mode trunk vlan members 10 members 20 members 30 members 40 ge 0 0 18 unit 0 family ethernet switching port mode trunk vlan members 10 members 20 members 30 mem...

Page 1645: ...6 unit 0 family ethernet switching vlan members 10 20 30 40 set interfaces ge 0 0 28 unit 0 family ethernet switching vlan members 10 20 30 40 set interfaces ge 0 0 24 unit 0 family ethernet switching vlan members 10 20 30 40 set interfaces ge 0 0 26 unit 0 family ethernet switching port mode trunk set interfaces ge 0 0 28 unit 0 family ethernet switching port mode trunk set interfaces ge 0 0 24 u...

Page 1646: ... vlan members 10 20 30 40 3 Configure the port mode for the interfaces edit interfaces user switch3 set ge 0 0 26 unit 0 family ethernet switching port mode trunk user switch3 set ge 0 0 28 unit 0 family ethernet switching port mode trunk user switch3 set ge 0 0 24 unit 0 family ethernet switching port mode trunk 4 Configure MSTP on the switch including the two MSTIs edit protocols user switch3 ms...

Page 1647: ... family ethernet switching port mode trunk vlan members 10 members 20 members 30 members 40 protocols mstp configuration name region1 bridge priority 8k interface ge 0 0 26 0 cost 1000 mode point to point interface ge 0 0 28 0 cost 1000 mode point to point interface ge 0 0 24 0 cost 1000 mode point to point msti 1 1551 Copyright 2010 Juniper Networks Inc Chapter 65 Examples of Spanning Tree Protoc...

Page 1648: ... 40 set interfaces ge 0 0 23 unit 0 family ethernet switching vlan members 10 20 30 40 set interfaces ge 0 0 19 unit 0 family ethernet switching vlan members 10 20 30 40 set interfaces ge 0 0 23 unit 0 family ethernet switching port mode trunk set interfaces ge 0 0 19 unit 0 family ethernet switching port mode trunk set protocols mstp configuration name region1 set protocols mstp bridge priority 1...

Page 1649: ...es edit interfaces user switch4 set ge 0 0 23 unit 0 family ethernet switching port mode trunk user switch4 set ge 0 0 19 unit 0 family ethernet switching port mode trunk 4 Configure MSTP on the switch including the two MSTIs edit protocols user switch4 mstp configuration name region1 user switch4 mstp bridge priority 16k user switch4 mstp interface all cost 1000 user switch4 mstp interface ge 0 0...

Page 1650: ... 0 23 0 cost 1000 mode point to point interface ge 0 0 19 0 cost 1000 mode point to point msti 1 bridge priority 16k vlan 10 20 msti 2 bridge priority 32k vlan 30 40 vlans voice vlan vlan id 10 employee vlan vlan id 20 guest vlan vlan id 30 camera vlan vlan id 40 Copyright 2010 Juniper Networks Inc 1554 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1651: ... Port ID Designated Designated Port State Role port ID bridge ID Cost ge 0 0 13 0 128 527 128 525 16385 0019e25040e0 1000 FWD ROOT ge 0 0 9 0 128 529 128 513 32769 0019e2503d20 1000 BLK ALT ge 0 0 11 0 128 531 128 513 4097 0019e25051e0 4000 BLK ALT Spanning tree interface parameters for instance 2 Interface Port ID Designated Designated Port State Role port ID bridge ID Cost ge 0 0 13 0 128 527 12...

Page 1652: ...splays spanning tree domain information such as the designated port and the port roles The operational mode command show spanning tree bridge displays the spanning tree domain information at either the bridge level or interface level If the optional interface name is omitted all interfaces in the spanning tree domain are displayed Verifying MSTP Configuration on Switch 2 Purpose Verify the MSTP co...

Page 1653: ... Number of topology changes 1 Time since last topology change 782 seconds Local parameters Bridge ID 32768 00 19 e2 50 3d 20 Extended system ID 0 Internal instance ID 0 STP bridge parameters for MSTI 1 MSTI regional root 4097 00 19 e2 50 51 e0 Root cost 1000 Root port ge 0 0 18 0 Hello time 2 seconds Maximum age 20 seconds Forward delay 15 seconds Hop count 19 Local parameters Bridge ID 32769 00 1...

Page 1654: ...DESG ge 0 0 28 0 128 515 128 515 4097 0019e25051e0 1000 FWD DESG ge 0 0 24 0 128 517 128 517 4097 0019e25051e0 1000 FWD DESG Spanning tree interface parameters for instance 2 Interface Port ID Designated Designated Port State Role port ID bridge ID Cost ge 0 0 26 0 128 513 128 531 8194 0019e25044e0 1000 BLK ALT ge 0 0 28 0 128 515 128 519 4098 0019e2503d20 1000 FWD ROOT ge 0 0 24 0 128 517 128 517...

Page 1655: ...Configuration on Switch 4 Purpose Verify the MSTP configuration on Switch 4 Action Use the operational mode commands user switch4 show spanning tree interface Spanning tree interface parameters for instance 0 Interface Port ID Designated Designated Port State Role port ID bridge ID Cost ge 0 0 23 0 128 523 128 517 8192 0019e25051e0 1000 FWD ROOT ge 0 0 19 0 128 525 128 525 16384 0019e25040e0 1000 ...

Page 1656: ...rameters for MSTI 2 MSTI regional root 4098 00 19 e2 50 3d 20 Root cost 2000 Root port ge 0 0 19 0 Hello time 2 seconds Maximum age 20 seconds Forward delay 15 seconds Hop count 18 Local parameters Bridge ID 32770 00 19 e2 50 40 e0 Extended system ID 0 Internal instance ID 2 Meaning The operational mode command show spanning tree interface displays spanning tree domain information such as the desi...

Page 1657: ...s on Switch 2 for BPDU protection be sure you have RSTP operating on the switches NOTE By default RSTP is enabled on all EX Series switches Overview and Topology A loop free network is supported through the exchange of a special type of frame called bridge protocol data unit BPDU Receipt of BPDUs on certain interfaces in an STP RSTP or MSTP topology however can lead to network outages by triggerin...

Page 1658: ... Configuring BPDU Protection on EX Series Switches Settings Property Switch 1 is connected to Switch 2 on a trunk interface Switch 1 Distribution Layer Switch 2 has these access ports that require BPDU protection ge 0 0 5 ge 0 0 6 Switch 2 Access Layer This configuration example is using an RSTP topology You also can configure BPDU protection for STP or MSTP topologies at the edit protocols mstp s...

Page 1659: ... properly Displaying the Interface State Before BPDU Protection Is Triggered on page 1563 Verifying That BPDU Protection is Working Correctly on page 1564 Displaying the Interface State Before BPDU Protection Is Triggered Purpose Before BPDUs are being received from the PCs connected to interface ge 0 0 5 and interface ge 0 0 6 confirm the interface state Action Use the operational mode command us...

Page 1660: ...521 32768 0019e2503f00 20000 FWD DESG output truncated Meaning When BPDUs are sent from the PCs to interface ge 0 0 5 0 and interface ge 0 0 6 0 on Switch 2 the output from the operational mode command show spanning tree interface shows that the interfaces have transitioned to a BPDU inconsistent state The BPDU inconsistent state makes the interfaces block and prevents them from forwarding traffic...

Page 1661: ...es receive BPDUs it can result in an STP misconfiguration which could lead to network outages This example describes how to configure BPDU protection on non STP interfaces on an EX Series switch Requirements on page 1565 Overview and Topology on page 1565 Configuration on page 1567 Verification on page 1567 Requirements This example uses the following hardware and software components Junos OS Rele...

Page 1662: ...connected through a trunk interface Switch 1 is configured for RSTP but Switch 2 has no spanning tree Switch 2 has two access ports interface ge 0 0 5 and interface ge 0 0 6 This example shows you how to configure BPDU protection on interface ge 0 0 5 and interface ge 0 0 6 When BPDU protection is enabled the interfaces will transition to a blocking state if BPDUs are received Figure 38 BPDU Prote...

Page 1663: ...following commands and paste them into the switch terminal window edit set ethernet switching options bpdu block interface ge 0 0 5 set ethernet switching options bpdu block interface ge 0 0 6 Step by Step Procedure To configure BPDU protection 1 Configure interface ge 0 0 5 and interface ge 0 0 6 on Switch 2 edit ethernet switching options user switch set bpdu block interface ge 0 0 5 user switch...

Page 1664: ...w ethernet switching interfaces Interface State VLAN members Blocking ge 0 0 0 0 up default unblocked ge 0 0 1 0 up default unblocked ge 0 0 2 0 up default unblocked ge 0 0 3 0 up default unblocked ge 0 0 4 0 up v1 unblocked ge 0 0 5 0 down v1 blocked blocked by bpdu control ge 0 0 6 0 down default blocked blocked by bpdu control output truncated Meaning When BPDUs are sent from the PCs to interfa...

Page 1665: ...otection for STP RSTP and MSTP on EX Series Switches on page 1522 Example Configuring Loop Protection to Prevent Interfaces from Transitioning from Blocking to Forwarding in a Spanning Tree on EX Series Switches EX Series switches provide Layer 2 loop prevention through Spanning Tree Protocol STP Rapid Spanning Tree protocol RSTP and Multiple Spanning Tree Protocol MSTP Loop protection increases t...

Page 1666: ...ns a loop opens up in the spanning tree Loops in a Layer 2 topology cause broadcast unicast and multicast frames to continuously circle the looped network As a switch processes a flood of frames in a looped network its resources become depleted and the ultimate result is a network outage CAUTION An interface can be configured for either loop protection or root protection but not for both Three EX ...

Page 1667: ... to the root bridge The alternate port is a standby port for the root port When a root port goes down the alternate port becomes the active root port The designated port forwards data to the downstream network segment or device This configuration example uses an RSTP topology However you also can configure loop protection for STP or MSTP topologies at the edit protocols mstp stp hierarchy level Co...

Page 1668: ...Port ID Designated Designated Port State Role port ID bridge ID Cost ge 0 0 0 0 128 513 128 513 32768 0019e2503f00 20000 BLK DIS ge 0 0 1 0 128 514 128 514 32768 0019e2503f00 20000 BLK DIS ge 0 0 2 0 128 515 128 515 32768 0019e2503f00 20000 BLK DIS ge 0 0 3 0 128 516 128 516 32768 0019e2503f00 20000 FWD DESG ge 0 0 4 0 128 517 128 517 32768 0019e2503f00 20000 FWD DESG ge 0 0 5 0 128 518 128 518 32...

Page 1669: ...ntation Example Configuring Faster Convergence and Improving Network Stability with RSTP on EX Series Switches on page 1527 Example Configuring Root Protection to Enforce Root Bridge Placement in Spanning Trees on EX Series Switches on page 1573 Example Configuring BPDU Protection on STP Interfaces to Prevent STP Miscalculations on EX Series Switches on page 1561 Example Configuring BPDU Protectio...

Page 1670: ...ection To prevent this from happening enable root protection on interfaces that should not receive superior BPDUs from the root bridge and should not be elected as the root port These interfaces are typically located on an administrative boundary and are designated ports When root protection is enabled on an interface The interface is blocked from becoming the root port Root protection is enabled ...

Page 1671: ...Property Switch 1 is connected to Switch 4 through interface ge 0 0 7 Switch 1 Switch 2 is connected to Switch 1 and Switch 3 Interface ge 0 0 4 is the alternate port in the RSTP topology Switch 2 Switch 3 is the root bridge and is connected to Switch 1 and Switch 2 Switch 3 Switch 4 is connected to Switch 1 After loop protection is configured on interface ge 0 0 7 Switch 4 will send superior BPDU...

Page 1672: ... by Step Procedure To configure root protection 1 Configure interface ge 0 0 7 edit protocols rstp user switch set interface ge 0 0 7 no root port Results Check the results of the configuration user switch show configuration protocols rstp interface ge 0 0 7 0 no root port Verification To confirm that the configuration is working properly Displaying the Interface State Before Root Protection Is Tr...

Page 1673: ...2768 0019e2503f00 20000 BLK DIS ge 0 0 1 0 128 514 128 514 32768 0019e2503f00 20000 BLK DIS ge 0 0 2 0 128 515 128 515 32768 0019e2503f00 20000 BLK DIS ge 0 0 3 0 128 516 128 516 32768 0019e2503f00 20000 FWD DESG ge 0 0 4 0 128 517 128 517 32768 0019e2503f00 20000 FWD DESG ge 0 0 5 0 128 518 128 2 16384 00aabbcc0348 20000 BLK ALT ge 0 0 6 0 128 519 128 1 16384 00aabbcc0348 20000 FWD ROOT ge 0 0 7 ...

Page 1674: ... STP Miscalculations on EX Series Switches on page 1565 Understanding Root Protection for STP RSTP VSTP and MSTP on EX Series Switches on page 1524 Copyright 2010 Juniper Networks Inc 1578 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1675: ... the BPDUs being sent to an interface is fixed in the topology the interface can be unblocked and returned to service To unblock an interface and return it to service using the CLI Automatically unblock an interface by configuring a timer that expires here the interface is ge 0 0 6 edit ethernet switching options user switch set bpdu block disable timeout 30 interface ge 0 0 6 Manually unblock an ...

Page 1676: ...elated Documentation show spanning tree bridge on page 1644 show spanning tree interface on page 1653 Understanding STP for EX Series Switches on page 1519 Configuring Spanning Tree Protocols J Web Procedure EX Series switches provide Layer 2 loop prevention through Spanning Tree Protocol STP Rapid Spanning Tree Protocol RSTP Multiple Spanning Tree Protocol MSTP and VLAN Spanning Tree Protocol VST...

Page 1677: ...ee Protocol Configuration Parameters Your Action Function Field General None Specifies the spanning tree protocol type STP MSTP or RSTP Protocol Name To enable this option select the check box Disables spanning tree protocol on the interface Disable To enable this option select the check box Specifies BPDU protection on all edge interfaces on the switch BPDU Protect Select a value from the list Sp...

Page 1678: ...e Specifies the link cost to determine which bridge is the designated bridge and which interface is the designated interface Cost Select a value from the list Specifies the interface priority to determine which interface is elected as the root port Priority To enable the option select the check box Disables the spanning tree protocol on the interface Disable Port To enable the option select the ch...

Page 1679: ...o delete an MSTI from the configuration select the MSTI ID and slick Remove Specifies a name an MSTI ID for the MST instance MSTI Name Select a value from the list Specifies the bridge priority The bridge priority determines which bridge is elected as the root bridge If two bridges have the same path cost to the root bridge the bridge priority determines which bridge becomes the designated bridge ...

Page 1680: ... Interfaces to Prevent STP Miscalculations on EX Series Switches on page 1561 Example Configuring Network Regions for VLANs with MSTP on EX Series Switches on page 1541 Example Configuring Faster Convergence and Improving Network Stability with RSTP on EX Series Switches on page 1527 Configuring VLAN Spanning Tree Protocol CLI Procedure VLAN Spanning Tree Protocol VSTP allows EX Series switches to...

Page 1681: ...ore than 253 VLANs If the set vstp vlan all statement is used to enable VSTP on a switch with more than 253 VLANs the configuration cannot be committed To enable VSTP on a VLAN using a single VLAN ID edit protocols user switch set vstp vlan vlan id To enable VSTP on a VLAN using a single VLAN name edit protocols user switch set vstp vlan vlan name Related Documentation Understanding VSTP for EX Se...

Page 1682: ...Copyright 2010 Juniper Networks Inc 1586 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1683: ...g Table 222 on page 1587 summarizes the spanning tree protocol parameters Table 222 Summary of Spanning Tree Protocols Output Fields Values Field Bridge Parameters An internally generated identifier Context ID Spanning tree protocol type enabled Enabled Protocol Bridge ID of the elected spanning tree root bridge The bridge ID consists of a configurable bridge priority and the MAC address of the br...

Page 1684: ...dge to which the interface is attached Designated Bridge ID Configured cost for the interface Port Cost STP port state Forwarding FWD Blocking BLK Listening Learning Disabled Port State MSTP or RSTP port role Designated DESG backup BKUP alternate ALT or root Role Spanning Tree Statistics of Interface Interface for which statistics is being displayed Interface Total number of BPDUs sent BPDUs Sent ...

Page 1685: ... with MSTP on EX Series Switches on page 1541 Example Configuring Faster Convergence and Improving Network Stability with RSTP on EX Series Switches on page 1527 1589 Copyright 2010 Juniper Networks Inc Chapter 67 Verifying Spanning Tree Protocols ...

Page 1686: ...Copyright 2010 Juniper Networks Inc 1590 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1687: ...entication profile name profile name interface all interface names disable guest vlan vlan id vlan name mac radius restrict maximum requests number no reauthentication quiet period seconds reauthentication interval seconds retries number server fail deny permit use cache vlan id vlan name server reject vlan vlan id vlan name server timeout seconds supplicant multiple single single secure supplican...

Page 1688: ...limit multicast router interface static group ip address proxy query interval seconds query last member interval seconds query response interval seconds robust count number lldp disable advertisement interval seconds hold multiplier number interface all interface name disable lldp configuration notification interval seconds management address ip management address ptopo configuration maximum hold ...

Page 1689: ...tion address hostname strict loose mstp disable bpdu block on edge bridge priority priority configuration name name forward delay seconds hello time seconds interface all interface name disable bpdu timeout action block alarm cost cost edge mode mode no root port priority priority max age seconds max hops hops msti msti id vlan vlan id vlan name interface interface name disable cost cost edge mode...

Page 1690: ...ectivity fault management action profile profile name default actions interface down linktrace age 30m 10m 1m 30s 10s path database size path database size maintenance domain domain name level number mip half function none default explicit name format character string none dns mac 2oct maintenance association ma name continuity check hold interval minutes interval 10m 10s 1m 1s 100ms loss threshol...

Page 1691: ...e loopback event thresholds frame errorcount frame period count frame period summary count symbol period count negotiation options allow remote loopback no allow link events rstp disable bpdu block on edge bridge priority priority forward delay seconds hello time seconds interface all interface name disable bpdu timeout action block alarm cost cost edge mode mode no root port priority priority max...

Page 1692: ...me seconds interface all interface name disable bpdu timeout action block alarm cost cost edge mode mode no root port priority priority max age seconds traceoptions file filename files number size size no stamp world readable no world readable flag flag vstp bpdu block on edge disable force version stp vlan all vlan id vlan name bridge priority priority forward delay seconds hello time seconds int...

Page 1693: ...anding 802 1X and LLDP and LLDP MED on EX Series Switches on page 2540 Understanding MSTP for EX Series Switches on page 1521 Understanding Multiple VLAN Registration Protocol MVRP on EX Series Switches on page 1296 Understanding Ethernet OAM Connectivity Fault Management for an EX Series Switch on page 3763 Understanding Ethernet OAM Link Fault Management for an EX Series Switch on page 3725 Unde...

Page 1694: ...quired Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation show spanning tree bridge on page 1644 show spanning tree interface on page 1653 Example Configuring Network Regions for VLANs with MSTP on EX Series Switches on page 1541 Example Configuring Faster Convergence and Improving Network Stability w...

Page 1695: ...atement in the configuration routing control To add this statement to the configuration Related Documentation show spanning tree bridge on page 1644 show spanning tree interface on page 1653 Example Configuring Network Regions for VLANs with MSTP on EX Series Switches on page 1541 Example Configuring Faster Convergence and Improving Network Stability with RSTP on EX Series Switches on page 1527 Ex...

Page 1696: ...ation Related Documentation show spanning tree bridge on page 1644 show spanning tree interface on page 1653 clear ethernet switching bpdu error on page 1636 Example Configuring BPDU Protection on non STP Interfaces to Prevent STP Miscalculations on EX Series Switches on page 1565 Unblocking an Interface That Receives BPDUs in Error CLI Procedure on page 1579 Example Configuring Network Regions fo...

Page 1697: ... To add this statement to the configuration Related Documentation show spanning tree bridge on page 1644 show spanning tree interface on page 1653 clear ethernet switching bpdu error on page 1636 Example Configuring Network Regions for VLANs with MSTP on EX Series Switches on page 1541 Example Configuring Faster Convergence and Improving Network Stability with RSTP on EX Series Switches on page 15...

Page 1698: ...Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation show spanning tree bridge on page 1644 show spanning tree interface on page 1653 Example Configuring Network Regions for VLANs with MSTP on EX Series Switches on page 1541 Example Configuring Faster Convergence and Improving Network Stability with RSTP on EX Se...

Page 1699: ...iority determines which bridge becomes the designated bridge for a LAN segment Default 32 768 Options priority Bridge priority It can be set only in increments of 4096 Range 0 through 61 440 Default 32 768 Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation show spanning tree bridge on page 16...

Page 1700: ...the configuration routing control To add this statement to the configuration Related Documentation show spanning tree bridge on page 1644 show spanning tree interface on page 1653 Example Configuring Network Regions for VLANs with MSTP on EX Series Switches on page 1541 Example Configuring Faster Convergence and Improving Network Stability with RSTP on EX Series Switches on page 1527 Understanding...

Page 1701: ...ocol MSTP configure the link cost to control which bridge is the designated bridge and which interface is the designated interface Default The link cost is determined by the link speed Options cost Link cost associated with the port Range 1 through 200 000 000 Default Link cost is determined by the link speed Required Privilege Level routing To view this statement in the configuration routing cont...

Page 1702: ... MSTP RSTP or VSTP on the switch or on a specific interface Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation show spanning tree bridge on page 1644 show spanning tree interface on page 1653 Example Configuring Network Regions for VLANs with MSTP on EX Series Switches on page 1541 Example Co...

Page 1703: ...d Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation show spanning tree bridge on page 1644 show spanning tree interface on page 1653 Example Configuring Network Regions for VLANs with MSTP on EX Series Switches on page 1541 Example Configuring Faster Convergence and Improving Network Stability with R...

Page 1704: ...dge interfaces Edge interfaces immediately transition to a forwarding state Default Edge interfaces are not enabled Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation show spanning tree bridge on page 1644 show spanning tree interface on page 1653 Example Configuring Network Regions for VLANs...

Page 1705: ...default protocol RSTP Options stp Spanning Tree Protocol Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation show spanning tree bridge on page 1644 show spanning tree interface on page 1653 Understanding VSTP for EX Series Switches on page 1525 1609 Copyright 2010 Juniper Networks Inc Chapter ...

Page 1706: ...onds the bridge interface remains in the listening and learning states Range 4 through 30 seconds Default 15 seconds Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation show spanning tree bridge on page 1644 show spanning tree interface on page 1653 Example Configuring Network Regions for VLAN...

Page 1707: ...etween transmissions of configuration BPDUs Range 1 through 10 seconds Default 2 seconds Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation show spanning tree bridge on page 1644 show spanning tree interface on page 1653 Example Configuring Network Regions for VLANs with MSTP on EX Series Swi...

Page 1708: ... to the configuration Related Documentation show spanning tree bridge on page 1644 show spanning tree interface on page 1653 Example Configuring Network Regions for VLANs with MSTP on EX Series Switches on page 1541 Example Configuring Faster Convergence and Improving Network Stability with RSTP on EX Series Switches on page 1527 Example Configuring BPDU Protection on non STP Interfaces to Prevent...

Page 1709: ...erarchy level Options interface name Name of a Gigabit Ethernet interface The remaining statements are explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation show spanning tree bridge on page 1644 show spanning tree interface on page 1653 Example Configuring Network Regions f...

Page 1710: ... BPDUs Range 6 through 40 seconds Default 20 seconds Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation show spanning tree bridge on page 1644 show spanning tree interface on page 1653 Example Configuring Network Regions for VLANs with MSTP on EX Series Switches on page 1541 Example Configuri...

Page 1711: ... be forwarded Range 1 through 255 hops Default 20 hops Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation show spanning tree bridge on page 1644 show spanning tree interface on page 1653 Example Configuring Network Regions for VLANs with MSTP on EX Series Switches on page 1541 Understanding M...

Page 1712: ...the default link mode is point to point For a half duplex link the default link mode is shared Options mode Link mode point to point Link is point to point shared Link is shared media Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation show spanning tree bridge on page 1644 show spanning tree ...

Page 1713: ...isabled Options msti id MSTI identifier Range 1 through 4094 The Common Instance Spanning Tree CIST is always MSTI 0 The remaining statements are explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation show spanning tree bridge on page 1644 show spanning tree interface on page...

Page 1714: ...g flag revision level revision level Hierarchy Level edit protocols Release Information Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure Multiple Spanning Tree Protocol MSTP MSTP is defined in the IEEE 802 1Q 2003 specification and is used to create a loop free topology in networks with multiple spanning tree regions The statements are explained separately ...

Page 1715: ...at interface transitions to a root prevented STP state inconsistency state and the interface is blocked This blocking prevents a bridge that should not be the root bridge from being elected the root bridge When the bridge stops receiving superior STP BPDUs on the root protected interface interface traffic is no longer blocked Required Privilege Level routing To view this statement in the configura...

Page 1716: ...elected as the root port Default The default value is 128 Options priority Interface priority The interface priority must be set in increments of 16 Range 0 through 240 Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation show spanning tree bridge on page 1644 show spanning tree interface on pa...

Page 1717: ...number of the MSTP region configuration Range 0 through 65535 Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation show spanning tree bridge on page 1644 show spanning tree interface on page 1653 Example Configuring Network Regions for VLANs with MSTP on EX Series Switches on page 1541 Understa...

Page 1718: ...s in shorter convergence times than those provided by basic Spanning Tree Protocol STP VSTP and RSTP can be configured concurrently You can selectively configure up to 253 VLANs using VSTP the remaining VLANs will be configured using RSTP VSTP and RSTP are the only spanning tree protocols that can be configured concurrently on the switch See Configuring VSTP CLI Procedure for more information on c...

Page 1719: ...iguration Related Documentation show spanning tree bridge on page 1644 show spanning tree interface on page 1653 Example Configuring Faster Convergence and Improving Network Stability with RSTP on EX Series Switches on page 1527 Understanding RSTP for EX Series Switches on page 1520 1623 Copyright 2010 Juniper Networks Inc Chapter 68 Configuration Statements for Spanning Tree Protocols ...

Page 1720: ...of RSTP that is compatible with the classic basic STP defined in the IEEE 802 1D 1998 specification The remaining statements are explained separately Default STP is disabled by default RSTP is enabled on all Ethernet switching ports Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation show span...

Page 1721: ...e recommend that you place STP tracing output in the file var log stp log files number Optional Maximum number of trace files When a trace file named trace file reaches its maximum size it is renamed trace file 0 then trace file 1 and so on until the maximum number of trace files is reached Then the oldest trace file is overwritten If you specify a maximum number of files you must also specify a m...

Page 1722: ... user from reading the log file replace Optional Replace an existing trace file if there is one Default If you do not include this option tracing output is appended to an existing trace file size size Optional Maximum size of each trace file in kilobytes KB or megabytes MB When a trace file named trace file reaches this size it is renamed trace file 0 When the trace file again reaches its maximum ...

Page 1723: ...ster Convergence and Improving Network Stability with RSTP on EX Series Switches on page 1527 Understanding MSTP for EX Series Switches on page 1521 Understanding RSTP for EX Series Switches on page 1520 Understanding STP for EX Series Switches on page 1519 Understanding VSTP for EX Series Switches on page 1525 1627 Copyright 2010 Juniper Networks Inc Chapter 68 Configuration Statements for Spanni...

Page 1724: ...atement updated with enhanced CLI completion feature functionality in Junos OS Release 9 5 for EX Series switches Description Configure the VLANs for a Multiple Spanning Tree Instance MSTI TIP To display a list of all configured VLANs on the system including VLANs that are configured but not committed type after vlan or vlans in your configuration mode command line Note that only one VLAN is displ...

Page 1725: ...s statement to the configuration Related Documentation Example Configuring Network Regions for VLANs with MSTP on EX Series Switches on page 1541 Understanding MSTP for EX Series Switches on page 1521 1629 Copyright 2010 Juniper Networks Inc Chapter 68 Configuration Statements for Spanning Tree Protocols ...

Page 1726: ...with enhanced CLI completion feature functionality in Junos OS Release 9 5 for EX Series switches Option all introduced in Junos OS Release 10 0 for EX Series switches Description Configure VSTP VLAN parameters TIP To display a list of all configured VLANs on the system including VLANs that are configured but not committed type after vlan or vlans in your configuration mode command line Note that ...

Page 1727: ... the configuration routing control To add this statement to the configuration Related Documentation Understanding VSTP for EX Series Switches on page 1525 1631 Copyright 2010 Juniper Networks Inc Chapter 68 Configuration Statements for Spanning Tree Protocols ...

Page 1728: ...s You cannot commit a configuration that uses VSTP on more than 253 VLANs If there are more than 253 VLANs on your switch you must use the vlan statement to specify which VLANs or VLAN groups should use VSTP and the total number of VLANs using VSTP cannot exceed 253 You also cannot use the vlan all option to configure VSTP when your switch has more than 253 VLANs Run RSTP with VSTP in networks wit...

Page 1729: ...ntrol To add this statement to the configuration Related Documentation show spanning tree bridge on page 1644 show spanning tree interface on page 1653 Configuring VLAN Spanning Tree Protocol CLI Procedure on page 1584 Understanding VSTP for EX Series Switches on page 1525 1633 Copyright 2010 Juniper Networks Inc Chapter 68 Configuration Statements for Spanning Tree Protocols ...

Page 1730: ...Copyright 2010 Juniper Networks Inc 1634 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1731: ...CHAPTER 69 Operational Mode Commands for Spanning Tree Protocols 1635 Copyright 2010 Juniper Networks Inc ...

Page 1732: ...rivilege Level clear Related Documentation show spanning tree statistics on page 1662 Understanding BPDU Protection for STP RSTP and MSTP on EX Series Switches on page 1522 List of Sample Output clear ethernet switching bpdu error interface ge 0 0 1 0 on page 1636 clear ethernet switching clear ethernet switching user switch clear ethernet switching bpdu error interface ge 0 0 1 0 bpdu error inter...

Page 1733: ...Options none Reset STP counters for all interfaces for all routing instances interface interface name Optional Clear STP statistics for the specified interface only logical system logical system name Optional Clear STP statistics on a particular logical system Required Privilege Level clear Related Documentation show spanning tree statistics on page 1660 List of Sample Output clear stp statistics ...

Page 1734: ...ould be reset logical unit number Optional The logical unit number of the interface Required Privilege Level clear Related Documentation show spanning tree bridge on page 1644 show spanning tree interface on page 1653 Understanding STP for EX Series Switches on page 1519 List of Sample Output clear spanning tree statistics on page 1638 Output Fields This command produces no output clear spanning t...

Page 1735: ...an id Optional Display STP bridge information for the specified VLAN Required Privilege Level view List of Sample Output show spanning tree bridge routing instance on page 1640 show spanning tree bridge msti on page 1641 show spanning tree bridge vlan id MSTP on page 1641 show spanning tree bridge VSTP on page 1642 show spanning tree bridge vlan id VSTP on page 1643 Output Fields Table 223 on page...

Page 1736: ...on Hop count Number of elapsed seconds since the most recent BPDU was received Message age Total number of STP topology changes detected since the routing device last booted Number of topology changes Number of elapsed seconds since the most recent topology change Time since last topology change Locally configured bridge ID The bridge ID consists of a configurable bridge priority and the MAC addre...

Page 1737: ...18 Number of topology changes 1 Time since last topology change 1191 seconds Local parameters Bridge ID 32770 00 90 69 0b 7f d1 Extended system ID 1 show spanning tree bridge msti user host show spanning tree bridge msti 1 routing instance vs1 detail STP bridge parameters Routing instance name vs1 Enabled protocol MSTP STP bridge parameters for MSTI 1 MSTI regional root 32769 00 13 c3 9e c8 80 Roo...

Page 1738: ...lay 15 seconds Message age 0 Number of topology changes 58 Time since last topology change 14127 seconds Local parameters Bridge ID 28672 00 90 69 0b 3f d0 Extended system ID 0 STP bridge parameters for bridge VLAN 10 Root ID 28672 00 90 69 0b 3f d0 Hello time 2 seconds Maximum age 20 seconds Forward delay 15 seconds Message age 0 Number of topology changes 58 Time since last topology change 14127...

Page 1739: ... for VLAN 10 Root ID 28672 00 90 69 0b 3f d0 Hello time 2 seconds Maximum age 20 seconds Forward delay 15 seconds Message age 0 Number of topology changes 58 Time since last topology change 14127 seconds Local parameters Bridge ID 28672 00 90 69 0b 3f d0 Extended system ID 0 1643 Copyright 2010 Juniper Networks Inc Chapter 69 Operational Mode Commands for Spanning Tree Protocols ...

Page 1740: ...h 4094 Required Privilege Level view Related Documentation show spanning tree interface on page 1653 Example Configuring Network Regions for VLANs with MSTP on EX Series Switches on page 1541 Understanding STP for EX Series Switches on page 1519 Understanding RSTP for EX Series Switches on page 1520 Understanding MSTP for EX Series Switches on page 1521 Understanding VSTP for EX Series Switches on...

Page 1741: ...rning states before transitioning to the forwarding state Forward delay Configured maximum number of hops a BPDU can be forwarded in the MSTP region Hop count Number of seconds elapsed since the most recent BPDU was received Message age Total number of STP topology changes detected since the switch last booted Number of topology changes Number of seconds elapsed since the most recent topology chan...

Page 1742: ...ology change last recvd from 00 11 f2 56 df 4c Local parameters Bridge ID 32768 00 11 f2 57 1c 00 Extended system ID 0 Internal instance ID 0 STP bridge parameters for MSTI 10 MSTI regional root 32778 00 11 f2 56 df 40 Root cost 20000 Root port ge 0 0 1 0 Hello time 2 seconds Maximum age 20 seconds Forward delay 15 seconds Hop count 19 Number of topology changes 1 Time since last topology change 1...

Page 1743: ...otocol RSTP Root ID 32768 00 19 e2 50 95 a0 Hello time 2 seconds Maximum age 20 seconds Forward delay 15 seconds Message age 0 Number of topology changes 0 Local parameters Bridge ID 32768 00 19 e2 50 95 a0 Extended system ID 0 Internal instance ID 0 Hello time 2 seconds Maximum age 20 seconds Forward delay 15 seconds Path cost method 32 bit 1647 Copyright 2010 Juniper Networks Inc Chapter 69 Oper...

Page 1744: ...n id Optional Display STP interface information for the specified VLAN Required Privilege Level view List of Sample Output show spanning tree interface on page 1649 show spanning tree interface detail on page 1650 show spanning tree interface msti on page 1651 show spanning tree interface vlan id 101 on page 1652 show spanning tree interface VSTP on page 1652 show spanning tree interface vlan id V...

Page 1745: ...ing tree interface Interface Port ID Designated Designated Port State Role port ID bridge ID Cost ae1 128 1 128 1 32768 0090690b47d1 1000 FWD DESG ge 2 1 2 128 2 128 2 32768 0090690b47d1 20000 FWD DESG ge 2 1 5 128 3 128 3 32768 0090690b47d1 29999 FWD DESG ge 2 2 1 128 4 128 26 32768 0013c39ec880 20000 FWD ROOT xe 9 2 0 128 5 128 5 32768 0090690b47d1 2000 FWD DESG xe 9 3 0 128 6 128 6 32768 009069...

Page 1746: ...8 00 90 69 0b 47 d1 Port role Designated Link type Pt Pt NONEDGE Boundary port No Interface name ge 2 1 5 Port identifier 128 3 Designated port ID 128 3 Port cost 29999 Port state Forwarding Designated bridge ID 32768 00 90 69 0b 47 d1 Port role Designated Link type Pt Pt NONEDGE Boundary port No Interface name ge 2 2 1 Port identifier 128 4 Designated port ID 128 26 Port cost 20000 Port state For...

Page 1747: ... 29999 Port state Forwarding Designated bridge ID 32768 00 90 69 0b 47 d1 Port role Designated Link type Pt Pt NONEDGE Boundary port No Interface name ge 2 2 1 Port identifier 128 4 Designated port ID 128 26 Port cost 20000 Port state Forwarding Designated bridge ID 32768 00 13 c3 9e c8 80 Port role Root Link type Pt Pt NONEDGE Boundary port No show spanning tree interface msti user host show span...

Page 1748: ...rt ID Designated Designated Cost State Role port ID bridge ID ge 1 0 1 128 1 128 1 28672 0090690b3fe0 20000 FWD DESG ge 1 0 2 128 2 128 2 28672 0090690b3fe0 20000 FWD DESG Spanning tree interface parameters for VLAN 10 Interface Port ID Designated Designated Cost State Role port ID bridge ID ge 1 0 1 128 1 128 1 28672 0090690b3fe0 20000 FWD DESG ge 1 0 2 128 2 128 2 28672 0090690b3fe0 20000 FWD DE...

Page 1749: ... MSTI vlan id vlan id Optional For MSTP interfaces display interface information for the specified VLAN Specify a value from 0 through 4094 Required Privilege Level view Related Documentation show spanning tree bridge on page 1644 Example Configuring Network Regions for VLANs with MSTP on EX Series Switches on page 1541 Understanding STP for EX Series Switches on page 1519 Understanding RSTP for E...

Page 1750: ...spanning tree interface Spanning tree interface parameters for instance 0 show spanning tree interface Interface Port ID Designated Designated Port State Role port ID bridge ID Cost ge 0 0 0 0 128 513 128 513 8192 0019e2500340 1000 FWD DESG ge 0 0 2 0 128 515 128 515 8192 0019e2500340 1000 BLK DIS ge 0 0 4 0 128 517 128 517 8192 0019e2500340 1000 FWD DESG ge 0 0 23 0 128 536 128 536 8192 0019e2500...

Page 1751: ... 128 625 Designated port ID 128 625 Port cost 20000 Port state Blocking Designated bridge ID 32768 00 19 e2 50 95 a0 Port role Disabled Link type Pt Pt EDGE Boundary port NA Interface name ge 1 0 1 0 Port identifier 128 626 Designated port ID 128 626 Port cost 20000 Port state Blocking Designated bridge ID 32768 00 19 e2 50 95 a0 Port role Disabled Link type Pt Pt NONEDGE Boundary port NA Interfac...

Page 1752: ...ated show spanning tree interface ge 1 0 0 user switch show spanning tree interface ge 1 0 0 Interface Port ID Designated Designated Port State Role port ID bridge ID Cost ge 1 0 0 0 128 625 128 625 32768 0019e25095a0 20000 BLK DIS Copyright 2010 Juniper Networks Inc 1656 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1753: ...657liststheoutputfieldsfortheshowspanning treemstpconfiguration command Output fields are listed in the approximate order in which they appear Table 227 show spanning tree mstp configuration Output Fields Field Description Field Name Internally generated identifier Context id MSTP region name carried in the MSTP BPDUs Region name Revision number of the MSTP configuration Revision Numerical value d...

Page 1754: ...MSTI Member VLANs 0 0 99 101 199 201 4094 1 100 2 200 Copyright 2010 Juniper Networks Inc 1658 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1755: ... spanning tree mstp configuration Output Fields Field Description Field Name Internally generated identifier Context identifier MSTP region name carried in the MSTP BPDUs Region name Revision number of the MSTP configuration Revision Numerical value derived from the VLAN to instance mapping table Configuration digest MSTI instance identifier MSTI Identifiers for VLANs associated with the MSTI Memb...

Page 1756: ... show spanning tree statistics routing instance on page 1661 show spanning tree statistics interface on page 1661 Output Fields Table 229 on page 1660 lists the output fields for the show spanning tree statistics command Output fields are listed in the approximate order in which they appear Table 229 show spanning tree statistics Output Fields Field Description Field Name Type of message being cou...

Page 1757: ...stics routing instance BPDUs received 537 BPDUs sent in last 5 secs 5 BPDUs received in last 5 secs 27 show spanning tree statistics interface user host show spanning tree statistics interface ge 11 1 4 routing instance vs1 detail Interface BPDUs sent BPDUs received Next BPDU transmission ge 11 1 4 7 190 0 1661 Copyright 2010 Juniper Networks Inc Chapter 69 Operational Mode Commands for Spanning T...

Page 1758: ...Switches on page 1541 Understanding STP for EX Series Switches on page 1519 Understanding RSTP for EX Series Switches on page 1520 Understanding MSTP for EX Series Switches on page 1521 Understanding VSTP for EX Series Switches on page 1525 List of Sample Output show spanning tree statistics interface on page 1663 Output Fields Table 230 on page 1662 lists the output fields for the show spanning t...

Page 1759: ...tatistics interface user switch show spanning tree statistics interface ge 0 0 4 Interface BPDUs sent BPDUs received Next BPDU transmission ge 0 0 4 7 190 0 1663 Copyright 2010 Juniper Networks Inc Chapter 69 Operational Mode Commands for Spanning Tree Protocols ...

Page 1760: ...Copyright 2010 Juniper Networks Inc 1664 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1761: ...e 1667 Configuring Layer 3 Protocols on page 1677 Verifying Layer 3 Protocols Configuration on page 1701 Configuration Statements for Layer 3 Protocols on page 1711 Operational Commands for Layer 3 Protocols on page 2011 1665 Copyright 2010 Juniper Networks Inc ...

Page 1762: ...Copyright 2010 Juniper Networks Inc 1666 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1763: ...ocols Configuration Guide at http www juniper net techpubs software junos Fully supported BGP See the Junos OS Routing Protocols Configuration Guide at http www juniper net techpubs software junos Fully supported BFD See the Junos OS Routing Protocols Configuration Guide at http www juniper net techpubs software junos Fully supported ICMP See the Junos OS Multicast Configuration Guide at http www ...

Page 1764: ...Fully supported RIPng See the Junos OS Network Management Configuration Guide at http www juniper net techpubs software junos Fully supported SNMP See Understanding VRRP on EX Series Switches on page 1671 See also the Junos OS High Availability Guide at http www juniper net techpubs software junos Fully supported with exception of IPv6 support of VRRP on routed VLAN interfaces RVIs VRRP Related Do...

Page 1765: ...otocol LDP Layer 3 VPNs Multiprotocol BGP MP BGP for VPN IPv4 family Pseudowire emulation PWE3 Routing policy statements related to Layer 3 VPNs and MPLS Virtual Private LAN Service VPLS nat and subordinate statements Policy statements related to NAT Network Address Translation NAT demand circuit statement label switched path and subordinate statements neighbor statement within an OSPF area peer i...

Page 1766: ...ng and subordinate statements Traffic sampling and fowarding in the forwarding options hierarchy Related Documentation Layer 3 Protocols Supported on EX Series Switches on page 14 EX Series Switch Software Features Overview on page 3 Understanding Distributed Periodic Packet Management on EX Series Switches Periodic packet management PPM is responsible for processing a variety of time sensitive pe...

Page 1767: ...v6 on Gigabit Ethernet interfaces 10 Gigabit Ethernet interfaces and logical interfaces on EX Series switches When VRRP is configured the switches act as virtual routing platforms VRRP enables hosts on a LAN to make use of redundant routing platforms on that LAN without requiring more than the static configuration of a single default route on the hosts The VRRP routing platforms share the IP addre...

Page 1768: ...ng platform with the highest priority takes over as master and begins forwarding packets NOTE Priority 255 cannot be set for routed VLAN interfaces RVIs VRRP is defined in RFC 3768 Virtual Router Redundancy Protocol Examples of VRRP Topologies Figure 41 on page 1672 illustrates a basic VRRP topology with EX Series switches In this example Switches A B and C are running VRRP and together they make ...

Page 1769: ...A forwards packets sent to its IP address If the master routing platform fails the switch configured with the higher priority becomes the master virtual routing platform and provides uninterrupted service for the LAN hosts When Switch A recovers it becomes the master virtual routing platform again Related Documentation For more information on VRRP or VRRP for IPv6 see the Junos OS High Availabilit...

Page 1770: ...ssociations on page 1675 IPsec Modes on page 1676 Authentication Algorithms Authentication is the process of verifying the identity of the sender Authentication algorithms use a shared key to verify the authenticity of the IPsec devices The Juniper Networks Junos operating system Junos OS uses the following authentication algorithms Message Digest 5 MD5 uses a one way hash function to convert a me...

Page 1771: ... the first key to encrypt the blocks the second key to decrypt the blocks and the third key to reencrypt the blocks IPsec Protocols IPsec protocols determine the type of authentication and encryption applied to packets that are secured by the switch Junos OS supports the following IPsec protocols AH Defined in RFC 2402 AH provides connectionless integrity and data origin authentication for IPv4 It...

Page 1772: ...e SNMP commands or BGP sessions is destined for a switch the system acts as a host Transport mode is allowed in this case because the system does not act as a security gateway and does not send or receive transit traffic NOTE Tunnel mode is not supported for OSPF v3 control packet authentication Transport mode provides an SA between two hosts In transport mode the protocols provide protection prim...

Page 1773: ... Procedure on page 1698 Using IPsec to Secure OSPFv3 Networks CLI Procedure on page 1699 Configuring BGP Sessions J Web Procedure You can use the J Web interface to create BGP peering sessions on a routing device NOTE To configure BGP sessions you must have a license for BGP installed on the EX Series switch To configure a BGP peering session 1 Select Configure Routing BGP NOTE After you make chan...

Page 1774: ... AS is 0 0 0 3 Sets the unique numeric identifier of the AS in which the routing device is configured ASN Type or select and edit the value Specifies the degree of preference for an external route The route with the highest local preference value is preferred Preference Type or select and edit the IPv6 or IPv4 address to be used as the identifier Specifies the cluster identifier to be used by the ...

Page 1775: ...messages to the peer 8 Select the option to compare the AS path of an incoming advertised route with the AS number of the BGP peer under the group and replace all occurrences of the peer AS number in the AS path with its own AS number before advertising the route to the peer 9 Specify an import policy and export policy 10 Click OK Configures the system s peers statically Static Neighbors Policies ...

Page 1776: ... Enter the time period for a graceful restart and the maximum time that stale routes must be kept To configure Multihop select Nexthop Change to allow unconnected third party next hops Enter a TTL value Select the authentication algorithm If you select None specify an authentication key password You can configure the following Keep routes Specifies whether routes learned from a BGP peer must be re...

Page 1777: ...eceive the output of the tracing operation File Name Type or select and edit the value Specifies the maximum number of trace files Number of Files Type or select and edit the value Specifies the maximum size for each trace file File Size Select True to allow any user to read the file Select False to disallow all users being able to read the file Specifies whether the trace file can be read by any ...

Page 1778: ...elect and edit the value If you enter an integer the value is converted to a 32 bit equivalent For example if you enter 3 the value assigned to the area is 0 0 0 3 Uniquely identifies the area within its AS Area Id To add a range 1 Click Add 2 Type the area range 3 Specify the subnet mask 4 To override the metric for the IP address range type a specific metric value 5 If you do not want to display...

Page 1779: ...face 3 Specify the traffic engineering metric 4 Specify how often the routing device sends hello packets from the interface 5 Specify how long the routing device waits to receive a link state acknowledgment packet before retransmitting link state advertisements to an interface s neighbors 6 To enable OSPF on the interface select the check box 7 To inform other protocols about neighbor down events ...

Page 1780: ...d the estimated time to reacquire a full OSPF neighbor from each area 3 To disable No Strict LSA Checking select the check box 4 To disable graceful restart helper capability select the check box Helper mode is enabled by default 5 Click OK Configures graceful restart for OSPF Graceful Restart To configure SPF 1 Specify the time interval between the detection of a topology change and when the SPF ...

Page 1781: ...elect and edit the name Specifies the name of the file to receive the output of the tracing operation File Name Type or select and edit the name Specifies the maximum number of trace files Number of Files Type or select and edit the name Specifies the maximum size for each trace file File Size Select True to allow any user to read the file Select False to disallow all users being able to read the ...

Page 1782: ...b Type or select and edit the name Specifies a name for the routing instance Routing instance name Type or select and edit the value Specifies the preference of external routes learned by RIP as compared to those learned from other routing protocols Preference Type or select and edit the value Specifies the metric value to add to routes transmitted to the neighbor Metric Out Type or select and edi...

Page 1783: ...options Receive Type a value Specifies the route timeout interval for RIP Route timeout sec Type or select and edit the value Specifies the update time interval to periodically send out routes learned by RIP to neighbors Update interval sec Type or select and edit the value Specifies the time period the expired route is retained in the routing table before being removed Hold timeout sec Type or se...

Page 1784: ...entication key for MD5 Specifies the type of authentication for RIP route queries received on an interface Options are None MD5 Simple Authentication Type Policies tab Click Add to add an import policy Click Move up or Move down to move the selected policy up or down the list of policies Click Remove to remove an import policy Applies one or more policies to routes being imported into the local ro...

Page 1785: ...e file Specifies whether the trace file can be read by any user or not World Readable Select a value from the list Specifies the tracing operation to perform Flags Related Documentation Monitoring RIP Routing Information on page 1706 Layer 3 Protocols Supported on EX Series Switches on page 14 1689 Copyright 2010 Juniper Networks Inc Chapter 71 Configuring Layer 3 Protocols ...

Page 1786: ...e options using the CLI To configure the switch s default gateway edit user switch set routing options static route 0 0 0 0 0 next hop 10 0 1 1 To configure a static route and specify the next address to be used when routing traffic to the static route edit user switch set routing options static route 20 0 0 0 24 next hop 10 0 0 2 1 To always keep the static route in the forwarding table edit user...

Page 1787: ...dify an existing route Enter information into the routing page as described in Table 239 on page 1691 Delete To delete an existing route Table 239 Static Routing Configuration Summary Your Action Function Field Default Route To specify an IPv4 address 1 Select IPv4 2 Type an IP address for example 10 10 10 10 3 Enter the subnet mask or address prefix For example 24 bits represents 255 255 255 0 To...

Page 1788: ...ets Routing policy allows you to control which routes the routing protocols store in and retrieve from the routing table on the routing device To configure routing policies for an EX Series switch using the J Web interface 1 Select Configure Routing Policies NOTE After you make changes to the configuration in this page you must commit the changes for them to take effect To commit all changes to th...

Page 1789: ...t Edit the settings and click OK To delete a prefix list select it and click Delete Specifies a list of IPv4 address prefixes for use in a routing policy statement Prefix List To add a BGP community 1 Click Add 2 Enter a name for the community 3 To add a community click Add 4 Enter the community ID and click OK 5 Click OK To edit a BGP community click Edit Edit the settings and click OK To delete ...

Page 1790: ...at are not interface specific such as internal BGP IBGP Interface Click Add Select the prefix list from the list and click OK To remove a prefix list select it and click Remove Specifies a named list of IP addresses You can specify an exact match with incoming routes Prefix List Click Add and select the protocol from the list To remove a protocol select it and click Remove Specifies the name of th...

Page 1791: ...ress of one or more routing device interfaces Do not use this qualifier with protocols that are not interface specific such as internal BGP IBGP Interface Click Add and select the protocol from the list To delete a protocol select it and click Remove Specifies the name of the protocol from which the route was learned or to which the route is being advertised Protocol Action tab Select a value from...

Page 1792: ...esses in the forwarding table must be installed and have the forwarding table perform per packet load balancing This policy action allows you to optimize VPLS traffic flows across multiple paths Load Balance Per Packet Select the action and type a value Specifies the tag value The tag action sets the 32 bit tag field in OSPF external link state advertisement LSA packets Tag Select the action and t...

Page 1793: ...ributed model If distributed PPM is disabled the PPM process runs on the Routing Engine only Distributed PPM can be disabled for all protocols that use PPM or for a single protocol that uses PPM BEST PRACTICE We recommend that generally you disable distributed PPM only if Juniper Networks Customer Service advises you to do so You should disable distributed PPM only if you have a compelling reason ...

Page 1794: ... hosts You can configure VRRP for IPv6 on Gigabit Ethernet 10 Gigabit Ethernet and logical interfaces To configure VRRP for IPv6 1 Configure VRRP group support on interfaces edit interfaces interface name unit logical unit number family inet6 address address user switch setvrrp inet6 groupgroup idprioritynumbervirtual inet6 addressaddress virtual link local address ipv6 address You must explicitly...

Page 1795: ...e OSPF version 3 OSPFv3 does not have a built in authentication method and relies on IP Security IPsec to provide this functionality You can use IPsec to secure OSPFv3 interfaces on EX Series switches This topic includes Configuring Security Associations on page 1699 Securing OPSFv3 Networks on page 1700 Configuring Security Associations When you configure a security association SA include your ch...

Page 1796: ...algorithm key type Securing OPSFv3 Networks You can secure the OSPFv3 network by applying the SA to the OSPFv3 configuration To secure the OSPFv3 network edit protocols ospf3 area area number interface interface name user switch set ipsec sa sa name Related Documentation Understanding IPsec Authentication for OSPF Packets on EX Series Switches on page 1674 Configuring an OSPF Network J Web Procedu...

Page 1797: ...he J Web interface select Monitor Routing BGP Information To view BGP routing information in the CLI enter the following commands show bgp summary show bgp neighbor Meaning Table 242 on page 1701 summarizes key output fields in the BGP routing display in the J Web interface Table 242 Summary of Key BGP Routing Output Fields Additional Information Values Field BGP Peer Summary Number of BGP groups ...

Page 1798: ...fixes Number of routes currently inactive because of damping or other reasons These routes do not appear in the forwarding table and are not exported by routing protocols Dumped Prefixes Number of pending routes Pending Prefixes Status of the graceful restart process for this routing table BGP restart is complete BGP restart in progress VPN restart in progress or VPN restart is complete State BGP ...

Page 1799: ...ipt of an open message from the peer and is waiting to receive a keepalive or notification message OpenSent BGP has sent an open message and is waiting to receive an open message from the peer Peer State Elapsed time since the peering session was last reset Elapsed Time Description of the BGP session Description Related Documentation Configuring BGP Sessions J Web Procedure on page 1677 Layer 3 Pr...

Page 1800: ...mode the interface is present on the network but does not transmit or receive packets Passive Mode The authentication scheme for the backbone or area Authentication Type The IP address of the interface Interface Address The subnet mask or address prefix Address Mask The maximum transmission unit size MTU The path cost used to calculate the root path cost from any given LAN segment is determined by...

Page 1801: ...failed OSPF adjacency and the Full state indicatingafunctionaladjacency aremaintained for more than a few seconds The other states are transitional states that a neighbor is in only briefly while an OSPF adjacency is being established State of the neighbor Attempt Down Exchange ExStart Full Init Loading or 2way State ID of the neighbor ID Priority of the neighbor to become the designated router Pr...

Page 1802: ...s show rip statistics show rip neighbor Meaning Table244onpage1706summarizeskeyoutputfieldsintheRIProutingdisplayintheJ Web interface Table 244 Summary of Key RIP Routing Output Fields Additional Information Values Field RIP Statistics The RIP protocol name Protocol Name The port on which RIP is enabled Port number The interval during which routes are neither advertised nor updated Hold down time ...

Page 1803: ...In Metric Related Documentation Configuring a RIP Network J Web Procedure on page 1685 Layer 3 Protocols Supported on EX Series Switches on page 14 Monitoring Routing Information Purpose Use the monitoring functionality to view the inet 0 routing table on the routing device Action To view the routing tables in the J Web interface select Monitor Routing Route Information Apply a filter or a combina...

Page 1804: ...ew details of inactive routes Specifies the inactive routes Inactive routes Select the view details of the exact route Specifies the exact route Exact route Select the view details of hidden routes Specifies the hidden routes Hidden routes To apply the filter and display messages click Search Applies the specified filter and displays the matching messages Search Table 246 Summary of Key Routing In...

Page 1805: ...hop is listed as Local the destination is an address on the host either the loopback address or Ethernet management port 0 address for example Network layer address of the directly reachable neighboring system if applicable and the interface used to reach it Next Hop How long the route has been active Age There are many possible flags Flags for this route State AS path through which the route was ...

Page 1806: ...Copyright 2010 Juniper Networks Inc 1710 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1807: ...hbor address edit routing instances routing instance name protocols bgp edit routing instances routing instance name protocols bgp group group name edit routing instances routing instance name protocols bgp group group name neighbor address Release Information Statement introduced in Junos OS Release 8 5 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Specify that a...

Page 1808: ...ing table name aggregate generate static defaults route Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure whether static aggregate or generated routes are removed from the routing and forwarding tables when they become inactive Routes that have been configured to remain continually installe...

Page 1809: ...hbor address Release Information Statement introduced in Junos OS Release 9 3 Statement introduced in Junos OS Release 9 3 for EX Series switches Description Have BGP advertise the best external route into an IBGP mesh group a route reflector cluster or an AS confederation even if the best route is an internal route Options conditonal Optional Advertise the best external path only if the route sel...

Page 1810: ...e edit protocols bgp group group name neighbor address edit routing instances routing instance name protocols bgp edit routing instances routing instance name protocols bgp group group name edit routing instances routing instance name protocols bgp group group name neighbor address Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for...

Page 1811: ...edit protocols bgp group group name edit protocols bgp group group name neighbor address edit routing instances routing instance name protocols bgp edit routing instances routing instance name protocols bgp group group name edit routing instances routing instance name protocols bgp group group name neighbor address Release Information Statement introduced before Junos OS Release 7 4 Statement intr...

Page 1812: ...cription Configure aggregate routes Options aggregate options Additional information about aggregate routes that is included with the route when it is installed in the routing table Specify zero or more of the following options in aggregate options Each option is explained separately active passive as path as path origin egp igp incomplete atomic aggregate aggregator as number in address brief ful...

Page 1813: ...abeled unicast edit logical systems logical system name protocols bgp family inet vpn labeled unicast edit protocols bgp family inet labeled unicast edit protocols bgp family inet vpn labeled unicast edit protocols bgp family inet6 labeled unicast Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Ena...

Page 1814: ...cified networks or hosts To configure multiple BGP peers configure one or more networks and hosts within a single allow statement or include multiple allow statements Options all Allow all addresses which is equivalent to 0 0 0 0 0 or 0 network mask length IPv6 or IPv4 network number of a single address or a range of allowable addresses for BGP peers followed by the number of significant bits in t...

Page 1815: ...g instance name protocols rip group group name neighbor neighbor name Release Information Statement introduced in Junos OS Release 8 0 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Disable strict sender address checks Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Docu...

Page 1816: ...st use the same area identifier to establish adjacencies Specify multiple area statements to configure the routing device as an area border router An area border router does not automatically summarize routes between areas use the area range statement to configure route summarization By definition an area border router must be connected to the backbone area either through a physical link or throug...

Page 1817: ...ced in Junos OS Release 9 0 for EX Series switches Support for the realm statement introduced in Junos OS Release 9 2 Support for the realm statement introduced in Junos OS Release 9 2 for EX Series switches Description Area border routers only For an area summarize a range of IP addresses when sending summary link advertisements within an area To summarize multiple ranges include multiple area ra...

Page 1818: ... through 16 777 215 Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Summarizing Ranges of Routes in OSPF Link State Advertisements Copyright 2010 Juniper Networks Inc 1722 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1819: ...route to the peer NOTE The as override statement is specific to a particular BGP group This statement does not affect peers from the same remote AS configured in different groups Enabling the AS override feature allows routes originating from an AS to be accepted by a router residing in the same AS Without AS override enabled the routing device refuses the route advertisement once the AS path show...

Page 1820: ...in RFC 4893 BGP Support for Four octet AS Number Space RFC 4893 introduces two new optional transitive BGP attributes AS4_PATH and AS4_AGGREGATOR These new attributes are used to propagate 4 byte AS path information across BGP speakers that do not support 4 byte AS numbers RFC 4893 also introduces a reserved well known 2 byte AS number AS 23456 This reserved AS number is called AS_TRANS in RFC 489...

Page 1821: ...Configuring Static Routes Configuring Aggregate Routes Configuring Generated Routes Understanding a 4 Byte Capable Router AS Path Through a 2 Byte Capable Domain asm override ssm Syntax asm override ssm Hierarchy Level edit logical systems logical system name routing instances routing instance name routing options multicast edit logical systems logical system name routing options multicast edit ro...

Page 1822: ...p group group name neighbor address edit routing instances routing instance name protocols bgp edit routing instances routing instance name protocols bgp group group name edit routing instances routing instance name protocols bgp group group name neighbor address Release Information Statement introduced in Junos OS Release 8 0 Statement introduced in Junos OS Release 9 0 for EX Series switches Des...

Page 1823: ...tocols bgp edit routing instances routing instance name protocols bgp group group name edit routing instances routing instance name protocols bgp group group name neighbor address Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure an MD5 authentication key password Neighboring routing device...

Page 1824: ...he same password If you are using the Junos IS IS software with another implementation of IS IS the other implementation must be configured to use the same password for the domain the area and all interfaces adjacent to the Juniper Networks routing device Default If you do not include this statement and the authentication type statement IS IS authentication is disabled Options key Authentication p...

Page 1825: ... instances routing instance name protocols rip group group name neighbor neighbor name Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Require authentication for RIP route queries received on an interface Options password Authentication password If the password does not match the packet is rejected...

Page 1826: ...ting instances routing instance name protocols bgp edit routing instances routing instance name protocols bgp group group name edit routing instances routing instance name protocols bgp group group name neighbor address Release Information Statement introduced in Junos OS Release 8 0 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Apply and enable an authentication ...

Page 1827: ...ithout interrupting routingand signaling protocols such as Open Shortest Path First OSPF and Resource Reservation Setup Protocol RSVP Options key chainkey chain name Keychain name This name is configured at the editprotocols bgp or the edit protocols ldp hierarchy level to associate unique authentication key chain attributes with each protocol as specified using the following options description t...

Page 1828: ...cation you must specify a password by including the authentication key statement Default If you do not include this statement and the authentication key statement IS IS authentication is disabled Options authentication Authentication scheme md5 Use HMAC authentication in combination with MD5 HMAC MD5 authentication is defined in RFC 2104 HMAC Keyed Hashing for Message Authentication simple Use a s...

Page 1829: ...interface Default If you do not include this statement and the authentication key statement RIP authentication is disabled Options type Authentication type md5 Use the MD5 algorithm to create an encoded checksum of the packet The encoded checksum is included in the transmitted packet The receiving routing device uses the authentication key to verify the packet discarding it if the digest does not ...

Page 1830: ... 23456 This reserved AS number is called AS_TRANS in RFC 4893 All releases of the Junos OS support 2 byte AS numbers In Junos OS Release 9 3 and later you can also configure a 4 byte AS number using the AS dot notation format of two integer values joined by a period 16 bit high order value in decimal 16 bit low order value in decimal For example the 4 byte AS number of 65 546 in plain number forma...

Page 1831: ...Use the independent domain option if the loops statement must be enabled only on a subset of routing instances The remaining statement is explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation independent domain Configuring AS Numbers for BGP 4 Byte Autonomous System Numbers ...

Page 1832: ...tatement introduced in Junos OS Release 9 5 for EX Series switches Description Configure a backup provider edge PE group for ingress PE redundancy when point to multipoint label switched paths LSPs are used for multicast distribution Options group name Name of the group for PE backups The remaining statements are explained separately Required Privilege Level routing To view this statement in the c...

Page 1833: ...se Information Statement introduced in Junos OS Release 9 0 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure the address of backup PEs for ingress PE redundancy when point to multipoint label switched paths LSPs are used for multicast distribution Options addresses Addresses of other PEs in the backup group Required Privilege Level routing To view this stat...

Page 1834: ...duced in Junos OS Release 9 0 for EX Series switches Description Configure the bandwidth property for multicast flow maps Options adaptive Specify that the bandwidth is measured for the flows that are matched by the flow map bps Bandwidth in bits per second for the flow map Range 0 through any amount of bandwidth Default 2 Mbps Required Privilege Level routing To view this statement in the configu...

Page 1835: ...spf3 area area id interface interface name edit routing instances routing instance name protocols ospf area area id interface interface name topology topology name edit routing instances routing instance name protocols ospf3 realm ipv4 unicast ipv4 multicast ipv6 multicast area area id interface interface name Release Information Statement introduced in Junos OS Release 9 5 Statement introduced in...

Page 1836: ...ing control To add this statement to the configuration Related Documentation metric on page 1863 Dynamically Adjusting OSPF Interface Metrics Based on Bandwidth Copyright 2010 Juniper Networks Inc 1740 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1837: ...s bgp group group name edit protocols bgp group group name neighbor address edit routing instances routing instance name protocols bgp edit routing instances routing instance name protocols bgp group group name edit routing instances routing instance name protocols bgp group group name neighbor address Release Information Statement introduced in Junos OS Release 8 1 Statement introduced in Junos O...

Page 1838: ...statement at the global edit bgp protocols hierarchy level You can also configure IBGP and multihop support for a routing instance or a logical system Copyright 2010 Juniper Networks Inc 1742 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1839: ...ou can configure the holddown interval option only for EBGP peers minimum interval milliseconds Configure the minimum intervals at which the local routing device transmits hello packets and then expects to receive a reply from a neighbor with which it has established a BFD session Range 1 through 255 000 minimum receive interval milliseconds Configure only the minimum interval at which the local r...

Page 1840: ...e BFD version to detect Range 1 or automatic autodetect the BFD version Default automatic The remaining statements are explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Configuring BFD for BGP Configuring BFD Authentication for BGP Copyright 2010 Juniper Networks Inc 174...

Page 1841: ...ase 8 2 Support for logical systems introduced in Junos OS Release 8 3 no adaptation statement introduced in Junos OS Release 9 0 authentication algorithm authentication key chain and authentication loose check statements introduced in Junos OS Release 9 6 Description Configure bidirectional failure detection timers and authentication Options authenticationalgorithmalgorithm name Configure the alg...

Page 1842: ... you not disable BFD adaptation unless it is preferable not to have BFD adaptation enabled in your network transmit interval threshold milliseconds Configure a threshold When the BFD session transmit interval adapts to a value greater than the threshold a single trap and a single system log message are sent The interval threshold must be greater than the minimum transmit interval Range 0 through 4...

Page 1843: ...face interface name edit protocols ospf3 realm ipv4 unicast ipv4 multicast ipv6 multicast area area id interface interface name edit routing instances routing instance name protocols ospf ospf3 area area id interface interface name edit routing instances routing instance name protocols ospf3 realm ipv4 unicast ipv4 multicast ipv6 multicast area area id interface interface name Release Information ...

Page 1844: ...tion loose check statements introduced in Junos OS Release 9 6 Description Configure bidirectional failure detection timers and authentication Copyright 2010 Juniper Networks Inc 1748 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1845: ...cts to receive a reply from the neighbor with which it has established a BFD session Range 1 through 255 000 milliseconds minimum receive interval milliseconds Configure only the minimum interval at which the routing device expects to receive a reply from a neighbor with which it has established a BFD session Range 1 through 255 000 milliseconds multiplier number Configure the number of hello pack...

Page 1846: ...ivilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Configuring BFD for OSPF Configuring BFD Authentication for OSPF Copyright 2010 Juniper Networks Inc 1750 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1847: ...ntroduced in Junos OS Release 8 3 no adaptation statement introduced in Junos OS Release 9 0 Statement introduced in Junos OS Release 9 0 for EX Series switches authentication algorithm authentication key chain and authentication loose check statements introduced in Junos OS Release 9 6 authentication algorithm authentication key chain and authentication loose check statements introduced in Junos ...

Page 1848: ...wn Range 1 through 255 Default 3 no adaptation Configure BFD sessions not to adapt to changing network conditions We recommend that you not disable BFD adaptation unless it is preferable not to have BFD adaptation enabled in your network transmit interval threshold milliseconds Configure a threshold When the BFD session transmit interval adapts to a value greater than the threshold a single trap a...

Page 1849: ...logical systems logical system name routing options rib routing table name static route destination prefix edit logical systems logical system name routing options rib routing table name static route destination prefix qualified next hop interface name address edit logical systems logical system name routing options static route destination prefix edit logical systems logical system name routing o...

Page 1850: ...for logical routers introduced in Junos OS Release 8 3 holddown interval statement introduced in Junos OS Release 8 5 no adaptation statement introduced in Junos OS Release 9 0 Support for IPv6 static routes introduced in Junos OS Release 9 1 authentication algorithm authentication key chain and authentication loose check statements introduced in Junos OS Release 9 6 Description Configure bidirect...

Page 1851: ...erval specifying how long a BFD session must remain up before a state change notification is sent Range 0 through 255 000 Default 0 local address ip address Enable a multihop BFD session and configure the source address for the BFD session minimum interval milliseconds Configure the minimum intervals at which the local routing device transmits a hello packet and then expects to receive a reply fro...

Page 1852: ...aining statements are explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Configuring Bidirectional Forwarding Detection Configuring BFD Authentication for Static Routes bgp Syntax bgp Hierarchy Level edit logical systems logical system name protocols bgp editlogical syste...

Page 1853: ...tances routing instance name protocols bgp outbound route filter edit routing instances routing instance name protocols bgp group group name outbound route filter edit routing instances routing instance name protocols bgp group group name neighbor address outbound route filter edit routing instances routing instance name routing options outbound route filter edit routing options outbound route fil...

Page 1854: ...imit bytes Optional Specify a threshold at which to stop collecting BMP data if the limit is exceeded Default 10 MB Range 1 048 576 through 52 428 800 station address ip address name Specify the IP address or a valid URL for the monitoring where BMP data should be sent station portport number Specify the port number of the monitoring station to use when sending BMP data statistics timeout seconds ...

Page 1855: ... routing table name aggregate generate defaults route Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure all AS numbers from all contributing paths to be included in the aggregate or generated route s path brief Include only the longest common leading sequences from the contributing AS paths...

Page 1856: ...tatement in the edit routing options ppm hierarchy BEST PRACTICE We recommend that generally you disable distributed PPM only if Juniper Networks Customer Service advises you to do so You should disable distributed PPM only if you have a compelling reason to disable it Default Distributed PPM processing is enabled for all packets that use PPM Required Privilege Level routing To view this statement...

Page 1857: ...S Release 9 0 for EX Series switches Description Check whether the reserved fields in a RIP packet are zero check zero Discard version 1 packets that have nonzero values in the reserved fields and version 2 packets that have nonzero values in the fields that must be zero This default behavior implements the RIP version 1 and version 2 specifications no check zero Receive RIP version 1 packets with...

Page 1858: ...on Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Enable checksum for packets on this interface The checksum cannot be enabled with MD5 hello authentication on the same interface Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Rel...

Page 1859: ...r address edit routing instances routing instance name protocols bgp edit routing instances routing instance name protocols bgp group group name edit routing instances routing instance name protocols bgp group group name neighbor address Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Specify the c...

Page 1860: ...r generated route Options community ids One or more community identifiers The community ids format varies according to the type of attribute that you use The BGP community attribute format is as number community value as number AS number of the community member It can be a value from 1 through 65 535 community value Identifier of the community member It can be a number from 0 through 65 535 For mo...

Page 1861: ...nomous system members autonomous systems Hierarchy Level edit logical systems logical system name routing options edit routing options Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Specify the routing device s confederation AS number Options autonomous system AS numbers of the confederation membe...

Page 1862: ...oduced in Junos OS Release 9 0 for EX Series switches Description Configure the interval between complete sequence number CSN packets on a LAN interface Options disable Do not send CSN packets on this interface seconds Number of seconds between the sending of CSN packets Range 1 through 65 535 seconds Default 10 seconds Required Privilege Level routing To view this statement in the configuration r...

Page 1863: ...s bgp group group name neighbor address edit routing instances routing instance name protocols bgp edit routing instances routing instance name protocols bgp group group name edit routing instances routing instance name protocols bgp group group name neighbor address Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series swit...

Page 1864: ...4 multicast ipv6 multicast area area id interface interface name edit routing instances routing instance name protocols ospf ospf3 area area id interface interface name edit routing instances routing instance name protocols ospf ospf3 area area id virtual link edit routing instances routing instance name protocols ospf3 realm ipv4 unicast ipv4 multicast ipv6 multicast area area id interface interf...

Page 1865: ...outing instances routing instance name protocols ospf3 realm ipv4 unicast ipv4 multicast ipv6 multicast area area id nssa Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Support for the realm statement introduced in Junos OS Release 9 2 Support for the realm statement introduced in Junos OS Release 9 2 for EX ...

Page 1866: ...ea id nssa default lsa edit protocols ospf3 realm ipv4 unicast ipv4 multicast ipv6 multicast area area id stub edit routing instances routing instance name protocols ospf ospf3 area area id nssa default lsa edit routing instances routing instance name protocols ospf ospf3 area area id stub edit routing instances routing instance name protocols ospf3 realm ipv4 unicast ipv4 multicast ipv6 multicast...

Page 1867: ...group name neighbor address edit routing instances routing instance name protocols bgp edit routing instances routing instance name protocols bgp group group name edit routing instances routing instance name protocols bgp group group name neighbor address Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Descrip...

Page 1868: ...lease Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Disable BGP on the system Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Enabling BGP Copyright 2010 Juniper Networks Inc 1772 Complete Softwa...

Page 1869: ...nstance name protocols isis interface interface name level level number edit routing instances routing instance name protocols isis traffic engineering Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Disable IS IS on the routing device on an interface or on a level At the edit protocols isis traffi...

Page 1870: ...ea id interface interface name edit protocols ospf ospf3 virtual link edit protocols ospf3 realm ipv4 unicast ipv4 multicast ipv6 multicast edit protocols ospf3 realm ipv4 unicast ipv4 multicast ipv6 multicast area area id interface interface name edit routing instances routing instance name protocols ospf ospf3 edit routing instances routing instance name protocols ospf ospf3 area area id interfa...

Page 1871: ...ing options graceful restart edit routing options graceful restart Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Disable graceful restart Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation C...

Page 1872: ...oute edit routing options rib routing table name aggregate generate defaults route Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Do not forward packets addressed to this destination Instead drop the packets do not send ICMP unreachable messages to the packets originators and install a reject rout...

Page 1873: ...ace address belonging to the routing instance Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Configuring OSPF Domain IDs for VPNs domain vpn tag Syntax domain vpn tag number Hierarchy Level editlogical systemslogical system namerouting instancesrouting instance nameprotocols ospf ospf3 ed...

Page 1874: ...logical systems logical system name routing instances instance name protocols bgp group group name neighbor address family inet6 labeled unicast edit logical systems logical system name routing instances instance name protocols ldp edit protocols mpls edit protocols bgp family inet labeled unicast edit protocols bgp family inet6 labeled unicast edit protocols bgp group group name family inet label...

Page 1875: ...ing instance nameprotocols bgp group group name neighbor address edit protocols bgp edit protocols bgp group group name edit protocols bgp group group name neighbor address edit routing instances routing instance name protocols bgp edit routing instances routing instance name protocols bgp group group name edit routing instances routing instance name protocols bgp group group name neighbor address...

Page 1876: ...for EX Series switches Description Apply one or more policies to routes being exported from the routing table into IS IS Options policy names Name of one or more policies Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Applying Policies to Routes Exported to IS IS Junos Policy Framework Co...

Page 1877: ...nstance name protocols ospf3 realm ipv4 unicast ipv4 multicast ipv6 multicast Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Support for the realm statement introduced in Junos OS Release 9 2 Support for the realm statement introduced in Junos OS Release 9 2 for EX Series switches Description Apply one or mor...

Page 1878: ...uration Guide export Syntax export policy names Hierarchy Level edit logical systems logical system name protocols ripng group group name editlogical systemslogical system namerouting instancesrouting instance nameprotocols ripng group group name edit protocols ripng group group name edit routing instances routing instance name protocols ripng group group name Release Information Statement introdu...

Page 1879: ...ntation Configuring Per Packet Load Balancing Junos Policy Framework Configuration Guide export rib Syntax export rib routing table name Hierarchy Level edit logical systems logical system name routing instances routing instance name routing options rib group group name edit logical systems logical system name routing options passive group name edit routing instances routing instance name routing ...

Page 1880: ...ced in Junos OS Release 9 0 for EX Series switches Description Configure the preference of external routes Options preference Preference value Range 0 through 4 294 967 295 2 32 1 Default 15 for Level 1 internal routes 18 for Level 2 internal routes 160 for Level 1 external routes 165 for Level 2 external routes Required Privilege Level routing To view this statement in the configuration routing c...

Page 1881: ...es routing instance name protocols ospf3 realm ipv4 unicast ipv4 multicast ipv6 multicast Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Support for the realm statement introduced in Junos OS Release 9 2 Support for the realm statement introduced in Junos OS Release 9 2 for EX Series switches Description Set ...

Page 1882: ... forever minutes aggregate label community community name explicit null connected only prefix limit maximum number teardown percentage idle timeout forever minutes resolve vpn rib inet 3 rib group group name route target accepted prefix limit maximum number teardown percentage idle timeout forever minutes advertise default external paths number prefix limit maximum number teardown percentage idle ...

Page 1883: ...group name edit protocols bgp group group name neighbor address edit routing instances routing instance name protocols bgp edit routing instances routing instance name protocols bgp group group name edit routing instances routing instance name protocols bgp group group name neighbor address Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Releas...

Page 1884: ...d inet6 loops number Optional Specify the maximum number of times that the AS number can appear in the AS path received from a BGP peer for the specified address family For number include a value from 1 through 10 NOTE When you configure the loops statement for a specific BGP address family that value is used to evaluate the AS path for routes received by a BGP peer for the specified address famil...

Page 1885: ...r point to point links The sequence is insignificant Options cost value Cost assigned to the group Range 1 through 65 535 Default 1 fromaddress Address of the router or address of the LAN NBMA interface For example an Ethernet network with four hosts in the same fate sharing group would require you to list all four of the separate from addresses in the group group group name Each fate sharing grou...

Page 1886: ...ke if conditions match match conditions Match packets to these conditions route name Name of the flow route standard Specify to use version 7 or later of the flow specification algorithm term order legacy standard Specify the version of the flow specification algorithm legacy Use version 6 of the flow specification algorithm standard Use version 7 of the flow specification algorithm then Actions t...

Page 1887: ... in the configuration routing control To add this statement to the configuration Related Documentation Creating a Multicast Flow Map forwarding cache Flow Maps Syntax forwarding cache timeout minutes never non discard entry only Hierarchy Level edit logical systems logical system name routing instances routing instance name routing options multicast flow map flow map name edit logical systems logi...

Page 1888: ...n the configuration routing control To add this statement to the configuration Related Documentation Configuring General Multicast Forwarding Cache Properties forwarding table Syntax forwarding table export policy names indirect next hop no indirect next hop unicast reverse path active paths feasible paths Hierarchy Level edit logical systems logical system name routing options edit routing option...

Page 1889: ...he routing table Specify zero or more of the following options in generate options Each option is explained separately active passive as path as path origin egp igp incomplete atomic aggregate aggregator as number in address community community ids discard brief full metric metric2 metric3 metric4 value type type preference preference2 color color2 preference type type tag string defaults Specify ...

Page 1890: ...protocols bgp group group name edit protocols bgp group group name neighbor address Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure graceful restart for BGP Options disable Disable graceful restart for BGP restart time seconds Time period when the restart is expected to be complete Range ...

Page 1891: ...able Disable graceful restart helper disable Disable graceful restart helper capability Helper mode is enabled by default restart duration seconds Configure the time period for the restart to last in seconds Range 30 through 300 seconds Default 30 seconds Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related ...

Page 1892: ...r capability Helper mode is enabled by default notify duration seconds Estimated time to send out purged grace LSAs over all the interfaces Range 1 through 3600 seconds Default 30 seconds restart duration seconds Estimated time to reacquire a full OSPF neighbor from each area Range 1 through 3600 seconds Default 180 seconds Required Privilege Level routing To view this statement in the configurati...

Page 1893: ...for RIP Options disable Disables graceful restart for RIP seconds Estimated time for the restart to finish in seconds Range 1 through 600 seconds Default 60 seconds The remaining statements are explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Configuring Graceful Restar...

Page 1894: ...EX Series switches Support for routing instances introduced in Junos OS Release 9 0 Description Configure graceful restart for RIPng Options disable Disables graceful restart for RIPng seconds Estimated time period for the restart to finish Range 1 through 600 seconds Default 60 seconds Required Privilege Level routing To view this statement in the configuration routing control To add this stateme...

Page 1895: ...ation Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure graceful restart The remaining statements are explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Configuring Graceful Restart J...

Page 1896: ... group name flow no validate policy name labeled unicast accepted prefix limit maximum number teardown percentage idle timeout forever minutes explicit null connected only prefix limit maximum number teardown percentage idle timeout forever minutes resolve vpn rib inet 3 rib group group name route target accepted prefix limit maximum number teardown percentage idle timeout forever minutes advertis...

Page 1897: ...nstancesrouting instance nameprotocols bgp edit protocols bgp edit routing instances routing instance name protocols bgp Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Define a BGP peer group BGP peer groups share a common type peer autonomous system AS number and cluster ID if present To configur...

Page 1898: ...rivilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Configuring BGP Groups and Peers Copyright 2010 Juniper Networks Inc 1802 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1899: ...nds neighbor neighbor name authentication key password authentication type type bfd liveness detection authentication algorithm algorithm name key chain key chain name loose check detection time threshold milliseconds minimum interval milliseconds minimum receive interval milliseconds transmit interval threshold milliseconds minimum interval milliseconds multiplier number version 0 1 automatic che...

Page 1900: ...tches Description Configure a set of RIP neighbors that share an export policy and metric The export policy and metric govern what routes to advertise to neighbors in a given group Options group name Name of a group up to 16 characters long The remaining statements are explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this stat...

Page 1901: ... before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Support for routing instances introduced in Junos OS Release 9 0 Description Configure a set of RIPng neighbors that share an export policy and metric The export policy and metric govern what routes to advertise to neighbors in a given group Options group name Name of a group up to 16 characters long T...

Page 1902: ...city of packets sent from an interface For the key to work you also must include the hello authentication type statement Default By default hello authentication is not configured on an interface However if IS IS authentication is configured the hello packets are authenticated using the IS IS authentication type and password Options password Authentication password The password can be up to 255 cha...

Page 1903: ...If you enable authentication on hello packets you must specify a password by including the hello authentication key statement Default By default hello authentication is not configured on an interface However if IS IS authentication is configured the hello packets are authenticated using the IS IS authentication type and password Options md5 Specifies Message Digest 5 as the packet verification typ...

Page 1904: ...before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Frequency with which the routing device sends hello packets out of an interface in seconds Options seconds Frequency of transmission for hello packets Range 1 through 20 000 seconds Default 3 seconds for designated intersystem DIS routers 9 seconds for non DIS routers Required Privilege Leve...

Page 1905: ...pv4 unicast ipv4 multicast ipv6 multicast area area id interface interface name edit routing instances routing instance name protocols ospf ospf3 area area id interface interface name edit routing instances routing instance name protocols ospf ospf3 area area id virtual link edit routing instances routing instance name protocols ospf3 realm ipv4 unicast ipv4 multicast ipv6 multicast area area id i...

Page 1906: ...ced in Junos OS Release 9 0 for EX Series switches Description Configure padding on hello packets to accommodate asymmetrical maximum transfer units MTUs from different hosts Options adaptive Configure padding until state of neighbor adjacency is up loose Configure padding until state of adjacency is initialized strict Configure padding for all adjacency states Required Privilege Level routing To ...

Page 1907: ... Junos OS Release 9 0 for EX Series switches Description Configure the time period the expired route is retained in the routing table before being removed Options seconds Estimated time to wait before making updates to the routing table Range 10 through 180 seconds Default 180 seconds Required Privilege Level routing To view this statement in the configuration routing control To add this statement...

Page 1908: ...equired Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Configuring RIPng Timers hold time Syntax hold time seconds Hierarchy Level edit interfaces interface name unit logical unit number family inet6 address address vrrp inet6 group group id Release Information Statement introduced in Junos OS Rel...

Page 1909: ... group group name neighbor address Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Specify the hold time value to use when negotiating a connection with the peer The hold time value is advertised in open packets and indicates to the peer the length of time that it should consider the sender valid I...

Page 1910: ...or considers this router to be operative up after receiving a hello packet If the neighbor does not receiver another hello packet within the specified time it marks this routing device as inoperative down The hold time itself is advertised in the hello packets Options seconds Hold time value in seconds Range 3 through 65 535 seconds or 1 to send out hello packets every 333 milliseconds Default 9 s...

Page 1911: ... This feature is particularly useful if you are using dynamic routing policies because the dynamic database is not synchronized with the backup Routing Engine when NSR is enabled Options forever Do not reestablish a BGP peering session after an NSR switchover until the clear bgp neighbor command is issued seconds Do not reestablish a BGP peering session after an NSR switchover until after the spec...

Page 1912: ... Related Documentation Configuring IS IS ignore lsp metrics Syntax ignore lsp metrics Hierarchy Level edit logical systems logical system name protocols ospf traffic engineering shortcuts editlogical systemslogical system namerouting instancesrouting instance nameprotocols ospf traffic engineering shortcuts edit protocols ospf traffic engineering shortcuts edit routing instances routing instance n...

Page 1913: ...dress edit routing instances routing instance name protocols bgp edit routing instances routing instance name protocols bgp group group name edit routing instances routing instance name protocols bgp group group name neighbor address Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Apply one or more...

Page 1914: ... instance name protocols ospf3 realm ipv4 unicast ipv4 multicast ipv6 multicast Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Support for the realm statement introduced in Junos OS Release 9 2 Support for the realm statement introduced in Junos OS Release 9 2 for EX Series switches Description Filter OSPF ro...

Page 1915: ...t routing instances routing instance name protocols rip group group name neighbor neighbor name Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Apply one or more policies to routes being imported by the local router from its neighbors Options policy names Name of one or more policies Required Privi...

Page 1916: ...ting instance name protocols ripng group group name neighbor neighbor name Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Support for routing instances introduced in Junos OS Release 9 0 Description Apply one or more policies to routes being imported into the local routing device from the neighbors Options po...

Page 1917: ...t logical systems logical system name routing instances routing instance name routing options rib group group name edit logical systems logical system name routing options passive group name edit routing instances routing instance name routing options rib group group name edit routing options rib groups group name Release Information Statement introduced before Junos OS Release 7 4 Statement intro...

Page 1918: ...he primary route is deleted the secondary route also is deleted For IPv4 import routing tables the primary routing table must be inet 0 or routing instance name inet 0 For IPv6 import routing tables the primary routing table must be inet6 0 In Junos OS Release 9 5 and later you can configure an IPv4 import routing table that includes both IPv4 and IPv6 routing tables Including both types of routin...

Page 1919: ...ext hop Syntax indirect next hop no indirect next hop Hierarchy Level edit logical systems logical system name routing options forwarding table edit routing options forwarding table Release Information Statement introduced in Junos OS Release 8 2 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Enable indirectly connected next hops for route convergence NOTE When vir...

Page 1920: ...ween Virtual Router Redundancy Protocol VRRP IPv6 advertisement packets Options milliseconds Interval in milliseconds between advertisement packets Range 100 to 40 000 ms Default 1 second Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation Configuring VRRP for IPv6 CLI Procedure on page 16...

Page 1921: ...edit routing options static defaults route Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure whether the Junos OS installs all static routes into the forwarding table Even if you configure a route so it is not installed in the forwarding table the route is still eligible to be exported from...

Page 1922: ...os Policy Framework Configuration Guide instance import Syntax instance import policy names Hierarchy Level edit logical systems logical system name routing instances routing instance name routing options edit logical systems logical system name routing options edit routing instances routing instance name routing options edit routing options Release Information Statement introduced before Junos OS...

Page 1923: ...elease Information Statement introduced in Junos OS Release 9 1 Statement introduced in Junos OS Release 9 1 for EX Series switches Support for the realm statement introduced in Junos OS Release 9 2 Support for the realm statement introduced in Junos OS Release 9 2 for EX Series switches Description Apply an export policy for OSPFv3 to specify which interarea prefix link state advertisements LSAs ...

Page 1924: ...v4 multicast ipv6 multicast area area id Release Information Statement introduced in Junos OS Release 9 1 Statement introduced in Junos OS Release 9 1 for EX Series switches Support for the realm statement introduced in Junos OS Release 9 2 Support for the realm statement introduced in Junos OS Release 9 2 for EX Series switches Description Apply an import policy for OSPFv3 to specify which routes...

Page 1925: ...n disable hold time seconds lsp interval milliseconds mesh group value blocked no adjacency holddown no ipv4 multicast no ipv6 multicast no ipv6 unicast no unicast topology passive point to point level level number disable hello authentication type authentication hello authentication key key hello interval seconds hold time seconds ipv4 multicast metric number ipv6 multicast metric number ipv6 uni...

Page 1926: ...e disable statement and not actually having IS IS run on an interface by including the passive statement are mutually exclusive states Options all Have the Junos OS create IS IS interfaces automatically interface name Name of an interface Specify the full interface name including the physical and logical address components For details about specifying interfaces see the Junos Network Interfaces Co...

Page 1927: ...ssive poll interval seconds priority number retransmit interval seconds te metric metric topology ipv4 multicast name metric metric transit delay seconds transmit interval seconds Hierarchy Level edit logical systems logical system name protocols ospf ospf3 area area id edit logical systems logical system name protocols ospf3 realm ipv4 unicast ipv4 multicast ipv6 multicast area area id editlogica...

Page 1928: ...F on the routing device Options interface name Name of the interface Specify the interface by IP address or interface name for OSPFv2 or only the interface name for OSPFv3 Using both the interface name and IP address of the same interface produces an invalid configuration To configure all interfaces you can specify all Specifying a particular interface and all produces an invalid configuration For...

Page 1929: ...ation Statement introduced in Junos OS Release 8 3 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Define the maximum bandwidth for an interface on which you want to apply bandwidth management Options interface name Names of the physical or logical interface For details about specifying interfaces see the Junos Network Interfaces Configuration Guide The remaining st...

Page 1930: ...tement introduced in Junos OS Release 9 0 for EX Series switches Description Enable multicast traffic on an interface NOTE You cannot enable multicast traffic on an interface using the enable statement and configure PIM on the same interface simultaneously Options interface name Name of the interface on which to enable multicast traffic Specify the interface name to enable multicast traffic on the...

Page 1931: ...itches Description Associate a routing table group with the routing device s interfaces and specify routing table groups into which interface routes are imported Options inet Specify the IPv4 address family inet6 Specify the IPv6 address family lan Export LAN routes point to point Export point to point routes The remaining statement is explained separately Required Privilege Level routing To view ...

Page 1932: ...s Support for OSPFv3 for interface type p2p only introduced in Junos OS Release 9 4 You cannot configure other interface types for OSPFv3 Support for OSPFv3 for interface type p2p only introduced in Junos OS Release 9 4 for EX Series switches Description Specify the type of interface By default the software chooses the correct interface type based on the type of physical interface Therefore you sh...

Page 1933: ...cast metric Syntax ipv4 multicast metric metric Hierarchy Level edit logical systems logical system name protocols isis interface interface namelevel level number editlogical systemslogical system namerouting instancesrouting instance nameprotocols isis interface interface name level level number edit protocols isis interface interface name level level number edit routing instances routing instanc...

Page 1934: ... Hierarchy Level edit logical systems logical system name protocols isis interface interface name level level number editlogical systemslogical system namerouting instancesrouting instance nameprotocols isis interface interface name level level number edit protocols isis interface interface name level level number edit routing instances routing instance name protocols isis interface interface name...

Page 1935: ...t metric metric Hierarchy Level edit logical systems logical system name protocols isis interface interface name level level number editlogical systemslogical system namerouting instancesrouting instance nameprotocols isis interface interface name level level number edit protocols isis interface interface name level level number edit routing instances routing instance name protocols isis interface...

Page 1936: ...hes Description Enable IS IS routing on the routing device or for a routing instance The isis statement is the one statement you must include in the configuration to run IS IS on the routing device or in a routing instance Default IS IS is disabled on the routing device Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configu...

Page 1937: ...oup name edit routing instances routing instance name protocols bgp group group name neighbor address Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Specify whether routes learned from a BGP peer are retained in the routing table even if they contain an AS number that was exported from the local A...

Page 1938: ...ystem name routing instances routing instance name protocols bgp group group name neighbor address family inet inet6 edit protocols bgp family inet inet6 edit protocols bgp group group name family inet inet6 edit protocols bgp group group name neighbor address family inet inet6 edit routing instances routing instance name protocols bgp family inet inet6 edit routing instances routing instance name...

Page 1939: ...s isis edit routing instances routing instance name protocols isis Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure the global level properties Options level number IS IS level number Values 1 or 2 The remaining statements are explained separately Required Privilege Level routing To view t...

Page 1940: ... 5 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Enable link protection on the specified IS IS interface The Junos OS creates a backup loop free alternate path to the primary next hop for all destination routes that traverse the protected interface Required Privilege Level routing To view this statement in the configuration routing control To add this statement to...

Page 1941: ...protocols bgp group group name neighbor address Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Specify the address of the local end of a BGP session This address is used to accept incoming connections to the peer and to establish connections to the remote peer When none of the operational interfac...

Page 1942: ...elease Information Statement introduced in Junos OS Release 9 0 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure the address of the local PE for ingress PE redundancy when point to multipoint LSPs are used for multicast distribution Options address Address of local PEs in the backup group Required Privilege Level routing To view this statement in the config...

Page 1943: ... the local AS number In Junos OS Release 9 1 and later the autonomous system AS numeric range in plain number format is extended to provide BGP support for 4 byte AS numbers as defined in RFC 4893 BGP Support for Four octet AS Number Space In Junos OS Release 9 3 and later you can also configure a 4 byte AS number using the AS dot notation format of two integer values joined by a period 16 bit hig...

Page 1944: ...m name protocols bgp group group name neighbor ipv6 link local address editlogical systemslogical system namerouting instancesrouting instance nameprotocols bgp group group name neighbor ipv6 link local address edit protocols bgp group group name neighbor ipv6 link local address edit routing instances routing instance name protocols bgp group group name neighbor ipv6 link local address Release Inf...

Page 1945: ...fy the value of the LOCAL_PREF path attribute which is a metric used by IBGP sessions to indicate the degree of preference for an external route The route with the highest local preference value is preferred The LOCAL_PREF path attribute always is advertised to internal BGP peers and to neighboring confederations It is never advertised to external BGP peers Default If you omit this statement the L...

Page 1946: ... instance name protocols bgp edit routing instances routing instance name protocols bgp group group name edit routing instances routing instance name protocols bgp group group name neighbor address Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Log a message whenever a BGP peer makes a state trans...

Page 1947: ... logical system name protocols isis interface interface name editlogical systemslogical system namerouting instancesrouting instance nameprotocols isis interface interface name edit protocols isis interface interface name edit routing instances routing instance name protocols isis interface interface name Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in ...

Page 1948: ...Specify how long a link state PDU originating from the routing device should persist in the network The routing device sends link state PDUs often enough so that the link state PDU lifetime never expires Options seconds link state PDU lifetime in seconds Range 350 through 65 535 seconds Default 1200 seconds Required Privilege Level routing To view this statement in the configuration routing contro...

Page 1949: ...tcuts Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Support for OSPFv3 ospf3 introduced in Junos OS Release 9 4 Support for OSPFv3 ospf3 introduced in Junos OS Release 9 4 for EX Series switches Description Advertise the LSP metric in summary LSAs Required Privilege Level routing To view this statement in th...

Page 1950: ...nfiguring destination prefix prefix length destination prefix is the network portion of the IP address and prefix length is the destination prefix length default Default route to use when routing packets do not match a network or host in the routing table This is equivalent to specifying the IP address 0 0 0 0 0 match type Criteria that the destination must match exact Exactly match the route s ma...

Page 1951: ...s OS Release 8 1 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Modify the maximum number of IS IS areas advertised Options number Maximum number of areas to include in the IS IS hello IIH PDUs and link state PDUs Range 3 through 36 Default 3 Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the co...

Page 1952: ... name Release Information Statement introduced in Junos OS Release 8 3 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure the multicast bandwidth for the interface Options bps Bandwidth rate in bits per second for the multicast interface Range 0 through any amount of bandwidth Required Privilege Level routing To view this statement in the configuration routin...

Page 1953: ... triggers only a warning and additional routes are not rejected path limit Maximum number of routes If this limit is reached a warning is triggered and additional routes are rejected Range 1 through 4 294 967 295 2 32 1 Default No default threshold value Optional Percentage of the maximum number of routes that starts triggering warning You can configure a percentage of the path limit value that st...

Page 1954: ...y a warning and additional routes are not rejected prefix limit Maximum number of route prefixes If this limit is reached a warning is triggered and any additional routes are rejected Range 1 through 4 294 967 295 Default No default threshold value Optional Percentage of the maximum number of prefixes that starts triggering warning You can configure a percentage of the prefix limit value that star...

Page 1955: ...er delays MED updates for the interval configured unless the MED is lower than the previously advertised attribute or another attribute associated with the route has changed or if the BGP peer is responding to a refresh route request Options minutes Interval to delay MED updates Default 10 minutes Range 10 through 600 Required Privilege Level routing To view this statement in the configuration rou...

Page 1956: ...os OS Release 9 0 for EX Series switches Description Configure an interface to be part of a mesh group which is a set of fully connected nodes Options blocked Configure the interface so that it does not flood link state PDU packets value Number that identifies the mesh group Range 1 through 4 294 967 295 2 32 1 32 bits are allocated to identify a mesh group Required Privilege Level routing To view...

Page 1957: ...rotocols rip group group name neighbor neighbor name Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Specify the number of route entries to be included in every RIP update message To ensure interoperability with other vendors equipment use the standard of 25 route entries per message Options number...

Page 1958: ...uced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Specify the metric value for the level Options metric Metric value Range 1 through 63 or 1 through 16 777 215 if you have configured wide metrics Default 10 for all interfaces except lo0 0 for the lo0 interface Required Privilege Level routing To view this statement in the configuration...

Page 1959: ...rea area id interface interface name edit routing instances routing instance name protocols ospf area area id sham link remote edit routing instances routing instance name protocols ospf area area id interface interface name topology ipv4 multicast name edit routing instances routing instance name protocols ospf3 realm ipv4 unicast ipv4 multicast ipv6 multicast area area id interface interface nam...

Page 1960: ...fore Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Metric value for an aggregate generated or static route You can specify up to four metric values starting with metric for the first metric value and continuing with metric2 metric3 and metric4 Options metric Metric value Range 0 through 4 294 967 295 2 32 1 type type Optional Type of route Ran...

Page 1961: ...e protocols rip group group name neighbor neighbor name Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Specify the metric to add to incoming routes when advertising into RIP routes that were learned from other protocols Use this statement to configure the routing device to prefer RIP routes learne...

Page 1962: ...or neighbor name Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Support for routing instances introduced in Junos OS Release 9 0 Description Specify the metric to add to incoming routes when advertising into RIPng routes that were learned from other protocols Use this statement to configure the routing device...

Page 1963: ...s This path attribute is used to discriminate among multiple exit points to a neighboring AS If all other factors are equal the exit point with the lowest metric is preferred You can specify a constant metric value by including the metric option For configurations in which a BGP peer sends third party next hops that require the local system to perform next hop resolution IBGP configurations config...

Page 1964: ...metric is greater than the minimum metric value the metric value remains unchanged If a newly calculated metric is lower the metric value is lowered to that value offset Optional Increases or decreases the metric by this value Range 2 31 through 2 31 1 Default None Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuratio...

Page 1965: ...n Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Specify the metric value to add to routes transmitted to the neighbor Use this statement to control how other routing devices prefer RIP routes sent from this neighbor Options metric Metric value Range 1 through 16 Default 1 Required Privilege Level routing To view thi...

Page 1966: ...ease 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Support for routing instances introduced in Junos OS Release 9 0 Description Specify the metric value to add to routes transmitted to the neighbor Use this statement to control how other routing devices prefer RIPng routes sent from this neighbor Options metric Metric value Range 1 through 16 Default 1 Required Privilege ...

Page 1967: ...ssa default lsa edit routing instances routing instance name protocols ospf ospf3 area area id nssa default lsa edit routing instances routing instances protocols ospf3 realm ipv4 unicast ipv4 multicast ipv6 multicast area area id nssa default lsa Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Support for the...

Page 1968: ... bgp group group name neighbor address edit routing instances routing instance name protocols bgp edit routing instances routing instance name protocols bgp group group name edit routing instances routing instance name protocols bgp group group name neighbor address Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switc...

Page 1969: ...se 9 0 for EX Series switches Description Configure generic multicast properties NOTE You cannot apply a scoping policy to a specific routing instance All scoping policies are applied to all routing instances However you can apply the scope statement to a specific routing instance The remaining statements are explained separately Required Privilege Level routing To view this statement in the confi...

Page 1970: ...e 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure an EBGP multihop session External confederation peering is a special case that allows unconnected third party next hops You do not need to configure multihop sessions explicitly in this particular case multihop behavior is implied If you have confederation external BGP peer to loopback addresses you sti...

Page 1971: ...efore Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Allow load sharing among multiple EBGP paths and multiple IBGP paths A path is considered a BGP equal cost path and will be used for forwarding if a tie break is performed The tie break is performed after the BGP route path selection step that chooses the next hop path that is resolved throug...

Page 1972: ...mit maximum number teardown percentage idle timeout forever minutes prefix limit maximum number teardown percentage idle timeout forever minutes rib group group name flow no validate policy name labeled unicast accepted prefix limit maximum number teardown percentage idle timeout forever minutes aggregate label community community name explicit null connected only prefix limit maximum number teard...

Page 1973: ... igp offset igp offset mtu discovery multihop ttl value multipath multiple as no aggregator id no client reflect out delay seconds passive peer as autonomous system preference preference tcp mss segment size traceoptions file filename files number size size world readable no world readable flag flag flag modifier disable vpn apply export Hierarchy Level edit logical systems logical system name pro...

Page 1974: ...tement is one of the statements you can include in the configuration to define a minimal BGP configuration on the routing device You can include an allow all statement in place of a neighbor statement Options address IPv6 or IPv4 address of a single peer The remaining statements are explained separately Required Privilege Level routing To view this statement in the configuration routing control To...

Page 1975: ...oup group name editlogical systemslogical system namerouting instancesrouting instance nameprotocols rip group group name edit protocols rip group group name edit routing instances routing instance name protocols rip group group name Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure neighbo...

Page 1976: ...oduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Support for routing instances introduced in Junos OS Release 9 0 Description Configure neighbor specific RIPng parameters thereby overriding the defaults set for the routing device Options neighbor name Name of an interface over which a routing device communicates to its neighbors The remaining s...

Page 1977: ...ormation Statement introduced in Junos OS Release 8 0 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Disable the hold down timer for IS IS adjacencies Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Configuring Quicker Advertisement of IS IS Adjacency State...

Page 1978: ...ting instance name protocols bgp group group name edit routing instances routing instance name protocols bgp group group name neighbor address Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Set the router ID in the BGP aggregator path attribute to zero This is one of the path attributes included i...

Page 1979: ...tatement introduced in Junos OS Release 9 0 for EX Series switches Description Generate authenticated packets and check the authentication on received packets but do not reject packets that cannot be authenticated Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation csnp interval on page 1766 h...

Page 1980: ...ng instances routing instance name protocols bgp edit routing instances routing instance name protocols bgp group group name edit routing instances routing instance name protocols bgp group group name neighbor address Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Disable intracluster route redist...

Page 1981: ...e backup Syntax no eligible backup Hierarchy Level edit logical systems logical system name protocols isis interface interface name editlogical systemslogical system namerouting instancesrouting instance nameprotocols isis interface interface name edit protocols isis interface interface name edit routing instances routing instance name protocols isis interface interface name Release Information St...

Page 1982: ...807 Configuring IS IS Authentication no ipv4 multicast Syntax no ipv4 multicast Hierarchy Level edit logical systems logical system name protocols isis interface interface name editlogical systemslogical system namerouting instancesrouting instance nameprotocols isis interface interface name edit protocols isis interface interface name edit routing instances routing instance name protocols isis in...

Page 1983: ...lticast Hierarchy Level edit logical systems logical system name protocols isis interface interface name editlogical systemslogical system namerouting instancesrouting instance nameprotocols isis interface interface name edit protocols isis interface interface name edit routing instances routing instance name protocols isis interface interface name Release Information Statement introduced before J...

Page 1984: ...y Level edit logical systems logical system name protocols isis interface interface name editlogical systemslogical system namerouting instancesrouting instance nameprotocols isis interface interface name edit protocols isis interface interface name edit routing instances routing instance name protocols isis interface interface name Release Information Statement introduced before Junos OS Release ...

Page 1985: ...nstance name protocols ospf3 realm ipv4 unicast ipv4 multicast ipv6 multicast Release Information Statement introduced in Junos OS Release 7 6 Statement introduced in Junos OS Release 9 0 for EX Series switches Support for the realm statement introduced in Junos OS Release 9 2 Support for the realm statement introduced in Junos OS Release 9 2 for EX Series switches Description Disable exporting Ty...

Page 1986: ...level level number Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Suppress authentication check on partial sequence number PDU PSNP packets Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation ...

Page 1987: ...it routing options multicast interface interface name reverse oif mapping Release Information Statement introduced in Junos OS Release 9 5 Statement introduced in Junos OS Release 9 5 for EX Series switches Statement added to edit routing instances routing instance name routing options multicast interface interface name edit logical systems logical system name routing instances routing instance na...

Page 1988: ...ticast Release Information Statement introduced in Junos OS Release 8 5 Statement introduced in Junos OS Release 9 0 for EX Series switches Support for the realm statement introduced in Junos OS Release 9 2 Support for the realm statement introduced in Junos OS Release 9 2 for EX Series switches Description Disable compatibility with RFC 1583 OSPF Version 2 If the same external destination is adve...

Page 1989: ...ulticast Topologies no validate Syntax no validate policy name Hierarchy Level edit protocols bgp group group name family inet inet flow edit protocols bgp group group name neighbor address family inet inet flow edit routing instances routing instance name protocols bgp group group name family inet inet flow edit routing instances routing instance name protocols bgp group group name neighbor addre...

Page 1990: ...Series switches Description Enable node link protection on the specified IS IS interface The Junos OS creates an alternate loop free path to the primary next hop for all destination routes that traverse a protected interface This alternate path avoids the primary next hop routing device altogether and establishes a path through a different routing device Required Privilege Level routing To view th...

Page 1991: ...f3 area area id edit routing instances routing instance name protocols ospf3 realm ipv4 unicast ipv4 multicast ipv6 multicast Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Support for the realm statement introduced in Junos OS Release 9 2 Support for the realm statement introduced in Junos OS Release 9 2 for...

Page 1992: ...age It can be one or more of the following levels in order of decreasing urgency alert Conditions that should be corrected immediately such as a corrupted system database critical Critical conditions such as hard drive errors debug Software debugging messages emergency Panic or other conditions that cause the system to become unusable error Standard error conditions info Informational messages not...

Page 1993: ...guration Related Documentation Minimum OSPF Configuration ospf3 Syntax ospf3 Hierarchy Level edit logical systems logical system name protocols edit logical systems logical system name routing instances routing instance name protocols edit protocols edit routing instances routing instance name protocols Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Ju...

Page 1994: ...ances routing instance name protocols bgp group group name edit routing instances routing instance name protocols bgp group group name neighbor address Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Specify how long a route must be present in the Junos routing table before it is exported to BGP Us...

Page 1995: ... instances routing instance name protocols bgp group group name edit routing instances routing instance name protocols bgp group group name neighbor address Release Information Statement introduced in Junos OS Release 9 2 Statement introduced in Junos OS Release 9 2 for EX Series switches Description Configure a BGP peer to accept outbound route filters from a remote peer Options accept Specify th...

Page 1996: ...Related Documentation Applying Filters Provided by BGP Peers to Outbound Routes Copyright 2010 Juniper Networks Inc 1900 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1997: ...e maximum link metrics in network layer reachability information NLRI instead of setting the overload bit NOTE If the time elapsed after the IS IS instance is enabled is less than the specified timeout overload mode is set Options advertise high metrics Advertise maximum link metrics in NLRIs instead of setting the overload bit allow route leaking Enable leaking of route information into the netwo...

Page 1998: ...elated Documentation Configuring IS IS to Make Routing Devices Appear Overloaded Copyright 2010 Juniper Networks Inc 1902 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 1999: ...es routing instance name protocols ospf3 realm ipv4 unicast ipv4 multicast ipv6 multicast Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Support for Multitopology Routing introduced in Junos OS Release 9 0 Support for Multitopology Routing introduced in Junos OS Release 9 0 for EX Series switches Support for ...

Page 2000: ...ighbor address edit protocols bgp edit protocols bgp group group name edit protocols bgp group group name neighbor address edit routing instances routing instance name protocols bgp edit routing instances routing instance name protocols bgp group group name edit routing instances routing instance name protocols bgp group group name neighbor address Release Information Statement introduced before J...

Page 2001: ...number Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Advertise the direct interface addresses on an interface or into a level on the interface without actually running IS IS on that interface or level This statement effectively prevents IS IS from running on the interface To enable IS IS on an in...

Page 2002: ...engineering and remote node id address statements introduced in Junos OS Release 8 0 for EX Series switches Statement introduced in Junos OS Release 9 0 for EX Series switches Support for the realm statement introduced in Junos OS Release 9 2 Support for the realm statement introduced in Junos OS Release 9 2 for EX Series switches Description Advertise the direct interface addresses on an interfac...

Page 2003: ... disable on page 1774 Advertising Interface Addresses Without Running OSPF Configuring OSPF Passive Traffic Engineering Mode 1907 Copyright 2010 Juniper Networks Inc Chapter 73 Configuration Statements for Layer 3 Protocols ...

Page 2004: ... to provide BGP support for 4 byte AS numbers as defined in RFC 4893 BGP Support for Four octet AS Number Space RFC 4893 introduces two new optional transitive BGP attributes AS4_PATH and AS4_AGGREGATOR These new attributes are used to propagate 4 byte AS path information across BGP speakers that do not support 4 byte AS numbers RFC 4893 also introduces a reserved well known 2 byte AS number AS 23...

Page 2005: ...oduced in Junos OS Release 9 6 Statement introduced in Junos OS Release 9 6 for EX Series switches Description Configure the rendezvous point RP routing device that resides between a customer edge facing Protocol Independent Multicast PIM domain and a core facing PIM domain to translate PIM join or prune messages into corresponding Internet Group Management Protocol IGMP report or leave messages T...

Page 2006: ... multicast traffic across the PIM sparse mode domains The remaining statement is explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Configuring PIM to MLD Message Translation point to point Syntax point to point Hierarchy Level edit logical systems logical system name pro...

Page 2007: ...ption Associate a routing policy when configuring an aggregate or generated route s destination prefix in the routes part of the aggregate or generate statement This provides the equivalent of an import routing policy filter for the destination prefix That is each potential contributor to an aggregate route along with any aggregate options is passed through the policy filter The policy then can ac...

Page 2008: ...Level edit logical systems logical system name routing instances routing instance name routing options multicast ssm map ssm map name edit logical systems logical system name routing options multicast ssm map ssm map name edit routing instances routing instance name routing options multicast ssm map ssm map name edit routing options multicast ssm map ssm map name Release Information Statement intr...

Page 2009: ...nd run all PPM processing on the Routing Engine by entering the no delegate processing configuration statement in the edit routing options ppm statement hierarchy Default Distributed PPM processing is enabled for all packets that use PPM Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Conf...

Page 2010: ... the Packet Forwarding Engine on routers to access ports on EX3200 and EX4200 switches or line cards on EX8200 switches After you disable PPM PPM processing continues to run on the Routing Engine Default enabled Options no delegate processing Disable PPM to the Packet Forwarding Engine access ports or line cards Distributed PPM is enabled by default Required Privilege Level routing To view this st...

Page 2011: ...kup router can preempt a master router preempt Allow the master router to be preempted no preempt Prohibit the preemption of the master router The remaining statement is explained separately Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation Configuring VRRP for IPv6 CLI Procedure on page...

Page 2012: ...troduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Specify the preference for routes learned from BGP At the BGP global level the preference statement sets the preference for routes learned from BGP You can override this preference in a BGP group or peer preference statement At the group or peer level the preference statement sets t...

Page 2013: ...d in Junos OS Release 9 0 for EX Series switches Description Configure the preference of internal routes Options preference Preference value Range 0 through 4 294 967 295 2 32 1 Default 15 for Level 1 internal routes 18 for Level 2 internal routes 160 for Level 1 external routes 165 for Level 2 external routes Required Privilege Level routing To view this statement in the configuration routing con...

Page 2014: ...me protocols ospf3 realm ipv4 unicast ipv4 multicast ipv6 multicast Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Support for the realm statement introduced in Junos OS Release 9 2 Support for the realm statement introduced in Junos OS Release 9 2 for EX Series switches Description Set the route preference f...

Page 2015: ...ement introduced in Junos OS Release 9 0 for EX Series switches Description Specify the preference of external routes learned by RIP as compared to those learned from other routing protocols Options preference Preference value A lower value indicates a more preferred route Range 0 through 4 294 967 295 2 32 1 Default 100 Required Privilege Level routing To view this statement in the configuration ...

Page 2016: ...or EX Series switches Support for routing instances introduced in Junos OS Release 9 0 Description Specify the preference of external routes learned by RIPng as compared to those learned from other routing protocols Options preference Preference value A lower value indicates a more preferred route Range 0 through 4 294 967 295 2 32 1 Default 100 Required Privilege Level routing To view this statem...

Page 2017: ...s route edit routing options rib routing table name aggregate generate static defaults route Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Preference value for a static aggregated or generated route You also can specify a secondary preference value preference2 as well as colors which are even fin...

Page 2018: ... on page 1873 Configuring Multicast Scoping prefix export limit Syntax prefix export limit number Hierarchy Level edit logical systems logical system name protocols isis level level number editlogical systemslogical system namerouting instancesrouting instance nameprotocols isis level level number edit protocols isis level level number edit routing instances routing instance name protocols isis le...

Page 2019: ... routing instance name protocols ospf topology default ipv4 multicast name edit routing instances routing instance name protocols ospf3 realm ipv4 unicast ipv4 multicast ipv6 multicast Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Support for Multitopology Routing introduced in Junos OS Release 9 0 Support f...

Page 2020: ... edit routing instances routing instance name protocols bgp family inet inet6 any flow labeled unicast multicast unicast edit routing instances routing instance name protocols bgp group group name family inet inet6 any flow labeled unicast multicast unicast edit routing instances routing instance name protocols bgp group group name neighbor address family inet inet6 any flow labeled unicast multic...

Page 2021: ...interface name unit logical unit number family inet6 address address vrrp inet6 group group id Release Information Statement introduced in Junos OS Release 10 0 for EX Series switches Description Configure a switch s priority for becoming the master default routing platform The routing platform with the highest priority within the group becomes the master Options number Routing platform s priority...

Page 2022: ... 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description The interface s priority for becoming the designated router The interface with the highest priority value becomes that level s designated router The priority value is meaningful only on a multiaccess network It has no meaning on a point to point interface Options number Priority value Range 0 through 127 Default 64 ...

Page 2023: ...ment introduced in Junos OS Release 9 0 for EX Series switches Support for the realm statement introduced in Junos OS Release 9 2 Support for the realm statement introduced in Junos OS Release 9 2 for EX Series switches Description Specify the routing device s priority for becoming the designated routing devices The routing device that has the highest priority value on the logical IP network or su...

Page 2024: ...ies switches Description Configure an independent metric or preference on a static route Options address IPv4 IPv6 or ISO network address of the next hop interface name Name of the interface on which to configure an independent metric or preference for a static route To configure an unnumbered Ethernet interface as the next hop interface for a static route specify qualified next hop interface name...

Page 2025: ...tions static defaults route edit routing options rib routing table name static defaults route edit routing options static defaults route Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure whether static routes are eligible to be readvertised by routing protocols readvertise Readvertise stati...

Page 2026: ...e OSPFv3 to advertise address families other than unicast IPv6 The Junos OS maps each address family you configure to a separate realm with its own set of neighbors and link state database Options ipv4 unicast Configure a realm for IPv4 unicast routes ipv4 multicast Configure a realm for IPv4 multicast routes ipv6 multicast Configure a realm for IPv6 multicast routes Required Privilege Level routi...

Page 2027: ...ting instance name protocols rip group group name neighbor neighbor name Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure RIP receive options Options receive options One of the following both Accept both RIP version 1 and version 2 packets none Do not receive RIP packets version 1 Accept o...

Page 2028: ...edit routing instances routing instance name protocols ripng group group name neighbor neighbor name Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Support for routing instances introduced in Junos OS Release 9 0 Description Enable or disable receiving of update messages Options none Optional Disable receivin...

Page 2029: ...me Release Information Statement introduced in Junos OS Release 8 3 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure a list of redundant sources for multicast flows defined by a flow map Options addresses List of IPv4 or IPv6 addresses for use as redundant backup sources for multicast flows defined by a flow map Required Privilege Level routing To view this...

Page 2030: ...scription Set the reference bandwidth used in calculating the default interface cost The cost is calculated using the following formula cost reference bandwidth bandwidth Options reference bandwidth Reference bandwidth in megabits per second Default 10 Mbps Range 9600 through 1 000 000 000 000 Mbps Required Privilege Level routing To view this statement in the configuration routing control To add ...

Page 2031: ...se 9 0 for EX Series switches Support for the realm statement introduced in Junos OS Release 9 2 Support for the realm statement introduced in Junos OS Release 9 2 for EX Series switches Description Set the reference bandwidth used in calculating the default interface cost The cost is calculated using the following formula cost ref bandwidth bandwidth Options ref bandwidth Reference bandwidth in b...

Page 2032: ...ntroduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description When advertising AS paths to remote systems have the local system strip private AS numbers from the AS path The numbers are stripped from the AS path starting at the left end of the AS path the end where AS paths have been most recently added The routing device stops searching for ...

Page 2033: ...ons edit routing options Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure route resolution The remaining statements are explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Docum...

Page 2034: ...ntroduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Specify one or more routing tables to use for route resolution The remaining statements are explained separately Options routing table names Name of one or more routing tables Required Privilege Level routing To view this statement in the configuration routing control To add this s...

Page 2035: ...nstances routing instance name routing options static defaults route edit routing options rib routing table name static defaults route edit routing options static defaults route Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure statically configured routes to be resolved to a next hop that ...

Page 2036: ...oduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure the restart timer for graceful restart Options restart duration seconds Configure the time period for the restart to last Range 120 through 900 seconds Default 90 seconds Required Privilege Level routing To view this statement in the configuration routing control To add this...

Page 2037: ... route Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure statically configured routes to be deleted from or retained in the forwarding table when the routing protocol process shuts down normally retain Have a static route remain in the forwarding table when the routing protocol process shut...

Page 2038: ...s ospf3 realm ipv4 unicast ipv4 multicast ipv6 multicast area area id interface interface name edit routing instances routing instance name protocols ospf ospf3 area area id interface interface name edit routing instances routing instance name protocols ospf ospf3 area area id virtual link edit routing instances routing instance name protocols ospf3 realm ipv4 unicast ipv4 multicast ipv6 multicast...

Page 2039: ... multicast interface interface name Release Information Statement introduced in Junos OS Release 9 2 Statement introduced in Junos OS Release 9 2 for EX Series switches The no qos adjust statement added in Junos OS Release 9 5 The no qos adjust statement introduced in Junos OS Release 9 5 for EX Series switches Description Enable the routing device to identify a subscriber VLAN or interface based ...

Page 2040: ... options edit routing instances routing instance name routing options edit routing options Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Create a routing table Explicitly creating a routing table with the routing table name statement is optional if you are not adding any static martian aggregate ...

Page 2041: ...llowing format protocol identifier protocol is the protocol family It can be inet6 for the IPv6 family inet for the IPv4 family iso for the ISO protocol family or instance name iso 0 for an ISO routing instance identifier is a positive integer that specifies the instance of the routing table Default inet 0 Required Privilege Level routing To view this statement in the configuration routing control...

Page 2042: ...ting options resolution Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0for EX Series switches Description Specify a routing table name for route resolution The remaining statements are explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the config...

Page 2043: ... group name neighbor address family inet any labeled unicast unicast multicast edit routing instances routing instance name protocols bgp family inet any labeled unicast unicast multicast edit routing instances routing instance name protocols bgp group group name family inet any labeled unicast unicast multicast edit routing instances routing instance name protocols bgp group group name neighbor a...

Page 2044: ...p You can install IPv4 routes or IPv6 routes Support for IPv6 routing table groups in IS IS enables IPv6 routes that are learned from IS IS routing instances to be installed into other routing tables defined in an IS IS routing table group Options group name Name of the routing table group inet Install IPv4 IS IS routes inet6 Install IPv6 IS IS routes Required Privilege Level routing To view this ...

Page 2045: ...icast ipv6 multicast Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Support for the realm statement introduced in Junos OS Release 9 2 Support for the realm statement introduced in Junos OS Release 9 2 for EX Series switches Description Install routes learned from OSPF routing instances into routing tables in...

Page 2046: ... 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Install RIP routes into multiple routing tables by configuring a routing table group Options group name Name of the routing table group Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Configuring Routing T...

Page 2047: ...ment introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure which routing table groups interface routes are imported into Options group name Name of the routing table group The name must start with a letter and can include letters numbers and hyphens It generally does not make sense to specify more than a single routing tabl...

Page 2048: ...n one or more routing tables that the Junos OS uses when importing routes specified in the import rib statement and optionally can contain one routing table group that the Junos OS uses when exporting routes to the routing protocols specified in the export rib statement Options group name Name of the routing table group The name must start with a letter and can include letters numbers and hyphens ...

Page 2049: ...Configuration ripng Syntax ripng Hierarchy Level edit logical systems logical system name protocols edit logical systems logical system name routing instances routing instance name protocols edit protocols edit routing instances routing instance name protocols Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Su...

Page 2050: ...rivilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Configuring Route Distinguishers for VRF and Layer 2 VPN Instances route record Syntax route record Hierarchy Level edit logical systems logical system name routing options edit routing options Release Information Statement introduced before Junos OS R...

Page 2051: ...tocols rip edit routing instances routing instance name protocols rip group group name Release Information Statement introduced in Junos OS Release 7 6 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure the route timeout interval for RIP Options seconds Estimated time to wait before making updates to the routing table Range 30 through 360 seconds Default 180 ...

Page 2052: ...ers route type community Syntax route type community iana vendor Hierarchy Level editlogical systemslogical system namerouting instancesrouting instance nameprotocols ospf ospf3 edit routing instances routing instance name protocols ospf ospf3 Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Specify...

Page 2053: ...tered by the Junos OS Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Configuring Router Identifiers for BGP and OSPF routing options Syntax routing options Hierarchy Level edit edit logical systems logical system name edit logical systems logical system name routing instances routing inst...

Page 2054: ...ed Documentation Configuring RPF Policies scope Syntax scope scope name interface interface names prefix destination prefix Hierarchy Level edit logical systems logical system name routing instances routing instance name routing options multicast edit logical systems logical system name routing options multicast edit routing instances routing instance name routing options multicast edit routing op...

Page 2055: ...tem namerouting instancesrouting instance name routing options multicast hierarchy level Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Apply policies for scoping The policy must be correctly configured at the edit policy options policy statement hierarchy level Options policy names Name of one or...

Page 2056: ...p group group name neighbor neighbor name Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure RIP send options Options send options One of the following broadcast Broadcast RIP version 2 packets RIP version 1 compatible multicast Multicast RIP version 2 packets This is the default none Do not...

Page 2057: ...ls ripng edit routing instances routing instance name protocols ripng group group name neighbor neighbor name Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Support for routing instances introduced in Junos OS Release 9 0 Description Enable or disable sending of update messages Options none Optional Disable s...

Page 2058: ... Support for OSPFv3 ospf3 introduced in Junos OS Release 9 4 Support for OSPFv3 ospf3 introduced in Junos OS Release 9 4 for EX Series switches Description Configure OSPF to use MPLS label switched paths LSPs as shortcut next hops By default shortcut routes calculated through OSPFv2 are installed in theinet 3 routing table and shortcut routes calculated through OSPFv3 are installed in the inet6 3 ...

Page 2059: ...esses IPv4 or IPv6 source addresses Required Privilege Level routing To view this statement in the configuration routing control To view this statement in the configuration Related Documentation Example Configuring SSM Mapping source routing Syntax source routing ip ipv6 Hierarchy Level edit routing options Release Information Statement for IPv6 introduced in Junos OS Release 8 2 Statement for IPv...

Page 2060: ...PF algorithm runs the maximum number of times Options delay milliseconds Time interval between the detection of a topology change and when the SPF algorithm runs Range 50 through 1000 milliseconds Default 200 milliseconds holddown milliseconds Time interval to hold down or wait before a subsequent SPF algorithm runs after the SPF algorithm has run the configured maximum number of times in successi...

Page 2061: ...v4 unicast ipv4 multicast ipv6 multicast Release Information Statement introduced in Junos OS Release 8 5 Statement introduced in Junos OS Release 9 0 for EX Series switches Support for Multitopology Routing introduced in Junos OS Release 9 0 Support for Multitopology Routing introduced in Junos OS Release 9 0 for EX Series switches Support for the realm statement introduced in Junos OS Release 9 ...

Page 2062: ...edit logical systems logical system name routing options multicast edit routing instances routing instance name routing options multicast edit routing options multicast Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure additional source specific multicast SSM groups Options ip addresses Lis...

Page 2063: ...multicast Release Information Statement introduced in Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure SSM mapping Options ssm map name Name of the SSM map The remaining statements are explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configurat...

Page 2064: ...e static options Hierarchy Level edit logical systems logical system name routing instances routing instance name routing options edit logical systems logical system name routing options edit logical systems logical system name routing options rib routing table name edit routing instances routing instance name routing options edit routing options edit routing options rib routing table name Release...

Page 2065: ...the routing table You can specify any number of routes within a single static statement and you can specify any number of static options in the configuration 1969 Copyright 2010 Juniper Networks Inc Chapter 73 Configuration Statements for Layer 3 Protocols ...

Page 2066: ...unreachable messages to the packets originators and install a reject route for this destination into the routing table iso net Reach the next hop routing device by specifying an ISO NSAP next table routing table name Name of the next routing table to the destination receive Install a receive route for this destination into the routing table reject Do not forward packets addressed to this destinati...

Page 2067: ...parately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Configuring Static Routes 1971 Copyright 2010 Juniper Networks Inc Chapter 73 Configuration Statements for Layer 3 Protocols ...

Page 2068: ...nos OS Release 9 0 for EX Series switches Support for the realm statement introduced in Junos OS Release 9 2 Support for the realm statement introduced in Junos OS Release 9 2 for EX Series switches Description Specify that this area not be flooded with AS external link state advertisements LSA s You must include the stub statement when configuring all routing devices that are in the stub area The...

Page 2069: ...hes Description Length of time before the multicast VLAN updates QoS data for example available bandwidth for subscriber interfaces after it receives an IGMP leave message Options seconds Length of time before the multicast VLAN updates QoS data for example available bandwidth for subscriber interfaces after it receives an IGMP leave message Specifying a value of 0 results in an immediate update t...

Page 2070: ... multicast ipv6 multicast area area id nssa Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Support for the realm statement introduced in Junos OS Release 9 2 Support for the realm statement introduced in Junos OS Release 9 2 for EX Series switches Description Configure whether or not area border routers adver...

Page 2071: ...tance name routing options rib routing table name aggregate generate static defaults route edit routing options aggregate generate static defaults route edit routing options rib routing table name aggregate generate static defaults route Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Associate an ...

Page 2072: ... group name edit protocols bgp group group name neighbor neighbor name edit routing instances routing instance name protocols bgp edit routing instances routing instance name protocols bgp group group name edit routing instances routing instance name protocols bgp group group name neighbor neighbor name Release Information Statement introduced in Junos OS Release 8 1 Statement introduced in Junos ...

Page 2073: ...e the suppression and reuse thresholds for multicast forwarding cache limits Options reuse value Value at which to begin creating new multicast forwarding cache entries This value is optional If configured this number should be less than the suppress value Range 1 through 200 000 suppress value Value at which to begin suppressing new multicast forwarding cache entries This value is mandatory This ...

Page 2074: ...warding cache entries associated with the flow map Options minutes Length of time that the forwarding cache entry remains active Range 1 through 720 never non discard entry only Specify that the forwarding cache entry always remain active If you omit the non discard entry only option all multicast forwarding entries including those in forwarding and pruned states are kept forever If you include th...

Page 2075: ...n routing control To add this statement to the configuration Related Documentation Configuring General Multicast Forwarding Cache Properties topologies Syntax topologies ipv4 multicast ipv6 multicast ipv6 unicast Hierarchy Level edit logical systems logical system name protocols isis editlogical systemslogical system namerouting instancesrouting instance nameprotocols isis edit protocols isis edit...

Page 2076: ...nos OS Release 9 2 4byte as statement introduced in Junos OS Release 9 2 for EX Series switches Description Configure BGP protocol level tracing options To specify more than one tracing operation include multiple flag statements Default The default BGP protocol level tracing options are inherited from the routing protocols traceoptions statement included at the editrouting options hierarchy level ...

Page 2077: ...ets All BGP protocol packets refresh BGP refresh packets update Update packets These packets provide routing updates to BGP systems If you enable only this flag received keepalive messages do not generate a trace message Use the keepalive flag to generate a trace message for keepalive messages Global Tracing Flags all All tracing operations general A combination of the normal and route trace opera...

Page 2078: ...trace files is reached Then the oldest trace file is overwritten If you specify a maximum file size you also must specify a maximum number of trace files with the files option Syntax xk to specify KB xm to specify MB or xg to specify GB Range 10 KB through the maximum file size supported on your system Default 128 KB world readable Optional Allow any user to read the log file Required Privilege Le...

Page 2079: ...isable a single operation when you have defined a broad group of tracing operations such as all file name Name of the file to receive the output of the tracing operation Enclose the name within quotation marks All files are placed in the directory var log We recommend that you place IS IS tracing output in the file isis log files number Optional Maximum number of trace files When a trace file name...

Page 2080: ...on receive Packets being received send Packets being transmitted no world readable Optional Prevent any user from reading the log file size size Optional Maximum size of each trace file in kilobytes KB megabytes MB or gigabytes GB When a trace file named trace file reaches this size it is renamed trace file 0 When the trace file again reaches its maximum size trace file 0 is renamed trace file 1 a...

Page 2081: ...tatement in the configuration routing control and trace control To add this statement to the configuration Related Documentation Tracing IS IS Protocol Traffic 1985 Copyright 2010 Juniper Networks Inc Chapter 73 Configuration Statements for Layer 3 Protocols ...

Page 2082: ...Release 9 2 for EX Series switches Description Configure OSPF protocol level tracing options To specify more than one tracing operation include multiple flag statements Default The default OSPF protocol level tracing options are those inherited from the routing protocols traceoptions statement included at the edit routing options hierarchy level Options disable Optional Disable the tracing operati...

Page 2083: ...lysis packets lsa request Link state request packets which are used in synchronizing the OSPF topological database lsa update Link state updates packets which are used in synchronizing the OSPF topological database nsr synchronization Nonstop routing synchronization events on demand Trace demand circuit extensions packet dump Content of selected packet types packets All OSPF packets spf Shortest p...

Page 2084: ... This renaming scheme continues until the maximum number of trace files is reached Then the oldest trace file is overwritten If you specify a maximum file size you also must specify a maximum number of trace files with the files option Syntax xk to specify KB xm to specify MB or xg to specify GB Range 10 KB through the maximum file size supported on your system Default 128 KB world readable Option...

Page 2085: ...erations such as all file filename Name of the file to receive the output of the tracing operation Enclose the name in quotation marks We recommend that you place RIP tracing output in the file var log rip log files number Optional Maximum number of trace files When a trace file named trace file reaches its maximum size it is renamed trace file 0 then trace file 1 and so on until the maximum numbe...

Page 2086: ...s being transmitted send detail Provide detailed trace information for packets being transmitted no world readable Optional Prevent any user from reading the log file size size Optional Maximum size of each trace file in kilobytes KB or megabytes MB When a trace file named trace file reaches this size it is renamed trace file 0 When the trace file again reaches its maximum size trace file 0 is ren...

Page 2087: ...his statement in the configuration routing control To add this statement to the configuration Related Documentation Tracing RIP Protocol Traffic 1991 Copyright 2010 Juniper Networks Inc Chapter 73 Configuration Statements for Layer 3 Protocols ...

Page 2088: ...ed a broad group of tracing operations such as all file filename Name of the file to receive the output of the tracing operation Enclose the name in quotation marks We recommend that you place RIPng tracing output in the file var log ripng log files number Optional Maximum number of trace files When a trace file named trace file reaches its maximum size it is renamed trace file 0 then trace file 1...

Page 2089: ...end Packets being transmitted send detail Provide detailed trace information for packets being transmitted no world readable Optional Do not allow any user to read the log file size size Optional Maximum size of each trace file in kilobytes KB megabytes MB or gigabytes GB When a trace file named trace file reaches this size it is renamed trace file 0 When the trace file again reaches its maximum s...

Page 2090: ... in the configuration routing control To add this statement to the configuration Related Documentation Tracing RIPng Protocol Traffic Copyright 2010 Juniper Networks Inc 1994 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2091: ...n when you have defined a broad group of tracing operations such as all file filename Name of the file to receive the output of the tracing operation Enclose the name within quotation marks All files are placed in the directory var log We recommend that you place global routing protocol tracing output in the file routing log files number Optional Maximum number of trace files When a trace file nam...

Page 2092: ... the trace file again reaches its maximum size trace file 0 is renamed trace file 1 and trace file is renamed trace file 0 This renaming scheme continues until the maximum number of trace files is reached Then the oldest trace file is overwritten Note that if you specify a maximum file size you also must specify a maximum number of trace files with the files option Syntax xk to specify KB xm to sp...

Page 2093: ...ent introduced in Junos OS Release 9 4 for EX Series switches Description Enable the OSPF traffic engineering features Default Traffic engineering support is disabled Options advertise unnumbered interfaces Optional OSPFv2 only Include the link local identifier in the link local traffic engineering link state advertisement You do not need to include this statement if RSVP is able to signal unnumbe...

Page 2094: ...he configuration routing control To add this statement to the configuration Related Documentation Enabling OSPF Traffic Engineering Support Copyright 2010 Juniper Networks Inc 1998 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2095: ...ealm ipv4 unicast ipv4 multicast ipv6 multicast area area id interface interface name edit routing instances routing instance name protocols ospf area area id interface interface name edit routing instances routing instance name protocols ospf area area id virtual link edit routing instances routing instance name protocols ospf3 realm ipv4 unicast ipv4 multicast ipv6 multicast area area id interfa...

Page 2096: ...tatement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Specify the type of BGP peer group Options type Type of group external External group internal Internal group Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Conf...

Page 2097: ...a id nssa default lsa Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Support for the realm statement introduced in Junos OS Release 9 2 Support for the realm statement introduced in Junos OS Release 9 2 for EX Series switches Description Flood Type 7 default link state advertisements LSAs if the no summaries ...

Page 2098: ...os OS Release 9 0 for EX Series switches Description Configure an update time interval to periodically send out routes learned by RIP to neighbors Options seconds Estimated time to wait before making updates to the routing table Range 10 through 60 seconds Default 30 seconds Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the co...

Page 2099: ...0 for EX Series switches Support for routing instances introduced in Junos OS Release 9 0 Description Configure an update time interval to periodically send out routes learned by RIP to neighbors Options seconds Estimated time to wait before making updates to the routing table Range 10 through 60 seconds Default 30 seconds Required Privilege Level routing To view this statement in the configuratio...

Page 2100: ...outing device translates PIM join or prune messages into corresponding IGMP report or leave messages if you include the pim to igmp proxy statement or into corresponding MLD report or leave messages if you include the pim to mld proxy statement The routing device then proxies the IGMP or MLD report or leave messages to one or both upstream interfaces to forward IPv4 multicast traffic for IGMP or I...

Page 2101: ...egated Ethernet interface a LAG or a routed VLAN interface RVI cannot be assigned as the virtual router address in a VRRP IPv6 group Options addresses Addresses of one or more virtual routers Do not include a prefix length If the address is the same as the interface s physical address the interface becomes the master virtual router for the group Required Privilege Level interface To view this stat...

Page 2102: ...routing devices on the backbone must be contiguous If this is not possible and there is a break in OSPF connectivity use virtual links to create connectivity to the OSPF backbone When configuring virtual links you must configure links on the two routing devices that form the end points of the link and both these two routing devices must be area border routers You cannot configure links through stu...

Page 2103: ... VRRP IPv6 group You must explicitly define a virtual link local address for each VRRP IPv6 group The virtual link local address must be in the same subnet as the physical interface address Options ipv6 address Virtual link local IPv6 address for VRRP for an IPv6 group Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the conf...

Page 2104: ...nclude the virtual MAC address in the list of source MAC addresses that you specify in the source address filter statement MAC addresses ranging from 00 00 5e 00 01 00 through 00 00 5e 00 01 ff are reserved for VRRP as defined in RFC 3768 The VRRP group number must be the decimal equivalent of the last hexadecimal byte of the virtual MAC address Range 0 through 255 The remaining statements are exp...

Page 2105: ...umber Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure IS IS to generate metric values greater than 63 on a per IS IS level basis Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation te...

Page 2106: ...Copyright 2010 Juniper Networks Inc 2010 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2107: ...CHAPTER 74 Operational Commands for Layer 3 Protocols 2011 Copyright 2010 Juniper Networks Inc ...

Page 2108: ...ore Junos OS Release 7 4 advertising router router id area area id asbrsummary external inter area prefix inter area router intra area prefix link local lsa id lsa id netsummary network nssa opaque area and router options added in Junos OS Release 8 3 You must use the purge command with these options Command introduced in Junos OS Release 9 0 for EX Series switches realm option added in Junos OS R...

Page 2109: ...stance name Optional Delete or discard entries for the specified routing instance only inter area prefix OSPFv3 only Optional Discard interarea prefix LSAs inter area router OSPFv3 only Optional Discard interarea router LSAs intra area prefix OSPFv3 only Optional Discard intra area prefix LSAs logical system all logical system name Optional Perform this operation on all logical systems or on a par...

Page 2110: ...issue them Required Privilege Level clear Related Documentation show ospf database on page 2143 show ospf3 database on page 2133 List of Sample Output clear ospf database on page 2014 Output Fields When you enter this command you are provided feedback on the status of your request clear ospf database user host clear ospf database clear ospf database Copyright 2010 Juniper Networks Inc 2014 Complet...

Page 2111: ...tatistics Options none Clear OSPF input and output statistics logical system all logical system name Optional Perform this operation on all logical systems or on a particular logical system Required Privilege Level clear List of Sample Output clear ospf io statistics on page 2015 Output Fields When you enter this command you are provided feedback on the status of your request clear ospf io statist...

Page 2112: ...ctions for the specified routing instance only interface interface name Optional Tear down neighbor connections for the specified interface only logical system all logical system name Optional Perform this operation on all logical systems or on a particular logical system neighbor Optional Clear the state of the specified neighbor only realm ipv4 multicast ipv4 unicast ipv6 multicast Optional OSPF...

Page 2113: ... realm or address family Use the realm option to specify an address family for OSPFv3 other than IPv6 unicast which is the default Required Privilege Level clear Related Documentation show ospf ospf3 statistics on page 2061 List of Sample Output clear ospf statistics on page 2017 Output Fields See show ospf ospf3 statistics for an explanation of output fields clear ospf statistics The following sa...

Page 2114: ...t Received Hello 3 1 3 1 DbD 0 0 0 0 LSReq 0 0 0 0 LSUpdate 0 0 0 0 LSAck 0 0 0 0 LSAs retransmitted 0 last 5 seconds 0 Flood queue depth 0 Total rexmit entries 0 db summaries 0 lsreq entries 0 Receive errors None Copyright 2010 Juniper Networks Inc 2018 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2115: ...gical system name Optional Perform this operation on all logical systems or on a particular logical system prefix Optional Clear route flap damping information for only the specified destination prefix Required Privilege Level clear Related Documentation show policy damping on page 2151 show route damping on page 2187 List of Sample Output clear bgp damping on page 2019 Output Fields When you ente...

Page 2116: ...one or more BGP neighbors without changing their state Options none Change the state of all BGP neighbors to IDLE as as number Optional Apply this command only to neighbors in the specified autonomous system AS instanceinstance name Optional Applythiscommandonlytoneighborsforthespecified routing instance logical system all logical system name Optional Perform this operation on all logical systems ...

Page 2117: ... Output clear bgp neighbor on page 2021 Output Fields When you enter this command you are provided feedback on the status of your request clear bgp neighbor user host clear bgp neighbor clear bgp neighbor 2021 Copyright 2010 Juniper Networks Inc Chapter 74 Operational Commands for Layer 3 Protocols ...

Page 2118: ...formation In some cases a prefix limit is associated with a routing table for a VPN instance When this limit is exceeded for example because of a network misconfiguration some routes might not be inserted in the table Such routes need to be added to the table after the network issue is resolved Use the clear bgp table command to request that BGP refresh routes in a VPN instance table Required Priv...

Page 2119: ...ar all IPv6 neighbor cache information host hostname Optional Clear the information for the specified IPv6 neighbors Required Privilege Level view Related Documentation show ipv6 neighbors on page 1275 List of Sample Output clear ipv6 neighbors on page 2023 Output Fields When you enter this command you are provided feedback on the status of your request clear ipv6 neighbors user host clear ipv6 ne...

Page 2120: ...l system all logical system name Optional Perform this operation on all logical systems or on a particular logical system neighbor Optional Clear adjacencies for the specified neighbor only Required Privilege Level clear Related Documentation show isis adjacency on page 2095 List of Sample Output clear isis adjacency on page 2024 Output Fields See show isis adjacency for an explanation of output f...

Page 2121: ...database Interface System L State Hold secs SNPA so 1 0 0 0 karakul 3 Initializing 26 so 1 1 3 0 1921 6800 5080 3 Up 24 so 5 0 0 0 1921 6800 5080 3 Up 21 2025 Copyright 2010 Juniper Networks Inc Chapter 74 Operational Commands for Layer 3 Protocols ...

Page 2122: ...e short term network wide traffic disruptions Use with caution Options none Remove all entries from the IS IS link state database for all routing instances entries Optional Name of the database entry instance instance name Optional Clear all entries for the specified routing instance logical system all logical system name Optional Perform this operation on all logical systems or on a particular lo...

Page 2123: ...0x16 0x1454 985 carlsbad 00 00 0x33 0x220b 1015 ranier 00 00 0x2e 0xfc31 1007 1921 6800 5066 00 00 0x11 0x7313 566 1921 6800 5067 00 00 0x14 0xd9d4 939 6 LSPs user host clear isis database user host show isis database IS IS level 1 link state database LSP ID Sequence Checksum Lifetime secs IS IS level 2 link state database LSP ID Sequence Checksum Lifetime secs 2027 Copyright 2010 Juniper Networks...

Page 2124: ...onal Perform this operation on all logical systems or on a particular logical system Required Privilege Level clear Related Documentation show isis database on page 2108 List of Sample Output clear isis overload on page 2028 Output Fields See show isis database for an explanation of output fields clear isis overload The following sample output displays IS IS database information before and after t...

Page 2125: ...0 00 0xa 0x429e 1183 L1 L2 1 LSPs IS IS level 2 link state database LSP ID Sequence Checksum Lifetime Attributes pro3 c 00 00 0xc 0x9c39 1183 L1 L2 pro2 a 00 00 0x91e 0x2589 783 L1 L2 pro2 a 02 00 0x1 0xcbc 783 L1 L2 3 LSPs 2029 Copyright 2010 Juniper Networks Inc Chapter 74 Operational Commands for Layer 3 Protocols ...

Page 2126: ...em Required Privilege Level view Related Documentation show isis statistics on page 2131 List of Sample Output clear isis statistics on page 2030 Output Fields See show isis statistics for an explanation of output fields clear isis statistics The following sample output displays IS IS statistics before and after the clear isis statistics command is entered clear isis statistics user host show isis...

Page 2127: ...Rexmit LSP 0 0 0 0 0 IIH 3 3 0 3 0 CSNP 2 2 0 4 0 PSNP 0 0 0 0 0 Unknown 0 0 0 0 0 Totals 5 5 0 7 0 Total packets received 5 Sent 7 SNP queue length 0 Drops 0 LSP queue length 0 Drops 0 SPF runs 0 Fragments rebuilt 0 LSP regenerations 0 Purges initiated 0 2031 Copyright 2010 Juniper Networks Inc Chapter 74 Operational Commands for Layer 3 Protocols ...

Page 2128: ...bit and rebuild LSAs for all routing instances instance instance name Optional Clear the overload bit and rebuild LSAs for the specified routing instance only logical system all logical system name Optional Perform this operation on all logical systems or on a particular logical system Required Privilege Level clear List of Sample Output clear ospf overload on page 2032 Output Fields When you ente...

Page 2129: ...al statistics logical system all logical system name Optional Perform this operation on all logical systems or on a particular logical system Required Privilege Level clear Related Documentation show rip general statistics on page 2153 List of Sample Output clear rip general statistics on page 2033 Output Fields When you enter this command you are provided feedback on the status of your request cl...

Page 2130: ...lear RIP statistics for all instances or for the specified routing instance only logical system all logical system name Optional Perform this operation on all logical systems or on a particular logical system neighbor Optional Clear RIP statistics for the specified neighbor only Required Privilege Level clear Related Documentation show rip statistics on page 2156 List of Sample Output clear rip st...

Page 2131: ...ng general statistics logical system all logical system name Optional Perform this operation on all logical systems or on a particular logical system Required Privilege Level clear Related Documentation show ripng general statistics on page 2159 List of Sample Output clear ripng general statistics on page 2035 Output Fields When you enter this command you are provided feedback on the status of you...

Page 2132: ...et RIPng counters for the specified instance name Optional Reset RIPng counters for the specified neighbor logical system all logical system name Optional Perform this operation on all logical systems or on a particular logical system Required Privilege Level clear Related Documentation show ripng statistics on page 2162 List of Sample Output clear ripng statistics on page 2036 Output Fields When ...

Page 2133: ... Optional Display the specified level of output area area id Optional Display information about the interfaces that belong to the specified area interface name Optional Display information for the specified interface instance instance name Optional Display all OSPF interfaces under the named routing instance logical system all logical system name Optional Perform this operation on all logical syst...

Page 2134: ...Netmask of the neighbor Mask detail extensive OSPFv3 IPv6 prefix length in bits Prefix length detail extensive OSPFv3 OSPF version 3 interface index OSPF3 Intf Index detail extensive Interface s maximum transmission unit MTU MTU detail extensive Interface s cost metric Cost detail extensive Address of the designated router DR addr detail extensive Address of the backup designated router BDR addr d...

Page 2135: ... MD5 key to authenticate OSPF packets transmitted on the interface on which this key is configured To authenticate received OSPF protocol packets the key becomes effective immediately after the configuration is committed If the start time option is not configured the key is effective immediately for send and receive and is displayed as Start time 1970 Jan 01 00 00 00 PST Start time detail extensiv...

Page 2136: ...type None Topology default ID 0 Cost 0 lo0 0 DR 0 0 0 0 10 255 245 2 0 0 0 0 0 Type LAN Address 10 255 245 2 Mask 255 255 255 255 MTU 65535 Cost 0 DR addr 10 255 245 2 Adj count 0 Priority 128 Hello 10 Dead 40 ReXmit 5 Not Stub Auth type None Topology default ID 0 Cost 0 so 0 0 0 0 PtToPt 0 0 0 0 0 0 0 0 0 0 0 0 1 Type P2P Address 0 0 0 0 Mask 0 0 0 0 MTU 4470 Cost 1 Adj count 1 Hello 10 Dead 40 R...

Page 2137: ... 0 0 0 0 1 Type P2P Address 0 0 0 0 Mask 0 0 0 0 MTU 4470 Cost 1 Adj count 1 Secondary Hello 10 Dead 40 ReXmit 5 Not Stub Auth type None Topology default ID 0 Cost 1 show ospf interface area area id user host show ospf interface area 1 1 1 1 Interface State Area DR ID BDR ID Nbrs so 0 0 0 0 PtToPt 1 1 1 1 0 0 0 0 0 0 0 0 1 so 1 0 0 0 PtToPt 1 1 1 1 0 0 0 0 0 0 0 0 1 show ospf interface extensive W...

Page 2138: ... on page 2042 Output Fields Table 248 on page 2042 lists the output fields for the show ospf io statistics command Output fields are listed in the approximate order in which they appear Table 248 show ospf ospf3 io statistics Output Fields Field Description Field Name Number of OSPF packets read since the last time the routing protocol was started Packets read Total number of packets divided by th...

Page 2139: ...system all logical system name Optional Perform this operation on all logical systems or on a particular logical system topology topology name Optional Display entries for the specified topology realm ipv4 multicast ipv4 unicast ipv6 multicast OSPFv3 only Optional Display entries for the specified OSPFv3 realm or address family Use the realm option to specify an address family for OSPFv3 other tha...

Page 2140: ...External 0 000005 1w4d 17 24 48 Cleanup 0 000238 1w4d 17 24 48 Total 0 000600 showospflogtopology voice user host show ospf log topology voice Topology voice SPF log Last instance of each event type When Type Elapsed 00 06 11 SPF 0 000116 00 06 11 Stub 0 000114 00 06 11 Interarea 0 000126 00 06 11 External 0 000067 00 06 11 NSSA 0 000037 00 06 11 Cleanup 0 000186 Maximum length of each event type ...

Page 2141: ...tub 0 000114 00 06 11 Interarea 0 000126 00 06 11 External 0 000067 00 06 11 NSSA 0 000037 00 06 11 Cleanup 0 000186 00 06 11 Total 0 000818 2045 Copyright 2010 Juniper Networks Inc Chapter 74 Operational Commands for Layer 3 Protocols ...

Page 2142: ...Display standard information about all OSPF neighbors for all routing instances brief detail extensive Optional Display the specified level of output area area id Optional Display information about the OSPF neighbors for the specified area instance all instance name Optional Display all OSPF interfaces for all routing instances or under the named routing instance interface interface name Optional ...

Page 2143: ...rs in the Down state although at a reduced frequency Exchange Routing device is describing its entire link state database by sending database description packets to the neighbor Each packet has a sequence number and is explicitly acknowledged ExStart First step in creating an adjacency between the two neighboring routing devices The goal of this step is to determine which routing device is the mas...

Page 2144: ...es a physical interface the Neighbor address is an IPv6 link local address Neighbor address detail extensive Area that the neighbor is in area detail extensive OSPFv3 only Displays the OSPFv3 interface index OSPF3 Intf Index detail extensive Option bits received in the hello packets from the neighbor opt detail extensive Address of the designated router DR or DR ID detail extensive Address of the ...

Page 2145: ...REQ in 0 sec show ospf neighbor extensive user host show ospf neighbor extensive Address Interface State ID Pri Dead 10 5 1 2 ge 1 2 0 1 Full 10 5 1 2 128 33 area 0 0 0 1 opt 0x42 DR 10 5 1 2 BDR 10 5 1 1 Up 06 09 42 adjacent 05 17 50 Link state retransmission list Type LSA ID Adv rtr Seq Summary 10 8 56 0 172 25 27 82 0x8000004d Router 10 5 1 94 10 5 1 94 0x8000005c Network 10 5 24 2 10 5 1 94 0x...

Page 2146: ... OSPF3 Intf Index 2 DR ID 10 255 71 13 BDR ID 10 255 71 12 Up 02 51 43 adjacent 02 51 43 show ospf neighbor area area id user host show ospf neighbor area 1 1 1 1 Address Interface State ID Pri Dead 192 168 37 47 so 0 0 0 0 Full 10 255 245 4 128 33 Area 1 1 1 1 192 168 37 55 so 1 0 0 0 Full 10 255 245 5 128 37 Area 1 1 1 1 show ospf neighbor interface interface name user host show ospf neighbor in...

Page 2147: ...ID Interface State Pri Dead 100 1 2 1 fe 0 0 2 1 Full 128 33 Neighbor address fe80 217 cb00 c97c 8c03 2051 Copyright 2010 Juniper Networks Inc Chapter 74 Operational Commands for Layer 3 Protocols ...

Page 2148: ...tem name Optional Perform this operation on all logical systems or on a particular logical system realm ipv4 multicast ipv4 unicast ipv6 multicast Optional OSPFv3 only Display information about the specified OSPFv3 realm or address family Use the realm option to specify an address family for OSPFv3 other than IPv6 unicast which is the default Required Privilege Level view List of Sample Output sho...

Page 2149: ... Threshold at which a warning message is logged percentage of maximum LSA count Warning threshold All levels Number of LSAs whose router ID is not equal to the local router ID Current Warning threshold and Allowed Nonself generated LSAs All levels How long the database has been in the ignore state Ignore time All levels How long the database must stay out of the ignore or isolated state before it ...

Page 2150: ...routers 0 AS boundary routers 0 Neighbors Up in full state 0 Topology default ID 0 Prefix export count 0 Full SPF runs 1 SPF delay 0 200000 sec SPF holddown 5 sec SPF rapid runs 3 show ospf overview with Database Protection user host show ospf overview Instance master Router ID 10 255 112 218 Route table index 0 LSA refresh time 50 minutes Traffic engineering Restart Enabled Restart duration 180 s...

Page 2151: ...s 0 AS boundary routers 0 Neighbors Up in full state 1 Topology default ID 0 Prefix export count 0 Full SPF runs 7 SPF delay 0 200000 sec SPF holddown 5 sec SPF rapid runs 3 Backup SPF Not Needed show ospf overview extensive user host show ospf overview extensive Instance master Router ID 1 1 1 103 Route table index 0 Full SPF runs 13 SPF delay 0 200000 sec LSA refresh time 50 minutes Restart Disa...

Page 2152: ...lay standard information about all entries in the OSPF routing table for all routing instances and all topologies brief detail extensive Optional Display the specified level of output abr Optional Display routes to area border routers asbr Optional Display routes to autonomous system border routers extern Optional Display external routes inter Optional Display interarea routes intra Optional Displ...

Page 2153: ...scription Field Name All levels Name of the topology Topology All levels Destination of the route Prefix All levels How the route was learned Inter Interarea route Ext1 External type 1 route Ext2 External type 2 route Intra Intra area route Path type All levels The type of routing device from which the route was learned AS BR Route to AS border router Area BR Route to area border router Area AS BR...

Page 2154: ...output for intraarea router routes only when Route Type is Area BR AS BR Area AS BR or Router not for interarea router routes or network routes Three bits in this field are defined as follows 0x4 V Routing device is at the end of a virtual active link 0x2 E Routing device is an autonomous system boundary router 0x1 B Routing device is an area border router optional capability detail The priority a...

Page 2155: ...0 10 255 245 1 32 Intra Network IP 40 fxp1 1 192 168 36 17 area 0 0 0 0 origin 10 255 245 1 priority high 10 255 245 2 32 Intra Network IP 0 lo0 0 area 0 0 0 0 origin 10 255 245 2 priority medium 10 255 245 3 32 Intra Network IP 1 fxp2 3 192 168 36 34 area 0 0 0 0 origin 10 255 245 3 priority low Intra Transit IP 1 NH interface fe 0 0 2 0 192 168 222 84 126 Intra Network IP 1 NH interface fe 0 0 2...

Page 2156: ...ric NextHop Nexthop Type Type Type Interface addr label 10 255 8 2 Intra Router IP 1 so 0 2 0 0 10 255 8 3 Intra Router IP 2 so 0 2 0 0 10 255 8 1 32 Intra Network IP 0 lo0 0 10 255 8 2 32 Intra Network IP 1 so 0 2 0 0 10 255 8 3 32 Intra Network IP 2 so 0 2 0 0 192 168 8 0 29 Intra Network IP 2 so 0 2 0 0 192 168 8 44 30 Intra Network IP 2 so 0 2 0 0 192 168 8 46 32 Intra Network IP 1 so 0 2 0 0 ...

Page 2157: ...v3 only Display all statistics for the specified OSPFv3 realm or address family Use the realm option to specify an address family for OSPFv3 other than IPv6 unicast which is the default Required Privilege Level view Related Documentation clear ospf ospf3 statistics on page 2017 List of Sample Output show ospf statistics on page 2062 Output Fields Table 253 on page 2061 lists the output fields for ...

Page 2158: ...ype Total Last 5 seconds Sent Received Sent Received show ospf statistics Hello 505739 990495 4 5 DbD 20 26 0 0 LSReq 6 5 0 0 LSUpdate 27060 15319 0 0 LSAck 10923 52470 0 0 LSAs retransmitted 16 last 5 seconds 0 Receive errors 862 no interface found 115923 no virtual link found Copyright 2010 Juniper Networks Inc 2062 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 ...

Page 2159: ...uting device is using same as brief brief detail Optional Display the specified level of output logical system all logical system name Optional Perform this operation on all logical systems or on a particular logical system Required Privilege Level view List of Sample Output show as path on page 2064 show as path detail on page 2065 Output Fields Table 254 on page 2063 lists the output fields for ...

Page 2160: ...criptor segments detail Path reference count references show as path user host show as path Total AS paths 30382 Bucket 0 Count 36 show as path I 14203 2914 174 31752 I 14203 2914 701 21512 I 14203 2914 1239 26632 I 14203 2914 1239 29704 I 14203 2914 4323 10248 I 14203 2914 4766 23560 I 14203 2914 6395 32776 I 14203 2914 7911 11272 I 14203 2914 12180 18440 I 14203 2914 17408 17416 I 14203 2914 701...

Page 2161: ... neighbor as 14203 length 4 segments 1 references 2 AS path 14203 2914 4766 23560 I domain 1 neighbor as 14203 length 4 segments 1 references 2 AS path 14203 2914 6395 32776 I domain 1 neighbor as 14203 length 4 segments 1 references 3 AS path 14203 2914 7911 11272 I domain 1 neighbor as 14203 length 4 segments 1 references 2 AS path 14203 2914 12180 18440 I domain 1 neighbor as 14203 length 4 seg...

Page 2162: ... length 6 segments 1 references 2 AS path 14203 2914 3491 20485 24588 24588 I domain 1 neighbor as 14203 length 6 segments 1 references 4 AS path 14203 2914 5511 2200 1945 2060 I domain 1 neighbor as 14203 length 6 segments 1 references 2 AS path 14203 2914 7911 14325 14325 14348 I domain 1 neighbor as 14203 length 6 segments 1 references 2 AS path 14203 2914 701 4637 9230 9230 9230 I domain 1 nei...

Page 2163: ... show as path domain command Output fields are listed in the approximate order in which they appear Table 255 show as path domain Output Fields Field Description Field Name Number of independent AS domains The AS paths of an independent AS domain are not shared with the AS paths and AS path attributes of other domains including the master routing instance domain Domain Primary AS number Primary Pa...

Page 2164: ... path domain Domain 1 Primary 10458 References 3 Paths 30383 show as path domain Flags Master Local AS 10458 Loops 1 Copyright 2010 Juniper Networks Inc 2068 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2165: ...path summary on page 2069 Output Fields Table 256 on page 2069 lists the output fields for the show as path summary command Output fields are listed in the approximate order in which they appear Table 256 show as path summary Output Fields Field Description Field Name AS path number AS Path Bucket value This value represents a traffic classification on the interface Buckets Maximum limit for the n...

Page 2166: ...ent BMP station address port Status of the BMP session UP or DOWN BMP session state Memory used by the active BMP session MemoryconsumedbyBMP Amount of time in seconds between transmissions of BMP data to the monitoring station Statistics timeout Threshold in bytes at which the routing device stops collecting BMP data if it is exceeded Memory limit Amount of time in seconds after which the routing...

Page 2167: ...on about a particular BGP peer in the specified instance The instance name can be master for the main instance or any valid configured instance name or its prefix logical system all logical system name Optional Perform this operation on all logical systems or on a particular logical system rtf Optional Display BGP group route targeting information Required Privilege Level view List of Sample Outpu...

Page 2168: ...tipurpose field that displays information about BGP peer sessions The field s contents depend upon whether a session is established and whether an established session was established in the main routing device or in a routing instance If a peer is not established the field shows the state of the peer session Active Connect or Idle If a BGP session is established in the main routing device the fiel...

Page 2169: ...ed prefixes Number of prefixes advertised to a peer Received external prefixes Total number of prefixes from the external BGP EBGP peers both active and inactive that are in the routing table Active external prefixes Number of prefixes received from the EBGP peers that are active in the routing table Externals suppressed Number of routes received from EBGP peers currently inactive because of dampi...

Page 2170: ...n the BGP configuration Group detail Mask of the received target included in the advertised route Receive mask detail Number of route entries received Entries detail Route target that is to be passed by route target filtering If a route advertised from the provider edge PE routing device matches an entry in the route target filter the route is passed to the peer Target detail Mask which specifies ...

Page 2171: ...mand For sample output see show bgp group on page 2074 show bgp group detail user host show bgp group detail Group Type Internal AS 21 Local AS 21 Name from_vpn04_to_other Index 0 Flags Holdtime 0 Total peers 3 Established 3 10 255 14 178 179 10 255 71 24 179 10 255 14 182 179 Route Queue Timer unset Route Queue empty Table inet 0 Active prefixes 2 Received prefixes 7 Suppressed due to damping 0 A...

Page 2172: ...4 00000004 10458 7 64 00000008 10458 8 64 00000008 10458 10 64 00000002 show bgp group summary user host show bgp group summary Group Type Peers Established Active Received Damped from_vpn04_to_other Internal 3 3 inet 0 2 7 0 from_vpn04_to_vpn06 External 1 1 inet 0 5 10 0 Groups 2 Peers 4 External 1 Internal 3 Down peers 0 Flaps 2 inet 0 7 17 0 External 5 10 0 Internal 2 7 0 show bgp group summary...

Page 2173: ...gical system neighbor address Optional Display information for only the BGP peer at the specified IP address orf detail neighbor address Optional Display outbound route filtering information for all BGP peers or only for the BGP peer at the specified IP address The default is to display brief output Use the detail option to display detailed output AdditionalInformation For information about the lo...

Page 2174: ...n BGP is waiting for a Start event OpenConfirm BGP has acknowledged receipt of an open message from the peer and is waiting to receive a keepalive or notification message OpenSent BGP has sent an open message and is waiting to receive an open message from the peer State Internal BGP flags Aggregate Label BGP has aggregated a set of incoming labels labels received from the peer into a single forwar...

Page 2175: ...e to the peer OpenFail The local routing device did not receive an acknowledgment of a BGP open message from the peer RecvKeepAlive The local routing device received a BGP keepalive message from the peer RecvNotify The local routing device received a BGP notification message from the peer RecvOpen The local routing device received a BGP open message from the peer RecvUpdate The local routing devic...

Page 2176: ...lri any Peer AS Configured peer autonomous system AS Preference Preference value configured with the preference statement Refresh Configured to refresh automatically when the policy changes Rib group Configured routing table group Options Path attribute codes that are dropped from neighbor updates Path attributes dropped Path attribute codes that are ignored during neighbor updates Path attributes...

Page 2177: ...e holdtime Keepalive interval in seconds Keepalive Interval Status of BFD failure detection BFD Name of directly connected interface over which the direct EBGP peering is established Local Address Names of address families configured for restart NLRI for restart configured on peer Address families supported by the peer unicast or multicast NLRIadvertisedbypeer Address families being used for this ...

Page 2178: ...this peer Send state State of the BGP group in sync not in sync or not advertising Active prefixes Number of prefixes received from the peer that are active in the routing table Received prefixes Total number of prefixes from the peer both active and inactive that are in the routing table Accepted prefixes Total number of prefixes from the peer that have been accepted by a routing policy Suppresse...

Page 2179: ...er should readvertise the updated routes NOTE The counter is cumulative For example the counter is increased after the remote peer either resends or clears the outbound route filtering prefix list Immediate orf option only Type of prefix filter received prefix based or extended community Filter orf option only List of received filters displayed Received filter entries orf option only Numerical ord...

Page 2180: ...Flags ImportEval Last State Idle Last Event Start Last Error None Export BGP INET import Options Preference LocalAddress HoldTime GracefulRestart AddressFamily PeerAS Refresh Address families configured inet unicast Local Address 10 69 103 1 Holdtime 90 Preference 170 Number of flaps 0 Peer 10 69 104 2 AS 65100 Local 10 69 104 1 AS 65104 Type External State Active Flags ImportEval Last State Idle ...

Page 2181: ...d state in sync Active prefixes 1 Received prefixes 1 Suppressed due to damping 0 Table BGP INET inet 0 Bit 30000 RIB State BGP restart in progress RIB State VPN restart in progress Send state in sync Active prefixes 2 Received prefixes 2 Suppressed due to damping 0 Table BGP L inet 0 Bit 40000 RIB State BGP restart in progress RIB State VPN restart in progress Send state in sync Active prefixes 2...

Page 2182: ...b group Refresh Address families configured inet vpn unicast Local Address 5 5 5 5 Holdtime 90 Preference 170 Flags for NLRI inet labeled unicast TrafficStatistics Traffic Statistics Options all File var log bstat log size 131072 files 10 Traffic Statistics Interval 60 Number of flaps 0 Peer ID 192 168 1 110 Local ID 192 168 1 111 Active Holdtime 90 Keepalive Interval 30 NLRI for restart configure...

Page 2183: ... 525 Updates 2 Refreshes 0 Octets 10022 Output messages Total 522 Updates 0 Refreshes 0 Octets 9981 Input dropped path attributes Code 4 Count 1 Input ignored path attributes Code 8 Count 1 Output Queue 0 0 Trace file var log bgp_nsr size 131072 files 10 show bgp neighbor neighbor address user host show bgp neighbor 192 168 1 111 Peer 10 255 245 12 179 AS 35 Local 10 255 245 13 2884 AS 35 Type Int...

Page 2184: ...Confirm Last Event RecvKeepAlive Last Error Cease Export export policy Import import policy Options Preference HoldTime AddressFamily PeerAS PrefixLimit Refresh Address families configured inet unicast inet multicast Holdtime 60000 Preference 170 Number of flaps 4 Last flap event RecvUpdate Error Cease Sent 5 Recv 0 Peer ID 10 255 245 6 Local ID 10 255 245 5 Active Holdtime 60000 Keepalive Interva...

Page 2185: ...bor orf 192 168 165 56 detail Peer 192 168 165 56 179 Type External Group ext1 inet unicast Filter updates recv 1 Immediate 1 Filter prefix based receive Received filter entries seq 1 prefix 2 2 2 2 32 minlen 32 maxlen 32 match deny inet6 unicast Filter updates recv 0 Immediate 1 Filter prefix based receive Received filter entries 2089 Copyright 2010 Juniper Networks Inc Chapter 74 Operational Com...

Page 2186: ...ation on all logical systems or on a particular logical system Required Privilege Level view List of Sample Output show bgp summary When a Peer Is Not Established on page 2092 show bgp summary When a Peer Is Established on page 2092 show bgp summary CLNS on page 2092 show bgp summary Layer 2 VPN on page 2092 show bgp summary Layer 3 VPN on page 2093 Output Fields Table 260 on page 2090 describes t...

Page 2187: ...stablished in the main routing device or in a routing instance If a peer is not established the field shows the state of the peer session Active Connect or Idle If a BGP session is established in the main routing device the field shows the number of active received accepted and damped routes that are received from a neighbor and appear in the inet 0 main and inet 2 multicast routing tables For exa...

Page 2188: ...2w4d22h 0 0 0 0 0 0 10 0 0 4 65002 51597 51584 0 0 2w3d22h 2 2 0 0 0 0 show bgp summary CLNS user host show bgp summary Groups 1 Peers 1 Down peers 0 Peer AS InPkt OutPkt OutQ Flaps Last Up Dwn State Active Received Damped 10 245 245 1 200 1735 1737 0 0 14 26 12 Establ bgp isovpn 0 3 3 0 aaaa iso 0 3 3 0 show bgp summary Layer 2 VPN user host show bgp summary Groups 1 Peers 5 Down peers 0 Table To...

Page 2189: ...istory Damp State Pending bgp l3vpn 0 2 2 0 0 0 0 Peer AS InPkt OutPkt OutQ Flaps Last Up Dwn State Active Received Damped 10 39 1 5 2 21 22 0 0 6 26 Establ VPN AB inet 0 1 1 0 10 255 71 15 1 19 21 0 0 6 17 Establ bgp l3vpn 0 2 2 0 VPN A inet 0 1 1 0 VPN AB inet 0 2 2 0 VPN B inet 0 1 1 0 2093 Copyright 2010 Juniper Networks Inc Chapter 74 Operational Commands for Layer 3 Protocols ...

Page 2190: ...ld Name Name of the IPv6 interface IPv6 Address Link layer address Linklayer Address State of the link up down incomplete reachable stale or unreachable State Number of seconds until the entry expires Exp Whether the neighbor is a routing device yes or no Rtr Whether this entry was created using the Secure Neighbor Discovery SEND protocol yes or no Secure Name of the interface Interface show ipv6 ...

Page 2191: ...tance logical system all logical system name Optional Perform this operation on all logical systems or on a particular logical system Required Privilege Level view Related Documentation clear isis adjacency on page 2024 List of Sample Output show isis adjacency on page 2097 show isis adjacency brief on page 2097 show isis adjacency detail on page 2097 show isis adjacency extensive on page 2098 Out...

Page 2192: ...s detail Time of the last Up Down transition Last transition detail Bit mask of levels on this interface L1 Level 1 router L2 Level 2 router L1 L2 both Level 1 and Level 2 router Circuit type detail extensive Protocols supported by this neighbor Speaks detail extensive MAC address of the interface MAC address detail extensive Supported topologies Topologies detail extensive Whether a neighbor is c...

Page 2193: ...ce Down IS IS interface is unavailable Interface Level Disabled IS IS level is disabled Level Changed IS IS level has changed on the adjacency Level Mismatch Levels on adjacency are not compatible MPLS LSP Down Label switched path LSP is unavailable MT Topology Changed IS IS topology has changed MT Topology Mismatch IS IS topology is mismatched Remote System ID Changed Adjacency peer system ID cha...

Page 2194: ...es in 22 secs Priority 0 Up Down transitions 1 Last transition 00 01 16 ago Circuit type 3 Speaks IP IPv6 Topologies Unicast Restart capable Yes IP addresses 11 1 1 2 Transition log When State Event Down reason Wed Nov 8 21 24 25 Up Seenself Copyright 2010 Juniper Networks Inc 2098 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2195: ...the specified routing instance logical system all logical system name Optional Perform this operation on all logical systems or on a particular logical system Required Privilege Level view List of Sample Output show isis authentication on page 2100 Output Fields Table 263 on page 2099 describes the output fields for the show isis authentication command Output fields are listed in the approximate o...

Page 2196: ... show isis authentication user host show isis authentication Interface Level IIH Auth CSN Auth PSN Auth at 2 3 0 0 1 Simple Simple Simple show isis authentication 2 MD5 MD5 MD5 L1 LSP Authentication Simple L2 LSP Authentication MD5 Copyright 2010 Juniper Networks Inc 2100 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2197: ...n a particular logical system Required Privilege Level view Related Documentation show isis backup label switched path on page 2103 List of Sample Output show isis backup coverage on page 2102 Output Fields Table 264 on page 2101 lists the output fields for the showisisbackupcoverage command Output fields are listed in the approximate order in which they appear Table 264 show isis backup coverage ...

Page 2198: ...d through backup coverage CLNS show isis backup coverage user host show isis backup coverage Backup Coverage Topology Level Node IPv4 IPv6 CLNS show isis backup coverage IPV4 Unicast 2 28 57 22 22 0 00 0 00 IPV6 Unicast 2 0 00 0 00 0 00 0 00 Copyright 2010 Juniper Networks Inc 2102 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2199: ...265 on page 2103 lists the output fields for the showisisbackuplabel switched path command Output fields are listed in the approximate order in which they appear Table 265 show isis backup label switched path Output Fields Field Description Field Name List of MPLS LSPs designated as backup paths for IS IS routes Backup MPLS LSPs IP address of the egress routing device for the LSP Egress State of t...

Page 2200: ...sis backup label switched path user host show isis backup label switched path Backup MPLS LSPs f to g Egress 192 168 1 4 Status up Last change 06 12 03 TE metric 9 Metric 0 show isis backup label switched path Copyright 2010 Juniper Networks Inc 2104 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2201: ...for backup paths for the specified routing instance level 1 2 Optional Display SPF calculations for the backup paths for the specified IS IS level logical system logical system name Optional Display SPF calculations for the backup paths for all logical systems or on a particular logical system no coverage Optional Display SPF calculations only for destinations that do not have backup coverage topo...

Page 2202: ...ost show isis backup spf results IS IS level 1 SPF results 0 nodes show isis backup spf results IS IS level 2 SPF results kobuk 00 Address 0x8d85600 Primary next hop ge 0 2 0 0 camaro SNPA 0 90 69 f 62 fa Primary next hop so 0 1 2 0 crater Primary next hop ge 0 2 0 0 camaro SNPA 0 90 69 f 62 fa Primary next hop so 0 1 2 0 crater Root crater Metric 10 Not eligible Reason Primary next hop multipath ...

Page 2203: ...ss 0x8d85a00 Primary next hop ge 0 2 0 0 camaro SNPA 0 90 69 f 62 fa Primary next hop ge 0 2 0 0 camaro SNPA 0 90 69 f 62 fa Root camaro Metric 0 Not eligible Reason Primary next hop link fate sharing Root crater Metric 20 track item camaro 00 00 track item banff 00 00 Not eligible Reason Path loops Root olympic Metric 20 track item camaro 00 00 track item banff 00 00 Not eligible Reason Path loop...

Page 2204: ...2 Optional Display entries for the specified IS IS level logical system all logical system name Optional Perform this operation on all logical systems or on a particular logical system Required Privilege Level view Related Documentation clear isis database on page 2026 List of Sample Output show isis database on page 2110 show isis database brief on page 2110 show isis database detail on page 2111...

Page 2205: ...e L1 L2 Overload or Attached L1 only Attributes none brief Total number of LSPs in the specified link state database LSPs detail extensive Prefix advertised by this link state PDU IP prefix detail extensive IS IS neighbor of the advertising system IS neighbor detail extensive J Series routers only An ES IS neighbor of the advertising system ES neighbor detail extensive IPv4 prefix advertised by th...

Page 2206: ... routing device IS neighbor Directly attached neighbor s name and metric IS extended neighbor Directly attached neighbor s name metric and IP address TLVs show isis database user host show isis database IS IS level 1 link state database LSP ID Sequence Checksum Lifetime Attributes show isis database kobuk 00 00 0x3 0x3167 1057 L1 L2 camaro 00 00 0x5 0x770e 1091 L1 L2 ranier 00 00 0x4 0xaa95 1091 L...

Page 2207: ...nal Up IP prefix 34 1 1 0 24 Metric 10 Internal Up IP prefix 43 1 1 0 24 Metric 10 Internal Up V6 prefix abcd 10 255 71 242 128 Metric 0 Internal Up glacier 02 00 Sequence 0x1 Checksum 0xd141 Lifetime 1080 secs IS neighbor camaro 00 Metric 0 IS neighbor glacier 00 Metric 0 badlands 00 00 Sequence 0x3 Checksum 0x87a2 Lifetime 1084 secs IS neighbor ranier 00 Metric 10 IP prefix 10 255 71 244 32 Metr...

Page 2208: ...5 70 103 32 Metric 10 Internal Up IP prefix 10 255 71 52 32 Metric 10 Internal Up IP prefix 10 255 71 241 32 Metric 20 Internal Up IP prefix 10 255 71 242 32 Metric 0 Internal Up IP prefix 10 255 71 244 32 Metric 30 Internal Up IP prefix 11 1 1 0 24 Metric 30 Internal Up IP prefix 23 1 1 0 24 Metric 20 Internal Up IP prefix 34 1 1 0 24 Metric 10 Internal Up IP prefix 43 1 1 0 24 Metric 10 Internal...

Page 2209: ...ddress 192 168 36 25 Neighbor s IP address 192 168 36 26 IS neighbor isis1 00 Metric default 10 IP address 192 168 36 18 Neighbor s IP address 192 168 36 17 IP prefix 10 255 245 202 32 Internal Metric default 0 IP prefix 192 168 36 0 29 Internal Metric default 10 IP prefix 192 168 36 24 30 Internal Metric default 10 IP prefix 192 168 36 16 30 Internal Metric default 10 IP prefix 10 255 245 202 32 ...

Page 2210: ... Hostname toothache IP address 192 168 37 69 IP extended prefix 192 168 37 64 29 metric 10 up IP prefix 192 168 37 64 29 Internal Metric default 10 Up IS neighbor pro1 a 02 Internal Metric default 10 IS extended neighbor pro1 a 02 Metric default 10 ES neighbor TLV Internal Metric default 0 ES toothache ES neighbor TLV Internal Metric default 10 ES 1921 6800 4002 No queued transmissions Copyright 2...

Page 2211: ...elds Table 268 on page 2115 describes the output fields for the showisishostname command Output fields are listed in the approximate order in which they appear Table 268 show isis hostname Output Fields Field Description Field Name System identifier mapped to the hostname System Id Hostname mapped to the system identifier Hostname Type of mapping between system identifier and hostname Dynamic Host...

Page 2212: ...quired Privilege Level view List of Sample Output show isis interface on page 2118 show isis interface brief on page 2118 show isis interface detail on page 2118 show isis interface extensive on page 2118 show isis interface extensive with LDP on page 2119 Output Fields Table 269 on page 2116 describes the output fields for the show isis interface command Output fields are listed in the approximat...

Page 2213: ...l 2 designated intermediate system Level 2 DR none brief Interface s metric for Level 1 and Level 2 If there is no information the metric is 0 L1 L2 Metric detail extensive This routing device has signaled not to advertise this interface to its neighbors in their label switched paths LSPs Adjacency advertisement Advertise detail extensive This neighbor has signaled not to advertise this interface ...

Page 2214: ...gured value of the hold timer config holdtime extensive If the state is not in sync and the hold time is not infinity then this field displays the number of seconds remaining remaining show isis interface user host show isis interface IS IS interface database Interface L CirID Level 1 DR Level 2 DR L1 L2 Metric show isis interface at 2 3 0 0 3 0x1 Point to Point Point to Point 10 10 lo0 0 0 0x1 Pa...

Page 2215: ...riority 64 Metric 0 Passive Level 2 Adjacencies 0 Priority 64 Metric 0 Passive show isis interface extensive with LDP user host show isis interface extensive IS IS interface database so 1 1 2 0 Index 114 State 0x6 Circuit id 0x1 Circuit type 2 LSP interval 100 ms CSNP interval 20 s Loose Hello padding Adjacency advertisement Advertise LDP sync state in sync for 00 01 28 reason LDP up during config...

Page 2216: ...isis overview on page 2121 Output Fields Table 270 on page 2120 lists the output fields for the showisisoverview command Output fields are listed in the approximate order in which they appear Table 270 show isis overview Output Fields Field Description Field Name The IS IS routing intance instance Router ID of the routing device Router ID Adjacency holddown capability enabled or disabled Adjacency...

Page 2217: ...duration Graceful restart helper capability enalbed or disabled Helper mode IS IS level 1 Level 1 information 2 Level 2 information Level IP Protocol version 4 capability is enabled IPv4 is enabled IP Protocol version 6 capability is enabled IPv6 is enabled OSI CLNP Protocol capability is enabled J Series routers only CLNS is enabled Preference value of internal routes Internal route preference Pr...

Page 2218: ...abled Traffic engineering enabled Restart Enabled Restart duration 210 sec Helper mode Enabled Level 1 Internal route preference 15 External route preference 160 Wide metrics are enabled Narrow metrics are enabled Level 2 Internal route preference 18 External route preference 165 Wide metrics are enabled Copyright 2010 Juniper Networks Inc 2122 Complete Software Guide for Junos OS for EX Series Et...

Page 2219: ...estination address for the route inet inet6 Optional Display inet IPv4 or inet6 IPv6 routes respectively instance instance name Optional Display routes for the specified routing instance only logical system all logical system name Optional Perform this operation on all logical systems or on a particular logical system topology ipv4 multicast ipv6 multicast ipv6 unicast unicast Optional Display rou...

Page 2220: ...hop Interface System identifier of the next hop displayed as a name if possible Via ISO routing table entries ISO Routes MAC address snpa show isis route logical system user host show isis route logical system ls1 IS IS routing table Current version L1 8 L2 11 Prefix L Version Metric Type Interface Via show isis route logical system 10 9 7 0 30 2 11 20 int gr 0 2 0 0 h 10 9 201 1 32 2 11 60 int gr...

Page 2221: ... 0 34 0 56 47 0005 80ff f800 0000 0108 0001 104 1 10 0 int 47 0005 80ff f800 0000 0108 0001 1921 6800 4001 152 1 10 10 int fe 0 0 1 0 isis 0 0 12 0 34 0 56 47 0005 80ff f800 0000 0108 0001 1921 6800 4002 152 1 10 20 int fe 0 0 1 0 isis 0 0 12 0 34 0 56 47 0005 80ff f800 0000 0108 0002 104 1 10 0 int 47 0005 80ff f800 0000 0108 0002 1921 6800 4001 152 1 10 10 int fe 0 0 1 0 isis 0 0 12 0 34 0 56 21...

Page 2222: ...Optional Display SPF calculations for the specified routing instance level 1 2 Optional Display SPF calculations for the specified IS IS level logical system all logical system name Optional Perform this operation on all logical systems or on a particular logical system topology ipv4 multicast ipv6 multicast ipv6 unicast unicast Optional Display SPF calculations for the specified topology only Req...

Page 2223: ... logical system ls1 IS IS level 1 SPF results Node Metric Interface Via SNPA show isis spf brief scat 00 10 ge 1 1 0 0 scat 0 90 69 a6 48 9d fix 02 10 fix 00 0 3 nodes IS IS level 2 SPF results Node Metric Interface Via SNPA skag 00 20 gr 0 2 0 0 h skag 02 20 gr 0 2 0 0 h h 00 10 gr 0 2 0 0 h fix 00 0 4 nodes IPV6 Unicast IS IS level 1 SPF results Node Metric Interface Via SNPA scat 00 10 ge 1 1 0...

Page 2224: ... 00 00 Fri Oct 31 12 41 59 0 000144 3 New adjacency h on gr 0 2 0 0 Fri Oct 31 12 42 30 0 000257 3 New LSP skag 00 00 Fri Oct 31 12 54 37 0 000195 1 Periodic SPF Fri Oct 31 12 55 50 0 000178 1 Updated LSP fix 00 00 Fri Oct 31 12 55 55 0 000174 1 Updated LSP h 00 00 Fri Oct 31 12 55 58 0 000176 1 Updated LSP skag 00 00 Fri Oct 31 13 08 14 0 000198 1 Periodic SPF IPV6 Unicast IS IS level 1 SPF log S...

Page 2225: ...s IS IS level 2 SPF results Node Metric Interface Via SNPA skag 00 20 gr 0 2 0 0 h 30 10 9 7 0 30 skag 02 20 gr 0 2 0 0 h h 00 10 gr 0 2 0 0 h 20 10 9 6 0 30 20 10 9 7 0 30 60 10 9 201 1 32 fix 00 0 10 10 9 1 0 30 10 10 9 5 0 30 10 10 9 6 0 30 4 nodes IPV6 Unicast IS IS level 1 SPF results Node Metric Interface Via SNPA scat 00 10 ge 1 1 0 0 scat 0 90 69 a6 48 9d ge 1 1 0 0 scat 0 90 69 a6 48 9d 2...

Page 2226: ...results Node Metric Interface Via SNPA skag 00 10 fe 0 0 1 0 toothache 0 12 0 34 0 56 fe 0 0 1 0 toothache 0 12 0 34 0 56 20 192 168 37 64 29 10 1921 6800 4001 20 1921 6800 4002 pro1 a 02 10 pro1 a 00 0 0 10 255 245 1 32 10 192 168 37 64 29 0 1921 6800 4211 3 nodes IS IS level 2 SPF results Node Metric Interface Via SNPA skag 00 10 fe 0 0 1 0 toothache 0 12 0 34 0 56 fe 0 0 1 0 toothache 0 12 0 34...

Page 2227: ...tocol data unit type CSNP Complete sequence number PDUs contain a complete list of all link state PDUs in the IS IS database CSNPs are sent periodically on all links and the receiving systems use the information in the CSNP to update and synchronize their link state PDU databases The designated router multicasts CSNPs on broadcast links in place of sending explicit acknowledgments for each link st...

Page 2228: ...r is incrementing rapidly it indicates that the network is unstable SPF runs Number of link state link state PDU fragments that the local system has computed Fragments rebuilt Number of link state PDUs that have been regenerated A link state PDU is regenerated when it is nearing the end of its lifetime and it has not changed LSP regenerations Number of purges that the system initiated A purge is i...

Page 2229: ...S Release 7 4 Command introduced in Junos OS Release 9 0 for EX Series switches realm option introduced in Junos OS Release 9 2 advertising router address self option introduced in Junos Relase 9 5 advertising router address self option introduced in Junos OS Release 9 5 for EX Series switches Description Display the entries in the Open Shortest Path First version 3 OSPFv3 link state database whic...

Page 2230: ...t ipv4 unicast ipv6 multicast Optional Display information about the specified OSPFv3 realm or address family Use the realm option to specify an address family other than IPv6 unicast which is the default router Optional Display information about router LSAs Required Privilege Level view Related Documentation clear ospf ospf3 database on page 2012 List of Sample Output show ospf3 database brief on...

Page 2231: ...ve Length of the advertisement in bytes Len Router Router Link State Advertisements detail extensive Flags describing the routing device that generated the LSP bits detail extensive Option bits carried in the router LSA Options For Each Router Link detail extensive Type of interface The value of all other output fields describing a routing device interface depends on the interface s type PointToPo...

Page 2232: ...n bit associated with the prefix Prefix options detail extensive Cost of this route Expressed in the same units as the interface costs in the router LSAs When the interarea prefix LSA is describing a route to a range of addresses the cost is set to the maximum cost to any reachable component of the address range Metric extensive How long until the LSA is regenerated in the format hours minutes sec...

Page 2233: ...ed nn nn nn ago extensive How long until the route expires in the format hours minutes seconds expires in nn nn nn extensive Time elapsed since the LSA was last transmitted or flooded to an adjacency or an interface respectively in the format hours minutes seconds sent nn nn nn ago Link Link State Advertisements detail extensive IPv6 link local address on the link for which this link LSA originate...

Page 2234: ...ins a list of IPv6 prefixes to be associated with the link Prefix count detail extensive IPv6 address prefix Prefix detail extensive Option bit associated with the prefix Prefix options detail extensive Cost of this prefix Expressed in the same units as the interface costs in the router LSAs Metric extensive How long until the LSA is regenerated in the format hours minutes seconds Gen timer extens...

Page 2235: ...um Len Router 0 0 0 1 10 255 4 93 0x80000003 916 0xea40 40 Router 0 0 0 1 10 255 4 97 0x80000006 851 0xc95b 40 Network 0 0 0 2 10 255 4 97 0x80000002 916 0x4598 32 InterArPfx 0 0 0 1 10 255 4 93 0x80000002 117 0xa980 44 InterArPfx 0 0 0 2 10 255 4 93 0x80000002 62 0xd47e 44 NSSA 0 0 0 1 10 255 4 97 0x80000002 362 0x45ee 44 IntraArPfx 0 0 0 1 10 255 4 97 0x80000006 851 0x2f77 52 OSPF3 AS SCOPE link...

Page 2236: ...10 10 1 0 126 Prefix options 0x0 Metric 10 Aging timer 00 42 51 Installed 00 17 05 ago expires in 00 42 52 sent 02 37 54 ago IntraArPfx 0 0 0 1 10 255 4 93 0x80000002 575 0x788f 72 Ref lsa type Router Ref lsa id 0 0 0 0 Ref router id 10 255 4 93 Prefix count 2 Prefix feee 10 255 4 93 128 Prefix options 0x2 Metric 0 Prefix feee 10 10 1 0 126 Prefix options 0x0 Metric 10 Gen timer 00 33 23 Aging tim...

Page 2237: ...6 994 0x2f77 52 Ref lsa type Router Ref lsa id 0 0 0 0 Ref router id 10 255 4 97 Prefix count 1 Prefix feee 10 255 4 97 128 Prefix options 0x2 Metric 0 Aging timer 00 43 25 Installed 00 16 31 ago expires in 00 43 26 sent 02 37 54 ago IntraArPfx 0 0 0 3 10 255 4 97 0x80000002 1059 0x4446 52 Ref lsa type Network Ref lsa id 0 0 0 2 Ref router id 10 255 4 97 Prefix count 1 Prefix feee 10 10 2 0 126 Pr...

Page 2238: ...1 Prefix feee 10 10 1 0 126 Prefix options 0x0 Aging timer 00 51 34 Installed 00 08 23 ago expires in 00 51 34 sent 02 37 54 ago Link 0 0 0 3 10 255 4 93 0x80000002 505 0x6b7a 64 fe80 280 42ff fe10 f177 Options 0x13 priority 128 Prefix count 1 Prefix feee 10 10 1 0 126 Prefix options 0x0 Gen timer 00 37 28 Aging timer 00 51 35 Installed 00 08 25 ago expires in 00 51 35 sent 00 08 23 ago Ours show ...

Page 2239: ...ess self option introduced in Junos OS Release 9 5 advertising router self address self option introduced in Junos OS Release 9 5 for EX Series switches Description Display the entries in the Open Shortest Path First version 2 OSPFv2 link state database which contains data about link state advertisement LSA packets Options none Display standard information about entries in the OSPFv2 link state da...

Page 2240: ...se brief on page 2146 show ospf database detail on page 2146 show ospf database extensive on page 2147 show ospf database summary on page 2149 Output Fields Table 275 on page 2144 describes the output fields for the showospfdatabase command Output fields are listed in the approximate order in which they appear Table 275 show ospf database Output Fields Level of Output Field Description Field Name ...

Page 2241: ...etwork mask attached router ID of the attached neighbor Network detail extensive Summary link state advertisement information mask Network mask TOS Type of service ToS value metric Metric for the ToS Summary extensive How long until the LSA is regenerated Gen timer extensive How long until the LSA expires Aging time extensive How long ago the route was installed Installedhh mm ss ago extensive How...

Page 2242: ...s identical to that for the show ospf database command For sample output see show ospf database on page 2145 show ospf database detail user host show ospf database detail OSPF link state database Area 0 0 0 1 Type ID Adv Rtr Seq Age Opt Cksum Len Router 10 255 70 103 10 255 70 103 0x80000002 261 0x20 0x4112 48 bits 0x0 link count 2 id 10 255 71 242 data 12 1 1 1 Type PointToPoint 1 TOS count 0 TOS...

Page 2243: ...55 71 238 Summary 12 1 1 0 10 255 71 242 0x80000001 263 0x20 0xfeec 28 mask 255 255 255 0 TOS 0x0 metric 1 Summary 23 1 1 0 10 255 71 242 0x80000002 218 0x20 0x6d72 28 mask 255 255 255 0 TOS 0x0 metric 1 NSSA 33 1 1 1 10 255 71 242 0x80000001 268 0x28 0xeb3b 36 mask 255 255 255 255 Type 2 TOS 0x0 metric 0 fwd addr 24 1 1 1 tag 0 0 0 0 show ospf database extensive user host show ospf database exten...

Page 2244: ...timer 00 55 55 Installed 00 04 02 ago expires in 00 55 55 Last changed 00 04 02 ago Change count 2 Router 10 255 71 242 10 255 71 242 0x80000003 244 0x20 0xe191 36 bits 0x3 link count 1 id 23 1 1 1 data 23 1 1 1 Type Transit 2 TOS count 0 TOS 0 metric 1 Gen timer 00 45 56 Aging timer 00 55 56 Installed 00 04 04 ago expires in 00 55 56 sent 00 04 02 ago Last changed 00 04 04 ago Change count 2 Ours...

Page 2245: ...0xc591 32 mask 255 255 255 0 attached router 10 255 71 242 attached router 10 255 71 238 Gen timer 00 45 52 Aging timer 00 55 52 Installed 00 04 08 ago expires in 00 55 52 sent 00 04 06 ago Last changed 00 04 08 ago Change count 1 Ours Summary 12 1 1 0 10 255 71 242 0x80000001 288 0x20 0xfeec 28 mask 255 255 255 0 TOS 0x0 metric 1 Gen timer 00 45 12 Aging timer 00 55 12 Installed 00 04 48 ago expi...

Page 2246: ...0 0 3 2 Router LSAs 1 Network LSAs 2 Summary LSAs 1 NSSA LSAs Externals Interface fe 2 2 1 0 Interface ge 0 3 2 0 Interface so 0 1 2 0 Interface so 0 1 2 0 Copyright 2010 Juniper Networks Inc 2150 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2247: ... each time the route is withdrawn or readvertised or when one of its path attributes changes Required Privilege Level view Related Documentation ConfiguringBGPFlapDampingParameters intheJunosPolicyFrameworkConfiguration Guide clear bgp damping on page 2019 show route damping on page 2187 List of Sample Output show policy damping on page 2152 Output Fields Table 276 on page 2151 describes the outpu...

Page 2248: ... this route to any of the routing protocols Suppress cutoff merit Maximum hold down time in minutes The value represents the maximum time that a route can be suppressed no matter how unstable it has been before this period of stability Maximum suppress time Merit ceiling Maximum merit that a flapping route can collect Maximum decay Maximum decay half life in minutes Computed values show policy dam...

Page 2249: ... statistics on page 2033 List of Sample Output show rip general statistics on page 2153 Output Fields Table 277 on page 2153 lists the output fields for the showripgeneral statistics command Output fields are listed in the approximate order in which they appear Table 277 show rip general statistics Output Fields Field Description Field Name Number of invalid messages received bad msgs Number of pa...

Page 2250: ...ogical system name Optional Display detailed information about only the specified RIP neighbor Required Privilege Level view List of Sample Output show rip neighbor on page 2155 Output Fields Table 278 on page 2154 lists the output fields for the showripneighbor command Output fields are listed in the approximate order in which they appear Table 278 show rip neighbor Output Fields Field Descriptio...

Page 2251: ...e Mode Met ge 2 3 0 0 Up 192 168 9 105 192 168 9 107 bcast both 1 at 5 1 1 42 Dn null null mcast v2 only 3 at 5 1 0 42 Dn null null mcast both 3 at 5 1 0 0 Up 20 0 0 1 224 0 0 9 mcast both 3 so 0 0 0 0 Up 192 168 9 97 224 0 0 9 mcast both 3 2155 Copyright 2010 Juniper Networks Inc Chapter 74 Operational Commands for Layer 3 Protocols ...

Page 2252: ... particular logical system Required Privilege Level view Related Documentation clear rip statistics on page 2034 List of Sample Output show rip statistics on page 2157 Output Fields Table 279 on page 2156 lists the output fields for the showripstatistics command Output fields are listed in the approximate order in which they appear Table 279 show rip statistics Output Fields Field Description Fiel...

Page 2253: ...ere ignored Authentication Failures Number of received update messages that failed authentication RIP Requests Received Number of RIP request messages received RIP Requests Ignored Number of RIP request messages ignored Counter Total number of packets for the selected counter Total Number of packets for the selected counter in the most recent 5 minute period Last 5 min Number of packets for the se...

Page 2254: ...RIP Requests Received 0 0 0 RIP Requests Ignored 0 0 0 Copyright 2010 Juniper Networks Inc 2158 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2255: ...general statistics on page 2035 List of Sample Output show ripng general statistics on page 2159 Output Fields Table 280 on page 2159 lists the output fields for the show ripng general statistics command Output fields are listed in the approximate order in which they appear Table 280 show ripng general statistics Output Fields Field Description Field Name Number of invalid messages received bad ms...

Page 2256: ...hbor Required Privilege Level view List of Sample Output show ripng neighbor on page 2161 Output Fields Table281onpage2160liststheoutputfieldsfortheshowripngneighbor command Output fields are listed in the approximate order in which they appear Table 281 show ripng neighbor Output Fields Field Description Field Name Name of RIPng neighbor Neighbor State of the connection Up or Dn Down State Source...

Page 2257: ...g neighbor Source Dest In Neighbor State Address Address Send Recv Met show ripng neighbor fe 0 0 2 0 Up fe80 290 69ff fe68 b002 ff02 9 yes yes 1 2161 Copyright 2010 Juniper Networks Inc Chapter 74 Operational Commands for Layer 3 Protocols ...

Page 2258: ...ge Level view Related Documentation clear ripng statistics on page 2036 List of Sample Output show ripng statistics on page 2163 Output Fields Table 282 on page 2162 lists the output fields for the show ripng statistics command Output fields are listed in the approximate order in which they appear Table 282 show ripng statistics Output Fields Field Description Field Name Information about RIPng on...

Page 2259: ...ignored RIPng Requests Received Number of RIPng request messages received RIPng Requests Ignored Number of RIPng request messages ignored Counter Total number of packets for the selected counter Total Number of packets for the selected counter in the most recent 5 minute period Last 5 min Number of packets for the selected counter in the most recent 1 minute period Last minute show ripng statistic...

Page 2260: ...lay active entries for the specified address or range of addresses logical system all logical system name Optional Perform this operation on all logical systems or on a particular logical system private Optional Display information only about all private or internal routing tables Required Privilege Level view List of Sample Output show route on page 2167 show route destination prefix on page 2167...

Page 2261: ...ed and the preference value for the route A plus sign indicates the active route which is the route installed from the routing table into the forwarding table A hyphen indicates the last active route An asterisk indicates that the route is both the active and the last active route An asterisk before a to line indicates the best subpath to the route In every routing metric except for the BGP LocalP...

Page 2262: ...to the next hop the interface that is actually used is followed by the word Selected This field can also contain the following information Weight Value used to distinguish primary secondary and fast reroute backup routes Weight information is available when Multiprotocol Label Switching MPLS label switched path LSP link protection node link protection or fast reroute is enabled or when the standby...

Page 2263: ...es 3 active 0 holddown 0 hidden Active Route Last Active Both 100 101 0 0 16 Direct 0 1w5d 20 30 28 via fe 0 0 3 0 100 101 2 3 32 Local 0 1w5d 20 30 28 Local via fe 0 0 3 0 224 0 0 5 32 OSPF 10 1w5d 20 30 29 metric 1 MultiRecv red inet 0 11 destinations 11 routes 11 active 0 holddown 0 hidden Active Route Last Active Both 10 10 10 10 32 Direct 0 01 08 46 via lo0 1 10 255 245 212 32 BGP 170 00 01 4...

Page 2264: ...el view List of Sample Output show route active path on page 2168 show route active path brief on page 2169 show route active path detail on page 2169 show route active path extensive on page 2170 show route active path terse on page 2171 Output Fields For information about output fields see the output field tables for the show route command the show route detail the show route extensive or the sh...

Page 2265: ...el 1 Next hop type Router Next hop index 397 Next hop reference count 4 Next hop 100 1 2 1 via so 2 1 3 0 selected State Active Int Local AS 200 Age 21 31 Metric 10 Task IS IS Announcement bits 4 0 KRT 2 IS IS 5 Resolve tree 2 6 Resolve tree 3 AS path I 100 1 2 0 24 1 entry 1 announced Direct Preference 0 Next hop type Interface Next hop reference count 3 Next hop via so 2 1 3 0 selected State Act...

Page 2266: ...2 1 entry 1 announced TSI IS IS level 1 LSP fragment 0 IS IS level 2 LSP fragment 0 Direct Preference 0 Next hop type Interface Next hop reference count 3 Next hop via lo0 0 selected State Active Int Local AS 200 Age 21 39 47 Task IF Announcement bits 3 2 IS IS 5 Resolve tree 2 6 Resolve tree 3 AS path I 10 255 71 50 32 1 entry 1 announced TSI KRT in kernel 10 255 71 50 32 100 1 2 1 IS IS level 2 ...

Page 2267: ...Next hop reference count 3 Next hop via fxp0 0 selected State Active Int Local AS 200 Age 21 39 47 Task IF Announcement bits 2 5 Resolve tree 2 6 Resolve tree 3 AS path I 192 168 70 19 32 1 entry 1 announced Local Preference 0 Next hop type Local Next hop reference count 11 Interface fxp0 0 State Active NoReadvrt Int Local AS 200 Age 21 39 47 Task IF Announcement bits 2 5 Resolve tree 2 6 Resolve ...

Page 2268: ... 100 1 2 2 32 L 0 Local 192 168 64 0 21 D 0 fxp0 0 192 168 70 19 32 L 0 Local Copyright 2010 Juniper Networks Inc 2172 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2269: ...cluding private or hidden routing tables The output field table of the show route command does not display entries for private or hidden routing tables in Junos OS Release 9 5 and later show route all The following example displays a snippet of output from the show route command and then displays the same snippet of output from the show route all command show route all user host show route mpls 0 ...

Page 2270: ... vt 3 2 0 32769 Pop 800018 VPLS 7 1d 13 54 59 via vt 3 2 0 32772 Pop vt 3 2 0 32769 VPLS 7 1d 13 54 49 Unusable vt 3 2 0 32772 VPLS 7 1d 13 54 59 Unusable Copyright 2010 Juniper Networks Inc 2174 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2271: ...gular expression that is enclosed in parentheses You also can include the operators described in the table of AS path regular expression operators in the Junos Policy Framework Configuration Guide The following list summarizes these operators m n At least m and at most n repetitions of the AS path term m Exactly m repetitions of the AS path term m m or more repetitions of the AS path term Zero or ...

Page 2272: ...2 18 225 via fpa0 0 111 222 18 233 BGP 170 00 08 48 localpref 100 from 111 222 2 24 AS Path 65477 65488 65535 IGP to 111 222 18 225 via fpa0 0 111 222 18 233 show route aspath regex user host show route aspath regex 234 3561 inet 0 46351 destinations 46351 routes 46349 active 0 holddown 2 hidden Matching Any Path withTwoASNumbers Active Route Last Active Both 9 20 0 0 17 BGP 170 01 35 00 localpref...

Page 2273: ...ew List of Sample Output show route best on page 2177 show route best detail on page 2179 show route best extensive on page 2179 show route best terse on page 2180 Output Fields For information about output fields see the output field tables for the show route command the show route detail command the show route extensive command or the show route terse command show route best user host show route...

Page 2274: ... Direct 0 2d 01 43 34 via fxp1 0 Copyright 2010 Juniper Networks Inc 2178 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2275: ... green r1 r3 Label operation Push 100016 State Active Int Local AS 69 Age 1d 13 20 59 Metric 2 Task RSVP Announcement bits 1 1 Resolve tree 2 AS path I private1__inet 0 2 destinations 3 routes 2 active 0 holddown 0 hidden 10 0 0 0 8 2 entries 0 announced Direct Preference 0 Next hop type Interface Next hop reference count 1 Next hop via fxp2 0 selected State Active Int Age 2d 1 44 20 Task IF AS pa...

Page 2276: ...nations 2 routes 2 active 0 holddown 0 hidden Restart Complete Active Route Last Active Both A Destination P Prf Metric 1 Metric 2 Next hop AS path 10 255 70 103 32 R 7 2 so 0 3 0 0 private1__ inet 0 2 destinations 3 routes 2 active 0 holddown 0 hidden Active Route Last Active Both A Destination P Prf Metric 1 Metric 2 Next hop AS path 10 0 0 0 8 D 0 fxp2 0 D 0 fxp1 0 Copyright 2010 Juniper Networ...

Page 2277: ...ow route brief on page 2181 Output Fields For information about output fields see the Output Field table of the show route command show route brief user host show route brief inet 0 10 destinations 10 routes 9 active 0 holddown 1 hidden Active Route Last Active Both show route brief 0 0 0 0 0 Static 5 1w5d 20 30 29 Discard 10 255 245 51 32 Direct 0 2w4d 13 11 14 via lo0 0 172 16 0 0 12 Static 5 2w...

Page 2278: ...Both 100 101 0 0 16 Direct 0 1w5d 20 30 28 via fe 0 0 3 0 100 101 2 3 32 Local 0 1w5d 20 30 28 Local via fe 0 0 3 0 224 0 0 5 32 OSPF 10 1w5d 20 30 29 metric 1 MultiRecv Copyright 2010 Juniper Networks Inc 2182 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2279: ...lInformation Specifying the community option displays all routes matching the community found within the routing table The community option does not limit the output to only the routes being advertised to the neighbor after any egress routing policy Required Privilege Level view Related Documentation show route detail on page 2192 List of Sample Output show route community on page 2183 Output Fiel...

Page 2280: ...Path 666 234 2548 1673 1675 1747 IGP to 192 156 169 1 via 192 156 169 14 so 0 0 0 Copyright 2010 Juniper Networks Inc 2184 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2281: ...ld tables for the show route command the show route detail command the show route extensive command or the show route terse command show route community name user host show route community name red com inet 0 17 destinations 17 routes 16 active 0 holddown 1 hidden show route community name inet 3 1 destinations 1 routes 1 active 0 holddown 0 hidden instance1 inet 0 2 destinations 2 routes 2 active...

Page 2282: ... localpref 100 from 10 255 245 204 AS path I to 100 1 2 2 via ge 1 1 0 0 label switched path to_fix 10 255 245 204 10 100 1 4 0 24 BGP 170 00 36 02 localpref 100 from 10 255 245 204 AS path I to 100 1 2 2 via ge 1 1 0 0 label switched path to_fix inet6 0 2 destinations 2 routes 2 active 0 holddown 0 hidden instance1 inet6 0 1 destinations 1 routes 1 active 0 holddown 0 hidden Copyright 2010 Junipe...

Page 2283: ...logical system name Optional Perform this operation on all logical systems or on a particular logical system suppressed Display entries that have been suppressed and are no longer being installed into the forwarding table or exported by routing protocols Required Privilege Level view Related Documentation clear bgp damping on page 2019 show policy damping on page 2151 List of Sample Output show ro...

Page 2284: ...the LocalPref value for Route 1 is 100 the Preference2 value is 101 If the LocalPref value for Route 2 is 155 the Preference2 value is 156 Route 2 is preferred because it has a higher LocalPref value and a lower Preference2 value protocol preference detail extensive Number of references made to the next hop Next hopreference count detail extensive IP address of the route source Source detail exten...

Page 2285: ... groups of AS numbers in which the order does not matter A set commonly results from route aggregation The numbers in each AS set are displayed in ascending order Parentheses enclose a confederation Parentheses and brackets enclose a confederation set AS path brief none Next hop to the destination An angle bracket indicates that the route is the selected route to brief none Interface used to reach...

Page 2286: ...ed detail 10 0 111 0 24 7 entries 1 announced BGP Preference 170 101 Next hop reference count 151973 Source 172 23 2 129 Next hop via so 1 2 0 0 Next hop via so 5 1 0 0 selected Next hop via so 6 0 0 0 Protocol next hop 172 23 2 129 Indirect next hop 89a1a00 264185 State Active Ext Local AS 65000 Peer AS 65490 Age 3 28 Metric2 0 Task BGP_65490 172 23 2 129 179 Announcement bits 6 0 KRT 1 RT 4 KRT ...

Page 2287: ...5 via so 3 1 0 0 selected State Hidden Ext Inactive reason Unusable path Local AS 65000 Peer AS 65220 Age 2d 22 48 10 Task BGP_65220 192 168 60 85 179 AS path 65220 65501 65502 I Communities 65501 390 65501 2000 65501 3000 65504 3561 Localpref 100 Router ID 192 168 80 25 Merit last update now 1000 932 damping parameters set normal Last update 00 01 05 First update 00 01 05 Flaps 1 2191 Copyright 2...

Page 2288: ... system Required Privilege Level view List of Sample Output show route detail on page 2201 Output Fields Table 285 on page 2192 describes the output fields for the show route detail command Output fields are listed in the approximate order in which they appear Table 285 show route detail Output Fields Field Description Field Name Name of the routing table for example inet 0 routing table name Numb...

Page 2289: ...here is no S information the route is a normal MPLS route which has a stack depth of 1 the label popping operation is not performed label stacking Protocol from which the route was learned and the preference value for the route A plus sign indicates the active route which is the route installed from the routing table into the forwarding table A hyphen indicates the last active route An asterisk in...

Page 2290: ... cost load balancing This information is available when you enable Border Gateway Protocol BGP multipath load balancing via Name of the label switched path LSP used to reach the next hop Label switched path lsp path name MPLS label and operation occurring at this routing device The operation can be pop where a label is removed from the top of the stack push where another label is added to the labe...

Page 2291: ...with the AS path Braces enclose AS sets which are groups of AS numbers in which the order does not matter A set commonly results from route aggregation The numbers in each AS set are displayed in ascending order Parentheses enclose a confederation Parentheses and brackets enclose a confederation set AS path MPLS label assigned to the Layer 2 circuit virtual connection VC Label Maximum transmission...

Page 2292: ... components called branches up to a maximum of 32 branches Each flood next hop branch sends a copy of the traffic to the forwarding interface Used by P2MP RSVP P2MP LDP P2MP CCC and multicast flood Next hop is waiting to be resolved into a unicast or multicast type hold Indexed next hop indexed idxd Indirect next hop indirect indr Local address on an interface local locl Regular multicast next hop...

Page 2293: ...Values continued Description Next Hop Type List of unicast next hops A packet sent to this next hop goes to any next hop in the list unilist ulst 2197 Copyright 2010 Juniper Networks Inc Chapter 74 Operational Commands for Layer 3 Protocols ...

Page 2294: ...xterior route Ex BGP route received from an external BGP neighbor Ext Forces all protocols to be notified of a change to any route active or inactive for a prefix When not set protocols are informed of a prefix only when the active route changes FlashAll Route not used because of routing policy Hidden Route needs forwarding RPF check IfCheck Path through next hop with lower IGP metric is available...

Page 2295: ...s is available Number of gateways Path with lower origin code is available Origin Route pending because of a hold down configured on another route Pending Route scheduled for release Release Route from a higher numbered routing table is available RIB preference 64 bit prefix added to IP subnets to make them unique Route Distinguisher Route with a lower metric or MED is available RouteMetricorMEDco...

Page 2296: ...hat the route carries a type 2 metric options Used with VPNs Identifies where the route came from origin 1 byte encoded as 1 or 2 for intra area routes depending on whether the route came from a type 1 or a type 2 LSA 3 for summary routes 5 for external routes area number must be 0 7 for NSSA routes or 129 for sham link endpoint addresses ospf route type Displays the area number OSPF route type an...

Page 2297: ... reference count 2 Next hop via so 0 3 0 0 selected State Active Int Local AS 69 Age 1 30 17 Task IF Announcement bits 1 3 Resolve tree 2 AS path I OSPF Preference 10 Next hop reference count 1 Next hop via so 0 3 0 0 selected State Int Inactive reason Route Preference Local AS 69 Age 1 30 17 Metric 1 Area 0 0 0 0 Task OSPF AS path I 10 31 1 1 32 1 entry 1 announced Local Preference 0 Next hop typ...

Page 2298: ... 1 31 43 Task IGMP Announcement bits 2 0 KRT 3 Resolve tree 2 AS path I inet 3 2 destinations 2 routes 2 active 0 holddown 0 hidden 10 255 70 103 32 1 entry 1 announced State FlashAll RSVP Preference 7 Next hop reference count 6 Next hop 10 31 1 6 via ge 3 1 0 0 weight 0x1 selected Label switched path green r1 r3 Label operation Push 100096 State Active Int Local AS 69 Age 1 25 49 Metric 2 Task RS...

Page 2299: ...e Active Int Local AS 69 Age 1 31 45 Metric 1 Task MPLS Announcement bits 1 0 KRT AS path I mpls 0 5 destinations 5 routes 5 active 0 holddown 0 hidden 299776 1 entry 1 announced TSI KRT in kernel 299776 52 Flood RSVP Preference 7 Next hop type Flood Next hop reference count 130 Flood nexthop branches exceed maximum Address 0x8ea65d0 800010 1 entry 1 announced VPLS Preference 7 Next hop reference ...

Page 2300: ... 128 1 entry 0 announced Direct Preference 0 Next hop type Interface Next hop reference count 1 Next hop via lo0 0 selected State Active NoReadvrt Int Local AS 69 Age 1 31 44 Task IF AS path I ff02 2 128 1 entry 1 announced PIM Preference 0 Next hop reference count 18 State Active NoReadvrt Int Local AS 69 Age 1 31 45 Task PIM Recv6 Announcement bits 1 0 KRT AS path I ff02 d 128 1 entry 1 announce...

Page 2301: ...GP_69 10 255 70 103 179 Announcement bits 1 0 green l2vpn AS path I Communities target 11111 1 Layer2 info encaps VPLS control flags mtu 0 Label base 800008 range 8 Localpref 100 Router ID 10 255 70 103 Primary Routing Table bgp l2vpn 0 10 255 71 52 1 1 1 96 1 entry 1 announced L2VPN Preference 170 1 Next hop reference count 5 Protocol next hop 10 255 71 52 Indirect next hop 0 State Active Int Ext...

Page 2302: ... 1 entry 1 announced L2CKT Preference 7 Next hop via so 1 1 2 0 weight 1 selected Label switched path my lsp Label operation Push 100000 0 Protocol next hop 10 245 255 63 Indirect next hop 86af000 296 State Active Int Local AS 99 Age 10 21 Task l2 circuit Announcement bits 1 0 LDP AS path I VC Label 100000 MTU 1500 VLAN ID 512 Copyright 2010 Juniper Networks Inc 2206 Complete Software Guide for Ju...

Page 2303: ...how route exact on page 2207 show route exact detail on page 2207 show route exact extensive on page 2209 show route exact terse on page 2209 Output Fields For information about output fields see the output field tables for the show route command the show route detail command the show route extensive command or the show route terse command show route exact user host show route exact 207 17 136 0 2...

Page 2304: ...Announcement bits 2 0 KRT 3 Resolve tree 2 AS path I Copyright 2010 Juniper Networks Inc 2208 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2305: ... 71 254 via fxp0 0 selected State Active NoReadvrt Int Ext Local AS 69 Age 1 25 18 Task RT Announcement bits 2 0 KRT 3 Resolve tree 2 AS path I show route exact terse user host show route exact 207 17 136 0 24 terse inet 0 22 destinations 23 routes 21 active 0 holddown 1 hidden Active Route Last Active Both A Destination P Prf Metric 1 Metric 2 Next hop AS path 207 17 136 0 24 S 5 192 168 71 254 2...

Page 2306: ... logical systems or on a particular logical system routing table name Optional Display information about a particular routing table for example inet 0 for which policy based export is currently enabled For information about the different types of routing tables see the Junos Routing Protocols Configuration Guide Required Privilege Level view List of Sample Output show route export on page 2211 sho...

Page 2307: ...stance inet 0 and instance inet 2 Options detail instance keyword only Policy that route export uses to construct the import export matrix Not displayed if the instance type is vrf Import policy detail instance keyword only Name of the routing instance Instance detail instance keyword only Type of routing instance forwarding non forwarding or vrf Type show route export user host show route export ...

Page 2308: ...utput show route extensive on page 2217 show route extensive Access Route on page 2223 show route extensive Route Reflector on page 2223 Output Fields Table 290 on page 2212 describes the output fields for the showrouteextensive command Output fields are listed in the approximate order in which they appear Table 290 show route extensive Output Fields Field Description Field Name Name of the routin...

Page 2309: ... more exits this router with one fewer label the label popping operation is performed If there is no S information the route is a normal MPLS route which has a stack depth of 1 the label popping operation is not performed label stacking Protocol from which the route was learned and the preference value for the route A plus sign indicates the active route which is the route installed from the routi...

Page 2310: ...th the same weight value load balancing is possible Balance Balance coefficient indicating how traffic of unequal cost is distributed among next hops when a routing device is performing unequal cost load balancing This information is available when you enable Border Gateway Protocol BGP multipath load balancing via Name of the label switched path LSP used to reach the next hop Label switched path ...

Page 2311: ...ed together in the selection process When this reason is displayed an additional reason is provided typically one of the other reasons listed Number of gateways Path with a higher number of next hops is available Origin Path with a lower origin code is available OSPF version Path does not support the indicated OSPF version RIB preference Route from a higher numbered routing table is available Rout...

Page 2312: ...on set AS path For route reflected output only Originator ID attribute set by the route reflector AS path I Originator MPLS label assigned to the Layer 2 circuit virtual connection VC Label Maximum transmission unit MTU of the Layer 2 circuit MTU VLAN identifier of the Layer 2 circuit VLAN ID For route reflected output only Cluster ID sent by the route reflector Cluster list For route reflected ou...

Page 2313: ...e path Node path count Number of forwarding next hops The forwarding next hop is the network layer address of the directly reachable neighboring system if applicable and the interface used to reach it Forwarding nexthops show route extensive user host show route extensive inet 0 22 destinations 23 routes 21 active 0 holddown 1 hidden 10 10 0 0 16 1 entry 1 announced show route extensive TSI KRT in...

Page 2314: ...Preference 10 Next hop reference count 9 Next hop via so 0 3 0 0 Next hop 10 31 1 6 via ge 3 1 0 0 selected State Active Int Local AS 69 Age 1 32 19 Metric 2 Area 0 0 0 0 Task OSPF Announcement bits 2 0 KRT 3 Resolve tree 2 AS path I 224 0 0 2 32 1 entry 1 announced TSI KRT in kernel 224 0 0 2 32 PIM Preference 0 Next hop reference count 18 State Active NoReadvrt Int Local AS 69 Age 1 34 08 Task P...

Page 2315: ...via so 0 3 0 0 weight 0x1 selected Label switched path green r1 r2 State Active Int Local AS 69 Age 1 28 12 Metric 1 Task RSVP Announcement bits 2 1 Resolve tree 1 2 Resolve tree 2 AS path I private1__ inet 0 2 destinations 3 routes 2 active 0 holddown 0 hidden iso 0 1 destinations 1 routes 1 active 0 holddown 0 hidden 47 0005 80ff f800 0000 0108 0001 0102 5507 1052 152 1 entry 0 announced Direct ...

Page 2316: ...2769 0 16 indirect 1048574 VPLS Preference 7 Next hop reference count 2 Next hop 10 31 1 6 via ge 3 1 0 0 weight 0x1 selected Label switched path green r1 r3 Label operation Push 800012 Push 100096 top Protocol next hop 10 255 70 103 Push 800012 Indirect next hop 87272e4 1048574 State Active Int Age 1 31 53 Metric2 2 Task Common L2 VC Announcement bits 2 0 KRT 1 Common L2 VC AS path I Communities ...

Page 2317: ...ff02 2 128 1 entry 1 announced TSI KRT in kernel ff02 2 128 PIM Preference 0 Next hop reference count 18 State Active NoReadvrt Int Local AS 69 Age 1 34 08 Task PIM Recv6 Announcement bits 1 0 KRT AS path I ff02 d 128 1 entry 1 announced TSI KRT in kernel ff02 d 128 PIM Preference 0 Next hop reference count 18 State Active NoReadvrt Int Local AS 69 Age 1 34 08 Task PIM Recv6 Announcement bits 1 0 ...

Page 2318: ... target 11111 1 Layer2 info encaps VPLS control flags mtu 0 Label base 800008 range 8 Localpref 100 Router ID 10 255 70 103 Primary Routing Table bgp l2vpn 0 10 255 71 52 1 1 1 96 1 entry 1 announced TSI Page 0 idx 0 Type 1 val 8699540 L2VPN Preference 170 1 Next hop reference count 5 Protocol next hop 10 255 71 52 Indirect next hop 0 State Active Int Ext Age 1 34 03 Metric2 1 Task green l2vpn Ann...

Page 2319: ...13 160 0 102 32 13 160 0 2 OSPF area 0 0 0 0 LSA ID 13 160 0 102 LSA type Extern Access Preference 13 Next hop reference count 78472 Next hop 13 160 0 2 via fe 0 0 0 0 selected State Active Int Age 12 Task RPD Unix Domain Server var run rpd_serv local Announcement bits 2 0 KRT 1 OSPFv2 AS path I show route extensive Route Reflector user host show route extensive 1 0 0 0 8 1 entry 1 announced TSI K...

Page 2320: ...rect next hop 84ac908 40 Indirect path forwarding next hops 0 Next hop type Discard Copyright 2010 Juniper Networks Inc 2224 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2321: ...eration on all logical systems or on a particular logical system table table name Optional Name of the flow route table Required Privilege Level view List of Sample Output show route flow validation on page 2226 Output Fields Table 291 on page 2225 lists the output fields for the showrouteflowvalidation command Output fields are listed in the approximate order in which they appear Table 291 show r...

Page 2322: ...atch for the route flow Unicastbestmatch All levels Information about the route flow Flags show route flow validation user host show route flow validation inet 0 10 0 5 0 24Active unicast route show route flow validation Dependent flow destinations 1 Origin 192 168 224 218 Neighbor AS 65001 Flow destination 3 entries 1 match origin Unicast best match 10 0 5 0 24 Flags SubtreeApex Consistent Copyri...

Page 2323: ... Level view List of Sample Output show route inactive path on page 2227 show route inactive path detail on page 2228 show route inactive path extensive on page 2229 show route inactive path terse on page 2229 Output Fields For information about output fields see the output field tables for the show route command the show route detail command the show route extensive command or the show route terse...

Page 2324: ...hop reference count 1 Next hop via so 0 3 0 0 selected State Int Inactive reason Route Preference Local AS 1 Age 3 58 24 Metric 1 Area 0 0 0 0 Task OSPF AS path I private1__ inet 0 2 destinations 3 routes 2 active 0 holddown 0 hidden 10 0 0 0 8 2 entries 0 announced Direct Preference 0 Next hop type Interface Next hop reference count 1 Next hop via fxp1 0 selected State NotBest Int Inactive reason...

Page 2325: ...ddown 0 hidden Active Route Last Active Both A Destination P Prf Metric 1 Metric 2 Next hop AS path 10 0 0 0 8 D 0 fxp1 0 red inet 0 6 destinations 8 routes 4 active 0 holddown 3 hidden Restart Complete Active Route Last Active Both A Destination P Prf Metric 1 Metric 2 Next hop AS path 10 12 80 0 30 B 170 100 10 12 80 1 100 I iso 0 1 destinations 1 routes 1 active 0 holddown 0 hidden Restart Comp...

Page 2326: ...on page 2230 show route inactive prefix detail on page 2230 show route inactive prefix extensive on page 2231 show route inactive prefix terse on page 2231 Output Fields For information about output fields see the output field tables for the show route command the show route detail command the show route extensive command or the show route terse command show route inactive prefix user host show ro...

Page 2327: ...mple output see show route inactive prefix detail on page 2230 show route inactive prefix terse user host show route inactive prefix terse inet 0 18 destinations 18 routes 17 active 0 holddown 1 hidden Active Route Last Active Both A Destination P Prf Metric 1 Metric 2 Next hop AS path 127 0 0 1 32 D 0 lo0 0 2231 Copyright 2010 Juniper Networks Inc Chapter 74 Operational Commands for Layer 3 Proto...

Page 2328: ...is operation on all logical systems or on a particular logical system operational Optional Display operational routing instances Required Privilege Level view List of Sample Output show route instance on page 2233 show route instance detail Graceful Restart Complete on page 2234 show route instance detail Graceful Restart Incomplete on page 2235 show route instance detail VPLS Routing Instance on ...

Page 2329: ...ame Vrf export detail VPN routing and forwarding instance import target community name Vrf import target detail VPN routing and forwarding instance export target community name Vrf export target detail Fast reroute priority setting for a VPLS routing instance high medium or low The default is low Fast reroute priority detail Restart state Pending protocol name List of protocols that have not yet c...

Page 2330: ...103 Route distinguisher 10 255 14 176 103 Vrf import BGP INET import Vrf export BGP INET export Tables BGP INET inet 0 4 routes 4 active 0 holddown 0 hidden Restart Complete BGP L Router ID 10 69 104 1 Type vrf State Active Restart State Complete Path selection timeout 300 Interfaces t3 0 0 0 104 Route distinguisher 10 255 14 176 104 Vrf import BGP L import Vrf export BGP L export Tables BGP L ine...

Page 2331: ...ort Tables RIP inet 0 6 routes 6 active 0 holddown 0 hidden Restart Complete STATIC Router ID 10 69 100 1 Type vrf State Active Restart State Complete Path selection timeout 300 Interfaces t3 0 0 0 100 Route distinguisher 10 255 14 176 100 Vrf import STATIC import Vrf export STATIC export Tables STATIC inet 0 4 routes 4 active 0 holddown 0 hidden Restart Complete show route instance detail Gracefu...

Page 2332: ... 6 routes 5 active 0 holddown 0 hidden Restart Pending VPN BGP L mpls 0 2 routes 2 active 0 holddown 0 hidden Restart Pending VPN L2VPN Router ID 0 0 0 0 Type l2vpn State Active Restart State Pending Path selection timeout 300 Interfaces t3 0 0 0 512 Route distinguisher 10 255 14 176 512 Vrf import L2VPN import Vrf export L2VPN export Tables L2VPN l2vpn 0 2 routes 2 active 0 holddown 0 hidden Rest...

Page 2333: ...outes 4 active 0 holddown 0 hidden Restart Pending VPN show route instance detail VPLS Routing Instance user host show route instance detail test vpls test vpls Router ID 0 0 0 0 Type vpls State Active Interfaces lsi 1048833 lsi 1048832 fe 0 1 0 513 Route distinguisher 10 255 37 65 1 Vrf import __vrf import test vpls internal__ Vrf export __vrf export test vpls internal__ Vrf import target target ...

Page 2334: ...L2VPN iso 0 0 0 0 L2VPN inet6 0 0 0 0 L2VPN l2vpn 0 2 0 0 LDP vrf LDP inet 0 4 0 0 LDP iso 0 0 0 0 LDP mpls 0 0 0 0 LDP inet6 0 0 0 0 LDP l2circuit 0 0 0 0 OSPF vrf OSPF inet 0 7 0 0 OSPF iso 0 0 0 0 OSPF inet6 0 0 0 0 RIP vrf RIP inet 0 6 0 0 RIP iso 0 0 0 0 RIP inet6 0 0 0 0 STATIC vrf STATIC inet 0 4 0 0 STATIC iso 0 0 0 0 STATIC inet6 0 0 0 0 Copyright 2010 Juniper Networks Inc 2238 Complete S...

Page 2335: ...ogical system name Optional Perform this operation on all logical systems or on a particular logical system Required Privilege Level view List of Sample Output show route label on page 2239 show route label detail on page 2240 show route label extensive on page 2240 show route label terse on page 2240 Output Fields For information about output fields see the output field table for the show route c...

Page 2336: ... path 100 I Ref Cnt 2 show route label extensive The output for the show route label extensive command is identical to that of the show routelabeldetail command For sample output see show route label detail on page 2240 show route label terse user host show route label 100016 terse mpls 0 4 destinations 4 routes 4 active 0 holddown 0 hidden Restart Complete Active Route Last Active Both A Destinat...

Page 2337: ...etail command the show route extensive command or the show route terse command show route label switched path user host show route label switched path sf to ny inet 0 29 destinations 29 routes 29 active 0 holddown 0 hidden Active Route Last Active Both show route label switched path 1 1 1 1 32 MPLS 7 00 00 06 metric 0 to 111 222 1 9 via s0 0 0 0 label switched path sf to ny 3 3 3 3 32 MPLS 7 00 00...

Page 2338: ...0 2 destinations 2 routes 2 active 0 holddown 0 hidden Active Route Last Active Both Copyright 2010 Juniper Networks Inc 2242 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2339: ...red Privilege Level view List of Sample Output show route martians on page 2243 Output Fields Table 293 on page 2243 lists the output fields for the show route martians command Output fields are listed in the approximate order in which they appear Table 293 show route martians Output Fields Field Description Field Name Name of the route table in which the route martians reside table name Route des...

Page 2340: ... 128 0 0 0 16 orlonger disallowed 191 255 0 0 16 orlonger disallowed 192 0 0 0 24 orlonger disallowed 223 255 255 0 24 orlonger disallowed 240 0 0 0 4 orlonger disallowed Copyright 2010 Juniper Networks Inc 2244 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2341: ... show route next hop extensive on page 2247 show route next hop terse on page 2249 Output Fields For information about output fields see the output field tables for the show route command the show route detail command the show route extensive command or the show route terse command show route next hop user host show route next hop 192 168 71 254 inet 0 18 destinations 18 routes 17 active 0 holddow...

Page 2342: ... Active NoReadvrt Int Ext Local AS 1 Age 6 27 41 Task RT Announcement bits 3 0 KRT 3 Resolve tree 1 5 Resolve tree 2 AS path I 10 209 0 0 16 1 entry 1 announced Static Preference 5 Next hop reference count 36 Next hop 192 168 71 254 via fxp0 0 selected State Active NoReadvrt Int Ext Local AS 1 Age 6 27 41 Task RT Announcement bits 3 0 KRT 3 Resolve tree 1 5 Resolve tree 2 AS path I 172 16 0 0 12 1...

Page 2343: ...NoReadvrt Int Ext Local AS 1 Age 6 27 41 Task RT Announcement bits 3 0 KRT 3 Resolve tree 1 5 Resolve tree 2 AS path I private1__ inet 0 2 destinations 3 routes 2 active 0 holddown 0 hidden red inet 0 4 destinations 5 routes 4 active 0 holddown 0 hidden Restart Complete iso 0 1 destinations 1 routes 1 active 0 holddown 0 hidden Restart Complete mpls 0 4 destinations 4 routes 4 active 0 holddown 0 ...

Page 2344: ...ve NoReadvrt Int Ext Local AS 69 Age 2 02 28 Task RT Announcement bits 1 0 KRT AS path I 192 168 0 0 16 1 entry 1 announced TSI KRT in kernel 192 168 0 0 16 192 168 71 254 Static Preference 5 Next hop reference count 22 Next hop 192 168 71 254 via fxp0 0 selected State Active NoReadvrt Int Ext Local AS 69 Age 2 02 28 Task RT Announcement bits 1 0 KRT AS path I 192 168 102 0 23 1 entry 1 announced ...

Page 2345: ... 1 destinations 1 routes 1 active 0 holddown 0 hidden green l2vpn 0 2 destinations 2 routes 2 active 0 holddown 0 hidden red l2vpn 0 1 destinations 1 routes 1 active 0 holddown 0 hidden show route next hop terse user host show route next hop 192 168 71 254 terse inet 0 25 destinations 26 routes 24 active 0 holddown 1 hidden Restart Complete Active Route Last Active Both A Destination P Prf Metric ...

Page 2346: ...te inet6 0 2 destinations 2 routes 2 active 0 holddown 0 hidden Restart Complete private1__ inet6 0 1 destinations 1 routes 1 active 0 holddown 0 hidden Copyright 2010 Juniper Networks Inc 2250 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2347: ...mmunity detail on page 2252 show route no community extensive on page 2252 show route no community terse on page 2253 Output Fields For information about output fields see the output field tables for the show route command the show route detail command the show route extensive command or the show route terse command show route no community user host show route no community inet 0 28 destinations 3...

Page 2348: ...a fxp0 0 selected State Active NoReadvrt Int Ext Age 38 08 Task RT Announcement bits 1 0 KRT AS path I show route no community extensive user host show route no community extensive inet 0 18 destinations 18 routes 17 active 0 holddown 1 hidden 10 10 0 0 16 1 entry 1 announced TSI KRT in kernel 10 10 0 0 16 192 168 71 254 Static Preference 5 Next hop reference count 22 Next hop 192 168 71 254 via f...

Page 2349: ...16 S 5 192 168 71 254 10 209 0 0 16 S 5 192 168 71 254 10 255 71 52 32 D 0 lo0 0 10 255 71 63 32 O 10 1 35 1 1 2 10 255 71 64 32 O 10 2 35 1 1 2 10 255 71 240 32 O 10 2 so 0 1 2 0 so 0 3 2 0 10 255 71 241 32 O 10 1 so 0 1 2 0 10 255 71 242 32 O 10 1 so 0 3 2 0 12 1 1 0 24 O 10 2 so 0 3 2 0 14 1 1 0 24 O 10 3 35 1 1 2 so 0 1 2 0 so 0 3 2 0 16 1 1 0 24 O 10 2 so 0 1 2 0 2253 Copyright 2010 Juniper N...

Page 2350: ... was learned access Access route for use by DHCP application access internal Access internal route for use by DHCP application aggregate Locally generated aggregate route atmvpn Asynchronous Transfer Mode virtual private network bgp Border Gateway Protocol ccc Circuit cross connect direct Directly connected route dvmrp Distance Vector Multicast Routing Protocol esis End System to Intermediate Syst...

Page 2351: ...col access internal extensive on page 2256 show route protocol bgp on page 2256 show route protocol bgp detail on page 2256 show route protocol bgp extensive on page 2257 show route protocol bgp terse on page 2257 show route protocol direct on page 2257 show route protocol l2circuit detail on page 2257 show route protocol l2vpn extensive on page 2258 show route protocol ldp on page 2259 show route...

Page 2352: ... 168 64 0 21 inet 0 24 destinations 32 routes 23 active 0 holddown 1 hidden Active Route Last Active Both 192 168 64 0 21 BGP 170 00 04 33 localpref 100 AS path 10023 21 I to 100 1 3 2 via ge 5 0 3 0 Push 100080 show route protocol bgp detail show route protocol bgp 66 117 63 0 24 exact detail inet 0 227318 destinations 227319 routes 227305 active 0 holddown 13 hidden 66 117 63 0 24 1 entry 1 anno...

Page 2353: ...ext hop AS path 192 168 64 0 21 B 170 100 100 1 3 2 10023 21 I show route protocol direct user host show route protocol direct inet 0 35 destinations 35 routes 34 active 0 holddown 1 hidden Active Route Last Active Both 127 0 0 1 32 Direct 0 14 36 24 via lo0 0 111 222 5 0 24 Direct 0 14 36 24 via fxp0 0 111 222 8 16 28 Direct 0 14 36 24 via at 5 3 0 0 111 222 8 100 30 Direct 0 14 36 24 via at 5 3 ...

Page 2354: ...ht 1 selected Label switched path my lsp Label operation Push 100000 0 Protocol next hop 10 245 255 63 Indirect next hop 86af000 296 State Active Int Local AS 99 Age 10 21 Task l2 circuit Announcement bits 1 0 LDP AS path I VC Label 100000 MTU 1500 VLAN ID 512 show route protocol l2vpn extensive user host show route protocol l2vpn extensive inet 0 14 destinations 15 routes 13 active 0 holddown 1 h...

Page 2355: ...0 Push 100000 192 168 17 1 32 LDP 9 1d 23 03 35 metric 1 via t1 4 0 0 0 private1__ inet 0 2 destinations 2 routes 2 active 0 holddown 0 hidden mpls 0 6 destinations 6 routes 6 active 0 holddown 0 hidden Active Route Last Active Both 100064 LDP 9 1d 23 03 35 metric 1 via t1 4 0 0 0 Pop 100064 S 0 LDP 9 1d 23 03 35 metric 1 via t1 4 0 0 0 Pop 100080 LDP 9 1d 23 03 35 metric 1 via t1 4 0 0 0 Swap 100...

Page 2356: ...00064 40 t1 4 0 0 0 LDP Preference 9 Next hop reference count 2 Next hop via t1 4 0 0 0 selected Label operation Pop State Active Int Local AS 65500 Age 1d 23 03 58 Metric 1 Task LDP Announcement bits 1 0 KRT AS path I 100080 1 entry 1 announced TSI KRT in kernel 100080 36 t1 4 0 0 0 LDP Preference 9 Next hop reference count 2 Next hop via t1 4 0 0 0 selected Label operation Swap 100000 State Acti...

Page 2357: ...SPF AS path I Communities Route Type 0 0 0 0 1 0 showrouteprotocolrip user host show route protocol rip inet 0 26 destinations 27 routes 25 active 0 holddown 1 hidden Active Route Last Active Both VPN AB inet 0 5 destinations 5 routes 5 active 0 holddown 0 hidden Active Route Last Active Both 10 255 14 177 32 RIP 100 20 24 34 metric 2 to 10 39 1 22 via t3 0 2 2 0 224 0 0 9 32 RIP 100 00 03 59 metr...

Page 2358: ...3 33 metric 2 to fe80 2a0 a5ff fe3d 56 via t3 0 2 0 0 1111 3 128 RIPng 100 02 13 33 metric 2 to fe80 2a0 a5ff fe3d 56 via t3 0 2 0 0 1111 4 128 RIPng 100 02 13 33 metric 2 to fe80 2a0 a5ff fe3d 56 via t3 0 2 0 0 1111 5 128 RIPng 100 02 13 33 metric 2 to fe80 2a0 a5ff fe3d 56 via t3 0 2 0 0 1111 6 128 RIPng 100 02 13 33 metric 2 to fe80 2a0 a5ff fe3d 56 via t3 0 2 0 0 Copyright 2010 Juniper Network...

Page 2359: ...s or on a particular logical system Required Privilege Level view List of Sample Output show route range on page 2263 show route range destination prefix on page 2264 show route range detail on page 2264 show route range extensive on page 2265 show route range terse on page 2266 Output Fields For information about output fields see the output field tables for the show route command the show route ...

Page 2360: ... 16 1 entry 1 announced Static Preference 5 Next hop reference count 22 Next hop 192 168 71 254 via fxp0 0 selected State Active NoReadvrt Int Ext Age 30 05 Task RT Announcement bits 1 0 KRT AS path I 10 209 0 0 16 1 entry 1 announced Static Preference 5 Next hop reference count 22 Next hop 192 168 71 254 via fxp0 0 selected State Active NoReadvrt Int Ext Age 30 05 Task RT Announcement bits 1 0 KR...

Page 2361: ...Static Preference 5 Next hop reference count 22 Next hop 192 168 71 254 via fxp0 0 selected State Active NoReadvrt Int Ext Age 30 17 Task RT Announcement bits 1 0 KRT AS path I 10 255 71 14 32 1 entry 0 announced Direct Preference 0 Next hop type Interface Next hop reference count 1 Next hop via lo0 0 selected State Active Int Age 30 17 Task IF AS path I 172 16 0 0 12 1 entry 1 announced TSI KRT i...

Page 2362: ... P Prf Metric 1 Metric 2 Next hop AS path 10 0 0 0 8 D 0 fxp2 0 D 0 fxp1 0 10 0 0 4 32 L 0 Local iso 0 1 destinations 1 routes 1 active 0 holddown 0 hidden Active Route Last Active Both A Destination P Prf Metric 1 Metric 2 Next hop AS path 47 0005 80ff f800 0000 0108 0001 0102 5507 1014 152 D 0 lo0 0 inet6 0 2 destinations 2 routes 2 active 0 holddown 0 hidden Active Route Last Active Both A Dest...

Page 2363: ...ttributes with which they were received but does not show the effects of import policy on the routing attributes Required Privilege Level view List of Sample Output show route receive protocol bgp on page 2269 show route receive protocol bgp extensive on page 2270 show route receive protocol bgp extensive on page 2270 show route receive protocol bgp detail Layer 2 VPN on page 2271 show route recei...

Page 2364: ...unced detail extensive 64 bit prefix added to IP subnets to make them unique Route Distinguisher detail extensive First label in a block of labels and label block size A remote PE routing device uses this first label when sending traffic toward the advertising PE routing device Label Base range detail extensive Virtual private network VPN label Packets are sent between CE and PE routing devices by...

Page 2365: ...e a confederation Parentheses and brackets enclose a confederation set AS path detail extensive For route reflected output only Cluster ID sent by the route reflector Cluster list detail extensive For route reflected output only Address of routing device that originally sent the route to the route reflector Originator ID detail extensive Community path attribute for the route See the Output Field ...

Page 2366: ...inator ID 10 255 245 68 inet 2 63 destinations 63 routes 63 active 0 holddown 0 hidden Prefix Next hop MED Lclpref AS path inet 3 10 destinations 10 routes 10 active 0 holddown 0 hidden Prefix Next hop MED Lclpref AS path iso 0 1 destinations 1 routes 1 active 0 holddown 0 hidden Prefix Next hop MED Lclpref AS path mpls 0 48 destinations 48 routes 48 active 0 holddown 0 hidden show route receive p...

Page 2367: ...yer2 info encaps FRAME RELAY control flags 0 mtu 0 show route receive protocol bgp user host show route receive protocol bgp 10 255 14 171 extensive inet 0 68 destinations 68 routes 67 active 0 holddown 1 hidden Prefix Nexthop MED Lclpref AS path extensive Layer 2 VPN inet 3 4 destinations 4 routes 4 active 0 holddown 0 hidden Prefix Nexthop MED Lclpref AS path iso 0 1 destinations 1 routes 1 acti...

Page 2368: ... 255 14 171 200 10 255 14 175 32 10 255 14 171 100 2 I show route receive protocol bgp detail Layer 3 VPN user host show route receive protocol bgp 10 255 14 174 detail inet 0 16 destinations 17 routes 15 active 0 holddown 1 hidden inet 3 2 destinations 2 routes 2 active 0 holddown 0 hidden vpna inet 0 5 destinations 5 routes 5 active 0 holddown 0 hidden 10 49 0 0 30 1 entry 1 announced Route Dist...

Page 2369: ...3 0 0 16 1 entry 1 announced Nexthop 111 222 5 254 Localpref 100 AS path I Originator Cluster list 10 2 3 1 Originator ID 10 255 245 68 165 4 0 0 16 1 entry 1 announced Nexthop 111 222 5 254 Localpref 100 AS path I Originator Cluster list 10 2 3 1 Originator ID 10 255 245 45 195 1 2 0 24 1 entry 1 announced Nexthop 111 222 5 254 Localpref 100 AS path I Originator Cluster list 10 2 3 1 Originator I...

Page 2370: ...Display the specified level of output index index Optional Show the index of the resolution tree logical system all logical system name Optional Perform this operation on all logical systems or on a particular logical system prefix network destination prefix Optional Display database entries for the specified address table routing table name Optional Display information about a particular routing ...

Page 2371: ...inet 0 or inet 3 provided the best path for a particular prefix Originating RIB Metric associated with the forwarding next hop Metric Number of nodes in the path Node path count Number of forwarding next hops The forwarding next hop is the network layer address of the directly reachable neighboring system if applicable and the interface used to reach it Forwarding next hops show route resolution d...

Page 2372: ...ence Count 1 Contributing routing tables inet 3 Tree Index 3 Nodes 43 Reference Count 1 Contributing routing tables inet 0 inet 3 show route resolution unresolved user host show route resolution unresolved Tree Index 1 vt 3 2 0 32769 0 16 Protocol Nexthop 10 255 71 238 Push 800000 Indirect nexthop 0 vt 3 2 0 32772 0 16 Protocol Nexthop 10 255 70 103 Push 800008 Indirect nexthop 0 Tree Index 2 Copy...

Page 2373: ...play exact matches for the provided address and optional prefix range prefix range Optional Display information for the provided address range summary Optional Display route snooping summary statisitics table table name Optional Display information for the named table Required Privilege Level view List of Sample Output show route snooping detail on page 2277 Output Fields For information about out...

Page 2374: ... hop reference count 113 State Active Int Age 2 13 Task MC Announcement bits 1 0 KRT AS path I 225 0 0 3 11 11 11 100 3 9 0 0 80 1 entry 1 announced Multicast Preference 180 Next hop type Multicast IPv4 Next hop reference count 113 State Active Int Age 2 15 Task MC Announcement bits 1 0 KRT AS path I 225 0 0 4 11 11 11 100 3 9 0 0 80 1 entry 1 announced Multicast Preference 180 Next hop type Multi...

Page 2375: ...nt 113 State Active Int Age 2 13 Task MC Announcement bits 1 0 KRT AS path I 225 0 0 10 11 11 11 100 3 9 0 0 80 1 entry 1 announced Multicast Preference 180 Next hop type Multicast IPv4 Next hop reference count 113 State Active Int Age 2 15 Task MC Announcement bits 1 0 KRT AS path I 226 0 0 1 11 11 11 100 3 10 0 0 80 1 entry 1 announced Multicast Preference 180 Next hop type Multicast IPv4 Next h...

Page 2376: ... Task MC Announcement bits 1 0 KRT AS path I 227 0 0 1 11 11 11 100 3 11 0 0 80 1 entry 1 announced Multicast Preference 180 Next hop type Multicast IPv4 Next hop reference count 113 State Active Int Age 2 10 Task MC Announcement bits 1 0 KRT AS path I 227 0 0 2 11 11 11 100 3 11 0 0 80 1 entry 1 announced Multicast Preference 180 Next hop type Multicast IPv4 Next hop reference count 113 State Act...

Page 2377: ...Age 1 57 Task MC Announcement bits 1 0 KRT AS path I 227 0 0 8 11 11 11 100 3 11 0 0 80 1 entry 1 announced Multicast Preference 180 Next hop type Multicast IPv4 Next hop reference count 113 State Active Int Age 2 10 Task MC Announcement bits 1 0 KRT AS path I 227 0 0 10 11 11 11 100 3 11 0 0 80 1 entry 1 announced Multicast Preference 180 Next hop type Multicast IPv4 Next hop reference count 113 ...

Page 2378: ...RT AS path I 228 0 0 9 11 11 11 100 3 12 0 0 80 1 entry 1 announced Multicast Preference 180 Next hop type Multicast IPv4 Next hop reference count 113 State Active Int Age 8 Task MC Announcement bits 1 0 KRT AS path I 228 0 0 10 11 11 11 100 3 12 0 0 80 1 entry 1 announced Multicast Preference 180 Next hop type Multicast IPv4 Next hop reference count 113 State Active Int Age 2 12 Task MC Announcem...

Page 2379: ... 11 100 3 13 0 0 80 1 entry 1 announced Multicast Preference 180 Next hop type Multicast IPv4 Next hop reference count 113 State Active Int Age 2 15 Task MC Announcement bits 1 0 KRT AS path I 229 0 0 8 11 11 11 100 3 13 0 0 80 1 entry 1 announced Multicast Preference 180 Next hop type Multicast IPv4 Next hop reference count 113 State Active Int Age 2 15 Task MC Announcement bits 1 0 KRT AS path I...

Page 2380: ...IPv4 Next hop reference count 113 State Active Int Age 2 13 Task MC Announcement bits 1 0 KRT AS path I Copyright 2010 Juniper Networks Inc 2284 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2381: ... view List of Sample Output show route source gateway on page 2285 show route source gateway detail on page 2286 show route source gateway extensive on page 2288 Output Fields For information about output fields see the output field tables for the show route command the show route detail command the show route extensive command or the show route terse command show route source gateway user host sh...

Page 2382: ...l switched path green r1 r3 show route source gateway detail user host show route source gateway 10 255 70 103 detail inet 0 24 destinations 25 routes 23 active 0 holddown 1 hidden Restart Complete inet 3 2 destinations 2 routes 2 active 0 holddown 0 hidden Restart Complete private1__ inet 0 2 destinations 3 routes 2 active 0 holddown 0 hidden iso 0 1 destinations 1 routes 1 active 0 holddown 0 hi...

Page 2383: ...Layer2 info encaps VPLS control flags Site Down mtu 0 Label base 800016 range 8 Localpref 0 Router ID 10 255 70 103 Primary Routing Table bgp l2vpn 0 bgp l2vpn 0 4 destinations 4 routes 4 active 0 holddown 0 hidden Restart Complete 10 255 70 103 1 3 1 96 1 entry 0 announced BGP Preference 170 101 Route Distinguisher 10 255 70 103 1 Next hop reference count 7 Source 10 255 70 103 Protocol next hop ...

Page 2384: ...t Complete inet6 0 5 destinations 5 routes 5 active 0 holddown 0 hidden Restart Complete green l2vpn 0 4 destinations 4 routes 4 active 0 holddown 0 hidden Restart Complete 10 255 70 103 1 3 1 96 1 entry 1 announced BGP Preference 170 101 Route Distinguisher 10 255 70 103 1 Next hop reference count 7 Source 10 255 70 103 Protocol next hop 10 255 70 103 Indirect next hop 2 no forward State Secondar...

Page 2385: ... 69 Age 12 15 24 Metric2 1 Task BGP_69 10 255 70 103 179 AS path I Communities target 11111 1 Layer2 info encaps VPLS control flags mtu 0 Label base 800008 range 8 Localpref 100 Router ID 10 255 70 103 Secondary Tables green l2vpn 0 Indirect next hops 1 Protocol next hop 10 255 70 103 Metric 2 Indirect next hop 2 no forward Indirect path forwarding next hops 1 Next hop via so 0 3 0 0 weight 0x1 10...

Page 2386: ... 10 255 70 103 Metric 2 Indirect next hop 2 no forward Indirect path forwarding next hops 1 Next hop via so 0 3 0 0 weight 0x1 10 255 70 103 32 Originating RIB inet 3 Metric 2 Node path count 1 Forwarding nexthops 1 Nexthop via so 0 3 0 0 Copyright 2010 Juniper Networks Inc 2290 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2387: ... page 2291 lists the output fields for the show route summary command Output fields are listed in the approximate order in which they appear Table 296 show route summary Output Fields Field Description Field Name Name of the routing table for example inet 0 routing table name Number of destinations for which there are routes in the routing table destinations Number of routes in the routing table a...

Page 2388: ...e mpls 0 7 destinations 7 routes 5 active 0 holddown 2 hidden Restart Complete MPLS 3 routes 3 active VPLS 4 routes 2 active inet6 0 5 destinations 5 routes 5 active 0 holddown 0 hidden Restart Complete Direct 2 routes 2 active PIM 2 routes 2 active MLD 1 routes 1 active green l2vpn 0 4 destinations 4 routes 4 active 0 holddown 0 hidden Restart Complete BGP 2 routes 2 active L2VPN 2 routes 2 activ...

Page 2389: ...Protocols Configuration Guide Required Privilege Level view Related Documentation show route summary on page 2291 List of Sample Output show route table bgp l2 vpn on page 2294 show route table bgp l3vpn 0 on page 2294 show route table bgp l3vpn 0 detail on page 2294 show route table inet 0 on page 2295 show route table inet6 0 on page 2296 show route table inet6 3 on page 2296 show route table l2...

Page 2390: ...utes 8 active 0 holddown 0 hidden 10 255 245 12 1 4 0 0 0 8 1 entry 1 announced BGP Preference 170 101 Route Distinguisher 10 255 245 12 1 Source 10 255 245 12 Next hop 192 168 208 66 via fe 0 0 0 0 selected Label operation Push 182449 Protocol next hop 10 255 245 12 Push 182449 Indirect next hop 863a630 297 State Active Int Ext Local AS 35 Peer AS 35 Age 12 19 Metric2 1 Task BGP_35 10 255 245 12 ...

Page 2391: ...VPN Label 182465 Localpref 100 Router ID 10 255 245 12 10 255 245 12 1 4 17 251 0 24 1 entry 1 announced BGP Preference 170 101 Route Distinguisher 10 255 245 12 1 Source 10 255 245 12 Next hop 192 168 208 66 via fe 0 0 0 0 selected Label operation Push 182465 Protocol next hop 10 255 245 12 Push 182465 Indirect next hop 86bd210 330 State Active Int Ext Local AS 35 Peer AS 35 Age 12 19 Metric2 1 T...

Page 2392: ...er router show route table inet6 3 inet6 3 2 destinations 2 routes 2 active 0 holddown 0 hidden Active Route Last Active Both 10 255 245 195 128 LDP 9 00 00 22 metric 1 via so 1 0 0 0 10 255 245 196 128 LDP 9 00 00 08 metric 1 via so 1 0 0 0 Push 100008 show route table l2circuit 0 user host show route table l2circuit 0 l2circuit 0 4 destinations 4 routes 4 active 0 holddown 0 hidden Active Route ...

Page 2393: ...ve 0 holddown 0 hidden Active Route Last Active Both 0 MPLS 0 00 45 09 metric 1 Receive 1 MPLS 0 00 45 09 metric 1 Receive 2 MPLS 0 00 45 09 metric 1 Receive 100000 L2VPN 7 00 43 04 via so 0 1 0 1 Pop 100001 L2VPN 7 00 43 03 via so 0 1 0 2 Pop Offset 4 100002 LDP 9 00 43 22 metric 1 via so 0 1 2 0 Pop via so 0 1 3 0 Pop 100002 S 0 LDP 9 00 43 22 metric 1 via so 0 1 2 0 Pop via so 0 1 3 0 Pop 10000...

Page 2394: ...0 from 192 168 24 1 AS path I to 10 0 16 2 via fe 0 0 1 0 label switched path am show route table vpn a mdt 0 user host show route table vpn a mdt 0 vpn a mdt 0 3 destinations 3 routes 3 active 0 holddown 0 hidden Active Route Last Active Both 1 1 0 10 255 14 216 232 1 1 1 144 MVPN 70 01 23 05 metric2 1 Indirect 1 1 1 10 255 14 218 232 1 1 1 144 BGP 170 00 57 49 localpref 100 from 10 255 14 218 AS...

Page 2395: ...own 0 hidden Active Route Last Active Both 1 10 255 2 202 65535 10 255 2 202 432 BGP 170 00 02 37 localpref 100 from 10 255 2 202 AS path I via so 0 1 3 0 1 10 255 2 203 65535 10 255 2 203 432 BGP 170 00 02 37 localpref 100 from 10 255 2 203 AS path I via so 0 1 0 0 1 10 255 2 204 65535 10 255 2 204 432 MVPN 70 00 57 23 metric2 1 Indirect 5 10 255 2 202 65535 128 192 168 90 2 128 ffff 1 432 BGP 17...

Page 2396: ...s Field Description Field Name Name of the routing table for example inet 0 routing table name Number of destinations for which there are routes in the routing table number destinations Number of routes in the routing table and total number of routes in the following states active routes that are active holddown routes that are in the pending state before being declared inactive hidden routes that...

Page 2397: ...alPref value for Route 2 is 155 the Preference2 value is 156 Route 2 is preferred because if has a higher LocalPref value and a lower Preference2 value Prf First metric value in the route For routes learned from BGP this is the MED metric Metric 1 Second metric value in the route For routes learned from BGP this is the IGP metric Metric 2 Next hop to the destination An angle bracket indicates that...

Page 2398: ...111 222 5 254 1 0 0 1 32 D 0 at 5 3 0 0 1 0 0 2 32 L 0 Local 12 12 12 21 32 L 0 Reject 13 13 13 13 32 D 0 t3 5 2 1 0 13 13 13 14 32 L 0 Local 13 13 13 21 32 L 0 Local 13 13 13 22 32 D 0 t3 5 2 0 0 127 0 0 1 32 D 0 lo0 0 111 222 5 0 24 D 0 fxp0 0 111 222 5 81 32 L 0 Local 224 0 0 5 32 O 10 1 MultiRecv Copyright 2010 Juniper Networks Inc 2302 Complete Software Guide for Junos OS for EX Series Ethern...

Page 2399: ...rrp brief on page 2308 show vrrp detail IPv6 on page 2308 show vrrp detail Route Track on page 2308 show vrrp extensive on page 2309 show vrrp interface on page 2310 show vrrp summary on page 2311 show vrrp track detail on page 2311 show vrrp track summary on page 2311 Output Fields Table 298 on page 2303 lists the output fields for the show vrrp command Output fields are listed in the approximate...

Page 2400: ...hose VRRP PDU type is not 1 Invalid VRRP authentication type received Number of packets received whose VRRP authentication is not none simple or md5 Invalid VRRP IP count received Number of packets received whose VRRP IP count exceeds 8 Invalid VRRP checksum received Number of packets received whose VRRP checksum does not match the calculated value Interface VRRP PDUerrorstatistics detail extensiv...

Page 2401: ...n The interface is changing between being the backup and being the master router State detail extensive Configured VRRP priority for the interface Priority detail extensive Configured VRRP advertisement interval Advertisement interval detail extensive Configured VRRP authentication type none simple or md5 Authentication type detail extensive Whether preemption is allowed on the interface yes or no...

Page 2402: ...ace up or down Int state Interface state detail extensive Current operational speed in bits per second of the tracked interface Int speed Speed detail extensive Operational priority cost incurred due to the state and speed of this tracked interface This cost is applied to the configured priority to obtain the current priority Incurred priority cost detail extensive Speed below which the correspond...

Page 2403: ...P count received Number of VRRP PDUs whose virtual IP address counts differ from the count that has been configured on the VRRP instance Bad VIPADDR received Number of VRRP PDUs whose virtual IP addresses differ from the list of virtual IP addresses configured on the VRRP instance Group VRRP PDU error statistics extensive State transition statistics for the VRRP group Idle to master transitions Nu...

Page 2404: ...count 2 VIP ge80 12 1 1 99 gec0 12 1 1 99 Advertisement timer 1 121s Master router ge80 12 1 1 1 Virtual router uptime 00 03 47 Master router uptime 00 03 41 Virtual MAC 00 00 5e 00 02 01 Tracking disabled Physical interface ge 0 0 2 Unit 131 Vlan id 213 Address gec0 13 1 1 1 120 Index 69 SNMP ifIndex 47 VRRP Traps enabled Interface state up Group 1 State master Priority 200 Advertisement interval...

Page 2405: ... Traps enabled Interface state up Group 1 State master Priority 200 Advertisement interval 1 Authentication type none Preempt yes Accept data mode no VIP count 2 VIP ge80 12 1 1 99 gec0 12 1 1 99 Advertisement timer 1 034s Master router ge80 12 1 1 1 Virtual router uptime 00 04 04 Master router uptime 00 03 58 Virtual MAC 00 00 5e 00 02 01 Tracking disabled Group VRRP PDU statistics Advertisement ...

Page 2406: ...nsitions 0 Idle to backup transitions 1 Backup to master transitions 1 Master to backup transitions 0 show vrrp interface user host show vrrp interface Interface ge 0 0 0 121 Interface index 67 Groups 1 Active 1 Interface VRRP PDU statistics Advertisement sent 205 Advertisement received 0 Packets received 0 No group match received 0 Interface VRRP PDU error statistics Invalid IPAH next type receiv...

Page 2407: ...ate Group VR state Type Address ge 4 1 0 0 up 1 backup lcl 10 57 0 2 vip 10 57 0 100 show vrrp track detail user host show vrrp track detail Tracked interface ae1 211 State up Speed 400m Incurred priority cost 0 Threshold Priority cost Active 400m 10 300m 60 200m 110 100m 160 down 190 Tracking VRRP interface ae0 210 Group 1 VR State master Current priority 200 Configured priority 200 Priority hold...

Page 2408: ...Copyright 2010 Juniper Networks Inc 2312 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2409: ...ulticast Configuration on page 2323 Configuring IGMP Snooping and Multicast on page 2331 Verifying IGMP Snooping and Multicast on page 2339 Configuration Statements for IGMP Snooping and Multicast on page 2343 Operational Mode Commands for IGMP Snooping and Multicast on page 2421 2313 Copyright 2010 Juniper Networks Inc ...

Page 2410: ...Copyright 2010 Juniper Networks Inc 2314 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2411: ...s Ethernet Switches support IGMPv1 IGMPv2 and IGMPv3 For details on IGMPv1 IGMPv2 and IGMPv3 see the following standards For IGMPv1 see RFC 1112 Host extensions for IP multicasting at http www faqs org rfcs rfc1112 html For IGMPv2 see RFC 2236 Internet Group Management Protocol Version 2 at http www faqs org rfcs rfc2236 html For IGMPv3 see RFC 3376 Internet Group Management Protocol Version 3 at ...

Page 2412: ...ulticast traffic on the VLAN When the switch receives multicast packets it uses the cache table to selectively forward the packets only to the ports that are members of the destination multicast group Figure 43 on page 2316 shows an example of IGMP traffic flow with IGMP snooping enabled Figure 43 IGMP Traffic Flow with IGMP Snooping Enabled How IGMP Snooping Works with Routed VLAN Interfaces Swit...

Page 2413: ...ted in receiving the multicast stream The switch ultimately assigns a next hop after it does a route lookup The next hop includes all direct Layer 3 interfaces and RVIs The Packet Forwarding Engine then forwards multicast traffic to the bridge multicast ID that includes all Layer 3 interfaces and RVIs that are multicast receivers for a given multicast group Figure 44 on page 2318 shows how multica...

Page 2414: ...Bridge Multicast IDs and Next Hops Tag Information Next Hop Type of Next Hop ID Number tag off ge 0 0 0 0 RHN_UNICAST ID1 tag on ge 2 0 0 0 RHN_UNICAST ID2 ID1 ID2 RHN_FLOOD ID3 tag off ge 0 0 1 0 RHN_UNICAST ID4 ID4 ID2 RHN_FLOOD ID5 subnh ID3 vlan 0 RHN_UNICAST ID6 subnh ID5 VLAN 1 RHN_UNICAST ID7 ge 0 0 2 0 RHN_UNICAST ID8 ID6 ID7 ID8 RHN_FLOOD ID9 Copyright 2010 Juniper Networks Inc 2318 Compl...

Page 2415: ...lows IGMP snooping to filter multicast streams based on the source address of the multicast stream Junos operating system Junos OS for EX Series switches supports IGMPv3 packets that are in INCLUDE or EXCLUDE mode When a host sends an IGMPv3 INCLUDE report through a switch interface to indicate that it wants to receive a multicast stream from a source address the switch adds the source address to ...

Page 2416: ...ks EX Series Ethernet Switch that is enabled for MVR selectively forward IPTV multicast traffic from interfaces on the MVLAN source interfaces to hosts that are connected to interfaces that are not part of the MVLAN These interfaces are known as MVR receiver ports The MVR receiver ports can receive traffic from a port on the MVLAN but cannot send traffic onto the MVLAN and they remain in their own...

Page 2417: ...ffic on that port even though that port is not in the MVLAN Likewise if a host on a multicast receiver port leaves an MVR group on the multicast receiver VLAN the appropriate bridging entry is deleted and the MVLAN stops forwarding that group s IPTV multicast traffic on that port In addition you can configure the switch to statically install the bridging entries on the multicast receiver VLAN MVR ...

Page 2418: ...Copyright 2010 Juniper Networks Inc 2322 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2419: ... to the intended destination interfaces Configure IGMP snooping on one or more VLANs to allow the switch to examine IGMP packets and make forwarding decisions based on packet content By default IGMP snooping is enabled on EX Series switches This example describes how to configure IGMP snooping Requirements on page 2323 Overview and Topology on page 2324 Configuration on page 2324 Requirements This...

Page 2420: ...100 100 Multicast IP address for employee vlan In this example the switch is initially configured as follows IGMP snooping is disabled on the VLAN Configuration To configure basic IGMP snooping on a switch CLI Quick Configuration To quickly configure IGMP snooping copy the following commands and paste them into the switch terminal window edit protocols set igmp snooping vlan employee vlan set igmp...

Page 2421: ...uter the interface to receive multicast traffic edit protocols user switch set igmp snooping vlan employee vlan interface ge 0 0 2 multicast router interface 6 Change the number of timeout intervals the switch waits before timing out a multicast group to 4 edit protocols user switch set igmp snooping vlan employee vlan robust count 4 Results Check the results of the configuration user switch show ...

Page 2422: ...terface in one of the VLANs Overview and Topology In a standard Layer 2 network a multicast stream received on one VLAN is never distributed to interfaces outside that VLAN If hosts in multiple VLANs request the same multicast stream a separate copy of that multicast stream is distributed to the requesting VLANs MVR introduces the concept of a multicast source VLAN MVLAN which is created by MVR an...

Page 2423: ...router which in turn forwards the IPTV multicast traffic in the MVLAN to the Layer 2 network Figure 45 on page 2328 shows the MVR topology in transparent mode Interfaces P1 and P2 on Switch C belong to service VLAN s0 and MVLAN mv0 Interface P4 of Switch C also belongs to service VLAN s0 In the upstream direction of the network only non IPTV traffic is being carried in individual customer VLANs of...

Page 2424: ...rk only non IPTV traffic is being carried on customer VLAN c0 Any IPTV traffic requested by hosts on VLAN c0 is replicated untagged to port P4 based on streams received in MVLAN mv0 IPTV traffic flows from port P4 out to an IPTV enabled device in Host 1 Other traffic such as data and voice traffic also flows from port P4 to other network devices in Host 1 Copyright 2010 Juniper Networks Inc 2328 C...

Page 2425: ...nto the switch terminal window To quickly configure MVR in transparent mode the default mode do not copy and paste the final command line in the following block of lines edit protocols igmp snooping set vlan mv0 data forwarding source groups 225 10 0 0 16 set vlan v2 data forwarding receiver source vlans mv0 set vlan v2 data forwarding receiver install set vlan mv0 proxy source address 10 1 1 1 23...

Page 2426: ... data forwarding receiver install 4 Optional Configure MVR in proxy mode edit protocols igmp snooping user switch set vlan mv0 proxy source address 10 1 1 1 Results Check the results of the configuration edit protocols igmp snooping user switch show vlan mv0 proxy source address 10 1 1 1 data forwarding source groups 225 10 0 0 16 vlan v2 data forwarding receiver source vlans mv0 install Related D...

Page 2427: ... that information to make intelligent multicast forwarding decisions and forward traffic to the intended destination interfaces You can configure IGMP snooping on one or more VLANs to allow the switch to examine IGMP packets and make forwarding decisions based on packet content By default IGMP snooping is enabled on EX Series switches NOTE You cannot configure IGMP snooping on a secondary VLAN To ...

Page 2428: ...Group Query Membership Timeout Value CLI Procedure on page 2335 show igmp snooping membership on page 2457 show igmp snooping route on page 2459 show igmp snooping statistics on page 2461 show igmp snooping vlans on page 2462 IGMP Snooping on EX Series Switches Overview on page 2315 Configuring IGMP Snooping J Web Procedure IGMP snooping regulates multicast traffic in a switched network With IGMP ...

Page 2429: ...uration or click Cancel to cancel without saving changes To disable IGMP snooping on a VLAN select the VLAN from the list and click Disable Table 301 IGMP Snooping Configuration Fields Your Action Function Field Select a VLAN from the list to add it to the snooping configuration Specifies the VLAN on which to enable IGMP snooping VLAN Name To enable the option select the check box To disable the o...

Page 2430: ... the IGMP snooping configuration Remove Deletes an interface configured for IGMP snooping Statically configures an interface as a switching interface toward a multicast router the interface to receive multicast traffic Interfaces List Related Documentation Example Configuring IGMP Snooping on EX Series Switches on page 2323 Configuring IGMP Snooping CLI Procedure on page 2331 Changing the IGMP Sno...

Page 2431: ...value you reset the query interval and query response interval values at the editprotocolsigmp hierarchy level Notice that you are not resetting the values at the edit protocols igmp snooping hierarchy level When you reset these values the IGMP snooping configuration inherits the new values and recalculates the group membership timeout value accordingly For more information on changing these value...

Page 2432: ...N If a VLAN is an MVR receiver VLAN for multiple MVLANs all of the MVLANs must have proxy mode enabled or all must have proxy mode disabled You can enable proxy mode only on VLANs that are configured as MVR source VLANs and that are not configured for Q in Q tunneling After you configure a VLAN as an MVLAN that VLAN is no longer available for other uses To configure MVR 1 Configure the VLAN named ...

Page 2433: ...uring Multicast VLAN Registration on EX Series Switches on page 2326 Understanding Multicast VLAN Registration on EX Series Switches on page 2320 2337 Copyright 2010 Juniper Networks Inc Chapter 77 Configuring IGMP Snooping and Multicast ...

Page 2434: ...Copyright 2010 Juniper Networks Inc 2338 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2435: ...ls in the CLI enter the following commands show igmp snooping vlans show igmp snooping statistics show igmp snooping route Meaning Table 302 on page 2339 summarizes the IGMP snooping details displayed Table 302 Summary of IGMP Snooping Output Fields Values Field IGMP Snooping Monitor The VLAN for which IGMP snooping is enabled VLAN Indicates the interfaces configured as switching interfaces that a...

Page 2436: ...ccounting interface vlan 43 version 2 Display the IGMP snooping membership information which contains the group query timeout value that was derived from the IGMP configuration user switch show show igmp snooping membership detail VLAN v43 Tag 43 Index 4 Group 225 0 0 1 Receiver count 1 Flags v2 hosts ge 0 0 15 0 Uptime 00 00 05 timeout 350 Meaning When you enable IGMP snooping on a switch the que...

Page 2437: ...nt from the default values The output from the show igmp snooping membership detail command shows the revised group query timeout value 350 which was derived from the new IGMP configuration settings Related Documentation Changing the IGMP Snooping Group Query Membership Timeout Value CLI Procedure on page 2335 2341 Copyright 2010 Juniper Networks Inc Chapter 78 Verifying IGMP Snooping and Multicas...

Page 2438: ...Copyright 2010 Juniper Networks Inc 2342 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2439: ...thentication profile name profile name interface all interface names disable guest vlan vlan id vlan name mac radius restrict maximum requests number no reauthentication quiet period seconds reauthentication interval seconds retries number server fail deny permit use cache vlan id vlan name server reject vlan vlan id vlan name server timeout seconds supplicant multiple single single secure supplic...

Page 2440: ...limit multicast router interface static group ip address proxy query interval seconds query last member interval seconds query response interval seconds robust count number lldp disable advertisement interval seconds hold multiplier number interface all interface name disable lldp configuration notification interval seconds management address ip management address ptopo configuration maximum hold ...

Page 2441: ...on address hostname strict loose mstp disable bpdu block on edge bridge priority priority configuration name name forward delay seconds hello time seconds interface all interface name disable bpdu timeout action block alarm cost cost edge mode mode no root port priority priority max age seconds max hops hops msti msti id vlan vlan id vlan name interface interface name disable cost cost edge mode m...

Page 2442: ...ectivity fault management action profile profile name default actions interface down linktrace age 30m 10m 1m 30s 10s path database size path database size maintenance domain domain name level number mip half function none default explicit name format character string none dns mac 2oct maintenance association ma name continuity check hold interval minutes interval 10m 10s 1m 1s 100ms loss threshol...

Page 2443: ...loopback event thresholds frame errorcount frame period count frame period summary count symbol period count negotiation options allow remote loopback no allow link events rstp disable bpdu block on edge bridge priority priority forward delay seconds hello time seconds interface all interface name disable bpdu timeout action block alarm cost cost edge mode mode no root port priority priority max a...

Page 2444: ...me seconds interface all interface name disable bpdu timeout action block alarm cost cost edge mode mode no root port priority priority max age seconds traceoptions file filename files number size size no stamp world readable no world readable flag flag vstp bpdu block on edge disable force version stp vlan all vlan id vlan name bridge priority priority forward delay seconds hello time seconds int...

Page 2445: ...ding 802 1X and LLDP and LLDP MED on EX Series Switches on page 2540 Understanding MSTP for EX Series Switches on page 1521 Understanding Multiple VLAN Registration Protocol MVRP on EX Series Switches on page 1296 Understanding Ethernet OAM Connectivity Fault Management for an EX Series Switch on page 3763 Understanding Ethernet OAM Link Fault Management for an EX Series Switch on page 3725 Unders...

Page 2446: ... to the configuration Related Documentation Recording IGMP Join and Leave Events accounting Protocol Syntax accounting Hierarchy Level edit logical systems logical system name protocols igmp edit protocols igmp Release Information Statement introduced in Junos OS Release 8 5 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Enable the collection of IGMP join and leave...

Page 2447: ...dp sa Optional Forward MSDP SAs to this address Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration address Local RPs Syntax address address Hierarchy Level edit logical systems logical system name protocols pim rp local family inet inet6 editlogical systemslogical system namerouting instancesrouting instance namep...

Page 2448: ... rp local family inet inet6 Release Information Statement introduced in Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure properties for anycast RP using PIM The remaining statements are explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configura...

Page 2449: ...ugh the rendezvous point tree RPT and shortest path tree SPT PIM assert messages help routing devices determine which routing device forwards the traffic and prunes the RPT for this group By default routing devices enter an assert cycle every 180 seconds You can configure this assert timeout to be between 5 and 210 seconds Options seconds Time for routing device to wait before another assert messa...

Page 2450: ...ement and discovery Options announce Configures the routing device to listen only for mapping packets and also to advertise itself if it is an RP discovery Configures the routing device to listen only for mapping packets mapping Configures the routing device to announce listens for and generates mapping packets and announces that the routing device is eligible to be an RP The remaining statement i...

Page 2451: ...ation Configuring PIM Bootstrap Properties bootstrap export Syntax bootstrap export policy names Hierarchy Level edit logical systems logical system name protocols pim rp editlogical systemslogical system namerouting instancesrouting instance nameprotocols pim rp edit protocols pim rp edit routing instances routing instance name protocols pim rp Release Information Statement introduced before Juno...

Page 2452: ...se 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Apply one or more import policies to control incoming PIM bootstrap messages Options policy names Name of one or more import policies Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Configuring PIM Boots...

Page 2453: ...re whether this routing device is eligible to be a bootstrap router In the case of a tie the routing device with the highest IP address is elected to be the bootstrap router Options number Priority for becoming the bootstrap router A value of 0 means that the routing device is not eligible to be the bootstrap router Range 0 through 255 Default 0 Required Privilege Level routing To view this statem...

Page 2454: ...st have exactly one source statement or exactly one receiver statement A data forwarding VLAN can operate only in IGMPv2 mode The remaining statements are explained separately Default Disabled Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation edit protocols Configuration Statement Hierarchy ...

Page 2455: ...ted Documentation Configuring PIM Sparse Dense Mode Properties disable Syntax disable interface interface name Hierarchy Level edit protocols igmp snooping vlan vlan id vlan name Release Information Statement introduced in Junos OS Release 9 2 for EX Series switches Description Disable IGMP snooping on all interfaces in a VLAN or on a specific VLAN interface Default If you do not specify an interf...

Page 2456: ...otocols pim rp local family inet inet6 edit routing instances routing instance name protocols pim edit routing instances routing instance name protocols pim family inet inet6 edit routing instances routing instance name protocols pim interface interface name edit routing instances routing instance name protocols pim rp local family inet inet6 Release Information Statement introduced before Junos O...

Page 2457: ...gical system name protocols pim editlogical systemslogical system namerouting instancesrouting instance nameprotocols pim edit protocols pim edit routing instances routing instance name protocols pim Release Information Statement introduced in Junos OS Release 9 1 Statement introduced in Junos OS Release 9 1 for EX Series switches Description Enable PIM designated router DR election on point to po...

Page 2458: ...ing on a PIM RP or DR rp register policy on page 2403 embedded rp Syntax embedded rp group ranges destination ip prefix prefix length maximum rps limit Hierarchy Level edit logical systems logical system name protocols pim rp editlogical systemslogical system namerouting instancesrouting instance nameprotocols pim rp edit protocols pim rp edit routing instances routing instance name protocols pim ...

Page 2459: ...lease Information Statement introduced in Junos OS Release 7 6 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Apply one or more export policies to control outgoing PIM bootstrap messages Options policy names Name of one or more import policies Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the c...

Page 2460: ...os OS Release 7 6 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure which IP protocol type bootstrap properties to apply Options inet Apply IP version 4 IPv4 local RP properties inet6 Apply IPv6 local RP properties The remaining statements are explained separately Required Privilege Level routing To view this statement in the configuration routing control To...

Page 2461: ...s pim rp local Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure which IP protocol type local RP properties to apply Options inet Apply IP version 4 IPv4 local RP properties inet6 Apply IPv6 local RP properties The remaining statements are explained separately Required Privilege Level routi...

Page 2462: ...onfiguration Related Documentation Configuring PIM Sparse Mode Graceful Restart group Syntax group ip address Hierarchy Level edit protocols igmp snooping vlan vlan id vlan name interface interface name static Release Information Statement introduced in Junos OS Release 9 1 for EX Series switches Description Configure a static multicast group using a valid IP multicast address Default None Options...

Page 2463: ...n Junos OS Release 9 0 for EX Series switches Description Specify the IGMP multicast group address and optionally the source address for the multicast group being statically configured on an interface NOTE You must specify a unique address for each group The remaining statements are explained separately Required Privilege Level routing To view this statement in the configuration routing control To...

Page 2464: ...roup limits are configured Options limit Number that represents the maximum number of multicast groups allowed on the specified interface Range 0 through 65535 Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Configuring IGMP Snooping on EX Series Switches on page 2323 Configuring I...

Page 2465: ... static address address Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure the address ranges of the multicast groups for which this routing device can be an RP Default The routing device is eligible to be the RP for all IPv4 or IPv6 groups 224 0 0 0 4 or FF70 12 to FFF0 12 Options destinati...

Page 2466: ...dure on page 2336 hello interval Syntax hello interval seconds Hierarchy Level edit logical systems logical system name protocols pim interface interface name editlogical systemslogical system namerouting instancesrouting instance nameprotocols pim interface interface name edit protocols pim interface interface name edit routing instances routing instance name protocols pim interface interface nam...

Page 2467: ...ries switches Description Specify the time period for which a neighbor is to consider the sending routing device this routing device to be operative up Options seconds Hold time Range 0 through 255 Default 0 seconds Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Configuring Local PIM RPs ...

Page 2468: ...onds robust count number Hierarchy Level edit protocols Release Information Statement introduced in Junos OS Release 9 1 for EX Series switches Description Enable and configure IGMP snooping on EX Series switches The remaining statements are explained separately Default IGMP snooping is enabled by default Required Privilege Level routing To view this statement in the configuration routing control ...

Page 2469: ...e switch through the same interface and one of the hosts sends a leave message the switch removes all hosts on the interface from the multicast group The switch loses contact with the hosts in the multicast group that did not send a leave message until they send join requests in response to the next general multicast listener query from the router Default The immediate leave feature is disabled Re...

Page 2470: ...device suppresses the sending of group and source queries but relies on the Junos OS supported host tracking mechanism to determine whether or not it removes a particular source group membership from the interface NOTE When issuing this command on IGMPv2 interfaces ensure that the IGMP interface has only one IGMP host connected If more than one IGMPv2 host is connected to a LAN through the same in...

Page 2471: ...ion Configuring PIM Bootstrap Properties export Bootstrap on page 2363 import PIM Syntax import policy names Hierarchy Level edit logical systems logical system name protocols pim editlogical systemslogical system namerouting instancesrouting instance nameprotocols pim edit protocols pim edit routing instances routing instance name protocols pim Release Information Statement introduced before Juno...

Page 2472: ...g To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Configuring the PIM SPT Threshold Policy install Syntax install Hierarchy Level edit protocols igmp snooping vlan vlan id vlan number data forwarding receiver Release Information Statement introduced in Junos OS Release 9 6 for EX Series switches Description Install forwar...

Page 2473: ...e nameprotocols pim edit protocols pim edit routing instances routing instance name protocols pim Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Enable PIM on an interface and configure interface specific properties Options interface name Name of the interface Specify the full interface name inclu...

Page 2474: ... configure interface specific properties The remaining statements are explained separately Default None Options interface name Name of the interface Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation show igmp snooping vlans on page 2462 Example Configuring IGMP Snooping on EX Series Switches...

Page 2475: ... in Junos OS Release 9 0 for EX Series switches Description Enable IGMP on an interface and configure interface specific properties Options interface name Name of the interface Specify the full interface name including the physical and logical address components To configure all interfaces you can specify all For details about specifying interfaces see the Junos Network Interfaces Configuration Gu...

Page 2476: ...9 0 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Enable load balancing of PIM join messages across interfaces and routing devices Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Configuring PIM Join Load Balancing clear pim join distribution in the Protoc...

Page 2477: ...uting instance nameprotocols pim rp edit protocols pim rp edit routing instances routing instance name protocols pim rp Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches The remaining statements are explained separately Description Configure the routing device s RP properties Required Privilege Level routing To ...

Page 2478: ...nt introduced in Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure the routing device s local address for anycast rendezvous point RP If this statement is omitted the router ID is used as this address Options address Anycast RP IPv4 or IPv6 address depending on family configuration Required Privilege Level routing To view this statement ...

Page 2479: ...r EX Series switches Description Configure the routing device s mapping announcements as a mapping agent Options mapping agent election Mapping agents do not announce mappings when receiving mapping messages from a higher addressed mapping agent no mapping agent election Mapping agents always announce mappings and do not perform mapping agent election Default mapping agent election Required Privil...

Page 2480: ...ment introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Limit the number of RPs that the routing device acknowledges Options limit Number of RPs Range 1 through 500 Default 100 Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentati...

Page 2481: ...outing control To add this statement to the configuration Related Documentation Configuring PIM Dense Mode Properties Configuring PIM Sparse Dense Mode Properties Junos Multicast Protocols Configuration Guide multicast router interface Syntax multicast router interface Hierarchy Level edit protocols igmp snooping vlan vlan id vlan name interface interface name Release Information Statement introdu...

Page 2482: ...8 2 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Apply a PIM interface level policy to filter neighbor IP addresses Options policy name Name of the policy that filters neighbor IP addresses For details about configuring policy statements see the Junos Policy Framework Configuration Guide Required Privilege Level routing To view this statement in the configuration...

Page 2483: ...mum interval milliseconds minimum receive interval milliseconds multiplier number version 0 1 automatic family inet inet6 disable hello interval seconds mode dense sparse sparse dense neighbor policy policy names override interval milliseconds priority number propagation delay milliseconds reset tracking bit version version join load balance join prune timeout nonstop routing override interval mil...

Page 2484: ...net inet6 address address anycast pim rp set address address forward msdp sa disable local address address group ranges destination ip prefix prefix length hold time seconds priority number rp register policy policy names spt threshold infinity policy names static address address version version group ranges destination ip prefix prefix length traceoptions file filename files number size size worl...

Page 2485: ...tement introduced in Junos OS Release 9 0 for EX Series switches Description Enable PIM on the routing device The statements are explained separately Default PIM is disabled on the routing device Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Configuring PIM Dense Mode Properties Configur...

Page 2486: ...iption Configure the routing device s likelihood to be elected as the bootstrap router Options number Routing device s priority for becoming the bootstrap router A higher value corresponds to a higher priority Range 0 through a 32 bit number Default 0 The routing device has the least likelihood of becoming the bootstrap router and sends packets with a priority of 0 Required Privilege Level routing...

Page 2487: ...9 0 for EX Series switches Description Configure the routing device s likelihood to be elected as the designated router Options number Routing device s priority for becoming the designated router A higher value corresponds to a higher priority Range 1 through a 32 bit number Default 1 The routing device has the least likelihood of becoming the designated router Required Privilege Level routing To ...

Page 2488: ...A lower value corresponds to a higher priority Range 0 through 255 Default 1 Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Configuring Local PIM RPs promiscuous mode Syntax promiscuous mode Hierarchy Level edit logical systems logical system name protocols igmp interface interface name e...

Page 2489: ... Options source address source address IP address of the source VLAN to act as proxy Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation edit protocols Configuration Statement Hierarchy on page 56 Example Configuring Multicast VLAN Registration on EX Series Switches on page 2326 Configuring Mu...

Page 2490: ...tion Configure how frequently the switch sends host query timeout messages to a multicast group Default 125 seconds Options seconds Number of seconds between host query timeout messages Range 1 through 1024 seconds Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Configuring IGMP Sn...

Page 2491: ...querier router sends general host query messages Options seconds Time interval Range 1 through 1024 Default 125 seconds Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Modifying the IGMP Host Query Message Interval query last member interval on page 2397 query response interval on page 239...

Page 2492: ... use Description Configure the interval between group specific query timeout messages sent by the switch Default 1 second Options seconds Amount of time between group specific query timeout messages Range 1 though 1024 seconds Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Configu...

Page 2493: ...group specific query messages Options seconds Time interval in fractions of a second or seconds Range 0 1 through 0 9 then in 1 second intervals 1 through 1024 Default 1 second Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Modifying the IGMP Last Member Query Interval query interval on p...

Page 2494: ...ength of time the switch waits to receive a response to a specific query message from a host Default 10 seconds Options seconds Number of seconds the switch waits to receive a response to a specific query message from a host Range 1 through 25 seconds Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Docu...

Page 2495: ...query interval on page 2395 query last member interval on page 2397 receiver Syntax receiver source vlans vlan list install Hierarchy Level edit protocols igmp snooping vlan vlan id vlan number data forwarding Release Information Statement introduced in Junos OS Release 9 6 for EX Series switches Description Configure a VLAN as a multicast receiver VLAN of the multicast VLAN MVLAN The remaining st...

Page 2496: ...iguration Related Documentation Configuring PIM Sparse Mode Graceful Restart rib group Syntax rib group group name Hierarchy Level edit logical systems logical system name protocols pim editlogical systemslogical system namerouting instancesrouting instance nameprotocols pim edit protocols pim edit routing instances routing instance name protocols pim Release Information Statement introduced befor...

Page 2497: ...Snooping on EX Series Switches on page 2323 Configuring IGMP Snooping CLI Procedure on page 2331 robust count Syntax robust count number Hierarchy Level edit logical systems logical system name protocols igmp edit protocols igmp Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Tune the expected pack...

Page 2498: ...refix length maximum rps limit local family inet inet6 disable address address anycast pim rp set address address forward msdp sa local address address group ranges destination ip prefix prefix length hold time seconds priority number rp register policy policy names static address address version version group ranges destination ip prefix prefix length Hierarchy Level edit logical systems logical ...

Page 2499: ...Configuration Guide rp register policy Syntax rp register policy policy names Hierarchy Level edit logical systems logical system name protocols pim rp editlogical systemslogical system namerouting instancesrouting instance nameprotocols pim rp edit protocols pim rp edit routing instances routing instance name protocols pim rp Release Information Statement introduced in Junos OS Release 7 6 Statem...

Page 2500: ...ement in the configuration routing control To add this statement to the configuration Related Documentation Example Configuring PIM Anycast with MSDP source Syntax source groups group prefix Hierarchy Level edit protocols igmp snooping vlan vlan number data forwarding Release Information Statement introduced in Junos OS Release 9 6 for EX Series switches Description Configure a VLAN to be a multic...

Page 2501: ...tation Enabling IGMP Static Group Membership source vlans Syntax source vlans vlan list Hierarchy Level edit protocols igmp snooping vlan vlan id vlan number data forwarding receiver Release Information Statement introduced in Junos OS Release 9 6 for EX Series switches Description Specify a list of multicast VLANs MVLANs from which this multicast receiver VLAN receives multicast traffic Either al...

Page 2502: ...value to infinity to prevent this transition for any source group address pair The remaining statements are explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Configuring the PIM SPT Threshold Policy ssm map Syntax ssm map ssm map name Hierarchy Level edit logical systems...

Page 2503: ...s The default static RP address is 224 0 0 0 4 To configure other addresses include one or more address statements You can configure a static RP in a logical system only if the logical system is not directly connected to a source For each static RP address you can optionally specify the PIM version and the groups for which this address can be the RP The default PIM version is version 1 The remaini...

Page 2504: ...e remaining statement is explained separately Default No multicast groups are statically defined Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Configuring IGMP Snooping on EX Series Switches on page 2323 Configuring IGMP Snooping CLI Procedure on page 2331 Copyright 2010 Juniper ...

Page 2505: ...efore Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Test multicast forwarding on an interface without a receiver host The remaining statements are explained separately Required Privilege Level routing and trace To view this statement in the configuration routing control and trace control To add this statement to the configuration Related Docum...

Page 2506: ...gle operation when you have defined a broad group of tracing operations such as all file filename Name of the file to receive the output of the tracing operation Enclose the name within quotation marks All files are placed in the directory var log We recommend that you place tracing output in the pim log file files number Optional Maximum number of trace files When a trace file named trace file re...

Page 2507: ...icy operations and actions route Routing table changes state State transitions task Interface transactions and processing timer Timer usage flag modifier Optional Modifier for the tracing flag You can specify one or more of these modifiers detail Detailed trace information receive Packets being received send Packets being transmitted no stamp Optional Do not place timestamp information at the begi...

Page 2508: ... overwritten If you specify a maximum file size you must also include the files statement to specify the maximum number of trace files Syntax xk to specify KB xm to specify MB or xg to specify GB Range 0 KB through the maximum file size supported on your system Default 1 MB world readable Optional Allow any user to read the log file Required Privilege Level routing and trace To view this statement...

Page 2509: ...xk to specify KB xm to specify MB or xg to specify gigabytes at which point the oldest trace file is overwritten If you specify a maximum number of files you also must specify a maximum file size with the size option Range 2 through 1000 Default 3 files flag flag Tracing operation to perform To specify more than one tracing operation include multiple flag statements You can include the following f...

Page 2510: ... If you specify a maximum number of files you also must specify a maximum file size with the files option Syntax xk to specify KB xm to specify MB or xg to specify gigabytes Range 10 KB through 1 gigabytes Default 128 KB world readable Optional Enable unrestricted file access Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the c...

Page 2511: ...u have defined a broad group of tracing operations such as all file filename Name of the file to receive the output of the tracing operation Enclose the name within quotation marks All files are placed in the directory var log We recommend that you place tracing output in the file igmp log files number Optional Maximum number of trace files When a trace file named trace file reaches its maximum si...

Page 2512: ...ormation at the beginning of each line in the trace file Default If you omit this option timestamp information is placed at the beginning of each line of the tracing output no world readable Optional Do not allow users to read the log file replace Optional Replace an existing trace file if there is one Default If you do not include this option tracing output is appended to an existing trace file s...

Page 2513: ...col Traffic version Syntax version version Hierarchy Level edit logical systems logical system name protocols igmp interface interface name edit protocols igmp interface interface name Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Specify the version of IGMP Options version IGMP version number Ra...

Page 2514: ...ddress edit routing instances routing instance name protocols pim interface interface name edit routing instances routing instance name protocols pim rp static address address Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Specify the version of PIM Options version PIM version number Range 1 or 2 ...

Page 2515: ...ement updated with enhanced CLI completion feature functionality in Junos OS Release 9 5 for EX Series switches Description Configure IGMP snooping parameters for a VLAN The remaining statements are explained separately TIP To display a list of all configured VLANs on the system including VLANs that are configured but not committed type after vlan or vlans in your configuration mode command line N...

Page 2516: ...o view this statement in the configuration routing control To add this statement to the configuration Related Documentation Configuring IGMP Snooping CLI Procedure on page 2331 IGMP Snooping on EX Series Switches Overview on page 2315 Copyright 2010 Juniper Networks Inc 2420 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2517: ...CHAPTER 80 Operational Mode Commands for IGMP Snooping and Multicast 2421 Copyright 2010 Juniper Networks Inc ...

Page 2518: ...onal Perform this operation on all logical systems or on a particular logical system Required Privilege Level clear Related Documentation show igmp group on page 2448 show igmp interface on page 2451 List of Sample Output clear igmp membership on page 2422 clear igmp membership interface on page 2423 clear igmp membership group on page 2423 Output Fields See show igmp group for an explanation of o...

Page 2519: ...al 224 0 0 6 null 0 local 224 0 0 5 null 0 local 224 2 127 254 null 0 local 239 255 255 255 null 0 local 224 0 0 2 null 0 local 224 0 0 13 null 0 user host clear igmp membership interface so 0 0 0 Clearing Group Membership Info for so 0 0 0 user host show igmp group Interface Group Last Reported Timeout local 224 0 0 6 null 0 local 224 0 0 5 null 0 local 224 2 127 254 null 0 local 239 255 255 255 ...

Page 2520: ...239 225 0 0 16 on so 2 0 0 user host show igmp group Interface Group Last Reported Timeout so 0 0 0 224 1 127 255 10 1 128 1 231 so 0 0 0 224 2 127 254 10 1 128 1 233 so 0 0 0 224 2 127 253 10 1 128 1 236 local 224 0 0 6 null 0 local 224 0 0 5 null 0 local 224 2 127 254 null 0 local 239 255 255 255 null 0 local 224 0 0 2 null 0 local 224 0 0 13 null 0 Copyright 2010 Juniper Networks Inc 2424 Compl...

Page 2521: ... 2454 List of Sample Output clear igmp statistics on page 2425 Output Fields See show igmp statistics for an explanation of output fields clear igmp statistics The following sample output displays IGMP statistics information before and after the clear igmp statistics command is entered clear igmp statistics user host show igmp statistics IGMP packet statistics for all interfaces IGMP Message type ...

Page 2522: ... Trace 0 0 0 V2 Membership Report 0 0 0 Group Leave 0 0 0 Mtrace Response 0 0 0 Mtrace Request 0 0 0 Domain Wide Report 0 0 0 V3 Membership Report 0 0 0 Other Unknown types 0 IGMP v3 unsupported type 0 IGMP v3 source required for SSM 0 IGMP v3 mode not applicable for SSM 0 IGMP Global Statistics Bad Length 0 Bad Checksum 0 Bad Receive If 0 Rx non local 0 Copyright 2010 Juniper Networks Inc 2426 Co...

Page 2523: ...eric tag identifier of the VLAN vlan vlan name Name of the VLAN Required Privilege Level view Related Documentation show igmp snooping membership on page 2457 List of Sample Output clear igmp snooping membership on page 2427 clear igmp snooping membership user switch clear igmp snooping membership vlan employee vlan clear igmp snooping membership 2427 Copyright 2010 Juniper Networks Inc Chapter 80...

Page 2524: ...stics Required Privilege Level view Related Documentation show igmp snooping statistics on page 2461 List of Sample Output clear igmp snooping statistics on page 2428 clear igmp snooping statistics user switch clear igmp snooping statistics clear igmp snooping statistics Copyright 2010 Juniper Networks Inc 2428 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2525: ...e If you do not specify an instance the command applies to the master routing instance interface interface name Optional Examines the corresponding outbound interface in the relevant entries and acts as follows If the interface is congested and it was admitted previously it is removed If the interface was rejected previously the clear multicast bandwidth admission command enables the interface to ...

Page 2526: ... command you are provided feedback on the status of your request clear multicast bandwidth admission user host clear multicast bandwidth admission clear multicast bandwidth admission Copyright 2010 Juniper Networks Inc 2430 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2527: ...cope statistics for IPv4 family addresses inet6 Optional Clear multicast scope statistics for IPv6 family addresses interface interface name Optional Clear multicast scope statistics on a specific interface logical system all logical system name Optional Perform this operation on all logical systems or on a particular logical system Required Privilege Level clear Related Documentation show multica...

Page 2528: ...m name Optional Perform this operation on all logical systems or on a particular logical system regular expression Optional Clear only multicast sessions that contain the specified regular expression Required Privilege Level clear Related Documentation show multicast sessions on page 2486 List of Sample Output clear multicast sessions on page 2432 Output Fields When you enter this command you are ...

Page 2529: ...icast statistics for IPv4 family addresses inet6 Optional Clear multicast statistics for IPv6 family addresses instance instance name Optional Clear multicast statistics for the specified instance interface interface name Optional Clear multicast statistics on a specific interface logical system all logical system name Optional Perform this operation on all logical systems or on a particular logic...

Page 2530: ...ional Clear the PIM join and prune states for IPv4 or IPv6 family addresses respectively instance instance name Optional Clear the join and prune states for a specific PIM enabled routing instance logical system all logical system name Optional Perform this operation on all logical systems or on a particular logical system AdditionalInformation The clear pim join command cannot be used to clear th...

Page 2531: ...es respectively instance instance name Optional Clear register message counters for a specific PIM enabled routing instance interface interface name Optional Clear PIM register message counters for a specific interface logical system all logical system name Optional Perform this operation on all logical systems or on a particular logical system AdditionalInformation The clear pim register command ...

Page 2532: ...e interface interface name Optional Clear PIM statistics for a specific interface logical system all logical system name Optional Perform this operation on all logical systems or on a particular logical system AdditionalInformation The clear pim statistics command cannot be used to clear the PIM statistics on a backup Routing Engine when nonstop active routing is enabled Required Privilege Level c...

Page 2533: ...d Checksum 0 Bad Receive If 0 Rx Intf disabled 2007 Rx V1 Require V2 0 Rx Register not RP 0 RP Filtered Source 0 Unknown Reg Stop 0 Rx Join Prune no state 1040 Rx Graft Graft Ack no state 0 user host clear pim statistics user host show pim statistics PIM statistics on all interfaces PIM Message type Received Sent Rx errors Hello 0 0 0 Register 0 0 0 Register Stop 0 0 0 Join Prune 0 0 0 Bootstrap 0...

Page 2534: ...urce on page 2439 Output Fields Table303onpage2438describestheoutputfieldsforthemtrace command Outputfields are listed in the approximate order in which they appear Table 303 mtrace Output Fields Field Description Field Name IP address of the receiver Mtrace from IP address of the source to IP address of the multicast group if any via group Indicates the full reverse path query has begun Querying ...

Page 2535: ...ce 0 routerA lab mycompany net 192 1 1 2 1 routerB lab mycompany net 192 1 2 2 PIM thresh 1 2 routerC lab mycompany net 192 1 3 2 PIM thresh 1 3 hostA lab mycompany net 192 1 4 2 Round trip time 2 ms total ttl of 2 required 2439 Copyright 2010 Juniper Networks Inc Chapter 80 Operational Mode Commands for IGMP Snooping and Multicast ...

Page 2536: ...number between 0 and 255 group group Optional Group address for which to trace the path The default group address is 0 0 0 0 interval interval Optional Number of seconds to wait before gathering statistics again The default value is 10 seconds loop Optional Loop indefinitely displaying rate and loss statistics max hops max hops Optional Maximum hops to trace toward source The range of values is 0 ...

Page 2537: ...ld Name IP address of the receiver Mtrace from IP address of the source to IP address of the multicast group if any via group Indicates the full reverse path query has begun Querying full reverse path Number of hops from the source to the named router or switch number of hops Name of the router or switch for this hop router name Address of the router or switch for this hop address Protocol used fo...

Page 2538: ...esh 1 2 routerC lab mycompany net 192 1 3 2 PIM thresh 1 3 hostA lab mycompany net 192 1 4 2 Round trip time 2 ms total ttl of 2 required Waiting to accumulate statistics Results after 10 seconds Source Response Dest Overall Packet Statistics For Traffic From 192 1 4 2 192 1 1 2 Packet 192 1 4 2 To 225 1 1 1 v __ rtt 2 ms Rate Lost Sent Pct Rate 192 1 2 1 192 1 3 2 routerC lab mycompany net v ttl ...

Page 2539: ...put fields for the mtrace monitor command Output fields are listed in the approximate order in which they appear Table 305 mtrace monitor Output Fields Field Description Field Name Date and time of the query Mtrace query at Address of the host issuing the query by Response destination resp to Query ID number qid IP address of the query source and default group destination packet from to IP address...

Page 2540: ...2 to 224 0 0 2 from 192 1 3 2 to 192 1 3 38 via group 224 1 1 1 mxhop 60 Mtrace query at Oct 22 13 36 20 by 192 1 3 2 resp to same qid 2fea1d packet from 192 1 3 2 to 224 0 0 2 from 192 1 3 2 to 192 1 3 38 via group 224 1 1 1 mxhop 60 Mtrace query at Oct 22 13 36 30 by 192 1 3 2 resp to same qid 7c88ad packet from 192 1 3 2 to 224 0 0 2 from 192 1 3 2 to 192 1 3 38 via group 224 1 1 1 mxhop 60 Cop...

Page 2541: ... hops to take after reaching a nonresponsive router or switch You can specify a number between 0 and 255 group group Optional Group address for which to trace the path The default group address is 0 0 0 0 interface interface name Optional Source address for sending the trace query interval interval Optional Number of seconds to wait before gathering statistics again The default value is 10 loop Op...

Page 2542: ...y Output Fields Field Description Field Name IP address of the receiver Mtrace from IP address of the source to IP address of the multicast group if any via group Indicates the full reverse path query has begun Querying full reverse path Number of hops from the source to the named router or switch number of hops Name of the router or switch for this hop router name Address of the router or switch ...

Page 2543: ... routerC lab mycompany net 192 1 3 2 PIM thresh 1 Round trip time 2 ms total ttl of 3 required 2447 Copyright 2010 Juniper Networks Inc Chapter 80 Operational Mode Commands for IGMP Snooping and Multicast ...

Page 2544: ...ired Privilege Level view Related Documentation clear igmp membership on page 2422 List of Sample Output show igmp group Include Mode on page 2449 show igmp group Exclude Mode on page 2450 show igmp group brief on page 2450 show igmp group detail on page 2450 Output Fields Table 307 on page 2448 describes the output fields for the show igmp group command Output fields are listed in the approximate...

Page 2545: ...f group membership Dynamic Host reported the membership Static Membership is configured Type show igmp group Include Mode user host show igmp group Interface t1 0 1 0 0 Group 232 1 1 1 show igmp group Include Mode Group mode Include Source 10 0 0 2 Last reported by 10 9 5 2 Timeout 24 Type Dynamic Group 232 1 1 1 Group mode Include Source 10 0 0 3 Last reported by 10 9 5 2 Timeout 24 Type Dynamic ...

Page 2546: ...pe Dynamic Group 232 1 1 1 Group mode Include Source 10 0 0 3 Source timeout 12 Last reported by 10 9 5 2 Group timeout 0 Type Dynamic Group 232 1 1 1 Group mode Include Source 10 0 0 4 Source timeout 12 Last reported by 10 9 5 2 Group timeout 0 Type Dynamic Group 232 1 1 2 Group mode Include Source 10 0 0 4 Source timeout 12 Last reported by 10 9 5 2 Group timeout 0 Type Dynamic Interface t1 0 1 ...

Page 2547: ...logical systems or on a particular logical system Required Privilege Level view Related Documentation clear igmp membership on page 2422 List of Sample Output show igmp interface on page 2453 show igmp interface brief on page 2453 show igmp interface detail on page 2453 Output Fields Table 308 on page 2451 describes the output fields for the showigmpinterface command Output fields are listed in th...

Page 2548: ...leaves Off Indicates that the router can run IGMP on the interface and send or receive control traffic such as IGMP reports queries and leaves The passive statement enables you to selectively activate up to two out of a possible three available query or control traffic options When enabled the following options appear after the on state declaration send general query The interface sends general qu...

Page 2549: ... Groups 2 Interface so 1 0 1 0 Querier 10 111 20 1 State Up Timeout None Version 2 Groups 4 Immediate Leave On Promiscuous Mode Off Configured Parameters IGMP Query Interval 125 0 IGMP Query Response Interval 10 0 IGMP Last Member Query Interval 1 0 IGMP Robustness Count 2 Derived Parameters IGMP Membership Timeout 260 0 IGMP Other Querier Present Timeout 255 0 show igmp interface brief The output...

Page 2550: ...fied interface only logical system all logical system name Optional Perform this operation on all logical systems or on a particular logical system Required Privilege Level view Related Documentation clear igmp statistics on page 2425 List of Sample Output show igmp statistics on page 2455 show igmp statistics interface on page 2456 Output Fields Table309onpage2454describestheoutputfieldsforthesho...

Page 2551: ...for SSM Number of IGMP version 3 messages received that did not contain a mode applicable for source specific multicast SSM IGMP Message type Number of messages received Received Number of messages sent Sent Number of received packets that contained errors Rx errors Summary of IGMP statistics for all interfaces Bad Length Number of messages received with length errors so severe that further classi...

Page 2552: ...Bad Length 0 Bad Checksum 0 Bad Receive If 0 Rx non local 1227 Timed out 0 Rejected Report 0 Total Interfaces 2 show igmp statistics interface user host show igmp statistics interface fe 1 0 1 0 IGMP interface packet statistics for fe 1 0 1 0 IGMP Message type Received Sent Rx errors Membership Query 0 230 0 V1 Membership Report 0 0 0 Copyright 2010 Juniper Networks Inc 2456 Complete Software Guid...

Page 2553: ...oping statistics on page 2461 show igmp snooping vlans on page 2462 Monitoring IGMP Snooping on page 2339 Configuring IGMP Snooping CLI Procedure on page 2331 Configuring IGMP Snooping J Web Procedure on page 2332 List of Sample Output show igmp snooping membership on page 2458 show igmp snooping membership detail on page 2458 Output Fields Table 310 on page 2457 lists the output fields for the sh...

Page 2554: ...group Receivercount Numberofinterfacesthathavemembershipinamulticast group Flags IGMP version of the host sending a join message Include source Source addresses from which multicast streams are allowed based on IGMPv3 reports Shown only for IGMPv3 joins Group show igmp snooping membership user switch show igmp snooping membership VLAN vlan24 224 1 1 1 show igmp snooping membership Interfaces ge 0 ...

Page 2555: ...nd the Layer 2 next hop vlan vlan id vlan name Optional Display route information for the specified VLAN Required Privilege Level view Related Documentation show igmp snooping statistics on page 2461 show igmp snooping vlans on page 2462 List of Sample Output show igmp snooping route on page 2460 show igmp snooping route inet detail IPv6 Multicast Route on page 2460 show igmp snooping route vlan v...

Page 2556: ...1 1 3 534 Interfaces ge 0 0 13 0 ge 0 0 0 0 show igmp snooping route inet detail IPv6 Multicast Route user switch show igmp snooping route inet detail Routing table 0 Group ff0e 1 ff05 1a3d 2001 ee0 81ff ee05 1a2e Routing next hop 587 vlan 42 Interface vlan 42 VLAN v42 Layer 2 next hop 506 show igmp snooping route vlan v1 user switch show igmp snooping route vlan v1 Table 0 VLAN Group Next hop v1 ...

Page 2557: ...MP packet has illegal or bad length Bad length IGMP or IP checksum is incorrect Bad checksum Packet was received through an invalid interface Invalid interface Unknown IGMP type Receive unknown Number of timeouts for all multicast groups Timed out Type of IGMP message Query Report Leave or Other IGMP Type Number of IGMP packets received Received Number of IGMP packets transmitted Transmitted Numbe...

Page 2558: ...63 show igmp snooping vlans vlan v10 detail on page 2463 Output Fields Table313 on page2462liststhe output fieldsforthe showigmp snoopingvlans command Output fields are listed in the approximate order in which they appear Table 313 show igmp snooping vlans Output Fields Level of Output Field Description Field Name All levels Name of the VLAN VLAN All levels Number of interfaces in the VLAN Interfa...

Page 2559: ... VLAN Interfaces Groups MRouters Receivers default 0 0 0 0 show igmp snooping vlans v1 11 50 0 0 v10 1 0 0 0 v11 1 0 0 0 v180 3 0 1 0 v181 3 0 0 0 v182 3 0 0 0 show igmp snooping vlans vlan v10 user switch show igmp snooping vlans vlan v10 user switch show igmp snooping vlans vlan v10 VLAN Interfaces Groups MRouters Receivers v10 1 0 0 0 show igmp snooping vlans vlan v10 detail user switch show ig...

Page 2560: ...w multicast flow map detail on page 2465 Output Fields Table 314 on page 2464 describes the output fields for the show multicast flow map command Output fields are listed in the approximate order in which they appear Table 314 show multicast flow map Output Fields Levels of Output Field Description Field Name All levels Name of the flow map Name All levels Name of the policy associated with the fl...

Page 2561: ...ow multicast flow map detail user host show multicast flow map detail Instance master Flow map map1 show multicast flow map detail Policy policy1 Cache Timeout 600 seconds Bandwidth 2000000 Adaptive Bandwidth yes Redundant Sources 11 11 11 11 Redundant Sources 11 11 11 12 Redundant Sources 11 11 11 13 2465 Copyright 2010 Juniper Networks Inc Chapter 80 Operational Mode Commands for IGMP Snooping a...

Page 2562: ... fields for the show multicast interface command Output fields are listed in the approximate order in which they appear Table 315 show multicast interface Output Fields Field Description Field Name Name of the multicast interface Interface Maximum bandwidth setting in bits per second for this interface Maximumbandwidth bps Amount of bandwidth in bits per second remaining on the interface Remaining...

Page 2563: ... mapping NOTE This field does not appear in the output when the no QoS adjustment feature is disabled Reverse OIF mapping no QoS adjustment Amount of time a mapped interface remains active after the last mapping ends NOTE This field does not appear in the output when the no QoS adjustment feature is disabled Leave timer State on of the no QoS adjustment feature when this feature is enabled NOTE Th...

Page 2564: ...lticast mrinfo Output Fields Field Description Field Name Query address hostname DNS name or IP address of the source address and multicast protocol version or the software version of another vendor source address Queried router interface address and directly attached neighbor interface address respectively ip address 1 ip address 2 Name or IP address of neighbor name or ip address Neighbor s mult...

Page 2565: ...92 168 195 166 0 0 0 0 local 1 0 pim querier leaf show multicast mrinfo 10 38 20 1 0 0 0 0 local 1 0 pim querier leaf 10 47 1 1 10 47 1 2 10 47 1 2 1 5 pim 0 0 0 0 0 0 0 0 local 1 0 pim down 2469 Copyright 2010 Juniper Networks Inc Chapter 80 Operational Mode Commands for IGMP Snooping and Multicast ...

Page 2566: ...35 inet inet6 Optional Display entries for IPv4 or IPv6 family addresses respectively logical system all logical system name Optional Perform this operation on all logical systems or on a particular logical system Required Privilege Level view List of Sample Output show multicast next hops on page 2471 show multicast next hops brief on page 2471 show multicast next hops detail on page 2471 Output ...

Page 2567: ...2 1 mt 1 1 0 32769 Family INET6 show multicast next hops brief The output for the show multicast next hops brief command is identical to that for the show multicast next hops command For sample output see show multicast next hops on page 2471 show multicast next hops detail The output for the show multicast next hops detail command is identical to that for the show multicast next hops command For ...

Page 2568: ...ystem name Optional Perform this operation on all logical systems or on a particular logical system Required Privilege Level view List of Sample Output show multicast pim to igmp proxy on page 2472 show multicast pim to igmp proxy instance on page 2473 Output Fields Table 318 on page 2472 describes the output fields for the show multicast pim to igmp proxy command Output fields are listed in the o...

Page 2569: ...proxy instance user host show multicast pim to igmp proxy instance VPN A Instance VPN A Proxy state enabled ge 0 1 0 1 2473 Copyright 2010 Juniper Networks Inc Chapter 80 Operational Mode Commands for IGMP Snooping and Multicast ...

Page 2570: ...ogical system name Optional Perform this operation on all logical systems or on a particular logical system Required Privilege Level view List of Sample Output show multicast pim to mld proxy on page 2474 show multicast pim to mld proxy instance on page 2475 Output Fields Table319onpage2474describestheoutputfieldsfortheshowmulticastpim to mld proxy command Output fields are listed in the order in ...

Page 2571: ...proxy instance user host show multicast pim to mld proxy instance VPN A Instance VPN A Proxy state enabled ge 0 5 0 1 2475 Copyright 2010 Juniper Networks Inc Chapter 80 Operational Mode Commands for IGMP Snooping and Multicast ...

Page 2572: ...multicast forwarding table for all routing instances brief detail extensive Optional Display the specified level of output active all inactive Optional Display all active entries all entries or all inactive entries respectively in the multicast forwarding table group group Optional Display the cache entries for a particular group inet inet6 Optional Display multicast forwarding table entries for I...

Page 2573: ...e at which packets are being forwarded for this source and group entry in Kbps and pps and number of packets that have been forwarded to this prefix If one or more of the kilobits per second packet forwarding statistic queries fails or times out the statistics field displays Forwarding statistics are not available Statistics detail extensive Next hop identifier of the prefix The identifier is retu...

Page 2574: ...st show multicast route detail Family INET Group 228 0 0 0 Source 10 255 14 144 32 Upstream interface local Downstream interface list so 1 0 0 0 Session description Unknown Statistics 8 kBps 100 pps 45272 packets Next hop ID 262142 Upstream protocol PIM Group 239 1 1 1 Source 10 255 14 144 32 Upstream interface local Downstream interface list so 1 0 0 0 Session description Administratively Scoped ...

Page 2575: ...Session description Administratively Scoped Statistics 0 kBps 0 pps 13404 packets Next hop ID 262142 Upstream protocol PIM Route state Active Forwarding state Forwarding Cache lifetime timeout 348 seconds Wrong incoming interface notifications 0 Group 239 1 1 1 Source 10 255 70 15 32 Upstream interface so 1 0 0 0 Downstream interface list mt 1 1 0 49152 Session description Administratively Scoped ...

Page 2576: ...t inet6 Optional Display the RPF calculation information for IPv4 or IPv6 family addresses respectively instance instance name Optional Display information about multicast RPF calculations for a specific multicast instance logical system all logical system name Optional Perform this operation on all logical systems or on a particular logical system prefix Optional Display the RPF calculation infor...

Page 2577: ...face Upstream RPF neighbor Neighbor show multicast rpf user host show multicast rpf Multicast RPF table inet 0 12 entries show multicast rpf 0 0 0 0 0 Protocol Static 10 255 14 132 32 Protocol Direct Interface lo0 0 10 255 245 91 32 Protocol IS IS Interface so 1 1 1 0 Neighbor 192 168 195 21 127 0 0 1 32 Inactive172 16 0 0 12 Protocol Static Interface fxp0 0 Neighbor 192 168 14 254 192 168 0 0 16 ...

Page 2578: ... Protocol Direct Interface so 1 1 1 0 192 168 195 22 128 Protocol Local 192 168 195 36 126 Protocol IS IS Interface so 1 1 1 0 Neighbor fe80 2a0 a5ff fe28 2e8c 192 168 195 76 126 Protocol Direct Interface fe 2 2 0 0 192 168 195 77 128 Protocol Local fe80 64 Protocol Direct Interface so 1 1 1 0 fe80 290 69ff fe0c 993a 128 Protocol Local fe80 2a0 a5ff fe12 84f 128 Protocol Direct Interface lo0 0 ff0...

Page 2579: ...es ff02 2 128 Protocol PIM ff02 d 128 Protocol PIM show multicast rpf summary user host show multicast rpf summary Multicast RPF table inet 0 16 entries Multicast RPF table inet6 0 12 entries 2483 Copyright 2010 Juniper Networks Inc Chapter 80 Operational Mode Commands for IGMP Snooping and Multicast ...

Page 2580: ...stance name Optional Display administratively scoped information for a specific multicast instance logical system all logical system name Optional Perform this operation on all logical systems or on a particular logical system Required Privilege Level view List of Sample Output show multicast scope on page 2485 show multicast scope inet on page 2485 show multicast scope inet6 on page 2485 Output F...

Page 2581: ...multicast scope inet user host show multicast scope inet Resolve Scope name Group Prefix Interface Rejects 232 net 232 232 0 0 16 fe 0 0 0 1 0 local 239 255 0 0 16 fe 0 0 0 1 0 show multicast scope inet6 user host show multicast scope inet6 Resolve Scope name Group Prefix Interface Rejects local ff05 16 fe 0 0 0 1 0 larry ff05 1234 128 fe 0 0 0 1 0 2485 Copyright 2010 Juniper Networks Inc Chapter ...

Page 2582: ...l logical system name Optional Perform this operation on all logical systems or on a particular logical system regular expression Optional Display information about announced sessions that match a UNIX style regular expression Required Privilege Level view List of Sample Output show multicast sessions on page 2487 show multicast sessions regular expression detail on page 2487 Output Fields Table 3...

Page 2583: ...lease contact the UO if you have problems with this feed Email Your Name Here multicast lists private edu Phone Your Name Here 888 555 1212 Bandwidth AS 1000 Start time permanent Stop time none Attribute type broadcast Attribute tool IP TV Content Manager 3 4 14 Attribute live capture 1 Attribute x iptv capture mp1s Media video 54302 RTP AVP 32 31 96 97 Connection Data 224 2 231 45 ttl 127 Attribu...

Page 2584: ...isplay usage information for IPv4 or IPv6 family addresses respectively instance instance name Optional Display information about the most active DVMRP or PIM groups for a specific multicast instance logical system all logical system name Optional Perform this operation on all logical systems or on a particular logical system Required Privilege Level view List of Sample Output show multicast usage...

Page 2585: ...10 255 14 144 32 2 66254 5561304 10 255 70 15 32 1 43 3374 show multicast usage brief The output for the show multicast usage brief command is identical to that for the show multicast usage command For sample output see show multicast usage on page 2489 show multicast usage instance user host show multicast usage instance VPN A Group Sources Packets Bytes 224 2 127 254 1 5538 509496 224 0 1 39 1 1...

Page 2586: ...p 228 0 0 0 Packets 53159 Bytes 4465356 Group 239 1 1 1 Packets 13407 Bytes 1122156 10 255 70 15 32 1 43 3374 Group 239 1 1 1 Packets 43 Bytes 3374 Copyright 2010 Juniper Networks Inc 2490 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2587: ... logical systems or on a particular logical system Required Privilege Level view List of Sample Output show pim bootstrap on page 2492 show pim bootstrap instance on page 2492 Output Fields Table 325 on page 2491 describes the output fields for the showpimbootstrap command Output fields are listed in the approximate order in which they appear Table 325 show pim bootstrap Output Fields Field Descri...

Page 2588: ... 0 feco 1 1 1 1 0 aff 785c 34 feco 1 1 1 1 0 aff 7c12 0 InEligible 0 show pim bootstrap instance user host show pim bootstrap instance VPN A Instance PIM VPN A BSR Pri Local address Pri State Timeout None 0 192 168 196 105 0 InEligible 0 Copyright 2010 Juniper Networks Inc 2492 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2589: ...pectively instance instance name Optional Display information about interfaces for a specific PIM enabled routing instance logical system all logical system name Optional Perform this operation on all logical systems or on a particular logical system Required Privilege Level view List of Sample Output show pim interfaces on page 2494 show pim interfaces inet on page 2495 show pim interfaces inet6 ...

Page 2590: ...arse is mapped to an RP and data packets are forwarded using PIM Sparse Mode PIM SM rules Mode Version number of the address family on the interface 4 IPv4 or 6 IPv6 IP PIM version running on the interface 1 or 2 V State of PIM on the interface DR Designated router NotDR Not the designated router P2P Point to point State Number of neighbors that have been seen on the interface NbrCnt Number of s g...

Page 2591: ... 20 2 lo0 0 Up Sparse 4 2 DR 0 0 0 10 255 72 54 pe 1 2 0 32769 Up Sparse 4 2 P2P 0 0 0 t1 0 1 0 0 Up Sparse 4 2 P2P 1 0 0 show pim interfaces inet6 user host show pim interfaces inet6 Instance PIM master Name Stat Mode IP V State NbrCnt JoinCnt sg JointCnt g DR address lo0 0 Up Sparse 6 2 DR 0 0 0 fe80 2a0 a5ff fe5e 209 2495 Copyright 2010 Juniper Networks Inc Chapter 80 Operational Mode Commands ...

Page 2592: ...isplay PIM group information for IPv4 or IPv6 family addresses respectively instance instance name Optional Display information about groups for the specified PIM enabled routing instance only logical system all logical system name Optional Perform this operation on all logical systems or on a particular logical system range Optional Address range of the group specified as prefix prefix length Req...

Page 2593: ...c state S G or toward the rendezvous point RP address for the non source specific state G Upstreaminterface Information about the upstream neighbor Direct Local Unknown or a specific IP address Upstreamneighbor Information about the upstream interface Join to RP Sending a join to the rendezvous point Join to Source Sending a join to the source LocalRP Sending neither joins nor prunes toward the RP...

Page 2594: ...y connected host Timeout is Infinity Timeout show pim join user host show pim join Instance PIM master Family INET R Rendezvous Point Tree S Sparse W Wildcard show pim join Group 239 1 1 1 Source RP 10 255 14 144 Flags sparse rptree wildcard Upstream interface Local Group 239 1 1 1 Source 10 255 14 144 Flags sparse spt Upstream interface Local Group 239 1 1 1 Source 10 255 70 15 Flags sparse spt U...

Page 2595: ...user host show pim join extensive Instance PIM master Family INET R Rendezvous Point Tree S Sparse W Wildcard Group 239 1 1 1 Source RP 10 255 14 144 Flags sparse rptree wildcard Upstream interface Local Upstream neighbor Local Upstream state Local RP Downstream neighbors Interface so 1 0 0 0 10 111 10 2 State Join Flags SRW Timeout 174 Interface mt 1 1 0 32768 10 10 47 100 State Join Flags SRW Ti...

Page 2596: ...M VPN A Family INET R Rendezvous Point Tree S Sparse W Wildcard Group 235 1 1 2 Source RP 10 10 47 100 Flags sparse rptree wildcard Upstream interface Local Upstream neighbor Local Upstream state Local RP Downstream neighbors Interface mt 1 1 0 32768 10 10 47 101 State Join Flags SRW Timeout 156 Group 235 1 1 2 Source 192 168 195 74 Flags sparse spt Upstream interface at 0 3 1 0 Upstream neighbor ...

Page 2597: ...y addresses respectively instance instance name Optional Display information about neighbors for the specified PIM enabled routing instance logical system all logical system name Optional Perform this operation on all logical systems or on a particular logical system Required Privilege Level view List of Sample Output show pim neighbors on page 2503 show pim neighbors brief on page 2503 show pim n...

Page 2598: ...idirectional Forwarding Detection BFD protocol on the interface Enabled Operational state is up or Disabled BFD detail Time for which the neighbor is available in seconds The range of values is 0 through 65 535 Hello Option Holdtime detail Default holdtime and the time remaining if the holdtime option is not in the received hello message Hello Default Holdtime detail Designated router election pri...

Page 2599: ... 37 IPv4 PIM v2 Mode Sparse Hello Option Holdtime 65535 seconds Hello Option DR Priority 1 Hello Option LAN Prune Delay delay 500 ms override 2000 ms Join Suppression supported Rx Join Group Source Timeout 225 1 1 1 192 168 195 78 0 225 1 1 1 0 Interface lo0 0 Address 10 255 245 91 IPv4 PIM v2 Mode Sparse Hello Option Holdtime 65535 seconds Hello Option DR Priority 1 Hello Option LAN Prune Delay d...

Page 2600: ... 0 Address 192 168 12 1 IPv4 PIM v2 BFD Disabled Hello Default Holdtime 105 seconds 80 remaining Hello Option DR Priority 1 Hello Option Generation ID 1971554705 Hello Option LAN Prune Delay delay 500 ms override 2000 ms Copyright 2010 Juniper Networks Inc 2504 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2601: ... Optional Display the RPs for a particular group If you specify a group address the output lists the routing device that is the RP for that group inet inet6 Optional Display information for IPv4 or IPv6 family addresses respectively instance instance name Optional Display information about RPs for a specific PIM enabled routing instance logical system all logical system name Optional Perform this ...

Page 2602: ...this RP Groups brief none Addresses of groups that this RP can span Group prefixes detail extensive Address and method by which the RP was learned Learned via detail extensive How long the RP has been active in the format hh mm ss Time Active detail extensive Index value of the order in which the Junos OS finds and initializes the interface Device Index detail extensive Logical unit number of the ...

Page 2603: ...igured the addresses of the RPs in the set Anycast PIM rpset extensive If anycast RP is configured the local address used by the RP Anycast PIM local address used extensive If anycast RP is configured the current register state for each group Group Multicast group address Source Multicast source address for which the PIM register is sent or received depending on whether this routing device is a de...

Page 2604: ... 195 78 10 255 14 132 10 255 245 91 Receive 0 showpimrpsextensive PIM Anycast RP in Use user host show pim rps extensive Instance PIM master Family INET RP 10 10 10 2 Learned via static configuration Time Active 00 54 52 Holdtime 0 Device Index 130 Subunit 32769 Interface pimd 32769 Group Ranges 224 0 0 0 4 Active groups using RP 224 10 10 10 total 1 groups active Anycast PIM rpset 10 100 111 34 1...

Page 2605: ...local address used cd 1 Anycast PIM Register State Group Source Origin 224 1 1 1 10 10 95 2 DIRECT 224 1 1 2 10 10 95 2 DIRECT 224 20 20 1 10 10 71 1 DR 2509 Copyright 2010 Juniper Networks Inc Chapter 80 Operational Mode Commands for IGMP Snooping and Multicast ...

Page 2606: ...t inet inet6 Optional Display information for IPv4 or IPv6 family addresses respectively instance instance name Optional Display information about the RPF state for a specific PIM enabled routing instance logical system all logical system name Optional Perform this operation on all logical systems or on a particular logical system source prefix Optional Display the state for source RPF states in t...

Page 2607: ...0 15 32 Upstream interface so 1 0 0 0 Upstream neighbor 10 111 10 2 Instance PIM master Family INET6 show pim source brief The output for the show pim source brief command is identical to that for the show pim source command For sample output see show pim source on page 2511 showpimsourcedetail user host show pim source detail Instance PIM master Family INET Source 10 255 14 144 Prefix 10 255 14 1...

Page 2608: ...Independent Multicast PIM interface interface name Optional Display statistics about the specified interface logical system all logical system name Optional Perform this operation on all logical systems or on a particular logical system Required Privilege Level view Related Documentation clear pim statistics on page 2436 List of Sample Output show pim statistics on page 2518 Output Fields Table 33...

Page 2609: ...version 2 candidate RP packets V2 Candidate RP PIM version 1 query packets V1 Query PIM version 1 register packets V1 Register PIM version 1 register stop packets V1 Register Stop PIM version 1 join and prune packets V1 Join Prune PIM version 1 RP reachability packets V1 RP Reachability PIM version 1 assert packets V1 Assert PIM version 1 graft packets V1 Graft PIM version 1 graft acknowledgement ...

Page 2610: ... field in the packet Bad Checksum Number of PIM control packets received on an interface that does not have PIM configured Bad Receive If Number of PIM control packets received that contain data for TCP Bad register packets Rx Bad Data Number of PIM control packets received on an interface that has PIM disabled Rx Intf disabled Number of PIM version 1 control packets received on an interface confi...

Page 2611: ...es received on the interface used to reach the upstream router toward the RP Rx Graft on upstream if Number of BSR messages received in which the PIM message type is Candidate RP Advertisement not Bootstrap Rx CRP not BSR Number of BSR messages received in which the PIM message type is Bootstrap Rx BSR when BSR Number of BSR messages received on an interface that is not the RPF interface Rx BSR no...

Page 2612: ...in messages and other types of messages sent between routing domains Embedded RP invalid addr Number of times the limit configure with the maximum rps statement is exceeded The maximum rps statement limits the number of embedded RPs created in a specific routing instance The range is from 1 through 500 The default is 100 Embedded RPlimitexceed Number of packets in which the embedded RP for IPv6 is...

Page 2613: ...ecause of a filter configured for PIM register messages Rx Register msgs filtering drop Number of register messages dropped because of a filter configured for PIM register messages Tx Register msgs filtering drop 2517 Copyright 2010 Juniper Networks Inc Chapter 80 Operational Mode Commands for IGMP Snooping and Multicast ...

Page 2614: ... Query 0 0 0 V1 Register 0 0 0 V1 Register Stop 0 0 0 V1 Join Prune 0 0 0 V1 RP Reachability 0 0 0 V1 Assert 0 0 0 V1 Graft 0 0 0 V1 Graft Ack 0 0 0 AutoRP Announce 0 0 0 AutoRP Mapping 0 0 0 AutoRP Unknown type 0 Anycast Register 0 0 0 Anycast Register Stop 0 0 0 Global Statistics Hello dropped on neighbor policy 0 Unknown type 0 V1 Unknown type 0 Unknown Version 0 Copyright 2010 Juniper Networks...

Page 2615: ...Prune no state 0 Rx Join Prune on upstream if 0 Rx Join Prune messages dropped 0 Rx sparse join for dense group 0 Rx Graft Graft Ack no state 0 Rx Graft on upstream if 0 Rx CRP not BSR 0 Rx BSR when BSR 0 Rx BSR not RPF if 0 Rx unknown hello opt 0 Rx data no state 0 Rx RP no state 0 Rx aggregate 0 Rx malformed packet 0 No RP 0 No register encap if 0 No route upstream 0 2519 Copyright 2010 Juniper ...

Page 2616: ...mbedded RP invalid addr 0 Embedded RP limit exceed 0 Embedded RP added 0 Embedded RP removed 0 Rx Register msgs filtering drop 0 Tx Register msgs filtering drop 0 Copyright 2010 Juniper Networks Inc 2520 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2617: ...les Access Control Configuration on page 2545 Configuring Access Control on page 2607 Verifying 802 1X and MAC RADIUS Authentication on page 2633 Configuration Statements for Access Control on page 2637 Operational Commands for 802 1X on page 2745 2521 Copyright 2010 Juniper Networks Inc ...

Page 2618: ...Copyright 2010 Juniper Networks Inc 2522 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2619: ...w Juniper Networks Junos operating system Junos OS is a network operating system that has been hardened through the separation of control forwarding and services planes with each function running in protected memory The control plane CPU is protected by rate limiting routing policy and firewall filters to ensure switch uptime even under severe attack In addition the switches fully integrate with t...

Page 2620: ... spoofing attacks ARP requests and replies are compared against entries in the DHCP snooping database and filtering decisions are made based on the results of those comparisons MAC limiting Protects against flooding of the Ethernet switching table MAC move limiting Detects MAC movement and MAC spoofing on access ports Trusted DHCP server With a DHCP server on a trusted port protects against rogue ...

Page 2621: ...thorized locations Firewall filters can detect such attempts and create audit log entries when they occur The filters can also restrict access by limiting traffic to source and destination MAC addresses specific protocols or in combination with policers to specified data rates to prevent denial of service DoS attacks Policers Provide rate limiting capability to control the amount of traffic that e...

Page 2622: ...02 1X MAC RADIUS and captive portal on the same interface and in any combination except that you cannot configure MAC RADIUS and captive portal on an interface without also configuring 802 1X If you configure multiple authentication methods on a single interface the switch falls back to another method if the first method is unsuccessful For a description of the process flow when multiple authentic...

Page 2623: ...Figure 47 Example Authentication Topology 2527 Copyright 2010 Juniper Networks Inc Chapter 81 802 1X and MAC RADIUS Authentication Overview ...

Page 2624: ...e network The end device can be responsive or nonresponsive A responsive end device is 802 1X enabled and provides authentication credentials specifically a username and password for EAP MD5 or a username and client certificates for EAP TLS EAP TTLS and EAP PEAP A nonresponsive end device is not 802 1X enabled but it can be authenticated through MAC RADIUS authentication Authenticator port access ...

Page 2625: ...erred to as captive portal allows you to authenticate users on EX Series switches by redirecting Web browser requests to a login page that requires users to input a username and password before they are allowed access to the network Captive portal controls network access by requiring users to provide information that is authenticated against a RADIUS server database using EAP MD5 You can also use ...

Page 2626: ...ch is found the end device is successfully authenticated and the interface is opened up for it No further authentication is done for that end device If a match is not found and 802 1X authentication is enabled on the switch the switch attempts to authenticate the end device through the RADIUS server For each MAC address you can also configure the VLAN to which the end device is moved or the interf...

Page 2627: ...icated state and if the interface receives an EAP packet Related Documentation 802 1X for EX Series Switches Overview on page 2531 Example Setting Up 802 1X for Single Supplicant or Multiple Supplicant Configurations on an EX Series Switch on page 2568 Configuring 802 1X Interface Settings CLI Procedure on page 2609 Configuring MAC RADIUS Authentication CLI Procedure on page 2613 Configuring MAC R...

Page 2628: ...s of private VLANs PVLANs Dynamic changes to a user session Allows the switch administrator to terminate an already authenticated session This feature is based on support of the RADIUS Disconnect Message defined in RFC 3576 Support for VoIP Supports IP telephones If the phone is 802 1X enabled it is authenticated like any other supplicant If the phone is not 802 1X enabled but has another 802 1X c...

Page 2629: ...independently of whether 802 1X authentication is enabled Related Documentation Understanding Authentication on EX Series Switches on page 2526 Understanding 802 1X and VoIP on EX Series Switches on page 2542 Understanding 802 1X and LLDP and LLDP MED on EX Series Switches on page 2540 Understanding 802 1X and RADIUS Accounting on EX Series Switches on page 2539 Understanding Guest VLANs for 802 1...

Page 2630: ...igured on the interface If an authenticator is not configured the switch checks for captive portal configuration skip to Step 6 If an authenticator is configured a The switch checks whether the mac radius restrict statement is configured on the interface If mac radius restrict is configured the switch does not attempt 802 1X authentication skip to Step 5 If it is configured go on to Step 2 b The s...

Page 2631: ...ntication is configured on the interface a The switch sends a MAC RADIUS authentication request to the authentication server The switch sends only one such request If the authentication server does not respond the switch checks whether there is a server fail VLAN configured on the switch If there is a server fail VLAN the switch performs the configured server fail fallback operation If there is no...

Page 2632: ...ol Over LAN EAPOL access reject message Juniper Networks EX Series Ethernet Switches use authentication to implement access control in an enterprise network If 802 1X MAC RADIUS or captive portal authentication are configured on the interface end devices are evaluated at the initial connection by an authentication RADIUS server If the end device is configured on the authentication server the devic...

Page 2633: ...standing Dynamic VLANs for 802 1X on EX Series Switches Dynamic VLANs in conjunction with the 802 1X authentication process provide secure access to the LAN for end devices belonging to different VLANs on a single port When this feature is configured on the RADIUS server an end device or user authenticating on the RADIUS server is assigned to the VLAN configured for it The end device or user becom...

Page 2634: ... end device is moved to the VLAN specified by the RADIUS server and not to the locally configured guest VLAN Authentication can fail for many reasons The end device does not have supplicant software on it for example the end device is a device type that cannot be enabled for 802 1X such as a printer The end device provided invalid credentials a username or password that were not authenticated by t...

Page 2635: ...taining an event record to the accounting server For example a supplicant is authenticated through 802 1X authentication and connected to the LAN The event record associated with this supplicant contains an Acct Status Type attribute whose value indicates the beginning of user service for this supplicant When the supplicant s session ends the accounting request will contain an Acct Status Type att...

Page 2636: ...ormation can be sent to the IP telephone EX Series switches support the following basic TLVs Chassis Identifier The MAC address associated with the local system Port identifier The port identification for the specified port in the local system Port Description The user configured port description The port description can be a maximum of 256 characters System Name The user configured name of the lo...

Page 2637: ...rved Network Policy A TLV that advertises the port VLAN configuration and associated Layer 2 and Layer 3 attributes Attributes include the policy identifier application types such as voice or streaming video 802 1Q VLAN tagging and 802 1p priority bits and Diffserv code points Endpoint Location A TLV that advertises the physical location of the endpoint Extended Power via MDI A TLV that advertises...

Page 2638: ...he class of service CoS parameters to the phone You can configure 802 1X authentication to work with VoIP in multiple supplicant or single supplicant mode In multiple supplicant mode the 802 1X process allows multiple supplicants to connect to the interface Each supplicant will be authenticated individually For an example of a VoIP multiple supplicant topology see Figure 49 on page 2542 Figure 49 ...

Page 2639: ...802 1X and LLDP MED and have the packets forwarded to a VoIP VLAN Related Documentation Understanding 802 1X and LLDP and LLDP MED on EX Series Switches on page 2540 Example Setting Up VoIP with 802 1X and LLDP MED on an EX Series Switch on page 2580 Example Configuring VoIP on an EX Series Switch Without Including 802 1X Authentication on page 2588 Example ConfiguringVoIPonanEXSeriesSwitchWithout...

Page 2640: ...set to the Juniper Networks ID number 2636 As well as configuring port filtering attributes through VSAs you can apply a port firewall filter that has already been configured on the switch directly to the RADIUS server Like port filtering attributes the filter is applied during the 802 1X authentication process and its actions are applied at the switch port Adding a port firewall filter to a RADIU...

Page 2641: ...on an EX Series Switch on page 2574 Example SettingUpVoIPwith802 1XandLLDP MEDonanEXSeriesSwitchonpage2580 Example Configuring VoIP on an EX Series Switch Without Including 802 1X Authentication on page 2588 Example Configuring VoIP on an EX Series Switch Without Including LLDP MED Support on page 2594 Example Applying Firewall Filters to Multiple Supplicants on Interfaces Enabled for 802 1X or MA...

Page 2642: ...atabase and contains credential information for hosts supplicants that have permission to connect to the network Before you connect the server to the switch be sure you have Performed basic bridging and VLAN configuration on the switch See Example Setting Up Basic Bridging and a VLAN for an EX Series Switch on page 1305 Configured users on the RADIUS authentication server Overview and Topology The...

Page 2643: ...Figure 51 Topology for Configuration 2547 Copyright 2010 Juniper Networks Inc Chapter 82 Examples Access Control Configuration ...

Page 2644: ...l Configuration CLI Quick Configuration To quickly connect the RADIUS server to the switch copy the following commands and paste them into the switch terminal window edit set access radius server 10 0 0 100 secret juniper set access profile profile1 authentication order radius set access profile profile1 radius authentication server 10 0 0 100 10 2 14 200 Step by Step Procedure To connect the RADI...

Page 2645: ... ttl 64 time 9 734 ms 64 bytes from 10 93 15 218 icmp_seq 1 ttl 64 time 0 228 ms Meaning ICMP echo request packets are sent from the switch to the target server at 10 0 0 100 to test whether it is reachable across the IP network ICMP echo responses are being returned from the server verifying that the switch and the server are connected Related Documentation Example Setting Up 802 1X for Single Su...

Page 2646: ...rom supplicants until they are authenticated One RADIUS authentication server that supports 802 1X The authentication server acts as the backend database and contains credential information for hosts supplicants that have permission to connect to the network Before you connect the server to the switch be sure you have Performed basic bridging and VLAN configuration on the switch See Example Settin...

Page 2647: ...s credentials from the supplicant to the user database on the RADIUS server The switch blocks all traffic and acts as a control gate until the supplicant is authenticated by the authentication server A supplicant is connected to the switch through interface ge 0 0 1 Figure 52 Topology for Configuration Table 333 on page 2551 describes the components in this topology Table 333 Components of the Top...

Page 2648: ...es see the Junos OS System Basics Configuration Guide at http www juniper net techpubs software junos index html Configuration To configure server fail fallback on the switch CLI Quick Configuration To quickly configure server fail fallback on the switch copy the following commands and paste them into the switch terminal window edit protocols dot1x authenticator set interface ge 0 0 1 server fail ...

Page 2649: ...0 ge 0 0 5 0 ge 0 0 10 0 ge 0 0 12 0 ge 0 0 14 0 ge 0 0 15 0 ge 0 0 20 0 v2 77 None vlan sf 50 None mgmt me0 0 Display 802 1X protocol information on the switch to view supplicants that are authenticated on interface ge 0 0 1 0 user switch show dot1x interface brief 802 1X Information Interface Role State MAC address User ge 0 0 1 0 Authenticator Authenticated 00 00 00 00 00 01 abc ge 0 0 10 0 Aut...

Page 2650: ... 00 00 00 01 is learned on VLAN vlan sf The supplicant has been moved from the default VLAN to the vlan sf VLAN The supplicant is then connected to the LAN through the VLAN named vlan sf Related Documentation Example Setting Up 802 1X for Single Supplicant or Multiple Supplicant Configurations on an EX Series Switch on page 2568 Configuring Server Fail Fallback CLI Procedure on page 2615 Configuri...

Page 2651: ...necting an EX3200 or EX4200 Switch Performed the initial switch configuration See Connecting and Configuring an EX Series Switch J Web Procedure on page 189 Performed basic bridging and VLAN configuration on the switch See Example Setting Up Basic Bridging and a VLAN for an EX Series Switch on page 1305 Overview and Topology As part of IEEE 802 1X Port Based Network Access Control PNAC you can pro...

Page 2652: ...Figure 53 Topology for Guest VLAN Example Copyright 2010 Juniper Networks Inc 2556 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2653: ... VLAN and configure 802 1X authentication perform these tasks CLI Quick Configuration To quickly configure a guest VLAN with 802 1X authentication copy the following commands and paste them into the switch terminal window edit set vlans guest vlan vlan id 300 set protocols dot1x authenticator interface all guest vlan guest vlan Step by Step Procedure To configure a guest VLAN that includes 802 1X ...

Page 2654: ... interface ge 0 0 1 0 detail ge 0 0 1 0 Role Authenticator Administrative state Auto Supplicant mode Single Number of retries 3 Quiet period 60 seconds Transmit period 30 seconds Mac Radius Enabled Mac Radius Restrict Disabled Reauthentication Enabled Configured Reauthentication interval 3600 seconds Supplicant timeout 30 seconds Server timeout 30 seconds Maximum EAPOL requests 2 Guest VLAN member...

Page 2655: ...atic MAC bypass list on the EX Series switch The static MAC bypass list also known as the exclusion list specifies MAC addresses that are allowed on the switch without a request to an authentication server You can use static MAC bypass of authentication to allow connection for devices that are not 802 1X enabled such as printers If a host s MAC address is compared and matched against the static MA...

Page 2656: ...gy To permit printers access to the LAN add them to the static MAC bypass list The MAC addresses on this list are permitted access without authentication from the RADIUS server Figure 54 on page 2561 shows the two printers connected to the EX4200 Copyright 2010 Juniper Networks Inc 2560 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2657: ...Static MAC Authentication Configuration The interfaces shown in Table 335 on page 2562 will be configured for static MAC authentication 2561 Copyright 2010 Juniper Networks Inc Chapter 82 Examples Access Control Configuration ...

Page 2658: ...ch terminal window edit set protocols dot1x authenticator authenticaton profile name profile1 set protocols dot1x authenticator static 00 04 0f fd ac fe 00 04 ae cd 23 5f set protocols dot1x interface all supplicant multiple Step by Step Procedure Configure static MAC authentication Configure the authentication profile name access profile name to use for authentication 1 edit protocols user switch...

Page 2659: ... MAC address VLAN Assignment Interface 00 04 0f fd ac fe default ge 0 0 19 0 00 04 ae cd 23 5f default ge 0 0 20 0 Meaning The output field MAC address shows the MAC addresses of the two printers The output field Interface shows that the MAC address 00 04 0f fd ac fe can connect to the LAN through interface ge 0 0 19 0 and that the MAC address 00 04 ae cd 23 5f can connect to the LAN through inter...

Page 2660: ...ve permission to connect to the network Before you configure MAC RADIUS authentication be sure you have Configured basic access between the EX Series switch and the RADIUS server See Example Connecting a RADIUS Server for 802 1X to an EX Series Switch on page 2545 Performed basic bridging and VLAN configuration on the switch See Example Setting Up Basic Bridging and a VLAN for an EX Series Switch ...

Page 2661: ... the switch determines that the device is does not respond to EAP messages Figure 55 on page 2565 shows the two printers connected to the switch Figure 55 Topology for MAC RADIUS Authentication Configuration Table 336 on page 2565 shows the components in the example for MAC RADIUS authentication Table 336 Components of the MAC RADIUS Authentication Configuration Topology Settings Property EX4200 p...

Page 2662: ... the following commands and paste them into the switch terminal window edit set protocols dot1x authenticator interface ge 0 0 19 mac radius set protocols dot1x authenticator interface ge 0 0 20 mac radius restrict NOTE You must also configure the two MAC addresses as usernames and passwords on the RADIUS server as is done in step 2 of the Step by Step Procedure Step by Step Procedure Configure MA...

Page 2663: ...mation about 802 1X configured interfaces ge 0 0 19 and ge 0 0 20 user switch show dot1x interface ge 0 0 19 0 detail ge 0 0 19 0 Role Authenticator Administrative state Auto Supplicant mode Single Number of retries 3 Quiet period 60 seconds Transmit period 30 seconds Mac Radius Enabled Mac Radius Restrict Disabled Reauthentication Enabled Configured Reauthentication interval 3600 seconds Supplica...

Page 2664: ...first printer configured for MAC RADIUS authentication The Authentication method field displays the authentication method as MAC Radius On interface ge 0 0 20 the MAC address is 00 04 ae cd 23 5f which is the MAC address of the second printer configured for MAC RADIUS authentication The Authentication method field displays the authentication method as MAC Radius Related Documentation Configuring M...

Page 2665: ...n server that supports 802 1X The authentication server acts as the backend database and contains credential information for end devices supplicants that have permission to connect to the network Before you configure the ports for 802 1X authentication be sure you have Installed your EX Series switch Performed the initial switch configuration See Connecting and Configuring an EX Series Switch J We...

Page 2666: ...Figure 56 Topology for Configuring Supplicant Modes Copyright 2010 Juniper Networks Inc 2570 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2667: ...nly one end device to connect to an authenticator port No other end device can connect to the authenticator port until the first logs out Multiple supplicant mode authenticates multiple end devices individually on one authenticator port If you configure a maximum number of devices that can be connected to a port through port security the lesser of the configured values is used to determine the max...

Page 2668: ...Verifying the 802 1X Configuration on page 2572 Verifying the 802 1X Configuration Purpose Verify the 802 1X configuration on interfaces ge 0 0 8 ge 0 0 9 and ge 0 0 5 Action Verify the 802 1X configuration with the operational mode command showdot1xinterface user switch show dot1x interface ge 0 0 8 0 detail ge 0 0 8 0 Role Authenticator Administrative state Auto Supplicant mode Single Number of ...

Page 2669: ...erval 3600 seconds Supplicant timeout 30 seconds Server timeout 30 seconds Maximum EAPOL requests 2 Guest VLAN member not configured Number of connected supplicants 0 Meaning The Supplicant mode output field displays the configured administrative mode for each interface Interface ge 0 0 8 0 displays Single supplicant mode Interface ge 0 0 9 0 displays Single Secure supplicant mode Interface ge 0 0...

Page 2670: ...ements on page 2574 Overview and Topology on page 2575 Configuring the Port Firewall Filter and Counters on page 2577 Applying the Port Firewall Filter to the Supplicant User Profiles on the RADIUS Server on page 2579 Verification on page 2580 Requirements This example uses the following hardware and software components Junos OS Release 9 3 or later for EX Series switches One EX Series switch acti...

Page 2671: ...s the end device s credentials to the RADIUS server The RADIUS server matches the credentials against preconfigured information about the supplicant located in the supplicant s user profile on the RADIUS server If a match is found the RADIUS server instructs the switch to open an interface to the end device Traffic then flows from and to the end device on the LAN Further instructions configured in...

Page 2672: ... access switch 24 Gigabit Ethernet ports 8 PoE ports Switch hardware Backend database with the address 10 0 0 100 connected to the switch at port ge 0 0 10 One RADIUS server Supplicant 1 has MAC address 00 50 8b 6f 60 3a Supplicant 2 has MAC address 00 50 8b 6f 60 3b 802 1X supplicants connected to the switch on interface ge 0 0 2 Copyright 2010 Juniper Networks Inc 2576 Complete Software Guide fo...

Page 2673: ...d accounting AAA services see the Junos OS System Basics Configuration Guide at http www juniper net techpubs software junos index html Configuring the Port Firewall Filter and Counters Configure a port firewall filter and counters CLI Quick Configuration To quickly configure a port firewall filter with terms for Supplicant 1 and Supplicant 2 and create parallel counters for each supplicant copy t...

Page 2674: ...te edit firewall family ethernet switching user switch set filter filter1 term supplicant1 then count counter1 user switch set filter filter1 term supplicant1 then policer p1 user switch set filter filter1 term supplicant2 then count counter2 Results Display the results of the configuration user switch show configuration firewall family ethernet switching filter filter1 term supplicant1 from sourc...

Page 2675: ...re called supplicant1 and supplicant2 root freeradius cat usr local etc raddb users The output shows supplicant1 Auth Type EAP User Password supplicant1 Tunnel Type VLAN Tunnel Medium Type IEEE 802 Tunnel Private Group Id 1005 supplicant2 Auth Type EAP User Password supplicant2 Tunnel Type VLAN Tunnel Medium Type IEEE 802 Tunnel Private Group Id 1005 4 Apply the filter to both user profiles by add...

Page 2676: ...er has been applied to both end devices Related Documentation Example Setting Up 802 1X for Single Supplicant or Multiple Supplicant Configurations on an EX Series Switch on page 2568 Example Configuring Firewall Filters for Port VLAN and Router Traffic on EX Series Switches on page 3039 Configuring 802 1X RADIUS Accounting CLI Procedure on page 2617 Understanding Authentication on EX Series Switc...

Page 2677: ...dging and VLAN configuration on the switch See Example Setting Up Basic Bridging and a VLAN for an EX Series Switch on page 1305 Configured the RADIUS server for 802 1X authentication and set up the access profile See Example Connecting a RADIUS Server for 802 1X to an EX Series Switch on page 2545 Optional Configured interface ge 0 0 2 for Power over Ethernet PoE The PoE configuration is not nece...

Page 2678: ... example the access interface ge 0 0 2 on the EX4200 switch is connected to an Avaya 9620 IP telephone Avaya phones have a built in bridge that allows you to connect a desktop PC to the phone so the desktop and phone in a single office require only one interface on the switch The EX Series switch is connected to a RADIUS server on interface ge 0 0 10 see Figure 58 on page 2583 Copyright 2010 Junip...

Page 2679: ...voice traffic to provide the highest quality of service Table339onpage2583describesthecomponentsusedinthisVoIPconfigurationexample Table 339 Components of the VoIP Configuration Topology Settings Property EX4200 switch Switch hardware 2583 Copyright 2010 Juniper Networks Inc Chapter 82 Examples Access Control Configuration ...

Page 2680: ...dapter Configuration To configure VoIP LLDP MED and 802 1X authentication CLI Quick Configuration To quickly configure VoIP LLDP MED and 802 1X copy the following commands and paste them into the switch terminal window edit set vlans data vlan vlan id 77 set vlans voice vlan vlan id 99 set vlans data vlan interface ge 0 0 2 0 set interfaces ge 0 0 2 unit 0 family ethernet switching vlan members da...

Page 2681: ...sured forwarding 5 Configure LLDP MED protocol support edit protocols user switch set lldp med interface ge 0 0 2 0 6 To authenticate an IP phone and a PC connected to the IP phone on the interface configure 802 1X authentication support and specify multiple supplicant mode NOTE If you do not want to authenticate any device skip the 802 1X configuration on this interface edit protocols user switch...

Page 2682: ...ociation with the Interface on page 2588 Verifying LLDP MED Configuration Purpose Verify that LLDP MED is enabled on the interface Action user switch show lldp detail LLDP Enabled Advertisement interval 30 Second s Transmit delay 2 Second s Hold timer 2 Second s Config Trap Interval 300 Second s Connection Hold timer 60 Second s LLDP MED Enabled MED fast start count 3 Packet s Interface LLDP LLDP ...

Page 2683: ...1X configuration to confirm that the VoIP interface has access to the LAN Action user switch show dot1x interface ge 0 0 2 0 detail ge 0 0 2 0 Role Authenticator Administrative state Auto Supplicant mode Multiple Number of retries 3 Quiet period 60 seconds Transmit period 30 seconds Mac Radius Disabled Mac Radius Restrict Disabled Reauthentication Enabled Configured Reauthentication interval 3600 ...

Page 2684: ...ace is up Related Documentation Example Connecting a RADIUS Server for 802 1X to an EX Series Switch on page 2545 Example Setting Up 802 1X for Single Supplicant or Multiple Supplicant Configurations on an EX Series Switch on page 2568 Defining CoS Forwarding Classes CLI Procedure on page 3208 Defining CoS Forwarding Classes J Web Procedure on page 3208 Configuring LLDP MED CLI Procedure on page 2...

Page 2685: ...configured on the Avaya IP phone the phone exchanges LLDP MED information to get the VLAN ID for the voice VLAN You must configure the voip statement on the interface to designate the interface as a VoIP interface and allow the switch to forward the VLAN name and VLAN ID for the voice VLAN to the IP telephone The IP telephone then uses the voice VLAN that is it references the voice VLAN s ID to se...

Page 2686: ...lan id 99 2 Associate the VLAN data vlan with the interface edit vlans user switch set data vlan interface ge 0 0 2 0 3 Configure the interface as an access interface configure support for Ethernet switching and add the data vlan VLAN edit interfaces user switch setge 0 0 2unit0familyethernet switchingvlanmembersdata vlan user switch set ge 0 0 2 unit 0 family ethernet switching port mode access 4...

Page 2687: ...nterfaces ge 0 0 2 unit 0 family ethernet switching port mode access vlan members data vlan protocols lldp med interface ge 0 0 2 0 dot1x authenticator authentication profile name auth profile static 00 04 f2 11 aa a7 interface ge 0 0 2 0 supplicant multiple vlans data vlan vlan id 77 interface ge 0 0 2 0 voice vlan vlan id 99 ethernet switching options voip interface ge 0 0 2 0 2591 Copyright 201...

Page 2688: ...start count 3 Packet s Interface LLDP LLDP MED Neighbor count all Enabled 0 ge 0 0 2 0 Enabled 0 Interface VLAN id VLAN name ge 0 0 0 0 0 default ge 0 0 1 0 0 employee vlan ge 0 0 2 0 0 data vlan ge 0 0 2 0 99 voice vlan ge 0 0 3 0 0 employee vlan ge 0 0 8 0 0 employee vlan ge 0 0 10 0 0 default ge 0 0 11 0 20 employee vlan ge 0 0 23 0 0 default LLDP basic TLVs supported Chassis identifier Port id...

Page 2689: ...ticated VLAN vo11 Dynamic Filter match source dot1q tag 10 action deny Session Reauth interval 60 seconds Reauthentication due in 50 seconds Meaning The field Role shows that the ge 0 0 2 0 interface is in the authenticator state The Supplicant field shows that the interface is configured in multiple supplicant mode permitting multiple supplicants to be authenticated on this interface The MAC addr...

Page 2690: ...ward VoIP parameters from the switch to the phone Not all IP phones support LLDP MED however This example describes how to configure VoIP on an EX Series switch without LLDP MED and without 802 1X Requirements on page 2594 Overview on page 2595 Configuration on page 2595 Verification on page 2597 Requirements This example uses the following hardware and software components Junos OS Release 9 1 or ...

Page 2691: ...ation that came with your IP telephone for instructions on configuring a voice VLAN For example on an Avaya phone you can ensure that the phone gets the correct VoIP VLAN ID even in the absence of LLDP MED by enabling DHCP option 176 Configuration To configure VoIP without LLDP MED or 802 1X authentication CLI Quick Configuration To quickly configure VoIP copy the following commands and paste them...

Page 2692: ...ure data vlan as native to this trunk interface edit interfaces user switch set ge 0 0 2 unit 0 family ethernet switching native vlan id data vlan Results Display the results of the configuration edit user switch show configuration interfaces ge 0 0 2 unit 0 family ethernet switching port mode trunk vlan members voice vlan native vlan id data vlan vlans data vlan vlan id 77 interface ge 0 0 2 0 vo...

Page 2693: ...VLAN and voice vlan VLAN The State field shows that the interface is up Related Documentation Example Setting Up VoIP with 802 1X and LLDP MED on an EX Series Switch on page 2580 Example Configuring VoIP on an EX Series Switch Without Including 802 1X Authentication on page 2588 Understanding 802 1X and VoIP on EX Series Switches on page 2542 Understanding 802 1X and LLDP and LLDP MED on EX Series...

Page 2694: ...cant or Multiple Supplicant Configurations on an EX Series Switch on page 2568 Configured users on the RADIUS authentication server Overview and Topology When the 802 1X configuration on an interface is set to multiple supplicant mode the system dynamically combines interface firewall filter with the user policies sent to the switch from the RADIUS server during authentication and creates separate...

Page 2695: ...ifications are not reflected in the dynamic filter unless the user is reauthenticated In this example you configure a firewall filter to count the requests made by each endpoint authenticated on interface ge 0 0 2 to the file server which is located on subnet 192 0 2 16 28 and set policer definitions to rate limit the traffic Figure 60 on page 2600 shows the network topology for this example 2599 ...

Page 2696: ...ltiple set firewall family ethernet switching filter filter1 term term1 from destination address 192 0 2 16 28 set firewall policer p1 if exceeding bandwidth limit 1m set firewall policer p1 if exceeding burst size limit 1k set firewall family ethernet switching filter filter1 term term1 then count counter1 set firewall family ethernet switching filter filter1 term term2 then policer p1 Step by St...

Page 2697: ...witch set filter filter1 term term1 from destination address 192 0 2 16 28 user switch set filter filter1 term term1 then count counter1 user switch set filter filter1 term term2 then policer p1 Results Check the results of the configuration user switch show configuration firewall family ethernet switching filter filter1 term term1 from destination address 192 0 2 16 28 then count counter1 term te...

Page 2698: ... dot1x firewall command output reflect the dynamic filter created with the authentication of each new user User1 accessed the file server located at the specified destination address 100 times while User2 accessed the same file server 400 times Related Documentation Example Applying a Firewall Filter to 802 1X Authenticated Supplicants Using RADIUS Server Attributes on an EX Series Switch on page ...

Page 2699: ... the configuration required on the switch to enable captive portal on an interface To permit a printer connected to the captive portal interface to access the LAN add its MAC address to the authentication whitelist The MAC addresses on this list are permitted access on the interface without captive portal authentication The topology for this example consists of one EX Series switch connected to a ...

Page 2700: ...witching options authentication whitelist 00 10 12 e0 28 22 NOTE Optionally you can use set ethernet switching options authentication whitelist 00 10 12 e0 28 22 interface ge 0 0 10 0 to limit the scope to the interface If the MAC address has already been learned on the interface you must clear it using the clear captive portal interface interface name before adding it to the whitelist Otherwise t...

Page 2701: ...s authentication whitelist 00 10 12 e0 28 22 48 Verification To confirm that captive portal authentication is configured and working properly perform these tasks Verifying That Captive Portal Is Enabled on the Interface on page 2605 Verify That Captive Portal Is Working Correctly on page 2606 Verifying That Captive Portal Is Enabled on the Interface Purpose Verify that captive portal is configured...

Page 2702: ...The switch does not return the captive portal login page when a user connected to a captive portal interface on the switch requests a Web page Solution You can examine the ARP DHCP HTTPS and DNS counters if one or more of these counters are not incrementing this provides an indication of where the problem lies For example if the client cannot get an IP address you might check the switch interface ...

Page 2703: ...13 Configuring Server Fail Fallback CLI Procedure on page 2615 Configuring 802 1X RADIUS Accounting CLI Procedure on page 2617 Filtering 802 1X Supplicants Using RADIUS Server Attributes on page 2618 Configuring LLDP CLI Procedure on page 2622 Configuring LLDP J Web Procedure on page 2623 Configuring LLDP MED CLI Procedure on page 2624 VSA Match Conditions and Actions for EX Series Switches on pag...

Page 2704: ...efer to an older default 2 Optional Specify the IP address by which the switch is identified by the RADIUS server If you do not specify this the RADIUS server uses the address of the interface sending the RADIUS request We recommend that you specify this IP address because if the request gets diverted on an alternate route to the RADIUS server the interface relaying the request might not be an int...

Page 2705: ...tication and be automatically connected to the LAN See Configuring Static MAC Bypass of Authentication CLI Procedure on page 2612 Before you begin specify the RADIUS server or servers to be used as the authentication server See Specifying RADIUS Server Connections on an EX Series Switch CLI Procedure on page 2608 To configure 802 1X on an interface 1 Configure the supplicant mode as single authent...

Page 2706: ...Security 802 1X The 802 1X screen displays a list of interfaces whether 802 1X security has been enabled and the assigned port role When you select an interface the Details of 802 1x configuration on port section displays 802 1X details for that interface NOTE After you make changes to the configuration in this page you must commit the changes for them to take effect To commit all changes to the a...

Page 2707: ...ort with which the server is associated Server Port Number Type the IP address in dotted decimal notation Specifies the source address of the switch using which the switch can communicate with the server Source Address Type the number Specifies the number of login retries allowed after a login failure Retry Attempts Type the interval in seconds Specifies the time interval to wait before the connec...

Page 2708: ... for Port waiting time after an authentication failure EAPOL retransmitting interval Max EAPOL requests Maximum number of retries Port timeout value for the response from the supplicant Port timeout value for the response from the RADIUS server Specifies timeout values for each action Timeouts Related Documentation Configuring 802 1X Interface Settings CLI Procedure on page 2609 Example Setting Up...

Page 2709: ...access the LAN by configuring their MAC address for static MAC bypass of authentication You can configure MAC RADIUS authentication on an interface that also allows 802 1X authentication or you can configure either authentication method alone If both MAC RADIUS and 802 1X authentication are enabled on the interface the switch first sends the host three EAPOL requests to the host If there is no res...

Page 2710: ...rface ge 0 0 20 mac radius restrict On a RADIUS authentication server create user profiles for each nonresponsive host using the MAC address without colons of the nonresponsive host as the username and password here the MAC addresses are 00 04 0f fd ac fe and 00 04 ae cd 23 5f root freeradius edit etc raddb vi users 00040ffdacfe Auth type Local User Password 00040ffdacfe 0004aecd235f Auth type Loc...

Page 2711: ...e to the end device When you set up 802 1X or MAC RADIUS authentication on the switch you specify a primary authentication server and one or more backup authentication servers If the primary authentication server cannot be reached by the switch and the secondary authentication servers are also unreachable a RADIUS server timeout occurs Because the authentication server grants or denies access to t...

Page 2712: ...vices as reauthenticated if there is a RADIUS timeout during reauthentication new users will be denied access edit protocols dot1x authenticator user switch set interface ge 0 0 1 server fail use cache Configure an interface that receives an EAPOL access reject message from the authentication server to move end devices attempting LAN access on the interface to a specified VLAN already configured o...

Page 2713: ...ofile profile1 accounting 4 Configure the RADIUS servers to use while sending accounting messages and updates edit access user switch set profile profile1 accounting order radius none 5 Configure the statistics to be collected on the switch and forwarded to the accounting server edit access user switch set profile profile1 accounting order accounting stop on access deny user switch set profile pro...

Page 2714: ...S Server Attributes There are two ways to configure the RADIUS server with port firewall filters Include a match statement and corresponding action in the Juniper Firewall Filter attribute The Juniper Firewall Filter attribute is a vendor specific attribute VSA in the Juniper dictionary on the RADIUS server Use this attribute to configure simple filter conditions for authenticated users Nothing ne...

Page 2715: ...gh See VSAMatchConditionsandActionsforEXSeriesSwitches onpage2626fordefinitions of match statement options To configure match conditions on the RADIUS server 1 Verify that the Juniper dictionary is loaded on your RADIUS server and includes the filtering attribute Juniper Switching Filter attribute ID 48 root freeradius cat usr local share freeradius dictionary juniper dictionary juniper Version Id...

Page 2716: ...user add the Juniper Switching Filter attribute Juniper Switching Filter match destination mac 00 04 0f fd ac fe ip protocol 2 forwarding class high action loss priority high NOTE For the forwarding class option to be applied the forwarding class must be configured on the switch If it is not configured on the switch this option is ignored You must specify both the forwarding class and the packet l...

Page 2717: ...e the firewall filter on the local switch In this example the filter is called filter1 2 Open the users file on the RADIUS server root freeradius cd usr local pool raddb vi users 3 For each relevant user add the filter here the filter ID is filter1 Filter Id filter1 NOTE Multiple filters are not supported on a single interface However you can support multiple filters for multiple users that are co...

Page 2718: ...on a specific interface edit protocols lldp user switch set interface all Configuring for Fast Start You can specify the number of LLDP MED advertisements sent from the switch in the first second after it has detected an LLDP capable device The default is 3 To configure the fast start value edit protocols lldp user switch set fast start 8 Adjusting LLDP Advertisement Settings You can adjust the fo...

Page 2719: ...ls lldp user switch set ptopo configuration maximum hold time 2147483647 Specifying a Management Address for the LLDP Management TLV You can configure an IP management address to be used in the LLDP Management type length and value TLV To configure the management address edit protocols lldp user switch set management address 192 168 0 0 Related Documentation Configuring LLDP J Web Procedure on pag...

Page 2720: ...LDP neighbors Hold multiplier Type the Fast start count Specifies the number of LLDP advertisements sent in the first second after the device connects The default is 3 Increasing this number results in the port initially advertising LLDP MED at a faster rate for a limited time Fast start count Table 344 Edit Port Settings Your Action Function Field Select one Enabled Disabled or None Specifies whe...

Page 2721: ...graphy edit protocols lldp med user switch set interface ge 0 0 2 0 location civic based country code US user switch set interface ge 0 0 2 0 location civic based ca type 1 ca value El Dorado County user switch set interface ge 0 0 2 0 location civic based ca type 2 ca value CA user switch set interface ge 0 0 2 0 location civic based ca type 3 ca value Somerset user switch set interface ge 0 0 2 ...

Page 2722: ...ted by default The action is the action that the switch takes if a packet matches the match conditions for the specific term Allowed actions are accept a packet or discard a packet The following guidelines apply when you specify match conditions and actions for VSAs Both match and action statements are mandatory Any or all options separated by commas may be included in each match and action statem...

Page 2723: ...server 2401 cmd 514 dhcp 67 domain 53 eklogin 2105 ekshell 2106 exec 512 finger 79 ftp 21 ftp data 20 http 80 https 443 ident 113 imap 143 kerberos sec 88 klogin 543 kpasswd 761 krb prop 754 krbupdate 760 kshell 544 ldap 389 login 513 mobileip agent 434 mobilip mn 435 msdp 639 netbios dgm 138 netbios ns 137 netbios ssn 139 nfsd 2049 nntp 119 ntalk 518 ntp 123 pop3 110 pptp 1723 printer 515 radacct...

Page 2724: ...tion on the switch See Example Setting Up Basic Bridging and a VLAN for an EX Series Switch on page 1305 Generated an SSL certificate and installed it on the switch See Generating SSL Certificates to Be Used for Secure Web Access on page 498 Configured basic access between the EX Series switch and the RADIUS server See Example Connecting a RADIUS Server for 802 1X to an EX Series Switch on page 25...

Page 2725: ...E Optionally you can use set ethernet switching options authentication whitelist00 10 12 e0 28 22interfacege 0 0 10 0 to limit the scope to the interface If the MAC address of the client that you want to configure for authentication bypass has already been learned on the interface you must clear it using the clear captive portal interface interface namebefore adding it to the whitelist Otherwise t...

Page 2726: ... design elements of an existing captive portal login page Figure 61 on page 2630 shows an example of a captive portal login page Figure 61 Example of a Captive Portal Login Page Table 347 on page 2630 summarizes the configurable elements of a captive portal login page Table 347 Configurable Elements of a Captive Portal Login Page Description CLI Statement Element The first screen displayed before ...

Page 2727: ... their login information for example Log In or OK form submit label label name Formsubmitbutton label The HTML hexadecimal code for the background color of the captive portal login page header header bgcolorhex color Header background color Filename of the file containing the image of the logo that you want to appear at the top of the captive portal login page The image file can be in GIF JPEG or ...

Page 2728: ...et custom options footer message Copyright 2009 Our Network NOTE For the custom options that you do not specify the value is taken from the standard template Related Documentation Example Setting Up Captive Portal Authentication on an EX Series Switch on page 2602 Copyright 2010 Juniper Networks Inc 2632 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2729: ...commands show dot1x interface detail display xml show dot1x interface detail interface display xml show dot1x auth failed users Meaning The details displayed include A list of authenticated users The total number of users connected A list of users who have failed authentication You can also specify an interface for which the details must be displayed Related Documentation Configuring 802 1X Authen...

Page 2730: ... is now connected to the LAN is known as user5 on the RADIUS server and has the MAC address 00 30 48 8C 66 BD The supplicant was authenticated by means of the 802 1X authentication method called Radius authentication When the Radius authentication method is used the supplicant is configured on the RADIUS server the RADIUS server communicates this to the switch and the switch opens LAN access on th...

Page 2731: ...ver fail VLAN A supplicant is configured to be moved to a specified VLAN if the RADIUS server is unavailable to reauthenticate the supplicant The VLAN must already exist on the switch Related Documentation Configuring 802 1X Interface Settings CLI Procedure on page 2609 Configuring 802 1X Authentication J Web Procedure on page 2610 Configuring MAC RADIUS Authentication CLI Procedure on page 2613 C...

Page 2732: ...Copyright 2010 Juniper Networks Inc 2636 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2733: ... access deny accounting stop on failure authentication order authentication method radius accounting server server address authentication server server address Related Documentation Example Connecting a RADIUS Server for 802 1X to an EX Series Switch on page 2545 Configuring 802 1X RADIUS Accounting CLI Procedure on page 2617 edit ethernet switching options Configuration Statement Hierarchy ethern...

Page 2734: ...ame name interface interface name primary secure access port dhcp snooping file location local_pathname remote_URL timeout seconds write interval seconds interface all interface name allowed mac mac address list dhcp trusted no dhcp trusted mac limit limit action action no allowed mac log static ip ip address vlan vlan name mac mac address vlan all vlan name arp inspection no arp inspection dhcp o...

Page 2735: ...rding best effort expedited forwarding network control Related Documentation Understanding Port Mirroring on EX Series Switches on page 3539 Port Security for EX Series Switches Overview on page 2825 Understanding BPDU Protection for STP RSTP and MSTP on EX Series Switches on page 1522 Understanding Redundant Trunk Links on EX Series Switches on page 1291 Understanding Storm Control on EX Series S...

Page 2736: ... cache vlan id vlan name server reject vlan vlan id vlan name server timeout seconds supplicant multiple single single secure supplicant timeout seconds transmit period seconds static mac address interface interface name vlan assignment vlan id vlan name gvrp enable disable interface all interface name disable join timer millseconds leave timer milliseconds leaveall timer milliseconds igmp snoopin...

Page 2737: ...all interface name disable lldp configuration notification interval seconds management address ip management address ptopo configuration maximum hold time seconds ptopo configuration trap interval seconds traceoptions file filename files number size size world readable no world readable match regex flag flag detail disable receive send lldp med disable fast start number interface all interface nam...

Page 2738: ...de no root port priority priority max age seconds max hops hops msti msti id vlan vlan id vlan name interface interface name disable cost cost edge mode mode priority priority revision level revision level traceoptions file filename files number size size no stamp world readable no world readable flag flag mvrp disable interface all interface name disable join timer milliseconds leave timer millis...

Page 2739: ...fault explicit name format character string none dns mac 2oct maintenance association ma name continuity check hold interval minutes interval 10m 10s 1m 1s 100ms loss threshold number mep mep id auto discovery direction down interface interface name remote mep mep id action profile profile name link fault management action profile profile name action syslog link down event link adjacency loss link...

Page 2740: ...orward delay seconds hello time seconds interface all interface name disable bpdu timeout action block alarm cost cost edge mode mode no root port priority priority max age seconds traceoptions file filename files number size size no stamp world readable no world readable flag flag sflow agent id collector ip address udp port port number disable interfaces interface name disable polling interval s...

Page 2741: ...tamp world readable no world readable flag flag vstp bpdu block on edge disable force version stp vlan all vlan id vlan name bridge priority priority forward delay seconds hello time seconds interface all interface name bpdu timeout action alarm block cost cost disable edge mode mode no root port priority priority max age seconds traceoptions file filename files number size size no stamp world rea...

Page 2742: ...itches on page 1521 Understanding Multiple VLAN Registration Protocol MVRP on EX Series Switches on page 1296 Understanding Ethernet OAM Connectivity Fault Management for an EX Series Switch on page 3763 Understanding Ethernet OAM Link Fault Management for an EX Series Switch on page 3725 Understanding RSTP for EX Series Switches on page 1520 Understanding STP for EX Series Switches on page 1519 U...

Page 2743: ...es switches Description Configure authentication authorization and accounting AAA services The statements are explained separately Default Not enabled Required Privilege Level admin To view this statement in the configuration admin control To add this statement to the configuration Related Documentation Example Connecting a RADIUS Server for 802 1X to an EX Series Switch on page 2545 Configuring 8...

Page 2744: ...subscribers radius Use RADIUS authentication for specified subscribers The remaining statements are explained separately Required Privilege Level admin To view this statement in the configuration admin control To add this statement to the configuration Related Documentation Example Connecting a RADIUS Server for 802 1X to an EX Series Switch on page 2545 Configuring 802 1X RADIUS Accounting CLI Pr...

Page 2745: ...1 for EX Series switches Description Configure RADIUS accounting parameters and enable RADIUS accounting for an access profile The remaining statements are explained separately Required Privilege Level admin To view this statement in the configuration admin control To add this statement to the configuration Related Documentation Configuring Authentication and Accounting Parameters for Subscriber A...

Page 2746: ...se 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure audit of TACACS or RADIUS authentication events configuration changes and interactive commands Options The remaining statements are explained separately Required Privilege Level admin To view this statement in the configuration admin control To add this statement to the configuration Related Documentat...

Page 2747: ...dius Release Information Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure the Remote Authentication Dial In User Service RADIUS server for authentication To configure multiple RADIUS servers include multiple server addresses The servers are tried in order and in a round robin fashion until a valid response is received from one of the servers or until all th...

Page 2748: ...ion and Accounting Parameters for Subscriber Access accounting stop on access deny Syntax accounting stop on access deny Hierarchy Level edit access profile profile name accounting Release Information Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configures the authentication order for authentication authorization and accounting AAA services to send an Acct Stop m...

Page 2749: ... profile name accounting Release Information Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure authentication order for authentication authorization and accounting AAA services to send an Acct Stop message if a supplicant fails AAA authorization but the RADIUS server grants access For example a supplicant might fail AAA authentication due to an internal erro...

Page 2750: ...entication and Accounting Parameters for Subscriber Access address Syntax address address or prefix Hierarchy Level edit access address pool pool name Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure the IP address or prefix value for clients Options address or prefix An address or prefix ...

Page 2751: ...ing the Address Pool for L2TP Network Server IP Address Allocation address range Syntax address range low lower limit high upper limit Hierarchy Level edit access address pool pool name Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure the address range Options high upper limit Upper limit ...

Page 2752: ...sabled Options seconds Optional The number of seconds Range 5 through 32 768 seconds Default 30 seconds Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation show lldp on page 2769 Configuring LLDP CLI Procedure on page 2622 Understanding 802 1X and LLDP and LLDP MED on EX Series Switches on pag...

Page 2753: ...erface description access request accounting start accounting stop nas identifier access request accounting on accounting off accounting start accounting stop nas port access request accounting start accounting stop nas port id access request accounting start accounting stop nas port type access request accounting start accounting stop output gigapackets accounting stop output gigawords accounting...

Page 2754: ...Lightweight Directory Access Protocol none No authentication for specified subscribers radius Remote Authentication Dial In User Service authentication Required Privilege Level admin To view this statement in the configuration admin control To add this statement to the configuration Related Documentation Example Connecting a RADIUS Server for 802 1X to an EX Series Switch on page 2545 Configuring ...

Page 2755: ...ured at the edit access profile profile name client client name hierarchy level radius Verify the client using RADIUS authentication services NOTE For subscriber access management you must always specify the radius method Subscriber access management does not support the password keyword the default and authentication fails when no method is specified Required Privilege Level admin To view this st...

Page 2756: ...rchy level and contains the RADIUS server IP address and other information used for authentication Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Connecting a RADIUS Server for 802 1X to an EX Series Switch on page 2545 Example Configuring MAC RADIUS Authentication on an EX Series...

Page 2757: ...entation Example Connecting a RADIUS Server for 802 1X to an EX Series Switch on page 2545 show network access aaa statistics authentication on page 2787 Example Connecting a RADIUS Server for 802 1X to an EX Series Switch on page 2545 authentication whitelist Syntax authentication whitelist mac address interface interface name vlan assignment vlan id vlan name Hierarchy Level edit ethernet switch...

Page 2758: ... protocols dot1x Release Information Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure an authenticator for 802 1X authentication The statements are explained separately Default No static MAC address or VLAN is configured Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Re...

Page 2759: ...y Level edit services Release Information Statement introduced in Junos OS Release 10 1 for EX Series switches Description Configure captive portal to authenticate clients connected to the switch for access to the network The remaining statements are explained separately Default Captive portal is disabled Required Privilege Level routing To view this statement in the configuration routing control ...

Page 2760: ... value statement is explained separately Default Disabled Options value Civic address elements that represent the civic or postal address Values are 0 A code that specifies the language used to describe the location 16 The leading street direction such as N 17 A trailing street suffix such as SW 18 A street suffix or type such as Ave or Platz 19 A house number such as 6450 20 A house number suffix...

Page 2761: ...t is indexed by the ca type code This information is advertised from the switch to the MED and is used during emergency calls to identify the location of the MED Default Disabled Options value Specify a value that correlates to the ca type See ca type for a list of codes and suggested values Required Privilege Level routing To view this statement in the configuration routing control To add this st...

Page 2762: ...e switch to the MED This information is used during emergency calls to identify the location of the MED The statements are explained separately Default Disabled Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation show lldp on page 2769 Example Setting Up VoIP with 802 1X and LLDP MED on an EX ...

Page 2763: ...ncy calls to identify the location of the MED The country code is required when configuring LLDP MED based on location Default Disabled Options code Two letter ISO 3166 country code in capital ASCII letters for example US or DE Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation show lldp on p...

Page 2764: ... bottom of the captive portal login page for example 2E8B57 sea green Values symbol followed by six characters footer message Text message displayed in the footer bar across the bottom of the captive portal login page Range 1 2047 characters Default Copyright 2010 Juniper Networks Inc form header bgcolor The hexadecimal color code for the background color of the header bar across the top of the fo...

Page 2765: ...der message Text displayed in the header bar across the bottom of the captive portal login page Range 1 2047 characters Default User Authentication post authentication url URL to which the users are directed upon successful authentication for example www mycafe com Range 1 255 characters Default The page originally requested by the user Required Privilege Level routing To view this statement in th...

Page 2766: ...s statement added in Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure the authentication server Options The remaining statements are explained separately Required Privilege Level system To view this statement in the configuration system control To add this statement to the configuration Related Documentation Configuring RADIUS System Ac...

Page 2767: ...mentation show dot1x on page 2757 Example Setting Up 802 1X for Single Supplicant or Multiple Supplicant Configurations on an EX Series Switch on page 2568 Example Setting Up 802 1X in Conference Rooms to Provide Internet Access to Corporate Visitors on an EX Series Switch on page 2554 Example Setting Up VoIP with 802 1X and LLDP MED on an EX Series Switch on page 2580 Example Configuring Static M...

Page 2768: ...EX Series Switches on page 2540 disable Syntax disable Hierarchy Level edit protocols lldp med edit protocols lldp med interface Release Information Statement introduced in Junos OS Release 9 0 for EX Series switches Description Disable the LLDP MED configuration on the switch or on one or more interfaces Default If you do not configure LLDP MED it is disabled on the switch and on specific switch ...

Page 2769: ...duced in Junos OS Release 9 0 for EX Series switches Description Configure 802 1X authentication for Port Based Network Access Control 802 1X authentication is supported on interfaces that are members of private VLANs PVLANs The remaining statements are explained separately Default 802 1X is disabled Required Privilege Level routing To view this statement in the configuration routing control To ad...

Page 2770: ...Discovery LLDP MED configure the Emergency Line Identification Number ELIN as location information Location information is advertised from the switch to the MED device and is used during emergency calls to identify the location of the MED device Default Disabled Options number Configure a 10 digit number area code and telephone number Required Privilege Level routing To view this statement in the ...

Page 2771: ...uthenticate clients The router or switch passes a port type of ethernet in RADIUS attribute 61 NAS Port Type by default This statement specifies a port type of virtual Required Privilege Level admin To view this statement in the configuration admin control To add this statement to the configuration Related Documentation Configuring RADIUS Server Options for Subscriber Access Configuring RADIUS Ser...

Page 2772: ...0 0x88a8 0x9100 interfaces interface name no mac learning mac notification notification interval seconds mac table aging time seconds port error disable disable timeout timeout redundant trunk group group name name interface interface name primary interface interface name secure access port dhcp snooping file location local_pathname remote_URL timeout seconds write interval seconds interface all i...

Page 2773: ...ard no ip source guard mac move limit limit action action storm control action shutdown interface all interface name bandwidth bandwidth no broadcast no unknown unicast traceoptions file filename files number no stamp replace size size world readable no world readable flag flag disable unknown unicast forwarding vlan all vlan name interface interface name voip interface all interface name access p...

Page 2774: ... Ethernet switching options The remaining statements are explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Understanding Port Mirroring on EX Series Switches on page 3539 Port Security for EX Series Switches Overview on page 2825 Understanding BPDU Protection for STP RST...

Page 2775: ...events Event types can be one or more of the following change log Audit configuration changes interactive commands Audit interactive commands any command line input login Audit logins Required Privilege Level system To view this statement in the configuration system control To add this statement to the configuration Related Documentation Configuring TACACS System Accounting 2679 Copyright 2010 Jun...

Page 2776: ...s request accounting start accounting stop nas port id access request accounting start accounting stop nas port type access request accounting start accounting stop output gigapackets accounting stop output gigawords accounting stop Hierarchy Level edit access profile profile name radius attributes Release Information Statement introduced in Junos OS Release 9 1 Statement introduced in Junos OS Re...

Page 2777: ...attribute 5 NAS Port nas port id RADIUS attribute 87 NAS Port Id nas port type RADIUS attribute 61 NAS Port Type output filter Juniper VSA 26 11 Egress Policy Name output gigapackets Juniper VSA 25 43 Acct Output Gigapackets output gigawords RADIUS attribute 53 Acct Output Gigawords RADIUS message type access request RADIUS Access Accept messages accounting off RADIUS Accounting Off messages accou...

Page 2778: ... an LLDP MED device such as an IP telephone Options count Number of advertisements Range 1 through 10 Default 3 Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation show lldp on page 2769 Configuring LLDP MED CLI Procedure on page 2624 Understanding 802 1X and LLDP and LLDP MED on EX Series Swi...

Page 2779: ... the best effort forwarding class loss priority is typically not carried in a class of service CoS value and random early detection RED drop profiles are more aggressive expedited forwading Provides a low loss low latency low jitter assured bandwidth end to end service network control Provides a typically high priority because it supports protocol control Required Privilege Level routing To view t...

Page 2780: ...h Default None Options vlan id VLAN tag identifier of the guest VLAN vlan name Name of the guest VLAN Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Setting Up 802 1X in Conference Rooms to Provide Internet Access to Corporate Visitors on an EX Series Switch on page 2554 Understan...

Page 2781: ... The default value is 4 or 120 seconds Default Disabled Options number A number used as a multiplier Range 2 through 10 Default 4 or 120 seconds Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation show lldp on page 2769 Configuring LLDP CLI Procedure on page 2622 Understanding 802 1X and LLDP ...

Page 2782: ...uration admin control To add this statement to the configuration Related Documentation Configuring RADIUS Server Parameters for Subscriber Access immediate update Syntax immediate update Hierarchy Level edit access profile profile name accounting Release Information Statement introduced in Junos OS Release 9 1 Statement introduced in Junos OS Release 9 1 for EX Series switches Description Configur...

Page 2783: ...terface names List of names of interfaces to configure for 802 1X authentication The remaining statements are explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation show dot1x on page 2757 Example Setting Up 802 1X for Single Supplicant or Multiple Supplicant Configurations o...

Page 2784: ...ute 87 NAS Port Id By default the router or switch includes both the subinterface and the adapter in the interface description Options adapter Include only the adapter in the interface description sub interface Include only the subinterface in the interface description Required Privilege Level admin To view this statement in the configuration admin control To add this statement to the configuratio...

Page 2785: ...ptions all All interfaces to be configured for captive portal authentication interface names List of names of interfaces to be configured for captive portal authentication The remaining statements are explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Setting Up C...

Page 2786: ...rfaces on the switch interface name Name of a specific interface The remaining statement is explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Configuring LLDP CLI Procedure on page 2622 Understanding 802 1X and LLDP and LLDP MED on EX Series Switches on page 2540 Copyrig...

Page 2787: ...ed Options all All interfaces on the switch interface name Name of a specific interface The remaining statements are explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation show lldp on page 2769 Example Setting Up VoIP with 802 1X and LLDP MED on an EX Series Switch on page 2...

Page 2788: ...owed to connect to the LAN without authentication Options interface names List of interfaces Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation show dot1x static mac address on page 2764 Example Configuring Static MAC Bypass of Authentication on an EX Series Switch on page 2559 Example Settin...

Page 2789: ...ess ports Enable VoIP on all interfaces on a specific interface or on all access ports Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Setting Up VoIP with 802 1X and LLDP MED on an EX Series Switch on page 2580 Example Configuring VoIP on an EX Series Switch Without Including 802 ...

Page 2790: ...ries switches Description Configure Link Layer Discovery Protocol LLDP The switch uses LLDP to advertise its identity and capabilities on a LAN as well as receive information about other network devices LLDP is defined in the IEEE standard 802 1AB 2005 The remaining statements are explained separately Default LLDP is enabled Required Privilege Level routing To view this statement in the configurat...

Page 2791: ... If the interval value is 0 trap notifications of database changes are disabled Default SNMP trap notifications of LLDP database changes are disabled Options seconds Interval between trap notifications about LLDP database changes Range 0 through 3600 Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Docum...

Page 2792: ...s and to create location databases for these telephone locations for emergency services LLDP MED is defined in the standard ANSI TIA 1057 by the Telecommunications Industry Association TIA The statements are explained separately Default Disabled Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentat...

Page 2793: ...ation is advertised from the switch to the MED This information is used during emergency calls to identify the location of the MED The statements are explained separately Default Disabled Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation show lldp on page 2769 Example Setting Up VoIP with 80...

Page 2794: ...sage to a supplicant the switch resets the interface on which the supplicant is authenticated If the interface is configured for multiple supplicant mode the switch resets all the supplicants on the specified interface This option takes effect only when the restrict option is also set restrict Optional Restricts authentication to MAC RADIUS only When mac radius restrict is configured the switch dr...

Page 2795: ... LLDP MED on EX Series Switches on page 2540 EX Series Switches Interfaces Overview on page 1095 maximum requests Syntax maximum requests number Hierarchy Level edit protocols dot1x authenticator interface all interface names Release Information Statement introduced in Junos OS Release 9 0 for EX Series switches Description For 802 1X authentication configure the maximum number of times an EAPOL r...

Page 2796: ...is used for authentication and accounting requests Options identifier value String to use for authentication and accounting requests Range 1 to 64 characters Required Privilege Level admin To view this statement in the configuration admin control To add this statement to the configuration Related Documentation Configuring RADIUS Server Options for Subscriber Access Configuring RADIUS Server Parame...

Page 2797: ...e fields in the NAS Port attribute Options adapter width width Number of bits in the adapter field port width width Number of bits in the port field slot width width Number of bits in the slot field stacked vlan width width Number of bits in the SVLAN ID field vlan width width Number of bits in the VLAN ID field Required Privilege Level admin To view this statement in the configuration admin contr...

Page 2798: ...t Not disabled Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Configuring 802 1X Interface Settings CLI Procedure on page 2609 Configuring 802 1X Authentication J Web Procedure on page 2610 Understanding Authentication on EX Series Switches on page 2526 Copyright 2010 Juniper Networks Inc...

Page 2799: ...chy Level edit access profile profile name radius Release Information Statement introduced in Junos OS Release 9 1 Statement introduced in Junos OS Release 9 1 for EX Series switches Description Configure the options used by RADIUS authentication and accounting servers The statements are explained separately Required Privilege Level admin To view this statement in the configuration admin control T...

Page 2800: ...Switch on page 2545 Configuring 802 1X RADIUS Accounting CLI Procedure on page 2617 order Syntax order accounting method Hierarchy Level edit access profile profile name accounting Release Information Statement introduced in Junos OS Release 9 1 Statement introduced in Junos OS Release 9 1 for EX Series switches Description Set the order in which the Junos OS tries different accounting methods for...

Page 2801: ...nteraction with RADIUS Servers Configuring Authentication and Accounting Parameters for Subscriber Access port RADIUS Server Syntax port port number Hierarchy Level edit system radius server address edit system accounting destination radius server address Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Descrip...

Page 2802: ...scription Configure the port number on which to contact the TACACS server Options number Port number on which to contact the TACACS server Default 49 Required Privilege Level system To view this statement in the configuration system control To add this statement to the configuration Related Documentation Configuring TACACS System Accounting Copyright 2010 Juniper Networks Inc 2706 Complete Softwar...

Page 2803: ...d accounting AAA configuration that aids in handling AAA requests including the authentication method and order AAA server addresses and AAA accounting Default Not enabled Options profile name Profile name of up to 32 characters The remaining statements are explained separately Required Privilege Level admin To view this statement in the configuration admin control To add this statement to the con...

Page 2804: ...9 Understanding 802 1X and LLDP and LLDP MED on EX Series Switches on page 2540 ptopo configuration trap interval Syntax ptopo configuration trap interval seconds Hierarchy Level edit protocols lldp Release Information Statement introduced in Junos OS Release 9 6 for EX Series switches Description Specify how often SNMP trap notifications are sent regarding changes in physical topology global stat...

Page 2805: ...a statistics authentication on page 2787 Example Connecting a RADIUS Server for 802 1X to an EX Series Switch on page 2545 quiet period Captive Portal Syntax quiet period seconds Hierarchy Level edit services captive portal interface all interface names Release Information Statement introduced in Junos OS Release 10 1 for EX Series switches Description Configure time in seconds after a user exceed...

Page 2806: ...d response is received from one of the servers or until all the configured retry limits are reached The statements are explained separately Required Privilege Level admin To view this statement in the configuration admin control To add this statement to the configuration Related Documentation Example Connecting a RADIUS Server for 802 1X to an EX Series Switch on page 2545 Configuring 802 1X RADIU...

Page 2807: ... stop input gigapackets accounting stop input gigawords accounting stop interface description access request accounting start accounting stop nas identifier access request accounting on accounting off accounting start accounting stop nas port access request accounting start accounting stop nas port id access request accounting start accounting stop nas port type access request accounting start acc...

Page 2808: ...he router uses for AAA authentication and accounting for subscribers The statements are explained separately Required Privilege Level admin To view this statement in the configuration admin control To add this statement to the configuration Related Documentation Configuring RADIUS Server Parameters for Subscriber Access RADIUS Server Options for Subscriber Access Copyright 2010 Juniper Networks In...

Page 2809: ... Release 9 0 for EX Series switches Description Configure the RADIUS accounting server Options server address Address of the RADIUS accounting server The remaining statements are explained separately Required Privilege Level system To view this statement in the configuration system control To add this statement to the configuration Related Documentation Configuring RADIUS System Accounting 2713 Co...

Page 2810: ...The servers are tried in order and in a round robin fashion until a valid response is received from one of the servers or until all the configured retry limits are reached Options server address Address of the RADIUS authentication server The remaining statements are explained separately Required Privilege Level system To view this statement in the configuration system control To add this statemen...

Page 2811: ...ation of the supplicant interval seconds Sets the periodic reauthentication time interval The range is 1 through 65 535 seconds Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Configuring 802 1X Interface Settings CLI Procedure on page 2609 Configuring 802 1X Authentication J Web Procedure...

Page 2812: ...Authentication J Web Procedure on page 2610 Understanding Authentication on EX Series Switches on page 2526 retries Captive Portal Syntax retries number of tries Hierarchy Level edit services captive portal interface all interface names Release Information Statement introduced in Junos OS Release 10 1 for EX Series switches Description Configure the number of times the user can attempt to submit a...

Page 2813: ...Options attempts Number of times that the router is allowed to attempt to contact a RADIUS server Range 1 through 10 Default 3 Required Privilege Level system To view this statement in the configuration system control To add this statement to the configuration Related Documentation Configuring Authentication and Accounting Parameters for Subscriber Access Configuring Router or Switch Interaction w...

Page 2814: ...lowed to try to contact a RADIUS authentication or accounting server Options number Number of retries allowed for contacting a RADIUS server Range 1 through 10 Default 3 Required Privilege Level system To view this statement in the configuration system control To add this statement to the configuration Related Documentation Configuring RADIUS Authentication Configuring RADIUS System Accounting tim...

Page 2815: ...umentation Configuring RADIUS Server Options for Subscriber Access Configuring Authentication and Accounting Parameters for Subscriber Access routing instance Syntax routing instance routing instance name Hierarchy Level edit access radius server server address edit access profile profile name radius server server address Release Information Statement introduced before Junos OS Release 7 4 Stateme...

Page 2816: ...e server Options password Password to use it can include spaces if the character string is enclosed in quotation marks Required Privilege Level system To view this statement in the configuration system control To add this statement to the configuration Related Documentation Configuring Authentication and Accounting Parameters for Subscriber Access Configuring Router or Switch Interaction with RADI...

Page 2817: ...umentation Configuring RADIUS Authentication Configuring TACACS Authentication Configuring TACACS System Accounting Configuring RADIUS System Accounting secure authentication Syntax secure authentication http https Hierarchy Level edit services captive portal Release Information Statement introduced in Junos OS Release 10 1 for EX Series switches Description Enable HTTP or HTTPS access on the capt...

Page 2818: ... Documentation Configuring RADIUS System Accounting server TACACS Accounting Syntax server server address port port number secret password single connection timeout seconds Hierarchy Level edit system accounting destination tacplus Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure TACACS lo...

Page 2819: ...plicant on the interface to the VLAN specified by this numeric identifier This action is allowed only if it is the first supplicant connecting to the interface If an authenticated supplicant is already connected then the supplicant is not moved to the VLAN and is not authenticated vlan name Move supplicant on the interface to the VLAN specified by this name This action is allowed only if it is the...

Page 2820: ...s part of the EAPOL Access Reject message is ignored When you specify the VLAN ID or VLAN name the VLAN must already be configured on the switch Default None Options vlan id Numeric identifier of the VLAN to which the supplicant is moved vlan name Name of the VLAN to which the supplicant is moved Required Privilege Level routing To view this statement in the configuration routing control To add th...

Page 2821: ...fore timing out and invoking the server fail action Default 30 seconds Options seconds Number of seconds Range 1 through 60 seconds Default 30 seconds Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation show dot1x on page 2757 clear dot1x on page 2748 Example Connecting a RADIUS Server for 802...

Page 2822: ...on on an EX Series Switch on page 2602 Configuring Captive Portal Authentication CLI Procedure on page 2628 session expiry Syntax session expiry seconds Hierarchy Level edit services captive portal interface all interface names Release Information Statement introduced in Junos OS Release 10 1 for EX Series switches Description Configure the maximum duration in seconds of a session Options seconds ...

Page 2823: ...r address edit access profile profile name radius server server address Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure a source address for each configured RADIUS server Each RADIUS request sent to a RADIUS server uses the specified source address Options source address A valid IPv4 addr...

Page 2824: ...ce address A valid IP address configured on one of the router or switch interfaces For system logging the address is recorded as the message source in messages sent to the remote machines specified in all host hostname statements at the edit system syslog hierarchy level but not for messages directed to the other Routing Engine or to the TX Matrix router or TX Matrix Plus router in a routing matri...

Page 2825: ...cation is done for the supplicant You can optionally configure the VLAN that the supplicant is moved to or the interfaces on which the MAC address can gain access from Options mac address The MAC address of the device for which 802 1X authentication should be bypassed and the device permitted access to the port The remaining statements are explained separately Required Privilege Level routing To v...

Page 2826: ...e statistics for the sessions being managed by AAA Options time Collect uptime statistics only volume time Collect both volume and uptime statistics This option is not available for Mobile IP Required Privilege Level admin To view this statement in the configuration admin control To add this statement to the configuration Related Documentation Mobile IP Home Agent Elements and Behavior Configuring...

Page 2827: ...ain single secure Authenticates only one client to connect to an authenticator port The host must be directly connected to the switch multiple Authenticates multiple clients individually on one authenticator port You can configure the number of clients per port If you also configure a maximum number of devices that can be connected to a port through port security settings the lower of the configur...

Page 2828: ...he request Default 30 seconds Options seconds Number of seconds Range 1 through 60 seconds Default 30 seconds Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation supplicant on page 2731 Example Setting Up 802 1X for Single Supplicant or Multiple Supplicant Configurations on an EX Series Switch...

Page 2829: ...ches Description Configure the Terminal Access Controller Access Control System Plus TACACS Options server address Address of the TACACS authentication server The remaining statements are explained separately Required Privilege Level system To view this statement in the configuration system control To add this statement to the configuration Related Documentation Configuring TACACS System Accountin...

Page 2830: ...witches Description Configure the amount of time that the local router or switch waits to receive a response from a RADIUS or TACACS server Options seconds Amount of time to wait Range 1 through 90 seconds Default 3 seconds Required Privilege Level system To view this statement in the configuration system control To add this statement to the configuration Related Documentation Configuring RADIUS A...

Page 2831: ...onse from a RADIUS server Options seconds Amount of time to wait Range 1 through 90 seconds Default 3 seconds Required Privilege Level system To view this statement in the configuration system control To add this statement to the configuration Related Documentation Configuring Router or Switch Interaction with RADIUS Servers Configuring Authentication and Accounting Parameters for Subscriber Acces...

Page 2832: ...s reached Then the oldest trace file is overwritten If you specify a maximum number of files you also must specify a maximum file size with the sizeoption Range 2 through 1000 Default 3 files flag flag Tracing operation to perform To specify more than one tracing operation include multiple flag statements You can include the following flags all All tracing operations config internal Trace internal...

Page 2833: ... with the files option Syntax xk to specify KB xm to specify MB or xg to specify gigabyte Range 10 KB through 1gigabyte Default 128 KB world readable Optional Enable unrestricted file access Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation show lldp on page 2769 Configuring 802 1X Interface...

Page 2834: ... a maximum file size with the size option Range 2 through 1000 Default 3 files flag flag Tracing operation to perform To specify more than one tracing operation include multiple flag statements You can include the following flags all All tracing operations config Trace configuration operations packet Trace packet events rtsock Trace routing socket operations match regex Optional Refine the output ...

Page 2835: ...tion Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure the delay between 2 successive LLDP advertisements Default Disabled Options seconds Number of seconds between two successive LLDP advertisements Range 1 through 8192 seconds Default 2 Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the...

Page 2836: ...rface Settings CLI Procedure on page 2609 802 1X for EX Series Switches Overview on page 2531 update interval Syntax update interval minutes Hierarchy Level edit access profile profile name accounting Release Information Statement introduced in Junos OS Release 9 1 Statement introduced in Junos OS Release 9 1 for EX Series switches Description Configure the amount of time that the router or switch...

Page 2837: ...ss of Authentication on an EX Series Switch on page 2559 Example Setting Up Captive Portal Authentication on an EX Series Switch on page 2602 Understanding Authentication on EX Series Switches on page 2526 Example Setting Up Captive Portal Authentication on an EX Series Switch on page 2602 Configuring Captive Portal Authentication CLI Procedure on page 2628 vlan nas port stacked format Syntax vlan...

Page 2838: ...h 4095 Tags 0 and 4095 are reserved by Junos OS and you should not configure them untagged Allow untagged VLAN traffic Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Setting Up VoIP with 802 1X and LLDP MED on an EX Series Switch on page 2580 Example Configuring VoIP on an EX Seri...

Page 2839: ...ements are explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Setting Up VoIP with 802 1X and LLDP MED on an EX Series Switch on page 2580 Example Configuring VoIP on an EX Series Switch Without Including 802 1X Authentication on page 2588 Example ConfiguringVoIPo...

Page 2840: ...he location of the MED Options 0 and 1 should not be used unless it is known that the DHCP client is in close physical proximity to the server or network element Default 1 Options number Location 0 Location of the DHCP server 1 Location of a network element believed to be closest to the client 2 Location of the client Required Privilege Level routing To view this statement in the configuration rou...

Page 2841: ...CHAPTER 86 Operational Commands for 802 1X 2745 Copyright 2010 Juniper Networks Inc ...

Page 2842: ...age 2751 show captive portal interface on page 2754 show captive portal firewall on page 2752 Example Setting Up Captive Portal Authentication on an EX Series Switch on page 2602 Configuring Captive Portal Authentication CLI Procedure on page 2628 List of Sample Output clear captive portal interface on page 2747 clear captive portal interface on page 2747 clear captive portal mac address on page 2...

Page 2843: ...re the RADIUS server timeout occurred State The MAC address of the connected client on the interface MAC address Users connected to the captive portal interface User clear captive portal interface user switch clear captive portal interface ge 0 0 3 0 clear captive portal interface clear captive portal interface user switch clear captive portal interface Captive Portal Information Interface State M...

Page 2844: ...and Reauthentication interval will be about the same Options all Optional Clears all ports or specific ports or specific MAC addresses interface interface names Optional Resets the authentication state of all supplicants connected to the specified ports when the port is an authenticator or for itself when the port is a supplicant mac address mac addresses Resets the authentication state only for t...

Page 2845: ...or more selected interfaces Required Privilege Level view Related Documentation show lldp on page 2769 Configuring LLDP CLI Procedure on page 2622 Understanding 802 1X and LLDP and LLDP MED on EX Series Switches on page 2540 List of Sample Output clear lldp neighbors on page 2749 clear lldp neighbors interface ge 0 1 1 0 on page 2749 clear lldp neighbors user switch clear lldp neighbors clear lldp...

Page 2846: ...ege Level view Related Documentation Configuring LLDP CLI Procedure on page 2622 Understanding 802 1X and LLDP and LLDP MED on EX Series Switches on page 2540 List of Sample Output clear lldp statistics on page 2750 clear lldp statistics interface ge 0 1 1 0 on page 2750 clear lldp statistics user switch clear lldp statistics clear lldp statistics clear lldp statistics interface ge 0 1 1 0 user sw...

Page 2847: ...tion failed users on page 2751 Output Fields Table 349 on page 2751 lists the output fields for the show captive portal authentication failed users command Output fields are listed in the approximate order in which they appear Table 349 show captive portal authentication failed users Output Fields Field Description Field Name The MAC address configured to bypass captive portal authentication Inter...

Page 2848: ...tication on an EX Series Switch on page 2602 Configuring Captive Portal Authentication CLI Procedure on page 2628 List of Sample Output show captive portal firewall brief on page 2752 show captive portal firewall ge 0 0 10 0 on page 2752 show captive portal firewall on page 2753 Output Fields Output fields for the show captive portal firewall command include any action modifier specified in firewa...

Page 2849: ...s 0 0 dot1x_ge 0 0 0_CP_t_dns 0 0 dot1x_ge 0 0 0_CP_u_dns 0 0 Filter name dot1x_ge 0 0 1 Counters Name Bytes Packets dot1x_ge 0 0 1_CP_arp 0 0 dot1x_ge 0 0 1_CP_dhcp 0 0 dot1x_ge 0 0 1_CP_http 0 0 dot1x_ge 0 0 1_CP_https 0 0 dot1x_ge 0 0 1_CP_t_dns 0 0 dot1x_ge 0 0 1_CP_u_dns 0 0 Filter name dot1x_ge 0 0 10 Counters Name Bytes Packets dot1x_ge 0 0 10_CP_arp 7616 119 dot1x_ge 0 0 10_CP_dhcp 0 0 dot...

Page 2850: ...Level view Related Documentation show captive portal authentication failed users on page 2751 show captive portal firewall on page 2752 captive portal on page 2663 clear captive portal on page 2746 Example Setting Up Captive Portal Authentication on an EX Series Switch on page 2602 Configuring Captive Portal Authentication CLI Procedure on page 2628 List of Sample Output show captive portal interf...

Page 2851: ...fore they can attempt to authenticate Quiet period detail Time in seconds that a client can be idle before the session expires Configured CP session timeout detail Time in seconds that an interface will wait for a reply when relaying a response from the client to the authentication server before timing out and invoking the server fail action Server timeout detail Number of users connecting through...

Page 2852: ... Server timeout 15 seconds Number of connected supplicants 1 Supplicant No User 00 30 48 8c 66 bd Operational state Connecting Dynamic CP Session Timeout 0 seconds CP Session Expiration due in 0 seconds Copyright 2010 Juniper Networks Inc 2756 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2853: ...h on page 2550 Example Connecting a RADIUS Server for 802 1X to an EX Series Switch on page 2545 Example Configuring MAC RADIUS Authentication on an EX Series Switch on page 2564 Example Setting Up VoIP with 802 1X and LLDP MED on an EX Series Switch on page 2580 Configuring 802 1X RADIUS Accounting CLI Procedure on page 2617 Filtering 802 1X Supplicants Using RADIUS Server Attributes on page 2618...

Page 2854: ...whose VLAN membership has been set to dynamic Administrative state detail The mode for the supplicant single Authenticates only the first supplicant All other supplicants who connect later to the port are allowed full access without any further authentication They effectively piggyback on the first supplicant s authentication single secure Allows only one supplicant to connect to the port No other...

Page 2855: ...ore timing out The default value is 30 seconds The range is 1 through 60 seconds Server timeout detail The maximum number of retransmission times of an EAPOL request packet to the supplicant before the authentication session times out The default value is 2 The range is 1 through 10 Maximum EAPOL requests detail The number of non 802 1X clients granted access to the LAN by means of static MAC bypa...

Page 2856: ...s time out during reauthentication previouslyauthenticatedsupplicantsarereauthenticated butnewsupplicants are denied LAN access Server failVLAN A supplicant is configured to be moved to a specified VLAN if the RADIUS server is unavailable to reauthenticate the supplicant The VLAN must already exist on the switch Authentication method detail The VLAN to which the supplicant is connected Authenticat...

Page 2857: ...timeout 30 seconds Maximum EAPOL requests 1 Guest VLAN member not configured Number of connected supplicants 1 Supplicant abc 00 30 48 8C 66 BD Operational state Authenticated Authentication method Radius Authenticated VLAN v200 Reauthentication due in 17 seconds 2761 Copyright 2010 Juniper Networks Inc Chapter 86 Operational Commands for 802 1X ...

Page 2858: ...tputfieldsfortheshowdot1xauthentication failed users command Output fields are listed in the approximate order in which they appear Table 352 show dot1x authentication failed users Output Fields Level of Output Field Description Field Name all The MAC address configured to bypass 802 1X authentication Interface all The MAC address configured statically on the interface MAC address all The user tha...

Page 2859: ...e Level view Related Documentation clear dot1x on page 2748 Example Applying Firewall Filters to Multiple Supplicants on Interfaces Enabled for 802 1X or MAC RADIUS Authentication on page 2597 List of Sample Output show dot1x firewall on page 2763 show dot1x firewall on page 2763 Output Fields Output fields include any action modifier that is specified in firewall filters show dot1x firewall Showi...

Page 2860: ...able 353 on page 2764 lists the output fields for the show dot1x static mac address command Output fields are listed in the approximate order in which they appear Table 353 show dot1x static mac address Output Fields Level of Output Field Description Field Name all The MAC address of the device that is configured to bypass 802 1X authentication MAC address all The name of the VLAN to which the dev...

Page 2861: ...00 00 00 12 24 12 support ge 0 0 1 0 00 00 00 72 30 58 support ge 0 0 1 0 2765 Copyright 2010 Juniper Networks Inc Chapter 86 Operational Commands for 802 1X ...

Page 2862: ...hernet switching table on page 1493 Configuring Autorecovery From the Disabled State on Secure or Storm Control Interfaces CLI Procedure on page 2796 List of Sample Output show ethernet switching interfaces on page 2767 show ethernet switching interfaces ge 0 0 15 brief on page 2768 showethernet switchinginterfacesge 0 0 2detail BlockedbyRTGrtggroup onpage2768 show ethernet switching interfaces ge...

Page 2863: ...o service when the disable timeout expires MAC move limit exceeded The interface is temporarily disabled due to a MAC move limiting error The disabled interface is automatically restored to service when the disable timeout expires Storm control in effect The interface is temporarily disabled due to a storm control error The disabled interface is automatically restored to service when the disable t...

Page 2864: ... by RTG rtggroup Number of MACs learned on IFL 0 show ethernet switching user switch show ethernet switching interfaces ge 0 0 15 detail Interface ge 0 0 15 0 Index 70 State up Port mode Trunk interfaces ge 0 0 15 VLAN membership detail Blocked by STP vlan100 802 1Q Tag 100 tagged msti id 0 blocked by STP vlan200 802 1Q Tag 200 tagged msti id 0 blocked by STP Number of MACs learned on IFL 0 show e...

Page 2865: ...9 lists the output fields for the show lldp command Output fields are listed in the approximate order in which they appear Table 355 show lldp Output Fields Level of Output Field Description Field Name All levels LLDP operating state The state can be enabled or disabled NOTE If a VLAN that has been configured for untagged packets on an interface also has Layer 2 protocol tunneling L2PT enabled for...

Page 2866: ... sent from a switch to a device such as a VoIP telephone when the device is first detected by the switch These increased advertisements are temporary After a device and a switch exchange information and can communicate advertisements are reduced to one per second This value is set by the fast start configuration statement LLDP MED fast start count All levels Name of the interface for which LLDP co...

Page 2867: ...r example bridge or router Management address TLV that advertises the IP management address of the local system LLDP basic TLVs supported detail 802 3 TLVs supported on the switch MAC PHY configuration status TLV that advertises information about the physical interface such as autonegotiation status and support and MAU type The information is based on the physical interface structure and is not co...

Page 2868: ...wer priority and power value of the port It is the responsibility of the PSE device network connectivity device to advertise the power priority on a port Supported LLDP MED TLVs show lldp user switch show lldp LLDP Enabled show lldp Advertisement interval 30 seconds Transmit delay 2 seconds Hold timer 4 seconds Notification interval 0 Second s Config Trap Interval 0 seconds Connection Hold timer 3...

Page 2869: ...1 xe 3 0 2 0 ae31 0 4000 v4000 LLDP basic TLVs supported Chassis identifier Port identifier Port description System name System description System capabilities Management address Supported LLDP 802 TLVs MAC PHY configuration status Power via MDI Link aggregation Maximum frame size Port VLAN tag Port VLAN name Supported LLDP MED TLVs LLDP MED capabilities Network policy Endpoint location Extended p...

Page 2870: ... name User configured name of the switch System descr System description containing information about the switch model and the current software image running on the switch This information is taken from the software and is not configurable LLDP Local Information details Capabilities such as bridge or router that are supported or enabled on the system System Capabilities Details of the management i...

Page 2871: ...IPv4 Port ID 34 Port ID Subtype local 7 Port Subtype ifIndex 1 Interface name Parent Interface SNMP Index Interface description Status Tunneling me0 0 34 Down Disabled xe 3 0 0 0 ae31 0 769 xe 3 0 0 0 Up Disabled xe 3 0 1 0 ae31 0 770 xe 3 0 1 0 Up Disabled xe 3 0 2 0 ae31 0 771 xe 3 0 2 0 Up Disabled xe 3 0 3 0 ae31 0 772 xe 3 0 3 0 Up Disabled xe 3 0 4 0 ae31 0 577 xe 3 0 4 0 Up Disabled xe 3 0 ...

Page 2872: ...2776liststheoutputfieldsfortheshowlldpneighbors command Output fields are listed in the approximate order in which they appear Table 357 show lldp neighbors Output Fields Field Description Field Name List of local interfaces for which neighbor information is available Local Interface List of aggregated Ethernet interfaces if any to which the local interfaces belong Parent Interface List of chassis...

Page 2873: ...mation Type of chassis identifier supplied such as MAC address appears when the interface option is used Chassis type Chassis identifier of the chassis type listed appears when the interface option is used Chassis ID Type of port identifier supplied such as locally assigned appears when the interface option is used Port type Port identifier of the port type listed appears when the interface option...

Page 2874: ...3 80 40 xe 0 0 2 0 newyork31 xe 3 0 7 0 ae31 0 b0 c6 9a 63 80 40 xe 0 0 3 0 newyork31 xe 3 0 0 0 ae31 0 b0 c6 9a 63 80 40 xe 0 1 0 0 newyork31 xe 3 0 1 0 ae31 0 b0 c6 9a 63 80 40 xe 0 1 1 0 newyork31 xe 3 0 2 0 ae31 0 b0 c6 9a 63 80 40 xe 0 1 2 0 newyork31 xe 3 0 3 0 ae31 0 b0 c6 9a 63 80 40 xe 0 1 3 0 newyork31 show lldp neighbors interface xe 3 0 4 0 user switch show lldp neighbors interface xe ...

Page 2875: ... Organization Info OUI 0 18 15 Subtype 3 Index 7 Info 0FA0057634303030 show lldp neighbors interface ge 0 0 0 0 user switch show lldp neighbors interface ge 0 0 0 0 LLDP Neighbor Information for a VoIP Local Information AvayaTelephone with LLDP MED Support Index 20 Time to live 120 Time mark Thu Apr 15 22 26 22 2010 Age 16 secs Local Interface ge 0 0 0 0 Parent Interface Local Port ID 517 Ageout C...

Page 2876: ... Info OUI 0 18 15 Subtype 1 Index 1 Info 036CA00010 Organization Info OUI 0 18 15 Subtype 1 Index 2 Info 002303 Organization Info OUI 0 18 15 Subtype 2 Index 3 Info 014001AE Organization Info OUI 0 18 15 Subtype 5 Index 4 Info 3436313044303141 Organization Info OUI 0 18 15 Subtype 6 Index 5 Info 62313064303162325F392E62696E Organization Info OUI 0 18 15 Subtype 7 Index 6 Info 61313064303162325F392...

Page 2877: ...ation Info OUI 0 18 15 Subtype 3 Index 11 Info 00000000 Organization Info OUI 0 18 15 Subtype 4 Index 12 Info 000000000000000000000000 Organization Info OUI 0 18 15 Subtype 5 Index 13 Info 00000000 Organization Info OUI 0 18 15 Subtype 6 Index 14 Info 00000000 Organization Info OUI 0 18 15 Subtype 7 Index 15 Info 01 2781 Copyright 2010 Juniper Networks Inc Chapter 86 Operational Commands for 802 1...

Page 2878: ...p remote global statistics command Output fields are listed in the approximate order in which they appear Table 358 show lldp remote global statistics Output Fields Field Description Field Name Information about remote database table counters LLDP Remote Database Table Counters Time elapsed between LLDP agent startup and the last change to the remote database table information LastchangeTime Numbe...

Page 2879: ...stics user host show lldp remote global statistics LLDP Remote Database Table Counters show lldp remote global statistics LastchangeTime Inserts Deletes Drops Ageouts 00 00 76 76 sec 192 0 0 0 2783 Copyright 2010 Juniper Networks Inc Chapter 86 Operational Commands for 802 1X ...

Page 2880: ... in the approximate order in which they appear Table 359 show lldp statistics Output Fields Field Description Field Name Name of the interface Interface Name of the aggregated Ethernet interface if any to which the interface belongs NOTE Because LLDP packets are transmitted and received on member interfaces only statistics are available only for the member interfaces not for the aggregated interfa...

Page 2881: ...596 0 0 xe 3 0 7 0 ae31 0 1597 0 0 xe 5 0 6 0 0 0 0 xe 5 0 7 0 0 0 0 Discarded TLVs Transmitted Untransmitted 0 3044 1 0 3044 1 0 3044 1 0 3044 1 0 3075 1 0 3075 1 0 3075 1 0 3075 1 0 17312 0 0 17312 0 show lldp statistics interface xe 3 0 0 0 user switch show lldp statistics interface xe 3 0 0 0 Interface Parent Interface Received Unknown TLVs With Errors xe 3 0 0 0 ae31 0 1566 0 0 Discarded TLVs...

Page 2882: ...k access aaa statistics accounting Output Fields Field Description Field Name The number of accounting request packets sent from a switch to a RADIUS accounting server Requests received The number of accounting response failure packets sent from the RADIUS accounting server to the switch Accounting Response failures The number of accounting response success packets sent from the RADIUS accounting ...

Page 2883: ...statistics authentication command Output fields are listed in the approximate order in which they appear Table 361 show network access aaa statistics authentication Output Fields Field Description Field Name The number of authentication requests received by the switch Requests received The number of authentication accepts received by the RADIUS server Accepts The number authentication rejects sent...

Page 2884: ...in the approximate order in which they appear Table 362 show network access aaa statistics dynamic requests Output Fields Field Description Field Name The number of dynamic requests received by the RADIUS server Requests received The number of dynamic requests successfully processed by the RADIUS server Processed successfully The number of errors that occurred while the RADIUS server was processin...

Page 2885: ...iting Configuration on page 2793 Configuring Rate Limiting on page 2795 Verifying Rate Limiting Configuration on page 2797 Configuration Statements for Rate Limiting on page 2799 Operational Mode Commands for Rate Limiting on page 2815 2789 Copyright 2010 Juniper Networks Inc ...

Page 2886: ...Copyright 2010 Juniper Networks Inc 2790 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2887: ...ement or the port error disable statement when the storm control level is exceeded The factory default configuration enables storm control on all switch interfaces with the storm control level set to 80 percent of the combined broadcast and unknown unicast streams You can change the storm control level for an interface by specifying a bandwidth value for the combined broadcast and unknown unicast ...

Page 2888: ...nation MAC addresses By default the switch floods these unicast packets that are traveling in a VLAN to all interfaces that are members of the VLAN Forwarding this type of traffic to interfaces on the switch can trigger a security issue The LAN is suddenly flooded with packets creating unnecessary traffic that leads to poor network performance or even a complete loss of network service This is kno...

Page 2889: ...nd Topology on page 2793 Configuration on page 2794 Requirements This example uses the following hardware and software components One EX Series switch Junos OS Release 9 5 or later for EX Series switches Overview and Topology A storm is generated when messages are broadcast on a network and each message prompts a receiving node to respond by broadcasting its own messages on the network This in tur...

Page 2890: ...ffic and unknown unicast traffic exceeds this level the switch drops packets for the controlled traffic types to prevent a network outage Configuration CLI Quick Configuration To quickly configure storm control based on the traffic rate in kilobits per second of the combined broadcast and unknown unicast streams copy the following command and paste it into the switch terminal window edit set ether...

Page 2891: ...ching table You can configure each VLAN to divert unknown unicast traffic to different trunk interfaces or use one trunk interface for multiple VLANs To configure unknown unicast forwarding options using the CLI NOTE Before you can configure unknown unicast forwarding within a VLAN you must first configure that VLAN 1 Configure unknown unicast forwarding for a specific VLAN here the VLAN name is e...

Page 2892: ... limiting or storm control errors NOTE Youmustspecifythedisabletimeoutvaluefortheinterfacestorecover automatically There is no default disable timeout If you do not specify a timeout value you need to use the clear ethernet switching port error command to clear the errors and restore the interfaces or the specified interface to service To configure autorecovery from the disabled state due to MAC l...

Page 2893: ... forwarding vlan v1 interface ge 0 0 7 0 Display the Ethernet switching table user switch show ethernet switching table vlan v1 Ethernet switching table 3 unicast entries VLAN MAC address Type Age Interfaces v1 Flood All members v1 00 01 09 00 00 00 Learn 24 ge 0 0 7 0 v1 00 11 09 00 01 00 Learn 37 ge 0 0 3 0 Meaning The sample output from the show configuration ethernet switching options command ...

Page 2894: ... down default unblocked ge 0 0 17 0 down default unblocked ge 0 0 18 0 down default unblocked ge 0 0 19 0 up T111 unblocked ge 0 1 0 0 down default unblocked ge 0 1 1 0 down default unblocked ge 0 1 2 0 down default unblocked ge 0 1 3 0 down default unblocked Meaning The sample output from the show ethernet switching interfaces command shows that three of the down interfaces specify the reason tha...

Page 2895: ...ber input ingress interface all interface name vlan vlan id vlan name egress interface all interface name output interface interface name vlan vlan id vlan name bpdu block disable timeout timeout interface all interface name dot1q tunneling ether type 0x8100 0x88a8 0x9100 interfaces interface name no mac learning mac notification notification interval seconds mac table aging time seconds port erro...

Page 2896: ...dhcp option82 circuit id prefix hostname use interface description use vlan id remote id prefix hostname mac none use interface description use string string vendor id string examine dhcp no examine dhcp ip source guard no ip source guard mac move limit limit action action storm control action shutdown interface all interface name bandwidth bandwidth no broadcast no unknown unicast traceoptions fi...

Page 2897: ...ng BPDU Protection for STP RSTP and MSTP on EX Series Switches on page 1522 Understanding Redundant Trunk Links on EX Series Switches on page 1291 Understanding Storm Control on EX Series Switches on page 2791 Understanding 802 1X and VoIP on EX Series Switches on page 2542 Understanding Q in Q Tunneling on EX Series Switches on page 1293 Understanding Unknown Unicast Forwarding on EX Series Switc...

Page 2898: ...issue the clearethernet switchingport error command to clear the port error and restore the interfaces to service Default The action shutdown option is not enabled When the storm control level is exceeded the switch drops unknown unicast and broadcast messages on the specified interfaces Required Privilege Level routing To view this statement in the configuration routing control To add this statem...

Page 2899: ...vel of 15000 Kbps Thus the storm control level on ae1 allows a traffic rate of up to 30000 Kbps of combined broadcast and unknown unicast traffic Default If you omit the bandwidth statement when you configure storm control on an interface the storm control level defaults to 80 percent of the combined broadcast and unknown unicast streams Options bandwidth Traffic rate in kilobits per second of the...

Page 2900: ...effect The disabled interface is automatically restored to service when the specified timeout is reached Range 10 through 3600 seconds Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Configuring Port Security CLI Procedure on page 2906 Configuring Autorecovery From the Disabled State on Se...

Page 2901: ...her type 0x8100 0x88a8 0x9100 interfaces interface name no mac learning mac notification notification interval seconds mac table aging time seconds port error disable disable timeout timeout redundant trunk group group name name interface interface name primary interface interface name secure access port dhcp snooping file location local_pathname remote_URL timeout seconds write interval seconds i...

Page 2902: ...rce guard mac move limit limit action action storm control action shutdown interface all interface name bandwidth bandwidth no broadcast no unknown unicast traceoptions file filename files number no stamp replace size size world readable no world readable flag flag disable unknown unicast forwarding vlan all vlan name interface interface name voip interface all interface name access ports vlan vla...

Page 2903: ...tion Configure Ethernet switching options The remaining statements are explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Understanding Port Mirroring on EX Series Switches on page 3539 Port Security for EX Series Switches Overview on page 2825 Understanding BPDU Protecti...

Page 2904: ...unknown unicast streams Options all All interfaces The storm control settings configured with the all option affect only those interfaces that have not been individually configured for storm control interface name Name of an interface The storm control settings configured with the interface name option override any settings configured with the all option The remaining statements are explained sepa...

Page 2905: ...X Series Switches on page 2792 no broadcast Syntax no broadcast Hierarchy Level edit ethernet switching options storm control interface all interface name Release Information Statement introduced in Junos OS Release 9 1 for EX Series switches Description Disable storm control for broadcast traffic for the specified interface or for all interaces Default Storm control is enabled for both unknown un...

Page 2906: ...aces Default Storm control is enabled for both unknown unicast traffic and broadcast traffic Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Configuring Storm Control to Prevent Network Outages on EX Series Switches on page 2793 Understanding Storm Control on EX Series Switches on ...

Page 2907: ...isable the switch disables rather than shuts down the interface when the MAC address limit is reached If you have enabled mac move limit with the shutdown option and you enable port error disable the switch disables rather than shuts down the interface when the maximum number of moves to a new interface is reached If you have enabled storm control with the action shutdown option and you enable por...

Page 2908: ...tches Description Configure storm control on the switch The remaining statements are explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Configuring Storm Control to Prevent Network Outages on EX Series Switches on page 2793 Understanding Storm Control on EX Series...

Page 2909: ...you must first configure that VLAN The remaining statements are explained separately Default Unknown unicast packets are flooded to all interfaces that belong to the same VLAN Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation show vlans on page 1507 show ethernet switching table on page 1493...

Page 2910: ...st of all configured VLANs on the system including VLANs that are configured but not committed type after vlan or vlans in your configuration mode command line Note that only one VLAN is displayed for a VLAN range Options all All VLANs vlan name Name of a VLAN Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Rel...

Page 2911: ...CHAPTER 92 Operational Mode Commands for Rate Limiting 2815 Copyright 2010 Juniper Networks Inc ...

Page 2912: ...hernet switching table on page 1493 Configuring Autorecovery From the Disabled State on Secure or Storm Control Interfaces CLI Procedure on page 2796 List of Sample Output show ethernet switching interfaces on page 2817 show ethernet switching interfaces ge 0 0 15 brief on page 2818 showethernet switchinginterfacesge 0 0 2detail BlockedbyRTGrtggroup onpage2818 show ethernet switching interfaces ge...

Page 2913: ...ice when the disable timeout expires MAC move limit exceeded The interface is temporarily disabled due to a MAC move limiting error The disabled interface is automatically restored to service when the disable timeout expires Storm control in effect The interface is temporarily disabled due to a storm control error The disabled interface is automatically restored to service when the disable timeout...

Page 2914: ... by RTG rtggroup Number of MACs learned on IFL 0 show ethernet switching user switch show ethernet switching interfaces ge 0 0 15 detail Interface ge 0 0 15 0 Index 70 State up Port mode Trunk interfaces ge 0 0 15 VLAN membership detail Blocked by STP vlan100 802 1Q Tag 100 tagged msti id 0 blocked by STP vlan200 802 1Q Tag 200 tagged msti id 0 blocked by STP Number of MACs learned on IFL 0 show e...

Page 2915: ...Ns in ascending order of VLAN IDs or VLAN names vlan vlan name Optional Display the Ethernet switching table for a specific VLAN Required Privilege Level view Related Documentation clear ethernet switching table on page 1472 Example Setting Up Basic Bridging and a VLAN for an EX Series Switch on page 1305 Example Setting Up Bridging with Multiple VLANs for EX Series Switches on page 1312 Example C...

Page 2916: ...tching table user switch show ethernet switching table Ethernet switching table 57 entries 17 learned VLAN MAC address Type Age Interfaces F2 Flood All members F2 00 00 05 00 00 03 Learn 0 ge 0 0 44 0 F2 00 19 e2 50 7d e0 Static Router Linux Flood All members Linux 00 19 e2 50 7d e0 Static Router Linux 00 30 48 90 54 89 Learn 0 ge 0 0 47 0 T1 Flood All members T1 00 00 05 00 00 01 Learn 0 ge 0 0 4...

Page 2917: ...earn 0 ge 0 0 15 0 T111 00 19 e2 50 7d e0 Static Router T111 00 19 e2 50 ac 00 Learn 0 ge 0 0 15 0 T2 Flood All members T2 00 00 5e 00 01 01 Static Router T2 00 19 e2 50 63 e0 Learn 0 ge 0 0 46 0 T2 00 19 e2 50 7d e0 Static Router T3 Flood All members T3 00 00 5e 00 01 02 Static Router T3 00 19 e2 50 63 e0 Learn 0 ge 0 0 46 0 T3 00 19 e2 50 7d e0 Static Router T4 Flood All members T4 00 00 5e 00 0...

Page 2918: ... 0 8 0 ge 0 0 10 0 ge 0 0 0 0 Type Flood Nexthop index 567 VLAN v1 Tag 10 MAC 00 21 59 c6 93 22 Interface Router Type Static Nexthop index 0 VLAN v1 Tag 10 MAC 00 21 59 c9 9a 4e Interface ge 0 0 14 0 Type Learn Age 0 Learned 18 40 50 Nexthop index 564 show ethernet switching user switch show ethernet switching table interface ge 0 0 1 Ethernet switching table 1 unicast entries VLAN MAC address Typ...

Page 2919: ...ation on page 2849 Configuring Port Security on page 2905 Verifying Port Security on page 2933 Troubleshooting Port Security on page 2945 Configuration Statements for Port Security on page 2947 Operational Mode Commands for Port Security on page 2985 2823 Copyright 2010 Juniper Networks Inc ...

Page 2920: ...Copyright 2010 Juniper Networks Inc 2824 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2921: ...tures help protect the access ports on your switch against the losses of information and productivity that can result from such attacks Juniper Networks Junos operating system Junos OS on Juniper Networks EX Series Ethernet Switches provides features to help secure ports on the switch The ports can be categorized as either trusted or untrusted You apply policies appropriate to those categories to ...

Page 2922: ... DHCP option 82 Also known as the DHCP relay agent information option Helps protect the EX Series switch against attacks such as spoofing of IP addresses and MAC addresses and DHCP IP address starvation Option 82 provides information about the network location of a DHCP client and the DHCP server uses this information to implement IP addresses or other parameters for the client Related Documentati...

Page 2923: ...ing Including Dynamic and Allowed MAC Addresses to Protect the Switch from Ethernet Switching Table Overflow Attacks on page 2856 Mitigation of Rogue DHCP Server Attacks If an attacker sets up a rogue DHCP server to impersonate a legitimate DHCP server on the LAN the rogue server can start issuing leases to the network s DHCP clients The information provided to the clients by this rogue server can...

Page 2924: ...ss interfaces that has a MAC address identical to that of a client on another untrusted port The intruder acquires the DHCP lease which results in changes to the entries in the DHCP snooping table Subsequently what would have been valid ARP requests from the legitimate client are blocked To protect against this type of alteration of the DHCP snooping database configure MAC addresses that are expli...

Page 2925: ...nooping Basics on page 2829 DHCP Snooping Process on page 2830 DHCP Server Access on page 2831 DHCP Snooping Table on page 2834 Static IP Address Additions to the DHCP Snooping Database on page 2834 Snooping DHCP Packets That Have Invalid IP Addresses on page 2834 DHCP Snooping Basics Dynamic Host Configuration Protocol DHCP allocates IP addresses dynamically leasing addresses to devices so that t...

Page 2926: ...is disabled for all VLANs TIP For private VLANs PVLANs enable DHCP snooping on the primary VLAN If you enable DHCP snooping only on a community VLAN DHCP messages coming from PVLAN trunk ports are not snooped DHCP Snooping Process The basic process of DHCP snooping entails the following steps 1 Device sends DHCPDISCOVER to request IP address 2 Switch forwards the packet to the DHCP server 3 Server...

Page 2927: ...HCP Server Are All on the Same VLAN When the switch DHCP clients and DHCP server are all members of the same VLAN the DHCP server can be connected to the switch in one of two ways The server is directly connected to the same switch as the one connected to the DHCP clients the hosts or network devices that are requesting IP addresses from the server You must configure the port that connects the ser...

Page 2928: ...2 Connected to Switch 1 Through a Trusted Trunk Port Switch Acts as DHCP Server The switch itself is configured as a DHCP server this is known as a local configuration See Figure 64 on page 2833 Copyright 2010 Juniper Networks Inc 2832 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2929: ... these interfaces are configured as routed VLAN interfaces or RVIs These trunk interfaces are trusted by default These two scenarios illustrate the switch acting as a relay agent The DHCP server and clients are in different VLANs The switch is connected to a router that is in turn connected to the DHCP server See Figure 65 on page 2834 2833 Copyright 2010 Juniper Networks Inc Chapter 93 Port Secur...

Page 2930: ...ons to the DHCP Snooping Database You can add specific static IP addresses to the database as well as have the addresses dynamically assigned through DHCP snooping To add static IP addresses you supply the IP address the MAC address of the device the interface on which the device is connected and the VLAN with which the interface is associated No lease time is assigned to the entry The statically ...

Page 2931: ...es Switches on page 2840 Understanding DHCP Option 82 for Port Security on EX Series Switches on page 2840 DHCP Services for EX Series Switches Overview on page 547 DHCP BOOTP Relay for EX Series Switches Overview on page 548 Example Configuring Port Security with DHCP Snooping DAI MAC Limiting and MAC Move Limiting on an EX Series Switch on page 2849 Enabling DHCP Snooping CLI Procedure on page 2...

Page 2932: ...his mapping in a cache that it consults when forwarding packets to network devices If the ARP cache does not contain an entry for the destination device the host the DHCP client broadcasts an ARP request for that device s address and stores the response in the cache ARP Spoofing ARP spoofing also known as ARP poisoning or ARP cache poisoning is one way to initiate man in the middle attacks The att...

Page 2933: ... disabled for all VLANs You can set an interface to be trusted for ARP packets by setting dhcp trusted on that port For packets directed to the switch to which a network device is connected ARP queries are broadcast on the VLAN The ARP responses to those queries are subjected to the DAI check For DAI all ARP packets are trapped to the Routing Engine To prevent CPU overloading ARP packets destined ...

Page 2934: ... interface can be shut down or temporarily disabled Note that static MAC addresses do not count toward the limit you specify for dynamic MAC addresses Allowed MAC You configure specific allowed MAC addresses for the access interface Any MAC address that is not in the list of configured addresses is not learned and the switch logs the message Allowed MAC binds MAC addresses to a VLAN so that the ad...

Page 2935: ...See Setting the none Action on an Interface to Override a MAC Limit Applied to All Interfaces CLI Procedure on page 2922 MAC Addresses That Exceed the MAC Limit or MAC Move Limit If you have configured the port error disable statement you can view which interfaces are temporarily disabled due to exceeding the MAC limit or MAC move limit in the output for the show ethernet switching interfaces comm...

Page 2936: ... access interfaces on Ethernet LAN switches send requests for IP addresses in order to access the Internet The switch forwards or relays these requests to DHCP servers and the servers send offers for IP address leases in response Attackers can use these messages to perpetrate address spoofing and starvation Option 82 provides information about the network location of a DHCP client and the DHCP ser...

Page 2937: ...tion in its response message For detailed information about configuring DHCP services see the Junos OS System Basics Configuration Guide at http www juniper net techpubs software junos index html The configuration for DHCP service on the Juniper Networks EX Series Ethernet Switch includes the dhcp statement at the edit system services hierarchy level Suboption Components of Option 82 Option 82 as ...

Page 2938: ...and Clients Are on Same VLAN as DHCP Server If the DHCP clients the switch and the DHCP server are all on the same VLAN the switch forwards the requests from the clients on untrusted access interfaces to the server on a trusted interface See Figure 66 on page 2842 Figure 66 DHCP Clients Switch and DHCP Server Are All on Same VLAN For the configuration shown in Figure 66 on page 2842 you set DHCP o...

Page 2939: ...ween Clients and a DHCP Server on page 2895 Setting Up DHCP Option 82 on the Switch with No Relay Agent Between Clients and DHCP Server CLI Procedure on page 2929 Setting Up DHCP Option 82 with the Switch as a Relay Agent Between Clients and DHCP Server CLI Procedure on page 2926 Understanding IP Source Guard for Port Security on EX Series Switches Ethernet LAN switches are vulnerable to attacks t...

Page 2940: ...ss interfaces are untrusted and trunk interfaces are trusted IP source guard does not check packets that have been sent to the switch by devices connected to either trunk interfaces or trusted access interfaces that is interfaces configured as dhcp trusted so that a DHCP server can be connected to that interface to provide dynamic IP addresses IP source guard obtains information about IP address M...

Page 2941: ...ity including VLAN tagging used for voice VLANs GRES Graceful Routing Engine switchover Virtual Chassis configurations multiple EX4200 switches that are managed through a single management interface Link aggregation groups LAGs 802 1X user authentication in single supplicant mode NOTE The 802 1X user authentication is applied in one of three modes single supplicant single secure supplicant or mult...

Page 2942: ...ses to IP addresses The switch maintains this mapping in a cache that it consults when forwarding packets to network devices If the ARP cache does not contain an entry for the destination device the host the DHCP client broadcasts an ARP request for that device s address and stores the response in the cache Proxy ARP Overview When proxy ARP is enabled if the switch receives an ARP request for whic...

Page 2943: ...he switch We recommend using restricted mode on the switch Best Practices for Proxy ARP on EX Series Switches We recommend these best practices for configuring proxy ARP on the switches Set proxy ARP to restricted mode Use restricted mode when configuring proxy ARP on RVIs If you set proxy ARP to unrestricted disable gratuitous ARP requests on each interface enabled for proxy ARP Related Documenta...

Page 2944: ...Copyright 2010 Juniper Networks Inc 2848 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 2945: ...cond Switch on page 2873 Example Configuring IP Source Guard with Other EX Series Switch Features to Mitigate Address Spoofing Attacks on Untrusted Access Interfaces on page 2880 Example Configuring IP Source Guard on a Data VLAN That Shares an Interface with a Voice VLAN on page 2888 Example Setting Up DHCP Option 82 with an EX Series Switch as Relay Agent Between Clients and a DHCP Server on pag...

Page 2946: ...ple VLANs for EX Series Switches on page 1312 Overview and Topology Ethernet LANs are vulnerable to address spoofing and DoS attacks on network devices To protect the devices from such attacks you can configure DHCP snooping to validate DHCP server messages DAI to protect against MAC spoofing and MAC cache limiting to constrain the number of MAC addresses the switch adds to its MAC address cache Y...

Page 2947: ...in employee vlan ge 0 0 8 Interface for DHCP server In this example the switch is initially configured with the default port security setup In the default configuration on the switch Secure port access is activated on the switch DHCP snooping and DAI are disabled on all VLANs All access ports are untrusted and all trunk ports are trusted for DHCP snooping which is the default setting In the config...

Page 2948: ...cify the interface port from which DHCP responses are allowed edit ethernet switching options secure access port user switch set interface ge 0 0 8 dhcp trusted 3 Enable dynamic ARP inspection DAI on the VLAN edit ethernet switching options secure access port user switch set vlan employee vlan arp inspection 4 Configure the MAC limit of 4 and use the default action drop Packets will be dropped and...

Page 2949: ...P Snooping Is Working Correctly on the Switch on page 2853 Verifying That DAI Is Working Correctly on the Switch on page 2854 Verifying That MAC Limiting and MAC Move Limiting Are Working Correctly on the Switch on page 2854 VerifyingThatAllowedMACAddressesAreWorkingCorrectlyontheSwitchonpage2855 Verifying That DHCP Snooping Is Working Correctly on the Switch Purpose Verify that DHCP snooping is w...

Page 2950: ... some ARP requests from network devices connected to the switch Display the DAI information user switch show arp inspection statistics ARP inspection statistics Interface Packets received ARP inspection pass ARP inspection failed ge 0 0 1 0 7 5 2 ge 0 0 2 0 10 10 0 ge 0 0 3 0 12 12 0 Meaning The sample output shows the number of ARP packets received and inspected per interface with a listing of ho...

Page 2951: ...2 0 employee vlan Flood ge 0 0 2 0 employee vlan Flood ge 0 0 2 0 Meaning The first sample output shows that with a MAC limit of 4 for each interface the fifth MAC address on ge 0 0 2 was not learned because it exceeded the MAC limit The second sample output shows that MAC addresses for three of the hosts on ge 0 0 2 were not learned because the hosts had been moved back more than 5 times in one s...

Page 2952: ...ch from Ethernet Switching Table Overflow Attacks In an Ethernet switching table overflow attack an intruder sends so many requests from new MAC addresses that the Ethernet switching table fills up and then overflows forcing the switch to broadcast all messages This example describes how to configure MAC limiting and allowed MAC addresses two port security features to protect the switch from Ether...

Page 2953: ...the topic Example Setting Up Bridging with Multiple VLANs for EX Series Switches on page 1312 That procedure is not repeated here Figure 69 on page 2857 illustrates the topology for this example Figure 69 Network Topology for Basic Port Security The components of the topology for this example are shown in Table 366 on page 2857 Table 366 Components of the Port Security Topology Settings Properties...

Page 2954: ...ce ge 0 0 1 mac limit 4 action drop set interface ge 0 0 2 allowed mac 00 05 85 3A 82 80 set interface ge 0 0 2 allowed mac 00 05 85 3A 82 81 set interface ge 0 0 2 allowed mac 00 05 85 3A 82 83 set interface ge 0 0 2 allowed mac 00 05 85 3A 82 85 Step by Step Procedure Configure MAC limiting and some allowed MAC addresses Configure a MAC limit of 4 on ge 0 0 1 and specify that incoming packets wi...

Page 2955: ...loyee vlan 00 05 85 3A 82 80 Learn 0 ge 0 0 2 0 employee vlan 00 05 85 3A 82 81 Learn 0 ge 0 0 2 0 employee vlan 00 05 85 3A 82 83 Learn 0 ge 0 0 2 0 employee vlan 00 05 85 3A 82 85 Learn 0 ge 0 0 2 0 employee vlan Flood ge 0 0 2 0 Meaning The sample output shows that with a MAC limit of 4 for the interface the DHCP request for a fifth MAC address on ge 0 0 1 was dropped because it exceeded the MA...

Page 2956: ...gate rogue DHCP server attacks be sure you have Connected the DHCP server to the switch Enabled DHCP snooping on the VLAN Configured the VLAN employee vlan on the switch See Example Setting Up Bridging with Multiple VLANs for EX Series Switches on page 1312 Overview and Topology Ethernet LANs are vulnerable to address spoofing and DoS attacks on network devices This example describes how to protec...

Page 2957: ...through 192 0 2 30 192 0 2 31 is the subnet s broadcast address VLAN subnets ge 0 0 1 ge 0 0 2 ge 0 0 3 ge 0 0 8 Interfaces in employee vlan ge 0 0 8 Interface for DHCP server In this example the switch has already been configured as follows Secure port access is activated on the switch DHCP snooping is enabled on the VLAN employee vlan The interface port where the rogue DHCP server has connected ...

Page 2958: ...n To confirm that the configuration is working properly Verifying That the DHCP Server Interface Is Untrusted on page 2862 Verifying That the DHCP Server Interface Is Untrusted Purpose Verify that the DHCP server is untrusted Action Send some DHCP requests from network devices here they are DHCP clients connected to the switch Display the DHCP snooping information when the port on which the DHCP s...

Page 2959: ...rver to provide IP addresses to network devices on the switch Before you configure MAC limiting a port security feature to mitigate DHCP starvation attacks be sure you have Connected the DHCP server to the switch Configured the VLAN employee vlan on the switch See Example Setting Up Bridging with Multiple VLANs for EX Series Switches on page 1312 Overview and Topology Ethernet LANs are vulnerable ...

Page 2960: ...ready been configured as follows Secure port access is activated on the switch No MAC limit is set on any of the interfaces DHCP snooping is disabled on the VLAN employee vlan All access interfaces are untrusted which is the default setting Configuration To configure the MAC limiting port security feature to protect the switch against DHCP starvation attacks CLI Quick Configuration To quickly conf...

Page 2961: ...drop interface ge 0 0 2 0 mac limit 3 action drop Verification To confirm that the configuration is working properly Verifying That MAC Limiting Is Working Correctly on the Switch on page 2865 Verifying That MAC Limiting Is Working Correctly on the Switch Purpose Verify that MAC limiting is working on the switch Action Send some DHCP requests from network devices here they are DHCP clients connect...

Page 2962: ...IP address is now sent to the attacker instead of being sent to the intended destination The attacker can send faked or spoofed ARP messages on the LAN NOTE OnEXSeriesswitches whendynamicARPinspection DAI isenabled the switch logs the number of invalid ARP packets that it receives on each interface along with the sender s IP and MAC addresses You can use these log messages to discover ARP spoofing...

Page 2963: ...on the LAN for example the attacker might launch a man in the middle attack This example shows how to configure port security features on an EX3200 24P switch that is connected to a DHCP server The setup for this example includes the VLAN employee vlan on the switch The procedure for creating that VLAN is described in the topic Example Setting Up Bridging with Multiple VLANs for EX Series Switches...

Page 2964: ...spection DAI copy the following commands and paste them into the switch terminal window edit ethernet switching options secure access port set interface ge 0 0 8 dhcp trusted set vlan employee vlan examine dhcp set vlan employee vlan arp inspection Step by Step Procedure Configure DHCP snooping and dynamic ARP inspection DAI on the VLAN Set the ge 0 0 8 interface as trusted 1 edit ethernet switchi...

Page 2965: ...5 3A 82 77 192 0 2 17 600 dynamic employee vlan ge 0 0 1 0 00 05 85 3A 82 79 192 0 2 18 653 dynamic employee vlan ge 0 0 1 0 00 05 85 3A 82 80 192 0 2 19 720 dynamic employee vlan ge 0 0 2 0 00 05 85 3A 82 81 192 0 2 20 932 dynamic employee vlan ge 0 0 2 0 00 05 85 3A 82 83 192 0 2 21 1230 dynamic employee vlan ge 0 0 2 0 00 05 85 27 32 88 192 0 2 22 3200 dynamic employee vlan ge 0 0 3 0 Meaning W...

Page 2966: ...ttack on the DHCP snooping database an intruder introduces a DHCP client on an untrusted access interface with a MAC address identical to that of a client on another untrusted interface The intruder then acquires the DHCP lease of that other client thus changing the entries in the DHCP snooping table Subsequently what would have been valid ARP requests from the legitimate client are blocked This e...

Page 2967: ...mployee vlan on the switch The procedure for creating that VLAN is described in the topic Example Setting Up Bridging with Multiple VLANs for EX Series Switches on page 1312 That procedure is not repeated here Figure 73 on page 2871 illustrates the topology for this example Figure 73 Network Topology for Basic Port Security The components of the topology for this example are shown in Table 370 on ...

Page 2968: ...ace ge 0 0 2 allowed mac 00 05 85 3A 82 85 set interface ge 0 0 2 allowed mac 00 05 85 3A 82 88 Step by Step Procedure To configure some allowed MAC addresses on an interface Configure the five allowed MAC addresses on an interface edit ethernet switching options secure access port user switch set interface ge 0 0 2 allowed mac 00 05 85 3A 82 80 user switch set interface ge 0 0 2 allowed mac 00 05...

Page 2969: ...e on page 2915 Configuring MAC Limiting J Web Procedure on page 2917 Example Configuring DHCP Snooping DAI and MAC Limiting on an EX Series Switch with Access to a DHCP Server Through a Second Switch You can configure DHCP snooping dynamic ARP inspection DAI and MAC limiting on the access interfaces of EX Series switches to protect the switch and the Ethernet LAN against address spoofing and Layer...

Page 2970: ...ks you can configure DHCP snooping to validate DHCP server messages DAI to protect against ARP spoofing MAC limiting to constrain the number of MAC addresses the switch adds to its MAC address cache This example shows how to configure these port security features on an EX3200 switch which is Switch 1 in this example You could also use an EX4200 switch for this example Switch 1 is connected to a sw...

Page 2971: ...itch 2 Switch hardware employee vlan tag 20 VLAN name and ID 192 0 2 16 28 192 0 2 17 through 192 0 2 30 192 0 2 31 is subnet s broadcast address VLAN subnets ge 0 0 11 Trunk interface on both switches ge 0 0 1 ge 0 0 2 and ge 0 0 3 Access interfaces on Switch 1 ge 0 0 1 Access interface on Switch 2 ge 0 0 1 on Switch 2 Interface for DHCP server Switch 1 is initially configured with the default po...

Page 2972: ...pection set ethernet switching options secure access port vlan employee vlan examine dhcp set interfaces ge 0 0 1 unit 0 family ethernet switching vlan members 20 set interfaces ge 0 0 2 unit 0 family ethernet switching vlan members 20 set interfaces ge 0 0 3 unit 0 family ethernet switching vlan members 20 set interfaces ge 0 0 11 unit 0 family ethernet switching port mode trunk set interfaces ge...

Page 2973: ... secure access port user switch1 set interface ge 0 0 1 mac limit 5 Results Display the results of the configuration edit user switch1 show ethernet switching options secure access port interface ge 0 0 1 0 mac limit 5 action drop vlan employee vlan arp inspection examine dhcp interfaces ge 0 0 1 unit 0 family ethernet switching vlan members 20 ge 0 0 2 unit 0 family ethernet switching vlan member...

Page 2974: ...lan vlan id 20 Step by Step Procedure To configure the VLAN and interfaces on Switch 2 Configure an interface on Switch 2 as a trunk interface 1 edit interfaces user switch2 set ge 0 0 11 unit 0 ethernet switching port mode trunk 2 Associate the VLAN with interfaces ge 0 0 1 and ge 0 0 11 edit interfaces user switch2 set ge 0 0 1 unit 0 family ethernet switching vlan members 20 user switch2 set ge...

Page 2975: ...rver has provided the IP addresses and leases user switch1 show dhcp snooping binding DHCP Snooping Information MAC Address IP Address Lease Type VLAN Interface 00 05 85 3A 82 77 192 0 2 17 600 dynamic employee vlan ge 0 0 1 0 00 05 85 3A 82 79 192 0 2 18 653 dynamic employee vlan ge 0 0 1 0 00 05 85 3A 82 80 192 0 2 19 720 dynamic employee vlan ge 0 0 1 0 00 05 85 3A 82 81 192 0 2 20 932 dynamic ...

Page 2976: ...n 00 05 85 3A 82 77 Learn 0 ge 0 0 1 0 employee vlan 00 05 85 3A 82 79 Learn 0 ge 0 0 1 0 employee vlan 00 05 85 3A 82 80 Learn 0 ge 0 0 1 0 employee vlan 00 05 85 3A 82 81 Learn 0 ge 0 0 1 0 employee vlan 00 05 85 3A 82 83 Learn 0 ge 0 0 1 0 employee vlan Flood ge 0 0 1 0 Meaning The sample output shows that five MAC addresses have been learned for interface ge 0 0 1 which corresponds to the MAC ...

Page 2977: ...hese scenarios be sure you have Connected the DHCP server to the switch Connected the RADIUS server and configured user authentication on the RADIUS server See Example Connecting a RADIUS Server for 802 1X to an EX Series Switch on page 2545 Configured the VLANs on the switch See Example Setting Up Bridging with Multiple VLANs for EX Series Switches on page 1312 for detailed information about conf...

Page 2978: ...g of death attacks DHCP starvation and ARP spoofing In the second example configuration the switch is configured for 802 1X user authentication If the client fails authentication the switch redirects the client to a guest VLAN that allows this client to access a set of restricted network features You configure IP source guard on the guest VLAN to mitigate effects of source IP spoofing NOTE Control...

Page 2979: ...lan members data 2 Associate two interfaces with the data VLAN edit interfaces user switch set ge 0 0 0 unit 0 family ethernet switching vlan members data user switch set ge 0 0 1 unit 0 family ethernet switching vlan members data 3 Configure 802 1X user authentication and LLDP MED on the two interfaces that you associated with the data VLAN edit protocols user switch set lldp med interface ge 0 0...

Page 2980: ...t1x authenticator authentication profile name profile52 interface ge 0 0 0 0 supplicant single ge 0 0 1 0 supplicant single ge 0 0 14 0 supplicant single Configuring IP Source Guard on a Guest VLAN CLI Quick Configuration To quickly configure IP source guard on a guest VLAN copy the following commands and paste them into the switch terminal window Copyright 2010 Juniper Networks Inc 2884 Complete ...

Page 2981: ...ected to the switch as a trusted interface and add that interface to the employee VLAN edit ethernet switching options user switch set secure access port interface ge 0 0 24 dhcp trusted user switch setge 0 0 24unit0familyethernet switchingvlanmembersemployee 2 Configure two interfaces for the access port mode edit interfaces user switch set ge 0 0 0 unit 0 family ethernet switching port mode acce...

Page 2982: ...cant single supplicant timeout 2 ge 0 0 1 0 guest vlan employee supplicant single supplicant timeout 2 edit vlans employee vlan id 100 edit interfaces ge 0 0 0 unit 0 family ethernet switching port mode access ge 0 0 1 unit 0 family ethernet switching port mode access ge 0 0 24 unit 0 family ethernet switching vlan members employee Copyright 2010 Juniper Networks Inc 2886 Complete Software Guide f...

Page 2983: ... the interface Action Use the show dot1x interface command to view the 802 1X details Meaning The Supplicant mode output field displays the configured administrative mode for each interface Verifying the VLAN Association with the Interface Purpose Verity interface states and VLAN memberships Action Use the show ethernet switching interfaces command to view the Ethernet switching table entries Mean...

Page 2984: ...ress and MAC Address fields Related Documentation Example Configuring Port Security with DHCP Snooping DAI MAC Limiting and MAC Move Limiting on an EX Series Switch on page 2849 Example Setting Up VoIP with 802 1X and LLDP MED on an EX Series Switch on page 2580 Example Configuring IP Source Guard on a Data VLAN That Shares an Interface with a Voice VLAN on page 2888 Configuring IP Source Guard CL...

Page 2985: ...ology IP source guard checks the IP source address and MAC source address in a packet sent from a host attached to an untrusted access interface on the switch If IP source guard determines that the packet header contains an invalid source IP address or source MAC address it ensures that the switch does not forward the packet that is the packet is discarded When you configure IP source guard you en...

Page 2986: ... 11 11 vlan data set ethernet switching options secure access port vlan data examine dhcp set ethernet switching options secure access port vlan data ip source guard set interfaces ge 0 0 24 unit 0 family ethernet switching vlan members data set vlans voice vlan id 100 set protocols lldp med interface ge 0 0 14 0 set protocols dot1x authenticator authentication profile name profile52 set protocols...

Page 2987: ...2 user switch set dot1x authenticator interface ge 0 0 14 0 supplicant single 6 Set the VLAN ID for the voice VLAN edit vlans user switch set voice vlan id 100 Results Check the results of the configuration edit ethernet switching options user switch show voip interface ge 0 0 14 0 vlan voice secure access port interface ge 0 0 14 0 static ip 11 1 1 1 vlan data mac 00 11 11 11 11 11 interface ge 0...

Page 2988: ... the Interface on page 2892 Verifying the VLAN Association with the Interface on page 2893 Verifying That DHCP Snooping and IP Source Guard Are Working on the Data VLAN on page 2893 Verifying That 802 1X User Authentication Is Working on the Interface Purpose Verify the 802 1X configuration on interface ge 0 0 14 Action Verify the 802 1X configuration with the operational mode command showdot1xint...

Page 2989: ...hernet switching interfaces Interface State VLAN members Blocking ge 0 0 0 0 down default unblocked ge 0 0 1 0 down employee unblocked ge 0 0 2 0 down employee unblocked ge 0 0 12 0 down default unblocked ge 0 0 13 0 down default unblocked ge 0 0 13 0 down vlan100 unblocked ge 0 0 14 0 up voice unblocked data unblocked ge 0 0 17 0 down employee unblocked ge 0 0 23 0 down default unblocked ge 0 0 2...

Page 2990: ... 0 10 10 10 7 00 30 48 92 A5 9D vlan100 ge 0 0 14 0 0 10 10 10 9 00 30 48 8D 01 3D data ge 0 0 14 0 0 11 1 1 1 00 11 11 11 11 11 data ge 0 0 13 0 100 voice Meaning When the interface on which the DHCP server connects to the switch has been set to trusted the output see the preceding sample output for show dhcp snooping binding shows for each MAC address the assigned IP address and lease time that ...

Page 2991: ...the DHCP clients but on a different VLAN from the DHCP server the switch acts as a relay agent Requirements on page 2895 Overview and Topology on page 2896 Configuration on page 2896 Requirements This example uses the following hardware and software components One EX4200 24P switch Junos OS Release 9 3 or later for EX Series switches A DHCP server to provide IP addresses to network devices on the ...

Page 2992: ...on to formulate its reply and sends a response back to the switch It does not alter the option 82 information 4 The switch strips the option 82 information from the response packet 5 The switch forwards the response packet to the client In this example you configure option 82 on the EX Series switch The switch is configured as a BOOTP relay agent The switch connects to the DHCP server through the ...

Page 2993: ...e a prefix for the remote ID suboption here the prefix is the MAC address of the switch edit forwarding options helpers bootp user switch set dhcp option82 remote id prefix mac 6 Specify that the remote ID suboption value contains a character string here the string is employee switch1 edit forwarding options helpers bootp user switch set dhcp option82 remote id use string employee switch1 7 Config...

Page 2994: ...to configure DHCP option 82 on a switch with DHCP clients DHCP server and switch all on the same VLAN Requirements on page 2898 Overview and Topology on page 2899 Configuration on page 2900 Requirements This example uses the following hardware and software components One EX Series switch Junos OS Release 9 3 or later for EX Series switches A DHCP server to provide IP addresses to network devices o...

Page 2995: ...switch then this sequence of events occurs when a DHCP client sends a DHCP request 1 The switch receives the request and inserts the option 82 information in the packet header 2 The switch forwards the request to the DHCP server 3 The server uses the DHCP option 82 information to formulate its reply and sends a response back to the switch It does not alter the option 82 information 4 The switch st...

Page 2996: ...ure DHCP option 82 1 Specify DHCP option 82 for the employee VLAN edit ethernet switching options secure access port user switch set vlan employee dhcp option82 2 Configure a prefix for the circuit ID suboption the prefix is always the hostname of the switch edit ethernet switching options secure access port user switch set vlan employee dhcp option82 circuit id prefix hostname 3 Specify that the ...

Page 2997: ... with No Relay Agent Between Clients and DHCP Server CLI Procedure on page 2929 RFC 3046 DHCP Relay Agent Information Option at http tools ietf org html rfc3046 Example Configuring Proxy ARP on an EX Series Switch You can configure proxy Address Resolution Protocol ARP on your EX Series switch to enable the switch to respond to ARP queries for network addresses by offering its own MAC address With...

Page 2998: ...te destination Configuration To configure proxy ARP perform the following tasks CLI Quick Configuration To quickly configure proxy ARP on an interface copy the following command and paste it into the switch terminal window edit set interfaces ge 0 0 3 unit 0 proxy arp restricted Step by Step Procedure You configure proxy ARP on individual interfaces 1 To configure proxy ARP on an interface edit in...

Page 2999: ...h 0 for non IP protocol 0 with unsupported op code 0 with bad protocol address length 0 with bad hardware address length 0 with multicast source address 0 with multicast target address 0 with my own hardware address 168705 for an address not on the interface 0 with a broadcast source address 0 with source address duplicate to mine 29555 which were not for me 0 packets discarded waiting for resolut...

Page 3000: ... all the unproxied ARP requests received have been proxied by the switch Related Documentation Configuring Proxy ARP CLI Procedure on page 1395 Understanding Proxy ARP on EX Series Switches on page 1301 Copyright 2010 Juniper Networks Inc 2904 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 3001: ...C Move Limiting CLI Procedure on page 2919 Configuring MAC Move Limiting J Web Procedure on page 2921 Setting the none Action on an Interface to Override a MAC Limit Applied to All Interfaces CLI Procedure on page 2922 Configuring IP Source Guard CLI Procedure on page 2923 Configuring Static IP Addresses for DHCP Bindings on Access Ports CLI Procedure on page 2925 Setting Up DHCP Option 82 with th...

Page 3002: ... vlan employee vlan arp inspection On all VLANs edit ethernet switching options secure access port user switch set vlan all arp inspection 3 Limit the number of dynamic MAC addresses and specify the action to take if the limit is exceeded for example set a MAC limit of 5 with an action of drop On a single interface here the interface is ge 0 0 1 edit ethernet switching options secure access port u...

Page 3003: ...face ge 0 0 8 dhcp trusted Related Documentation Configuring Port Security J Web Procedure on page 2907 Configuring Autorecovery From the Disabled State on Secure or Storm Control Interfaces CLI Procedure on page 2796 Example Configuring Port Security with DHCP Snooping DAI MAC Limiting and MAC Move Limiting on an EX Series Switch on page 2849 Example Configuring DHCP Snooping DAI and MAC Limiting...

Page 3004: ...d maintains a database of valid IP addresses MAC address bindings By default access ports are untrusted and trunk ports are trusted Enable DHCP Snooping on VLAN Select to enable ARP inspection on a specified VLAN or all VLANs Configure any port on which you do not want ARP inspection to occur as a trusted DHCP server port Uses information in the DHCP snooping database to validate ARP packets on th...

Page 3005: ...he disabled state and specifying a disable timeout value See Configuring Autorecovery From the Disabled State on Secure or Storm Control Interfaces CLI Procedure on page 2796 None No action to be taken Specifies the action to be taken if the MAC limit is exceeded This option is not valid for trunk ports MAC Limit Action To add a MAC address 1 Click Add 2 Enter the MAC address 3 Click OK Specifies ...

Page 3006: ...n configure the bindings to persist by setting the dhcp snooping file statement to store the database file either locally or remotely TIP For private VLANs PVLANs enable DHCP snooping on the primary VLAN If you enable DHCP snooping only on a community VLAN DHCP messages coming from PVLAN trunk ports are not snooped Related Documentation Enabling DHCP Snooping J Web Procedure on page 2911 Example C...

Page 3007: ...enable or disable port security on the switch at any time by clicking the Activate or Deactivate button on the Port Security Configuration page If security status is shown as Disabled when you try to edit settings for any VLANs or interfaces ports the message asking if you want to enable port security appears Related Documentation Enabling DHCP Snooping CLI Procedure on page 2910 Example Configuri...

Page 3008: ...page 2859 Verifying That a Trusted DHCP Server Is Working Correctly on page 2935 Monitoring Port Security on page 2933 Understanding Trusted DHCP Servers for Port Security on EX Series Switches on page 2840 Enabling a Trusted DHCP Server J Web Procedure You can configure any interface on the EX Series switch that connects to a DHCP server as a trusted interface port Configuring a DHCP server on a ...

Page 3009: ...mic ARP inspection DAI protects EX Series switches against ARP spoofing DAI inspects ARP packets on the LAN and uses the information in the DHCP snooping database on the switch to validate ARP packets and to protect against ARP cache poisoning You configure DAI for each VLAN not for each interface port By default DAI is disabled for all VLANs To enable dynamic ARP inspection DAI on a VLAN or all V...

Page 3010: ...ect the Enable ARP Inspection on VLAN check box and then click OK 5 Click OK after the command has been successfully delivered NOTE You can enable or disable port security on the switch at any time by clicking the Activate or Deactivate button on the Port Security Configuration page If security status is shown as Disabled when you try to edit settings for any VLANs or interfaces ports the message ...

Page 3011: ...e maximum number of dynamic MAC addresses that can be learned on a single Layer 2 access interface or on all Layer 2 access interfaces You can choose to have one of the following actions performed when the limit of MAC addresses is exceeded drop Drop the packet and generate an alarm an SNMP trap or a system log entry This is the default log Do not drop the packet but generate an alarm an SNMP trap...

Page 3012: ...itch set interface ge 0 0 2 allowed mac 00 05 85 3A 82 80 user switch set interface ge 0 0 2 allowed mac 00 05 85 3A 82 81 user switch set interface ge 0 0 2 allowed mac 00 05 85 3A 82 83 On all interfaces edit ethernet switching options secure access port user switch set interface all allowed mac 00 05 85 3A 82 80 user switch set interface all allowed mac 00 05 85 3A 82 81 user switch set interfa...

Page 3013: ...face 1 Select Configure Security Port Security 2 Select one or more interfaces from the Interface List 3 Click the Edit button If a message appears asking whether you want to enable port security click Yes 4 To set a dynamic MAC limit 1 Type a limit value in the MAC Limit box 2 Select an action from the MAC Limit Action box optional The switch takes this action when the MAC limit is exceeded If yo...

Page 3014: ...Procedure on page 2915 Example Configuring Allowed MAC Addresses to Protect the Switch from DHCP Snooping Database Alteration Attacks on page 2870 Example Configuring MAC Limiting Including Dynamic and Allowed MAC Addresses to Protect the Switch from Ethernet Switching Table Overflow Attacks on page 2856 Example Configuring MAC Limiting to Protect the Switch from DHCP Starvation Attacks on page 28...

Page 3015: ...re MAC move limiting per VLAN not per interface port In the default configuration the number of MAC moves permitted is unlimited You can choose to have one of the following actions performed when the MAC move limit is exceeded drop Drop the packet and generate an alarm an SNMP trap or a system log entry This is the default log Do not drop the packet but generate an alarm an SNMP trap or a system l...

Page 3016: ...hernet switching options secure access port user switch set vlan all mac move limit 5 The action is not specified so the switch performs the default action drop if it tracks that an individual MAC address within any of the VLANs has moved more than 5 times within one second Related Documentation Configuring MAC Move Limiting J Web Procedure on page 2921 Example Configuring Port Security with DHCP ...

Page 3017: ...Configure Security Port Security 2 Select one or more VLANs from the VLAN List 3 Click the Edit button If a message appears asking whether you want to enable port security click Yes 4 To set a MAC move limit 1 Type a limit value in the MAC Movement box 2 Select an action from the MAC Movement Action box optional The switch takes this action when an individual MAC address exceeds the MAC move limit...

Page 3018: ...s CLI Procedure If you set a MAC limit in your port security settings to apply to all interfaces on the EX Series switch you can override that setting for a particular interface by specifying action none To use the none action to override a MAC limit setting 1 Set the MAC limit for example a limit of 5 with action drop edit ethernet switching options secure access port user switch set interface al...

Page 3019: ...scarded You enable the IP source guard feature on VLANs You can enable it on a specific VLAN on all VLANs or on a VLAN range NOTE IP source guard applies only to access interfaces and only to untrusted interfaces If you enable IP source guard on a VLAN that includes trunk interfaces or an interface set to dhcp trusted the CLI shows an error when you try to commit the configuration Before you confi...

Page 3020: ...switching options secure access port user switch set vlan employee ip source guard NOTE You can use the no ip source guard statement to disable IP source guard for a specific VLAN after you have enabled the feature for all VLANs To view results of the configuration steps before committing the configuration type the show command at the user prompt To commit these changes to the active configuration...

Page 3021: ...lan and 00 05 85 3A 82 80 with values for your configuration edit ethernet switching options secure access port user switch setinterfacege 0 0 2static ip10 0 10 12vlandata vlanmac00 05 85 3A 82 80 To view results of the configuration steps before committing the configuration type the show command at the user prompt To commit these changes to the active configuration type the commit command at the ...

Page 3022: ...are all on the same VLAN The switch forwards the clients requests to the server and forwards the server s replies to the clients This configuration is described in Setting Up DHCP Option 82 on the Switch with No Relay Agent Between Clients and DHCP Server CLI Procedure on page 2929 Before you configure DHCP option 82 on the switch perform these tasks Connect and configure the DHCP server NOTE Your...

Page 3023: ...e default edit forwarding options helpers bootp user switch set dhcp option82 circuit id use interface description 4 To specify that the circuit ID suboption value contains the VLAN ID rather than the VLAN name the default edit forwarding options helpers bootp user switch set dhcp option82 circuit id use vlan id 5 To specify that the remote ID suboption is included in the DHCP option 82 informatio...

Page 3024: ...ault edit forwarding options helpers bootp user switch set dhcp option82 vendor id mystring To view results of the configuration steps before committing the configuration type the show command at the user prompt To commit these changes to the active configuration type the commit command at the user prompt Related Documentation Example Setting Up DHCP Option 82 with an EX Series Switch as Relay Age...

Page 3025: ...a relay agent when the DHCP clients or the DHCP server is connected to the switch through a Layer 3 interface On the switch these interfaces are configured as routed VLAN interfaces or RVIs The switch relays the clients requests to the server and then forwards the server s replies to the clients This configuration is described in Setting Up DHCP Option 82 with the Switch as a Relay Agent Between C...

Page 3026: ...it ID suboption value contains the VLAN ID rather than the VLAN name the default edit ethernet switching options secure access port user switch set vlan employee dhcp option82 circuit id use vlan id 5 To specify that the remote ID suboption is included in the DHCP option 82 information edit ethernet switching options secure access port user switch set vlan employee dhcp option82 remote id 6 To con...

Page 3027: ...lients and DHCP Server on page 2898 Understanding DHCP Option 82 for Port Security on EX Series Switches on page 2840 RFC 3046 DHCP Relay Agent Information Option at http tools ietf org html rfc3046 Configuring Proxy ARP CLI Procedure You can configure proxy Address Resolution Protocol ARP on your EX Series switch to enable the switch to respond to ARP queries for network addresses by offering its...

Page 3028: ...imiting or storm control errors NOTE Youmustspecifythedisabletimeoutvaluefortheinterfacestorecover automatically There is no default disable timeout If you do not specify a timeout value you need to use the clear ethernet switching port error command to clear the errors and restore the interfaces or the specified interface to service To configure autorecovery from the disabled state due to MAC lim...

Page 3029: ...hese port security details DHCP snooping database for a VLAN or all VLANs ARP inspection details for all interfaces Action To monitor port security in the J Web interface select Monitor Security Port Security To monitor and manipulate the DHCP snooping database and ARP inspection statistics in the CLI enter the following commands show dhcp snooping binding clear dhcp snooping binding In addition t...

Page 3030: ...rifying That DHCP Snooping Is Working Correctly Purpose Verify that DHCP snooping is working on the switch and that the DHCP snooping database is correctly populated with both dynamic and static bindings Action Send some DHCP requests from network devices here they are DHCP clients connected to the switch Display the DHCP snooping information when the interface on which the DHCP server connects to...

Page 3031: ...HCP Server Is Working Correctly Purpose Verify that a DHCP trusted server is working on the switch See what happens when the DHCP server is trusted and then untrusted Action Send some DHCP requests from network devices here they are DHCP clients connected to the switch Display the DHCP snooping information when the interface on which the DHCP server connects to the switch is trusted The following ...

Page 3032: ...atistics ARP inspection statistics Interface Packets received ARP inspection pass ARP inspection failed ge 0 0 1 0 7 5 2 ge 0 0 2 0 10 10 0 ge 0 0 3 0 12 12 0 Meaning The sample output shows the number of ARP packets received and inspected per interface with a listing of how many packets passed and how many failed the inspection on each interface The switch compares the ARP requests and replies ag...

Page 3033: ...Addresses Is Working Correctly Purpose Verify that MAC limiting for dynamic MAC addresses is working on the switch Action Display the MAC addresses that have been learned The following sample output shows the results when two packets were sent from hosts on ge 0 0 1 and five packets requests were sent from hosts on ge 0 0 2 with both interfaces set to a MAC limit of 4 with the action drop user swi...

Page 3034: ...re learned and thus added to the MAC cache Because the fifth address was not learned an asterisk rather than an address appears in the MAC address column in the last line of the sample output Verifying Results of Various Action Settings When the MAC Limit Is Exceeded Purpose Verify the results provided by the various action settings for MAC limits drop log none and shutdown when the limits are exc...

Page 3035: ...88 Learn 0 ge 0 0 2 0 shutdown action For MAC limiting configured with a shutdown action and with MAC limit set to 3 user switch show ethernet switching table Ethernet switching table 4 entries 3 learned VLAN MAC address Type Age Interfaces employee vlan Flood ge 0 0 2 0 employee vlan 00 05 85 3A 82 82 Learn 0 ge 0 0 2 0 employee vlan 00 05 85 3A 82 84 Learn 0 ge 0 0 2 0 employee vlan 00 05 85 3A ...

Page 3036: ...able timeout value The switch automatically restores the disabled interface to service when the disable timeout expires The port error disable configuration does not apply to pre existing error conditions It impacts only error conditions that are detected after port error disable has been enabled and committed To clear a pre existing error condition and restore the interface to service use the cle...

Page 3037: ...C Move Limiting Is Working Correctly Purpose Verify that MAC move limiting is working on the switch Action Display the MAC addresses in the Ethernet switching table when MAC move limiting has been configured for a VLAN The following sample shows the results after two of the hosts on ge 0 0 2 sent packets after the MAC addresses for those hosts had moved to other interfaces more than five times in ...

Page 3038: ...ation Interface Tag IP Address MAC Address VLAN ge 0 0 12 0 0 10 10 10 7 00 30 48 92 A5 9D vlan100 ge 0 0 13 0 0 10 10 10 9 00 30 48 8D 01 3D vlan100 ge 0 0 13 0 100 voice Meaning The IP source guard database table contains the VLANs enabled for IP source guard the untrusted access interfaces on those VLANs the VLAN 802 1Q tag IDs if there are any and the IP addresses and MAC addresses that are bo...

Page 3039: ...dropped due to interface deletion 0 requests on unnumbered interfaces 0 new requests on unnumbered interfaces 0 replies for from unnumbered interfaces 0 requests on unnumbered interface with non subnetted donor 0 replies from unnumbered interface with non subnetted donor Meaning The statistics show that two proxy ARP requests were received and the proxy requests notproxied field indicates that all...

Page 3040: ...net switching interfaces command shows that three of the down interfaces specify the reason that the interface is disabled MAC limit exceeded The interface is temporarily disabled due to a mac limit error The disabled interface is automatically restored to service when the disable timeout expires MAC move limit exceeded The interface is temporarily disabled due to a mac move limit error The disabl...

Page 3041: ...C limit or MAC move limit action to log 1 edit ethernet switching options secure access port user switch set interface ge 0 0 2 mac limit 5 action log 2 Allow some MAC address requests to come in 3 View the entries in the Ethernet switching table user switch show ethernet switching table Multiple DHCP Server Packets Have Been Received on Untrusted Interfaces Problem You see log messages that DHCP ...

Page 3042: ...ng That a Trusted DHCP Server Is Working Correctly on page 2935 Verifying That MAC Limiting Is Working Correctly on page 2937 Enabling a Trusted DHCP Server CLI Procedure on page 2912 Configuring MAC Limiting CLI Procedure on page 2915 Copyright 2010 Juniper Networks Inc 2946 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 3043: ...ng options analyzer name loss priority priority ratio number input ingress interface all interface name vlan vlan id vlan name egress interface all interface name output interface interface name vlan vlan id vlan name bpdu block disable timeout timeout interface all interface name dot1q tunneling ether type 0x8100 0x88a8 0x9100 interfaces interface name no mac learning mac notification notificatio...

Page 3044: ... name mac mac address vlan all vlan name arp inspection no arp inspection dhcp option82 circuit id prefix hostname use interface description use vlan id remote id prefix hostname mac none use interface description use string string vendor id string examine dhcp no examine dhcp ip source guard no ip source guard mac move limit limit action action storm control action shutdown interface all interfac...

Page 3045: ...nt Trunk Links on EX Series Switches on page 1291 Understanding Storm Control on EX Series Switches on page 2791 Understanding 802 1X and VoIP on EX Series Switches on page 2542 Understanding Q in Q Tunneling on EX Series Switches on page 1293 Understanding Unknown Unicast Forwarding on EX Series Switches on page 2792 Understanding MAC Notification on EX Series Switches on page 1302 edit forwardin...

Page 3046: ...n 82 with the Switch as a Relay Agent Between Clients and DHCP Server CLI Procedure on page 2926 Understanding DHCP Option 82 for Port Security on EX Series Switches on page 2840 DHCP BOOTP Relay for EX Series Switches Overview on page 548 For more information about the editforwarding options hierarchy and all its options see the Junos OS Policy Framework Configuration Guide at http www juniper ne...

Page 3047: ...ynamic MAC values that have been applied with the mac limit statement Options mac address list One or more MAC addresses configured as allowed MAC addresses for a specified interface or all interfaces Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation mac limit on page 2964 Example Configurin...

Page 3048: ...evel routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Configuring Port Security with DHCP Snooping DAI MAC Limiting and MAC Move Limiting on an EX Series Switch on page 2849 Example Configuring DHCP Snooping DAI and MAC Limiting on an EX Series Switch with Access to a DHCP Server Through a Second Switch on ...

Page 3049: ...separately Default If DCHP option 82 is enabled on the switch the circuit ID is supplied by default in the format interface name vlan name or on a Layer 3 interface just interface name Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Setting Up DHCP Option 82 on an EX Series Switch ...

Page 3050: ... 82 information in the packet header The switch receives the reply and then removes the DHCP option 82 information before forwarding the reply to the client The remaining statements are explained separately Default Insertion of DHCP option 82 information is not enabled Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configur...

Page 3051: ...le to maintain persistence of IP MAC bindings The remaining statements are explained separately Default The IP MAC bindings in the DHCP snooping database file are not persistent If the switch is rebooted the bindings are lost Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Understanding DH...

Page 3052: ... Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Configuring Port Security with DHCP Snooping DAI MAC Limiting and MAC Move Limiting on an EX Series Switch on page 2849 Example Configuring a DHCP Server Interface as Untrusted to Protect the Switch from Rogue DHCP Server Attacks on ...

Page 3053: ...ce of a port error You can bring up the currently disabled interfaces by running the clear ethernet switching port error command Default The disable timeout is not enabled Options timeout Time in seconds that the disabled state remains in effect The disabled interface is automatically restored to service when the specified timeout value is reached Range 10 through 3600 seconds Required Privilege L...

Page 3054: ...0 0x88a8 0x9100 interfaces interface name no mac learning mac notification notification interval seconds mac table aging time seconds port error disable disable timeout timeout redundant trunk group group name name interface interface name primary interface interface name secure access port dhcp snooping file location local_pathname remote_URL timeout seconds write interval seconds interface all i...

Page 3055: ...uard no ip source guard mac move limit limit action action storm control action shutdown interface all interface name bandwidth bandwidth no broadcast no unknown unicast traceoptions file filename files number no stamp replace size size world readable no world readable flag flag disable unknown unicast forwarding vlan all vlan name interface interface name voip interface all interface name access ...

Page 3056: ... Ethernet switching options The remaining statements are explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Understanding Port Mirroring on EX Series Switches on page 3539 Port Security for EX Series Switches Overview on page 2825 Understanding BPDU Protection for STP RST...

Page 3057: ...n the primary VLAN If you enable DHCP snooping only on a community VLAN DHCP messages coming from PVLAN trunk ports are not snooped Default Disabled Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Configuring Port Security with DHCP Snooping DAI MAC Limiting and MAC Move Limiting o...

Page 3058: ...on routing control To add this statement to the configuration Related Documentation Example Configuring Port Security with DHCP Snooping DAI MAC Limiting and MAC Move Limiting on an EX Series Switch on page 2849 Example Configuring Allowed MAC Addresses to Protect the Switch from DHCP Snooping Database Alteration Attacks on page 2870 Example Configuring MAC Limiting Including Dynamic and Allowed M...

Page 3059: ...terface with a Voice VLAN on page 2888 Example Configuring IP Source Guard with Other EX Series Switch Features to Mitigate Address Spoofing Attacks on Untrusted Access Interfaces on page 2880 Configuring IP Source Guard CLI Procedure on page 2923 mac Syntax mac mac address Hierarchy Level edit ethernet switching options secure access port interface all interface name static ip ip address vlan vla...

Page 3060: ...down Disable the interface and generate an alarm If you have configured the switch with the port error disable statement the disabled interface recovers automatically upon expiration of the specified disable timeout If you have not configured the switch for autorecovery from port error disabled conditions you can bring up the disabled interfaces by running the clear ethernet switching port error c...

Page 3061: ...or a system log entry This is the default log Do not drop the packet but generate an alarm an SNMP trap or a system log entry none No action shutdown Disable the interface and generate an alarm If you have configured the switch with the port error disable statement the disabled interfaces recover automatically upon expiration of the specified disable timeout If you have not configured the switch f...

Page 3062: ... addresses Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation allowed mac on page 2951 Example Configuring Port Security with DHCP Snooping DAI MAC Limiting and MAC Move Limiting on an EX Series Switch on page 2849 Example Configuring Allowed MAC Addresses to Protect the Switch from DHCP Snoo...

Page 3063: ...Layer 2 Ethernet switching interfaces and routed VLAN interfaces RVIs Default Gratuitous ARP responses are enabled on all Ethernet switching interfaces and RVIs Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation Example Configuring Proxy ARP on an EX Series Switch on page 2901 Configuring...

Page 3064: ...tch disables rather than shuts down the interface when the MAC address limit is reached If you have enabled mac move limit with the shutdown option and you enable port error disable the switch disables rather than shuts down the interface when the maximum number of moves to a new interface is reached If you have enabled storm control with the action shutdown option and you enable port error disabl...

Page 3065: ...ostname Name of the host system the switch that is forwarding or relaying the DHCP request from the DHCP client to the DHCP server Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Setting Up DHCP Option 82 on an EX Series Switch with No Relay Agent Between Clients and DHCP Server on...

Page 3066: ...e host system the switch that is forwarding or relaying the DHCP request from the DHCP client to the DHCP server none No prefix is applied to the remote ID Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Setting Up DHCP Option 82 on an EX Series Switch with No Relay Agent Between C...

Page 3067: ...h has a route to the target IP address restricted Optional The switch responds to ARP requests in which the physical networks of the source and target are different and does not respond if the source and target IP addresses are in the same subnet The switch must also have a route to the target IP address unrestricted Optional The switch responds to any ARP request for a local or remote address if ...

Page 3068: ...quest packet header If the remote id option is specified but is not qualified by a keyword the MAC address of the host device the switch is used as the remote ID Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Setting Up DHCP Option 82 on an EX Series Switch with No Relay Agent Bet...

Page 3069: ...guard mac move limit limit action action Hierarchy Level edit ethernet switching options Release Information Statement introduced in Junos OS Release 9 0 for EX Series switches Options static ip and ip source guard introduced in Junos OS Release 9 2 for EX Series switches Options dhcp option82 and no allowed mac log introduced in Junos OS Release 9 3 for EX Series switches Option dhcp snooping fil...

Page 3070: ... Attacks on page 2826 Understanding DHCP Snooping for Port Security on EX Series Switches on page 2829 static ip Syntax static ip ip address vlan vlan name mac mac address Hierarchy Level edit ethernet switching options secure access port interface all interface name Release Information Statement introduced in Junos OS Release 9 2 for EX Series switches Description Static fixed IP address and stat...

Page 3071: ...e that the switch waits for a remote system to respond when the DHCP snooping database is stored on a remote FTP site Default None Options seconds Value in seconds Range 10 through 3600 Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Understanding DHCP Snooping for Port Security on EX Seri...

Page 3072: ...reaches its maximum size it is renamed trace file 0 then trace file 1 and so on until the maximum number of trace files is reached xk to specify KB xm to specify MB or xg to specify gigabytes at which point the oldest trace file is overwritten If you specify a maximum number of files you also must specify a maximum file size with the size option Range 2 through 1000 Default 3 files flag flag Traci...

Page 3073: ...hes its maximum size it is renamed trace file 0 then trace file 1 and so on until the maximum number of trace files is reached Then the oldest trace file is overwritten If you specify a maximum number of files you also must specify a maximum file size with the files option Syntax xk to specify KB xm to specify MB or xg to specify gigabytes Range 10 KB through 1 gigabyte Default 128 KB world readab...

Page 3074: ...remote ID value in the DHCP option 82 information Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Setting Up DHCP Option 82 on an EX Series Switch with No Relay Agent Between Clients and DHCP Server on page 2898 Example Setting Up DHCP Option 82 with an EX Series Switch as Relay Ag...

Page 3075: ...iew this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Setting Up DHCP Option 82 on an EX Series Switch with No Relay Agent Between Clients and DHCP Server on page 2898 Example Setting Up DHCP Option 82 with an EX Series Switch as Relay Agent Between Clients and a DHCP Server on page 2895 Setting Up DHCP Option 82 on the Swi...

Page 3076: ...t Between Clients and DHCP Server on page 2898 Example Setting Up DHCP Option 82 with an EX Series Switch as Relay Agent Between Clients and a DHCP Server on page 2895 Setting Up DHCP Option 82 on the Switch with No Relay Agent Between Clients and DHCP Server CLI Procedure on page 2929 Setting Up DHCP Option 82 with the Switch as a Relay Agent Between Clients and DHCP Server CLI Procedure on page ...

Page 3077: ...ult If you specify vendor id with no string value the default vendor ID Juniper is configured Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Setting Up DHCP Option 82 on an EX Series Switch with No Relay Agent Between Clients and DHCP Server on page 2898 Example Setting Up DHCP Op...

Page 3078: ...ality in Junos OS Release 9 5 for EX Series switches Description Apply DHCP snooping dynamic ARP inspection DAI IP source guard DHCP option 82 and MAC move limiting The remaining statements are explained separately TIP To display a list of all configured VLANs on the system including VLANs that are configured but not committed type after vlan or vlans in your configuration mode command line Note t...

Page 3079: ...ion 82 on the Switch with No Relay Agent Between Clients and DHCP Server CLI Procedure on page 2929 vlan Syntax vlan vlan name Hierarchy Level edit ethernet switching options secure access port interface all interface name static ip ip address Release Information Statement introduced in Junos OS Release 9 2 for EX Series switches Description Associate the static IP address with the specified VLAN ...

Page 3080: ...es from memory into the specified DHCP snooping database file Default None Options seconds Value in seconds Range 60 through 86400 Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Understanding DHCP Snooping for Port Security on EX Series Switches on page 2829 Copyright 2010 Juniper Network...

Page 3081: ...CHAPTER 99 Operational Mode Commands for Port Security 2985 Copyright 2010 Juniper Networks Inc ...

Page 3082: ...elated Documentation show arp inspection statistics on page 2989 Example Configuring Port Security with DHCP Snooping DAI MAC Limiting and MAC Move Limiting on an EX Series Switch on page 2849 Verifying That DAI Is Working Correctly on page 2936 List of Sample Output clear arp inspection statistics on page 2986 Output Fields This command produces no output clear arp inspection statistics user swit...

Page 3083: ...P snooping information for the specified VLAN or all VLANs Required Privilege Level clear Related Documentation show dhcp snooping binding on page 2990 Example Configuring Port Security with DHCP Snooping DAI MAC Limiting and MAC Move Limiting on an EX Series Switch on page 2849 Verifying That DHCP Snooping Is Working Correctly on page 2934 List of Sample Output clear dhcp snooping binding on page...

Page 3084: ...tistics for an explanation of the output fields clear dhcp snooping statistics The following sample output displays the DHCP snooping statistics before and after the clear dhcp snooping statistics command is issued clear dhcp snooping statistics user switch show dhcp snooping statistics Successful Transfers 0 Failed Transfers 21 Successful Reads 0 Failed Reads 0 Successful Writes 0 Failed Writes 2...

Page 3085: ...listed in the approximate order in which they appear Table 374 show arp inspection statistics Output Fields Level of Output Field Description Field Name All levels Interface on which ARP inspection has been applied Interface All levels Total number of packets total that underwent ARP inspection Packets received All levels Total number of packets that passed ARP inspection ARP inspection pass All l...

Page 3086: ...ow dhcp snooping binding Output Fields Level of Output Field Description Field Name All levels MAC address of the network device bound to the IP address MAC Address All levels IP address of the network device bound to the MAC address IP Address All levels Lease granted to the IP address Lease All levels How the MAC address was acquired Type All levels VLAN name of the network device whose MAC addr...

Page 3087: ...ption Field Name Number of entries successfully transferred from memory to the DHCP snooping database Successful Transfers Number of entries successfully read from memory to the DHCP snooping database Successful Reads Number of entries successfully written from memory to the DHCP snooping database Successful Writes Number of entries that failed being transferred from memory to the DHCP snooping da...

Page 3088: ...g order of VLAN IDs or VLAN names vlan vlan name Optional Display the Ethernet switching table for a specific VLAN Required Privilege Level view Related Documentation clear ethernet switching table on page 1472 Example Setting Up Basic Bridging and a VLAN for an EX Series Switch on page 1305 Example Setting Up Bridging with Multiple VLANs for EX Series Switches on page 1312 Example Configure Autom...

Page 3089: ...r switch show ethernet switching table Ethernet switching table 57 entries 17 learned VLAN MAC address Type Age Interfaces F2 Flood All members show ethernet switching table F2 00 00 05 00 00 03 Learn 0 ge 0 0 44 0 F2 00 19 e2 50 7d e0 Static Router Linux Flood All members Linux 00 19 e2 50 7d e0 Static Router Linux 00 30 48 90 54 89 Learn 0 ge 0 0 47 0 T1 Flood All members T1 00 00 05 00 00 01 Le...

Page 3090: ... 15 0 T111 00 19 e2 50 7d e0 Static Router T111 00 19 e2 50 ac 00 Learn 0 ge 0 0 15 0 T2 Flood All members T2 00 00 5e 00 01 01 Static Router T2 00 19 e2 50 63 e0 Learn 0 ge 0 0 46 0 T2 00 19 e2 50 7d e0 Static Router T3 Flood All members T3 00 00 5e 00 01 02 Static Router T3 00 19 e2 50 63 e0 Learn 0 ge 0 0 46 0 T3 00 19 e2 50 7d e0 Static Router T4 Flood All members T4 00 00 5e 00 01 03 Static R...

Page 3091: ...e 0 0 7 0 ge 0 0 8 0 ge 0 0 10 0 ge 0 0 0 0 Type Flood Nexthop index 567 VLAN v1 Tag 10 MAC 00 21 59 c6 93 22 Interface Router Type Static Nexthop index 0 VLAN v1 Tag 10 MAC 00 21 59 c9 9a 4e Interface ge 0 0 14 0 Type Learn Age 0 Learned 18 40 50 Nexthop index 564 show ethernet switching user switch show ethernet switching table interface ge 0 0 1 Ethernet switching table 1 unicast entries VLAN M...

Page 3092: ... VLAN on which IP source guard is enabled VLAN Access interface associated with the VLAN in column 1 Interface VLAN ID for the VLAN in column 1 Possible values are 0 indicating the VLAN is not tagged 1 4093 Tag Source IP address for a device connected to the interface in column 2 A value of star or asterisk indicates that IP source guard is not enabled on this VLAN but the interface is shared with...

Page 3093: ...ge 0 0 13 0 100 voice 2997 Copyright 2010 Juniper Networks Inc Chapter 99 Operational Mode Commands for Port Security ...

Page 3094: ...h unsupported op code 0 datagrams with bad protocol address length 0 datagrams with bad hardware address length 0 datagrams with multicast source address 0 datagrams with multicast source address 0 datagrams with my own hardware address 0 datagrams for an address not on the interface 0 datagrams with a broadcast source address 294 datagrams with source address duplicate to mine 89113 datagrams whi...

Page 3095: ...s Configuration on page 3039 Configuring Firewall Filters on page 3063 Verifying Firewall Filter Configuration on page 3083 Troubleshooting Firewall Filters on page 3087 Configuration Statements for Firewall Filters on page 3089 Operational Mode Commands for Firewall Filters on page 3121 2999 Copyright 2010 Juniper Networks Inc ...

Page 3096: ...Copyright 2010 Juniper Networks Inc 3000 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 3097: ...ine whether to permit deny or forward packets that are transiting an interface on a Juniper Networks EX Series Ethernet Switch from a source address to a destination address You configure firewall filters to determine whether to permit deny or forward traffic before it enters or exits a port VLAN or Layer 3 routed interface to which the firewall filter is applied An ingress firewall filter is a fi...

Page 3098: ...ent interface me0 On Juniper Networks EX3200 EX4200 and EX8200 Ethernet switches you can apply a router firewall filter to both IPv4 and IPv6 traffic You can apply firewall filter match conditions to IPv6 traffic on Layer 3 interfaces aggregated Ethernet interfaces and loopback interfaces To configure port firewall filters and VLAN firewall filters for IPv6 traffic you must include the match condi...

Page 3099: ...ch conditions Specify the values or fields that the packet must contain You can define various match conditions including the IP source address field IP destination address field Transmission Control Protocol TCP or User Datagram Protocol UDP source port field IP protocol field Internet Control Message Protocol ICMP packet type TCP flags and interfaces Action Specifies what to do if a packet match...

Page 3100: ...s on page 3007 Understanding How Firewall Filters Are Evaluated on page 3030 Understanding Firewall Filter Match Conditions on page 3032 Understanding the Use of Policers in Firewall Filters on page 3036 Understanding Filter Based Forwarding for EX Series Switches on page 3037 Example Configuring Firewall Filters for Port VLAN and Router Traffic on EX Series Switches on page 3039 Example Using Fil...

Page 3101: ...mit and also can make firewall filter testing and troubleshooting more difficult Similarly applying firewall filters across many switch and router interfaces can make testing and troubleshooting the rules of those filters difficult Before you configure and apply firewall filters answer the following questions for each of those firewall filters 1 What is the purpose of the firewall filter For examp...

Page 3102: ...ess nearest to the destination devices When applied too close to the source device a firewall filter that filters only on a source IP address could potentially prevent that source device from accessing other services that are available on the network NOTE Egress firewall filters do not affect the flow of locally generated control packets from the Routing Engine 6 In which direction should the fire...

Page 3103: ...etermines which exit port on the switch to use to forward the packet For both bridged unicast packets and routed unicast packets firewall filters are evaluated and applied hierarchically First a packet is checked against the port firewall filter if present If the packet is permitted it is then checked against the VLAN firewall filter if present If the packet is permitted it is then checked against...

Page 3104: ...rs that allow you to control flows of data packets and local packets Data packets are chunks of data that transit the switch as they are forwarded from a source to a destination Local packets are chunks of data that are destined for or sent by the switch Local packets usually contain routing protocol data data for IP services such as Telnet or SSH and data for administrative protocols such as the ...

Page 3105: ...d packets that are received on the switch s interfaces and are destined for the Routing Engine 2 Ingress firewall filter applied to control incoming packets on the switch s interfaces 3 Egress firewall filter applied to control packets that are transiting the switch s interfaces Related Documentation Understanding Firewall Filter Processing Points for Bridged and Routed Packets on EX Series Switch...

Page 3106: ...pplicable to IPv4 Traffic for Firewall Filters on EX Series Switches Supported Platforms and Bind Points Description Match Condition Egress Ingress EX2200 ports VLANs and Layer 3 interfaces EX3200 and EX4200 ports VLANs and Layer 3 interfaces EX4500 ports VLANs and Layer 3 interfaces EX8200 ports VLANs and Layer 3 interfaces EX2200 ports VLANs and Layer 3 interfaces EX3200 and EX4200 ports VLANs a...

Page 3107: ... protocol is used on the port In place of the numeric value you can specify one of the following text synonyms the port numbers are also listed afs 1483 bgp 179 biff 512 bootpc 68 bootps 67 cmd 514 cvspserver 2401 dhcp 67 domain 53 eklogin 2105 ekshell 2106 exec 512 finger 79 ftp 21 ftp data 20 http 80 https 443 ident 113 imap 143 kerberos sec 88 klogin 543 kpasswd 761 krb prop 754 krbupdate 760 k...

Page 3108: ...ports and VLANs EX4500 ports and VLANs EX8200 not supported EX2200 ports and VLANs EX3200 and EX4200 ports and VLANs EX4500 ports and VLANs EX8200 ports and VLANs The tag field in the Ethernet header The tag values can be 1 4095 dot1q tag number EX2200 ports and VLANs EX3200 and EX4200 ports and VLANs EX4500 ports and VLANs EX8200 ports and VLANs EX2200 ports and VLANs EX3200 and EX4200 ports and ...

Page 3109: ... classes with three drop precedences in each class for a total of 12 code points are defined in RFC 2597 Assured Forwarding PHB dscp number EX2200 ports and VLANs EX3200 and EX4200 ports and VLANs EX4500 ports and VLANs EX8200 not supported EX2200 ports and VLANs EX3200 and EX4200 ports and VLANs EX4500 ports and VLANs EX8200 ports and VLANs Ethernet type field of a packet The EtherType value spec...

Page 3110: ...code field This value or option provides more specific information than icmp type Because the value s meaning depends upon the associated icmp type you must specify icmp type along with icmp code In place of the numeric value you can specify one of the following text synonyms the field values are also listed The options are grouped by the ICMP type with which they are associated parameter problem ...

Page 3111: ... ports VLANs and Layer 3 interfaces EX3200 and EX4200 ports VLANs and Layer 3 interfaces EX4500 ports VLANs and Layer 3 interfaces EX8200 ports VLANs and Layer 3 interfaces EX2200 ports VLANs and Layer 3 interfaces EX3200 and EX4200 ports VLANs and Layer 3 interfaces EX4500 ports VLANs and Layer 3 interfaces EX8200 ports VLANs and Layer 3 interfaces Interface on which the packet is received You ca...

Page 3112: ... also listed critical ecp 5 flash 3 flash override 4 immediate 2 internet control 6 net control 7 priority 1 or routine 0 precedence precedence EX2200 ports VLANs and Layer 3 interfaces EX3200 and EX4200 ports VLANs and Layer 3 interfaces EX4500 ports VLANs and Layer 3 interfaces EX8200 ports VLANs and Layer 3 interfaces EX2200 ports VLANs and Layer 3 interfaces EX3200 and EX4200 ports VLANs and L...

Page 3113: ...ce of the numeric field you can specify one of the text synonyms listed under destination port source port number EX2200 ports VLANs and Layer 3 interfaces EX3200 and EX4200 ports VLANs and Layer 3 interfaces EX4500 ports VLANs and Layer 3 interfaces EX8200 ports VLANs and Layer 3 interfaces EX2200 ports VLANs and Layer 3 interfaces EX3200 and EX4200 ports VLANs and Layer 3 interfaces EX4500 ports...

Page 3114: ...CP packet of a connection tcp initial is a synonym for the bit names syn ack tcp initial does not implicitly check whether the protocol is TCP To do so specify the protocol tcp match condition tcp initial EX2200 not supported EX3200 and EX4200 ports VLANs and Layer 3 interfaces EX4500 not supported EX8200 not supported EX2200 not supported EX3200 and EX4200 ports VLANs and Layer 3 interfaces EX450...

Page 3115: ...yms for a match condition do any of the following If you are using the J Web Filters Configuration page select the synonym from the appropriate list If you are using the CLI type a question mark after the from statement To specify the bit field value to match you must enclose the values in quotation marks For example a match occurs if the RST bit in the TCP flags field is set tcp flags rst For inf...

Page 3116: ...pports the text representations for IPv6 addresses as described in RFC 2373 IP Version6 Addressing Architecture destination address ip address EX2200 ports and VLANs EX3200 and EX4200 ports and VLANs EX4500 ports and VLANs EX8200 ports and VLANs EX2200 ports and VLANs EX3200 and EX4200 ports and VLANs EX4500 ports and VLANs EX8200 ports and VLANs Destination media access control MAC address of the...

Page 3117: ...ch protocol is used on the port In place of the numeric value you can specify one of the following text synonyms the port numbers are also listed afs 1483 bgp 179 biff 512 bootpc 68 bootps 67 cmd 514 cvspserver 2401 dhcp 67 domain 53 eklogin 2105 ekshell 2106 exec 512 finger 79 ftp 21 ftp data 20 http 80 https 443 ident 113 imap 143 kerberos sec 88 klogin 543 kpasswd 761 krb prop 754 krbupdate 760...

Page 3118: ...s EX4500 ports and VLANs EX8200 not supported EX2200 ports and VLANs EX3200 and EX4200 ports and VLANs EX4500 ports and VLANs EX8200 ports and VLANs The tag field in the Ethernet header The tag values can be 1 4095 dot1q tag number EX2200 ports and VLANs EX3200 and EX4200 ports and VLANs EX4500 ports and VLANs EX8200 ports and VLANs EX2200 ports and VLANs EX3200 and EX4200 ports and VLANs EX4500 p...

Page 3119: ...er 3 interfaces EX8200 Layer 3 interfaces EX2200 ports VLANs and Layer 3 interfaces EX3200 and EX4200 Layer 3 interfaces EX4500 ports VLANs and Layer 3 interfaces EX8200 Layer 3 interfaces ICMP code field This value or option provides more specific information than icmp type Because the value s meaning depends upon the associated icmp type you must specify icmp type along with icmp code In place o...

Page 3120: ...chable 3 icmp type number EX2200 ports VLANs and Layer 3 interfaces EX3200 and EX4200 ports VLANs and Layer 3 interfaces EX4500 ports VLANs and Layer 3 interfaces EX8200 ports VLANs and Layer 3 interfaces EX2200 ports VLANs and Layer 3 interfaces EX3200 and EX4200 ports VLANs and Layer 3 interfaces EX4500 ports VLANs and Layer 3 interfaces EX8200 ports VLANs and Layer 3 interfaces Interface on whi...

Page 3121: ...ilter description syntax supports the text representations for IPv6 addresses that are described in RFC 2373 IP Version 6 Addressing Architecture source address ip address EX2200 ports and VLANs EX3200 and EX4200 ports and VLANs EX4500 ports and VLANs EX8200 ports and VLANs EX2200 ports and VLANs EX3200 and EX4200 ports and VLANs EX4500 ports and VLANs EX8200 ports and VLANs Source MAC address You...

Page 3122: ...faces EX3200 and EX4200 ports VLANs and Layer 3 interfaces EX4500 ports VLANs and Layer 3 interfaces EX8200 Layer 3 interfaces One or more TCP flags bit name fin syn rst push ack urgent logical operators logical AND logical OR negation numerical value 0x01 through 0x20 text synonym tcp initial To specify multiple flags use logical operators tcp flags flags tcp initial EX2200 not supported EX3200 a...

Page 3123: ...598 An Expedited Forwarding PHB af11 10 af12 12 af13 14 af21 18 af22 20 af23 22 af31 26 af32 28 af33 30 af41 34 af42 36 af43 38 These four classes with three drop precedences in each class for a total of 12 code points are defined in RFC 2597 Assured Forwarding PHB traffic class number EX2200 ports and VLANs EX3200 and EX4200 ports and VLANs EX4500 ports and VLANs EX8200 ports and VLANs EX2200 por...

Page 3124: ...ination unreachable is sent with the default message communication administratively filtered NOTE reject is not a supported action for IPv6 traffic reject message type EX2200 ingress only EX3200 and EX4200 ingress only EX4500 ingress only EX8200 ingress only Forward matched packets to a virtual routing instance routing instance routing instance name EX2200 not supported EX3200 and EX4200 ingress a...

Page 3125: ...y EX8200 ingress only Log the packet s header information in the Routing Engine To view this information issue the showfirewall log command in the CLI NOTE log is not a supported action modifier for IPv6 traffic log EX2200 ingress and egress EX3200 and EX4200 ingress and egress EX8200 ingress and egress Set the packet loss priority PLP loss priority high low EX2200 ingress only EX3200 and EX4200 i...

Page 3126: ...filter consists of a single term the filter is evaluated as follows If the packet matches all the conditions the action in the then statement is taken If the packet matches all the conditions and no action is specified in the then statement the default action accept is taken When a firewall filter consists of more than one term the firewall filter is evaluated sequentially 1 The packet is evaluate...

Page 3127: ...erm implicit rule then discard Consequently if a packet passes through all the terms in a filter without matching any conditions the packet is discarded If you configure a firewall filter that has no terms all packets that pass through the filter are discarded NOTE Firewall filtering is supported on packets that are at least 48 bytes long Related Documentation Firewall Filters for EX Series Switch...

Page 3128: ...n individual condition in a from statement cannot contain a list of values For example you cannot specify numeric ranges or multiple source or destination addresses Individual conditions in a from statement cannot be negated A negated condition is an explicit mismatch Numeric Filter Match Conditions Numeric filter conditions match packet fields that are identified by a numeric value such as port a...

Page 3129: ... match conditions can match prefix values in a packet such as IP source and destination prefixes For address filter match conditions you specify a keyword that identifies the field and one prefix of that type that a packet must match You specify the address as a single prefix A match occurs if the value of the field matches the prefix For example edit firewall family family name filter filter name...

Page 3130: ...33 44 55user host set source mac address 00 11 22 33 20 15 Bit Field Filter Match Conditions Bit field filter conditions match packet fields if particular bits in those fields are or are not set You can match the IP options TCP flags and IP fragmentation fields For bit field filter match conditions you specify a keyword that identifies the field and tests to determine that the option is present in...

Page 3131: ...xample the two terms configured match the SYN ACK FIN or RST bit in the TCP flags field edit firewall family family name filter filter name term term name1 from user host set tcp flags syn ack edit firewall family family name filter filter name term term name2 from user host set tcp flags fin rst You can use text synonyms to specify some common bit field matches You specify these matches as a sing...

Page 3132: ...of the IP header without ever checking the IP protocol field Related Documentation Firewall Filters for EX Series Switches Overview on page 3001 Understanding Firewall Filter Match Conditions on page 3032 Example Configuring Firewall Filters for Port VLAN and Router Traffic on EX Series Switches on page 3039 Understanding the Use of Policers in Firewall Filters Policing or rate limiting is an impo...

Page 3133: ...e 3009 Understanding Filter Based Forwarding for EX Series Switches Administrators of Juniper Networks EX Series Ethernet Switches can use firewall filters in conjunction with virtual routing instances to specify different routes for packets to travel in their networks To set up this feature which is called filter based forwarding you specify a filter and match criteria and then specify the virtua...

Page 3134: ...Copyright 2010 Juniper Networks Inc 3038 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 3135: ...ew on page 3040 Configuring an Ingress Port Firewall Filter to Prioritize Voice Traffic and Rate Limit TCP and ICMP Traffic on page 3043 Configuring a VLAN Ingress Firewall Filter to Prevent Rogue Devices from Disrupting VoIP Traffic on page 3048 Configuring a VLAN Firewall Filter to Count Monitor and Analyze Egress Traffic on the Employee VLAN on page 3050 Configuring a VLAN Firewall Filter to Re...

Page 3136: ...Mbps with a burst size up to 30 000 bytes This firewall filter is applied to port interfaces on the access switch Port firewall filter ingress port voip class limit tcp icmp Prevents rogue devices from using HTTP sessions to mimic the gatekeeper device that manages call registration admission and call status for VoIP calls Only TCP or UDP ports should be used and only the gatekeeper uses HTTP That...

Page 3137: ...Layer 3 routed firewall filters on the switch Figure 79 Application of Port VLAN and Layer 3 Routed Firewall Filters Network Topology The topology for this configuration example consists of one EX 3200 48T switch at the access layer and one EX 3200 48T switch at the distribution layer The distribution switch s uplink module is configured to support a Layer 3 connection to a J series router The EX ...

Page 3138: ... 32 28 192 0 2 33 through 192 0 2 46 192 0 2 47 is subnet s broadcast address 30 guest vlan VLAN for the corporate security cameras 192 0 2 48 28 192 0 2 49 through 192 0 2 62 192 0 2 63 is subnet s broadcast address 40 camera vlan Ports on the EX Series switches support Power over Ethernet PoE to provide both network connectivity and power for VoIP telephones connecting to the ports Table 386 on ...

Page 3139: ...tcp connection policer then discard setfirewallpolicericmp connection policerif exceedingburst size limit30kbandwidth limit 1m set firewall policer icmp connection policer then discard set firewall family ethernet switching filter ingress port voip class limit tcp icmp term voip high from source mac address 00 05 85 00 00 01 set firewall family ethernet switching filter ingress port voip class lim...

Page 3140: ...ss limit tcp icmp term icmp connection then loss priority high set firewall family ethernet switching filter ingress port voip class limit tcp icmp term best effort then forwarding class best effort set firewall family ethernet switching filter ingress port voip class limit tcp icmp term best effort then loss priority high set interfaces ge 0 0 0 description voice priority and tcp and icmp traffic...

Page 3141: ... set term network control from precedence net control user switch set term network control then forwarding class network control user switch set term network control then loss priority low 5 Define the term tcp connection to configure rate limits for TCP traffic edit firewall family ethernet switching filter ingress port voip class limit tcp icmp user switch set term tcp connection from destinatio...

Page 3142: ...oice high buffer size percent 15 user switch set schedulers voice high priority high user switch set schedulers network control buffer size percent 10 user switch set schedulers network control priority high user switch set schedulers best effort buffer size percent 75 user switch set schedulers best effort priority low 10 Assign the forwarding classes to schedulers with a scheduler map edit class...

Page 3143: ...ed forwarding loss priority low term network control from precedence net control then forwarding class network control loss priority low term tcp connection from destination address 192 0 2 16 28 protocol tcp then policer tcp connection policer count tcp counter forwarding class best effort loss priority high term icmp connection from protocol icmp then policer icmp connection policer count icmp c...

Page 3144: ...voice high forwarding class network control scheduler net control forwarding class best effort scheduler best effort interfaces ge 0 1 0 scheduler map ethernet diffsrv cos map Configuring a VLAN Ingress Firewall Filter to Prevent Rogue Devices from Disrupting VoIP Traffic To configure and apply firewall filters for port VLAN and router interfaces perform these tasks CLI Quick Configuration To quic...

Page 3145: ...ilter matching on the traffic you want to permit and restrict edit firewall user switch set family ethernet switching filter ingress vlan rogue block 2 Define the term to gatekeeper to accept packets that match the destination IP address of the gatekeeper edit firewall family ethernet switching filter ingress vlan rogue block user switch set term to gatekeeper from destination address 192 0 2 14 u...

Page 3146: ...LAN Firewall Filter to Count Monitor and Analyze Egress Traffic on the Employee VLAN To configure and apply firewall filters for port VLAN and router interfaces perform these tasks CLI Quick Configuration A firewall filter is configured and applied to VLAN interfaces to filter employee vlan egress traffic Employee traffic destined for the corporate subnet is accepted but not monitored Employee tra...

Page 3147: ...tor all employee vlan traffic destined for the corporate subnet edit firewall family ethernet switching filter egress vlan watch employee user switch set term employee to corp from destination address 192 0 2 16 28 user switch set term employee to corp then accept 3 Define the term employee to web to count and monitor all employee vlan traffic destined for the Web edit firewall family ethernet swi...

Page 3148: ... prevents them from using peer to peer applications on guest vlan To quickly configure a VLAN firewall filter to restrict guest to employee traffic blocking guests from talking with employees or employee hosts on employee vlan or attempting to use peer to peer applications on guest vlan copy the following commands and paste them into the switch terminal window edit setfirewallfamilyethernet switch...

Page 3149: ...eb access but prevent them from using peer to peer applications on the guest vlan NOTE The destination mac address is the default gateway which for any host in a VLAN is the next hop router edit firewall family ethernet switching filter ingress vlan limit guest user switch set term no guest employee no peer to peer from destination mac address 00 05 85 00 00 DF user switch set term no guest employ...

Page 3150: ...corp expeditethenforwarding class expedited forwarding set firewall family inet filter egress router corp class term corp expedite then loss priority low set firewall family inet filter egress router corp class term not to corp then accept set interfaces ge 0 1 0 description filter at egress router to expedite destined for corporate network set ge 0 1 0 unit 0 family inet address 103 104 105 1 set...

Page 3151: ... router to expedite employee traffic destined for corporate network user switch set ge 0 1 0 unit 0 family inet address 103 104 105 1 user switch set ge 0 1 0 unit 0 family inet filter output egress router corp class Results Display the results of the configuration user switch show firewall family inet filter egress router corp class term corp expedite from destination address 192 0 2 16 28 then f...

Page 3152: ...wall command displays the names of the firewall filters policers and counters that are configured on the switch The output fields show byte and packet counts for all configured counters and the packet count for all policers Verifying that Schedulers and Scheduler Maps are Operational Purpose Verify that schedulers and scheduler maps are operational on the switch Action Use the operational mode com...

Page 3153: ...igh non TCP 1 default drop profile High TCP 1 default drop profile Scheduler net control Forwarding class network control Index 2451 Transmit rate remainder Rate Limit none Buffer size 10 percent Priority high Drop profiles Loss priority Protocol Index Name Low non TCP 1 default drop profile Low TCP 1 default drop profile High non TCP 1 default drop profile High TCP 1 default drop profile Meaning ...

Page 3154: ...st sends all traffic to a security device then forwards it to the designated destination address Configuration To configure filter based forwarding CLI Quick Configuration To quickly create and configure filter based forwarding copy the following commands and paste them into the switch terminal window edit set interfaces ge 0 0 0 unit 0 family inet address 10 1 0 1 24 set interfaces ge 0 0 3 unit ...

Page 3155: ...r switch set routing instances vrf01 instance type virtual router 5 Associate the interfaces with the virtual router edit user switch set routing instances vrf01 interface ge 0 0 1 0 user switch set routing instances vrf01 interface ge 0 0 3 0 6 Configure the routing information for the virtual routing instance edit user switch set routing instances vrf01 routing options static route 12 34 56 0 24...

Page 3156: ...ge 3060 Verifying That Filter Based Forwarding Was Configured Purpose Verify that filter based forwarding was properly enabled on the switch Action Use the show interfaces filters command 1 user switch show interfaces filters ge 0 0 0 0 Interface Admin Link Proto Input Filter Output Filter ge 0 0 0 0 up down inet fil 2 Use the show route forwarding table command user switch show route forwarding t...

Page 3157: ...0 recv 615 1 ge 0 0 3 0 10 1 3 1 32 user 0 rjct 559 2 10 1 3 1 32 intf 0 10 1 3 1 locl 616 2 10 1 3 1 32 iddn 0 10 1 3 1 locl 616 2 10 1 3 255 32 iddn 0 10 1 3 255 bcst 614 1 ge 0 0 3 0 224 0 0 0 4 perm 0 mdsc 546 1 224 0 0 1 32 perm 0 224 0 0 1 mcst 529 1 255 255 255 255 32 perm 0 bcst 543 1 Routing table default iso ISO Destination Type RtRef Next hop Type Index NhRef Netif default perm 0 rjct 6...

Page 3158: ...Copyright 2010 Juniper Networks Inc 3062 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 3159: ...Procedure You configure firewall filters on EX Series switches to control traffic that enters ports on the switch or enters and exits VLANs on the network and Layer 3 routed interfaces To configure a firewall filter you must configure the filter and then apply it to a port VLAN or Layer 3 interface Configuring a Firewall Filter on page 3063 Applying a Firewall Filter to a Port on a Switch on page ...

Page 3160: ...ame edit firewall family ethernet switching user switch set filter ingress port filter The filter name can contain letters numbers and hyphens and can have a maximum of 64 characters Each filter name must be unique 3 If you want to apply a firewall filter to multiple interfaces and name individual firewall counters specific to each interface configure the interface specific option edit firewall fa...

Page 3161: ...ment For a match to occur the packet must match all the conditions in the term The from statement is optional but if included in a term the from statement cannot be empty If you omit the from statement all packets are considered to match 6 In each firewall filter term specify the actions to take if the packet matches all the conditions in that term You can specify an action and or action modifiers...

Page 3162: ...are accepted However you must always explicitly configure an action and or action modifier in the then statement You can include no more than one action statement but you can use any combination of action modifiers For an action or action modifier to take effect all conditions in the from statement must match NOTE Implicit discard is also applicable to a firewall filter applied to the loopback int...

Page 3163: ...ion filtertoratelimittraffic applied on employee vlan NOTE Providing the description is optional 2 Apply firewall filters to filter packets that are entering or exiting the VLAN To apply a firewall filter to filter packets that are entering the VLAN edit vlans user switch set employee vlan vlan id 20 filter input ingress vlan filter To apply a firewall filter to filter packets that are exiting the...

Page 3164: ...erfaces user switch set ge 0 1 0 unit 0 family inet address 10 10 10 1 24 filter output egress router filter NOTE You can apply no more than one firewall filter per Layer 3 interface per direction Related Documentation Configuring Firewall Filters J Web Procedure on page 3069 Example Configuring Firewall Filters for Port VLAN and Router Traffic on EX Series Switches on page 3039 Example Using Filt...

Page 3165: ...ation Changes for details about all commit options 2 Click one Add Select this option to create a new filter Enter information as specified in Table 387 on page 3069 Edit Select this option to edit an existing filter Enter information as specified in Table 387 on page 3069 Delete Select this option to delete a filter Term Up Select this option to move a term up in the filter term list Term Down Se...

Page 3166: ...ecify the IP address click Add IP and enter the IP address To specify the MAC address click Add MAC and enter the MAC address To specify the ports interfaces click Add Ports and enter the port number To delete the IP address MAC address or port details select it and click Remove Specifies the source IP address MAC address and available ports NOTE MAC address is specified only for port VLAN filters...

Page 3167: ...fy icmp type along with icmp code The keywords are grouped by the ICMP type with which they are associated ICMP Code Select the DSCP number from the list Specifies the Differentiated Services code point DSCP The DiffServ protocol uses the type of service ToS byte in the IP header The most significant six bits of this byte form the DSCP DSCP Select the option from the list Specifies IP precedence N...

Page 3168: ... or enter a combination of TCP flags Specifies one or more TCP flags NOTE TCP flags are supported on ingress ports VLANs and router interfaces TCP Flags Select either the option is fragment or enter a combination of fragment action flags Specifies the IP fragmentation flags NOTE Fragmentation flags are supported on ingress ports VLANs and router interfaces Fragmentation Flags Enter the value Speci...

Page 3169: ...ies switches After you configure a policer you can include it in an ingress firewall filter configuration When you configure a firewall filter you can specify a policer action for any term or terms within the filter All traffic that matches a term that contains a policer action goes through the policer that the term references Each policer that you configure includes an implicit counter To get ter...

Page 3170: ...rough 2 147 450 880 bytes 3 Specify the policer action discard to discard packets that exceed the rate limits edit firewall policer user switch set policer one then discard Discard is the only supported policer action Specifying Policers in a Firewall Filter Configuration To reference a policer for a single firewall configure a filter term that includes the policer action edit firewall family ethe...

Page 3171: ...ueue Forwarding class 0 best effort 1 assured forwarding 5 expedited forwarding 7 network control To assign multifield classifiers in firewall filters 1 Configure the family name and filter name for the filter at the edit firewall hierarchy level for example edit firewall user switch set family ethernet switching user switch set family ethernet switching filter ingress filter 2 Configure the terms...

Page 3172: ...er user switch set term accept traffic from precedence net control user switch set term accept traffic then forwarding class best effort user switch set term accept traffic then loss priority low 3 Apply the filter ingress filter to a port VLAN or Layer 3 interface For information about applying the filter see Configuring Firewall Filters CLI Procedure on page 3063 Related Documentation Example Co...

Page 3173: ...dit Edits an existing policy To modify an existing term enter information into the configuration page as described in Table 241 on page 1694 Term Up Moves a term up in the list Term Down Moves a term down in the list Delete Deletes the selected policy Test Policy Tests the policy Use this option to check whether the policy produces the results that you expect Table 390 Policies Global Configuratio...

Page 3174: ...ame Specifies a term name Term Name Source tab Select a value from the list Specifies an address family protocol Family Select a value from the list Specifies a routing instance Routing Instance Select a value from the list Specifies the name of a routing table RIB Type or select and edit the value Specifies the individual preference value for the route Preference Type or select and edit the value...

Page 3175: ...s More Type the IP address Specifies the area identifier OSPF Area ID Select a value from the list Specifies the origin of the AS path information BGP Origin Type a value Specifies the BGP local preference Local Preference Select External Select the OSPF type from the list Specifies the type of route Route Click Add Select the AS path from the list Specifies the name of an AS path regular expressi...

Page 3176: ...fixes included in an OSPF import policy Prefixes learned through OSPF are installed in the routing table based on the priority assigned to the prefixes Priority Select a value from the list Specifies the BGP origin attribute BGP Origin Enter a value Affixes an AS number at the beginning of the AS path The AS numbers are added after the local AS number has been added to the path This action adds an...

Page 3177: ...erence action and type a value Specifies the preference value Preference Select the action and type a value Specifies the BGP local preference attribute Local Preference Type the source class Type the destination class Type the forwarding class Specifies and applies the class of service parameters to routes installed into the routing table Source class The value entered here maintains the packet c...

Page 3178: ...Copyright 2010 Juniper Networks Inc 3082 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 3179: ...ress port voip class limit tcp icmp Counters Name Bytes Packets icmp counter 0 0 Policers Name Packets icmp connection policer 0 tcp connection policer 0 Filter ingress vlan rogue block Filter ingress vlan limit guest Meaning The show firewall command displays the names of all firewall filters policers and counters that are configured on the switch For each counter that is specified in a filter co...

Page 3180: ... firewall filters and policers that are configured on the switch For each policer that is specified in a filter configuration the output field shows the current packet count for all packets that exceed the specified rate limits Related Documentation Configuring Policers to Control Traffic Rates CLI Procedure on page 3073 Configuring Firewall Filters CLI Procedure on page 3063 Configuring Firewall ...

Page 3181: ...s and packet count for policers Monitoring Traffic for a Specific Firewall Filter Purpose Perform the following task to monitor the number of packets and bytes that matched a firewall filter and monitor the number of packets that exceeded the policer rate limits Action Use the operational mode command user switch show firewall filter ingress vlan rogue block Filter ingress vlan rogue block Counter...

Page 3182: ...figuring Firewall Filters CLI Procedure on page 3063 Configuring Firewall Filters J Web Procedure on page 3069 Configuring Policers to Control Traffic Rates CLI Procedure on page 3073 Example Configuring Firewall Filters for Port VLAN and Router Traffic on EX Series Switches on page 3039 Verifying That Firewall Filters Are Operational on page 3083 Copyright 2010 Juniper Networks Inc 3086 Complete ...

Page 3183: ...ration is completed in the CLI module Solution When a firewall filter configuration exceeds the amount of available TCAM table space you must configure a new firewall filter with fewer filter terms so that the space requirements for the filter do not exceed the available space in the TCAM table You can perform either of the following procedures to correct the problem To delete the firewall filter ...

Page 3184: ...switching filter new filter ingress vlan 2 Apply the firewall filter to the port VLAN or Layer 3 interfaces to overwrite the bind points of the original filter for example edit user switch set vlans voice vlan description smaller filter to block rogue devices on voice vlan user switch set vlans voice vlan filter input new filter ingress vlan 3 Commit the operation edit user switch commit Only the ...

Page 3185: ... name filter filter name interface specific term term name from match conditions then action action modifiers policer policer name filter specific if exceeding bandwidth limit bps burst size limit bytes then policer action Related Documentation Firewall Filter Configuration Statements Supported by Junos OS for EX Series Switches on page 3090 Example Configuring Firewall Filters for Port VLAN and R...

Page 3186: ...ntain letters numbers and hyphens and can be up to 64 characters long To include spaces in the name enclose the name in quotation marks filter filter name The interface specific statement configures unique names for individual firewall counters specific to each interface interface specific The term name option identifies the term The name can contain letters numbers and hyphens and can be up to 64...

Page 3187: ...rst size limit you can multiply the bandwidth of the interface on which the filter is applied by the amount of time in seconds to allow a burst of traffic at that bandwidth to occur burst size bandwidth allowable time for burst traffic You can specify a decimal value or a decimal number followed by k thousand or m million Range 1 through 2 147 450 880 bytes if exceeding bandwidth limit bps burst s...

Page 3188: ...e edit firewall policer policer name logical bandwidth policer logical interface policer edit firewall policer policer name if exceeding bandwidth percent number Related Documentation Firewall Filter Match Conditions and Actions for EX Series Switches on page 3009 Example Configuring Firewall Filters for Port VLAN and Router Traffic on EX Series Switches on page 3039 Configuring Firewall Filters C...

Page 3189: ...ements composed of identifiers or configuration keywords that points to a set of prefixes You can include wildcards enclosed in angle brackets to match more than one identifier You cannot add a path element including wildcards after a leaf statement Path elements including wildcards can only be used after a container statement Required Privilege Level routing To view this statement in the configur...

Page 3190: ...in a routing policy match condition Options name Name that identifies the regular expression The name can contain letters numbers and hyphens and can be up to 255 characters long To include spaces in the name enclose it in quotation marks regular expression One or more regular expressions used to match the AS path Required Privilege Level routing To view this statement in the configuration routing...

Page 3191: ...roup name Name that identifies the AS path group One or more AS path regular expressions must be listed below the as path group hierarchy name Name that identifies the regular expression The name can contain letters numbers and hyphens and can be up to 255 characters long To include spaces in the name enclose it in quotation marks regular expression One or more regular expressions used to match th...

Page 3192: ...thousand m million g billion which is also called a thousand million Range 1000 1k through 102 300 000 000 102 3g bps EX Series switches 8000 8k through 40 000 000 000 40g bps routers Required Privilege Level firewall To view this statement in the configuration firewall control To add this statement to the configuration Related Documentation Example Configuring Firewall Filters for Port VLAN and R...

Page 3193: ...ollowed by k thousand or m million Range 1 through 2 147 450 880 bytes EX Series switches 1500 through 1 00 000 000 000 bytes routers Required Privilege Level firewall To view this statement in the configuration firewall control To add this statement to the configuration Related Documentation Example Configuring Firewall Filters for Port VLAN and Router Traffic on EX Series Switches on page 3039 C...

Page 3194: ... enclose all members in brackets The format for community ids is as number community value as number is the AS number and can be a value in the range from 0 through 65 535 community value is the community identifier and can be a number in the range from 0 through 65 535 You also can specify community ids for communities as one of the following well known community names which are defined in RFC 19...

Page 3195: ...as number specifies the AS number and bandwidth specifies the bandwidth in bytes per second NOTE In Junos OS Release 9 1 and later you can specify 4 byte AS numbers as defined in RFC 4893 BGP Support for Four octet AS Number Space as well as the 2 byte AS numbers that are supported in earlier releases of the Junos OS In plain number format you can configure a value in the range from 1 through 4 29...

Page 3196: ... Junos OS Release 9 0 for EX Series switches Support for configuration in the dynamic database introduced in Junos OS Release 9 5 Support for configuration in the dynamic database introduced in Junos OS Release 9 5 for EX Series switches Description Define a policy condition based on the existence of routes in specific tables for use in BGP export policies Options if route exists address Specify t...

Page 3197: ...ress minutes Maximum hold down time minutes is the maximum time that a route can be suppressed no matter how unstable it has been Range 1 through 720 Default 60 minutes name Name that identifies the set of damping parameters The name can contain letters numbers and hyphens and can be up to 255 characters long To include spaces in the name enclose it in quotation marks reuse number Reuse threshold ...

Page 3198: ... as path group group name edit policy options community community name edit policy options condition condition name edit policy options policy statement policy statement name edit policy options prefix list prefix list name Release Information Statement introduced in Junos OS Release 9 5 Statement introduced in Junos OS Release 9 5 for EX Series switches Description Define routing policies and pol...

Page 3199: ...er 2 Ethernet packets and Layer 3 IP packets inet Filter IPv4 packets inet6 Filter IPv6 packets The remaining statements are explained separately Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation Firewall Filter Match Conditions and Actions for EX Series Switches on page 3009 Example Con...

Page 3200: ...n the name enclose it in quotation marks The remaining statements are explained separately Required Privilege Level firewall To view this statement in the configuration firewall control To add this statement to the configuration Related Documentation Firewall Filter Match Conditions and Actions for EX Series Switches on page 3009 Example Configuring Firewall Filters for Port VLAN and Router Traffi...

Page 3201: ...put Apply a firewall filter to traffic entering the port or Layer 3 interface output Apply a firewall filter to traffic exiting the Layer 3 interface Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation Example Configuring Firewall Filters for Port VLAN and Router Traffic on EX Series Switc...

Page 3202: ...fic on EX Series Switches on page 3039 Configuring Firewall Filters CLI Procedure on page 3063 Configuring Firewall Filters J Web Procedure on page 3069 Firewall Filters for EX Series Switches Overview on page 3001 filter specific Syntax filter specific Hierarchy Level edit firewall policer policer name Release Information Statement introduced in Junos OS Release 9 5 for EX Series switches Descrip...

Page 3203: ...filters and policers The remaining statements are explained separately Required Privilege Level firewall To view this statement in the configuration firewall control To add this statement to the configuration Related Documentation Firewall Filter Match Conditions and Actions for EX Series Switches on page 3009 Example Configuring Firewall Filters for Port VLAN and Router Traffic on EX Series Switc...

Page 3204: ...ecify one or more match conditions If you specify more than one they all must match for a match to occur and for the action in the then statement to be taken Required Privilege Level firewall To view this statement in the configuration firewall control To add this statement to the configuration Related Documentation Firewall Filter Match Conditions and Actions for EX Series Switches on page 3009 E...

Page 3205: ...atement is supported on routers only The remaining statements are explained separately Required Privilege Level firewall To view this statement in the configuration firewall control To add this statement to the configuration Related Documentation Example Configuring Firewall Filters for Port VLAN and Router Traffic on EX Series Switches on page 3039 Configuring Policers to Control Traffic Rates CL...

Page 3206: ...To view this statement in the configuration interface control To add this statement to the configuration Related Documentation Firewall Filter Match Conditions and Actions for EX Series Switches on page 3009 Configuring Firewall Filters CLI Procedure on page 3063 Configuring Firewall Filters J Web Procedure on page 3069 Firewall Filters for EX Series Switches Overview on page 3001 Copyright 2010 J...

Page 3207: ...e name can contain letters numbers hyphens and can be up to 64 characters long The remaining statements are explained separately Required Privilege Level firewall To view this statement in the configuration firewall control To add this statement to the configuration Related Documentation Example Configuring Firewall Filters for Port VLAN and Router Traffic on EX Series Switches on page 3039 Exampl...

Page 3208: ... Configuring a Single Rate Two Color Policer Copyright 2010 Juniper Networks Inc 3112 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 3209: ...ation in the dynamic database introduced in Junos OS Release 9 5 for EX Series switches inet mdt option introduced in Junos OS Release 10 0R2 Description Define a routing policy including subroutine policies Options actions Optional One or more actions to take if the conditions match The actions are described in Configuring Flow Control Actions familyfamily name Optional Specify an address family ...

Page 3210: ...rform an immediate match destination prefix is the IPv4 or IPv6 route prefix to match match type is the type of match see Configuring Route Lists and actions is the action to take if the destination prefix matches source address filter source prefix match type actions Optional Unicast source addresses in multiprotocol BGP MBGP and Multicast Source Discovery Protocol MSDP environments on which to p...

Page 3211: ...elease 10 2 Description Define a list of IPv4 or IPv6 address prefixes for use in a routing policy statement or firewall filter statement Options name Name that identifies the list of IPv4or IPv6 address prefixes ip addresses List of IPv4 or IPv6 address prefixes one IP address per line in the configuration The remaining statement is explained separately Required Privilege Level routing To view th...

Page 3212: ... virtual routing instance Required Privilege Level firewall To view this statement in the configuration firewall control To add this statement to the configuration Related Documentation Example Using Filter Based Forwarding to Route Application Traffic to a Security Device on EX Series Switches on page 3058 Configuring Virtual Routing Instances CLI Procedure on page 1384 Understanding Filter Based...

Page 3213: ...The remaining statements are explained separately Required Privilege Level firewall To view this statement in the configuration firewall control To add this statement to the configuration Related Documentation Firewall Filter Match Conditions and Actions for EX Series Switches on page 3009 Example Configuring Firewall Filters for Port VLAN and Router Traffic on EX Series Switches on page 3039 Conf...

Page 3214: ...ll To view this statement in the configuration firewall control To add this statement to the configuration Related Documentation Firewall Filter Match Conditions and Actions for EX Series Switches on page 3009 Example Configuring Firewall Filters for Port VLAN and Router Traffic on EX Series Switches on page 3039 Example Using Filter Based Forwarding to Route Application Traffic to a Security Devi...

Page 3215: ...hat exceeds the rate limits defined by the policer Required Privilege Level firewall To view this statement in the configuration firewall control To add this statement to the configuration Related Documentation Example Configuring Firewall Filters for Port VLAN and Router Traffic on EX Series Switches on page 3039 Configuring Policers to Control Traffic Rates CLI Procedure on page 3073 Configuring...

Page 3216: ...Copyright 2010 Juniper Networks Inc 3120 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 3217: ...CHAPTER 106 Operational Mode Commands for Firewall Filters 3121 Copyright 2010 Juniper Networks Inc ...

Page 3218: ...s all Clear the packet and byte counts for all filters counter counter name Clear the packet and byte counts for a filter counter that has been configured with the counter firewall filter action filter filter name Clear the packet and byte counts for the specified firewall filter logical system logical system name Clear the packet and byte counts for the specified logical system Required Privilege...

Page 3219: ... Optional Clear the packet and byte counts for the specified firewall filter Required Privilege Level clear Related Documentation Example Configuring Firewall Filters for Port VLAN and Router Traffic on EX Series Switches on page 3039 Verifying That Firewall Filters Are Operational on page 3083 Verifying That Policers Are Operational on page 3084 Firewall Filters for EX Series Switches Overview on...

Page 3220: ...a configured filter counter counter name Optional Name of a filter counter logical system all logical system name Optional Perform this operation on all logical systems or on a particular system log Optional Display log entries for firewall filters terse Optional Display firewall filter names only Required Privilege Level view Related Documentation clear firewall on page 3122 List of Sample Output...

Page 3221: ...two underscore __ characters and the name of the logical system for example __ls1 filter1 Filter Display filter counter information Name Name of a filter counter that has been configured with the counter firewall filter action Bytes Number of bytes that match the filter term under which the counter action is specified Packets Number of packets that matched the filter term under which the counter a...

Page 3222: ...0 0 show firewall Logical Systems user host show firewall Filter __lr1 test Counters Name Bytes Packets icmp 420 5 Filter __default_bpdu_filter__ Filter __lr1 inet_filter1 Counters Name Bytes Packets inet_tcp_count 0 0 inet_udp_count 0 0 Filter __lr1 inet_filter2 Counters Name Bytes Packets inet_icmp_count 0 0 inet_pim_count 0 0 Filter __lr2 inet_filter1 Counters Name Bytes Packets inet_tcp_count ...

Page 3223: ...ample Configuring Firewall Filters for Port VLAN and Router Traffic on EX Series Switches on page 3039 Verifying That Firewall Filters Are Operational on page 3083 Verifying That Policers Are Operational on page 3084 Firewall Filters for EX Series Switches Overview on page 3001 Understanding the Use of Policers in Firewall Filters on page 3036 List of Sample Output show firewall on page 3128 show ...

Page 3224: ... vlan filter Counters show firewall Name Bytes Packets employee web counter 0 0 Filter ingress port filter Counters Name Bytes Packets ingress port counter 0 0 Filter ingress port voip class filter Counters Name Bytes Packets icmp counter 0 0 Policers Name Packets icmp connection policer 0 tcp connection policer 0 show firewall filter filter name user host show firewall filter egress vlan filter F...

Page 3225: ...0 50 pfe R ge 1 0 1 0 ICMP 192 168 3 5 192 168 3 4 08 00 49 pfe R ge 1 0 1 0 ICMP 192 168 3 5 192 168 3 4 08 00 48 pfe R ge 1 0 1 0 ICMP 192 168 3 5 192 168 3 4 08 00 47 pfe R ge 1 0 1 0 ICMP 192 168 3 5 192 168 3 4 3129 Copyright 2010 Juniper Networks Inc Chapter 106 Operational Mode Commands for Firewall Filters ...

Page 3226: ...al systems or on a particular system Required Privilege Level view List of Sample Output show firewall log on page 3131 show firewall log detail on page 3131 Output Fields Table 396 on page 3130 lists the output fields for the showfirewalllog command Output fields are listed in the approximate order in which they appear Table 396 show firewall log Output Fields Field Description Field Name Time th...

Page 3227: ...g 2004 10 13 10 37 17 PDT Filter f Filter action accept Name of interface fxp0 0 Name of protocol TCP Packet Length 1020 Source address 172 17 22 108 829 Destination address 192 168 70 66 513 Time of Log 2004 10 13 10 37 17 PDT Filter f Filter action accept Name of interface fxp0 0 Name of protocol TCP Packet Length 49245 Source address 172 17 22 108 829 Destination address 192 168 70 66 513 Time ...

Page 3228: ...the approximate order in which they appear Table 397 show interfaces filters Output Fields Level of Output Field Description Field Name All levels Name of the physical interface Interface All levels Interface state up or down Admin All levels Link state up or down Link All levels Protocol that is configured on the interface Proto All levels Name of the firewall filter to be evaluated when packers ...

Page 3229: ... down ge 0 0 10 0 up down show interfaces filters interface name user host show interfaces filters ge 0 0 0 Interface Admin Link Proto Input Filter Output Filter ge 0 0 0 up down ge 0 0 0 0 up down eth switch unknown 3133 Copyright 2010 Juniper Networks Inc Chapter 106 Operational Mode Commands for Firewall Filters ...

Page 3230: ...lds are listed in the approximate order in which they appear Table 398 show interfaces policers Output Fields Level of Output Field Description Field Name All levels Name of the interface Interface All levels Interface state up or down Admin All levels Link state up or down Link All levels Protocol configured on the interface Proto All levels Policer to be evaluated when packets are received on th...

Page 3231: ...eth switch Interface Admin Link Proto Input Policer Output Policer ge 0 0 1 up down ge 0 0 1 0 up down eth switch Interface Admin Link Proto Input Policer Output Policer ge 0 0 2 up down ge 0 0 3 up down ge 0 0 4 up down ge 0 0 5 up down ge 0 0 6 up down ge 0 0 7 up down ge 0 0 8 up down ge 0 0 9 up down ge 0 0 10 up down ge 0 0 10 0 up down eth switch show interfaces policers interface name user ...

Page 3232: ...e Output show policer on page 3136 show policer policer name on page 3137 Output Fields Table 399 on page 3136 lists the output fields for the showpolicer command Output fields are listed in the approximate order in which they appear Table 399 show policer Output Fields Level of Output Field Description Field Name All levels Name of filter that is configured with the filter statement at the edit f...

Page 3233: ...ss vlan rogue block show policer policer name user host show policer tcp connection policer Filter ingress port filter Policers Name Packets tcp connection policer 0 3137 Copyright 2010 Juniper Networks Inc Chapter 106 Operational Mode Commands for Firewall Filters ...

Page 3234: ...vel view Related Documentation show policy damping on page 2151 List of Sample Output show policy on page 3138 show policy policy name on page 3139 show policy Multicast Scoping on page 3139 Output Fields Table 400 on page 3138 lists the output fields for the showpolicy command Output fields are listed in the approximate order in which they appear Table 400 show policy Output Fields Field Descript...

Page 3235: ...t statics from 3 0 0 0 8 accept 3 1 0 0 16 accept then reject show policy Multicast Scoping user host show policy test statics Policy test statics from multicast scoping 8 3139 Copyright 2010 Juniper Networks Inc Chapter 106 Operational Mode Commands for Firewall Filters ...

Page 3236: ...ical system all logical system name Optional Perform this operation on all logical systems or on a particular logical system Required Privilege Level view List of Sample Output show policy conditions detail on page 3141 Output Fields Table 401 on page 3140 lists the output fields for the show policy conditions command Output fields are listed in the approximate order in which they appear Table 401...

Page 3237: ... conditions Condition cond1 event Existence of a route in a specific routing table show policy conditions detail Dependent routes 4 4 4 4 32 generation 3 6 6 6 6 32 generation 3 10 10 10 10 32 generation 3 Condition cond2 event Existence of a route in a specific routing table Dependent routes None Condition tables Table inet 0 generation 4 dependencies 3 If route exists conditions cond1 cond2 3141...

Page 3238: ...st routes learned from internal BGP IBGP or external BGP EGBP multihop peers Required Privilege Level view Related Documentation show policy damping on page 2151 List of Sample Output test policy on page 3142 Output Fields For information about output fields see the output field tables for the show route command the show route detail command the show route extensive command or the show route terse...

Page 3239: ...oS Configuration on page 3173 Configuring CoS on page 3201 Verifying CoS Configuration on page 3227 Troubleshooting CoS Configuration on page 3235 Configuration Statements for CoS on page 3237 Operational Mode Commands for CoS on page 3271 3143 Copyright 2010 Juniper Networks Inc ...

Page 3240: ...Copyright 2010 Juniper Networks Inc 3144 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 3241: ...Drop Profiles on page 3159 Understanding CoS Schedulers on page 3160 Understanding CoS Two Color Marking on page 3163 Understanding CoS Rewrite Rules on page 3163 Understanding Port Shaping and Queue Shaping for CoS on EX Series Switches on page 3165 Understanding Junos OS EZQoS for CoS Configurations on EX Series Switches on page 3166 Understanding Using CoS with MPLS Networks on EX Series Switch...

Page 3242: ... domain Because Juniper Networks EX Series Ethernet Switches implement CoS in hardware rather than in software you can experiment with and deploy CoS features without affecting packet forwarding and switching performance NOTE CoS policies can be enabled or disabled on each interface of an EX Series switch Also each physical and logical interface on the switch can have custom CoS rules associated w...

Page 3243: ...erforms the same actions Switch D also examines the packets and determines the appropriate groups Because Switch D sits at the far end of the network it can rewrite the CoS bits of the packets before transmitting them Figure 80 Packet Flow Across the Network Default CoS Behavior on EX Series Switches If you do not configure any CoS settings on the switch the software performs some CoS functions to...

Page 3244: ...configure policers to discard packets that exceed the rate limits If you want to configure CoS parameters such as loss priority and forwarding class you must use firewall filters Classifiers Packet classification associates incoming packets with a particular CoS servicing level In Juniper Networks Junos operating system Junos OS classifiers associate packets with a forwarding class and loss priori...

Page 3245: ...setting to identify packets that have experienced congestion Typically you mark packets exceeding some service level with a high loss priority Schedulers Each switch interface has multiple queues assigned to store packets The switch determines which queue to service based on a particular method of scheduling This process often involves determining which type of packet should be transmitted before ...

Page 3246: ...gn a meaningful name or alias to the CoS values and use this alias instead of bits when configuring CoS components These aliases are not part of the specifications but are well known through usage For example the alias for DSCP 101110 is widely accepted as ef expedited forwarding When you configure classes and define classifiers you can refer to the markers by alias names You can configure user de...

Page 3247: ...af13 010010 af21 010100 af22 010110 af23 011010 af31 011100 af32 011110 af33 100010 af41 100100 af42 100110 af43 000000 be 001000 cs1 010000 cs2 011000 cs3 100000 cs4 101000 cs5 110000 nc1 cs6 111000 nc2 cs7 IEEE 802 1p CoS Values 000 be 3151 Copyright 2010 Juniper Networks Inc Chapter 107 Class of Service CoS Overview ...

Page 3248: ...0 nc1 cs6 111 nc2 cs7 Related Documentation Understanding Junos OS CoS Components for EX Series Switches on page 3148 Example Configuring CoS on EX Series Switches on page 3173 Defining CoS Code Point Aliases CLI Procedure on page 3204 Defining CoS Code Point Aliases J Web Procedure on page 3202 Copyright 2010 Juniper Networks Inc 3152 Complete Software Guide for Junos OS for EX Series Ethernet Sw...

Page 3249: ...plied to the ingress interface On Juniper Networks EX8200 Ethernet Switches you can specify BA classifiers for bridged multidestination traffic and IP multidestination traffic The BA classifier for multicast packets is applied to all interfaces on the EX8200 switch This topic describes Behavior Aggregate Classifiers on page 3153 Multifield Classifiers on page 3155 Behavior Aggregate Classifiers Th...

Page 3250: ...ed BA Classification Allowed BA Classification Type of Interface IEEE 802 1p IP Precedence DSCP DSCP IPv6 Layer 2 interface IEEE 802 1p IP Precedence DSCP Layer 3 interface IPv4 IEEE 802 1p IP Precedence DSCP IPv6 Layer 3 interface IPv6 You can configure all the allowed classifier types on the same logical interface or on different logical interfaces If you need to apply all classifier rules on th...

Page 3251: ...estination port numbers of the packet With MF classifiers you set the forwarding class and loss priority of a packet based on firewall filter rules MF classification is normally performed at the network edge because of the general lack of DSCP or IP precedence support in end user applications On an edge switch an MF classifier provides the filtering functionality that scans through a variety of pa...

Page 3252: ...or multicast packets multicast best effort mcast be Provides no service profile for multicast packets NOTE The forwarding classes multicast expedited forwarding multicast assured forwarding and multicast best effort are applicable only to Juniper Networks EX8200 Ethernet Switches Juniper Networks EX Series Ethernet Switches support up to 16 forwarding classes thus allowing granular packet classifi...

Page 3253: ... drop probabilities low and high are defined for this service class assured forwarding af The software delivers packets in this service class with a high priority These packets are not delay sensitive Typically these packets represent routing protocol hello or keep alive messages Because loss of these packets jeopardizes proper network operation packet delay is preferable to packet discard network...

Page 3254: ...hat shows up when the default configuration is displayed is the forwarding class currently associated with that queue Related Documentation Understanding Junos OS CoS Components for EX Series Switches on page 3148 Example Configuring CoS on EX Series Switches on page 3173 Defining CoS Forwarding Classes CLI Procedure on page 3208 Defining CoS Forwarding Classes J Web Procedure on page 3208 Copyrig...

Page 3255: ... drop probability is implicitly set to 100 percent and it cannot be modified You specify drop probabilities in the drop profile section of the CoS configuration hierarchy and reference them in each scheduler configuration By default if you do not configure any drop profile tail drop profile is in effect and functions as the primary mechanism for managing congestion In the default tail drop profile...

Page 3256: ...best effort queue2 and network control queue7 are used in the default configuration By default the best effort forwarding class queue 0 receives 95 percent of the bandwidth and buffer space for the output link and the network control forwarding class queue 7 receives 5 percent The default drop profile causes the buffer to fill completely and then to discard all incoming packets until it has free s...

Page 3257: ...percent drop probability are dropped from the tail of the buffer The default scheduler transmission rate for queues 0 through 7 are 95 0 0 0 0 0 0 and 5 percent of the total available bandwidth The default buffer size percentages for queues 0 through 7 are 95 0 0 0 0 0 0 and 5 percent of the total available buffer NOTE On EX8200 switches the default scheduler transmission rates for queues 0 throug...

Page 3258: ... decreasing priority down through queue 0 Traffic in higher queue numbers is always scheduled prior to traffic in lower queue numbers In other words in case of two high priority queues the queue with higher queue number is processed first Packets in low priority queues are transmitted only when strict high priority queues are empty Scheduler Drop Profile Maps Drop profile maps associate drop profi...

Page 3259: ...ctions are not affected by any previous marking or metering of the examined packets In other words the policer is blind to any previous coloring a packet might have had Related Documentation Understanding Junos OS CoS Components for EX Series Switches on page 3148 Understanding the Use of Policers in Firewall Filters on page 3036 Configuring Policers to Control Traffic Rates CLI Procedure on page ...

Page 3260: ...ule is active bits 3 4 and 5 of the ToS byte are always reset to zero when code points are rewritten Default Rewrite Rule To enable a rewrite rule on an interface you can either create your own rewrite rule and enable it on the interface or enable a default rewrite rule See Defining CoS Rewrite Rules CLI Procedure on page 3216 Table 407 on page 3164 shows the default rewrite rule mappings These ar...

Page 3261: ...ueue shaping can be used to manage the excess traffic and avoid congestion Port shaping defines the maximum bandwidth allocated to a port while queue shaping defines a limit on excess bandwidth usage per queue This topic covers Port Shaping on page 3165 Queue Shaping on page 3165 Port Shaping Port shaping enables you to shape the aggregate traffic through a port or channel to a rate that is less t...

Page 3262: ...ses schedulers and scheduler maps and then apply these components to the interfaces Therefore configuring CoS can be a fairly complex and time consuming task EZQoS works by automatically assigning preconfigured values to all CoS parameters based on the typical application requirements These preconfigured values are stored in a template with a unique name You can change the preconfigured values of ...

Page 3263: ...e rule default or custom You do not bind the EXP classifier or the EXP rewrite rule to individual interfaces The switch automatically and implicitly applies the default or the custom EXP classifier and the default or the custom EXP rewrite rule to the appropriate MPLS enabled interfaces Because rewrite rules affect only egress interfaces the switch applies the EXP rewrite rule only to those MPLS i...

Page 3264: ...ou can configure one interface as DSCP1 and another as DSCP2 and another and IP precedence and so forth Default Classifiers and Default Rewrite Rules The default classifiers support only two forwarding classes best effort and network control and use only two queues 0 and 7 However EX Series switches support up to sixteen forwarding classes and eight queues To use the additional forwarding classes ...

Page 3265: ...re the same as for the other CoS configurations on EX Series switches Default schedulers are provided for best effort and network control forwarding classes If you are using assured forwarding expedited forwarding or other custom forwarding classes we recommend that you configure a scheduler to support that forwarding class See Understanding CoS Schedulers on page 3160 Related Documentation JUNOS ...

Page 3266: ...e Traffic on these queues is scheduled using the shaped deficit weighted round robin SDWRR algorithm with each interface s queue in the port group having an equal weight High priority queue The interfaces in a port group share a single high priority queue Traffic on this queue is scheduled by strict high priority For the purpose of port ingress queuing packets are classified only by behavior aggre...

Page 3267: ...ngle set of eight egress chassis queues at the Packet Forwarding Engine Egress traffic is fanned out from the Packet Forwarding Engine chassis queues to the corresponding queues for the individual ports For this reason the interfaces in a port group must share the same scheduler map configuration If you configure different scheduler map configurations for the different interfaces in a port group a...

Page 3268: ...Copyright 2010 Juniper Networks Inc 3172 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 3269: ...ide various levels of throughput and packet loss This is especially important for traffic that is sensitive to jitter and delay such as voice traffic This example shows how to configure CoS on a single EX Series switch in the network Requirements on page 3173 Overview and Topology on page 3173 Configuration on page 3176 Verification on page 3186 Requirements This example uses the following hardwar...

Page 3270: ...or two VoIP phones Switch port ge 0 0 2 is assigned to the camera vlan for the surveillance camera Switch ports ge 0 0 3 ge 0 0 4 ge 0 0 5 and ge 0 0 6 are assigned to the server vlan for the servers hosting various applications such as those provided by Citrix Microsoft Oracle and SAP Table 408 on page 3175 shows the VLAN configuration components Copyright 2010 Juniper Networks Inc 3174 Complete ...

Page 3271: ...ries switches support Power over Ethernet PoE to provide both network connectivity and power for VoIP telephones connecting to the ports Table 409 on page 3175 shows the switch interfaces that are assigned to the VLANs and the IP addresses for devices connected to the switch ports Table 409 Configuration Components Switch Ports on a 48 Port All PoE Switch Port Devices IP Addresses VLAN Membership ...

Page 3272: ...nternet control set firewall family ethernet switching filter voip_class term network_control then forwarding class network control loss priority low set firewall family ethernet switching filter voip_class term best_effort_traffic then forwarding class best effort loss priority low set interfaces ge 0 0 0 description phone1 voip ingress port set interfaces ge 0 0 0 unit 0 family ethernet switchin...

Page 3273: ... forwarding class best effort loss priority low set interfaces ge 0 0 3 unit 0 family ethernet switching filter input app_class set interfaces ge 0 0 4 unit 0 family ethernet switching filter input app_class set interfaces ge 0 0 5 unit 0 family ethernet switching filter input app_class set interfaces ge 0 0 6 unit 0 family ethernet switching filter input app_class set class of service schedulers ...

Page 3274: ...rwarding classes class best effort queue num 0 user switch set forwarding classes class voice queue num 6 user switch set forwarding classes class network control queue num 7 2 Define the firewall filter voip_class to classify the VoIP traffic edit firewall user switch set family ethernet switching filter voip_class 3 Define the term voip edit firewall user switch set family ethernet switching fil...

Page 3275: ...ol from precedence net control internet control user switch set family ethernet switching filter video_class term network_control then forwarding class network control loss priority low 10 Define the term best_effort_traffic for the video_class filter edit firewall user switch setfamilyethernet switchingfiltervideo_classtermbest_effort_traffic then forwarding class best effort loss priority low 11...

Page 3276: ...et switching filter app_class term erp then forwarding class erp loss priority low 17 Define the term network_control for the app_class filter edit firewall user switch set family ethernet switching filter app_class term network_control from precedence net control internet control user switch set family ethernet switching filter app_class term network_control then forwarding class network control ...

Page 3277: ...rs be sched priority low user switch set schedulers be sched transmit rate percent 35 21 Assign the forwarding classes to schedulers with the scheduler map ethernet cos map edit class of service user switch setscheduler mapsethernet cos mapforwarding classvoicescheduler voice sched user switch setscheduler mapsethernet cos mapforwarding classvideoscheduler video sched user switch setscheduler maps...

Page 3278: ...ilter video_class term video from source address 192 168 1 14 32 protocol udp source port 2979 then forwarding class video loss priority low term network control from precedence net control internet control then forwarding class network control loss priority low term best_effort_traffic then forwarding class best effort loss priority low filter app_class Copyright 2010 Juniper Networks Inc 3182 Co...

Page 3279: ...ng class mail loss priority low term db from source address 192 168 1 25 32 protocol tcp source port 1521 1525 1527 1571 1810 2481 then forwarding class db loss priority low term erp from source address 192 168 1 26 32 protocol tcp source port 3200 3300 3301 3600 then forwarding class erp loss priority low term network control from precedence net control internet control 3183 Copyright 2010 Junipe...

Page 3280: ...ue num 7 schedulers voice sched buffer size percent 10 priority strict high transmit rate percent 10 video sched buffer size percent 15 priority low transmit rate percent 15 app sched buffer size percent 10 priority low transmit rate percent 10 mail sched buffer size percent 5 priority low transmit rate percent 5 db sched buffer size percent 10 priority low transmit rate percent 10 erp sched buffe...

Page 3281: ...ss mail scheduler mail sched forwarding class db scheduler db sched forwarding class erp scheduler erp sched forwarding class network control scheduler nc sched forwarding class best effort scheduler be sched user switch show interfaces ge 0 0 0 unit 0 family ethernet filter input voip_class ge 0 0 1 unit 0 family ethernet filter input voip_class ge 0 0 2 unit 0 family ethernet filter input video_...

Page 3282: ...es Have Been Assigned to Schedulers on page 3187 Verifying That the Scheduler Map Has Been Applied to the Interface on page 3188 Verifying That the Defined Forwarding Classes Exist and Are Mapped to Queues Purpose Verify that the following forwarding classes app db erp mail video and voice have been defined and mapped to queues Action user switch show class of service forwarding class Forwarding c...

Page 3283: ...t drop profile Scheduler app sched Forwarding class app Index 22 Transmit rate 10 percent Rate Limit none Buffer size 10 percent Priority low Drop profiles Loss priority Protocol Index Name High non TCP 1 default drop profile High TCP 1 default drop profile Scheduler mail sched Forwarding class mail Index 22 Transmit rate 5 percent Rate Limit none Buffer size 5 percent Priority low Drop profiles L...

Page 3284: ...s in use 8 Scheduler map ethernet cos map Index 43366 Input scheduler map default Index 3 Meaning This output shows that the scheduler map ethernet cos map has been applied to the interface ge 0 0 20 Related Documentation Defining CoS Code Point Aliases CLI Procedure on page 3204 Defining CoS Classifiers CLI Procedure on page 3204 Defining CoS Forwarding Classes CLI Procedure on page 3208 Defining...

Page 3285: ...onfiguring the Local PE Switch on page 3191 Configuring the Remote PE Switch on page 3193 Configuring the Provider Switch on page 3194 Verification on page 3195 Requirements This example uses the following hardware and software components Junos OS Release 10 1 or later for EX Series switches Three EX Series switches Before you configure CoS with MPLS be sure you have Configured an MPLS network wit...

Page 3286: ...0 5 0 and ge 0 0 6 0 which are the egress interfaces for this switch Table 410 on page 3190 shows the CoS configuration components added to the ingress PE switch Table 410 CoS Configuration Components on the Ingress PE Switch Description Settings Property PE 1 EX Series switch Local PE switch hardware Name of the rate limiting policer Name of the filter which refers to the policer policing filter ...

Page 3287: ...Provider switch hardware Name of the custom EXP classifier exp1 Custom EXP classifier Name of the custom EXP rewrite rule e1 Custom EXP rewrite rule Interfaces that connect the provider switch to the ingress PE switch PE 1 The EXP classifier is enabled by default on the switch and applied implicitly to these interfaces ge 0 0 5 0 and ge 0 0 6 0 Core interfaces receiving packets from other MPLS swi...

Page 3288: ...r switch set classifiers dscp dscp1 forwarding class expedited forwarding loss priority low code points 000111 3 Specify the values for the custom EXP rewrite rule e1 edit class of service user switch set rewrite rules exp e1 forwarding class expedited forwarding loss priority low code point 111 4 Bind the DSCP classifier to the CCC interface edit user switch set class of service interfaces ge 0 0...

Page 3289: ...dited forwarding loss priority low code point 111 firewall family any filter myfilter term t1 then policer mypolicer policer mypolicer if exceeding bandwidth limit 500m burst size limit 33553920 then discard Configuring the Remote PE Switch CLI Quick Configuration To quickly configure a custom EXP classifier on the remote PE switch copy the following commands and paste them into the switch termina...

Page 3290: ...classifier and a custom EXP rewrite rule on the provider switch copy the following commands and paste them into the switch terminal window of the provider switch edit set class of service classifiers exp exp1 import default set class of service classifiers exp exp1 forwarding class expedited forwarding loss priority low code points 010 set class of service rewrite rules exp e1 forwarding class exp...

Page 3291: ...ing That the Policer Firewall Filter Is Operational on page 3195 Verifying That the CoS Classifiers Are Going to the Right Queue on page 3195 Verifying the CoS Forwarding Table Mapping on page 3198 Verifying the Rewrite Rules on page 3199 Verifying That the Policer Firewall Filter Is Operational Purpose Verify the operational state of the policer that is configured on the ingress PE switch Action ...

Page 3292: ...0100 0 0 21 010101 0 0 22 010110 0 0 23 010111 0 0 24 011000 0 0 25 011001 0 0 26 011010 0 0 27 011011 0 0 28 011100 0 0 29 011101 0 0 30 011110 0 0 31 011111 0 0 32 100000 0 0 33 100001 0 0 34 100010 0 0 35 100011 0 0 36 100100 0 0 37 100101 0 0 38 100110 0 0 39 100111 0 0 40 101000 0 0 41 101001 0 0 42 101010 0 0 43 101011 0 0 44 101100 0 0 45 101101 0 0 46 101110 0 0 47 101111 0 0 48 110000 3 0...

Page 3293: ... 0 0 5 101 0 0 6 110 3 0 7 111 3 0 Classifier table index 16 entries 8 Table type Untrust Entry Code point Forwarding class PLP 0 000 0 0 1 001 0 0 2 010 0 0 3 011 0 0 4 100 0 0 5 101 0 0 6 110 0 0 7 111 0 0 Classifier table index 9346 entries 64 Table type DSCP Entry Code point Forwarding class PLP 0 000000 0 0 1 000001 0 0 2 000010 0 0 3 000011 0 0 4 000100 0 0 5 000101 0 0 6 000110 0 0 7 000111...

Page 3294: ...1 3 0 54 110110 3 0 55 110111 3 0 56 111000 3 0 57 111001 3 0 58 111010 3 0 59 111011 3 0 60 111100 3 0 61 111101 3 0 62 111110 3 0 63 111111 3 0 Meaning This output shows that a new DSCP classifier has been created index 9346 on the ingress PE switch PE 1 Verifying the CoS Forwarding Table Mapping Purpose For each logical interface display either the table index of the classifier for a given code...

Page 3295: ...bled 001 Enabled 1 010 Enabled 011 Enabled 2 100 Enabled 101 Enabled 3 110 Enabled 111 Enabled Rewrite table index 35 entries 4 Table type IPv4 precedence FC Low bits State High bits State 0 000 Enabled 000 Enabled 1 101 Enabled 101 Enabled 2 001 Enabled 001 Enabled 3 110 Enabled 111 Enabled Rewrite table index 9281 entries 1 Table type EXP FC Low bits State High bits State 1 111 Enabled 000 Disab...

Page 3296: ...Copyright 2010 Juniper Networks Inc 3200 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 3297: ...es J Web Procedure on page 3217 Assigning CoS Components to Interfaces CLI Procedure on page 3219 Assigning CoS Components to Interfaces J Web Procedure on page 3219 Configuring Junos OS EZQoS for CoS CLI Procedure on page 3221 Configuring CoS on MPLS Provider Edge Switch Using IP Over MPLS CLI Procedure on page 3222 Configuring CoS on MPLS Provider Edge Switch Using Circuit Cross Connect CLI Proc...

Page 3298: ...sifiers J Web Procedure on page 3206 Defining CoS Code Point Aliases J Web Procedure on page 3202 Defining CoS Forwarding Classes J Web Procedure on page 3208 Defining CoS Rewrite Rules J Web Procedure on page 3217 Defining CoS Schedulers J Web Procedure on page 3211 Assigning CoS Components to Interfaces J Web Procedure on page 3219 Defining CoS Code Point Aliases J Web Procedure You can use the ...

Page 3299: ... value Specifies a code point type The code point type can be DSCP or IP precedence Code point type To specify a CoS value type it in the appropriate format For DSCP CoS values use the format xxxxxx where x is 1 or 0 for example 101110 For IP precedence CoS values use the format xxx where x is 1 or 0 for example 111 Specifies the CoS value for which an alias is defined Changing this value alters t...

Page 3300: ...th a particular CoS servicing level Classifiers associate packets with a forwarding class and loss priority and assign packets to output queues based on the associated forwarding class Junos OS supports two general types of classifiers Behavior aggregate or CoS value traffic classifiers Examines the CoS value in the packet header The value in this single field determines the CoS settings applied t...

Page 3301: ...dscpba classifierforwarding classefloss priorityhighcode points 101110 Associate code point 001100 with forwarding class af and loss priority high edit class of service classifiers user switch setdscpba classifierforwarding classafloss priorityhighcode points 001100 Associate code point 110001 with forwarding class nc and loss priority high edit class of service classifiers user switch setdscpba c...

Page 3302: ...ke effect To commit all changes to the active configuration select Commit Options Commit See Using the Commit Options to Commit Configuration Changes for details about all commit options 2 Click one Add Adds a classifier Enter information into the classifier page as described in Table 415 on page 3206 Edit Modifies an existing classifier Enter information into the classifier page as described in T...

Page 3303: ...g Provides high assurance for packets within the specified service profile Excess packets are dropped network control Packets can be delayed but not dropped 4 Select the loss priority To assign a loss priority select one high Packet has a high loss priority low Packet has a low loss priority Sets the forwarding classes and the packet loss priorities PLPs for specific CoS values and aliases Code Po...

Page 3304: ...r switch set class be queue num 0 user switch set class ef queue num 1 user switch set class af queue num 2 user switch set class nc queue num 3 user switch set class ef1 queue num 4 user switch set class ef2 queue num 5 user switch set class af1 queue num 6 user switch set class nc1 queue num 7 Related Documentation Defining CoS Forwarding Classes J Web Procedure on page 3208 Example Configuring ...

Page 3305: ... forwarding classes are assigned By default if a packet is not classified it is assigned to the class associated with queue 0 You can have more than one forwarding class to a queue number Queue Type the name for example be class Specifies the forwarding class names assigned to specific internal queue numbers By default four forwarding classes are assigned to queue numbers 0 best effort 1 assured f...

Page 3306: ...e interface ge 0 0 1 edit class of service interfaces user switch set ge 0 0 1 scheduler map be map To assign the scheduler map to more than one interface by using a wildcard all Gigabit Ethernet interfaces edit class of service interfaces user switch set ge scheduler map be map Assigning Scheduler Maps to Interfaces on a 40 port SFP Line Card For interfaces on a 40 port SFP line card you use the ...

Page 3307: ...s to Interfaces CLI Procedure on page 3219 Monitoring CoS Scheduler Maps on page 3231 Understanding CoS Schedulers on page 3160 Defining CoS Schedulers J Web Procedure You can use the J Web interface to define CoS schedulers on an EX Series switch Using schedulers you can assign attributes to queues and thereby provide congestion control for a particular class of traffic These attributes include t...

Page 3308: ...r select Percent and type an integer from 1 through 100 To specify buffer size as the remaining available buffer select Remainder NOTE On EX8200 switches you can specify the buffer size as a temporal value The queuing algorithm will then drop packets once it has queued a computed number of bytes This number is the product of the logical interface speed and the configured temporal value Defines the...

Page 3309: ...Defining CoS Schedulers CLI Procedure on page 3209 Example Configuring CoS on EX Series Switches on page 3173 Monitoring CoS Scheduler Maps on page 3231 Defining CoS Scheduler Maps J Web Procedure You can use the J Web interface to configure CoS scheduler maps on an EX Series switch To configure scheduler maps 1 Select Configure Class of Service Scheduler Maps NOTE After you make changes to the co...

Page 3310: ...es on page 3173 Monitoring CoS Scheduler Maps on page 3231 Defining CoS Drop Profiles J Web Procedure You can use the J Web interface to define CoS drop profiles on EX4500 and EX8200 switches To configure CoS drop profiles 1 Select Configure Class of Service Drop Profile NOTE After you make changes to the configuration in this page you must commit the changes immediately for them to take effect To...

Page 3311: ...en allocated for that specific queue The drop probability is a percentage value that correlates to the likelihood that an individual packet is dropped from the network Drop profile values Related Documentation Monitoring CoS Drop Profiles on page 3233 Example Configuring CoS on EX Series Switches on page 3173 Configuring CoS Tail Drop Profiles CLI Procedure Tail drop is a simple and effective traf...

Page 3312: ... on interfaces To create an 802 1p rewrite rule named customup rw in the rewrite table for all Layer 2 interfaces edit class of service rewrite rules user switch set ieee 802 1 customup rw forwarding class be loss priority low code point 000 user switch set ieee 802 1 customup rw forwarding class be loss priority high code point 001 user switch set ieee 802 1 customup rw forwarding class af loss p...

Page 3313: ...To define rewrite rules 1 Select Configure Class of Service Rewrite Rules NOTE After you make changes to the configuration in this page you must commit the changes immediately for them to take effect To commit all changes to the active configuration select Commit Options Commit See Using the Commit Options to Commit Configuration Changes for details about all commit options 2 Click one Add Adds a ...

Page 3314: ... packets are dropped network control Packets can be delayed but not dropped 4 Select the loss priority To assign a loss priority select one high Packet has a high loss priority low Packet has a low loss priority To edit an existing code point mapping select it and click Edit To remove a code point mapping entry select it and click Remove Rewrites outgoing CoS values of a packet based on the forwar...

Page 3315: ...ate a CoS component for example a rewrite rule named customup rw to all Gigabit Ethernet interfaces on the switch use wild characters for the interface name and logical interface unit number edit class of service interfaces user switch set ge unit rewrite rules ieee 802 1 customup rw Related Documentation Assigning CoS Components to Interfaces J Web Procedure on page 3219 Example Configuring CoS o...

Page 3316: ...gical Interfaces Your Action Function Field Type the interface name To assign CoS services to all logical interfaces configured on this physical interface type the wildcard character Specifies the name of a logical interface Allows you to assign CoS components while configuring a logical interface on a physical interface at the same time Unit To assign a forwarding class to an interface select the...

Page 3317: ...r VoIP applications The EZQoS VoIP template is stored in etc config ezqos voip conf To configure EZQoS using the CLI 1 Load the EZQoS configuration file etc config ezqos voip conf edit user switch load merge etc config ezqos voip conf 2 Apply the EZQoS group ezqos voip edit user switch set apply groups ezqos voip 3 Apply the DSCP classifier ezqos dscp classifier to a Gigabit Ethernet interface ge ...

Page 3318: ...ng class to this custom DSCP classifier specifying a loss priority and code point edit class of service user switch set classifiers dscp dscp1 forwarding class expedited forwarding loss priority low code points 000111 3 Specify the values for the custom EXP rewrite rule e1 edit class of service user switch set rewrite rules exp e1 forwarding class expedited forwarding loss priority low code point ...

Page 3319: ...E If you are using MPLS with CCC you can use only one type of DSCP IP precedence and only one type of IEEE 802 1p on the CCC interfaces This procedure creates a custom DSCP classifier and a custom EXP rewrite rule on the ingress PE It also enables a policer on the label switched path LSP of the ingress PE to ensure that the amount of traffic forwarded through the LSP never exceeds the requested ba...

Page 3320: ...ce the policer configure a filter term that includes the policer action edit firewall user switch set family any filter myfilter term t1 then policer mypolicer 9 Apply the filter to the LSP edit protocols mpls set label switched path lsp_to_pe2_ge1 policing filter myfilter NOTE You can also configure schedulers and shapers as needed See Defining CoS Schedulers CLI Procedure on page 3209 Related Do...

Page 3321: ...ssifiers classifier type classifier name forwarding class class name loss priority level code points code point 2 Assign a queue number and fabric priority to the forwarding class edit class of service user switch set forwarding classes class class name queue num number priority level 3 Assign the BA classifier to the physical interface edit class of service user switch set interfaces interface na...

Page 3322: ...ed Documentation Understanding CoS Queues on the 40 Port SFP Line Card on page 3170 Copyright 2010 Juniper Networks Inc 3226 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 3323: ...To monitor CoS classifiers in the J Web interface select Monitor Class of Service Classifiers To monitor CoS classifiers in the CLI enter the following CLI command show class of service classifier Meaning Table 422 on page 3227 summarizes key output fields for CoS classifiers Table 422 Summary of Key CoS Classifier Output Fields Additional Information Values Field To display classifier assignments...

Page 3324: ...tion Defining CoS Classifiers CLI Procedure on page 3204 Defining CoS Classifiers J Web Procedure on page 3206 Example Configuring CoS on EX Series Switches on page 3173 Monitoring CoS Forwarding Classes Purpose View the current assignment of class of service CoS forwarding classes to queues on the switch Action To monitor CoS forwarding classes in the J Web interface select Monitor Class of Servi...

Page 3325: ...er corresponding to the forwarding class name The default forwarding classes are assigned as follows best effort 0 expedited forwarding 5 assured forwarding 1 network control 7 mcast be 2 mcast ef 4 mcast af 6 Queue EX8200 switches only Fabric priority for the forwarding class either high or low The fabric priority determines the priority of packets ingressing the switch fabric Fabric Priority Rel...

Page 3326: ...nents are assigned Logical Interface Category of an object for example classifier scheduler map or rewrite Object Name that you have given to an object for example ba classifier Name Type of an object for example dscp for a classifier Type Index of this interface or the internal index of a specific object Index Related Documentation Assigning CoS Components to Interfaces CLI Procedure on page 3219...

Page 3327: ...rmine CoS values for rewriting in combination with loss priority Forwarding Class Loss priority that is used to determine CoS values for rewriting in combination with forwarding class Loss Priority Value that the CoS value is rewritten to Rewrite CoS Value To Related Documentation Defining CoS Rewrite Rules CLI Procedure on page 3216 Defining CoS Rewrite Rules J Web Procedure on page 3217 Example ...

Page 3328: ...queue or the amount of transmit delay in milliseconds The buffer size can be either of the following A percentage The buffer is a percentage of the total buffer allocation remainder The buffer is sized according to what remains after other scheduler buffer allocations Buffer Size Scheduling priority of a queue strict high Packets in this queue are transmitted first low Packets in this queue are tr...

Page 3329: ...y aliases and bit patterns click the plus sign Type of the CoS value dscp Examines Layer 3 packet headers for IP packet classification ieee 802 1 Examines Layer 2 packet headers for packet classification inet precedence Examines Layer 3 packet headers for IP packet classification CoS Value Type Name given to a set of bits for example af11 is a name for 001010 bits CoS Value Alias Set of bits assoc...

Page 3330: ...ph of a RED curve that the system uses to determine the drop probability based on queue buffer fullness Graph RED Profile Type of a specific drop profile interpolated The two coordinates x and y of the graph are interpolated to produce a smooth profile segmented The two coordinates x and y of the graph are represented by line fragments to produce a segmented profile Type Internal index of this dro...

Page 3331: ...ort SFP line card in an EX8200 switch is replaced with a configured scheduler map Cause The ports in a 40 port SFP line card are divided into eight groups each group comprising five ports The ports in a port group share 10 gigabits of bandwidth Because the port groups share bandwidth CoS ingress and egress queues are handled differently on the 40 port SFP line card than on other line cards for EX8...

Page 3332: ...ss and egress queues are handled differently on the 40 port SFP line card than on other line cards for EX8200 switches Only one scheduler map can be active at a time in a port group In a port group if you install transceivers in ports on which you have configured different scheduler maps the scheduler maps on all ports in that port group are replaced with the default scheduler map For example if y...

Page 3333: ...ame loss priority loss priority code points aliases 6 bit patterns code point aliases dscp ieee 802 1 inet precedence alias name bits forwarding classes class class name queue num queue number priority high low interfaces interface name scheduler map map name unit logical unit number forwarding class class name classifiers dscp ieee 802 1 inet precedence classifier name default multi destination f...

Page 3334: ...int Aliases J Web Procedure on page 3202 DefiningCoSClassifiers CLIProcedure onpage3204orDefiningCoSClassifiers J Web Procedure on page 3206 Defining CoS Forwarding Classes CLI Procedure on page 3208 or Defining CoS Forwarding Classes J Web Procedure on page 3208 Configuring CoS Tail Drop Profiles CLI Procedure on page 3215 Defining CoS Schedulers CLI Procedure on page 3209 or Defining CoS Schedul...

Page 3335: ...forwarding class for assured forwarding of multicast traffic mcast be Default best effort forwarding class for multicast traffic mcast ef Default forwarding class for expedited forwarding of multicast traffic Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Understanding CoS Schedulers on p...

Page 3336: ... configured sharing is disabled on the queue restricting the usage to guaranteed buffers only percentpercentage Buffer size as a percentage of total buffer remainder Remaining buffer available Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Configuring CoS on EX Series Switches on ...

Page 3337: ...nes whether packets are sent to the high or low priority queue for ingressing the port group The primary use of this option is to prevent high priority input traffic from being dropped due to congestion on the port group of a 40 port SFP line card Options class name Name of forwarding class priority high low Optional EX8200 switches only Fabric priority Values high or low Default low queue num que...

Page 3338: ... scheduler map map name unit logical unit number forwarding class class name classifiers dscp ieee 802 1 inet precedence classifier name default multi destination family ethernet broadcast forwarding class name inet classifiers dscp inet precedence classifier name scheduler map map name rewrite rules dscp ieee 802 1 inet precedence rewrite name import rewrite name default forwarding class class na...

Page 3339: ...ple Configuring CoS on EX Series Switches on page 3173 DefiningCoSCode PointAliases CLIProcedure onpage3204orDefiningCoSCode Point Aliases J Web Procedure on page 3202 DefiningCoSClassifiers CLIProcedure onpage3204orDefiningCoSClassifiers J Web Procedure on page 3206 Defining CoS Forwarding Classes CLI Procedure on page 3208 or Defining CoS Forwarding Classes J Web Procedure on page 3208 Configuri...

Page 3340: ... a default classifier or a custom classifier The statements are explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Configuring CoS on EX Series Switches on page 3173 Example Combining CoS with MPLS on EX Series Switches on page 3188 DefiningCoSClassifiers CLIProce...

Page 3341: ...code points aliases 6 bit patterns Hierarchy Level edit class of service classifiers dscp ieee 802 1 inet precedence forwarding class class name loss priority level Release Information Statement introduced in Junos OS Release 9 0 for EX Series switches Description Specify one or more DSCP code point aliases or bit sets for association with a forwarding class Options aliases Name of the DSCP alias ...

Page 3342: ... name Name of the drop profile The remaining statements are explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Configuring CoS on EX Series Switches on page 3173 Defining CoS Schedulers CLI Procedure on page 3209 or Defining CoS Schedulers J Web Procedure on page ...

Page 3343: ...plained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Configuring CoS on EX Series Switches on page 3173 DefiningCoSCode PointAliases CLIProcedure onpage3204orDefiningCoSCode Point Aliases J Web Procedure on page 3202 DefiningCoSClassifiers CLIProcedure onpage3204orDef...

Page 3344: ...remaining statements are explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Configuring CoS on EX Series Switches on page 3173 DefiningCoSCode PointAliases CLIProcedure onpage3204orDefiningCoSCode Point Aliases J Web Procedure on page 3202 DefiningCoSClassifiers C...

Page 3345: ...dcast traffic family The remaining statement is explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Understanding CoS Schedulers on page 3160 Understanding CoS Forwarding Classes on page 3156 Understanding CoS Classifiers on page 3153 3249 Copyright 2010 Juniper Networks I...

Page 3346: ...bind it to an individual interface and you cannot disable it Options classifier name Name of the classifier The remaining statements are explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Understanding Using CoS with MPLS Networks on EX Series Switches on page 3167 Config...

Page 3347: ...ption Specify the multidestination traffic family The remaining statements are explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Understanding CoS Schedulers on page 3160 Understanding CoS Forwarding Classes on page 3156 Understanding CoS Classifiers on page 3153 3251 Co...

Page 3348: ...es switches Description Define forwarding class name and option values Options class name Name of the forwarding class The remaining statements are explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Configuring CoS on EX Series Switches on page 3173 Defining CoS F...

Page 3349: ...is explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Configuring CoS on EX Series Switches on page 3173 Defining CoS Forwarding Classes CLI Procedure on page 3208 or Defining CoS Forwarding Classes J Web Procedure on page 3208 Understanding CoS Forwarding Classes...

Page 3350: ...re explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Configuring CoS on EX Series Switches on page 3173 DefiningCoSClassifiers CLIProcedure onpage3204orDefiningCoSClassifiers J Web Procedure on page 3206 DefiningCoSCode PointAliases CLIProcedure onpage3204orDefin...

Page 3351: ...e classifiers hierarchy level default Default classifier mapping Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Configuring CoS on EX Series Switches on page 3173 DefiningCoSClassifiers CLIProcedure onpage3204orDefiningCoSClassifiers J Web Procedure on page 3206 Defining CoS Rewri...

Page 3352: ...ecify the IP multicast family The remaining statements are explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Understanding CoS Schedulers on page 3160 Understanding CoS Forwarding Classes on page 3156 Understanding CoS Classifiers on page 3153 Copyright 2010 Juniper Netw...

Page 3353: ...The remaining statements are explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Configuring CoS on EX Series Switches on page 3173 DefiningCoSClassifiers CLIProcedure onpage3204orDefiningCoSClassifiers J Web Procedure on page 3206 DefiningCoSCode PointAliases CLIP...

Page 3354: ...el routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Configuring CoS on EX Series Switches on page 3173 DefiningCoSClassifiers CLIProcedure onpage3204orDefiningCoSClassifiers J Web Procedure on page 3206 Defining CoS Forwarding Classes CLI Procedure on page 3208 or Defining CoS Forwarding Classes J Web Proce...

Page 3355: ...point aliases and bit patterns Options level Can be one of the following high Packet has high loss priority low Packet has low loss priority The remaining statement is explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Configuring CoS on EX Series Switches on page...

Page 3356: ...fine the CoS configuration for multidestination traffic The remaining statements are explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Understanding CoS Schedulers on page 3160 Understanding CoS Forwarding Classes on page 3156 Understanding CoS Classifiers on page 3153 C...

Page 3357: ...LS Options filter filter name Specify the name of the policing filter no automatic policing Disable automatic policing on this LSP Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation policer on page 3111 Configuring Policers to Control Traffic Rates CLI Procedure on page 3073 Configuring CoS o...

Page 3358: ...erstanding CoS Schedulers on page 3160 protocol Syntax protocol protocol drop profile profile name Hierarchy Level edit class of service schedulers scheduler name Release Information Statement introduced in Junos OS Release 9 0 for EX Series switches Description Specify the protocol type for the specified drop profile Options drop profile profile name Name of the drop profile protocol Type of prot...

Page 3359: ...g for the traffic that passes through all queues on the interface The remaining statements are explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Configuring CoS on EX Series Switches on page 3173 Defining CoS Rewrite Rules CLI Procedure on page 3216 or Defining C...

Page 3360: ...er map Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Configuring CoS on EX Series Switches on page 3173 Assigning CoS Components to Interfaces CLI Procedure on page 3219 or Assigning CoS Components to Interfaces J Web Procedure on page 3219 Understanding CoS Schedulers on page 31...

Page 3361: ...ler map The remaining statement is explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Configuring CoS on EX Series Switches on page 3173 Defining CoS Forwarding Classes CLI Procedure on page 3208 or Defining CoS Forwarding Classes J Web Procedure on page 3208 Unde...

Page 3362: ...fy scheduler name and parameter values Options scheduler name Name of the scheduler The remaining statements are explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Configuring CoS on EX Series Switches on page 3173 Defining CoS Schedulers CLI Procedure on page 320...

Page 3363: ...ping at all Options percentpercentage Shaping rate as a percentage of the available interface bandwidth Range 0 through 100 percent rate Peak rate in bits per second bps You can specify a value in bits per second either as a complete decimal number or as a decimal number followed by the abbreviation k 1000 m 1 000 000 or g 1 000 000 000 Range 3200 through 32 000 000 000 bps Required Privilege Leve...

Page 3364: ...shared buffer as a percentage of the buffer allocated to the shared buffer pool Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Configuring CoS on EX Series Switches on page 3173 Understanding Junos OS CoS Components for EX Series Switches on page 3148 Copyright 2010 Juniper Networ...

Page 3365: ...cimal number or as a decimal number followed by the abbreviation k 1000 m 1 000 000 or g 1 000 000 000 Range 3200 through 160 000 000 000 bps percent percentage Percentage of transmission capacity A percentage of zero drops all packets in the queue Range 0 through 100 percent remainder Remaining rate available Required Privilege Level routing To view this statement in the configuration routing con...

Page 3366: ...ical device Options logical unit number Number of the logical unit Range 0 through 16 385 The remaining statements are explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Configuring CoS on EX Series Switches on page 3173 Assigning CoS Components to Interfaces CLI ...

Page 3367: ...CHAPTER 113 Operational Mode Commands for CoS 3271 Copyright 2010 Juniper Networks Inc ...

Page 3368: ...rvice command Output fields are listed in the approximate order in which they appear Table 429 show class of service Output Fields Level of Output Field Description Field Name All levels The forwarding class configuration Forwarding class Name of the forwarding class ID Forwarding class ID Queue Queue number Fabric Priority EX8200 switches only Fabric priority either high or low The fabric priorit...

Page 3369: ...uffer size in the queue Buffer size All levels Drop profiles configured for the specified scheduler Drop profiles All levels Transport protocol corresponding to the drop profile Protocol All levels Name of the drop profile Name All levels Number of queues that can be configured on the interface Queues supported All levels Number of queues currently configured Queues in use All levels Name of the p...

Page 3370: ...1 best effort low 010 best effort low 011 best effort low 100 best effort low 101 best effort low 110 network control low 111 network control low Classifier ieee8021p untrust Code point type ieee 802 1 Index 16 Code point Forwarding class Loss priority 000 best effort low 001 best effort low 010 best effort low 011 best effort low 100 best effort low 101 best effort low 110 best effort low 111 bes...

Page 3371: ...e Forwarding class best effort Index 20 Transmit rate 95 percent Rate Limit none Buffer size 95 percent Priority low Drop profiles Loss priority Protocol Index Name High non TCP 1 default drop profile High TCP 1 default drop profile Scheduler default nc Forwarding class network control Index 22 Transmit rate 5 percent Rate Limit none Buffer size 5 percent Priority low Drop profiles Loss priority P...

Page 3372: ... best effort high 001 expedited forwarding low 010 expedited forwarding high 011 fw class low 100 fw class high 101 network control low 110 network control high 111 Rewrite rule ieee8021p default Code point type ieee 802 1 Index 34 Forwarding class Loss priority Code point best effort low 000 best effort high 001 expedited forwarding low 010 expedited forwarding high 011 fw class low 100 fw class ...

Page 3373: ...sifiers of the ieee 802 1 type type inet precedence Optional Display all classifiers of the inet precedence type Required Privilege Level view List of Sample Output show class of service classifier type ieee 802 1 on page 3278 Output Fields Table 430 on page 3277 describes the output fields for the showclass of serviceclassifier command Output fields are listed in the approximate order in which th...

Page 3374: ...1 default Code point type ieee 802 1 Index 3 Code Point Forwarding Class Loss priority 000 best effort low show class of service classifier type ieee 802 1 001 best effort high 010 expedited forwarding low 011 expedited forwarding high 100 assured forwarding low 101 assured forwarding medium high 110 network control low 111 network control high Classifier users ieee802 1 Code point type ieee 802 1...

Page 3375: ...Display IEEE 802 1 code point aliases inet precedence Optional Display IPv4 precedence code point aliases Required Privilege Level view List of Sample Output show class of service code point aliases exp on page 3280 Output Fields Table 431 on page 3279 describes the output fields for the show class of service code point aliases command Output fields are listed in the approximate order in which the...

Page 3376: ...ses exp Code point type exp Alias Bit pattern show class of service code point aliasesexp af11 100 af12 101 be 000 be1 001 cs6 110 cs7 111 ef 010 ef1 011 nc1 110 nc2 111 Copyright 2010 Juniper Networks Inc 3280 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 3377: ...lege Level view List of Sample Output show class of service drop profile on page 3282 Output Fields Table432onpage3281describestheoutputfieldsfortheshowclass of servicedrop profile command Output fields are listed in the approximate order in which they appear Table 432 show class of service drop profile Output Fields Field Description Field Name Name of a drop profile Drop profile Type of this dro...

Page 3378: ...w class of service drop profile 100 100 Drop profile user drop profile Type interpolated Index 2989 Fill level Drop probability 0 0 1 1 2 2 4 4 5 5 6 6 8 8 10 10 12 15 14 20 15 23 64 entries total 90 96 92 96 94 97 95 98 96 98 98 99 99 99 100 100 Copyright 2010 Juniper Networks Inc 3282 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 3379: ...on page 3283 describes the output fields for the show class of service forwarding class command Output fields are listed in the approximate order in which they appear Table 433 show class of service forwarding class Output Fields Field Description Field Name Name of forwarding class Forwarding class Forwarding class identifier ID CoS queue mapped to the forwarding class Queue Not supported on EX S...

Page 3380: ...c priority best effort 0 0 low expedited forwarding 1 5 low show class of service forwarding class EX8200 Switch assured forwarding 2 1 low network control 3 7 low mcast be 4 2 low mcast ef 5 4 low mcast af 6 6 low Copyright 2010 Juniper Networks Inc 3284 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 3381: ...in which they appear Table 434 show class of service interface Output Fields Field Description Field Name Name of a physical interface Physical interface Index of this interface or the internal index of this object Index Status of dedicated queues configured on an interface Supported on Trio MPC MIC interfaces on MX Series routers only Dedicated Queues Number of queues you can configure on the int...

Page 3382: ...er Fragmentation map for LSQ interfaces only Scheduler map Rewrite or Translation Table for IQE PICs only Object Name of an object Name Type of an object dscp dscp ipv6 exp ieee 802 1 ip or inet precedence Type show class of service interface Physical user host show class of service interface so 0 2 3 Physical interface so 0 2 3 Index 135 Queues supported 8 Queues in use 4 show class of service in...

Page 3383: ...ce interface Gigabit Ethernet user host show class of service interface ge 6 2 0 Physical interface ge 6 2 0 Index 175 Queues supported 4 Queues in use 4 Scheduler map default Index 2 Input scheduler map default Index 3 Chassis scheduler map default chassis Index 4 3287 Copyright 2010 Juniper Networks Inc Chapter 113 Operational Mode Commands for CoS ...

Page 3384: ...eld Name Information about Packet Forwarding Engine traffic Input Packets Number and rate of input packets Output Packets Number and rate of output packets Packet Forwarding Engine Traffic statistics Information about Packet Forwarding Engine local traffic Local packets input Number of local input packets Local packets output Number of local output packets Software input high drops Number of softw...

Page 3385: ... Local Protocol statistics Information about Packet Forwarding Engine hardware discards Timeout Number of packets discarded because of timeouts Truncated key Number of packets discarded because of truncated keys Bits to test Number of bits to test Data error Number of packets discarded because of data errors Stack underflow Number of packets discarded because of stack underflows Stack overflow Num...

Page 3386: ...ut 0 Truncated key 0 Bits to test 0 Data error 0 Stack underflow 0 Stack overflow 0 Normal discard 0 Extended discard 0 Invalid interface 0 Info cell drops 0 Fabric drops 0 Packet Forwarding Engine Input IPv4 Header Checksum Error and Output MTU Error statistics Input Checksum 0 Output MTU 0 Copyright 2010 Juniper Networks Inc 3290 Complete Software Guide for Junos OS for EX Series Ethernet Switch...

Page 3387: ...h 7 on the EX8208 switch and 0 through 15 on the EX8216 switch Required Privilege Level view Related Documentation show pfe statistics traffic multicast on page 3297 show pfe statistics traffic egress queues on page 3295 show interfaces queue on page 1256 Monitoring Interface Status and Traffic on page 1167 Understanding Junos OS CoS Components for EX Series Switches on page 3148 List of Sample Ou...

Page 3388: ...ause of RED RED dropped bytes show pfe statistics traffic cpu EX8208 Switch user switch show pfe statistics traffic cpu Queue 0 Forwarding classes best effort Queued show pfe statistics traffic cpu EX8208 Switch Packets Not Available Bytes Not Available Packets 0 0 pps Bytes 0 0 bps Tail dropped packets 0 RED dropped bytes 0 0 bps Low 0 0 bps High 0 0 bps RED dropped packets 0 0 pps Low 0 0 pps Hi...

Page 3389: ... Low 0 0 bps High 0 0 bps RED dropped packets 0 0 pps Low 0 0 pps High 0 0 pps Queue 5 Packets Not Available Bytes Not Available Packets 0 0 pps Bytes 0 0 bps Tail dropped packets 0 RED dropped bytes 0 0 bps Low 0 0 bps High 0 0 bps RED dropped packets 0 0 pps Low 0 0 pps High 0 0 pps Queue 6 Packets Not Available Bytes Not Available Packets 0 0 pps Bytes 0 0 bps Tail dropped packets 0 RED dropped...

Page 3390: ...bytes 0 0 bps Low 0 0 bps High 0 0 bps RED dropped packets 0 0 pps Low 0 0 pps High 0 0 pps Copyright 2010 Juniper Networks Inc 3294 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 3391: ...r is the slot number for the line card Possible values are 0 through 7 on the EX8208 switch and 0 through 15 on the EX8216 switch Required Privilege Level view Related Documentation show pfe statistics traffic cpu on page 3291 show pfe statistics traffic multicast on page 3297 show interfaces queue on page 1256 Monitoring Interface Status and Traffic on page 1167 Understanding Junos OS CoS Compone...

Page 3392: ...er switch show pfe statistics traffic egress queues fpc 4 Tail dropped packets 0 show pfe statistics traffic egress queues fpc4 EX8208Switch Copyright 2010 Juniper Networks Inc 3296 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 3393: ...y the slot number NOTE On an EX8200 switch the FPC slot number is the slot number for the line card Possible values are 0 through 7 on the EX8208 switch and 0 through 15 on the EX8216 switch Required Privilege Level view Related Documentation show pfe statistics traffic cpu on page 3291 show pfe statistics traffic egress queues on page 3295 show interfaces queue on page 1256 Monitoring Interface S...

Page 3394: ...cause of RED High Number of high loss priority bytes dropped because of RED RED dropped bytes Egress packets dropped by the PFE because none of the ports on the physical interface are needed to forward the packet Multicast Replication Engine dropped packets show pfe statistics traffic multicast fpc 0 EX8208 Switch show pfe statistics traffic multicast fpc 0 EX8208 Switch user switch show pfe stati...

Page 3395: ...bps High 0 0 bps RED dropped packets 0 0 pps Low 0 0 pps High 0 0 pps Queue 4 Packets Not Available Bytes Not Available Packets 0 0 pps Bytes 0 0 bps Tail dropped packets 0 RED dropped bytes 0 0 bps Low 0 0 bps High 0 0 bps RED dropped packets 0 0 pps Low 0 0 pps High 0 0 pps Queue 5 Packets Not Available Bytes Not Available Packets 0 0 pps Bytes 0 0 bps Tail dropped packets 0 RED dropped bytes 0 ...

Page 3396: ...Packets 0 0 pps Bytes 0 0 bps Tail dropped packets 0 RED dropped bytes 0 0 bps Low 0 0 bps High 0 0 bps RED dropped packets 0 0 pps Low 0 0 pps High 0 0 pps Multicast Replication Engine dropped packets 0 pps Copyright 2010 Juniper Networks Inc 3300 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 3397: ...s PoE Configuration on page 3307 Configuring PoE on page 3315 Verifying PoE Configuration on page 3319 Troubleshooting PoE Configuration on page 3325 Configuration Statements for PoE on page 3327 Operational Mode Commands for PoE on page 3339 3301 Copyright 2010 Juniper Networks Inc ...

Page 3398: ...Copyright 2010 Juniper Networks Inc 3302 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 3399: ...iguration and Monitoring on page 3305 PoE and PoE PoE was first defined in the IEEE 802 3af standard In this standard the amount of power that can be supplied to a powered device is limited to 15 4 W PoE which was defined in the later IEEE 802 3at standard increases the amount of power to 30 W The PoE standard provides support for legacy PoE devices an IEEE 802 3af PoE powered device can operate n...

Page 3400: ...s redundant power supplies and you have installed power supplies of different capacities the PoE power budget is based on the wattage of the lower capacity power supply The number of PoE ports on the switch cannot be increased by installing a larger power supply You can display the PoE power budget for your switch by using the show poe controller command Power Management Mode EX Series switches su...

Page 3401: ...red by 802 3at compliant powered devices In both class and static mode if the power consumption of a powered device exceeds the maximum power allocated to the interface power to the interface is turned off PoE Interface Power Priority You can configure a PoE interface to have either a high or low power priority The power priority determines which interfaces receive power if PoE power demands are g...

Page 3402: ...s on an EX Series Switch on page 3307 Example Configuring PoE Interfaces with Different Priorities on an EX Series Switch on page 3309 Copyright 2010 Juniper Networks Inc 3306 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 3403: ...face This example describes a default configuration of PoE interfaces on an EX Series switch Requirements on page 3307 Overview and Topology on page 3307 Configuration on page 3308 Verification on page 3308 Requirements This example uses the following software and hardware components Junos OS Release 9 0 or later for EX Series switches One EX series switch that supports PoE Before you configure Po...

Page 3404: ... 8 through ge 0 0 20 Direct connections to desktop PCs file servers integrated printer fax copier machines no PoE required ge 0 0 21 through ge 0 0 23 Unused ports for future expansion Configuration To enable the default PoE configuration on the switch CLI Quick Configuration To quickly enable the default configuration on the switch Simply connect the powered devices to the PoE ports Step by Step ...

Page 3405: ...PoE ports supply electric power over the same ports that are used to connect network devices These ports allow you to plug in devices that need both network connectivity and electric power such as voice over IP VoIP phones wireless access points and some IP cameras By default PoE ports on EX Series switches are set to low power priority You can configure a PoE port to have a high power priority se...

Page 3406: ...aces ge 0 0 0 through ge 0 0 7 and 16 non PoE interfaces ge 0 0 8 through ge 0 0 23 Switch hardware default VLAN name ge 0 0 0 Connection to a wireless access point requires PoE ge 0 0 1 and ge 0 0 2 high Security IP Cameras require PoE ge 0 0 3 high Emergency VoIP phone requires PoE ge 0 0 4 high VoIP phone in Executive Office requires PoE ge 0 0 5 through ge 0 0 7 Other VoIP phones require PoE g...

Page 3407: ...riptions for the PoE interfaces edit interfaces user switch set ge 0 0 0 description wireless access point user switch set ge 0 0 1 description security camera front door user switch set ge 0 0 2 description security camera back door user switch set ge 0 0 3 description emergency phone user switch set ge 0 0 4 description Executive Office VoIP phone user switch set ge 0 0 5 description staff VoIP ...

Page 3408: ...fice VoIP phone unit 0 family ethernet switching ge 0 0 5 description staff VoIP phone unit 0 family ethernet switching ge 0 0 6 description staff VoIP phone unit 0 family ethernet switching ge 0 0 7 description staff VoIP phone unit 0 family ethernet switching poe interface all interface ge 0 0 1 priority high telemetries interface ge 0 0 2 priority high telemetries Copyright 2010 Juniper Network...

Page 3409: ...W 0 ge 0 0 1 Enabled ON 15 4W High 4 8W 0 ge 0 0 2 Enabled ON 15 4W High 4 8W 0 ge 0 0 3 Enabled ON 15 4W High 3 3W 2 ge 0 0 4 Enabled ON 15 4W High 4 7W 2 ge 0 0 5 Enabled ON 15 4W Low 3 2W 2 ge 0 0 6 Enabled ON 15 4W Low 3 3W 2 ge 0 0 7 Enabled ON 15 4W Low 3 3W 2 Meaning The show poe interface command lists PoE interfaces configured on the switch with their status priority power consumption and...

Page 3410: ...Copyright 2010 Juniper Networks Inc 3314 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 3411: ...t settings for the switch as a whole and for the PoE interfaces Table 442 PoE Configurable Options and Default Settings Description Default Option Switch Options Reserves up to 19 W out of the PoE power budget to be used in the case of a spike in PoE power consumption 0 W guard band Sets the PoE power management mode for the switch class The maximum power delivered by an interface is determined by...

Page 3412: ...o longer supplies power to a connected powered device Power is not allocated to the interface Not included in default configuration disable To configure PoE 1 To change power management mode from the default class mode to static mode edit poe user switch set management static NOTE On an EX2200 switch we recommend that you do not change the default management mode The PoE power budget for an EX2200...

Page 3413: ...age 3303 Configuring PoE J Web Procedure Power over Ethernet PoE ports supply electric power over the same ports that are used to connect network devices to EX Series switches These ports allow you to plug in devices that require both network connectivity and electric power such as VoIP phones wireless access points and some IP cameras Using the Power over Ethernet PoE Configuration page in the J ...

Page 3414: ...de is static Select class to change the power management mode Specifies the power management mode The options are static and class NOTE When the power management mode is set to class the maximum power value is overridden by the maximum power value of the class of power device that is connected to the switch on the PoE port PoE Management Enter a value to set the guard band value in watts The defau...

Page 3415: ...ace 1 Select Troubleshoot CLI Terminal 2 Type a CLI command show poe controller show poe interface show poe telemetries interface For detailed information about using these CLI commands to monitor PoE power consumption see Monitoring PoE Power Consumption CLI Procedure in the EX Series documentation at http www juniper net techpubs Meaning In the J Web interface the PoE Monitoring screen is divide...

Page 3416: ...320 Current Power Consumption for PoE Interfaces on page 3320 Power Consumption for PoE Interfaces over Time on page 3321 PoE Power Consumption for the Switch Purpose Determine the current PoE power consumption for the switch as a whole Action Enter the following command user switch show poe controller Controller Maximum Power Guard band Management index power consumption 0 130 W 65W 15W Static Me...

Page 3417: ...y the intervals at which power consumption data is collected from once every minute to once every 30 minutes The default is once every 5 minutes You can also specify the duration over which the records are collected from 1 hour default to 24 hours Action To collect historical records of PoE interface power consumption and display those records 1 Add the telemetries statement to the PoE interface c...

Page 3418: ...he Switch Purpose Verify the number of PoE ports on a switch The number of PoE ports on a switch varies according to switch model Action Enter the following command user switch show chassis hardware Hardware inventory Item Version Part number Serial number Description Chassis BH0208375304 EX3200 24T Routing Engine 0 REV 11 750 021261 BH0208375304 EX3200 24T 8 POE FPC 0 REV 11 750 021261 BH02083753...

Page 3419: ... 15 4W Low 3 3W 2 ge 0 0 7 Enabled OFF 15 4W Low 0 0W 0 To view configuration and status for a single PoE interface enter user switch show poe interface ge 0 0 3 PoE interface status PoE interface ge 0 0 3 Administrative status Enabled Operational status ON Power limit on the interface 15 4W Priority High Power consumed 3 3W Class of power device 2 Meaning The command output shows the status and c...

Page 3420: ...E Interfaces on an EX Series Switch on page 3307 Example Configuring PoE Interfaces with Different Priorities on an EX Series Switch on page 3309 Monitoring PoE Power Consumption CLI Procedure on page 3320 Copyright 2010 Juniper Networks Inc 3324 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 3421: ...ated in the port socket Use the show poe controller command to check the PoE power budget and consumption for the switch Has the PoE power budget been exceeded for the switch Use the show poe interface command to check the maximum power provided by the interface Does the powered device require more power than is available on the interface Use the show poe telemetries interface command to display t...

Page 3422: ...Copyright 2010 Juniper Networks Inc 3326 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 3423: ...imum power watts priority high low telemetries disable duration hours interval minutes management class static notification control fpc slot number disable Related Documentation Example Configuring PoE Interfaces with Different Priorities on an EX Series Switch on page 3309 Configuring PoE CLI Procedure on page 3315 PoE and EX Series Switches Overview on page 3303 3327 Copyright 2010 Juniper Netwo...

Page 3424: ... delete the disable statement from the interface entry in the configuration When used with telemetries Disable the collection of PoE power consumption records for this interface Any previously collected records are deleted However the telemetries configuration is retained including the values for interval and duration To re enable record collection delete the disable statement from the telemetries...

Page 3425: ... a PoE interface Options hours Number of hours over which the data is to be collected Range 1 through 24 Default 1 Required Privilege Level system To view this statement in the configuration system control To add this statement to the configuration Related Documentation Example Configuring PoE Interfaces with Different Priorities on an EX Series Switch on page 3309 Configuring PoE CLI Procedure on...

Page 3426: ...tandalone EX4200 switch 0 through 9 On an EX4200 switch in a Virtual Chassis indicating the member ID The remaining statement is explained separately Required Privilege Level system To view this statement in the configuration system control To add this statement to the configuration Related Documentation Example Configuring PoE Interfaces with Different Priorities on an EX Series Switch on page 33...

Page 3427: ...mount of power to be reserved in case of a spike in PoE consumption Range 0 through 19 Default 0 Required Privilege Level system To view this statement in the configuration system control To add this statement to the configuration Related Documentation Example Configuring PoE Interfaces with Different Priorities on an EX Series Switch on page 3309 Configuring PoE CLI Procedure on page 3315 3331 Co...

Page 3428: ... with all interface name Name of the specific interface being configured If you use the interface statement without any substatements PoE is enabled on all interfaces or the specified interface with default values for the remaining statements The remaining statements are explained separately Required Privilege Level system To view this statement in the configuration system control To add this stat...

Page 3429: ...rface Options minutes Frequency of data collection Range 1 through 30 Default 5 Required Privilege Level system To view this statement in the configuration system control To add this statement to the configuration Related Documentation Example Configuring PoE Interfaces with Different Priorities on an EX Series Switch on page 3309 Configuring PoE CLI Procedure on page 3315 Configuring PoE J Web Pr...

Page 3430: ... on page 3303 for more information about classes of powered devices static The amount of power allocated to the interface is determined by the value of the maximum power statement not the class of the connected powered device This amount is allocated even when a powered device is not connected to the interface ensuring that power is available when needed Required Privilege Level system To view thi...

Page 3431: ...for the port Options watts The maximum number of watts that can be supplied to the port Range 0 0 through 15 4 for switches that support IEEE 802 3af PoE and 0 0 through 30 0 for switches that also support IEEE 802 3at PoE Default 15 4 for switches that support IEEE 802 3af PoE and 30 0 for switches that support IEEE 802 3at PoE Required Privilege Level system To view this statement in the configu...

Page 3432: ... PoE interface is enabled or disabled The remaining statements are explained separately Required Privilege Level system To view this statement in the configuration system control To add this statement to the configuration Related Documentation Example Configuring PoE Interfaces with Different Priorities on an EX Series Switch on page 3309 Configuring PoE CLI Procedure on page 3315 Copyright 2010 J...

Page 3433: ...priority in terms of power allocation If the switch needs to shut down powered devices because PoE demand exceeds the PoE budget power is not shut down on this interface until it has been shut down on all the low priority interfaces low Specifies that this interface is to be treated as low priority in terms of power allocation If the switch needs to shut down powered devices because PoE demand exc...

Page 3434: ...ied intervals Logging stops at the end of the specified duration If you did not specify the duration and interval statements data is collected at five minute intervals for one hour The remaining statements are explained separately Default Logging of power consumption is disabled Required Privilege Level system To view this statement in the configuration system control To add this statement to the ...

Page 3435: ...CHAPTER 120 Operational Mode Commands for PoE 3339 Copyright 2010 Juniper Networks Inc ...

Page 3436: ...446onpage3340liststheoutputfieldsfortheshowpoecontrollercommand Output fields are listed in the approximate order in which they appear Table 446 show poe controller Output Fields Field Description Field Name Controller number Controller index Maximum power that the switch can provide to the PoE ports Maximum power Total amount of power being used by the PoE ports at the time the command is execute...

Page 3437: ...switch show poe controller Controller Maximum Power Guard band Management show poe controller index power consumption 0 130 W 43W 15W Class 3341 Copyright 2010 Juniper Networks Inc Chapter 120 Operational Mode Commands for PoE ...

Page 3438: ...s are listed in the approximate order in which they appear Table 447 show poe interface Output Fields Field Description Field Name SingleInterface Output Field Name All Interfaces Output Interface name PoE Interface Interface Administrative state of the PoE interface Enabled or Disabled If the PoE interface is disabled it can provide network connectivity but it cannot provide power to connected de...

Page 3439: ...e Admin status Oper status Max power Priority Power consumption Class ge 0 0 0 Enabled ON 15 4W Low 7 9W 0 show poe interface ge 0 0 1 Enabled ON 15 4W Low 3 2W 2 ge 0 0 2 Enabled ON 15 4W Low 3 2W 2 ge 0 0 3 Enabled ON 15 4W Low 3 2W 2 ge 0 0 4 Enabled ON 15 4W Low 3 2W 2 ge 0 0 5 Enabled ON 15 4W Low 3 2W 2 ge 0 0 6 Enabled ON 15 4W Low 3 2W 2 ge 0 0 7 Enabled ON 15 4W Low 3 2W 2 show poe interf...

Page 3440: ...ist of Sample Output show poe notification control on page 3345 Output Fields Table 448 on page 3344 lists the output fields for the show poe notification control command Output fields are listed in the approximate order in which they appear Table 448 show poe notification control Output Fields Field Description Field Name FPC slot number FPC slot Status of notification control ON PoE traps are en...

Page 3441: ...cation control user switch show poe notification control FPC slot Notification control status 0 OFF show poe notification control 3345 Copyright 2010 Juniper Networks Inc Chapter 120 Operational Mode Commands for PoE ...

Page 3442: ...dure on page 3320 Verifying PoE Configuration and Status CLI Procedure on page 3322 Troubleshooting PoE Interfaces on page 3325 List of Sample Output show poe telemetries interface Last 10 Records on page 3347 show poe telemetries interface All Records on page 3347 Output Fields Table 449 on page 3346 lists the output fields for the show poe telemetries interface command Output fields are listed i...

Page 3443: ...W 51 6V 13 01 27 2008 18 07 57 UTC 15 4W 51 6V 14 01 27 2008 18 06 57 UTC 15 4W 51 6V 15 01 27 2008 18 05 57 UTC 15 4W 51 6V 16 01 27 2008 18 04 56 UTC 15 4W 51 6V 17 01 27 2008 18 03 56 UTC 15 4W 51 6V 18 01 27 2008 18 02 56 UTC 15 4W 51 6V 19 01 27 2008 18 01 56 UTC 15 4W 51 6V 20 01 27 2008 18 00 56 UTC 15 4W 51 6V 21 01 27 2008 17 59 56 UTC 15 4W 51 6V 22 01 27 2008 17 58 56 UTC 15 4W 51 6V 23...

Page 3444: ...Copyright 2010 Juniper Networks Inc 3348 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 3445: ...51 Example of MPLS Configuration on page 3365 Configuring MPLS on page 3391 Verifying MPLS on page 3409 Configuration Statements for MPLS on page 3415 Operational Mode Commands for MPLS on page 3433 3349 Copyright 2010 Juniper Networks Inc ...

Page 3446: ...Copyright 2010 Juniper Networks Inc 3350 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 3447: ...twork MPLS services can be used to connect various sites to a backbone network and to ensure better performance for low latency applications such as VoIP and other business critical functions Junos MPLS for EX Series switches supports Layer 2 protocols Layer 2 VPNs RSVP based label switched paths LSPs MPLS based circuits cross connect CCCs IP over MPLS Class of service CoS NOTE MPLS configurations...

Page 3448: ...chitecture Traffic engineering provides the capabilities to do the following Route primary paths around known bottlenecks or points of congestion in the network Provide precise control over how traffic is rerouted when the primary path is faced with single or multiple failures Provide efficient use of available aggregate bandwidth and long haul fiber by ensuring that certain subsets of the network...

Page 3449: ...l receives an IP packet analyzes it and pushes an MPLS label onto it This label places the packet in a forwarding equivalence class FEC and determines its handling and destination through the MPLS tunnel The egress provider edge switch the exit point from the MPLS tunnel pops the MPLS label off the outgoing packet MPLS traffic is bidirectional Therefore each PE switch can be configured as both an ...

Page 3450: ...atic route from the ingress PE switch to the egress PE switch See Configuring MPLS on Provider Edge Switches Using IP Over MPLS CLI Procedure on page 3401 for additional information Provider Switch You must configure one or more provider switches as transit switches within the network to support the forwarding of MPLS packets You can add provider switches without changing the configuration of the ...

Page 3451: ...aces of both the provider edge and provider switches You do not need to apply it to the loopback interface because the MPLS protocol uses the framework established by the RSVP session to create LSPs On the provider edge switches the configuration of the MPLS protocol must also include the definition of an LSP RSVP Resource Reservation Protocol RSVP is a signaling protocol that allocates and distri...

Page 3452: ...351 Understanding MPLS and Path Protection on EX Series Switches on page 3357 Example Configuring MPLS on EX Series Switches on page 3365 Configuring MPLS on Provider Edge Switches Using Circuit Cross Connect CLI Procedure on page 3405 Configuring MPLS on Provider Edge Switches Using IP Over MPLS CLI Procedure on page 3401 Configuring MPLS on Provider Switches CLI Procedure on page 3396 Junos OS M...

Page 3453: ...affic from the failed path to the new path This rerouting process can be time consuming and prone to failure For example the outage signals to the ingress switch might get lost or the new path might take too long to come up resulting in significant packet drops You can configure path protection by configuring primary and secondary paths on the ingress switch If the primary path fails the ingress s...

Page 3454: ...stom You do not bind the EXP classifier or the EXP rewrite rule to individual interfaces The switch automatically and implicitly applies the default or the custom EXP classifier and the default or the custom EXP rewrite rule to the appropriate MPLS enabled interfaces Because rewrite rules affect only egress interfaces the switch applies the EXP rewrite rule only to those MPLS interfaces that are t...

Page 3455: ...ace but it is not required You can configure one interface as DSCP1 and another as DSCP2 and another and IP precedence and so forth Default Classifiers and Default Rewrite Rules The default classifiers support only two forwarding classes best effort and network control and use only two queues 0 and 7 However EX Series switches support up to sixteen forwarding classes and eight queues To use the ad...

Page 3456: ...he other CoS configurations on EX Series switches Default schedulers are provided for best effort and network control forwarding classes If you are using assured forwarding expedited forwarding or other custom forwarding classes we recommend that you configure a scheduler to support that forwarding class See Understanding CoS Schedulers on page 3160 Related Documentation JUNOS MPLS for EX Series S...

Page 3457: ...abel forwarding table They then replace the old label with a new label and forward the packet to the next switch in the path When the packet reaches the egress PE switch the label is removed and the packet again becomes a native IP packet and is again forwarded based on its IP routing information MPLS Label Switched Paths and MPLS Labels on EX Series Switches on page 3361 Reserved Labels on page 3...

Page 3458: ...no label stacking It indicates that the label must be popped on receipt 3 Implicit Null label This label is used in the control protocol RSVP only to request label popping by the downstream switch It never actually appears in the encapsulation Labels with a value of 3 must not be used in the data packet as real labels No payload type IPv4 or IPv6 is implied with this label MPLS Label Operations on...

Page 3459: ...ce ge 0 0 7 removes the MPLS label and sends the IP packet out of its customer edge interface ge 0 0 1 to a destination that is beyond the scope of the tunnel Figure 84 MPLS Label Swapping Figure 84 on page 3363 shows the path of a packet as it passes in one direction from the ingress PE switch to the egress PE switch However the MPLS configuration also allows traffic to travel in the reverse dire...

Page 3460: ...Provider Edge Switches Using IP Over MPLS CLI Procedure on page 3401 Configuring MPLS on Provider Switches CLI Procedure on page 3396 Junos OS MPLS Applications Configuration Guide at http www juniper net techpubs software junos junos101 index html Junos OS VPNs Configuration Guide at http www juniper net techpubs software junos junos101 index html Copyright 2010 Juniper Networks Inc 3364 Complete...

Page 3461: ...e MPLS network as either circuit cross connect CCC or IP family inet interfaces This example shows how to configure an MPLS tunnel using a CCC For information on configuring MPLS with an IP interface see Configuring MPLS on Provider Edge Switches Using IP Over MPLS CLI Procedure on page 3401 Requirements on page 3365 Overview and Topology on page 3366 Configuring the Local PE Switch on page 3369 C...

Page 3462: ...e PE switch and the provider switch are aggregated Ethernet interfaces NOTE Core interfaces cannot be tagged VLAN interfaces Core interfaces can be aggregated ethernet interfaces This example includes a LAG between the provider switch and the remote PE switch because this type of configuration is another option you can implement For information on configuring LAGs see Configuring Aggregated Ethern...

Page 3463: ...ocol The statement must specify the loopback address and the core interfaces that will be used for the RSVP session rsvp RSVP protocol The logical units of the core interfaces are configured to belong to both family inet and family mpls The logical unit of the customer edge interface is configured to belong to family ccc family inet family mpls family ccc Interface family Interface that connects t...

Page 3464: ...ch is using the RSVP protocol The statement must specify the loopback address and the core interfaces that will be used for the RSVP session rsvp RSVP protocol The logical unit of the core interface is configured to belong to both family inet and family mpls The logical unit of the customer edge interface is configured to belong to family ccc family inet family mpls family ccc Interface family Int...

Page 3465: ... the RSVP session rsvp RSVP protocol The logical units for the loopback interface and core interfaces belong to family inet The logical units of the core interfaces are also configured to belong to family mpls family inet family mpls Interface family Interfaces that connect the provider switch P to PE 1 Aggregated Ethernet interface on P that connects to aggregated Ethernet interface ae0 of PE 2 g...

Page 3466: ...rface ge 0 0 5 0 user switchPE 1 set ospf area 0 0 0 0 interface ge 0 0 6 0 3 Configure MPLS on the local switch with a label switched path to the remote egress PE switch edit protocols user switchPE 1 set mpls label switched path lsp_to_pe2_ge1 to 127 1 1 3 4 Configure MPLS on the core interfaces edit protocols user switchPE 1 set mpls interface ge 0 0 5 0 user switchPE 1 set mpls interface ge 0 ...

Page 3467: ...switch ge 1 to pe2 transmit lsp lsp_to_pe2_ge1 user PE 1 set connections remote interface switch ge 1 to pe2 receive lsp lsp_to_pe1_ge1 Results Display the results of the configuration user switchPE 1 show configuration interfaces ge 0 0 1 unit 0 family ccc ge 0 0 5 unit 0 family inet address 10 1 5 1 24 family mpls ge 0 0 6 unit 0 family inet address 10 1 6 1 24 family mpls lo0 unit 0 family inet...

Page 3468: ...terfaces lo0 unit 0 family inet address 127 1 1 3 32 set interfaces ae0 unit 0 family inet address 10 1 9 2 24 set interfaces ae0 unit 0 family mpls set interfaces ge 0 0 1 unit 0 family ccc set protocols connections remote interface switch ge 1 to pe1 interface ge 0 0 1 0 set protocols connections remote interface switch ge 1 to pe1 transmit lsp lsp_to_pe1_ge1 set protocols connections remote int...

Page 3469: ...terface edit user switchPE 2 set interfaces ae0 unit 0 family mpls 8 Configure the logical unit of the customer edge interface as a CCC edit interfaces ge 0 0 1 unit 0 user PE 2 set family ccc 9 Configure the interface based CCC from PE 2 to PE 1 edit protocols user PE 2 setconnectionsremote interface switchge 1 to pe2interfacege 0 0 1 0 user PE 2 set connections remote interface switch ge 1 to pe...

Page 3470: ... area 0 0 0 0 interface ge 0 0 6 0 set protocols ospf area 0 0 0 0 interface ae0 set protocols mpls interface ge 0 0 5 0 set protocols mpls interface ge 0 0 6 0 set protocols mpls interface ae0 set protocols rsvp interface lo0 0 set protocols rsvp interface ge 0 0 5 0 set protocols rsvp interface ge 0 0 6 0 set protocols rsvp interface ae0 set interfaces lo0 unit 0 family inet address 127 1 1 2 32...

Page 3471: ...ge 0 0 5 user switchP set rsvp interface ge 0 0 6 user switchP set rsvp interface ae0 5 Configure IP addresses for the loopback and core interfaces edit user switchP set interfaces lo0 unit 0 family inet address 127 1 1 2 32 user switchP set interfaces ge 0 0 5 unit 0 family inet address 10 1 5 1 24 user switchP set interfaces ge 0 0 6 unit 0 family inet address 10 1 6 1 24 user switchP set interf...

Page 3472: ...ce ge 0 0 6 0 interface ae0 0 Verification To confirm that the configuration is working properly perform these tasks Verifying the Physical Layer on the Switches on page 3377 Verifying the Routing Protocol on page 3377 Verifying the Core Interfaces Being Used for the MPLS Traffic on page 3377 Verifying RSVP on page 3378 Verifying the Assignment of Interfaces for MPLS Label Operations on page 3378 ...

Page 3473: ... configured as both inet and mpls The Local column for the core interfaces shows the IP address configured for these interfaces Verifying the Routing Protocol Purpose Verify the state of the configured routing protocol Perform this verification task on each of the switches The state must be Full Action user switchPE 1 show ospf neighbor Address Interface State ID Pri Dead 127 1 1 2 ge 0 0 5 Full 1...

Page 3474: ...g of the CCC and which interface is being used to push the MPLS packet to the next hop Perform this task only on the PE switches Action user switchPE 1 show route forwarding table family mpls MPLS Destination Type RtRef Next hop Type Index NhRef Netif default perm 0 dscd 50 1 0 user 0 recv 49 3 1 user 0 recv 49 3 2 user 0 recv 49 3 299776 user 0 Pop 541 2 ge 0 0 1 0 ge 0 0 1 0 CCC user 0 2 0 0 1 P...

Page 3475: ... Over MPLS CLI Procedure on page 3401 Configuring MPLS on Provider Switches CLI Procedure on page 3396 JUNOS MPLS for EX Series Switches Overview on page 3351 For information on the interface statement for OSPF see the Junos OS Routing Protocols Configuration Guide at http www juniper net techpubs software junos junos101 index html Example Combining CoS with MPLS on EX Series Switches You can use ...

Page 3476: ...xample describes adding custom classifiers and custom rewrite rules to switches in an MPLS network that is using MPLS over CCC It is a unidirectional configuration Therefore you need to configure custom classifiers and custom rewrite rules as follows On the ingress PE switch custom DSCP classifier and custom EXP rewrite rule On the egress PE switch custom EXP classifier On the provider switch cust...

Page 3477: ...ng filter mypolicer filter myfilter Policing filter configured and applied to the LSP Specifies the name of the custom DSCP classifier dscp1 Custom DSCP classifier Name of the custom EXP rewrite rule e1 Custom EXP rewrite rule Interface that receives packets from devices outside the network The custom DSCP classifier must be specified on this CCC interface ge 0 0 1 0 Customer edge interface Interf...

Page 3478: ... by default on the switch and applied implicitly to these interfaces ge 0 0 5 0 and ge 0 0 6 0 Core interfaces receiving packets from other MPLS switches Interfaces that transmit packets to the egress PE PE 2 The EXP rewrite rule is applied implicitly on these interfaces Schedulers can also be specified and will be applied to these interfaces ge 0 0 7 0 and ge 0 0 8 0 Core interfaces transmitting ...

Page 3479: ...es exp e1 forwarding class expedited forwarding loss priority low code point 111 4 Bind the DSCP classifier to the CCC interface edit user switch set class of service interfaces ge 0 0 1 unit 0 classifier dscp1 5 Specify the number of bits per second permitted on average for the firewall policer which will later be applied to the LSP edit firewall set policer mypolicer if exceeding bandwidth limit...

Page 3480: ... exceeding bandwidth limit 500m burst size limit 33553920 then discard Configuring the Remote PE Switch CLI Quick Configuration To quickly configure a custom EXP classifier on the remote PE switch copy the following commands and paste them into the switch terminal window of PE 2 edit set class of service classifiers exp exp1 import default set class of service classifiers exp exp1 forwarding class...

Page 3481: ...opy the following commands and paste them into the switch terminal window of the provider switch edit set class of service classifiers exp exp1 import default set class of service classifiers exp exp1 forwarding class expedited forwarding loss priority low code points 010 set class of service rewrite rules exp e1 forwarding class expedited forwarding loss priority low code point 111 Step by Step P...

Page 3482: ...to the Right Queue on page 3386 Verifying the CoS Forwarding Table Mapping on page 3389 Verifying the Rewrite Rules on page 3390 Verifying That the Policer Firewall Filter Is Operational Purpose Verify the operational state of the policer that is configured on the ingress PE switch Action user switch show firewall Filter myfilter Policers Name Packets mypolicer t1 0 Meaning This output shows that ...

Page 3483: ...0 0 25 011001 0 0 26 011010 0 0 27 011011 0 0 28 011100 0 0 29 011101 0 0 30 011110 0 0 31 011111 0 0 32 100000 0 0 33 100001 0 0 34 100010 0 0 35 100011 0 0 36 100100 0 0 37 100101 0 0 38 100110 0 0 39 100111 0 0 40 101000 0 0 41 101001 0 0 42 101010 0 0 43 101011 0 0 44 101100 0 0 45 101101 0 0 46 101110 0 0 47 101111 0 0 48 110000 3 0 49 110001 3 0 50 110010 3 0 51 110011 3 0 52 110100 3 0 53 1...

Page 3484: ...ries 8 Table type Untrust Entry Code point Forwarding class PLP 0 000 0 0 1 001 0 0 2 010 0 0 3 011 0 0 4 100 0 0 5 101 0 0 6 110 0 0 7 111 0 0 Classifier table index 9346 entries 64 Table type DSCP Entry Code point Forwarding class PLP 0 000000 0 0 1 000001 0 0 2 000010 0 0 3 000011 0 0 4 000100 0 0 5 000101 0 0 6 000110 0 0 7 000111 1 0 8 001000 0 0 9 001001 0 0 10 001010 0 0 11 001011 0 0 12 00...

Page 3485: ... 3 0 54 110110 3 0 55 110111 3 0 56 111000 3 0 57 111001 3 0 58 111010 3 0 59 111011 3 0 60 111100 3 0 61 111101 3 0 62 111110 3 0 63 111111 3 0 Meaning This output shows that a new DSCP classifier has been created index 9346 on the ingress PE switch PE 1 Verifying the CoS Forwarding Table Mapping Purpose For each logical interface display either the table index of the classifier for a given code ...

Page 3486: ... Enabled 011 Enabled 2 100 Enabled 101 Enabled 3 110 Enabled 111 Enabled Rewrite table index 35 entries 4 Table type IPv4 precedence FC Low bits State High bits State 0 000 Enabled 000 Enabled 1 101 Enabled 101 Enabled 2 001 Enabled 001 Enabled 3 110 Enabled 111 Enabled Rewrite table index 9281 entries 1 Table type EXP FC Low bits State High bits State 1 111 Enabled 000 Disabled Meaning This outpu...

Page 3487: ...hanism for protecting against label switched path LSP failures Path protection reduces the time required to recalculate a route in case of a failure within the MPLS tunnel You configure path protection on the ingress provider edge switch in your MPLS network You do not configure the egress provider edge switch or the provider switches for path protection You can explicitly specify which provider s...

Page 3488: ...rovider edge switch 1 Configuring the Primary Path on page 3393 2 Configuring the Secondary Path on page 3393 3 Configuring the Revert Timer on page 3394 Copyright 2010 Juniper Networks Inc 3392 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 3489: ...abel switched path lsp_to_240 to 127 0 0 8 user switch set primary primary_path_lsp_to_240 2 Configure an explicit route for the primary path by specifying the IP address of the loopback interface or the switch IP address or hostname of each switch used in the MPLS tunnel You can specify the link types as either strict or loose in each path statement If the link type is strict the LSP must go to t...

Page 3490: ...er switch set secondary secondary_path_lsp_to_240 standby 2 Configure an explicit route for the secondary path by specifying the IP address of the loopback interface or the switch IP address or hostname of each switch used in the MPLS tunnel You can specify the link types as either strict or loose in each path statement This configuration uses the default strict designation for the paths TIP Do no...

Page 3491: ...problems during this time the timer is restarted TIP If you do not explicitly configure the revert timer it is set by default to 60 seconds To configure the revert timer for LSPs configured with primary and secondary paths For all LSPs on the switch edit protocols mpls user switch set revert timer 120 For a specific LSP on the switch edit protocols mpls label switched path user switch set lsp_to_2...

Page 3492: ...e provider switch complete the following tasks 1 Enable the routing protocol OSPF or IS IS on the loopback interface and on the core interfaces NOTE You can use the switch address as an alternative to the loopback interface edit protocols user switch set ospf area 0 0 0 0 interface lo0 0 user switch set ospf area 0 0 0 0 interface ge 0 0 5 0 user switch set ospf area 0 0 0 0 interface ge 0 0 6 0 u...

Page 3493: ...switch set interfaces ge 0 0 6 unit 0 family mpls user switch set interfaces ae0 unit 0 family mpls NOTE You can enable family mpls on either individual interfaces or aggregated Ethernet interfaces You cannot enable it on tagged VLAN interfaces Related Documentation Example Configuring MPLS on EX Series Switches on page 3365 Configuring MPLS on Provider Edge Switches Using Circuit Cross Connect CL...

Page 3494: ...ng class to this custom DSCP classifier specifying a loss priority and code point edit class of service user switch set classifiers dscp dscp1 forwarding class expedited forwarding loss priority low code points 000111 3 Specify the values for the custom EXP rewrite rule e1 edit class of service user switch set rewrite rules exp e1 forwarding class expedited forwarding loss priority low code point ...

Page 3495: ... If you are using MPLS with CCC you can use only one type of DSCP IP precedence and only one type of IEEE 802 1p on the CCC interfaces This procedure creates a custom DSCP classifier and a custom EXP rewrite rule on the ingress PE It also enables a policer on the label switched path LSP of the ingress PE to ensure that the amount of traffic forwarded through the LSP never exceeds the requested ban...

Page 3496: ...ce the policer configure a filter term that includes the policer action edit firewall user switch set family any filter myfilter term t1 then policer mypolicer 9 Apply the filter to the LSP edit protocols mpls set label switched path lsp_to_pe2_ge1 policing filter myfilter NOTE You can also configure schedulers and shapers as needed See Defining CoS Schedulers CLI Procedure on page 3209 Related Do...

Page 3497: ...ser switch set rewrite rules exp e1 forwarding class expedited forwarding loss priority low code point 111 NOTE You can also configure schedulers and shapers as needed See Defining CoS Schedulers CLI Procedure on page 3209 Related Documentation Example Configuring CoS on EX Series Switches on page 3173 Configuring MPLS on Provider Edge Switches Using IP Over MPLS CLI Procedure You can configure MP...

Page 3498: ...back interface and for the core interfaces edit user switch set interfaces lo0 unit 0 family inet address 100 100 100 100 32 user switch set interfaces ge 0 0 5 unit 0 family inet address 10 1 5 1 24 user switch set interfaces ge 0 0 6 unit 0 family inet address 10 1 6 1 24 4 Configure MPLS on the core interfaces edit protocols user switch set mpls interface ge 0 0 5 0 user switch set mpls interfa...

Page 3499: ...the egress PE switch 1 Configure OSPF or IS IS on the loopback interface or switch address and core interfaces edit protocols user switch set ospf area 0 0 0 0 interface lo0 0 user switch set ospf area 0 0 0 0 interface ge 0 0 5 0 user switch set ospf area 0 0 0 0 interface ge 0 0 6 0 2 Enable traffic engineering for the routing protocol edit protocols user switch set ospf traffic engineering 3 Co...

Page 3500: ...9 to 100 100 100 100 10 Disable constrained path LSP computation for this LSP edit protocols mpls user switch set label switched path ip_lsp29_javae no cspf 11 Configure a static route from the ingress PE switch to the egress PE switch thereby indicating to the routing protocol that the packets will be forwarded over the MPLS LSP that has been set up to that destination edit user switch set routin...

Page 3501: ...nterface can be either a simple interface or a tagged VLAN interface In both cases you configure the logical unit of the customer edge interface to belong to family ccc and you must configure an association between that interface and two label switched paths LSPs one for transmitting MPLS packets to the remote PE and the other for receiving MPLS packets from the remote PE The following guidelines ...

Page 3502: ...ls label switched path lsp_to_pe2_ge1 to 127 1 1 3 TIP lsp_to_pe2_ge1 is the LSP name You will need to use the specified name again when configuring the CCC 5 Configure MPLS on the core interfaces edit protocols user switch set mpls interface ge 0 0 5 0 user switch set mpls interface ge 0 0 6 0 user switch set mpls interface ae0 6 Configure RSVP on the loopback interface and the core interfaces ed...

Page 3503: ...facege 0 0 1 0 user switch set connections remote interface switch ge 1 to pe2 transmit lsp lsp_to_pe2_ge1 user switch set connections remote interface switch ge 1 to pe2 receive lsp lsp_to_pe1_ge1 edit protocols user switch set connections remote interface switch ge 1 to pe2 interface ge 0 0 2 1 user switch set connections remote interface switch ge 1 to pe2 transmit lsp lsp_to_pe2_ge1 user switc...

Page 3504: ...ring an OSPF Network J Web Procedure on page 1681 Verifying That MPLS Is Working Correctly on page 3409 Understanding JUNOS MPLS Components for EX Series Switches on page 3353 Copyright 2010 Juniper Networks Inc 3408 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 3505: ...Verifying the Physical Layer on the Switches Purpose Verify that the interfaces are up Perform this verification task on each of the switches Action user switch show interfaces ge terse Interface Admin Link Proto Local Remote ge 0 0 0 up up ge 0 0 0 0 up up ge 0 0 1 0 up up ccc ge 0 0 2 0 up up ccc ge 0 0 3 0 up up eth switch ge 0 0 4 0 up up eth switch ge 0 0 5 0 up up inet 10 1 5 1 24 mpls ge 0 ...

Page 3506: ...t shows that the state is full meaning that the routing protocol is operating correctly that is hello packets are being exchanged between directly connected neighbors For additional information on checking and monitoring routing protocols see the Junos OS Routing Protocols and Policies Command Reference at http www juniper net techpubs software junos index html Verifying the Core Interfaces Being ...

Page 3507: ...ut shows that CCC has been set up on interface ge 0 0 1 0 The switch receives ingress traffic on ge 0 0 1 0 with label 299776 It pops that label and swaps it to label 299792 which it pushes out on interface ge 0 0 5 0 Verifying the Status of the CCC Purpose Verify the status of the CCC You should perform this task only on the provider edge switches Action user switch show connections CCC and TCC c...

Page 3508: ...path_lsp_to_240 primary LoadBalance Random Encoding type Packet Switching type Packet GPID IPv4 Primary primary_path_lsp_to_240 State Up Priorities 7 0 SmartOptimizeTimer 180 Exclude red Computed ERO S L denotes strict loose hops CSPF metric 2 10 3 3 2 S 10 3 4 2 S Received RRO ProtectionFlag 1 Available 2 InUse 4 B W 8 Node 10 SoftPreempt 20 Node ID 10 3 3 2 10 3 4 2 6 Mar 11 23 58 01 684 Selecte...

Page 3509: ...t RSVP is enabled and operational on interface ge 0 0 20 0 Verifying a Secondary Path Purpose Verify that a secondary path is established Action Deactivate a switch that is critical to the primary path and then issue the following command user switch show mpls lsp extensive Ingress LSP 1 sessions 127 0 0 8 From 127 0 0 1 State Up ActiveRoute 0 LSPname lsp_to_240 ActivePath secondary_path_lsp_to_24...

Page 3510: ...omputation result accepted 127 0 0 20 127 0 0 40 27 Mar 4 15 28 35 852 CSPF failed no route toward 127 0 0 11 132 times 26 Mar 4 14 25 12 113 Clear Call CSPF computation failed 25 Mar 4 14 25 12 113 CSPF link down deleted 0 0 0 0 127 0 0 20 0 127 0 0 20 0 0 0 0 10 10 10 10 0 10 10 10 10 Standby secondary_path_lsp_to_240 State Up Priorities 7 0 SmartOptimizeTimer 180 Computed ERO S L denotes strict...

Page 3511: ... name interface all interface names disable guest vlan vlan id vlan name mac radius restrict maximum requests number no reauthentication quiet period seconds reauthentication interval seconds retries number server fail deny permit use cache vlan id vlan name server reject vlan vlan id vlan name server timeout seconds supplicant multiple single single secure supplicant timeout seconds transmit peri...

Page 3512: ...oup ip address proxy query interval seconds query last member interval seconds query response interval seconds robust count number lldp disable advertisement interval seconds hold multiplier number interface all interface name disable lldp configuration notification interval seconds management address ip management address ptopo configuration maximum hold time seconds ptopo configuration trap inte...

Page 3513: ...ame strict loose mstp disable bpdu block on edge bridge priority priority configuration name name forward delay seconds hello time seconds interface all interface name disable bpdu timeout action block alarm cost cost edge mode mode no root port priority priority max age seconds max hops hops msti msti id vlan vlan id vlan name interface interface name disable cost cost edge mode mode priority pri...

Page 3514: ... fault management action profile profile name default actions interface down linktrace age 30m 10m 1m 30s 10s path database size path database size maintenance domain domain name level number mip half function none default explicit name format character string none dns mac 2oct maintenance association ma name continuity check hold interval minutes interval 10m 10s 1m 1s 100ms loss threshold number...

Page 3515: ...mote loopback event thresholds frame errorcount frame period count frame period summary count symbol period count negotiation options allow remote loopback no allow link events rstp disable bpdu block on edge bridge priority priority forward delay seconds hello time seconds interface all interface name disable bpdu timeout action block alarm cost cost edge mode mode no root port priority priority ...

Page 3516: ... interface all interface name disable bpdu timeout action block alarm cost cost edge mode mode no root port priority priority max age seconds traceoptions file filename files number size size no stamp world readable no world readable flag flag vstp bpdu block on edge disable force version stp vlan all vlan id vlan name bridge priority priority forward delay seconds hello time seconds interface all...

Page 3517: ...nderstanding 802 1X and LLDP and LLDP MED on EX Series Switches on page 2540 Understanding MSTP for EX Series Switches on page 1521 Understanding Multiple VLAN Registration Protocol MVRP on EX Series Switches on page 1296 Understanding Ethernet OAM Connectivity Fault Management for an EX Series Switch on page 3763 Understanding Ethernet OAM Link Fault Management for an EX Series Switch on page 372...

Page 3518: ...ion The remaining statements are explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Configuring MPLS on EX Series Switches on page 3365 Configuring MPLS on Provider Edge Switches CLI Procedure Junos OS MPLS Applications Configuration Guide at http www juniper net ...

Page 3519: ...switch You cannot bind it to an individual interface and you cannot disable it Options classifier name Name of the classifier The remaining statements are explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Understanding Using CoS with MPLS Networks on EX Series Switches o...

Page 3520: ...ame of an interface Aggregated Ethernet aex Gigabit Ethernet ge fpc pic port Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Configuring MPLS on EX Series Switches on page 3365 Configuring MPLS on Provider Edge Switches CLI Procedure Configuring MPLS on Provider Switches CLI Proced...

Page 3521: ...ts periods and hyphens To include other characters enclose the name in quotation marks The name must be unique on the ingress switch remote provider edge switch Either the loopback address or the switch address Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Configuring MPLS on EX ...

Page 3522: ...bled Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Configuring MPLS on EX Series Switches on page 3365 Configuring MPLS on Provider Edge Switches CLI Procedure Configuring MPLS on Provider Switches CLI Procedure on page 3396 Junos OS MPLS Applications Configuration Guide at http ...

Page 3523: ...long the path until reaching the egress provider edge switch Default If you do not specify the addresses or hostnames of any switches the LSP is calculated by the switch hostname Optional See address Default If you do not specify the addresses or hostnames of any switches the LSP is calculated by the switch loose Optional Indicates that the next address in the path statement is a loose link This m...

Page 3524: ...ers to Control Traffic Rates CLI Procedure on page 3073 Configuring CoS on MPLS Provider Edge Switch Using Circuit Cross Connect CLI Procedure on page 3223 Configuring CoS on MPLS Provider Edge Switch Using IP Over MPLS CLI Procedure on page 3222 primary Syntax primary path name Hierarchy Level edit protocols mpls label switched path lsp name Release Information Statement introduced in Junos OS Re...

Page 3525: ...e name which corresponds to the logical unit number of the CCC interface receive lsp label switched path Name of the LSP from the connection s source This LSP name was specified by the label switched path statement on the remote provider edge switch in the protocols mpls stanza transmit lsp label switched path Name of the LSP to the connection s destination This LSP name was specified by the label...

Page 3526: ...ave configured a value of 0 seconds for the revert timer statement and traffic is switched to the secondary path the traffic remains on that path indefinitely It is never switched back to the primary path unless you intervene Default 60 seconds Options seconds Value in seconds Range 0 through 65 535 seconds Required Privilege Level routing To view this statement in the configuration routing contro...

Page 3527: ...n Guide at http www juniper net techpubs software junos junos95 index html secondary Syntax secondary path name standby Hierarchy Level edit protocols mpls label switched path lsp name Release Information Statement introduced in Junos OS Release 9 5 for EX Series switches Description Specify one or more secondary paths to use for the label switched path LSP You can configure more than one secondar...

Page 3528: ...Information Statement introduced in Junos OS Release 9 5 for EX Series switches Description Enable the traffic engineering features of the specified routing protocol Default Traffic engineering is disabled Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Configuring MPLS on EX Serie...

Page 3529: ...CHAPTER 126 Operational Mode Commands for MPLS 3433 Copyright 2010 Juniper Networks Inc ...

Page 3530: ...ns none Reset and restart all LSPs that originated from this routing device that is all LSPs for which this routing device is the ingress routing device Depending on the number of LSPs involved it might take a while to restart all the LSPs autobandwidth Optional Clear LSP autobandwidth counters logical system all logical system name Optional Perform this operation on all logical systems or on a pa...

Page 3531: ... page 3515 List of Sample Output clear mpls lsp on page 3435 Output Fields When you enter this command you are provided feedback on the status of your request clear mpls lsp user host clear mpls lsp clear mpls lsp 3435 Copyright 2010 Juniper Networks Inc Chapter 126 Operational Mode Commands for MPLS ...

Page 3532: ...nection destination address Optional Destination address for GMPLS and MPLS LSPs from the RSVP sender template gracefully Optional Gracefully reset an RSVP session for a nonpacket LSP in two passes In the first pass the Admin Status object is signaled along the path to the other endpoint of the RSVP session In the second pass the path used by the RSVP session is torn down This option can only be u...

Page 3533: ...515 List of Sample Output clear rsvp session on page 3437 Output Fields When you enter this command you are provided feedback on the status of your request clear rsvp session user host clear rsvp session clear rsvp session 3437 Copyright 2010 Juniper Networks Inc Chapter 126 Operational Mode Commands for MPLS ...

Page 3534: ... error statistics logical system all logical system name Optional Perform this operation on all logical systems or on a particular logical system Required Privilege Level clear Related Documentation show rsvp statistics on page 3523 List of Sample Output clear rsvp statistics on page 3438 Output Fields When you enter this command you are provided feedback on the status of your request clear rsvp s...

Page 3535: ...cho requests sent and received exp forwarding class Optional Value of the forwarding class for the MPLS ping packets interface interface name Ping an interface configured for the Layer 2 circuit on the egress provider edge PE router logical system all logical system name Optional Perform this operation on all logical systems or on the specified logical system size bytes Optional Size of the label ...

Page 3536: ... mpls l2circuit virtual circuit detail on page 3440 Output Fields When you enter this command you are provided feedback on the status of your request An exclamation point indicates that an echo reply was received A period indicates that an echo reply was not received within the timeout period An x indicates that an echo reply was received with an error code Packets with an error code are not count...

Page 3537: ... can be anything within the 127 8 subnet detail Optional Display detailed information about the echo requests sent and received exp forwarding class Optional Value of the forwarding class for the MPLS ping packets instance instance name local site id local site id number remote site id remote site id number Ping a combination of the Layer 2 VPN routing instance name the local site identifier and t...

Page 3538: ...t An exclamation point indicates that an echo reply was received A period indicates that an echo reply was not received within the timeout period An x indicates that an echo reply was received with an error code these packets are not counted in the received packets count They are accounted for separately ping mpls l2vpn instance user host ping mpls l2vpn instance vpn1 remote site id 1 local site i...

Page 3539: ...o requests The address can be anything within the 127 8 subnet detail Optional Display detailed information about the echo requests sent and received exp forwarding class Optional Value of the forwarding class for the MPLS ping packets l3vpn name Optional Layer 3 VPN name logical system all logical system name Optional Perform this operation on all logical systems or on the specified logical syste...

Page 3540: ...status of your request An exclamation point indicates that an echo reply was received A period indicates that an echo reply was not received within the timeout period An x indicates that an echo reply was received with an error code these packets are not counted in the received packets count They are accounted for separately ping mpls l3vpn user host ping mpls l3vpn vpn1 prefix 10 255 245 122 32 l...

Page 3541: ...mation about the echo requests sent and received exp forwarding class Optional Value of the forwarding class for the MPLS ping packets fec Ping an LDP signaled LSP using the forwarding equivalence class FEC prefix and length instance routing instance name Optional Allows you to ping a combination of the routing instance and forwarding equivalence class FEC associated with an LSP logical system all...

Page 3542: ...from System B to System A is 500 bytes and the ping request packet size is 1000 bytes the echo response is dropped because the PAD TLV is included in the echo response making it too large Required Privilege Level network List of Sample Output ping mpls ldp fec count on page 3446 Output Fields When you enter this command you are provided feedback on the status of your request An exclamation point i...

Page 3543: ...ional Display detailed information about the echo requests sent and received exp forwarding class Optional Value of the forwarding class for the MPLS ping packets instance routing instance name Optional Ping a combination of the routing instance and forwarding equivalence class FEC associated with an LSP connection logical system all logical system name Optional Perform this operation on all logic...

Page 3544: ... An exclamation point indicates that an echo reply was received A period indicates that an echo reply was not received within the timeout period An x indicates that an echo reply was received with an error code these packets are not counted in the received packets count They are accounted for separately ping mpls lsp end point detail user host ping mpls lsp end point 10 255 245 119 detail Route to...

Page 3545: ...terrupt a ping mpls command Options count count Optional Number of ping requests to send If count is not specified five ping requests are sent The range of values is 1 through 1 000 000 The default value is 5 destination address Optional Specify an address other than the default 127 0 0 1 32 for the ping echo requests The address can be anything within the 127 8 subnet detail Optional Display deta...

Page 3546: ...tional IP address of the outgoing interface This address is sent in the IP source address field of the ping request If this option is not specified the default address is usually the loopback interface standby standby path name Optional Name of the standby path sweep Optional Automatically determine the size of the maximum transmission unit MTU AdditionalInformation If the LSP changes the label an...

Page 3547: ...nt 1 Request for seq 1 to interface 70 label 299952 Request for seq 1 to interface 70 no label stack Request for seq 1 to interface 67 no label stack Reply for seq 1 egress 192 168 1 3 return code Egress ok time 0 242 ms Local transmit time 1205310695s 215737us Remote receive time 1205310695s 215979us lsping egress 192 168 1 3 statistics 1 packets transmitted 1 packets received 0 packet loss ping ...

Page 3548: ...turn code Egress ok time 37 545 ms Local transmit time 2009 04 24 14 05 45 CEST 549 953 ms Remote receive time 2009 04 24 14 05 45 CEST 512 408 ms Request for seq 5 to interface 86 no label stack packet size 3952 Reply for seq 5 return code Egress ok time 37 176 ms Local transmit time 2009 04 24 14 05 46 CEST 555 881 ms Remote receive time 2009 04 24 14 05 46 CEST 518 705 ms Request for seq 6 to i...

Page 3549: ...emote receive time 2009 04 24 14 06 00 CEST 557 941 ms Request for seq 14 to interface 86 no label stack packet size 4476 Timeout for seq 14 Request for seq 15 to interface 86 no label stack packet size 4472 Timeout for seq 15 lsp ping sweep result Maximum Transmission Unit MTU is 4468 bytes 3453 Copyright 2010 Juniper Networks Inc Chapter 126 Operational Mode Commands for MPLS ...

Page 3550: ...tion adjustment on the specified LSP only AdditionalInformation For this command to work properly the following conditions must exist Automatic bandwidth allocation must be enabled on the LSP The parameters for adjustment interval and maximum average bandwidth are not reset after you issue the request mpls lsp adjust autobandwidth command The difference between the adjusted bandwidth and the curre...

Page 3551: ...ptional Display all connections brief extensive Optional Display the specified level of output Use history to display information about connection history Use labels to display labels used for transmit and receive LSPs Use status to display information about the connection and interface status interface switch Optional Display interface switch connections only lsp switch Optional Display LSP switc...

Page 3552: ... output s legend for an explanation of the status field values Legend for Status St Type of connection if sw Layer 2 switching cross connect rmt if Remote interface switch While graceful restart is in progress rmt if will display a state St of Restart lsp sw LSP stitching cross connect While graceful restart is in progress lsp sw will display a state St of Restart Legend for connection types Type ...

Page 3553: ... Dn down Legend for circuit types only outbound conn is up intf interface only inbound conn is up tlsp transmit LSP Up operational rlsp receive LSP RmtDn remote CCC down Restart restarting CCC Graceful restart Restarting Connection Circuit Type St Time last up Up trans IFSW ed if sw Up Aug 5 15 39 15 1 so 1 0 2 0 intf Up t1 0 1 2 0 intf Up SW db rmt if Restart 0 so 1 0 3 0 intf Up pro4 ca tlsp Dn ...

Page 3554: ...els used for transmit and receive LSPs name Optional Display information about the specified connection only remote interface switch Optional Display remote interface switch connections only name Optional Display information about the specified connection only status Optional Display information about the connection and interface status Required Privilege Level view Related Documentation Example C...

Page 3555: ...l restart is in progress rmt if will display a state St of Restart Legend for connection types Type of circuit intf Interface circuit tlsp Transmit LSP circuit rlsp Receive LSP circuit Legend for circuit types Name of the configured CCC connection Connection Circuit Type of connection Type State of the connection St Time that the connection or circuit last transitioned to the Up operational state ...

Page 3556: ... up 300112 1 0 4097 1 1 Jan 29 13 07 54 RLSP up 299776 1 0 Jan 29 13 01 08 Remote CCC down 0 0 Jan 29 13 01 08 Interface up ge 0 0 0 10 0 0 Jan 29 13 01 06 Interface down ge 0 0 0 10 0 0 Jan 29 13 01 04 Remote CCC down 0 0 Jan 29 13 01 02 Interface down 0 0 show connections labels user switch show connections labels Connection Circuit Type St Time last up Up trans ge1 to pe2 rmt if RmtDn Jun 26 18...

Page 3557: ...connections status Connection Circuit Type St Time last up Up trans xcon10_ge0_to_239 rmt if Up Jan 29 13 07 56 1 ge 0 0 0 10 intf Up lsp_to_240_10 tlsp Up lsp_to_239_10 rlsp Up xcon11_ge0_to_239 rmt if Up Jan 29 13 07 57 1 ge 0 0 0 11 intf Up lsp_to_240_11 tlsp Up lsp_to_239_11 rlsp Up 3461 Copyright 2010 Juniper Networks Inc Chapter 126 Operational Mode Commands for MPLS ...

Page 3558: ...h they appear Table 458 show link management Output Fields Field Description Field Name Name of the peer Peer Name Internal identifier for the peer The range of values is 0 through 64 000 System identifier State of the peer Up or Down State Address to which a control channel is established Control address Identifier assigned to the control channel by the local peer The range of values is 1 through...

Page 3559: ...performed on the traffic engineered link Supported values are PSC 1 and Packet Switching Smallest single allocation of bandwidth possible on the traffic engineered link This number is equal to the smallest bandwidth interface that is a member of the traffic engineered link in bps Minimum bandwidth Largest single allocation of bandwidth possible on the traffic engineered link This number is equal t...

Page 3560: ...how link management Output Fields continued Field Description Field Name LSP name LSP name Copyright 2010 Juniper Networks Inc 3464 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 3561: ...027 1026 TE links pro4 ba TE link name pro4 ba State Init Local identifier 2662 Remote identifier 0 Encoding SDH SONET Switching PSC 1 Minimum bandwidth 155 52Mbps Maximum bandwidth 155 52Mbps Total bandwidth 155 52Mbps Available bandwidth 155 52Mbps Name State Local ID Remote ID Bandwidth Used LSP name so 1 0 2 Up 21271 0 155 52Mbps No 3465 Copyright 2010 Juniper Networks Inc Chapter 126 Operatio...

Page 3562: ...e approximate order in which they appear Table 459 show link management peer Output Fields Field Description Field Name Name of the peer Peer Name Internal identifier for the peer The range of values is 0 through 64 000 System identifier State of the peer Up or Down State Address to which a control channel is established Control address How often the routing device sends Link Management Protocol L...

Page 3563: ...orts only code value R which indicates that the control channel is restarting after a failure in the control plane as when the Link Management Protocol LMP process starts or restarts Flags Traffic engineered links that are managed by their peer TE links show link managementpeer user host show link management peer Peer name sonet System identifier 41448 State Up Control address 70 70 70 70 show lin...

Page 3564: ...ied path only Required Privilege Level view Related Documentation show link management on page 3462 show link management peer on page 3466 show link management statistics on page 3471 show link management te link on page 3473 List of Sample Output show link management routing on page 3470 Output Fields Table460onpage3468describestheoutputfieldsfortheshowlink managementrouting command Output fields...

Page 3565: ...This number is equal to the largest bandwidth interface that is a member of the link in bps Maximum bandwidth Sum of the bandwidth in bps or Mbps of all interfaces that are members of the link Total bandwidth Sum of the bandwidth in bps or Mbps of all interfaces that are members of the link and that are not yet allocated Available bandwidth Forwarding adjacency LSP information Resource Type of res...

Page 3566: ... 100Mbps Available bandwidth 100Mbps TE link name __rpd fe 0 1 2 0 State Up Local identifier 2147483650 Remote identifier 0 Local address 192 168 37 73 Remote address 192 168 37 73 Encoding Ethernet Minimum bandwidth 0bps Maximum bandwidth 100Mbps Total bandwidth 100Mbps Available bandwidth 100Mbps TE link name __rpd so 0 2 0 0 State Down Local identifier 2147483651 Remote identifier 0 Local addre...

Page 3567: ...ed in the approximate order in which they appear Table 461 show link management statistics Output Fields Field Description Field Name Number of received packets by message type If the count for a message type is zero that message type is not displayed If the count for all message types is zero this field is not displayed Received packets Number of received bad packets by message type If the count ...

Page 3568: ...Number of packets sent by message type that have been dropped by the receiver after the LMP retransmission interval has been exceeded If the count for a message type is zero that message type is not displayed If the count for all message types is zero this field is not displayed Dropped packets show link management statistics user host show link management statistics peer pro4 a Statistics for pee...

Page 3569: ... management statistics on page 3471 List of Sample Output show link management te link on page 3474 Output Fields Table 462 on page 3473 describes the output fields for the showlink managementte link command Output fields are listed in the approximate order in which they appear Table 462 show link management te link Output Fields Field Description Field Name Traffic engineered link name TE link na...

Page 3570: ...e Up or Down State Identifier of the local side of the interface Local ID Identifier of the remote side of the interface Remote ID Bandwidth in bps or Mbps of the member interface Bandwidth Whether the resource is allocated to an LSP Yes or No Used LSP name LSP name show link management te link user host show link management te link TE link name FA bd State Up Local identifier 4144 Remote identifi...

Page 3571: ... this operation on all logical systems or on a particular logical system Required Privilege Level view List of Sample Output show mpls admin groups on page 3475 Output Fields Table 463 on page 3475 describes the output fields for the show mpls admin groups command Output fields are listed in the approximate order in which they appear Table 463 show mpls admin groups Output Fields Field Description...

Page 3572: ...show mpls call admission control on page 3477 Output Fields Table464onpage3476describestheoutputfieldsfortheshowmplscall admission control command Output fields are listed in the approximate order in which they appear Table 464 show mpls call admission control Output Fields Field Description Field Name Current available bandwidth on each LSP path Depending on whether the LSP is an E LSP or a regul...

Page 3573: ...20kbps ct2 30kbps ct3 0bps Layer2 connections Neighbor address 10 255 245 215 Circuit so 0 3 0 0 vc 5 VC bandwidth ct0 50kbps ct1 40kbps ct2 40kbps LSP name pro1 be gold 2 Primary Available bandwidth ct0 0bps ct1 40kbps ct2 40kbps ct3 0bps LSP name pro1 be silver Primary prim1 Available bandwidth ct0 10kbps ct1 20kbps ct2 0bps ct3 40kbps Layer2 connections Neighbor address 10 255 245 215 Circuit s...

Page 3574: ...3478 describes the output fields for the show mpls cspf command Output fields are listed in the approximate order in which they appear Table 465 show mpls cspf Output Fields Field Description Field Name Number of LSPs queued for automatic path computation Queue length Current queue length current Maximum queue length high water mark maximum Number of aborted computation attempts dequeued Counters ...

Page 3575: ...otal Total number of CSPF computations CSPFs Average amount of time required for each CSPF computation Avg per CSPF Percentage of routing process CPU used in the CSPF computation of rpd show mpls cspf user host show mpls cspf CSPF statistics Queue length current maximum dequeued show mpls cspf 0 0 0 Paths total successful no route sys error CSPFs 0 0 0 0 0 Time secs total CSPFs avg per CSPF of rpd...

Page 3576: ...t fields are listed in the approximate order in which they appear Table 466 show mpls diffserv te Output Fields Field Description Field Name Bandwidth constraint model supported The maximum allocation model MAM forEXP inferredLSPs E LSPs iscurrentlysupported Bandwidth model DiffServ traffic engineering class TE class MPLS class type that corresponds to the DiffServ traffic engineering class ct0 Be...

Page 3577: ...onfigured with both the set protocol mpls interface interface name and set interface interface name unit 0 family mpls statements Required Privilege Level view List of Sample Output show mpls interface on page 3481 Output Fields Table 467 on page 3481 describes the output fields for the showmplsinterface command Output fields are listed in the approximate order in which they appear Table 467 show ...

Page 3578: ...g MPLS on Provider Switches CLI Procedure on page 3396 List of Sample Output show mpls interface on page 3482 Output Fields Table 468 on page 3482 describes the output fields for the showmplsinterface command Output fields are listed in the approximate order in which they appear Table 468 show mpls interface Output Fields Field Description Field Name Name of the interface Interface State of the in...

Page 3579: ...MPLS label switched paths LSPs Options none Display standard information about all configured and active dynamic MPLS LSPs brief detail extensive terse Optional Display the specified level of output The extensive option displays the same information as the detail option but covers the most recent 50 events bidirectional unidirectional Optional Display bidirectional or unidirectional LSP informatio...

Page 3580: ...timate routing device in the LSP sets the label to 0 Also as the packet arrives at the egress routing device the hardware removes its MPLS header and the packet reverts to being an IPv4 packet Therefore it is counted as an IPv4 packet not an MPLS packet transit Optional Display LSPs transiting this routing device Required Privilege Level view Related Documentation clear mpls lsp on page 3434 List ...

Page 3581: ... egress routing device of the session To brief detail Source ingress routing device of the session From brief detail State of the LSP handled by this RSVP session Up Dn down or Restart State detail extensive Number of active routes prefixes installed in the forwarding table For ingress LSPs the forwarding table is the primary IPv4 table inet 0 For transit and egress RSVP sessions the forwarding ta...

Page 3582: ...hing type All levels Generalized Payload Identifier identifier of the payload carried by an LSP HDLC Ethernet IPv4 PPP or Unknown GPID All levels Configured protection capability desired for the LSP Extra Enhanced none One plus one One to one or Shared Protection All levels Bidirectional LSPs Incoming label for reverse direction traffic for this LSP Upstream label in All levels Bidirectional LSPs ...

Page 3583: ... of the path in standby mode Standby detail extensive Ingress LSP State of the path Up or Dn down State detail extensive Ingress LSP Class of service value COS detail extensive Ingress LSP Active bandwidth for the LSP path for each MPLS class type in bps Bandwidth per class detail extensive Ingress LSP Configured value of the optimize timer indicating the total amount of time allowed before path r...

Page 3584: ...nding path section If the downstream routing device can set up only a link protection backup path the Local protection available bit is set but the Node protection bit is cleared 0x09 Detour is established Combination of 0x01 and 0x08 0x10 Preemption pending The preempting node sets this flag if a pending preemption is in progress for the traffic engine LSP This flag indicates to the ingress legac...

Page 3585: ...ded route for the session taken from the record route object Record route detail Number of soft preemptions that occurred on a path and when the last soft preemption occurred Only successful soft preemptions are counted those that actually resulted in a new path being used Soft preempt detail Path is in the process of being soft preempted This display is removed once the ingress router has calcula...

Page 3586: ... Up 0 Down 0 show mpls lsp extensive user host show mpls lsp extensive Ingress LSP 5 sessions 10 255 71 242 From 10 255 71 238 State Up ActiveRoute 1009 LSPname sample ccc ActivePath path3 primary Link protection desired LoadBalance Random Encoding type Packet Switching type Packet GPID IPv4 Primary path3 State Up OptimizeTimer 30 SmartOptimizeTimer 180 Reoptimization in 26 second s Computed ERO S...

Page 3587: ...MP branch count 1 10 255 245 51 From 10 255 245 50 State Up ActiveRoute 0 LSPname p2mp branch 1 ActivePath path1 primary P2MP name p2mp lsp1 LoadBalance Random Encoding type Packet Switching type Packet GPID IPv4 Primary path1 State Up Computed ERO S L denotes strict loose hops CSPF metric 25 192 168 208 17 S Received RRO ProtectionFlag 1 Available 2 InUse 4 B W 8 Node 10 SoftPreempt 192 168 208 1...

Page 3588: ...y Required Privilege Level view List of Sample Output show mpls path on page 3492 Output Fields Table 470 on page 3492 describes the output fields for the show mpls path command Output fields are listed in the approximate order in which they appear Table 470 show mpls path Output Fields Field Description Field Name Information about ingress LSPs Each path has one line of output Path name Addresses...

Page 3589: ...ional Display the specified circuit cross connect interface name for entries to match destination Optional Display the destination prefix family family name Optional Display routing table entries for the specified family ethernet switching inet inet6 iso mpls vlan classification label label Optional Display route entries for the specified label name matching ip_prefix Optional Display route entrie...

Page 3590: ...es cloned clon TCP or multicast only Cloned route destination dest Remoteaddressesdirectlyreachablethroughaninterface destination down iddn Destination route for which the interface is unreachable interface cloned ifcl Cloned route for which the interface is unreachable route down ifdn Interface route for which the interface is unreachable ignore ignr Ignore this route interface intf Installed as ...

Page 3591: ...x extensive Logical interface index from which the route is learned For example for interface routes this is the logical interface index of the route itself For static routes this field is zero For routes learned through routing protocols this is the logical interface index from which the route is learned Route interface index none detail extensive Number of routes that refer to this next hop Refe...

Page 3592: ...5 bcst 320 1 me0 0 14 14 14 0 24 ifdn 0 rslv 1319 1 ge 0 0 25 0 14 14 14 0 32 iddn 0 14 14 14 0 recv 1317 1 ge 0 0 25 0 14 14 14 2 32 user 0 rjct 36 2 14 14 14 2 32 intf 0 14 14 14 2 locl 1318 2 14 14 14 2 32 iddn 0 14 14 14 2 locl 1318 2 14 14 14 255 32 iddn 0 14 14 14 255 bcst 1316 1 ge 0 0 25 0 224 0 0 0 4 perm 1 mdsc 35 1 224 0 0 1 32 perm 0 224 0 0 1 mcst 31 3 224 0 0 5 32 user 1 224 0 0 5 mc...

Page 3593: ... hop type unicast Index 1320 Reference 1 Next hop interface ae0 0 Destination 2 2 2 2 32 Route type interface Route reference 0 Route interface index 0 Flags sent to PFE Nexthop 2 2 2 2 Next hop type local Index 1308 Reference 2 Destination 2 2 2 2 32 Route type destination Route reference 0 Route interface index 66 Flags none Nexthop 2 2 2 2 Next hop type local Index 1308 Reference 2 Destination ...

Page 3594: ...user 0 3 3 3 2 Push 300016 1337 2 ae1 0 ge 0 0 0 5 CCC user 0 3 3 3 2 Push 299824 1325 2 ae1 0 ge 0 0 0 7 CCC user 0 3 3 3 2 Push 299920 1331 2 ae1 0 ge 0 0 0 8 CCC user 0 3 3 3 2 Push 299840 1326 2 ae1 0 ge 0 0 0 9 CCC user 0 3 3 3 2 Push 299888 1329 2 ae1 0 ge 0 0 0 10 CCC user 0 3 3 3 2 Push 300112 1343 2 ae1 0 ge 0 0 0 11 CCC user 0 3 3 3 2 Push 299776 1322 2 ae1 0 ge 0 0 0 12 CCC user 0 3 3 3...

Page 3595: ...24 0 0 5 32 user 1 224 0 0 5 mcst 31 3 Routing table __master anon__ inet Internet Destination Type RtRef Next hop Type Index NhRef Netif 224 0 0 0 4 perm 0 mdsc 1289 1 224 0 0 1 32 perm 0 224 0 0 1 mcst 1285 1 Routing table default inet6 Internet6 Destination Type RtRef Next hop Type Index NhRef Netif ff00 8 perm 0 mdsc 43 1 ff02 1 128 perm 0 ff02 1 mcst 39 1 3499 Copyright 2010 Juniper Networks ...

Page 3596: ...formation created by the Link Management Protocol LMP logical system all logical system name Optional Perform this operation on all logical systems or on a particular logical system Required Privilege Level view List of Sample Output show rsvp interface brief on page 3503 show rsvp interface detail on page 3503 show rsvp interface extensive on page 3503 show rsvp interface link management on page ...

Page 3597: ...r they are associated with TElink All levels Number of reservations that are actively reserving bandwidth on the interface Active resv detail Number of times an RSVP session was preempted on this interface PreemptionCnt detail Percentage change in reserved bandwidth to trigger an IGP update Update threshold All levels User configured subscription factor Subscription extensive Bandwidth allocated f...

Page 3598: ...a path PathTear detail Statistics about Resv messages which are sent from the RSVP receiver along the data paths and store reservation state information in each node along the path Resv detail Statistics about ResvErr messages which are advisory messages that are sent when an attempt to establish a reservation fails ResvErr detail Statistics about ResvTear messages which remove reservation states ...

Page 3599: ...seconds Sent Received Sent Received Path 16 0 1 0 PathErr 0 0 0 0 PathTear 1 0 0 0 Resv 0 11 0 1 ResvErr 0 0 0 0 ResvTear 0 0 0 0 Hello 66 67 1 1 Ack 0 0 0 0 Srefresh 0 0 0 0 EndtoEnd RSVP 0 0 0 0 show rsvp interface extensive user host show rsvp interface extensive so 1 0 0 0 Index 72 State Ena Up NoAuthentication NoAggregate NoReliable NoLinkProtection HelloInterval 9 second Address 192 168 213 ...

Page 3600: ...2Mbps TElink TElnk2 Link ID 37808 ActiveResv 1 PreemptionCnt 0 StaticBW 155 52Mbps ReservedBW 0bps AvailableBW 155 52Mbps PEER B State Up Active Control Channel so 1 0 0 0 TElink TElnkAB1 Link ID 1598 ActiveResv 0 PreemptionCnt 0 StaticBW 622 08Mbps ReservedBW 0bps AvailableBW 622 08Mbps TElink TElnkAB2 Link ID 1597 ActiveResv 0 PreemptionCnt 0 StaticBW 622 08Mbps ReservedBW 0bps AvailableBW 622 0...

Page 3601: ...eoutputfieldsfortheshowrsvpneighbor command Output fields are listed in the approximate order in which they appear Table 473 show rsvp neighbor Output Fields Level of Output Field Description Field Name All levels Number of neighbors that the routing device has learned of Each neighbor has one line of output RSVP neighbor detail Name of the interface where the neighbor has been detected In the cas...

Page 3602: ...d Restarted RSVP neighbor has restarted and is undergoing state recovery graceful restart procedures Dead Routing device has lost all communication with the RSVP neighbor Any RSVP sessions with that neighbor are torn down status All levels Time elapsed since the neighbor state changed either from up to down or from down to up The format is hh mm ss LastChange detail Time elapsed since the neighbor...

Page 3603: ...duction extension enabled Both local and remote routing devices support the ack extension RFC 2961 disabled Remote routing device does not support the ack extension Ack extension detail Status of the MPLS fast reroute mechanism that protects traffic from link failure enabled Link protection feature has been turned on protecting the neighbor with a bypass LSP disabled No link protection feature has...

Page 3604: ...time detail Length of time during which the restarting node attempts to recover its lost states with help from its neighbors in milliseconds Recovery time is advertised by the restarting node to its neighbors and applies to nodal faults The restarting node considers its graceful restart complete after this time has elapsed Recovery time Copyright 2010 Juniper Networks Inc 3508 Complete Software Gu...

Page 3605: ...s Up Last changed time 28 47 Idle 0 sec Up cnt 3 Down cnt 2 Message received 632 Hello sent 673 received 656 interval 3 sec Remote instance 0x6432838a Local instance 0x74b72e36 Refresh reduction operational Remote end enabled Ack extension enabled Link protection enabled LSP name Bypass_to_192 168 207 203 Bypass LSP operational Backup routes 1 Backup LSPs 0 Bypass explicit route 192 168 207 207 19...

Page 3606: ...or active respectively interface interface name Optional Display RSVP sessions for the specified interface only lsp type Optional Display information about RSVP sessions with regard to LSPs bypass Sessions used for bypass LSPs lsp Sessions used to set up LSPs nolsp Sessions not used to set up LSPs name session name Optional Display information about the named session session type Optional Display ...

Page 3607: ...l levels Information about the transit RSVP sessions Transit RSVP All levels Destination egress switch of the session To All levels Source ingress switch of the session From All levels State of the path Up Down or AdminDn AdminDn indicates that the LSP is being taken down gracefully State detail Destination egress switch of the LSP Address brief detail State of the LSP that is being handled by thi...

Page 3608: ... explicit or WF wildcard filter Resv style or Style brief detail Incoming label for this LSP Label in brief detail Outgoing label for this LSP Label out brief detail Number of seconds remaining in the lifetime of the reservation Time left detail Date and time when the RSVP session was initiated Since detail Sender s traffic specification which describes the sender s traffic parameters Tspec detail...

Page 3609: ... 1 1 From 2 2 2 2 LSPstate Up ActiveRoute 0 LSPname to a LSPpath Primary Suggested label received Suggested label sent Recovery label received Recovery label sent 3 Resv style 1 FF Label in Label out 3 Time left Since Fri Mar 26 18 42 42 2004 Tspec rate 300kbps size 300kbps peak Infbps m 20 M 1500 DiffServ info diffServ TE LSP bandwidth ct1 300kbps Port number sender 1 receiver 15876 protocol 0 PA...

Page 3610: ...Explct route 3 3 3 2 4 4 4 2 Copyright 2010 Juniper Networks Inc 3514 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 3611: ...rvation Protocol RSVP sessions Options none Display standard information about all RSVP sessions brief detail extensive terse Optional Display the specified level of output bidirectional unidirectional Optional Display information about bidirectional or unidirectional RSVP sessions only respectively bypass Optional Display RSVP sessions for bypass LSPs down up Optional Display only LSPs that are i...

Page 3612: ...3521 show rsvp session detail GMPLS on page 3521 show rsvp session extensive on page 3521 show rsvp session p2mp on page 3522 Output Fields Table 475 on page 3516 describes the output fields for the show rsvp session command Output fields are listed in the approximate order in which they appear Table 475 show rsvp session Output Fields Level of Output Field Description Field Name detail Informatio...

Page 3613: ...s the forwarding table is the primary IPv4 table inet 0 For transit and egress RSVP sessions the forwarding table is the primary MPLS table mpls 0 Active Route brief detail Name of the LSP LSPname detail Indicates whether the RSVP session is for the primary or secondary LSP path LSPpath can be either primary or secondary and can be displayed on the ingress egress and transit routing devices LSPpat...

Page 3614: ...fic parameters Tspec detail Indicates whether the LSP is a multiclass LSP multiclass diffServ TE LSP or a Differentiated Services aware traffic engineering LSP diffServ TE LSP DiffServ info detail Bandwidth for each class type ct0 ct1 ct2 or ct3 bandwidth detail Protocol ID and sender receiver port used in this RSVP session Port number detail Fast reroute has been requested by the ingress routing ...

Page 3615: ...ng backup LSP link down extensive Link has come back up and the LSP has been restored Because the backup LSP is no longer needed it is deleted Deleting backup LSP protectedLSP restored detail Displays the value of the path MTU received from the network through signaling and the value used for forwarding This value is only displayed on ingress routing devices with the allow fragmentation statement ...

Page 3616: ... user host show rsvp session statistics Ingress RSVP 2 sessions To From State Packets Bytes LSPname 10 255 245 24 10 255 245 22 Up 0 0 pro3 bd 10 255 245 24 10 255 245 22 Up 44868 2333136 pro3 bd 2 Total 2 displayed Up 2 Down 0 Egress RSVP 2 sessions To From State Packets Bytes LSPname 10 255 245 22 10 255 245 24 Up 0 0 pro3 db 10 255 245 22 10 255 245 24 Up 0 0 pro3 db 2 Total 2 displayed Up 2 Do...

Page 3617: ...rimary Bidirectional Upstream label in 21253 Upstream label out Suggested label received Suggested label sent 21253 Recovery label received Recovery label sent Resv style 0 Label in Label out Time left Since Mon Aug 16 17 54 40 2006 Tspec rate 0bps size 0bps peak 155 52Mbps m 20 M 1500 Port number sender 2 receiver 46115 protocol 0 PATH rcvfrom localclient Adspec sent MTU 1500 PATH MTU received 0 ...

Page 3618: ...te Rt Style Labelin Labelout LSPname 10 255 245 34 10 255 245 25 Up 0 1 FF 100128 p2mp branch 1 P2MP name p2mp lsp2 P2MP branch count 1 To From State Rt Style Labelin Labelout LSPname 10 255 245 34 10 255 245 25 Up 0 1 FF 3 p2mp st br1 P2MP name lsp a_b P2MP branch count 1 Total 2 displayed Up 2 Down 0 Egress RSVP 0 sessions Total 0 displayed Up 0 Down 0 Transit RSVP 0 sessions Total 0 displayed U...

Page 3619: ...and Output fields are listed in the approximate order in which they appear Table 476 show rsvp statistics Output Fields Field Description Field Name Statistics about different RSVP messages Packet Type Total number of packets sent since RSVP was enabled Total Sent Total number of packets received since RSVP was enabled Total Received Total number of packets sent in the last 5 seconds Last 5 second...

Page 3620: ... to and received from the neighbor Hello Statistics for the number of End to end RSVP messages EndtoEnd RSVP Statistics about errored RSVP packets Errors The packet was not processed because its length is inappropriate Rcv pkt bad length The packet is not one of the well known RSVP types as defined in RFC 2205 Resource ReSerVation Protocol RSVP Rcv pkt unknown type The packet is not an RSVP versio...

Page 3621: ...ecover the state and start the message ID handshake process again Recv nack Number of times the same message ID is used by two different RSVP messages This duplication is usually caused when a neighboring routing device restarts Recvduplicatedmsg id Counter of packets discarded because a TE link was not found No TE link to recv Hop Number of RSVP packets received on an interface that is not enable...

Page 3622: ...l 0 0 No path information 10 0 Resv style conflict 0 0 Port conflict 0 0 Resv no interface 0 0 PathErr to client 38 0 ResvErr to client 0 0 Path timeout 8 0 Resv timeout 57 0 Message out of order 0 0 Unknown ack msg 2978 0 Recv nack 86 0 Recv duplicated msg id 5 0 No TE link to recv Hop 0 0 Rcv pkt disabled interface 0 0 Transmit buffer full 0 0 Transmit failure 0 0 Receive failure 0 0 P2MP RESV d...

Page 3623: ...pproximate order in which they appear Table 477 show rsvp version Output Fields Field Description Field Name RSVP software version Resource ReSerVation Protocol version Status of RSVP Enabled or Disabled RSVP protocol Configured time interval used to generate periodic RSVP messages R refresh timer Number of RSVP messages that can be lost before an RSVP state is declared stale K keep multiplier Cur...

Page 3624: ... that an LSP is kept after it has been soft preempted This is a global property of the RSVP protocol Soft preemption cleanup show rsvp version Router in Steady State user host show rsvp version Resource ReSerVation Protocol version 1 rfc2205 RSVP protocol Enabled R refresh timer 30 seconds show rsvp version Router in Steady State K keep multiplier 3 Preemption Normal Soft preemption cleanup 60 sec...

Page 3625: ...atabase brief on page 3531 show ted database detail system name on page 3532 show ted database extensive on page 3532 Output Fields Table 478 on page 3529 describes the output fields for the showteddatabase command Output fields are listed in the approximate order in which they appear Table 478 show ted database Output Fields Level of Output Field Description Field Name All levels Number of nodes ...

Page 3626: ...ve Total interface bandwidth in bps Static BW extensive Subscription factor for the interface which is the percentage of the link bandwidth that can be used for the RSVP reservation process You configure this by including the subscription statement when configuring RSVP Reservable bandwidth extensive Must include diffserv te statement when configuring LSPs Amount of bandwidth actually reserved by ...

Page 3627: ...re interface n Priority level The range is from 0 high through 7 low n Mbps Amount of the maximum bandwidth MinimumLSPBW Minimum LSP bandwidth in Mbps Amount of bandwidth actually reserved for each priority level The bandwidth shown is for the entire interface Minimum LSP BW is displayed only when switching type is PSC 1 or TDM Interface MTU Displayed only when switching type is TDM Interface supp...

Page 3628: ...5 245 24 Local 4 4 4 4 Remote 5 5 5 5 Metric 1 Static BW 155 52Mbps Reservable BW 155 52Mbps Available BW TE class bps te0 155 52Mbps te1 155 52Mbps te2 155 52Mbps te3 155 52Mbps te4 155 52Mbps te5 155 52Mbps te6 155 52Mbps te7 155 52Mbps Diffserv TE BW model Maximum allocation model Static BW CT class bps ct0 155 52Mbps ct1 155 52Mbps ct2 155 52Mbps ct3 155 52Mbps Interface Switching Capability D...

Page 3629: ...w ted link Output Fields Level of Output Field Description Field Name brief Hostname and address of the node that the link is coming from An address of 00 indicates that the node is the routing device itself An address in the range 0 01 through 0 FF indicates that the node is a pseudonode ID brief Hostname and address of the node that the link is going to An address of 00 indicates that the node i...

Page 3630: ...1 10 merino 00 123 456 1 14 LocalPath 0 localBW 0 0bps 1 0bps 2 0bps 3 0bps localBW 4 0bps 5 0bps 6 0bps 7 0bps merino 00 123 456 1 14 corriedale 00 123 456 1 11 LocalPath 0 localBW 0 0bps 1 0bps 2 0bps 3 0bps localBW 4 0bps 5 0bps 6 0bps 7 0bps merino 00 123 456 1 14 perendale 00 123 456 1 13 LocalPath 0 localBW 0 0bps 1 0bps 2 0bps 3 0bps localBW 4 0bps 5 0bps 6 0bps 7 0bps merino 00 123 456 1 1...

Page 3631: ... Privilege Level view List of Sample Output show ted protocol on page 3535 Output Fields Table 480 on page 3535 describes the output fields for the show ted protocol command Output fields are listed in the approximate order in which they appear Table 480 show ted protocol Output Fields Field Description Field Name Protocol that reported the node information IS IS 1 IS IS Level 1 IS IS 2 IS IS Leve...

Page 3632: ...Copyright 2010 Juniper Networks Inc 3536 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 3633: ...page 3699 Ethernet OAM Link Fault Management on page 3725 Ethernet OAM Connectivity Fault Management on page 3763 Monitoring General Network Traffic and Hosts on page 3813 ConfigurationStatementsforGeneralNetworkManagementandMonitoringonpage3817 Operational Mode Commands for General Network Management and Monitoring on page 3833 3537 Copyright 2010 Juniper Networks Inc ...

Page 3634: ...Copyright 2010 Juniper Networks Inc 3538 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 3635: ...s concerning network usage and file sharing and identifying sources of problems on your network by locating abnormal or heavy bandwidth usage from particular stations or applications Port mirroring copies packets to either a local interface for local monitoring or to a VLAN for remote monitoring You can use port mirroring to copy these packets Packets entering or exiting a port Packets entering a ...

Page 3636: ... in any combination on up to 256 ports For example you can send copies of the packets entering some ports and the packets exiting other ports to the same local analyzer port or analyzer VLAN PacketsenteringaVLANonanEX2200 EX3200 EX4200 orEX4500switch You can mirror the packets entering a VLAN on these switches to either a local analyzer port or to an analyzer VLAN On EX3200 EX4200 and EX4500 switc...

Page 3637: ...6 switch you can enable a maximum of seven analyzers port mirroring configurations Packets with physical layer errors are filtered out and thus are not sent to the analyzer port or analyzer VLAN You cannot mirror packets exiting or entering the following ports Dedicated Virtual Chassis ports VCPs Management port me0 or vme0 Routed VLAN interfaces RVIs On EX8200 switches you can set a ratio only fo...

Page 3638: ... mirrored traffic is sent The mirrored traffic can be used by a protocol analyzer application The monitor VLAN is spread across the switches in your network Analyzer VLAN Also known as monitor VLAN An analyzer session that has only an output stanza A firewall based analyzer must be used along with a firewall filter to achieve the functionality of an analyzer Firewall based analyzer An interface on...

Page 3639: ...on page 3549 Configuring Port Mirroring to Analyze Traffic J Web Procedure on page 3558 or Configuring Port Mirroring to Analyze Traffic CLI Procedure on page 3555 Firewall Filter Match Conditions and Actions for EX Series Switches on page 3009 Examples Port Mirroring Configuration Example Configuring Port Mirroring for Local Monitoring of Employee Resource Use on EX Series Switches on page 3543 E...

Page 3640: ...ncludes two related examples that describe how to mirror traffic entering ports on the switch to a destination interface on the same switch The first example shows how to mirror all traffic entering the ports connected to employee computers The second example shows the same scenario but includes a filter to mirror only the employee traffic going to the Web Network Topology In this example ge 0 0 0...

Page 3641: ...ng options analyzer employee monitor output interface ge 0 0 10 0 Step by Step Procedure To configure an analyzer called employee monitor and specify the input source interfaces and the analyzer output interface 1 Configure each interface connected to employee computers as an input interface for the port mirror analyzer that we are calling employee monitor edit ethernet switching options user swit...

Page 3642: ...g filter watch employee term employee to web then analyzer employee web monitor set interfaces ge 0 0 0 unit 0 family ethernet switching filter input watch employee set interfaces ge 0 0 1 unit 0 family ethernet switching filter input watch employee Step by Step Procedure To configure local port mirroring of employee to web traffic from the two ports connected to employee computers 1 Configure the...

Page 3643: ... family ethernet switching filter input watch employee user switch set ge 0 0 1 unit 0 family ethernet switching filter input watch employee Results Check the results of the configuration edit user switch show ethernet switching options analyzer employee web monitor output interface ge 0 0 10 0 firewall family ethernet switching filter watch employee term employee to corp from destination address ...

Page 3644: ... ge 0 0 0 0 Ingress monitored interfaces ge 0 0 1 0 Egress monitored interfaces None Meaning This output shows that the employee monitor analyzer has a ratio of 1 mirroring every packet the default setting a loss priority of low set this option to high only when the analyzer output is to a VLAN is mirroring the traffic entering the ge 0 0 0 and ge 0 0 1 interfaces and sending the mirrored traffic ...

Page 3645: ...ing to the Web This example describes how to configure remote port mirroring Requirements on page 3549 Overview and Topology on page 3549 Mirroring All Employee Traffic for Remote Analysis on page 3550 Mirroring Employee to Web Traffic for Remote Analysis on page 3551 Verification on page 3554 Requirements This example uses the following hardware and software components Junos OS Release 9 5 or lat...

Page 3646: ...I Quick Configuration To quickly configure port mirroring for remote traffic analysis for incoming and outgoing employee traffic copy the following commands and paste them into the switch terminal window edit set vlans remote analyzer vlan id 999 set interfaces ge 0 0 10 unit 0 family ethernet switching port mode trunk set interfaces ge 0 0 10 unit 0 family ethernet switching vlan members 999 sete...

Page 3647: ...yee monitor input ingress interface ge 0 0 1 0 user switch set analyzer employee monitor output vlan remote analyzer set analyzer employee monitor input egress interface ge 0 0 0 0 set analyzer employee monitor input egress interface ge 0 0 1 0 Results Check the results of the configuration edit user switch show ethernet switching options analyzer employee monitor loss priority high input ingress ...

Page 3648: ...alyzer edit ethernet switching options user switch set interfaces ge 0 0 10 unit 0 family ethernet switching port mode trunk user switch set analyzer employee web monitor loss priority high output vlan 999 2 Configure the VLAN tag ID for the remote analyzer VLAN edit vlans user switch set remote analyzer vlan id 999 3 Configure the interface to associate it with the remote analyzer VLAN edit inter...

Page 3649: ...mployee ge 0 0 1 unit 0 family ethernet switching filter input watch employee firewall family ethernet switching filter watch employee term employee to corp from source address 192 0 2 16 28 destination address 192 0 2 16 28 then accept term employee to web from destination port 80 then analyzer employee web monitor 3553 Copyright 2010 Juniper Networks Inc Chapter 127 Port Mirroring ...

Page 3650: ... monitor Output VLAN remote analyzer Mirror ratio 1 Loss priority High Ingress monitored interfaces ge 0 0 0 0 Ingress monitored interfaces ge 0 0 1 0 Meaning This output shows that the employee monitor analyzer has a ratio of 1 mirroring every packet the default a loss priority of high set this option to high whenever the analyzer output is to a VLAN is mirroring the traffic entering ge 0 0 0 and...

Page 3651: ... deleting the existing analyzer first disable the existing analyzer using the disable analyzer analyzer name command or the J Web configuration page for port mirroring NOTE Interfaces used as output for a port mirror analyzer must be configured as family ethernet switching Configuring Port Mirroring for Local Traffic Analysis on page 3555 Configuring Port Mirroring for Remote Traffic Analysis on p...

Page 3652: ...switch to trunk mode and associate it with the remote analyzer VLAN edit user switch set interfaces ge 0 1 1 unit 0 family ethernet switching port mode trunk vlan members 999 3 Configure the analyzer a Choose a name and set the loss priority to high Loss priority should always be set to high when configuring for remote port mirroring edit ethernet switching options user switch set analyzer employe...

Page 3653: ...tocol analyzer application edit ethernet switching options user switch set analyzer employee monitor output interface ge 0 0 10 0 b For remote analysis set the loss priority to high and set the output to the remote analyzer VLAN edit ethernet switching options user switch set analyzer employee monitor loss priority high output vlan 999 2 Create a firewall filter using any of the available match co...

Page 3654: ...nalyze Traffic J Web Procedure EX Series switches allow you to configure port mirroring to send copies of packets to either a local interface for local monitoring or to a VLAN for remote monitoring You can use port mirroring to copy these packets Packets entering or exiting a port Packets entering a VLAN on EX2200 EX3200 EX4200 or EX4500 switches Packets exiting a VLAN on EX8200 switches To config...

Page 3655: ... A ratio of 1 sends copies of all packets A ratio of 2047 sends copies of 1 out of every 2047 packets On EX8200 switches you can set a ratio only for ingress packets Ratio Keep the default of low unless the output is to a VLAN Specifies the loss priority of the mirrored packets By default the switch applies a lower priority to mirrored data than to regular port to port data mirrored traffic is dro...

Page 3656: ...nfiguration VerifyingInputandOutputforPortMirroringAnalyzersonEXSeriesSwitchesonpage3560 Verifying Input and Output for Port Mirroring Analyzers on EX Series Switches Purpose Verify that an analyzer has been created on the switch and has the appropriate output interfaces and appropriate output interface Action You can verify the port mirror analyzer is configured as expected using the show analyze...

Page 3657: ...age 3555 Example Configuring Port Mirroring for Local Monitoring of Employee Resource Use on EX Series Switches on page 3543 Example Configuring Port Mirroring for Remote Monitoring of Employee Resource Use on EX Series Switches on page 3549 Understanding Port Mirroring on EX Series Switches on page 3539 Configuration Statements for Port Mirroring edit ethernet switching options Configuration Stat...

Page 3658: ...l_pathname remote_URL timeout seconds write interval seconds interface all interface name allowed mac mac address list dhcp trusted no dhcp trusted mac limit limit action action no allowed mac log static ip ip address vlan vlan name mac mac address vlan all vlan name arp inspection no arp inspection dhcp option82 circuit id prefix hostname use interface description use vlan id remote id prefix hos...

Page 3659: ...ding network control Related Documentation Understanding Port Mirroring on EX Series Switches on page 3539 Port Security for EX Series Switches Overview on page 2825 Understanding BPDU Protection for STP RSTP and MSTP on EX Series Switches on page 1522 Understanding Redundant Trunk Links on EX Series Switches on page 1291 Understanding Storm Control on EX Series Switches on page 2791 Understanding...

Page 3660: ... OS creates no default analyzers Options name Name that identifies the analyzer The name can be up to 125 characters long must begin with a letter and can include uppercase letters lowercase letters numbers dashes and underscores No other special characters are allowed The remaining statements are explained separately Required Privilege Level routing To view this statement in the configuration rou...

Page 3661: ...for which traffic exiting the interface is mirrored in an port mirroring configuration The statement is explained separately Default No default Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Understanding Port Mirroring on EX Series Switches on page 3539 3565 Copyright 2010 Juniper Networ...

Page 3662: ...0 0x88a8 0x9100 interfaces interface name no mac learning mac notification notification interval seconds mac table aging time seconds port error disable disable timeout timeout redundant trunk group group name name interface interface name primary interface interface name secure access port dhcp snooping file location local_pathname remote_URL timeout seconds write interval seconds interface all i...

Page 3663: ...p ip source guard no ip source guard mac move limit limit action action storm control action shutdown interface all interface name bandwidth bandwidth no broadcast no unknown unicast traceoptions file filename files number no stamp replace size size world readable no world readable flag flag disable unknown unicast forwarding vlan all vlan name interface interface name voip interface all interface...

Page 3664: ... Ethernet switching options The remaining statements are explained separately Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Understanding Port Mirroring on EX Series Switches on page 3539 Port Security for EX Series Switches Overview on page 2825 Understanding BPDU Protection for STP RST...

Page 3665: ...s are explained separately Default No default Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Configuring Port Mirroring for Local Monitoring of Employee Resource Use on EX Series Switches on page 3543 Example Configuring Port Mirroring for Remote Monitoring of Employee Resource Us...

Page 3666: ...Packets exiting a VLAN on an EX8200 switch The remaining statements are explained separately Default No default Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Configuring Port Mirroring for Local Monitoring of Employee Resource Use on EX Series Switches on page 3543 Example Config...

Page 3667: ...generally select specific input interfaces in preference to using the all keyword or use the all keyword in combination with setting a ratio for statistical sampling interface name Apply port mirroring to the specified interface only Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example ...

Page 3668: ...For port mirroring configurations with output to an analyzer VLAN set the loss priority to high Default Low Options priority The value for priority can be low or high Default low Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Understanding Port Mirroring on EX Series Switches on page 3539...

Page 3669: ...tements are explained separately Default No default Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation Example Configuring Port Mirroring for Local Monitoring of Employee Resource Use on EX Series Switches on page 3543 Example Configuring Port Mirroring for Remote Monitoring of Employee Resou...

Page 3670: ...ries Switches on page 3539 vlan Syntax vlan vlan id vlan name Hierarchy Level edit ethernet switching options analyzer name input ingress edit ethernet switching options analyzer name output Release Information Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure mirrored traffic to be sent to a VLAN for remote monitoring Options vlan id Numeric VLAN identifer ...

Page 3671: ...ce or a VLAN not both Output VLAN Displays the ratio of packets to be mirrored between 1 and 2047 where 1 sends copies of all packets and 2047 sends copies of 1 out of every 2047 packets Mirror ratio Displays the loss priority of mirrored packets By default loss priority is set to low with mirrored traffic dropped in preference for regular traffic when capacity is exceeded For analyzers with outpu...

Page 3672: ...Copyright 2010 Juniper Networks Inc 3576 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 3673: ...Flow technology on a Juniper Networks EX Series Ethernet Switch to continuously monitor traffic at wire speed on all interfaces simultaneously This topic describes Sampling Mechanism and Architecture of sFlow Technology on EX Series Switches on page 3577 Adaptive Sampling on page 3578 sFlow Agent Address Assignment on page 3579 Sampling Mechanism and Architecture of sFlow Technology on EX Series S...

Page 3674: ... to interfaces to dynamically adapt their sampling rate to the traffic conditions Interfaces on which incoming traffic exceeds the system threshold are checked so that all violations can be regulated without affecting the traffic on other interfaces Every 5 seconds the agent checks interfaces to get the number of samples and interfaces are grouped based on the slot that they belong to The top five...

Page 3675: ...ed to the agent When the agent IP address is assigned automatically the IP address is dynamic and changes when the switch reboots sFlow data can be used to provide network traffic visibility information You can explicitly configure the IP address to be assigned to source data sFlow datagrams If you do not explicitly configure that address the IP address of the configured Gigabit Ethernet interface...

Page 3676: ... Topology sFlow technology is a statistical sampling based network monitoring technology for high speed switched or routed networks sFlow technology samples network packets and sends the samples to a monitoring station The information gathered is used to create a network traffic visibility picture An sFlow monitoring system consists of an sFlow agent embedded in the switch and a centralized collec...

Page 3677: ...n To quickly configure sFlow technology copy the following commands and paste them into the switch terminal window edit protocols sflow set collector 10 204 32 46 Set collector udp port 5600 set interfaces ge 0 0 0 set polling interval 20 set sample rate 1000 3581 Copyright 2010 Juniper Networks Inc Chapter 128 sFlow Monitoring Technology ...

Page 3678: ...nology on a link aggregation group LAG interface that is an aggregated Ethernet interface with a name such as ae0 You can enable sFlow technology on the member interfaces that make up the LAG 4 Specify how often the sFlow agent polls the interface edit protocols sflow user switch set polling interval 20 NOTE The polling interval can be specified as a global parameter also Specify 0 if you do not w...

Page 3679: ... second Polling interval 20 seconds Sample rate 1 1000 Agent ID 10 204 96 222 NOTE The sample limit cannot be configured and is set to 300 packets second Meaning The output shows that sFlow technology is enabled and specifies the values for the sample rate sample limit and polling interval Verifying That sFlow Technology Is Enabled on the Intended Interface Purpose Verify that sFlow technology is ...

Page 3680: ...g sFlow Technology for Network Monitoring CLI Procedure on page 3584 Configuring sFlow Technology for Network Monitoring CLI Procedure You can configure sFlow technology designed for monitoring high speed switched or routed networks to continuously monitor traffic at wire speed on all interfaces simultaneously Junos OS fully supports the sFlow standard described in RFC 3176 InMon Corporation s sFl...

Page 3681: ...g interval seconds edit protocols sflow interfaces user switch set sample rate number NOTE The interface level configuration overrides the global configuration 7 To specify an IP address to be used as the agent ID for the sFlow agent edit protocols sflow user switch set agent id ip address 8 To specify the source IP address to be used for sFlow datagrams edit protocols sflow user switch set source...

Page 3682: ...n id vlan name server reject vlan vlan id vlan name server timeout seconds supplicant multiple single single secure supplicant timeout seconds transmit period seconds static mac address interface interface name vlan assignment vlan id vlan name gvrp enable disable interface all interface name disable join timer millseconds leave timer milliseconds leaveall timer milliseconds igmp snooping traceopt...

Page 3683: ...l interface name disable lldp configuration notification interval seconds management address ip management address ptopo configuration maximum hold time seconds ptopo configuration trap interval seconds traceoptions file filename files number size size world readable no world readable match regex flag flag detail disable receive send lldp med disable fast start number interface all interface name ...

Page 3684: ... priority priority max age seconds max hops hops msti msti id vlan vlan id vlan name interface interface name disable cost cost edge mode mode priority priority revision level revision level traceoptions file filename files number size size no stamp world readable no world readable flag flag mvrp disable interface all interface name disable join timer milliseconds leave timer milliseconds leaveall...

Page 3685: ... format character string none dns mac 2oct maintenance association ma name continuity check hold interval minutes interval 10m 10s 1m 1s 100ms loss threshold number mep mep id auto discovery direction down interface interface name remote mep mep id action profile profile name link fault management action profile profile name action syslog link down event link adjacency loss link event rate frame e...

Page 3686: ... seconds hello time seconds interface all interface name disable bpdu timeout action block alarm cost cost edge mode mode no root port priority priority max age seconds traceoptions file filename files number size size no stamp world readable no world readable flag flag sflow agent id collector ip address udp port port number disable interfaces interface name disable polling interval seconds sampl...

Page 3687: ...ze no stamp world readable no world readable flag flag vstp bpdu block on edge disable force version stp vlan all vlan id vlan name bridge priority priority forward delay seconds hello time seconds interface all interface name bpdu timeout action alarm block cost cost disable edge mode mode no root port priority priority max age seconds traceoptions file filename files number size size no stamp wo...

Page 3688: ...itches on page 1521 Understanding Multiple VLAN Registration Protocol MVRP on EX Series Switches on page 1296 Understanding Ethernet OAM Connectivity Fault Management for an EX Series Switch on page 3763 Understanding Ethernet OAM Link Fault Management for an EX Series Switch on page 3725 Understanding RSTP for EX Series Switches on page 1520 Understanding STP for EX Series Switches on page 1519 U...

Page 3689: ... sFlow Technology to Monitor Network Traffic on EX Series Switches on page 3579 Configuring sFlow Technology for Network Monitoring CLI Procedure on page 3584 disable Syntax disable Hierarchy Level edit protocols sflow edit protocols sflow interfaces interface name Release Information Statement introduced in Junos OS Release 9 3 for EX Series switches Description Disable the sFlow monitoring proto...

Page 3690: ...ng on individual interfaces The remaining statements are explained separately Options interface name Name of the interface on which to configure sFlow parameters Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation edit protocols Configuration Statement Hierarchy on page 56 Example Configuring ...

Page 3691: ...s the number of seconds that is configured for the global sFlow configuration If no global interval is configured the switch waits 20 seconds between messages Options seconds Number of seconds between port statistics update messages A 0 zero value specifies that polling is disabled Range 0 3600 seconds Default 20 seconds Required Privilege Level routing To view this statement in the configuration ...

Page 3692: ... the global sFlow configuration If no global rate is configured the switch samples 1 in 2000 packets Options number Denominator of the ratio that composes the sample rate Range 100 1 048 576 Default 2000 Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation edit protocols Configuration Statement...

Page 3693: ...ks to continuously monitor traffic at wire speed on specified interfaces simultaneously sFlow data can be used to provide network traffic visibility information The remaining statements are explained separately Default The sFlow protocol is disabled by default Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Rel...

Page 3694: ...ector Default 6343 Required Privilege Level routing To view this statement in the configuration routing control To add this statement to the configuration Related Documentation edit protocols Configuration Statement Hierarchy on page 56 Example Configuring sFlow Technology to Monitor Network Traffic on EX Series Switches on page 3579 Configuring sFlow Technology for Network Monitoring CLI Procedur...

Page 3695: ...guring sFlow Technology for Network Monitoring CLI Procedure on page 3584 List of Sample Output show sflow on page 3599 Output Fields Table 484 on page 3599 lists the output fields for the showsflow command Output fields are listed in the approximate order in which they appear Table 484 show sflow Output Fields Level of Output Field Description Field Name All levels Status of the feature enabled o...

Page 3696: ...Sample limit 300 packets second Polling interval 20 seconds Agent ID 10 93 54 7 Copyright 2010 Juniper Networks Inc 3600 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 3697: ...logy for Network Monitoring CLI Procedure on page 3584 Output Fields Table 485 on page 3601 lists the output fields for the show sflow collector command Output fields are listed in the approximate order in which they appear Table 485 show sflow collector Output Fields Level of Output Field Description Field Name All levels IP address of the collector IP address All levels UDP port number UDP port ...

Page 3698: ...lists the output fields for the show sflow interface command Output fields are listed in the approximate order in which they appear Table 486 show sflow interface Output Fields Level of Output Field Description Field Name All levels Interfaces on which sFlow technology is enabled Interfaces All levels Rate at which packets are sampled Sample rate All levels Number of packets sampled per second Sam...

Page 3699: ...the configuration page for SNMP as described in Table 487 on page 3603 3 To apply the configuration click Apply NOTE After you make changes to the configuration in this page you must commit the changes for them to take effect To commit all changes to the active configuration select Commit Options Commit See Using the Commit Options to Commit Configuration Changes for details about all commit optio...

Page 3700: ...or the system lab name or rack name for example Free form text string that specifies the location of the system System Location Type the hostname of the system Free form text string that overrides the system hostname System Override Name Communities To add a community click Add Type the name of the community being added Specifies the name of the SNMP community Community Name Select the authorizati...

Page 3701: ...ceive SNMP traps generated by the trap group being configured Targets Health Monitoring Select the check box to enable the health monitor and configure options Clear the check box to disable the health monitor NOTE If you select the Enable Health Monitoring check box and do not specify options then SNMP health monitoring is enabled with default values Enables the SNMP health monitor on the switch ...

Page 3702: ...e of a sampled indicator is decreasing For example if the falling threshold is 80 the default SNMP generates an event when the value of any key indicator falls back to 80 percent or less Falling Threshold Related Documentation Monitoring System Process Information on page 662 Monitoring System Properties on page 658 Configuration Statements for SNMP edit snmp Configuration Statement Hierarchy on p...

Page 3703: ...to the configuration Related Documentation Configuring the Address address mask Syntax address mask address mask Hierarchy Level edit snmp v3 target address target address name Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Verify the source addresses for a group of target addresses Options addres...

Page 3704: ...ng interface of that trap Options outgoing interface Value of agent address of all SNMPv1 traps generated by this router The outgoing interface option sets the agent address of each SNMPv1 trap to the address of the outgoing interface of that trap Default disabled The agent address is not specified in SNMPv1 traps Required Privilege Level snmp To view this statement in the configuration snmp contr...

Page 3705: ...id variable Hierarchy Level edit snmp rmon Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure RMON alarm entries Options index Identifies this alarm entry as an integer The remaining statements are explained separately Required Privilege Level snmp To view this statement in the configuration...

Page 3706: ...iguration Related Documentation Configuring the SNMP Community String bucket size Syntax bucket size number Hierarchy Level edit snmp rmon history Release Information Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure the sampling of Ethernet statistics for network fault diagnosis planning and performance tuning Default 50 Options number Number of discrete sa...

Page 3707: ... To view this statement in the configuration snmp control To add this statement to the configuration Related Documentation Configuring SNMP Trap Groups client list Syntax client list client list name ip addresses Hierarchy Level edit snmp Release Information Statement introduced in Junos OS Release 8 5 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Define a list of...

Page 3708: ... 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Specify the IPv4 or IPv6 addresses of the SNMP client hosts that are authorized to use this community Default If you omit the clients statement all SNMP clients using this community string are authorized to access the router Options address Address of an SNMP client that is authorized to access this router You mus...

Page 3709: ...scription Configure the timer for the SNMP Set reply and start of the commit Options seconds Delay between affirmative SNMP Set reply and start of the commit Default 5 seconds Required Privilege Level snmp To view this statement in the configuration snmp control To add this statement to the configuration Related Documentation Configuring the Commit Delay Timer 3613 Copyright 2010 Juniper Networks ...

Page 3710: ... and the operations read only or read write allowed on those objects The SNMP client application specifies an SNMP community name in Get GetBulk GetNext and Set SNMP requests Default If you omit the community statement all SNMP requests are denied Options community name Community string If the name includes spaces enclose it in quotation marks The remaining statements are explained separately Requ...

Page 3711: ...e targets configured for that trap group The community string in the trap matches the name of the trap group and hence the value of eventCommunity If nothing is configured traps are sent to each group with the rmon alarm category set Options community name Identifies the trap group that is used when generating a trap if the event is configured to send traps Required Privilege Level snmp To view th...

Page 3712: ...r an SNMPv1 or SNMPv2c community If unconfigured it is the same as the community index If the name includes spaces enclose it in quotation marks NOTE Community names must be unique You cannot configure the same community name at the edit snmp community and edit snmp v3 snmp community community index hierarchy levels The community name at the edit snmp v3 snmp community community index hierarchy le...

Page 3713: ...guring the System Contact on a Device Running JUNOS Software description Syntax description description Hierarchy Level edit snmp Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Define the value of the MIB II sysDescription object which is the description of the system being managed Options descrip...

Page 3714: ...tation Configuring the Description Configuring an Event Entry and Its Attributes destination port Syntax destination port port number Hierarchy Level edit snmp trap group Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Assign a trap port number other than the default Default If you omit this statem...

Page 3715: ...encryption keys are generated based on the associated passwords and the engine ID If you configure or change the engine ID you must commit the new engine ID before you configure SNMPv3 users Otherwise the keys generated from the configured passwords are based on the previous engine ID For the engine ID we recommend using the MAC address of fxp0 Options local engine id suffix Explicit setting for t...

Page 3716: ... Syntax falling event index index Hierarchy Level edit snmp rmon alarm index Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description The index of the event entry that is used when a falling threshold is crossed If this value is zero no event is triggered Options index Index of the event entry that is used ...

Page 3717: ...erated A single event is also generated if the first sample after this entry becomes valid is less than or equal to this threshold After a falling event is generated another falling event cannot be generated until the sampled value rises above this threshold and reaches the rising threshold Options percentage The lower threshold for the alarm entry Range 1 through 100 Default 70 percent of the max...

Page 3718: ...threshold and the associated startup alarm value is equal to falling alarm value or rising or falling alarm value After a falling event is generated another falling event cannot be generated until the sampled value rises above this threshold and reaches the rising threshold Options integer The lower threshold for the alarm entry Range 2 147 483 648 through 2 147 483 647 Default 20 percent less tha...

Page 3719: ...vilege Level snmp To view this statement in the configuration snmp control To add this statement to the configuration Related Documentation Configuring the Falling Threshold Interval interval on page 3629 filter duplicates Syntax filter duplicates Hierarchy Level edit snmp Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Serie...

Page 3720: ...ed Privilege Level snmp To view this statement in the configuration snmp control To add this statement to the configuration Related Documentation Filtering Interface Information Out of SNMP Get and GetNext Output group Configuring Group Name Syntax group group name Hierarchy Level edit snmp v3 vacm access Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in ...

Page 3721: ...configuration snmp control To add this statement to the configuration Related Documentation Configuring the Group health monitor Syntax health monitor falling threshold percentage interval seconds rising threshold percentage Hierarchy Level edit snmp Release Information Statement introduced in Junos OS Release 8 0 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Conf...

Page 3722: ...ling of data from various types of networks This group contains configuration entries that specify an interface polling period and other parameters The interface interface name statement is mandatory Other statements in the history group are optional Default Not configured Options history index Identifies this history entry as an integer Range 1 through 655535 Required Privilege Level snmp To view...

Page 3723: ...it snmp rmon history history index Release Information Statement introduced in Junos OS Release 9 0 for EX Series switches Description Specify the interface to be monitored in the specified RMON history entry Only one interface can be specified for a particular RMON history index There is a one to one relationship between the interface and the history index The interface must be specified in order...

Page 3724: ...to the configuration interval Syntax interval seconds Hierarchy Level edit snmp health monitor Release Information Statement introduced in Junos OS Release 8 0 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Interval between samples Options seconds Time between samples in seconds Range 1 through 2147483647 seconds Default 300 seconds Required Privilege Level snmp To...

Page 3725: ...Configuring the Interval location Syntax location location Hierarchy Level edit snmp Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Define the value of the MIB II sysLocation object which is the physical location of the managed system Options location Location of the local system You must enclose ...

Page 3726: ...tible with Junos OS Release 8 3 and later Description Specify a logical system name for SNMP v1 and v2c clients Options logical system name Name of the logical system routing instance routing instance name Statement to specify a routing instance associated with the logical system Required Privilege Level snmp To view this statement in the configuration snmp control To add this statement to the con...

Page 3727: ...vilege Level snmp To view this statement in the configuration snmp control To add this statement to the configuration Related Documentation Configuring the Message Processing Model name Syntax name name Hierarchy Level edit snmp Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Set the system name fr...

Page 3728: ...S Release 7 4 type inform option added in Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Select management targets for notifications as well as the type of notifications Notifications can be either traps or informs Options name Name assigned to the notification tag name Notifications are sent to all targets configured with this tag type Notific...

Page 3729: ... statement to the configuration Related Documentation Configuring the Trap Notification Filter oid on page 3635 notify filter Applying to the Management Target Syntax notify filter profile name Hierarchy Level edit snmp v3 target parameters target parameters name Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches...

Page 3730: ...evel edit snmp view view name Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Specify an object identifier OID used to represent a subtree of MIB objects Options exclude Exclude the subtree of MIB objects represented by the specified OID include Include the subtree of MIB objects represented by the...

Page 3731: ...ame Required Privilege Level snmp To view this statement in the configuration snmp control To add this statement to the configuration Related Documentation Configuring the Trap Notification Filter owner Syntax owner owner name Hierarchy Level edit snmp rmon history Release Information Statement introduced in Junos OS Release 9 0 for EX Series switches Description Specify the user or group responsi...

Page 3732: ... configuration Related Documentation Defining and Configuring the Trap Target Parameters port Syntax port port number Hierarchy Level edit snmp v3 target address target address name Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure a UDP port number for an SNMP target Default If you omit th...

Page 3733: ... next request get request walk request Hierarchy Level edit snmp rmon alarm index Release Information Statement introduced in Junos OS Release 8 3 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Extend monitoring to a specific SNMP object instance get request or extend monitoring to all object instances belonging to a MIB branch walk request or extend monitoring to ...

Page 3734: ...s value is zero no event is triggered Options index Index of the event entry that is used when a rising threshold is crossed Range 0 through 65 535 Default 0 Required Privilege Level snmp To view this statement in the configuration snmp control To add this statement to the configuration Related Documentation Configuring the Falling Event Index or Rising Event Index falling event index on page 3620...

Page 3735: ...ted A single event is also generated if the first sample after this entry becomes valid is greater than or equal to this threshold After a rising event is generated another rising event cannot be generated until the sampled value falls below this threshold and reaches the falling threshold Options percentage The lower threshold for the alarm entry Range 1 through 100 Default 80 percent of the maxi...

Page 3736: ... until the sampled value falls below this threshold and reaches the falling threshold Options integer The lower threshold for the alarm entry Range 2 147 483 648 through 2 147 483 647 Required Privilege Level snmp To view this statement in the configuration snmp control To add this statement to the configuration Related Documentation Configuring the Falling Threshold or Rising Threshold falling th...

Page 3737: ...a to meet common network monitoring requirements Each group is optional so that vendors do not need to support all the groups within the MIB Junos OS supports RMON Statistics History Alarm and Event groups The EX Series documentation describes only the rmon history statement which was added with this release The statements are explained separately Default Disabled Required Privilege Level snmp To ...

Page 3738: ...ets configured in the trap group use this routing instance If the routing instance is defined within a logical system include the logical system logical system name statementatthe editsnmpcommunitycommunity name hierarchy level and specify the routing instance statement under the edit snmp community community name logical system logical system name hierarchy level Options routing instance name Nam...

Page 3739: ...quired Privilege Level snmp To view this statement in the configuration snmp control To add this statement to the configuration Related Documentation Configuring the Trap Target Address sample type Syntax sample type absolute value delta value Hierarchy Level edit snmp rmon alarm index Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0...

Page 3740: ...e the security level to use when generating SNMP notifications Options authentication Provides authentication but no encryption none No authentication and no encryption privacy Provides authentication and encryption Default none Required Privilege Level snmp To view this statement in the configuration snmp control To add this statement to the configuration Related Documentation Configuring the Sec...

Page 3741: ...ge Level snmp To view this statement in the configuration snmp control To add this statement to the configuration Related Documentation Configuring the Security Level security model Access Privileges Syntax security model usm v1 v2c Hierarchy Level edit snmp v3 vacm access group group name default context prefix Release Information Statement introduced before Junos OS Release 7 4 Statement introdu...

Page 3742: ...guring the Security Model security model SNMP Notifications Syntax security model usm v1 v2c Hierarchy Level edit snmp v3 target parameters target parameters name parameters Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure a group s security model used with sending notifications Options us...

Page 3743: ...ty string with a configured security group Options security name Username configured at the edit snmp v3 usm local engine user username hierarchy level For SNMPv1 and SNMPv2c the security name is the community string configured at the edit snmp v3 snmp community community index hierarchy level Required Privilege Level snmp To view this statement in the configuration snmp control To add this statem...

Page 3744: ...level to a security name Options security name Name used when performing access control NOTE The security name must match the configured security name at the edit snmp v3 target parameters target parameters name parameters hierarchy level when you configure traps or informs Required Privilege Level snmp To view this statement in the configuration snmp control To add this statement to the configura...

Page 3745: ...ed Identifies the SNMP community used when generating the notification if the v1 or v2c security models are used NOTE The access privileges for the group associated with this security name must allow this notification to be sent If you are using the v1 or v2 security models the security name at the edit snmp v3 vacm security to group hierarchy level must match the security name at the edit snmp v3...

Page 3746: ... in the configuration snmp control To add this statement to the configuration Related Documentation Assigning Security Names to Groups snmp Syntax snmp Hierarchy Level edit Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure SNMP Required Privilege Level snmp To view this statement in the con...

Page 3747: ... snmp community community index community name community name security name security name tag tag name Hierarchy Level edit snmp v3 Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure the SNMP community Options community index Optional String that identifies an SNMP community The remaining st...

Page 3748: ...Source address of SNMP traps You can configure the source address of trap packets two ways lo0 or a valid IPv4 address configured on one of the router interfaces The value lo0 indicates that the source address of all SNMP trap packets is set to the lowest loopback address configured at interface lo0 Default disabled The source address is the address of the outgoing interface Required Privilege Lev...

Page 3749: ... either of the corresponding thresholds Default rising or falling alarm Required Privilege Level snmp To view this statement in the configuration snmp control To add this statement to the configuration Related Documentation Configuring the Sample Type syslog subtag Syntax syslog subtag syslog subtag Hierarchy Level edit snmp rmon alarm index Release Information Statement introduced in Junos OS Rel...

Page 3750: ...guring the SNMPv3 Trap Notification tag list Syntax tag list tag list Hierarchy Level edit snmp v3 target address target address name Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure an SNMP tag list used to select target addresses Options tag list Defines sets of target addresses To speci...

Page 3751: ...7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure a management application s address and parameters to be used in sending notifications Options target address name String that identifies the target address The remaining statements are explained separately Required Privilege Level snmp To view this statement in the configuration snmp control To add this s...

Page 3752: ... snmp control To add this statement to the configuration Related Documentation Defining and Configuring the Trap Target Parameters Applying Target Parameters targets Syntax targets address Hierarchy Level edit snmp trap group group name Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure one ...

Page 3753: ...e created in the var log directory when the traceoptions statement is used chassisd craftd ilmid mib2d rmopd serviced snmpd Options file filename By default the name of the log file that records trace output is the name of the process being traced for example mib2d or snmpd Use this option to specify another name files number Optional Maximum number of trace files per SNMP subagent When a trace fi...

Page 3754: ... Optional Refine the output to include lines that contain the regular expression size size Optional Maximum size in kilobytes KB of each trace file before it is closed and archived Range 10 KB through 1 GB Default 1000 KB world readable no world readable Optional By default log files can be accessed only by the user who configures the tracing operation The world readable option enables any user to...

Page 3755: ...ions The name of the trap group is embedded in SNMP trap notification packets as one variable binding varbind known as the community name At least one trap group must be configured for SNMP traps to be sent Options group name Name of the trap group If the name includes spaces enclose it in quotation marks The remaining statements are explained separately Required Privilege Level snmp To view this ...

Page 3756: ...t to the configuration Related Documentation Configuring Source and Agent Addresses for SNMP Traps type Syntax type inform trap Hierarchy Level edit snmp v3 notify name Release Information Statement introduced before Junos OS Release 7 4 inform option added in Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure the type of notification Opt...

Page 3757: ...d is crossed Options type Type of notification log Add an entry to logTable log and trap Send an SNMP trap and make a log entry none No notifications are sent snmptrap Send an SNMP trap Default log and trap Required Privilege Level snmp To view this statement in the configuration snmp control To add this statement to the configuration Related Documentation Configuring an Event Entry and Its Attrib...

Page 3758: ...ers target parameters name notify filter profile name parameters message processing model v1 v2c V3 security level authentication none privacy security model usm v1 v2c security name security name usm local engine user username authentication md5 authentication password authentication password authentication sha authentication password authentication password authentication none privacy aes128 pri...

Page 3759: ...acy none privacy password privacy password vacm access group group name default context prefix security model any usm v1 v2c security level authentication none privacy notify view view name read view view name write view view name security to group security model usm v1 v2c security name security name group group name Hierarchy Level edit snmp Release Information Statement introduced before Junos ...

Page 3760: ... security to group security model usm v1 v2c security name security name group group name Hierarchy Level edit snmp v3 Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure view based access control model VACM information The remaining statements are explained separately Required Privilege Leve...

Page 3761: ...guration snmp control To add this statement to the configuration Related Documentation Configuring the Variable version Syntax version all v1 v2 Hierarchy Level edit snmp trap group group name Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Specify the version number of SNMP traps Options all Send ...

Page 3762: ... define access To enable a view you must associate the view with a community by including the view statement at the edit snmp community community name hierarchy level NOTE To remove an OID completely use the delete view all oid oid number command but omit the include parameter Options view name Name of the view The remaining statement is explained separately Required Privilege Level snmp To view t...

Page 3763: ...entation Configuring the SNMP Community String write view Syntax write view view name Hierarchy Level edit snmp v3 vacm access group group name default context prefix security model any usm v1 v2c security level authentication none privacy Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Associate t...

Page 3764: ... but not the configuration of that group If you want to delete the RMON history group configuration you must use the deletesnmprmonhistory configuration mode command Options interface name Delete the samples of Ethernet statistics collected for this interface all Delete the samples of Ethernet statistics collected for all interfaces that have been configured for RMON monitoring Required Privilege ...

Page 3765: ...tatistics Input Packets 8 Bad versions 0 Bad community names 0 Bad community uses 0 ASN parse errors 0 Too bigs 0 No such names 0 Bad values 0 Read onlys 0 General errors 0 Total request varbinds 8 Total set varbinds 0 Get requests 0 Get nexts 8 Set requests 0 Get responses 0 Traps 0 Silent drops 0 Proxy drops 0 Output Packets 2298 Too bigs 0 No such names 0 Bad values 0 General errors 0 Get reque...

Page 3766: ...h names 0 Bad values 0 General errors 0 Get requests 0 Get nexts 0 Set requests 0 Get responses 0 Traps 0 Copyright 2010 Juniper Networks Inc 3670 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 3767: ...nstances and values dummy name A dummy trap name to display the list of available traps Question mark Question mark to display possible completions Required Privilege Level request List of Sample Output request snmp spoof trap with Variable Bindings on page 3671 request snmp spoof trap Illegal Trap Name on page 3671 request snmp spoof trap Question Mark on page 3675 request snmp spoof trap with Va...

Page 3768: ...smatch isisLSPTooLargeToPropagate isisManualAddressDrops isisMaxAreaAddressesMismatch isisOriginatingLSPBufferSizeMismatch isisOwnLSPPurge isisProtocolsSupportedMismatch isisRejectedAdjacency isisSequenceNumberSkip isisVersionSkew jnxAccessAuthServerDisabled jnxAccessAuthServerEnabled jnxAccessAuthServiceDown jnxAccessAuthServiceUp jnxBfdSessDetectionTimeHigh jnxBfdSessTxIntervalHigh jnxBgpM2Backw...

Page 3769: ...fgChange jnxLdpLspDown jnxLdpLspUp jnxLdpSesDown jnxLdpSesUp jnxMIMstCistPortLoopProtectStateChangeTrap jnxMIMstCistPortRootProtectStateChangeTrap jnxMIMstErrTrap jnxMIMstGenTrap jnxMIMstInvalidBpduRxdTrap jnxMIMstMstiPortLoopProtectStateChangeTrap jnxMIMstMstiPortRootProtectStateChangeTrap jnxMIMstNewRootTrap jnxMIMstProtocolMigrationTrap jnxMIMstRegionConfigChangeTrap jnxMIMstTopologyChgTrap jnx...

Page 3770: ...ChangeTrap jnxPowerSupplyFailure jnxPowerSupplyOK jnxRedundancySwitchover jnxRmonAlarmGetFailure jnxRmonGetOk jnxSecAccessIfMacLimitExceeded jnxSecAccessdsRateLimitCrossed jnxSonetAlarmCleared jnxSonetAlarmSet jnxSpSvcSetCpuExceeded jnxSpSvcSetCpuOk jnxSpSvcSetZoneEntered jnxSpSvcSetZoneExited jnxStormEventNotification jnxSyslogTrap jnxTemperatureOK jnxVccpPortDown jnxVccpPortUp jnxVpnIfDown jnxVp...

Page 3771: ...pethMainPowerUsageOffNotification pethMainPowerUsageOnNotification pethPsePortOnOffNotification pingProbeFailed pingTestCompleted pingTestFailed ptopoConfigChange risingAlarm rpMauJabberTrap sdlcLSStatusChange sdlcPortStatusChange topologyChange traceRoutePathChange traceRouteTestCompleted traceRouteTestFailed vrrpTrapAuthFailure vrrpTrapNewMaster warmStart request snmp spoof trap Question Mark us...

Page 3772: ...F apsEventModeMismatch apsEventPSBF apsEventSwitchover authenticationFailure bfdSessDown bfdSessUp bgpBackwardTransition bgpEstablished coldStart dlswTrapCircuitDown dlswTrapCircuitUp more 10 Copyright 2010 Juniper Networks Inc 3676 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 3773: ...ew List of Sample Output show snmp health monitor on page 3679 show snmp health monitor alarms detail on page 3681 Output Fields Table 488 on page 3677 describes the output fields for the show snmp health monitor command Output fields are listed in the approximate order in which they appear Table 488 show snmp health monitor Output Fields Level of Output Field Description Field Name All levels Ala...

Page 3774: ...esholds It can have the value of absolute value or delta value Sample type detail Alarm that might be sent when this entry is first activated depending on the following criteria Alarm is sent when one of the following situations exists Value of the alarm is above or equal to the rising threshold and the startup type is either rising alarm or rising or falling alarm Value of the alarm is below or e...

Page 3775: ...Buffer 9 1 0 0 35 active 32775 Health Monitor jkernel daemon CPU utilization Init daemon 0 active Chassis daemon 50 active Firewall daemon 0 active Interface daemon 5 active SNMP daemon 11 active MIB2 daemon 42 active Sonet APS daemon 0 active VRRP daemon 0 active Alarm daemon 3 active PFE daemon 0 active CRAFT daemon 0 active Traffic sampling control daemon 0 active Ilmi daemon 0 active Remote op...

Page 3776: ...ive CoS daemon 3044 active Pic Services Logging daemon 1944 active Internal Routing Service Daemon 1392 active Network Access Service daemon 1992 active Forwarding UDP daemon 1876 active Routing socket proxy daemon 1296 active Disk Monitoring daemon 1180 active Inet daemon 1296 active Syslog daemon 1180 active Adaptive Services PIC daemon 3220 active ECC parity errors logging Daemon 1100 active La...

Page 3777: ...Sample type absolute value Startup alarm rising alarm Owner Health Monitor config file system utilization Creator Health Monitor State active Sample interval 300 seconds Rising threshold 80 Falling threshold 70 Rising event index 32768 Falling event index 32768 Instance Value 0 Instance State active Alarm Index 32770 Variable name jnxOperatingCPU 9 1 0 0 Variable OID 1 3 6 1 4 1 2636 3 1 13 1 8 9 ...

Page 3778: ...tance Description Init daemon Instance Value 0 Instance State active Instance Name sysApplElmtRunCPU 3 2 2786 Instance Description Chassis daemon Instance Value 50 Instance State active Instance Name sysApplElmtRunCPU 3 3 2938 Instance Description Firewall daemon Instance Value 0 Instance State active Instance Name sysApplElmtRunCPU 3 4 2942 Instance Description Interface daemon Instance Value 5 I...

Page 3779: ...e Value 3 Instance State active Instance Name sysApplElmtRunCPU 3 15 2940 Instance Description PFE daemon Instance Value 0 Instance State active Instance Name sysApplElmtRunCPU 3 16 2788 Instance Description CRAFT daemon Instance Value 0 Instance State active Instance Name sysApplElmtRunCPU 3 17 2918 Instance Description Traffic sampling control daemon more 23 3683 Copyright 2010 Juniper Networks ...

Page 3780: ... target device Sent Number of informs held in memory pending a response from the target device Pending Number of informs discarded after the specified number of retransmissions to the target device were attempted Discarded Number of informs that did not receive an acknowledgement from the target device within the timeout specified Timeouts Connection failures that occurred for example when the tar...

Page 3781: ...brief or detailed information about RMON alarms or events events Optional Display information about RMON events logs Optional Display information about RMON monitoring logs Required Privilege Level view List of Sample Output show snmp rmon on page 3687 show snmp rmon alarms detail on page 3687 show snmp rmon events detail on page 3688 Output Fields Table 490 on page 3685 describes the output field...

Page 3782: ... and is not yet activated unknown State is not one of the above State All levels Name of the SNMP object instance being monitored Variable name All levels Event identifier Event Index detail Type of notification made when an event is triggered It can be one of the following log A system log message is generated and an entry is made to the log table snmptrap An SNMP trap is sent to the configured d...

Page 3783: ...er If the entry was created through the CLI the owner has monitor prepended to it Owner detail Mechanism by which the entry was configured CLI or SNMP Creator detail Time period between samples in seconds Sample interval detail Upper limit threshold value configured by the user Rising threshold detail Lower limit threshold value configured by the user Falling threshold detail Event triggered when ...

Page 3784: ...index 1 Falling event index 1 Current value 0 show snmp rmon events detail user host show snmp rmon events detail Event Index 1 Type log and trap Community boy elroy Last event 2002 01 30 01 13 01 PST Creator CLI State active Copyright 2010 Juniper Networks Inc 3688 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 3785: ...tory 1 sample 15 on page 3691 Output Fields Table 491 on page 3689 lists the output fields for the show smp rmon history command Output fields are listed in the approximate order in which they appear Table 491 show smp rmon history Output Fields Field Description Field Name Identifies this RMON history entry within the RMON history group History Index The entity that configured this entry Range is...

Page 3786: ...less than 64 octets in length excluding framing bits but including FCS octets and had either an FCS error or an alignment error Fragment frames normally increment because both runts which are normal occurrences caused by collisions and noise hits are counted Jabbers Number of frames that were longer than 1518 octets excluding framing bits but including FCS octets and had either an FCS error or an ...

Page 3787: ...Packet 0 Multicast Packets 2 CRC errors 0 Undersize Pkts 0 Oversize Pkts 0 Fragments 0 Jabbers 0 Collisions 0 Utilization 0 show snmp rmon history 1 sample 15 user host show snmp rmon history 1 sample 15 Index 1 Owner monitor Status valid Data Source ifIndex 17 Interval 1800 Buckets Requested 50 Buckets Granted 50 Sample Index 44 Interval Start Thu Jan 1 00 08 35 1970 Drop Events 0 Octetes 0 Packe...

Page 3788: ... version Bad community names snmpInBadCommunityNames Total number of messages delivered to the SNMP entity that used an SNMP community name not known to the entity Bad community uses snmpInBadCommunityUses Total number of messages delivered to the SNMP entity that represented an SNMP operation that was not allowed by the SNMP community named in the message ASN parse errors snmpInASNParseErrs Total...

Page 3789: ...nse PDUs that have been accepted and processed by the SNMP entity Traps snmpInTraps Total number of SNMP traps generated by the SNMP entity Silent drops snmpSilentDrops Total number of GetRequest GetNextRequest GetBulkRequest SetRequests and InformRequest PDUs delivered to the SNMP entity that were silently dropped because the size of a reply containing an alternate response PDU with an empty vari...

Page 3790: ...tedsecuritylevels usmStatsUnsupportedSecLevels Total number of packets received by the SNMP engine which were dropped because they requested a security level unknown to the SNMP engine or otherwise unavailable Not in time windows usmStatsNotInTimeWindows Total number of packets received by the SNMP engine that were dropped because they appeared outside of the authoritative SNMP engine s window Unk...

Page 3791: ...etRequest PDUs generated by the SNMP entity Get responses snmpOutGetResponses Total number of SNMP GetResponse PDUs generated by the SNMP entity Traps snmpOutTraps Total number of SNMP traps generated by the SNMP entity Output show snmp statistics user host show snmp statistics SNMP statistics Input show snmp statistics Packets 246213 Bad versions 12 Bad community names 12 Bad community uses 0 ASN...

Page 3792: ...Pv3 general information groups Optional Display SNMPv3 security to group information notify filter Optional Display SNMPv3 notify and optionally notify filter information target address parameters Optional Display SNMPv3 target and optionally either target address or target parameter information users Optional Display SNMPv3 user information AdditionalInformation To edit the default display of the...

Page 3793: ...niquely and unambiguously identifies the local SNMPv3 engine Engine boots Number of times the local SNMPv3 engine has rebooted or reinitialized since the engine ID was last changed Engine time Number of seconds since the local SNMPv3 engine was last rebooted or reinitialized Max msg size Maximum message size the sender can accommodate Engine ID SNMPv3 engine ID associated with each user User SNMPv...

Page 3794: ...64 User Auth Priv Storage Status UNEW md5 none nonvolatile active Group name Security Security Storage Status model name type g1 usm user1 nonvolatile active g2 usm user2 nonvolatile active g3 usm user3 nonvolatile active Access control Group Context Security Read Write Notify prefix model level view view view g1 usm privacy v1 v1 g2 usm authent v1 v1 g3 usm none v1 v1 Copyright 2010 Juniper Netwo...

Page 3795: ...rmance Monitoring RPM on page 3703 Verifying Real Time Performance Monitoring on page 3713 Operational Mode Commands for Real Time Performance Monitoring on page 3713 RPM Overview Understanding Real Time Performance Monitoring on EX Series Switches on page 3700 3699 Copyright 2010 Juniper Networks Inc ...

Page 3796: ...se the history of the most recent 50 probes to analyze trends in your network and predict future needs RPM provides MIB support with extensions for RFC 2925 Definitions of Managed Objects for Remote Ping Traceroute and Lookup Operations This topic includes RPM Packet Collection on page 3700 Tests and Probe Types on page 3700 Hardware Timestamps on page 3701 Limitations of RPM on EX Series Switches...

Page 3797: ...s for HTTP or TCP probes You can timestamp the following RPM probes to improve the measurement of latency or jitter ICMP ping ICMP ping timestamp UDP ping UDP ping timestamp You should configure the requester the RPM client with hardware timestamps see Figure 89 on page 3702 to get more meaningful results than you would get without the timestamps The responder the RPM server does not need to be co...

Page 3798: ...mumandmaximumround trip time NOTE See ConfiguringtheInterfaceforRPMTimestampingforClient Server on an EX Series Switch CLI Procedure on page 3711 for information on how to configure hardware timestamps on the requester The RPM feature provides a configuration option to set one way hardware timestamps Use one way timestamps when you want information about one way time rather than round trip times f...

Page 3799: ...tamps If the responder does not support hardware timestamps RPM can only report the round trip measurements and cannot calculate round trip jitter EX Series switches do not support hardware timestamps for HTTP and TCP probes Timestamps apply only to IPv4 traffic Related Documentation For further details about RPM see the Junos OS Services Interfaces Configuration Guide at http www juniper net tech...

Page 3800: ...overy using an SNMP client Use the history of the most recent 50 probes to analyze trends in your network and predict future needs Probes collect packets per destination and per application including PING Internet Control Message Protocol ICMP packets User Datagram Protocol and Transmission Control Protocol UDP TCP packets with user configured ports user configured Differentiated Services code poi...

Page 3801: ...wners in Probe Owners list to display the list of performance probe tests d Double click one of the performance probe tests to edit the test parameters 3 Enter the Maximum Number of Concurrent Probes and specify the Probe Servers 4 Click Apply to apply the RPM probe settings Table 494 RPM Probe Owner Concurrent Probes and Probe Servers Configuration Fields Your Action Function Field 1 Click Add an...

Page 3802: ... the IP address in dotted decimal notation or the URL of the probe target If the target is a URL type a fully formed URL that includes http Specifies the IP address or the URL of the probe target Target Address or URL Type the source address to be used for the probe If you do not supply this value the packet uses the outgoing interface s address as the probe source address Specifies the IP address...

Page 3803: ...Table 495 Performance Probe Tests Configuration Fields continued Your Action Function Field 3707 Copyright 2010 Juniper Networks Inc Chapter 130 Real Time Performance Monitoring RPM ...

Page 3804: ... 7 a standard TCP or UDP port number or a port number from 49160 through 65535 Specifies the TCP or UDP port to which probes are sent To use TCP or UDP probes you must configure the remote server as a probe receiver Both the probe server and the remote server must be Juniper Networks network devices configured to receive and transmit RPM probes on the same TCP or UDP port Destination Port Type a v...

Page 3805: ...re and generates a system log message Jitter Type a number from 0 through 60000000 Sets the maximum allowable standard deviation in microseconds if exceeded triggers a probe failure and generates a system log message Standard Deviation Type a number from 0 through 60000000 Sets the one way time in microseconds from the switch to the remote server if exceeded triggers a probe failure and generates ...

Page 3806: ...d To enable SNMP traps for this condition select the check box To disable SNMP traps clear the check box Generates SNMP traps when the threshold for maximum outbound time is exceeded Egress Time Exceeded To enable SNMP traps for this condition select the check box To disable SNMP traps clear the check box Generates SNMP traps when the threshold for jitter in inbound time is exceeded Ingress Jitter...

Page 3807: ...or the total number of lost probes is exceeded Test Failure Related Documentation Configuring SNMP J Web Procedure on page 3603 Viewing Real Time Performance Monitoring Information on page 3713 Configuring the Interface for RPM Timestamping for Client Server on an EX Series Switch CLI Procedure Use real time performance monitoring RPM to configure active probes to track and monitor traffic across ...

Page 3808: ...t between sending packets edit services rpm probe owner test test name user switch set probe interval interval 7 Specify the time in seconds to wait between tests edit services rpm probe owner test test name user switch set test interval interval 8 Specify the source IP address to be used for probes If the source IP address is not one of the switch s assigned addresses the packet uses the outgoing...

Page 3809: ...on Real time performance monitoring RPM on EX Series switches enables you to configure and send probes to a specified target and monitor the analyzed results to determine packet loss round trip time and jitter The J Web interface provides a graphical view of RPM information for EX Series switches To view the RPM information using the J Web interface 1 Select Troubleshoot RPM View RPM 2 Select the ...

Page 3810: ...vers command Output fields are listed in the approximate order in which they appear Table 496 show services rpm active servers Output Fields Field Description Field Name Protocol configured on the receiving probe server The protocol can be the User Datagram Protocol UDP or the Transmission Control Protocol TCP Protocol Port configured on the receiving probe server Port Output interface name for th...

Page 3811: ...el view List of Sample Output show services rpm history results on page 3716 show services rpm history results detail on page 3717 Output Fields Table 497 on page 3715 lists the output fields for the show services rpm history results command Output fields are listed in the approximate order in which they appear Table 497 show services rpm history results Output Fields Level of Output Field Descrip...

Page 3812: ...conds measured over the course of the current test Measurement show services rpm history results user host show services rpm history results Owner Test Probe received Round trip time flintstone 0 Tue Dec 28 15 56 22 2004 158 usec show services rpm history results flintstone 0 Tue Dec 28 15 56 23 2004 218 usec flintstone 0 Tue Dec 28 15 56 24 2004 161 usec flintstone 0 Tue Dec 28 15 56 25 2004 184 ...

Page 3813: ...ent Round trip time Minimum 141 usec Maximum 217 usec Average 179 usec Jitter 76 usec Stddev 38 usec Owner flintstone Test 0 Probe results Response received Tue Dec 28 15 56 41 2004 Rtt 230 usec Results over current test Probes sent 3 Probes received 3 Loss percentage 0 Measurement Round trip time Minimum 141 usec Maximum 230 usec Average 196 usec Jitter 89 usec Stddev 39 usec Owner flintstone Tes...

Page 3814: ...ow services rpm probe results Output Fields Field Description Field Name Owner name When you configure the probe owner statement at the edit services rpm hierarchy level this field displays the configured owner name When you configure BGP neighbor discovery through RPM the output for this field is Rpm Bgp Owner Owner Name of a test representing a collection of probes When you configure the test te...

Page 3815: ...e logical system followed by default A slash is used to separate the two entities For example LS default RoutingInstanceName Raw measurement of a particular probe sample done by a remote host This data is provided separately from the calculated results The following information is contained in the raw measurement Response received Timestamp when the probe result was determined Client and server ha...

Page 3816: ... to peak difference in microseconds Stddev Standard deviation in microseconds Sum Statistical sum Results over current test Results for the most recently completed test If the command is issued while the first test is in progress this information is not displayed Probes sent Number of probes sent for the most recently completed test Probes received Number of probe responses received for the most r...

Page 3817: ...es rpm probe results show services rpm probe results user host show services rpm probe results Owner ADSN J4300 ADSN J2300 D2 Test 75300002 Target address 172 16 54 172 Source address 10 206 0 1 Probe type udp ping timestamp Test size 10 probes Probe results Response received Tue Feb 6 14 53 15 2007 Client and server hardware timestamps Rtt 575 usec Egress jitter 5 usec Ingress jitter 8 usec Round...

Page 3818: ...2049 usec Stddev 679 usec Sum xxxx usec Measurement Negative Egress jitter Samples 5 Minimum 5 usec Maximum 1812 usec Average 926 usec Peak to peak 1807 usec Stddev 665 usec Sum xxxx usec Measurement Ingress time Samples 10 Minimum 805 usec Maximum 2859 usec Average 1644 usec Peak to peak 2054 usec Stddev 738 usec Sum xxxx usec Measurement Positive Ingress jitter Samples 5 Minimum 5 usec Maximum 2...

Page 3819: ...services rpm probe results BGP Neighbor Discovery user host show services rpm probe results Owner Rpm Bgp Owner Test Rpm Bgp Test 1 Target address 10 209 152 37 Probe type icmp ping Test size 5 probes Routing Instance Name LS1 RI1 Probe results Response received Fri Oct 28 05 20 23 2005 Rtt 662 usec Results over current test Probes sent 5 Probes received 5 Loss percentage 0 Measurement Round trip ...

Page 3820: ...Copyright 2010 Juniper Networks Inc 3724 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 3821: ... The standard defines OAM link fault management LFM You can configure IEEE 802 3ah OAM LFM on point to point Ethernet links that are connected either directly or through Ethernet repeaters The IEEE 802 3ah standard meets the requirement for OAM capabilities even as Ethernet moves from being solely an enterprise technology to a WAN and access technology and the standard remains backward compatible ...

Page 3822: ...U to notify the remote OAM device when a problem is detected You can specify the action to be taken by the system when the configured link fault event occurs Remote Loopback Mode Remote loopback mode ensures link quality between the switch and a remote peer during installation or troubleshooting In this mode when the interface receives a frame that is not an OAM PDU or a pause frame it sends it ba...

Page 3823: ...es allows the Ethernet interfaces on these switches to support the IEEE 802 3ah standard for the Operation Administration and Maintenance OAM of Ethernet in access networks The standard defines OAM link fault management LFM You can configure IEEE 802 3ah OAM LFM on point to point Ethernet links that are connected either directly or through Ethernet repeaters This example uses two EX4200 switches c...

Page 3824: ...oam ethernet link fault management interface ge 0 0 0 pdu interval 800 link discovery active remote loopback Configuring Ethernet OAM Link Fault Management on Switch 2 CLI Quick Configuration To quickly configure Ethernet OAM LFM on switch 2 copy the following commands and paste them into the switch terminal window edit protocols oam ethernet link fault management set interface ge 0 0 1 set interf...

Page 3825: ...emote loopback mode supported Link events supported Variable requests unsupported Meaning When the output displays the MAC address and the discover state is Send Any it means that OAM LFM has been configured properly Related Documentation Configuring Ethernet OAM Link Fault Management CLI Procedure on page 3729 Understanding Ethernet OAM Link Fault Management for an EX Series Switch on page 3725 C...

Page 3826: ...re event threshold values on an interface for the local errors that trigger the sending of link event TLVs Set the threshold value in seconds for sending frame error events or taking the action specified in the action profile edit protocols oam ethernet link fault management user switch set interface interface name event thresholds frame error count Set the threshold value in seconds for sending f...

Page 3827: ...ile name event link adjacency loss NOTE For each action profile you must specify at least one link event and one action The actions are taken only when all of the events in the action profile are true If more than one action is specified all actions are executed You can set a low threshold for a specific action such as logging the error and set a high threshold for another action such as system lo...

Page 3828: ...d seconds reauthentication interval seconds retries number server fail deny permit use cache vlan id vlan name server reject vlan vlan id vlan name server timeout seconds supplicant multiple single single secure supplicant timeout seconds transmit period seconds static mac address interface interface name vlan assignment vlan id vlan name gvrp enable disable interface all interface name disable jo...

Page 3829: ...conds hold multiplier number interface all interface name disable lldp configuration notification interval seconds management address ip management address ptopo configuration maximum hold time seconds ptopo configuration trap interval seconds traceoptions file filename files number size size world readable no world readable match regex flag flag detail disable receive send lldp med disable fast s...

Page 3830: ...timeout action block alarm cost cost edge mode mode no root port priority priority max age seconds max hops hops msti msti id vlan vlan id vlan name interface interface name disable cost cost edge mode mode priority priority revision level revision level traceoptions file filename files number size size no stamp world readable no world readable flag flag mvrp disable interface all interface name d...

Page 3831: ...ntenance domain domain name level number mip half function none default explicit name format character string none dns mac 2oct maintenance association ma name continuity check hold interval minutes interval 10m 10s 1m 1s 100ms loss threshold number mep mep id auto discovery direction down interface interface name remote mep mep id action profile profile name link fault management action profile p...

Page 3832: ...able bpdu block on edge bridge priority priority forward delay seconds hello time seconds interface all interface name disable bpdu timeout action block alarm cost cost edge mode mode no root port priority priority max age seconds traceoptions file filename files number size size no stamp world readable no world readable flag flag sflow agent id collector ip address udp port port number disable in...

Page 3833: ...ilename files number size size no stamp world readable no world readable flag flag vstp bpdu block on edge disable force version stp vlan all vlan id vlan name bridge priority priority forward delay seconds hello time seconds interface all interface name bpdu timeout action alarm block cost cost disable edge mode mode no root port priority priority max age seconds traceoptions file filename files ...

Page 3834: ...es Switches on page 1521 Understanding Multiple VLAN Registration Protocol MVRP on EX Series Switches on page 1296 Understanding Ethernet OAM Connectivity Fault Management for an EX Series Switch on page 3763 Understanding Ethernet OAM Link Fault Management for an EX Series Switch on page 3725 Understanding RSTP for EX Series Switches on page 1520 Understanding STP for EX Series Switches on page 1...

Page 3835: ...e taken when the OAM link fault management LFM fault event occurs The remaining statements are explained separately Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation Configuring Ethernet OAM Link Fault Management CLI Procedure on page 3729 3739 Copyright 2010 Juniper Networks Inc Chapter...

Page 3836: ...ription Configure an Ethernet OAM link fault management LFM action profile by specifying a profile name The remaining statements are explained separately Options profile name Name of the action profile Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation Configuring Ethernet OAM Link Fault ...

Page 3837: ...k in Ethernet OAM link fault management LFM on all Ethernet interfaces or the specified interface on the EX Series switch Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation Example Configuring Ethernet OAM Link Fault Management on EX Series Switches on page 3727 Configuring Ethernet OAM L...

Page 3838: ...1s 100ms loss threshold number mep mep id auto discovery direction down interface interface name remote mep mep id action profile profile name link fault management action profile profile name action syslog link down event link adjacency loss link event rate frame error count frame period count frame period summary count symbol period count interface interface name link discovery active passive pd...

Page 3839: ...ement CFM for IEEE 802 1ag Operation Administration and Management OAM support on the switches The remaining statements are explained separately Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation Example Configuring Ethernet OAM Link Fault Management on EX Series Switches on page 3727 Exa...

Page 3840: ...et OAM Link Fault Management CLI Procedure on page 3729 event thresholds Syntax event thresholds frame error count frame period count frame period summary count symbol period count Hierarchy Level edit protocols oam ethernet link fault management interface interface name Release Information Statement introduced in Junos OS Release 9 4 for EX Series switches Description Configure threshold limit va...

Page 3841: ...n Configuring Ethernet OAM Link Fault Management CLI Procedure on page 3729 frame period Syntax frame period count Hierarchy Level edit protocols oam ethernet link fault management event link event rate edit protocols oam ethernet link fault management interface interface name event thresholds Release Information Statement introduced in Junos OS Release 9 4 for EX Series switches Description Confi...

Page 3842: ...red frame second is any 1 second period that has at least one errored frame This event is generated if the number of errored frame seconds is equal to or greater than the specified threshold for that period Options count Threshold count in seconds for frame period summary error events Range 1 through 100 seconds Required Privilege Level interface To view this statement in the configuration interfa...

Page 3843: ... Configure Ethernet OAM link fault management LFM for all interfaces or for specific interfaces The remaining statements are explained separately Options interface name Name of the interface to be enabled for IEEE 802 3ah OAM link fault management LFM support Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration ...

Page 3844: ...erface interface name Release Information Statement introduced in Junos OS Release 9 4 for EX Series switches Description Specify the discovery mode used for IEEE 802 3ah Operation Administration and Maintenance OAM link fault management LFM support The discovery process is triggered automatically when OAM 802 3ah functionality is enabled on an interface Link monitoring is done when the interface ...

Page 3845: ...k event rate frame error count frame period count frame period summary count symbol period count Hierarchy Level edit protocols oam ethernet link fault management action profile event Release Information Statement introduced in Junos OS Release 9 4 for EX Series switches Description Configure the number of link fault management LFM events per second The remaining statements are explained separatel...

Page 3846: ...y Level edit protocols oam ethernet Release Information Statement introduced in Junos OS Release 9 4 for EX Series switches Description Configure Ethernet OAM link fault management LFM for all interfaces or for specific interfaces The remaining statements are explained separately Required Privilege Level interface To view this statement in the configuration interface control To add this statement ...

Page 3847: ...l To add this statement to the configuration Related Documentation Configuring Ethernet OAM Link Fault Management CLI Procedure on page 3729 no allow link events Syntax no allow link events Hierarchy Level edit protocols oam ethernet link fault management interface interface name negotiation options Release Information Statement introduced in Junos OS Release 9 4 for EX Series switches Description...

Page 3848: ... 10s 1m 1s 100ms loss threshold number mep mep id auto discovery direction down interface interface name remote mep mep id action profile profile name link fault management action profile profile name action syslog link down event link adjacency loss link event rate frame error count frame period count frame period summary count symbol period count interface interface name link discovery active pa...

Page 3849: ...ctivity fault management CFM for IEEE 802 1ag Operation Administration and Management OAM support on the switches The remaining statements are explained separately Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation Example Configuring Ethernet OAM Link Fault Management on EX Series Switch...

Page 3850: ...727 Configuring Ethernet OAM Link Fault Management CLI Procedure on page 3729 pdu threshold Syntax pdu threshold threshold value Hierarchy Level edit protocols oam ethernet link fault management interface interface name Release Information Statement introduced in Junos OS Release 9 4 for EX Series switches Description Configure how many protocol data units PDUs are missed before declaring the peer...

Page 3851: ...it protocols oam ethernet link fault management action profile profile name event link event rate edit protocols oam ethernet link fault management interface interface name event thresholds Release Information Statement introduced in Junos OS Release 9 4 for EX Series switches Description Configure the threshold for sending symbol period events or taking the action specified in the action profile ...

Page 3852: ...istration and Maintenance OAM link fault management LFM event Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation Configuring Ethernet OAM Link Fault Management CLI Procedure on page 3729 Operational Mode Commands for Ethernet OAM Link Fault Management Copyright 2010 Juniper Networks Inc 3...

Page 3853: ...ult Management CLI Procedure on page 3729 List of Sample Output show oam ethernet link fault management brief on page 3761 show oam ethernet link fault management detail on page 3761 Output Fields Table 499 on page 3757 lists the output fields for the show oam ethernet link fault management command Output fields are listed in the approximate order in which they appear Table 499 show oam ethernet l...

Page 3854: ...n the OAM session Remote loopback status All levels Remote entity information Remote MUX action Indicates the state of the multiplexer functions of the OAM sublayer Device is forwarding non OAM PDUs to the lower sublayer or discarding non OAM PDUs Remote parser action Indicates the state of the parser function of the OAM sublayer Device is forwarding non OAM PDUs to higher sublayer looping back no...

Page 3855: ...ror event window in the received PDU The protocol default value is the number of symbols that can be received in one second on the underlying physical layer Window detail The number of errored symbols in the period required for the event to be generated Threshold detail The number of symbol errors in the period reported in the received event PDU Errors in period detail The number of errored symbol...

Page 3856: ...e been transmitted after the OAM sublayer was reset Events detail The symbol error event window in the transmitted PDU Window detail The number of errored symbols in the period required for the event to be generated Threshold detail The number of symbol errors in the period reported in the transmitted event PDU Errors in period detail The number of errored symbols reported in event TLVs that have ...

Page 3857: ...nt 0 Variable request 0 Variable response 0 Loopback control 0 Organization specific 0 OAM transmit statistics Information 186347 Event 0 Variable request 0 Variable response 0 Loopback control 0 Organization specific 0 OAM received symbol error event information Events 0 Window 0 Threshold 0 Errors in period 0 Total errors 0 OAM received frame error event information Events 0 Window 0 Threshold 0...

Page 3858: ...Copyright 2010 Juniper Networks Inc 3762 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 3859: ... the IEEE 802 1ag standard for Operation Administration and Management OAM The IEEE 802 1ag specification provides for Ethernet connectivity fault management CFM CFM monitors Ethernet networks that might comprise one or more service instances for network compromising connectivity faults The major features of CFM are Fault monitoring using the continuity check protocol This is a neighbor discovery ...

Page 3860: ... various maintenance domains The level is embedded in each CFM frame CFM messages within a given level are processed by MEPs at that same level To enable CFM on an Ethernet interface you must configure maintenance domains maintenance associations and maintenance association end points MEPs Figure 90 on page 3764 shows the relationships among maintenance domains maintenance association end points M...

Page 3861: ... the physical link between two switches In the following example two switches are connected by a point to point Gigabit Ethernet link The link between these two switches is monitored using CFM Configuring Ethernet OAM Connectivity Fault Management on Switch 1 CLI Quick Configuration To quickly configure Ethernet OAM CFM copy the following commands and paste them into the switch terminal window edi...

Page 3862: ...private level 0 maintenance association private ma continuity check interval 1s mep 100 interface ge 1 0 1 auto discovery direction down Configuring Ethernet OAM Connectivity Fault Management on Switch 2 CLI Quick Configuration To quickly configure Ethernet OAM CFM copy the following commands and paste them into the switch terminal window edit protocols oam ethernet connectivity fault management m...

Page 3863: ...ciation private ma user switch2 set mep 100 interface ge 0 2 5 auto discovery direction down Results Check the results of the configuration edit user switch2 show protocols oam ethernet connectivity fault management maintenance domain private level 0 maintenance association private ma continuity check interval 1s mep 100 interface ge 0 2 5 auto discovery direction down Verification To confirm that...

Page 3864: ...d and displays details of the remote MEP it means that connectivity fault management CFM has been configured properly Related Documentation Understanding Ethernet OAM Connectivity Fault Management for an EX Series Switch on page 3763 Junos OS Network Interfaces Configuration Guide at http www juniper net techpubs software junos index html Configuring Ethernet OAM Connectivity Fault Management Conf...

Page 3865: ... 65 535 none edit protocols oam ethernet connectivity fault management maintenance domain domain name user switch set name format format For example to specify the name format as MAC address plus a two octet identifier edit protocols oam ethernet connectivity fault management maintenance domain domain name user switch set name format mac 2oct 3 Configure the maintenance domain level which is used ...

Page 3866: ...nance domain domain name maintenance association ma name user switch set continuity check 2 Specify the continuity check hold interval The hold interval is the number of minutes to wait before flushing the MEP database if no updates occur The default value is 10 minutes edit protocols oam ethernet connectivity fault management maintenance domain domain name maintenance association ma name continui...

Page 3867: ... be either an access interface or a trunk interface If you specify a trunk interface the VLAN associated with that interface must have a VLAN ID NOTE You cannot associate an access interface that belongs to multiple VLANs with the MEP edit protocols oam ethernet connectivity fault management maintenance domain domain name maintenance association ma name mep mep id user switch set interface interfa...

Page 3868: ... a MIP under the same maintenance domain To configure the linktrace protocol 1 Configure the linktrace path age timer If no response to a linktrace request is received the request and response entries are deleted after the age timer expires edit protocols oam ethernet connectivity fault management user switch set linktrace age time 2 Configure the number of linktrace reply entries to be stored per...

Page 3869: ...lan name server timeout seconds supplicant multiple single single secure supplicant timeout seconds transmit period seconds static mac address interface interface name vlan assignment vlan id vlan name gvrp enable disable interface all interface name disable join timer millseconds leave timer milliseconds leaveall timer milliseconds igmp snooping traceoptions file filename files number size size w...

Page 3870: ...notification interval seconds management address ip management address ptopo configuration maximum hold time seconds ptopo configuration trap interval seconds traceoptions file filename files number size size world readable no world readable match regex flag flag detail disable receive send lldp med disable fast start number interface all interface name disable location elin number civic based wha...

Page 3871: ...hops msti msti id vlan vlan id vlan name interface interface name disable cost cost edge mode mode priority priority revision level revision level traceoptions file filename files number size size no stamp world readable no world readable flag flag mvrp disable interface all interface name disable join timer milliseconds leave timer milliseconds leaveall timer milliseconds registration forbidden n...

Page 3872: ...s 100ms loss threshold number mep mep id auto discovery direction down interface interface name remote mep mep id action profile profile name link fault management action profile profile name action syslog link down event link adjacency loss link event rate frame error count frame period count frame period summary count symbol period count interface interface name link discovery active passive pdu...

Page 3873: ...ut action block alarm cost cost edge mode mode no root port priority priority max age seconds traceoptions file filename files number size size no stamp world readable no world readable flag flag sflow agent id collector ip address udp port port number disable interfaces interface name disable polling interval seconds sample rate number polling interval seconds sample rate number source ip stp 377...

Page 3874: ...lan name bridge priority priority forward delay seconds hello time seconds interface all interface name bpdu timeout action alarm block cost cost disable edge mode mode no root port priority priority max age seconds traceoptions file filename files number size size no stamp world readable no world readable flag flag Related Documentation 802 1X for EX Series Switches Overview on page 2531 Example ...

Page 3875: ...n Protocol MVRP on EX Series Switches on page 1296 Understanding Ethernet OAM Connectivity Fault Management for an EX Series Switch on page 3763 Understanding Ethernet OAM Link Fault Management for an EX Series Switch on page 3725 Understanding RSTP for EX Series Switches on page 1520 Understanding STP for EX Series Switches on page 1519 Understanding How to Use sFlow Technology for Network Monito...

Page 3876: ...cedure onpage3768 Junos OS Network Interfaces Configuration Guide at http www juniper net techpubs software junos index html age EX Series Switch Only Syntax age 30m 10m 1m 30s 10s Hierarchy Level edit protocols oam ethernet connectivity fault management linktrace Release Information Statement introduced in Junos OS Release 10 2 for EX Series switches Description Configure the time to wait in minu...

Page 3877: ...Enable the MEP to accept continuity check messages from all remote MEPs Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation ConfiguringEthernetOAMConnectivityFaultManagement CLIProcedure onpage3768 Junos OS Network Interfaces Configuration Guide at http www juniper net techpubs software ju...

Page 3878: ...le name Hierarchy Level edit protocols oam ethernet Release Information Statement introduced in Junos OS Release 10 2 for EX Series switches Description Configure connectivity fault management for IEEE 802 1ag Operation Administration and Management OAM support The remaining statements are explained separately Required Privilege Level interface To view this statement in the configuration interface...

Page 3879: ...Syntax direction down Hierarchy Level edit protocols oam ethernet connectivity fault management maintenance domain domain name maintenance association ma name mep mep id Release Information Statement introduced in Junos OS Release 10 2 for EX Series switches Description Specify that connectivity fault management CFM packets CCMs be transmitted only in one direction for the MEP that is the directio...

Page 3880: ...ic port unit number fpc pic port unit number vlan vlan id Hierarchy Level edit protocols oam ethernet connectivity fault management maintenance domain domain name maintenance association ma name mep mep id Release Information Statement introduced in Junos OS Release 10 2 for EX Series switches Description Configure IEEE 802 1ag Operation Administration and Management OAM Connectivity Fault Managem...

Page 3881: ...ity check messages Options 10m 10 minutes 10s 10 seconds 1m 1 minute 1s 1 second 100ms 100 milliseconds 10ms 10 milliseconds Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation ConfiguringEthernetOAMConnectivityFaultManagement CLIProcedure onpage3768 Junos OS Network Interfaces Configurati...

Page 3882: ...on Guide at http www juniper net techpubs software junos index html linktrace EX Series Switch Only Syntax linktrace age 30m 10m 1m 30s 10s path database size path database size Hierarchy Level edit protocols oam ethernet connectivity fault management Release Information Statement introduced in Junos OS Release 10 2 for EX Series switches Description Configure connectivity fault management linktra...

Page 3883: ...st before the remote MEP is marked as down Options number Number of continuity check messages that can be lost before the remote MEP is marked down Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation ConfiguringEthernetOAMConnectivityFaultManagement CLIProcedure onpage3768 Junos OS Network...

Page 3884: ...cription Configure the name of the maintenance association in IEEE compliant format Options ma name The name of the maintenance association within the maintenance domain The remaining statements are explained separately Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation ConfiguringEtherne...

Page 3885: ...mation Statement introduced in Junos OS Release 10 2 for EX Series switches Description Configure the name of the maintenance domain in IEEE compliant format Options domain name The name for the maintenance domain The remaining statements are explained separately Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configurat...

Page 3886: ...ociation end point MEP within the maintenance association Options mep id Numeric identifier of the MEP Range 1 through 8191 The remaining statements are explained separately Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation ConfiguringEthernetOAMConnectivityFaultManagement CLIProcedure o...

Page 3887: ...omains and maintenance associations must be the same Options none Specify to not use the mip half function default Specify to use the default mip half function explicit Specify an explicit mip half function Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation ConfiguringEthernetOAMConnectiv...

Page 3888: ...nectivityFaultManagement CLIProcedure onpage3768 Junos OS Network Interfaces Configuration Guide at http www juniper net techpubs software junos index html path database size EX Series Switch Only Syntax path database size path database size Hierarchy Level edit protocols oam ethernet connectivity fault management linktrace Release Information Statement introduced in Junos OS Release 10 2 for EX S...

Page 3889: ...ociation Options mep id Specify the numeric identifier of the MEP Range 1 through 8191 The remaining statement is explained separately Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation ConfiguringEthernetOAMConnectivityFaultManagement CLIProcedure onpage3768 Junos OS Network Interfaces C...

Page 3890: ...ear Related Documentation show oam ethernet connectivity fault management interfaces on page 3799 show oam ethernet connectivity fault management linktrace path database on page 3805 show oam ethernet connectivity fault management mip on page 3812 List of Sample Output clear oam ethernet connectivity fault management statistics on page 3794 Output Fields When you enter this command you are provide...

Page 3891: ...mple Output show oam ethernet connectivity fault management forwarding state on page 3796 showoamethernetconnectivity fault managementforwarding stateinterfaceonpage3796 show oam ethernet connectivity fault management forwarding state interface detail on page 3797 show oam ethernet connectivity fault management forwarding state interface interface name on page 3797 Output Fields Table 500 on page ...

Page 3892: ...6 Drop none 7 Drop none show oam ethernet connectivity fault management forwarding state interface user host show oam ethernet connectivity fault management forwarding state interface Interface name ge 3 0 0 0 Maintenance domain forwarding state Level Direction Filter action Nexthop Nexthop type index 0 Drop none 1 Drop none 2 Drop none 3 Drop none 4 Drop none 5 Drop none 6 Drop none 7 down Receiv...

Page 3893: ...Filter action Drop Nexthop type none Level 7 Direction down Filter action Receive Nexthop type none Interface name xe 0 0 0 0 Level 0 Filter action Drop Nexthop type none Level 1 Filter action Drop Nexthop type none show oam ethernet connectivity fault management forwarding state interface interface name user host show oam ethernet connectivity fault management forwarding state interface interface...

Page 3894: ...4 Drop none 5 Drop none 6 Drop none 7 down Receive none Copyright 2010 Juniper Networks Inc 3798 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 3895: ...t management linktrace path database on page 3805 show oam ethernet connectivity fault management mip on page 3812 List of Sample Output show oam ethernet connectivity fault management interfaces on page 3802 show oam ethernet connectivity fault management interfaces detail on page 3802 show oam ethernet connectivity fault management interfacesextensive on page 3803 show oam ethernet connectivity ...

Page 3896: ...EP neighbors Neighbours detail extensive MEP direction configured Direction detail extensive MAC address configured for the MEP MAC address detail extensive Indicates the status of the Connectivity Fault Management CFM protocol running on the MEP Running inactive disabled or unsupported MEP status detail extensive Whether the remote MEP is not receiving connectivity check messages CCMs Remote MEP ...

Page 3897: ...ve Linktrace responses received LTRs received detail extensive Sequence number of next LTM request to be transmitted Sequence number of next LTM request detail extensive If the interface is attached to an initiator MEP for a one way ETH DM session Number of one way delay measurement 1DM PDU frames sent to the peer MEP in this session For all other cases this field displays 0 1DMs sent detail exten...

Page 3898: ...tensive Interface of the remote MEP Interface remote MEP show oam ethernet connectivity fault management interfaces user host show oam ethernet connectivity fault management interfaces Interface Link Status Level MEP Neighbours Identifier ge 1 1 0 0 Up Active 0 2 1 ge 1 1 0 1 Up Active 0 2 1 show oam ethernet connectivity fault management interfaces ge 1 1 0 10 Up Active 0 2 1 ge 1 1 0 100 Up Acti...

Page 3899: ...show oam ethernet connectivity fault management interfaces extensive Interface name ge 5 2 9 0 Interface status Active Link status Up Maintenance domain name md0 Format string Level 5 Maintenance association name ma1 Format string Continuity check status enabled Interval 100ms Loss threshold 3 frames MEP identifier 1 Direction down MAC address 00 90 69 0b 4b 94 MEP status running Defects Remote ME...

Page 3900: ... MEP Neighbours Identifier ge 4 0 1 0 vlan 100 Up Active 5 100 0 ge 10 3 10 4091 vlan 4091 Down Inactive 4 400 0 ge 4 0 0 0 Up Active 6 200 0 user host show oam ethernet connectivity fault management interfaces ge 4 0 0 0 Interface Link Status Level MEP Neighbours Identifier ge 4 0 0 0 Up Active 6 200 0 user host show oam ethernet connectivity fault management interfaces ge 4 0 1 0 vlan 100 Interf...

Page 3901: ...w oam ethernet connectivity fault management interfaces on page 3799 show oam ethernet connectivity fault management mip on page 3812 List of Sample Output show oam ethernet connectivity fault management path database on page 3806 show oam ethernet connectivity fault management linktrace path database Two traceroute Commands on page 3806 Output Fields Table 502 on page 3805 lists the output fields...

Page 3902: ...intenance Domain MD1 Level 7 Maintenance Association MA1 Local Mep 1 show oam ethernet connectivity fault management path database Hop TTL Source MAC address Next hop MAC address Transaction Identifier 100001 1 63 00 00 aa aa aa aa 00 00 bb bb bb bb 2 62 00 00 bb bb bb bb 00 00 cc cc cc cc 3 61 00 00 cc cc cc cc 00 01 02 03 04 05 4 60 00 01 02 03 04 05 00 00 00 00 00 00 show oam ethernet connectiv...

Page 3903: ...ptional Display connectivity fault management information for the specified remote MEP only Required Privilege Level view Related Documentation clear oam ethernet connectivity fault management statistics on page 3794 show oam ethernet connectivity fault management interfaces on page 3799 show oam ethernet connectivity fault management mip on page 3812 List of Sample Output show oam ethernet connec...

Page 3904: ...discovery is enabled or disabled Auto discovery Priority used for CCMs and linktrace messages transmitted by the MEP Priority Interface identifier Interface name Local interface status Interface status Local link status Link status Whether the remote MEP is not receiving CCMs Remote MEP not receiving CCM Whether erroneous CCMs have been received Erroneous CCM received Whether cross connect CCMs ha...

Page 3905: ...equest to be transmitted Sequence number of next LTM request If the MEP is an initiator for a one way ETH DM session Number of one way delay measurement 1DM PDU frames sent to the peer MEP in this session For all other cases this field displays 0 1DMs sent If the MEP is a receiver for a one way ETH DM session Number of valid 1DM frames received For all other cases this field displays 0 Valid 1DMs ...

Page 3906: ...ce domain section displays the last transmitted port status TLV value In the Remote MEP section displays the last value of port status TLV received from the remote MEP In the Action profile section displays the last occurred event port status tlv blocked event This event occurred due to the reception of blocked value in the port status TLV from remote MEP Port status TLV In the Maintenance domain ...

Page 3907: ...nuity check status enabled Interval 100ms Loss threshold 3 frames MEP identifier 200 Direction up MAC address 00 19 e2 b0 74 01 Auto discovery enabled Priority 0 Interface name ge 0 0 1 0 Interface status Active Link status Up Remote MEP identifier 100 State ok MAC address 00 19 e2 b2 81 4b Type Learned Interface vt 0 1 10 1049088 Last flapped Never Remote defect indication false Port status TLV n...

Page 3908: ...p on page 3812 Output Fields Table 504 on page 3812 lists the output fields for the show oam ethernet connectivity fault managementmip command Outputfieldsarelistedintheapproximate order in which they appear Table 504 show oam ethernet connectivity fault management mip Output Fields Field Description Field Name Header for the MIP information showing the MIP name MIP information for instance Interf...

Page 3909: ...Troubleshoot Ping Host 2 Next to Advanced options click the expand icon 3 Enter information into the Ping Host page as described in Table 505 on page 3813 The Remote Host field is the only required field 4 Click Start The results of the ping operation are displayed in the main pane If no options are specified each ping response is in the following format bytes bytes from ip address icmp_seq number...

Page 3910: ...f service TOS value in the IP header of the ping request packet Type of Service Select the routing instance name from the list Name of the routing instance for the ping attempt Routing Instance Select the interval from the list Specifies the interval in seconds between transmissions of individual ping requests Interval Type the size in bytes of the packet The size can be from 0 through 65468 The s...

Page 3911: ...aceroute packet is set to 1 In this manner each waypoint along the path to the destination host replies with a Time Exceeded packet from which the source IP address can be obtained The results of the traceroute operation are displayed in the main pane If no options are specified each line of the traceroute display is in the following format hop number host ip address as number time1 time2 time3 Th...

Page 3912: ...which the traceroute packets are sent Interface From the list select the TTL Specifies the maximum time to live TTL hop count for the traceroute request packet Time to live From the list select the decimal value of the TOS field Specifies the type of service TOS value to include in the IP header of the traceroute request packet Type of Service To display the AS numbers select the check box Determi...

Page 3913: ... files is created When a file is archived the router or switch attempts to transfer the file to the first URL in the list moving to the next site only if the transfer does not succeed The log file is stored at the archive site with a filename of the format router name_log filename_timestamp Options site name Any valid FTP URL to a destination For information about specifying valid FTP URLs see the...

Page 3914: ...e configured source classes on every interface that has destination class usage configured For information about configuring source classes see the Junos Routing Protocols Configuration Guide For information about configuring source class usage see the Junos Network Interfaces Configuration Guide Options profile name Name of the destination class profile The remaining statements are explained sepa...

Page 3915: ...ion Configuring the Counters destination classes Syntax destination classes destination class name Hierarchy Level edit accounting options class usage profile profile name Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Specify the destination classes for which statistics are collected Options dest...

Page 3916: ...error packets input multicast Input packets arriving by multicast input packets Input packets input unicast Input unicast packets output bytes Output bytes output errors Generic output error packets output multicast Output packets sent by multicast output packets Output packets output unicast Output unicast packets Required Privilege Level interface To view this statement in the configuration inte...

Page 3917: ...tement introduced in Junos OS Release 9 0 for EX Series Switches Description Specify the accounting log file associated with the profile Options filename Name of the log file You must specify a filename already configured in the file statement at the edit accounting options hierarchy level Required Privilege Level interface To view this statement in the configuration interface control To add this ...

Page 3918: ... Series switches Description Specify a log file to be used for accounting data Options filename Name of the file in which to write accounting data The remaining statements are explained separately Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation Configuring Accounting Data Log Files Cop...

Page 3919: ...ple profilelog reaches its maximum size it is renamed profilelog 0 then profilelog 1 and so on until the maximum number of log files is reached Then the oldest log file is overwritten The minimum value for number is 3 and the default value is 10 Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Docume...

Page 3920: ...e to a firewall filter you include the accounting profile statement at the edit firewall filter filter name hierarchy level For more information about firewall filters see the Junos Network Interfaces Configuration Guide Options profile name Name of the filter profile The remaining statements are explained separately Required Privilege Level interface To view this statement in the configuration in...

Page 3921: ...tics and write them to a file in the var log directory You can specify an interface profile for either a physical or a logical interface Options profile name Name of the interface profile The remaining statements are explained separately Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation ...

Page 3922: ...8 2 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Specify how often statistics are collected for the accounting profile Options minutes Length of time between each collection of statistics Range 1 through 2880 minutes Default 30 minutes Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the con...

Page 3923: ...e a MIB profile to collect selected MIB statistics and write them to a file in the var log directory Options profile name Name of the MIB statistics profile The remaining statements are explained separately Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation Configuring the MIB Profile 382...

Page 3924: ...entation Configuring the MIB Profile operation Syntax operation operation name Hierarchy Level edit accounting options mib profile profile name Release Information Statement introduced in Junos OS Release 8 2 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Specify the name of the operation used to collect MIB statistics for an accounting data log file Options operat...

Page 3925: ...to collect selected Routing Engine statistics and write them to a file in the var log directory Options profile name Name of the Routing Engine statistics profile The remaining statements are explained separately Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation Configuring the Routing E...

Page 3926: ...ify GB Range 256 KB through 1 GB Required Privilege Level interface To view this statement in the configuration interface control To add this statement to the configuration Related Documentation Configuring the Maximum Size of the File source classes Syntax source classes source class name Hierarchy Level edit accounting options class usage profile profile name Release Information Statement introd...

Page 3927: ...hy Level edit accounting options file filename Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Specify the length of time the file remains open and receives new statistics before it is closed and transferred to an archive site Options minutes Time the file remains open and receives new statistics b...

Page 3928: ...Copyright 2010 Juniper Networks Inc 3832 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Page 3929: ...CHAPTER 135 Operational Mode Commands for General Network Management and Monitoring 3833 Copyright 2010 Juniper Networks Inc ...

Page 3930: ...hrough em0 brief detail extensive Optional Display the specified level of output absolute sequence Optional Display absolute TCP sequence numbers count count Optional Specify the number of packet headers to display 0 through 1 000 000 The monitor traffic command quits automatically after displaying the number of packets specified interface interface name Optional Specify the interface on which the...

Page 3931: ...14 The monitor traffic command truncates displayed packets if the matched data exceeds the configured size AdditionalInformation In the monitor traffic command you can specify an expression to match by using the matching option and including the expression in quotation marks monitor traffic matching expression Replace expression with one or more of the match conditions listed in Table 507 on page ...

Page 3932: ...ion to the AMT outer packet amt Protocol Matches all ARP packets arp Matches all Ethernet packets ether Matches broadcast or multicast Ethernet frames This match condition can be prepended withsrc and dst ether broadcast multicast Matches packets with the specified Ethernet address or Ethernet packets of the specified protocol type The ether protocol arguments arp ip and rarp are also independent ...

Page 3933: ...You can use relational operators to compare arithmetic expressions composed of integer constants binary operators a length operator and special packet data accessors The arithmetic expression matching condition uses the following syntax monitor traffic matching ether 0 1 0 arithmetic_expression relational_operator arithmetic_expression The packet data accessor uses the following syntax protocol by...

Page 3934: ...ic interface ae x command for aggregated Ethernet interfaces such as ae0 only shows inbound traffic data the command does not show VLAN tag information in the output Table 509 Arithmetic and Relational Operators for the monitor traffic Command Description Arithmetic or Relational Operator Arithmetic Operator Addition operator Subtraction operator Division operator Bitwise AND Bitwise exclusive OR ...

Page 3935: ... win 16798 DF 04 35 49 814185 Out my server work net telnet my server home net 1295 P 1 38 37 ack 0 win 17680 DF tos 0x10 monitor traffic detail count user host monitor traffic detail count 2 listening on fxp0 04 38 16 265864 In my server home net 1295 my server work net telnet ack 4122529971 win 17678 DF ttl 121 id 6812 04 38 16 265926 Out my server work net telnet telnet my server home net 1295 ...

Page 3936: ...r home net 7 18 17 28 817813 In host30 lab home net syslog host40 home0 18 17 28 817846 In host30 lab home net syslog host40 home0 monitor traffic matching user host monitor traffic matching net 192 168 1 0 24 verbose output suppressed use detail or extensive for full protocol decode Address resolution is ON Use no resolve to avoid any reverse lookup delay Address resolution timeout is 4s Listenin...

Page 3937: ...it em0 englab juniper net telnet ipg lnx shell1 juniper net 46182 P 6 10 4 ack 48 win 33304 nop nop timestamp 993810 1308555294 04 12 00 141821 In IP ipg lnx shell1 juniper net 46182 summit em0 englab juniper net telnet ack 10 win 63712 nop nop timestamp 1308555294 993810 04 12 00 141837 Out IP truncated ip 2 bytes missing summit em0 englab juniper net telnet ipg lnx shell1 juniper net 46182 P 10 ...

Page 3938: ...ress or hostname of the remote system to ping bypass routing Optional Bypass the normal routing tables and send ping requests directly to a system on an attached network If the system is not on a directly attached network an error is returned Use this option to ping a local system through an interface that has no route through it count requests Optional Number of ping requests to send The range of...

Page 3939: ...bytes is 0 through 65 468 The default value is 56 which is effectively 64 bytes because 8 bytes of ICMP header data are added to the packet source source address Optional IP address of the outgoing interface This address is sent in the IP source address field of the ping request If this option is not specified the default address is usually the loopback interface lo 0 strict Optional Use the stric...

Page 3940: ...from 192 168 169 254 icmp_seq 4 ttl 253 time 1 032 ms 64 bytes from 192 168 169 254 icmp_seq 5 ttl 253 time 1 044 ms C abort ping hostname size count user host ping skye size 200 count 5 PING skye net 192 168 169 254 200 data bytes 208 bytes from 192 168 169 254 icmp_seq 0 ttl 253 time 1 759 ms 208 bytes from 192 168 169 254 icmp_seq 1 ttl 253 time 2 075 ms 208 bytes from 192 168 169 254 icmp_seq ...

Page 3941: ...he default option for this command Therefore issuing the show snmp mib get get next walk decimal object id and the show snmp mib get get next walk object id commands display the same output object id The object can be represented by a sequence of dotted integers such as 1 3 6 1 2 1 2 or by its subtree name such as interfaces When entering multiple objects enclose the objects in quotation marks Req...

Page 3942: ... OS Release 0 2004 1 Build date build date UTC Copyright c 1996 2004 Juniper Networks Inc sysObjectID 0 jnxProductNameM20 sysUpTime 0 1640992 sysContact 0 Your contact sysName 0 my router sysLocation 0 building 1 sysServices 0 4 show snmp mib walk decimal user host show snmp mib walk decimal jnxUtilData jnxUtilCounter32Value 102 114 101 100 100 show snmp mib walk ASCII show snmp mib walk ascii jnx...

Page 3943: ...ctly to a system on an attached network If the system is not on a directly attached network an error is returned Use this option to display a route to a local system through an interface that has no route through it clns Optional Trace the route belonging to Connectionless Network Service CLNS gateway address Optional Address of a router or switch through which the route transits inet inet6 Option...

Page 3944: ...ceroute noresolve on page 3849 traceroute Between CE Routers Layer 3 VPN on page 3849 traceroute Through an MPLS LSP on page 3849 Output Fields Table 511 on page 3848 describes the output fields for the traceroute command Output fields are listed in the approximate order in which they appear Table 511 traceroute Output Fields Field Description Field Name IP address of the receiver traceroute to Ma...

Page 3945: ...74 ms 0 450 ms 0 444 ms 3 10 156 169 254 0 931 ms 0 876 ms 0 862 ms traceroute Between CE Routers Layer 3 VPN user host traceroute vpn09 traceroute to vpn09 skybank net 10 255 14 179 30 hops max 40 byte packets 1 10 39 10 21 10 39 10 21 0 598 ms 0 500 ms 0 461 ms 2 10 39 1 13 10 39 1 13 0 796 ms 0 775 ms 0 806 ms MPLS Label 100006 CoS 0 TTL 1 S 1 3 vpn09 skybank net 10 255 14 179 0 783 ms 0 716 ms...

Page 3946: ...Copyright 2010 Juniper Networks Inc 3850 Complete Software Guide for Junos OS for EX Series Ethernet Switches Release 10 3 ...

Reviews:

No comments

Brands by name

Popular brands

Load more brands