Search Results

(2021-10-27) Problem Syslog noise: vlan-id(32768) to bd-id mapping doesn't exist in itable Solution: Incomplete definition for interface irb. Before: set interfaces irb unit 0 To fix, define irb0 with a inet family IP, or remove the interface. delete interfa...

List uncommitted configuration changes show | compare rollback 0 eg: root@router# show | compare rollback 0 [edit protocols] + router-advertisement { + interface vlan.3 { + prefix fd7e:4e9d:b991:1::/64; + } + interface vlan.2 { +...

(Note to Googlers: I'm more than a little surprised to get so many hits on this page so soon. To add context to this, this is an example, emailed to me by the JTAC while I was trying to troubleshoot my SNMP query sequence with EX2200 switches. I stuck it here ...

(2022-05-26) Port or VLAN Source Mirror Port examples: show | display set | match forwarding-op set forwarding-options analyzer R0 input ingress interface ge-0/0/41.0 set forwarding-options analyzer R0 input egress interface ge-0/0/41.0 set forwarding-options ...

(2022-05-26) Port or VLAN Source Mirror Port examples: show | display set | match forwarding-op set forwarding-options analyzer R0 input ingress interface ge-0/0/41.0 set forwarding-options analyzer R0 input egress interface ge-0/0/41.0 set forwarding-options ...

(2016-02-24) Problem By default, the 40Gb interfaces on the back are defined as vc-ports for Virtual Chassis (VC) stacking. If you want to use the switches as stand-alone, you have to remove the configuration as vc-ports. Solution user@host2> request virtual-c...

(2019-01-02) Non-Stop Software Upgrade Is Dicey We have attempted to upgrade a EX4300 virtual chassis pair from 14.1X53-D35.3 to 14.1X53-D47.3 using the NSSU procedure. During this procedure, we experienced a switching outage of at least 10 seconds which is un...

(2016-05-25) Problem Boot media /dev/da0 has dual root support WARNING: JUNOS versions running on dual partitions are not same Solution admin@EX> request system snapshot slice alternate Formatting alternate root (/dev/da0s1a)… Copying '/dev/da0s2a' to '/dev/d...

(2013 March 7) If you have an interface defined with two IP addresses on it: vlan { unit 0 { family inet { address 192.168.1.1/24; address 10.17.0.1/20; } } } ...then you need an exp...

(2014-02-12) Problem Send PXE boot options from a SRX DHCP server. Solution set system services dhcp pool 10.17.0.0/20 boot-file pxelinux.0 set system services dhcp pool 10.17.0.0/20 next-server 10.17.0.2 Notes: If you don't assign the options to a dhcp pool...

(2013 March 7) Application Timeout Values To check: root@sentry> request pfe execute target fwdd command "show usp app-def tcp" | match ssh GOT: tcp port=22, appl_name=junos-ssh, service type=22, alg id=0, timeout=1800 Documentation seems to claim these value...

(2015-02-11) Problem My SRX has been assigned an IP address and I don't know what it is. I have a serial terminal connected to the device. Solution root> show system services dhcp client Logical Interface name vlan.0 Hardware address a8...

(17 January 2012) TL/DR: different parts of the cluster can be on different nodes. It doesn't look easy to figure out what node is actually active as far as the clustering goes if you are just looking at the front panel. Here's an example. We're configured as ...

(17 January 2012) Incomplete, work in progress. I probably don't understand this fully yet. When you cluster a pair of SRX240 firewalls, each firewall redefines ge-0/0/0 as a local fxp0. This is an IP interface for managing that physical firewall. You are prob...

(2015-03-26) Problem Phase 1 connects then drops seconds later. In the trace options, you see the message: iked_pm_id_validate id NOT matched. ...after the message identifying that Phase 1 is up. Solution The remote side is using IPs as peer-IDs (note: differ...

You can do this through the CLI: insert security policies from-zone trust to-zone untrust policy Policy-A before policy Policy-B

(2 April 2012) Problem I want to create a ScreenOS-type VIP (aka a port forward) where one port on one IP is mapped to an unrelated port on another internal IP. For example I want the firewall to listen on public IP 1.1.1.2 port 8080 and forward that traffic t...

(2015-03-26) Problem Phase 1 connects then drops seconds later. In the trace options, you see the message: iked_pm_id_validate id NOT matched. ...after the message identifying that Phase 1 is up. Solution The remote side is using IPs as peer-IDs (note: differ...

(2017-08-22) Loading Configuration From The Terminal To replace the current configuration with a new brace-style configuration you have (probably from a configuration backup or the like): [edit] user@host# load override terminal Paste your new configuration, ...

(2017-08-22) TFTP Installing Firmware From The Loader connect a console reboot the device interrupt the boot process when it says Press SPACE to abort autoboot set U-boot environment (note that the gatewayip may not be necessary if you are on the same subn...