advertisement
Junos
®
OS Release 12.3 Release Notes for
Juniper Networks EX Series Ethernet
Switches
Release 12.3R12
5 January 2016
Revision 1
Contents
New Features in Junos OS Release 12.3 for EX Series Switches . . . . . . . . . . . . . . . . 6
Converged Networks (LAN and SAN) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Enhanced Layer 2 Software (ELS) on EX9200 Switches . . . . . . . . . . . . . . . . 10
Ethernet Switching and Spanning Trees . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Changes in Default Behavior and Syntax in Junos OS Release 12.3 for EX Series
Dynamic Host Configuration Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Network Management and Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Copyright © 2017, Juniper Networks, Inc.
1
EX Series Switches Release Notes
2
Limitations in Junos OS Release 12.3 for EX Series Switches . . . . . . . . . . . . . . . . . 20
Ethernet Switching and Spanning Trees . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Outstanding Issues in Junos OS Release 12.3 for EX Series Switches . . . . . . . . . . 29
Network Management and Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Resolved Issues in Junos OS Release 12.3 for EX Series Switches . . . . . . . . . . . . . 33
Access Control and Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Converged Networks (LAN and SAN) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Ethernet Switching and Spanning Trees . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Layer 2 and Layer 3 Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Management and RMON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Power over Ethernet (PoE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Software Installation and Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Access Control and Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Ethernet Switching and Spanning Trees . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Copyright © 2017, Juniper Networks, Inc.
Copyright © 2017, Juniper Networks, Inc.
Management and RMON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Access Control and Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Ethernet Switching and Spanning Trees . . . . . . . . . . . . . . . . . . . . . . . . . 46
Layer 2 and Layer 3 Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Management and RMON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Power over Ethernet (PoE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Software Installation and Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Access Control and Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Management and RMON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
High Availability (HA) and Resiliency . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Network Management and Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Software Installation and Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Network Management and Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Software Installation and Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
3
EX Series Switches Release Notes
4
Authentication and Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Network Management and Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Routing Protocols and Firewall Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Authentication and Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Routing Policy and Firewall Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Spanning-Tree Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Authentication and Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Dynamic Host Configuration Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Network Management and Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Authentication and Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Copyright © 2017, Juniper Networks, Inc.
Authentication and Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Network Management and Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Changes to and Errata in Documentation for Junos OS Release 12.3 for EX Series
Changes to Junos OS for EX Series Switches Documentation . . . . . . . . . . . . 76
Upgrade and Downgrade Instructions for Junos OS Release 12.3 for EX Series
Upgrade and Downgrade Support Policy for Junos OS Releases . . . . . . . . . . 78
Upgrading EX Series Switches Using NSSU . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Upgrading to Junos OS Release 12.1R2 or Later with Existing VSTP
Upgrading from Junos OS Release 10.4R3 or Later . . . . . . . . . . . . . . . . . . . . . 80
Upgrading from Junos OS Release 10.4R2 or Earlier . . . . . . . . . . . . . . . . . . . . 81
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ?
Copyright © 2017, Juniper Networks, Inc.
5
EX Series Switches Release Notes
New Features in Junos OS Release 12.3 for EX Series Switches
This section describes new features in Release 12.3 of the Junos operating system (Junos
OS) for EX Series switches.
Not all EX Series software features are supported on all EX Series switches in the current release. For a list of all EX Series software features and their platform support, see
Feature
Explorer
.
New features are described on the following pages:
•
•
Access Control and Port Security on page 8
•
Class of Service (CoS) on page 9
•
Converged Networks (LAN and SAN) on page 9
•
Enhanced Layer 2 Software (ELS) on EX9200 Switches on page 10
•
Ethernet Switching and Spanning Trees on page 10
•
Firewall Filters and Routing Policy on page 12
•
•
•
Interfaces and Chassis on page 14
•
•
•
Layer 2 and Layer 3 Protocols on page 16
•
Management and RMON on page 16
•
•
6 Copyright © 2017, Juniper Networks, Inc.
New Features in Junos OS Release 12.3 for EX Series Switches
Hardware
Juniper Networks EX9200 Ethernet Switches—The EX9200 Programmable Ethernet
Switches support current and planned SDN interfaces and protocols, offering the flexibility and scalability to increase business agility by simplifying the deployment and operation of cloud applications, by offering server virtualization, and by supporting rich media collaboration tools across campuses and data centers. The EX9200 switches provide high performance, scalable connectivity, and carrier-class reliability for high-density environments such as campus aggregation and data center networks.
The first supported Junos OS release for the EX9200 switches is Release 12.3R2.
The EX9200 switches are modular systems that provide high availability and redundancy for all major hardware components, including Routing Engine modules, Switch Fabric
(SF) modules, fan trays (with redundant fans), and power supplies. Four line cards are available for the EX9200 switches.
The three EX9200 switches are:
• EX9204 Ethernet switch—The EX9204 switch has a capacity of up to 1.6 terabits per second (Tbps), full duplex.
The EX9204 switch has a 6-U chassis. It has two dedicated slots for line cards and a multifunction slot that can be used for either a line card or a host subsystem, all horizontal and all on the front of the switch chassis.
• EX9208 Ethernet switch—The EX9208 switch has a capacity of up to 4.8 Tbps, full duplex.
The EX9208 switch has an 8-U chassis and six horizontal line card slots on the front of the switch chassis.
• EX9214 Ethernet switch—The EX9214 switch has a capacity of up to 13.2 Tbps, full duplex.
The EX9214 switch has a 16-U chassis and has 12 vertical line card slots on the front of the switch chassis.
The line cards combine a Packet Forwarding Engine and Ethernet interfaces in a single assembly. Line cards are field-replaceable units (FRUs), and they are hot-insertable and hot-removable.
The four line cards available for EX9200 switches are:
• EX9200-32XS—32-port SFP+ line card
•
EX9200-40T—40-port 10/100/1000BASE-T RJ-45 line card
•
EX9200-40F—40-port 100FX/1000BASE-X SFP line card
• EX9200-4QS—4-port 40-Gigabit Ethernet QSFP+ line card
[See EX9204 Hardware Documentation , EX9208 Hardware Documentation , and EX9214
Hardware Documentation .]
Copyright © 2017, Juniper Networks, Inc.
7
EX Series Switches Release Notes
Access Control and Port Security
•
MAC limiting enhancements—The MAC limiting feature for access port security has been enhanced to provide additional flexibility and granularity. The new feature, VLAN membership MAC limit, enables you to configure a MAC limit for a specific interface based on its membership in a particular VLAN (VLAN membership MAC limit). A single interface that belongs to multiple VLANs can thus have more than one MAC limit.
[See
Understanding MAC Limiting and MAC Move Limiting for Port Security on EX Series
Switches
.]
• VR-aware DHCP server and relay with option 82 on EX8200 switches and EX8200
Virtual Chassis—VR-aware DHCP (extended DHCP) server with option 82 is now supported on EX8200 standalone switches and EX8200 Virtual Chassis.
[See
Understanding DHCP Services for Switches and
Understanding the Extended DHCP
Relay Agent for EX Series Switches
.]
•
VR-aware DHCPv6 server and relay support—Virtual router-aware (VR-aware)
DHCPv6 server and VR-aware DHCPv6 relay are now supported on these switch platforms:
•
EX4500, EX4550, and EX6210 standalone switches
•
EX4200, EX4500, EX4550, mixed EX4200, EX4500, and EX4550, and EX8200
Virtual Chassis
[See dhcpv6 (DHCP Relay Agent) and dhcpv6 (DHCP Local Server) .]
• Bypassing 802.1X authentication when adding multiple LLDP-MED end devices—If you have a large-scale installation of LLDP-MED end devices, you can save configuration time by specifying the lldp-med-bypass statement at the [edit protocols dot1x authenticator interface (all | interface-name)] hierarchy level. By configuring the lldp-med-bypass statement on an interface, you enable the interface to bypass the
802.1X authentication procedure for connecting multiple LLDP-MED end devices. This configuration automatically adds the learned MAC addresses of the LLDP-MED end devices to the switch’s static MAC bypass list, so that you do not have to individually add the MAC address of each device. You can issue the lldp-med-bypass statement only when the interface is also configured for 802.1X authentication of multiple supplicants.
[See lldp-med-bypass
.]
• Access control and port security features support added on EX3300 switches—EX3300 switches now support:
•
Captive portal authentication on Layer 2 interfaces
•
Persistent MAC learning (sticky MAC)
[See
Understanding Authentication on EX Series Switches and
Understanding Persistent
MAC Learning (Sticky MAC)
.]
8 Copyright © 2017, Juniper Networks, Inc.
New Features in Junos OS Release 12.3 for EX Series Switches
Class of Service (CoS)
•
Class-of-service feature support added on EX3300 switches—EX3300 switches now support:
• IPv6 CoS (multifield classification and rewrite)
•
Flexible CoS outer 802.1p marking
[See
Junos OS CoS for EX Series Switches Overview
.]
Converged Networks (LAN and SAN)
•
Enhanced transmission selection (IEEE 802.1Qaz) support on EX4500 switches—The
EX4500 switch models that support Converged Enhanced Ethernet (CEE) now provide limited support for enhanced transmission selection (ETS) (IEEE 802.1Qaz). ETS is a bandwidth management mechanism that supports dynamic allocation of bandwidth for Data Center Bridging Capability Exchange protocol (DCBX) traffic classes.
EX Series switches do not support the use of ETS to dynamically allocate bandwidth to traffic classes. Instead, the switches handle all DCBX traffic as a single default traffic class, group 7.
However, the switches do support the ETS Recommendation TLV. The ETS
Recommendation TLV communicates the ETS settings that the switch wants the connected DCBX peer interface to use.
If the peer interface is willing to learn the ETS state of the switch, it changes its configuration to match the configuration in the ETS Recommendation TLV sent by the
EX Series switch (that is, the traffic class group 7).
The switch advertises that it is not willing to change its ETS settings.
The advertisement of the ETS TLV is enabled by default for DCBX interfaces, but you can disable it.
[See
Disabling the ETS Recommendation TLV
.]
• Support for IEEE DCBX—The EX4500 switch models that support Converged Enhanced
Ethernet (CEE) now also support the IEEE Data Center Bridging Capability Exchange protocol (IEEE DCBX). Earlier, these switches supported only DCBX version 1.01.
DCBX version 1.01 and IEEE DCBX differ mainly in frame format. DCBX version 1.01 uses one TLV that includes all DCBX attribute information, which is sent as sub-TLVs. IEEE
DCBX uses a unique TLV for each DCB attribute.
DCBX is enabled by default on all 10-Gigabit Ethernet interfaces, and the default setting for the DCBX version on those interfaces is auto-negotiation.
When the interface DCBX version is set for auto-negotiation (the default):
•
The switch sends IEEE DCBX TLVs. If the DCBX peer advertises the IEEE DCBX TLV three times, the switch changes the local DCBX interface to IEEE DCBX.
• If the DCBX peer advertises DCBX version 1.01 TLVs three times, the switch changes the local DCBX interface to dcbx-version-1.01.
Copyright © 2017, Juniper Networks, Inc.
9
EX Series Switches Release Notes
When the interface DCBX version is set for dcbx-version-1.01:
•
The switch sends DCBX version 1.01 TLVs and ignores any IEEE DCBX TLVs from the peer.
When the interface DCBX version is set for ieee-dcbx:
• The switch sends IEEE DCBX-based TLVs and ignores any DCBX version 1.01 TLVs from the peer.
To configure the DCBX version, use the set dcbx-version command at the [edit protocols dcbx interface (all | interface-name)] hierarchy level.
The show dcbx neighbors command has been updated with additional fields that support the IEEE DCBX feature; these fields include Interface Protocol-Mode and TLV
Type.
[See
“Changes to and Errata in Documentation for Junos OS Release 12.3 for EX Series
.]
•
VN_Port to VN_Port FIP snooping on EX4500 switches—You can configure VN_Port to VN_Port (VN2VN_Port) FIP snooping if the hosts are directly connected to the same
EX4500 switch. VN2VN_Port FIP snooping on an FCoE transit switch provides security to help prevent unauthorized access and data transmission on a bridge that connects
ENodes in the Ethernet network. VN2VN_Port FIP snooping provides security for virtual links by creating filters based on information gathered (snooped) about FCoE devices during FIP transactions.
[See
Example: Configuring VN2VN_Port FIP Snooping (FCoE Hosts Directly Connected to the Same FCoE Transit Switch)
; see also
“Changes to and Errata in Documentation for
Junos OS Release 12.3 for EX Series Switches” on page 75 .]
Enhanced Layer 2 Software (ELS) on EX9200 Switches
•
Uniform Enhanced Layer 2 Software (ELS) CLI configuration statements and operational commands—Enhanced Layer 2 Software (ELS) provides a uniform CLI for configuring and monitoring Layer 2 features on EX9200 switches and on MX Series routers in LAN mode (MX-ELM). With ELS, for example, you can configure a VLAN and other Layer 2 features on an EX9200 switch and an MX-ELM router by using the same configuration commands.
[See the ELS CLI documentation for EX9200 switches: Junos OS for EX9200 Switches,
Release 12.3
.]
•
The web-based ELS Translator tool is available for registered customers to help them become familiar with the ELS CLI and to quickly translate existing EX Series switch-based CLI configurations into ELS CLI configurations.
[See ELS Translator .]
Ethernet Switching and Spanning Trees
• Ethernet ring protection switching—Ethernet ring protection switching has been extended to the following switches:
10 Copyright © 2017, Juniper Networks, Inc.
New Features in Junos OS Release 12.3 for EX Series Switches
•
EX3300 switches
• EX4500 switches
• EX4550 switches
•
EX4550 Virtual Chassis
•
Mixed EX4200 and EX4500 Virtual Chassis
• EX8200 switches
• EX8200 Virtual Chassis
Support for all these switches is in addition to that for EX2200, EX3200, and EX4200 switches provided in earlier releases. Ethernet ring protection switching, defined in the
ITU-T G.8032 recommendation, provides a means to reliably achieve carrier-class network requirements for Ethernet topologies forming a closed loop.
[See
Ethernet Ring Protection Switching Overview
.]
•
Disable MAC notifications on an interface—On EX Series switches, when you enable media access control (MAC) notifications, learned and unlearned MAC address and aging SNMP notifications are unicast on all switch interfaces. In a large Layer 2 domain, unicasting might be undesirable because it can lead to significantly excess traffic. You can now disable such notifications on individual interfaces. For example, you might need notifications only for devices that are locally attached to the switch; you might not need notifications that arrive through uplinks. To disable notifications on an interface, issue the set ethernet-switching-options interfaces interface-name no-mac-notification command.
[See Understanding MAC Notification on EX Series Switches .]
• VLAN pruning within an EX Series Virtual Chassis—VLAN pruning is now supported within an EX Series Virtual Chassis. When VLAN pruning is enabled within an EX Series
Virtual Chassis, all broadcast, multicast, and unknown unicast traffic in a VLAN uses the shortest path possible across the Virtual Chassis to the egress VLAN interface.
VLAN pruning within an EX Series Virtual Chassis enables you to conserve Virtual
Chassis bandwidth by restricting broadcast, multicast, and unknown unicast traffic in a VLAN to the shortest possible path across the Virtual Chassis instead of broadcasting this traffic to all Virtual Chassis member switches.
[See Enabling VLAN Pruning for Broadcast, Multicast, and Unknown Unicast Traffic in an
EX Series Virtual Chassis (CLI Procedure) .]
• Spanning-tree protocol concurrent configuration support added on EX3300 switches—EX3300 switches now support concurrent configuration of RSTP and VSTP.
[See
Understanding RSTP for EX Series Switches
.]
•
Extended Q-in-Q VLAN support for multiple S-VLANs per access interface on EX3300 switches—EX3300 switches now support filter-based S-VLAN tagging.
[See Understanding Q-in-Q Tunneling on EX Series Switches .]
Copyright © 2017, Juniper Networks, Inc.
11
EX Series Switches Release Notes
Firewall Filters and Routing Policy
•
Support for firewall filters with IPv6 EX3300 switches—EX3300 switches now support
IPv6 firewall filters.
[See Firewall Filters for EX Series Switches Overview .]
• Layer 3 unicast routing policy on EX3300 switches—EX3300 switches now support
Layer 3 unicast routing policy.
•
Support for match conditions, actions, and action modifiers for IPv6 firewall filters on EX2200 and EX3300 switches—Starting with Junos OS Release 12.3R6, you can configure new match conditions, actions, and action modifiers for IPv6 firewall filters on EX2200 and EX3300 switches.
[See
Platform Support for Firewall Filter Match Conditions, Actions, and Action Modifiers on EX Series Switches
.]
High Availability
•
Nonstop bridging for the Ethernet switching process (eswd), LLDP, LLDP-MED, and spanning-tree protocols on EX3300 Virtual Chassis—Nonstop bridging (NSB) for the
Ethernet switching process (eswd), LLDP, LLDP-MED, and spanning-tree protocols is now supported on EX3300 Virtual Chassis. You can now configure NSB to enable a transparent switchover between the master and backup Routing Engines without having to restart any of these processes or protocols.
[See Understanding Nonstop Bridging on EX Series Switches .]
• Nonstop active routing, graceful protocol restart, and graceful Routing Engine switchover enhancements for standalone EX8200 switches and EX8200 Virtual
Chassis—Nonstop active routing (NSR), which enables a transparent switchover of
Routing Engines without requiring restart of supported routing protocols, now supports
RSVP and LDP on EX8200 standalone switches and EX8200 Virtual Chassis. Graceful protocol restart, a feature that enables a switch undergoing a restart to inform its adjacent neighbors and peers of the restart, is now supported for RSVP and LDP on standalone EX8200 switches and EX8200 Virtual Chassis. Graceful Routing Engine switchover (GRES) for Layer 2 and Layer 3 VPN LSPs is now supported on standalone
EX8200 switches and EX8200 Virtual Chassis.
[See
Understanding Nonstop Active Routing on EX Series Switches or
High Availability
Features for EX Series Switches Overview
.]
•
Virtual Router Redundancy Protocol (VRRP) for IPv6 on EX3300 switches—VRRP for IPv6 is now supported on EX3300 switches.
[See Understanding VRRP on EX Series Switches .]
• Unified ISSU for EX9200 switches—A unified in-service software upgrade (unified
ISSU) enables you to upgrade between two different Junos OS releases with no disruption on the control plane and with minimal disruption of traffic. Unified ISSU is supported starting with Junos OS Release 12.3R3 on EX9200 switches with
EX9200-40T or EX9200-40F line cards.
12 Copyright © 2017, Juniper Networks, Inc.
New Features in Junos OS Release 12.3 for EX Series Switches
Infrastructure
[See
Unified ISSU Concepts
.]
•
Automatic repair of corrupted partition when booting from alternate partition—Resilient dual-root partitioning has been enhanced to include an automatic snapshot feature. If the automatic snapshot feature is enabled and the system reboots from the alternate root partition, the switch automatically takes a snapshot of the
Junos OS root file system in the alternate root partition and copies it to the primary root partition. This automatic snapshot procedure takes place whenever the system reboots from the alternate root partition, regardless of whether the reboot is due to a command or due to corruption of the primary root partition.
[See
Understanding Resilient Dual-Root Partitions on Switches
.]
•
BFD performance improvements—BFD performance improvements have been made on EX4200 Virtual Chassis, EX4500 Virtual Chassis, and EX8200 switches.
• IPv4 and IPv6 over GRE tunneling support on EX8200 standalone switches and
EX8200 Virtual Chassis—Generic routing encapsulation (GRE) is an IP encapsulation protocol that is used to transport packets over a network. Information is sent from one network to the other through a GRE tunnel. EX8200 standalone switches and EX8200
Virtual Chassis now support both encapsulation and de-encapsulation. Also, the configuration procedures for standalone EX8200 switches and EX8200 Virtual Chassis are now the same as for EX3200 and EX4200 switches.
[See Understanding Generic Routing Encapsulation .]
• IPv6 for virtual router-aware DHCP—EX Series switches support IPv6 for virtual router-aware DHCP, that is, for the extended DHCP server and extended DHCP relay.
The specific CLI statements supported for EX Series switches are:
•
For extended DHCP server:
• At the [edit system services dhcp-local server dhcpv6] hierarchy level:
• group
• overrides
• reconfigure
•
At the [edit access address-assignment pool pool-name] hierarchy level:
• family inet6
• dhcp-attributes
• prefix
• range
• For extended DHCP relay:
•
At the [edit forwarding-options dhcp-relay dhcpv6] hierarchy level:
Copyright © 2017, Juniper Networks, Inc.
13
EX Series Switches Release Notes
• group
• overrides
• relay-agent-interface-id
• relay-option
• server-group
[See Understanding DHCP Services for Switches and Understanding the Extended DHCP
Relay Agent for EX Series Switches .]
Interfaces and Chassis
• LACP standards-based link protection for aggregated Ethernet interfaces—LACP standards-based link protection can be enabled on a global level (for all aggregated
Ethernet interfaces on the switch) or for a specific aggregated Ethernet interface.
Earlier, EX Series switches supported only Junos OS link protection for aggregated
Ethernet interfaces.
[See
Understanding Aggregated Ethernet Interfaces and LACP
.]
•
Interfaces feature support added on EX3300 switches—EX3300 switches now support:
• Unicast reverse-path forwarding (RPF)
• IP directed broadcast
[See
Understanding Unicast RPF for EX Series Switches and
Understanding IP Directed
Broadcast for EX Series Switches
.]
•
Default logging for Ethernet ring protection switching (ERPS) (EX2200, EX2200-VC,
EX3200, EX3300, EX3300-VC, EX4200, EX4200-VC, EX4500, EX4500-VC, EX4550,
EX4550-VC, EX8200, EX8200-VC)—Starting with Junos OS Release 12.3R9, the listed EX switches automatically log basic state transitions for the ERPS protocol. No configuration is required to initiate this logging. Basic state transitions include ERPS interface transitions from up to down, and down to up; and ERPS state transitions from idle to protection, and protection to idle.
The basic state transitions are logged in a single file named erp-default, located in the
/var/log directory of the switch. The maximum size of this file is 15 MB.
Default logging for ERPS can capture initial ERPS interface and state transitions, which can help you troubleshoot issues that occur early in the ERPS protocol startup process.
However, if more robust logging is needed, you can enable traceoptions for ERPS by entering the traceoptions statement in the [edit protocols protection-group] hierarchy level.
Be aware that for ERPS, only default logging or traceoptions can be active at a time on the switch. That is, default logging for ERPS is automatically enabled and if you enable traceoptions for ERPS, the switch automatically disables default logging.
Conversely, if you disable traceoptions for ERPS, the switch automatically enables default logging.
14 Copyright © 2017, Juniper Networks, Inc.
New Features in Junos OS Release 12.3 for EX Series Switches
IPv6
•
Compliance with RFC 4291—EX Series switches drop the following types of illegal
IPv6 packets:
• Packets that have a link-local source or destination address. Because link-local addresses are intended to be used for addressing only on a single link, EX Series switches do not forward any packets with such addresses to other links.
• Packets with the IPv6 unspecified source address 0:0:0:0:0:0:0:0.
• Packets that are to be sent outside a node, but have the IPv6 loopback address
0:0:0:0:0:0:0:1 as the source address. When IPv6 packets are received on an interface,
EX Series switches drop packets that have the loopback address as the destination address.
• IPv6 neighbor redirect compliance with RFC 4861—Routers use ICMP redirect messages to notify the users on the data link that a better route is available for a particular destination. All EX Series switches now support sending ICMP redirect messages for both IPv4 and IPv6 traffic.
[See
Understanding the Protocol Redirect Mechanism on EX Series Switches
.]
• Added license support for EX2200 and EX4200 switches—The enhanced feature license (EFL) for EX2200 switches now supports the EX-2200-24T-DC model. The advanced feature license (AFL) for EX4200 switches now supports EX4200-24PX and EX4200-48PX models.
[See
Understanding Software Licenses for EX Series Switches
.]
• Support for IPv6 features on EX3300 switches—EX3300 switches now support:
• IPv6 path MTU discovery
•
IPv6 routing BGP, RIPng, MBGP, and OSPFv3
•
IPv6 routing PIM for IPv6 multicast
• IPv6 routing MLDv1 and MLDv2
• IPv6 routing IPv6 ping and IPv6 traceroute
•
IPv6 routing stateless autoconfiguration
•
IPv6 routing IPv6 Layer 3 forwarding in hardware
J-Web Interface
•
10-member EX4500 Virtual Chassis configuration through the J-Web interface—Using the J-Web interface, you can configure an EX4500 Virtual Chassis that includes a maximum of 10 members.
[See
Configuring a Virtual Chassis on an EX Series Switch (J-Web Procedure)
.]
•
EX8200 Virtual Chassis configuration through the J-Web interface—Using the J-Web interface, you can configure an EX8200 Virtual Chassis to include up to four EX8200 switches and one or two XRE200 External Routing Engines.
Copyright © 2017, Juniper Networks, Inc.
15
EX Series Switches Release Notes
[See
Configuring a Virtual Chassis on an EX Series Switch (J-Web Procedure)
.]
Layer 2 and Layer 3 Protocols
•
VRF support on EX2200 switches—Virtual routing and forwarding (VRF) is now supported on EX2200 switches.
[See Understanding Virtual Routing Instances on EX Series Switches .]
• Feature support added on EX3300 switches—EX3300 switches now support:
•
Virtual routing and forwarding (VRF)—virtual routing instances—with IPv6 for unicast traffic
• Layer 3 filter-based forwarding for unicast traffic
• Layer 3 VRF for unicast BGP, RIP, and OSPF traffic
•
Multiple VLAN Registration Protocol (MVRP, IEEE 802.1ak)
Management and RMON
•
MIB enhancements on EX8200 Virtual Chassis—The Virtual Chassis MIB has been enhanced to enable monitoring of Virtual Chassis interface statistics for EX8200 Virtual
Chassis.
[See Juniper Networks Enterprise-Specific MIBs .]
• Support for 802.1ag Ethernet OAM CFM on EX3300 switches—EX3300 switches now support 802.1ag Ethernet OAM connectivity fault management (CFM).
[See
Understanding Ethernet OAM Connectivity Fault Management for an EX Series
Switch
.]
MPLS
•
Re-mark the DSCP values for MPLS packets that exit an EX8200 standalone switch or an EX8200 Virtual Chassis—In firewall filter configurations for EX8200 standalone switches and EX8200 Virtual Chassis, you can now apply the dscp action modifier on
Layer 3 interfaces for IPv4 and IPv6 ingress traffic. This action modifier is useful specifically to re-mark the DSCP values for MPLS packets that leave an EX8200 standalone switch or an EX8200 Virtual Chassis, because these switches cannot re-mark the DSCP value on egress traffic. If you apply the dscp action modifier to ingress traffic, the DSCP value in the IP header is copied to the EXP value in the MPLS header, thus changing the DSCP value on the egress side.
[See
Firewall Filter Match Conditions, Actions, and Action Modifiers for EX Series Switches
.]
Virtual Chassis
•
Member link enhancement for optical interfaces configured as Virtual Chassis ports between EX4500 and EX4550 member switches—When you configure optical interfaces as Virtual Chassis ports (VCPs) that you then use to interconnect EX4500 or EX4550 switches in a Virtual Chassis, you can now configure up to 24 optical interface
16 Copyright © 2017, Juniper Networks, Inc.
Changes in Default Behavior and Syntax in Junos OS Release 12.3 for EX Series Switches links into a link aggregation group (LAG). Earlier, you could configure a maximum of eight links into a LAG. You can increase the member link limit in the following configurations: when you interconnect EX4500 switches in an EX4500 Virtual Chassis; when you interconnect EX4550 switches in an EX4550 Virtual Chassis; and when you interconnect EX4500 or EX4550 switches to other EX4500 or EX4550 switches in a mixed Virtual Chassis.
• Dedicated Virtual Chassis port link aggregation on EX4550 switches—The dedicated
Virtual Chassis ports (VCPs) on EX4550 switches automatically form a link aggregation group (LAG) bundle when two or more dedicated VCPs are used to interconnect the same Virtual Chassis member switches. This feature became available in Junos OS
Release 12.3R2. The LAG provides more bandwidth than a single dedicated VCP can provide, and it provides VCP redundancy by load-balancing traffic across all available dedicated VCPs in the LAG. If one of the dedicated VCPs fails, the VCP traffic is automatically load-balanced across the remaining dedicated VCPs in the LAG. See also
“Changes to and Errata in Documentation for Junos OS Release 12.3 for EX Series
.
•
Support for RJ-45 interfaces as Virtual Chassis ports on EX2200 and EX2200-C switches—Starting with Junos OS Release 12.3R3, all RJ-45 interfaces, including built-in network ports with 10/100/1000BASE-T Gigabit Ethernet connectors and 1000BASE-T
RJ-45 transceivers, on EX2200 and EX2200-C switches can now be configured into
Virtual Chassis ports (VCPs). VCPs are used to interconnect EX2200 or EX2200-C switches into a Virtual Chassis.
Related
Documentation
•
Changes in Default Behavior and Syntax in Junos OS Release 12.3 for EX Series Switches on page 17
•
Limitations in Junos OS Release 12.3 for EX Series Switches on page 20
•
Outstanding Issues in Junos OS Release 12.3 for EX Series Switches on page 29
•
Resolved Issues in Junos OS Release 12.3 for EX Series Switches on page 33
•
Changes to and Errata in Documentation for Junos OS Release 12.3 for EX Series
•
Upgrade and Downgrade Instructions for Junos OS Release 12.3 for EX Series Switches on page 77
Changes in Default Behavior and Syntax in Junos OS Release 12.3 for EX Series Switches
This section lists the changes in default behavior and syntax in Junos OS Release 12.3 for
EX Series switches.
Copyright © 2017, Juniper Networks, Inc.
17
EX Series Switches Release Notes
Authentication and Access Control
•
Starting with Junos OS Release 12.3R10 for EX Series switches, the accounting-port CLI statement is supported at the [edit access radius-server server-address] hierarchy level on all EX Series switches. This command was previously supported only on EX4300,
EX4600, and EX9200 switches. The accounting-port statement enables you to specify the port on which to contact the RADIUS accounting server. The default port number is 1813, as specified in RFC 2866.
Dynamic Host Configuration Protocol
•
When the DHCP relay agent receives a DHCP DISCOVER packet from a client while the client already has a binding on the relay that is in BOUND state, an OFFER message in reply might be dropped when sent from a server other than one to which the client is bound. You can now prevent this by using the new configuration statement delete-binding-on-renegotiation at the [edit forwarding-options dhcp-relay overrides] hierarchy level. When this option is configured, the client binding is removed on receiving a new DHCP DISCOVER packet from a client which is already in BOUND state and all
OFFER messages in reply are relayed back to the client. [PR/1031605]
Layer 2 Features
• On EX Series switches except for EX9200 switches, the vlan-tagging and family ethernet-switching statements cannot be configured on the same interface. Interfaces on EX2200, EX3200, EX3300, EX4200, and EX4500 switches are set to family ethernet-switching by the default factory configuration. EX6200 and EX8200 switch interfaces do not have a default family setting.
Hardware
•
On EX Series switches, EX-SFP-1GE-LX40K SFP transceivers (length 40 km / 24.8
miles) are incorrectly recognized as LH transceivers—that is, in the show chassis hardware command output, the Description field lists them as SFP-LH. Starting with
Junos OS Release 12.3R8, the Description field displays SFP-EX for these transceivers.
[PR/977327]
High Availability
• Change in the automatically generated virtual-link-local-address for VRRP over
IPv6—The seventh byte in the automatically generated virtual-link-local-address for
VRRP over IPv6 will be 0x02. This change makes the VRRP over IPv6 feature in Junos
OS Releases 12.2R5, 12.3R3, and later releases inoperable with Junos OS Releases
12.2R1, 12.2R2, 12.2R3, 12.2R4, 12.3R1, and 12.3R2 if automatically generated virtual-link-local-address IDs are used. As a workaround, use a manually configured virtual-link-local-address instead of an automatically generated virtual-link-local-address.
Infrastructure
18 Copyright © 2017, Juniper Networks, Inc.
Changes in Default Behavior and Syntax in Junos OS Release 12.3 for EX Series Switches
•
You can now configure the disk usage monitoring level for a disk partition by using the set chassis disk-partition partition level state free-space threshold-value (mb | percent) configuration mode command. When the specified disk usage monitoring level is reached, a system alarm is activated. The partition can be /config or /var; the level of disk usage at which monitoring occurs can be high or full; and the threshold value can be either megabytes (mb) of disk space or a percentage (percent) of disk space. Here is a sample command: set chassis disk-partition /var level high free-space 30 mb.
• These EX Series switches now support a maximum of 111 link aggregation groups
(LAGs): EX3300, EX4200, EX4500, EX4550, and EX6210 switches.
•
On EX Series switches, the request chassis routing-engine master switch command erroneously showed the check option; the option does not apply and has been removed from the CLI.
Interfaces
• LLDP frames are validated only if the Network Address Family subtype of the Chassis
ID TLV has a value of 1 (IPv4) or 2 (IPv6). For any other value, LLDP detects the transmitting device as a neighbor and displays it in the output of the show lldp neighbors command. Earlier, the frames with the Network Address Family subtype of the Chassis
ID TLV having a value of 1 (IPv4) or 2 (IPv6) were discarded, and LLDP did not detect the device as a neighbor.
Network Management and Monitoring
• On EX Series switches that run Junos OS with Enhanced Layer 2 Software (ELS), you can now configure the adaptive sampling rate in sFlow monitoring technology configurations. You configure the rate with this command: set protocols sflow adaptive-sampling-rate rate
. The maximum value for the rate is 950 pps.
• New system log message indicating the difference in the Packet Forwarding Engine counter value (EX Series)—Effective in Junos OS Release 12.3R9, if the counter value of a Packet Forwarding Engine is reported lesser than its previous value, then the residual counter value is added to the newly reported value only for that specific counter.
In that case, the CLI shows the MIB2D_COUNTER_DECREASING system log message for that specific counter.
Related
Documentation
•
New Features in Junos OS Release 12.3 for EX Series Switches on page 6
•
Limitations in Junos OS Release 12.3 for EX Series Switches on page 20
•
Outstanding Issues in Junos OS Release 12.3 for EX Series Switches on page 29
•
Resolved Issues in Junos OS Release 12.3 for EX Series Switches on page 33
•
Changes to and Errata in Documentation for Junos OS Release 12.3 for EX Series
•
Upgrade and Downgrade Instructions for Junos OS Release 12.3 for EX Series Switches on page 77
Copyright © 2017, Juniper Networks, Inc.
19
EX Series Switches Release Notes
Limitations in Junos OS Release 12.3 for EX Series Switches
This section lists the limitations in Junos OS Release 12.3 for EX Series switches. If the limitation is associated with an item in our bug database, the description is followed by the bug tracking number.
For the most complete and latest information about known Junos OS defects, use the
Juniper Networks online Junos Problem Report Search application.
Access Control
• On EX9200 switches, an LLDP neighbor is not formed for Layer 3 tagged interfaces, although peer switches are able to form the neighbor. [PR/848721: This is a known software limitation.]
Ethernet Switching and Spanning Trees
•
If the bridge priority of a VSTP root bridge is changed such that this bridge becomes a nonroot bridge, the transition might take more than 2 minutes, and you might see a loop during the transition. [PR/661691: This is a known software limitation.]
•
On EX9200 switches, MVRP does not propagate the dynamically learned VLAN information that is associated with trunk interfaces. [PR/840390, PR/848600: This is a known software limitation.]
• On EX9200 switches, BFD on IRB interfaces flaps if BFD is configured for subsecond timers. [PR/844951: This is a known software limitation.]
•
On EX9200 switches running the VLAN Spanning Tree Protocol (VSTP), incoming
BPDUs might not be included in the output of the show spanning-tree statistics interface command. [PR/847405: This is a known software limitation.]
Firewall Filters
• On EX3200 and EX4200 switches, when a very large number of firewall filters are included in the configuration, it might take a long time, possibly a few minutes, for the egress filter rules to be installed. [PR/468806: This is a known software limitation.]
• On EX3300 switches, if you add and delete filters with a large number of terms (on the order of 1000 or more) in the same commit operation, not all the filters are installed.
As a workaround, add filters in one commit operation, and delete filters in a separate commit operation. [PR/581982: This is a known software limitation.]
• On EX8200 switches, if you configure an implicit or explicit discard action as the last term in an IPv6 firewall filter on a loopback (lo0) interface, all the control traffic from the loopback interface is dropped. To prevent this, you must configure an explicit accept action. [This is a known software limitation.]
•
On EX9200 switches, you cannot configure VLAN firewall filters for traffic leaving a
VLAN. [PR/850520: This is a known software limitation.]
20 Copyright © 2017, Juniper Networks, Inc.
Limitations in Junos OS Release 12.3 for EX Series Switches
Hardware
•
On 40-port SFP+ line cards for EX8200 switches, the LEDs on the left of the network ports do not blink to indicate that there is link activity if you set the speed of the network ports to 10/100/1000 Mbps. However, if you set the speed to 10 Gbps, the LEDs blink.
[PR/502178: This is a known limitation.]
•
The
Uplink Modules in EX3200 Switches topic notes the following behavior for the SFP and SFP+ uplink modules:
• On an EX3200 switch, if you install a transceiver in an SFP uplink module, a corresponding network port from the last four built-in ports is disabled. For example, if you install an SFP transceiver in port 2 on the uplink module (ge-0/1/2) on 24-port models, then ge-0/0/22 is disabled. The disabled port is not listed in the output of show interfaces commands.
• On an EX3200 switch, if you install a transceiver in an SFP+ uplink module when the uplink module is operating in 1-gigabit mode, a corresponding network port from the last four built-in ports is disabled. For example, if you install an SFP transceiver in port 2 on the uplink module (ge-0/1/2), then ge-0/0/22 is disabled. The disabled port is not listed in the output of show interfaces commands.
However, if you install an SFP uplink module or an SFP+ uplink module when the SFP+ uplink module is operating in 1-gigabit mode and no transceiver is installed in the uplink module port, then all the network ports from the last four built-in ports are disabled and remain disabled until you reboot the switch.
If transceivers are installed in the uplink module ports, then only the corresponding built-in network ports are disabled and are not displayed in the output of show interfaces commands.
[PR/686467: This is a known limitation.]
•
You cannot connect EX2200-12P switches to some vendors’ prestandard IP phones with a straight cable. As a workaround, use a crossover cable. [PR/726929: This is a known limitation.]
High Availability
•
You cannot verify that nonstop bridging (NSB) is synchronizing Layer 2 protocol information to the backup Routing Engine even when NSB is properly configured.
[PR/701495: This is a known software limitation.]
• On EX Series Virtual Chassis using nonstop software upgrade (NSSU) to upgrade from
Junos OS Release 11.2 or earlier to Junos OS Release 11.3 or later, after the NSSU operation finishes, the same MAC address might be assigned to multiple Layer 2 or aggregated Ethernet interfaces on different member switches within the Virtual Chassis.
To set all Layer 2 and aggregated Ethernet ports to have unique MAC addresses, reboot the Virtual Chassis after the upgrade operation. To avoid these MAC address assignment issues, upgrade to Junos OS Release 11.3 or later without performing an NSSU operation.
Unique MAC address assignment for Layer 2 and aggregated Ethernet interfaces in a
Virtual Chassis was introduced in Junos OS Release 11.3. If you are upgrading to Junos
OS Release 11.2 or earlier, you should expect to see the same MAC address assigned
Copyright © 2017, Juniper Networks, Inc.
21
EX Series Switches Release Notes
Infrastructure
to multiple ports on different member switches within the Virtual Chassis. [PR/775203:
This is a known software limitation.]
• Do not use nonstop software upgrade (NSSU) to upgrade the software on an EX8200 switch from Junos OS Release 10.4 to Junos OS Release 11.1 or later if you have configured the PIM, IGMP, or MLD protocols on the switch. If you attempt to use NSSU, your switch might be left in a nonfunctional state from which it is difficult to recover.
If you have these multicast protocols configured, use the request system software add command to upgrade the software on an EX8200 switch from Junos OS Release 10.4
to Release 11.1 or later. [This is a known software limitation.]
•
On EX Series switches, the show snmp mib walk etherMIB command does not display any output, even though the etherMIB is supported. This occurs because the values are not populated at the module level—they are populated at the table level only. You can issue the show snmp mib walk dot3StatsTable, show snmp mib walk dot3PauseTable, and show snmp mib walk dot3ControlTable commands to display the output at the table level. [This is a known software limitation.]
•
Momentary loss of an inter-Routing Engine IPC message might trigger an alarm that displays the message Loss of communication with Backup Routing Engine. However, no functionality is affected. [PR/477943: This is a known software limitation.]
• Routing between virtual-routing instances for local direct routes is not supported.
[PR/490932: This is a known software limitation.]
•
On EX4500 switches, the maintenance menu is not disabled even if you include the lcd maintenance-menu disable statement in the configuration. [PR/551546: This is a known software limitation.]
• When you enable the filter-id attribute on the RADIUS server for a particular client, none of the required 802.1X authentication rules are installed in the IPv6 database.
Therefore, IPv6 traffic on the authenticated interface is not filtered; only IPv4 traffic is filtered on that interface. [PR/560381: This is a known software limitation.]
•
On EX8200 switches, if OAM link fault management (LFM) is configured on a member of a VLAN on which Q-in-Q tunneling is also enabled, OAM PDUs are not transmitted to the Routing Engine. [PR/583053: This is a known software limitation.]
•
When you reconfigure the maximum transmission unit (MTU) value of a next hop more than eight times without restarting the switch, the interface uses the maximum value of the eight previously configured values as the next MTU value. [PR/590106: This is a known software limitation.]
•
On EX8208 and EX8216 switches that have two Routing Engines, one Routing Engine cannot be running Junos OS Release 10.4 or later while the other one is running
Release 10.3 or earlier. Ensure that both Routing Engines in a single switch run either
Release 10.4 or later or Release 10.3 or earlier. [PR/604378: This is a known software limitation.]
•
On EX9200 switches, if you configure DHCP relay on an integrated routing and bridging
(IRB) interface, DHCP relay does not perform binding on the client's DHCP Discover messages. As a workaround, configure the relay agent by using the BOOTP helper in
22 Copyright © 2017, Juniper Networks, Inc.
Limitations in Junos OS Release 12.3 for EX Series Switches
Interfaces
the [edit forwarding-options helpers] hierarchy level. [PR/847772: This is a known software limitation.]
• On EX4550 switches, you might see the message UI_OPEN_TIMEOUT: Timeout connecting to peer 'dhcp' , and the message might appear even though you have not configured DHCP services. The operation of the switch is not affected, and you can ignore the message. [PR/895320: This is a known software limitation.]
•
On EX Series switches, if two interface ranges are configured on the same access interface with different VLANs for each range, the commit check shows a successful commit instead of detecting an error in the configuration. [PR/957178]
• On EX9200 switches, an SRAM parity error might be logged during normal operation.
This behavior is expected. You can ignore the error as long as you do not see large numbers of error messages. [PR/958661: This is a known software limitation.]
• EX Series switches do not support IPv6 interface statistics. Therefore, all values in the output of the show snmp mib walk ipv6IfStatsTable command always display a count of 0. [PR/480651: This is a known software limitation.]
•
On EX8216 switches, a link might go down momentarily when an interface is added to a LAG. [PR/510176: This is a known software limitation.]
• On EX Series switches, if you clear LAG interface statistics while the LAG is down, then bring up the LAG and pass traffic without checking for statistics, and finally bring the
LAG interface down and check interface statistics again, the statistics might be inaccurate. As a workaround, use the show interfaces interface-name command to check LAG interface statistics before bringing down the interface. [PR/542018: This is a known software limitation.]
• In some instances on an EX9200 switch, tagged traffic is not dropped on access interfaces even though the traffic is processed in the correct VLAN (the VLAN to which the access port belongs). If the packet exits the switch on a trunk port, the packet might be tagged twice. [PR/838597: This is a known software limitation.]
• On an EX9200 switch with a single Routing Engine, when the Routing Engine is rebooted, the interfaces do not immediately shut down. In this case, use the set chassis power-off-ports-on-no-master-re command with the enable or disable option.
[PR/843743: This is a known software limitation.]
•
On EX9200 switches, after you perform an online insertion of a QSFP+ transceiver in a 40-Gigabit Ethernet interface, the interface might take more than 10 to 15 seconds to come up. [PR/847186: This is a known software limitation.]
•
On EX9200 switches, dynamic ARP resolution is not supported over interchassis control links (ICLs). As a workaround, configure static ARP on both ends of the ICL. [PR/850741:
This is a known software limitation.]
• On EX Series switches, member links within the same link aggregation group (LAG) bundle must be configured to operate at the same speed. The default interface speed for RJ-45 BASE-T copper interfaces on an EX4550 switch is 10 gigabits per second
(Gbps). The default interface speed for RJ-45 BASE-T copper interfaces on all other
Copyright © 2017, Juniper Networks, Inc.
23
EX Series Switches Release Notes
J-Web Interface
EX Series switches is 1 Gbps. You must, therefore, configure the RJ-45 BASE-T copper interfaces on an EX4550 switch to 1 Gbps using the set interfaces xe-x/y/z ether-options speed 1g command when you create a static LAG between RJ-45 BASE-T copper interfaces on an EX4550 switch and RJ-45 BASE-T copper interfaces on any other EX
Series switch. [PR/940027: This is a known software limitation.]
•
For aggregated Ethernet interfaces on EX Series switches, the traffic statistics fields in show interfaces commands do not include broadcast packet information. Also, for aggregated Ethernet interfaces, the SNMP counters ifHCInBroadcastPkts and ifInBroadcastPkts are not supported. The counter values are always 0. [This is a known software limitation.]
•
On EX9200 switches, the CLI command set interfaces interface-name speed auto-10m-100m is not supported. [This is a known software limitation.]
•
In the J-Web interface, you cannot commit some configuration changes in the Ports
Configuration page or the VLAN Configuration page because of the following limitations for port-mirroring ports and port-mirroring VLANs:
• A port configured as the output port for an analyzer cannot be a member of any
VLAN other than the default VLAN.
•
A VLAN configured to receive analyzer output can be associated with only one interface.
[PR/400814: This is a known software limitation.]
•
In the J-Web interface, the Ethernet Switching Monitor page (Monitor > Switching >
Ethernet Switching) might not display monitoring details if the switch has more than
13,000 MAC entries. [PR/425693: This is a known software limitation.]
• On EX Series switches, when you use the Microsoft Internet Explorer browser to open reports from the following pages in the J-Web interface, the reports open in the same browser session:
• Files page (Maintain > Files)
• History page (Maintain > Config Management > History)
•
Port Troubleshooting page (Troubleshoot > Troubleshoot > Troubleshoot Port)
•
Static Routing page (Monitor > Routing > Route Information)
• Support Information page (Maintain > Customer Support > Support Information)
• View Events page (Monitor > Events and Alarms > View Events)
[PR/433883: This is a known software limitation.]
•
In the J-Web interface, if you open configuration pages for class-of-service (CoS) classifiers and drop profiles (Configure > Class of Service > Classifiers and Configure >
Class of Service > Drop Profile ), and then exit the pages without editing the configuration, no validation messages are displayed and the configuration of the switch proceeds.
[PR/495603: This is a known software limitation.]
24 Copyright © 2017, Juniper Networks, Inc.
Limitations in Junos OS Release 12.3 for EX Series Switches
•
In the J-Web interface for EX4500 switches, the Ports Configuration page (Configure
> Interfaces > Ports), the Port Security Configuration page (Configure > Security > Port
Security), and the Filters Configuration page (Configure > Security > Filters) display features that are not supported on EX4500 switches. [PR/525671: This is a known software limitation.]
• When you use an HTTPS connection in the Microsoft Internet Explorer browser to save a report from the following pages in the J-Web interface, the error message Internet
Explorer was not able to open the Internet site is displayed on the following pages:
• Files page (Maintain > Files)
•
History page (Maintain > Config Management > History)
•
Port Troubleshooting page (Troubleshoot > Troubleshoot > Troubleshoot Port)
• Static Routing page (Monitor > Routing > Route Information)
• Support Information page (Maintain > Customer Support > Support Information)
•
View Events page (Monitor > Events and Alarms > View Events)
[PR/542887: This is a known software limitation.]
• If you insert four or more EX8200-40XS line cards in an EX8208 or EX8216 switch, the
Support Information page (Maintain > Customer Support > Support Information) in the J-Web interface might fail to load because the configuration might be larger than the maximum size of 5 MB. The error message that appears is Configuration too large to handle
. [PR/552549: This is a known software limitation.]
•
If you have accessed the J-Web interface using an HTTPS connection through the
Microsoft Internet Explorer Web browser, you might not be able to download and save reports from some pages on the Monitor, Maintain, and Troubleshoot tabs. Some affected pages are at these locations:
•
Maintain > Files > Log Files > Download
• Maintain > Config Management > History
• Maintain > Customer Support > Support Information > Generate Report
•
Troubleshoot > Troubleshoot Port > Generate Report
•
Monitor > Events and Alarms > View Events > Generate Report
• Monitor > Routing > Route Information > Generate Report
As a workaround, use the Mozilla Firefox Web browser to download and save reports using an HTTPS connection. [PR/566581: This is a known software limitation.]
•
The J-Web interface does not support role-based access control; it supports only users in the super-user authorization class. So a user who is not in the super-user class, such as a user with view-only permission, is able to launch the J-Web interface and is allowed to configure everything, but the configuration fails on the switch, and the switch displays access permission errors. [PR/604595: This is a known software limitation.]
Copyright © 2017, Juniper Networks, Inc.
25
EX Series Switches Release Notes
•
In mixed EX4200 and EX4500 Virtual Chassis, the J-Web interface does not list the features supported by the backup or linecard members. Instead, it lists only the features supported by the master. [PR/707671: This is a known software limitation.]
•
After you remove or reboot a Virtual Chassis member (either the backup or a member in the linecard role), when you click other members in the J-Web interface, the chassis view for those members might not expand, and the dashboard might log the following error: stackImg is null or not an object. As a workaround, manually refresh the dashboard.
[PR/771415: This is a known software limitation.]
•
If a Virtual Chassis contains more than six members, the Support Information page
(Maintain > Customer Support > Support information) might not load. [PR/777372:
This is a known software limitation.]
• On EX Series Virtual Chassis that have more than five members, logging in to the J-Web dashboard might take more than 30 seconds. [PR/785300: This is a known software limitation.]
• In the J-Web interface on EX Series switches, you cannot initially configure the OSPFv3 protocol by using the point-and-click function (Configure > Point&Click > Protocols >
Configure > Ospf3). As a workaround, configure OSPFv3 options by using the CLI. You can then view and edit the OSPFv3 parameters by using the point-and-click function in the J-Web interface. [PR/857540: This is a known software limitation.]
• For EX Series switches, in the J-Web interface, the username field on the Login screen does not accept HTML tags or the < and >characters. The following error message appears: A username cannot include certain characters, including < and >. [This is a known software limitation.]
• When you use an HTTPS connection in the Microsoft Internet Explorer browser to save a report from some pages in the J-Web interface, the error message Internet Explorer was not able to open the Internet site is displayed. This problem occurs because the
Cache-Control: no cache HTTP header is added on the server side, and Internet Explorer does not allow you to download the encrypted file with the Cache-Control: no cache
HTTP header set in the response from the server.
As a workaround, refer to Microsoft Knowledge Base article 323308, which is available at http://support.microsoft.com/kb/323308 . Alternatively, use HTTP in the Internet
Explorer browser or use HTTPS in the Mozilla Firefox browser to save a file from one of these pages. [This is a known software limitation.]
•
On EX2200-C switches, both the copper and the fiber uplink ports display as connected in the J-Web dashboard if either is connected. [PR/862411: This is a known software limitation.]
26 Copyright © 2017, Juniper Networks, Inc.
Limitations in Junos OS Release 12.3 for EX Series Switches
Layer 2 and Layer 3 Protocols
•
On EX3200 and EX4200 switches, MPLS is not supported on Layer 3 tagged subinterfaces and routed VLAN interfaces (RVIs), even though the CLI allows you to commit a configuration that enables these features. [PR/612434: This is a known software limitation.]
Management and RMON
•
On EX Series switches, an SNMP query fails when the SNMP index size of a table is greater than 128 bytes, because the Net SNMP tool does not support SNMP index sizes greater than 128 bytes. [PR/441789: This is a known software limitation.]
•
When MVRP is configured on a trunk interface, you cannot configure connectivity fault management (CFM) on that interface. [PR/540218: This is a known software limitation.]
• The connectivity fault management (CFM) process (cfmd) might create a core file.
[PR/597302: This is a known software limitation.]
Multicast Protocols
Software Installation and Upgrade
•
On EX4200 switches, when you upgrade Junos OS, the software build-time date might be reset. [PR/742861: This is a known software limitation.]
Virtual Chassis
•
When multicast traffic is transiting an EX8200 switch during a nonstop software upgrade (NSSU) or after multiple graceful Routing Engine switchover (GRES) operations, a kernel panic might occur on a new master Routing Engine, causing the string rn_clone_unwire parent unreferenced to be displayed . [PR/734295: This is a known software limitation.]
•
On EX9200 switches, multicast traffic might be momentarily duplicated on an mrouter port (the port that connects to a multicast router) when a new member is added to an aggregated Ethernet bundle (or link aggregation group [LAG]) and when that new member is in the Detached state. [PR/848390: This is a known software limitation.]
• A standalone EX4500 switch on which the PIC mode is set to virtual-chassis has less bandwidth available for network ports than that available for a standalone EX4500 switch on which PIC mode is set to intraconnect. The network ports on a standalone
EX4500 switch that has a virtual-chassis PIC mode setting often do not achieve line-rate performance.
The PIC mode on an EX4500 switch might have been set to virtual-chassis in one of the following ways:
•
The switch was ordered with a Virtual Chassis module installed and thus has its PIC mode set to virtual-chassis by default.
Copyright © 2017, Juniper Networks, Inc.
27
EX Series Switches Release Notes
•
You entered the request chassis pic-mode virtual-chassis operational mode command to configure the switch as a member of a Virtual Chassis.
To check the PIC mode for an EX4500 switch that has a Virtual Chassis module installed in it, use the show chassis pic-mode command.
You must always set the PIC mode on a standalone EX4500 switch to intraconnect.
Set the PIC mode to intraconnect by entering the request chassis pic-mode intraconnect operational mode command.
[This is a known software limitation.]
• The automatic software update feature is not supported on EX4500 switches that are members of a Virtual Chassis. [PR/541084: This is a known software limitation.]
•
When an EX4500 switch becomes a member of a Virtual Chassis, it is assigned a member ID. If that member ID is a nonzero value, then if that member switch is downgraded to a software image that does not support Virtual Chassis, you cannot change the member ID to 0. A standalone EX4500 switch must have a member ID of
0. The workaround is to convert the EX4500 Virtual Chassis member switch to a standalone EX4500 switch before downgrading the software to an earlier release, as follows:
1.
Disconnect all Virtual Chassis cables from the member to be downgraded.
2.
Convert the member switch to a standalone EX4500 switch by issuing the request virtual-chassis reactivate command.
3.
Renumber the member ID of the standalone switch to 0 by issuing the request virtual-chassis renumber command.
4.
Downgrade the software to the earlier release.
[PR/547590: This is a known software limitation.]
• When you add a new member switch to an EX4200 Virtual Chassis, EX4500 Virtual
Chassis, or mixed EX4200 and EX4500 Virtual Chassis in a ring topology, a member switch that was already part of the Virtual Chassis might become nonoperational for several seconds. The member switch returns to the operational state with no user intervention. Network traffic to the member switch is dropped during the downtime.
To avoid this issue, follow this procedure:
1.
Cable one dedicated or user-configured Virtual Chassis port (VCP) on the new member switch to the existing Virtual Chassis.
2.
Power on the new member switch.
3.
Wait for the new switch to become operational in the Virtual Chassis. Monitor the show virtual-chassis command output to confirm the new switch is recognized by the Virtual Chassis and is in the Prsnt state.
4.
Cable the other dedicated or user-configured VCP on the new member switch to the Virtual Chassis.
28 Copyright © 2017, Juniper Networks, Inc.
Outstanding Issues in Junos OS Release 12.3 for EX Series Switches
[PR/591404: This is a known software limitation.]
• On EX4550 Virtual Chassis, the output of the CLI command show virtual-chassis vc-port shows the speed of dedicated Virtual Chassis ports (VCPs) to be 32G and bidirectional, while it is actually 16G and unidirectional. [PR/913523: This is a known software limitation.]
Related
Documentation
•
New Features in Junos OS Release 12.3 for EX Series Switches on page 6
•
Changes in Default Behavior and Syntax in Junos OS Release 12.3 for EX Series Switches on page 17
•
Outstanding Issues in Junos OS Release 12.3 for EX Series Switches on page 29
•
Resolved Issues in Junos OS Release 12.3 for EX Series Switches on page 33
•
Changes to and Errata in Documentation for Junos OS Release 12.3 for EX Series
•
Upgrade and Downgrade Instructions for Junos OS Release 12.3 for EX Series Switches on page 77
Outstanding Issues in Junos OS Release 12.3 for EX Series Switches
The following are outstanding issues in Junos OS Release 12.3R12 for EX Series switches.
The identifier following the description is the tracking number in our bug database.
For the most complete and latest information about known Junos OS defects, use the
Juniper Networks online Junos Problem Report Search application.
NOTE: Other software issues that are common to both EX Series switches and M, MX, and T Series routers are listed in Issues in Junos OS Release 12.3
for M Series, MX Series, and T Series Routers.
Access Control and Port Security
•
On EX9200 switches, the LLDP database is not updated when you change the interface description or system name. [PR/848320]
• On EX Series switches, if multiple source MAC addresses are flooded into a port on which MAC authentication is enabled, a dot1xd process core file might be created.
[PR/1140634]
Copyright © 2017, Juniper Networks, Inc.
29
EX Series Switches Release Notes
High Availability
•
On EX Series switches, there is no RPC equivalent for the CLI command show chassis nonstop-upgrade
. [PR/872587]
Infrastructure
•
On EX9200 switches, if you configure multichassis link aggregation (MC-LAG) in active-active mode and then one of the provider edge (PE) routers is rebooted, Layer 3 traffic might be lost for more than 10 seconds. This loss occurs because, by default, whenever a peer PE router is rebooted, the Link Aggregation Control Protocol (LACP) system ID on the other peer router changes.
As a workaround, designate one of the PE routers to be status-control active using the following command on the PE router: set interfaces aex aggregated-ether-options mc-ae events iccp-peer-down prefer-status-control-active . As a result of issuing this command on the PE router, when a peer PE router goes down, the LACP system ID does not change.
NOTE: To configure the prefer-status-control-active statement, you must configure the status-control active statement. Do not configure status-control as standby.
[PR/853694]
• On EX Series switches, the wildcard range set interfaces interface-name unit
logical-unit-number vlan-id-list [vlan-id, vlan-id-vlan-id] CLI command does not work.
An error message is displayed on the console if you issue that command. As a workaround, configure the VLAN list by using expanded configuration commands.
[PR/1030369]
• On EX9200 switches, recurring LMEM data errors might cause a chip wedge.
[PR/1033660]
•
On EX Series switches, fpc0 dfw_counter_get_by_name failed inst 0 policer index 0 status
7 error messages might appear in the log files when show firewall counter or snmp mib get jnxFirewallCounterTable is executed. [PR/1035113]
•
On EX Series switches, if you issue the show ethernet-switching table | display xml CLI command, the < l2ng-mac-entry> tag does not appear in the output. [PR/1097532]
•
On EX4550 Virtual Chassis, traffic might drop on a VCP even when the traffic rate is within the allocated bandwidth. [PR/1146961]
Interfaces
• If you configure a VLAN range on an access interface of an EX9200 switch, the Layer 2 address learning process (l2ald) might fail. As a workaround, do not configure VLAN ranges on EX9200 switch access interfaces. [PR/837608]
30 Copyright © 2017, Juniper Networks, Inc.
Outstanding Issues in Junos OS Release 12.3 for EX Series Switches
J-Web Interface
•
If an EX4550-32F switch in a Virtual Chassis reboots and comes online, LACP interfaces on any member of the Virtual Chassis might go down and not come up. [PR/1035280]
• In the J-Web interface on EX4200 switches, if you try to change the position of columns using the drag-and-drop method, only the column header moves to the new position instead of the entire column in the OSPF Global Settings table in the OSPF Configuration page, the Global Information table in the BGP Configuration page, or the Add Interface window in the LACP Configuration page. [PR/465030]
•
If you configure an IPv6 address for a VLAN in the J-Web interface, you cannot then edit the VLAN configuration. [PR/466633]
• When a large number of static routes are configured and you have navigated to pages other than page 1 in the Route Information table in the Static Routing monitoring page in the J-Web interface (Monitor > Routing > Route Information), changing the Route
Table to query other routes refreshes the page but does not return to page 1. For example, if you run a query from page 3 and the new query returns very few results, the Results table continues to display page 3 and shows no results. To view the results, navigate to page 1 manually. [PR/476338]
•
If you access the J-Web interface by using the Microsoft Internet Web browser version
7, on the BGP Configuration page (Configure > Routing > BGP), all flags might be shown in the Configured Flags list (in the Edit Global Settings window, on the Trace Options tab) even though the flags are not configured. As a workaround, use the Mozilla Firefox
Web browser. [PR/603669]
• On the process details page of the J-Web interface (Monitor > System View > Process
Details), there are multiple entries listed for a few processes that do not impact any functionality. [PR/661704]
•
In the J-Web interface, the Next Hop column in the Static Routing page (Monitor >
Routing > Route Information) displays only the interface address; the corresponding
IP address is missing. The title of the first column displays Static Route Address instead of Destination Address. As a workaround, use the CLI to execute the show route detail command to fetch the corresponding next-hop interface IP address. [PR/684552]
•
In the J-Web interface, HTTPS access might work with an invalid certificate. As a workaround, after you change the certificate, issue the restart web-management command to restart the J-Web interface. [PR/700135]
• On EX2200-C switches, if you have changed the media type and committed the change, the Ports configuration page (Configure > Interfaces > Ports) might not list the uplink port. [PR/742847]
• On EX8200 Virtual Chassis, if you are using the Virtual Chassis Wizard in the J-Web interface in the Mozilla Firefox version 3.x browser, if you have selected more than six port pairs from the same member for conversion, the wizard might display the incorrect port conversion status. Also, if you double-click Next after deleting an active member in the Members page, the J-Web interface might stop working. [PR/796584]
Copyright © 2017, Juniper Networks, Inc.
31
EX Series Switches Release Notes
Multicast Protocols
•
On EX9200 switches, the mcsnoopd process creates multiple core files at rt_nexthops_free during graceful Routing Engine switchover (GRES) with Layer 3 multicast traffic. [PR/848732]
•
On EX9200 switches, Layer 3 multicast traffic loss might occur for about 20 seconds on the switch when the switch is acting as the last-hop router (LHR) and the software performs a graceful Routing Engine switchover (GRES). [PR/848861]
• If you configure a large number of PIM source-specific multicast (SSM) groups on an
EX9200 switch, the switch might experience periodic IPv6 traffic loss. As a workaround, configure the pim-join-prune-timeout value on the last-hop router (LHR) to
250 seconds. [PR/853586]
Network Management and Monitoring
• EX Series switches do not notify users that a system log event has occurred.
[PR/897200]
Routing Policy and Firewall Filters
•
On EX Series switches, if the switch receives BFD control packets larger than the maximum supported size of 256 bytes, the BFD process (bfdd) might generate a core file. [PR/1004482]
Software Upgrade and Installation
•
On EX8200 Virtual Chassis, when an NSSU is initiated to upgrade to Junos OS Release
12.3R5, multiple pfem core files might be created on some member switches.
[PR/917863]
Virtual Chassis
• On an EX9200 Virtual Chassis, with the Virtual Chassis member switches having multiple aggregated Ethernet (ae) interfaces configured for load balancing, if you reconfigure a Virtual Chassis port (VCP) as a network-traffic Ethernet port, you might see permanent traffic losses for Layer 3 traffic that transits the aggregated Ethernet interfaces. [PR/895058]
Related
Documentation
•
New Features in Junos OS Release 12.3 for EX Series Switches on page 6
•
Changes in Default Behavior and Syntax in Junos OS Release 12.3 for EX Series Switches on page 17
•
Limitations in Junos OS Release 12.3 for EX Series Switches on page 20
•
Resolved Issues in Junos OS Release 12.3 for EX Series Switches on page 33
•
Changes to and Errata in Documentation for Junos OS Release 12.3 for EX Series
32 Copyright © 2017, Juniper Networks, Inc.
Resolved Issues in Junos OS Release 12.3 for EX Series Switches
•
Upgrade and Downgrade Instructions for Junos OS Release 12.3 for EX Series Switches on page 77
Resolved Issues in Junos OS Release 12.3 for EX Series Switches
The following issues have been resolved in Junos OS Release 12.3 for EX Series switches.
The identifier following the descriptions is the tracking number in our bug database.
For the most complete and latest information about known Junos OS defects, use the
Juniper Networks online Junos Problem Report Search application.
NOTE: Other software issues that are common to both EX Series switches and M, MX, and T Series routers are listed in Issues in Junos OS Release 12.3
for M Series, MX Series, and T Series Routers.
•
Issues Resolved in Release 12.3R1 on page 33
•
Issues Resolved in Release 12.3R2 on page 44
•
Issues Resolved in Release 12.3R3 on page 46
•
Issues Resolved in Release 12.3R4 on page 50
•
Issues Resolved in Release 12.3R5 on page 52
•
Issues Resolved in Release 12.3R6 on page 55
•
Issues Resolved in Release 12.3R7 on page 59
•
Issues Resolved in Release 12.3R8 on page 63
•
Issues Resolved in Release 12.3R9 on page 66
•
Issues Resolved in Release 12.3R10 on page 70
•
Issues Resolved in Release 12.3R11 on page 72
•
Issues Resolved in Release 12.3R12 on page 73
Issues Resolved in Release 12.3R1
The following issues have been resolved since Junos OS Release 12.2. The identifier following the description is the tracking number in our bug database.
Access Control and Port Security
•
For LLDP, the values for the IEEE 802.3 - MAC/PHY Configuration/Status TLV might be incorrect. [PR/607533: This issue has been resolved.]
• If a Unified Access Control (UAC) infranet controller is unreachable, an 802.1X (dot1x) interface might not be able to access the server-fail VLAN. [PR/781586: This issue has been resolved.]
•
If you enable 802.1X with MAC RADIUS authentication, that is, by including the mac-radius statement in the configuration, the authentication management process
(authd) might reach a memory limit when there are approximately 250 users. As a workaround, reset the authd process when it reaches 85 percent of its RLIMIT_DATA
Copyright © 2017, Juniper Networks, Inc.
33
EX Series Switches Release Notes
34 value (that is, 85 percent of 130 MB). To check the amount of memory being used by the authd process, use the show system processes extensive operational mode command. [PR/783363: This issue has been resolved.]
• When access configuration is not required and the guest VLAN feature is configured, supplicants might not be able to authenticate using the guest VLAN and remain in the
connecting state. [PR/783606: This issue has been resolved.]
• DHCP snooping might not allow DHCP Inform ACK packets to pass to the client.
[PR/787161: This issue has been resolved.]
•
If you configure a static MAC bypass for 802.1X (dot1x) and you add a new host to the exclusion list, the MAC addresses of existing hosts that have already been successfully authenticated using static MAC bypass might move to an incorrect VLAN. [PR/787679:
This issue has been resolved.]
•
Traffic leaks might occur for unknown unicast and broadcast traffic from multiple
VLANs when a MAC-RADIUS-assigned VLAN is set on a switch interface through a server-initiated attribute change. If the 802.1X interface has VLAN 100 assigned and the RADIUS server sends a different VLAN attribute (for example, 200 rather than
100), after the interface is assigned in VLAN 200, it also sends egress unknown unicast and broadcast traffic that belongs to VLAN 100. [PR/829436: This issue has been resolved.]
• On EX6200 switches, LLDP stops working if you execute the set ethernet-switching-options voip interface access-ports vlan command. [PR/829898:
This issue has been resolved.]
Class of Service
•
When you are configuring class-of-service (CoS) drop profiles, the commit operation might fail and might display the message Missing mandatory statement:
'drop-probability' . [PR/807885: This issue has been resolved.]
Converged Networks (LAN and SAN)
• On EX4500 switches, the DCBX protocol does not work. [PR/795835: This issue has been resolved.]
Ethernet Switching and Spanning Trees
• When you enable Q-in-Q tunneling and MLD snooping, no snooping database is present on the switch. [PR/693224: This issue has been resolved.]
•
If a VLAN change occurs quickly, the client might not be able to obtain an IP address.
[PR/746479: This issue has been resolved.]
• When you add a new virtual routing and forwarding (VRF) instance, existing firewall filters might not be applied to the new VRF instance. [PR/786662: This issue has been resolved.]
•
You cannot configure a VLAN whose name contains a hyphen (-). As a workaround, use an underscore (_) in the name instead. [PR/753090: This issue has been resolved.]
Copyright © 2017, Juniper Networks, Inc.
Resolved Issues in Junos OS Release 12.3 for EX Series Switches
•
Ethernet ring protection switching (ERPS; G.8032) does not block PVST BPDUs.
[PR/793891: This issue has been resolved.]
• If you delete an IPv6 configuration on a routed VLAN interface (RVI), ARP requests might not be trapped to the CPU and are not resolved. As a workaround, delete the
RVI and then reconfigure it, or reboot the switch after you delete the IPv6 configuration.
[PR/826862: This issue has been resolved.]
• After a software upgrade on the switch, Spanning Tree Protocol (STP) might not be distributed on some aggregated Ethernet links. [PR/822673: This issue has been resolved.]
Firewall Filters
• On all EX Series switches except EX8200 switches, if you have configured several policer settings in the same filter, they might all be overwritten when you change one of the settings. As a workaround, delete the setting and then add it back again with the desired changes. [PR/750497: This issue has been resolved.]
• On EX8200 Virtual Chassis, if you add and delete a firewall filter for traffic that enters on one Virtual Chassis member and is transmitted out another member, IPv6 traffic might be dropped. If the ingress and egress interfaces are on the same member, the firewall filter works correctly. [PR/803845: This issue has been resolved.]
• On EX8200 Virtual Chassis, when both dscp and ieee-802.1 rewrite rules are applied on a routed VLAN interface (RVI), deleting the filters and binding again on the same
RVI or clearing interface statistics might create a pfem core file. [PR/828661: This issue has been resolved.]
Hardware
•
When you remove the hard drive from an XRE200 External Routing Engine, an SNMP trap and a system alarm might not be generated. [PR/710213: This issue has been resolved.]
• Non-Juniper Networks DAC cables do not work on EX Series switches. [PR/808139:
This issue has been resolved.]
•
On EX4200 switches, high CPU usage might be due to console cable noise. [PR/818157:
This issue has been resolved.]
• On EX4550 switches, the backlight on the LCD panel does not turn on. [PR/820473:
This issue has been resolved.]
•
When an uplink module in the switch is operating in 1-gigabit mode, a chassism core file might be created if you remove an SFP transceiver from one of the module's interfaces. As the chassism process restarts, all traffic passing through the interface is dropped. This problem happens with both copper and fiber SFPs. [PR/828935: This issue has been resolved.]
Copyright © 2017, Juniper Networks, Inc.
35
EX Series Switches Release Notes
High Availability
• On an XRE200 External Routing Engine, when you perform a nonstop software upgrade
(NSSU) operation that includes the reboot option, the physical link might flap, which causes traffic loss and protocol flapping. [PR/718472: This issue has been resolved.]
•
After you perform a nonstop software upgrade (NSSU), you might notice a traffic outage of 150 seconds while the line cards are restarting. [PR/800460: This issue has been resolved.]
Infrastructure
•
If you enable gratuitous ARP by including the gratuitous-arp-reply, no-gratuitous-arp-reply
, or no-gratuitous-arp-request statement in the configuration, the switch might process gratuitous ARP packets incorrectly. [PR/518948: This issue has been resolved.]
• The output of the show system users no-resolve command displays the resolved hostname. [PR/672599: This issue has been resolved.]
• Rate limiting for management traffic (namely, FTP, SSH, and Telnet) arriving on network ports causes file transfer speeds to be slow. [PR/691250: This issue has been resolved.]
•
In some cases, broadcast traffic that is received on the management port (me0) is broadcast to other subnets on the switch. [PR/705584: This issue has been resolved.]
• The allow-configuration-regexps statement at the [edit system login class] hierarchy level does not work exactly the same way as the deprecated allow-configuration statement at the same hierarchy level. [PR/720013: This issue has been resolved.]
•
When you delete the VLAN mapping for an aggregated Ethernet (ae) interface, the
Ethernet switching process (eswd) might crash and display the error message No vlan matches vlan tag 116 for interface ae5.0
. [PR/731731: This issue has been resolved.]
•
The wildcard range unprotect configuration statement might not be synchronized with the backup Routing Engine. [PR/735221: This issue has been resolved.]
• After you successfully install Junos OS, if you uninstall AI scripts, an mgd core file might be created. [PR/740554: This issue has been resolved.]
•
When there is a large amount of NetBIOS traffic on the network, the switch might exhibit high latency while pinging between VLANs. [PR/748707: This issue has been resolved.]
•
On EX4200 switches, a Packet Forwarding Engine process (pfem) core file might be created while the switch is running the Packet Forwarding Engine internal support script and saving the output to a file. [PR/749974: This issue has been resolved.]
• You might see the following message in log files: Kernel/ (COMPOSITE NEXT HOP) failed, err 6 (No Memory) . [PR/751985: This issue has been resolved.]
• On EX3300 switches, if you configure more than 20 BGPv6 neighbor sessions, the CLI might display the db> prompt. [PR/753261: This issue has been resolved.]
36 Copyright © 2017, Juniper Networks, Inc.
Resolved Issues in Junos OS Release 12.3 for EX Series Switches
•
On EX8200 switches, the master-only configuration for the management interface does not work. [PR/753765: This issue has been resolved.]
• The Junos OS kernel might crash because of a timing issue in the ttymodem() internal
I/O processing routine. The crash can be triggered by simple remote access (such as
Telnet or SSH) to the device. [PR/755448: This issue has been resolved.]
• On EX Series switches, after a flash memory initialization process for the /var or
/var/tmp directory has been caused by severe corruption, SSH and HTTP access might not work correctly. As a workaround for SSH access, create a /var/empty folder.
[PR/756272: This issue has been resolved.]
• On EX8200 switch line cards, a Packet Forwarding Engine process (pfem) core file might be created as the result of a memory segmentation fault. [PR/757108: This issue has been resolved.]
• EX4500 switches and EX8200-40XS line cards do not forward IP UDP packets when their destination port is 0x013f (PTP) or when the fragmented packet has the value
0x013f at the same offset (0x2c). [PR/775329: This issue has been resolved.]
•
After you upgrade to Junos OS Release 11.4R3, EX Series switches might stop responding to SNMP ifIndex list queries. As a workaround, restart the switch. If restarting the switch is not an option, restart the shared-memory process (shm-rtsdbd). [PR/782231: This issue has been resolved.]
•
When EX Series switches receive packets across a GRE tunnel, they might not generate and send ARP packets to the device at the other end of the tunnel. [PR/782323: This issue has been resolved.]
•
On EX4550 switches, if you configure the management (me0) interface and a static route, the switch is unable to connect to a gateway. [PR/786184: This issue has been resolved.]
• After you remove an IPv6 interface configuration and then perform a rollback operation, the IPv4 label might change to explicit null. [PR/786537: This issue has been resolved.]
•
When many packets are queued to have their next hop resolved, some packets might become corrupted. [PR/790201: This issue has been resolved.]
• If you configure IPv6 and VRRP, the IPv6 VRRP MAC address might be used incorrectly as the source MAC address when the switch routes traffic across VLANs. [PR/791586:
This issue has been resolved.]
• The /var/log/messages file might fill up with the following message: caff_sf_rd_reg ret:00000 slot:1 chip:1 addr:02b45c data:0 . [PR/792396. This issue has been resolved.]
• When you restart a line card, the BFD session might go down. [PR/793194: This issue has been resolved.]
•
After the system has been up for days, EX8200 line cards might reach 100 percent
CPU usage and then stay at 100 percent. [PR/752454: This issue has been resolved.]
• On an EX8200 Virtual Chassis, the dedicated Virtual Chassis port (VCP) link between the XRE200 External Routing Engine and the Routing Engine on a member switch might be down after an upgrade. As a workaround, manually disable and then enable the physical link. [PR/801507: This issue has been resolved.]
Copyright © 2017, Juniper Networks, Inc.
37
EX Series Switches Release Notes
•
After you upgrade Junos OS, a ppmd core file might be created, and protocols that use ppmd might not work correctly. [PR/802315: This issue has been resolved.]
• On EX3300 switches, when you are configuring BGP authentication, after you have configured the authentication key, BGP peering is never established. [PR/803929: This issue has been resolved.]
• An EX6200 switch might send 802.1Q tagged frames out of access ports when DHCP snooping is configured. This might prevent certain vendors’ end devices from receiving proper IP addresses from the DHCP server. [PR/804010: This issue has been resolved.]
•
On EX Series switches that have Power over Ethernet (PoE) capability, chassisd (the chassis process) might crash when running SNMP requests (for example, SNMP get, get-next, and walk requests) on pethMainPse objects. This is caused by the system trying to free memory that is already freed. As a workaround, avoid running SNMP requests on pethMainPse objects. [PR/817311: This issue has been resolved.]
• If you reboot the switch with the routed VLAN interface (RVI) disabled, then even if you reenable the RVI, the RVI traffic is not routed in the Packet Forwarding Engine; the traffic is trapped to the CPU and is policed by the rate limit in the Packet Forwarding
Engine. [PR/838581: This issue has been resolved.]
Interfaces
• EX4200 and EX4500 switches support 64 aggregated Ethernet interfaces even though the hardware can support 111 interfaces. [PR/746239: This issue has been resolved.]
•
When VRRP is running between two EX8200 switches on a VLAN, after a master switchover, both switches might act as master. [PR/752868: This issue has been resolved.]
•
After you change the physical speed on a Virtual Chassis member interface, an aggregated Ethernet (ae) interface might flap after you issue the next commit command to commit configuration changes. [PR/779404: This issue has been resolved.]
• On EX4500 switches, link-protection switchover or revert might not work as expected.
[PR/781493: This issue has been resolved.]
•
On aggregated Ethernet (ae) interfaces, the Link Layer Discovery Protocol (LLDP) might not work. [PR/781814: This issue has been resolved.]
• When you issue the show vrrp brief command, a VRRP process (vrrpd) core file might be created. [PR/782227: This issue has been resolved.]
• On EX8200 switches, when you issue the request system reboot other-routing-engine command, a timeout error might be displayed before the Routing Engine initiates its reboot operation. [PR/795884: This issue has been resolved.]
•
On EX4550 switches, link autonegotiation does not work on 1-Gb SFP interfaces.
[PR/795626: This issue has been resolved.]
• On EX Series switches, if you have configured a link aggregation group (LAG) with link protection, an interface on the backup member might drop ingress traffic. [PR/796348:
This issue has been resolved.]
38 Copyright © 2017, Juniper Networks, Inc.
Resolved Issues in Junos OS Release 12.3 for EX Series Switches
•
If you apply a policer to an interface, the policer might not work, and messages similar to the following are logged: dfw_bind_policer_template_to_filter:205 Binding policer fails
. [PR/802489: This issue has been resolved.]
• An interface on an EX4550-32F switch might go up and down randomly even when no cable is plugged in. [PR/803578: This issue has been resolved.]
•
On EX3300 switches, when you configure VRRP with MD5 authentication with the preempt option on a routed VLAN interface (RVI), a vmcore file might be created. As a workaround, delete the preempt option and disable MD5 authentication for VRRP.
[PR/808839: This issue has been resolved.]
• On EX4550 Virtual Chassis, the show chassis environment power-supply-unit operational mode command does not show the power supply status of all member interfaces. Use the show chassis hardware command instead. [PR/817397: This issue has been resolved.]
J-Web Interface
•
In the J-Web interface, you cannot upload a software package using the HTTPS protocol. As a workaround, use either the HTTP protocol or the CLI. [PR/562560: This issue has been resolved.]
•
In the J-Web interface, the link status might not be displayed correctly in the Port
Configuration page or the LACP (Link Aggregation Control Protocol) Configuration page if the Commit Options preference is set to single commit (the Validate configuration changes option). [PR/566462: This issue has been resolved.]
•
If you have created dynamic VLANs by enabling MVRP from the CLI, then in the J-Web interface, the following features do not work with dynamic VLANs or static VLANs:
• In the Port Configuration page (Configure > Interface > Ports)—Port profile (select the interface, click Edit, and select Port Role) or the VLAN option (select the interface, click Edit, and select VLAN Options).
• VLAN option in the LACP (Link Aggregation Control Protocol) Configuration page
(Configure > Interface > Link Aggregation)—Select the aggregated interface, click
Edit
, and click VLAN.
• In the 802.1X Configuration page (Configure > Security > 802.1x)—VLAN assignment in the exclusion list (click Exclusion List and select VLAN Assignment) or the move to guest VLAN option (select the port, click Edit, select 802.1X Configuration, and click the Authentication tab).
• Port security configuration (Configure > Security > Port Security).
•
In the Port Mirroring Configuration page (Configure > Security > Port
Mirroring)—Analyzer VLAN or ingress or egress VLAN (click Add or Edit and then add or edit the VLAN).
[PR/669188: This issue has been resolved.]
• On EX4500 Virtual Chassis, if you use the CLI to switch from virtual-chassis mode to intraconnect mode, the J-Web interface dashboard might not list all the Virtual Chassis hardware components, and the image of the master and backup switch chassis might
Copyright © 2017, Juniper Networks, Inc.
39
EX Series Switches Release Notes not be visible after an autorefresh occurs. The J-Web interface dashboard also might not list the vcp-0 and vcp-1 Virtual Chassis ports in the rear view of an EX4200 switch
(in the linecard role) that is part of an EX4500 Virtual Chassis. [PR/702924: This issue has been resolved.]
•
The J-Web interface is vulnerable to HTML cross-site scripting attacks, also called XST or cross-site tracing. [PR/752398: This issue has been resolved.]
• When you configure the no-tcp-reset statement, the J-Web interface might be slow or unresponsive. [PR/754175: This issue has been resolved.]
•
In the J-Web interface, you cannot configure the TCP fragment flag for a firewall filter in the Filters Configuration page (Configure > Security > Filters). [PR/756241: This issue has been resolved.]
• In the J-Web interface, you cannot delete a term from a filter and simultaneously add a new term to that filter in the Filters configuration page (Configure > Security > Filters).
[PR/769534: This issue has been resolved.]
• Some component names shown by the tooltip on the Temperature in the Health Status panel of the dashboard might be truncated. As a result, you might see many components that have the same name displayed. For example, the components GEPHY
Front Left, GEPHY Front Middle, and GEPHY Front Right might all be displayed as
GEPHYFront. [PR/778313: This issue has been resolved.]
• In the J-Web interface, the Help page for the Install package in the Software
Maintenance page (Maintain > Software) might not appear. [PR/786654: This issue has been resolved.]
• If you issue the set protocols rstp interface logical-interface-name edge configuration command from the CLI, the J-Web interface might show that the configuration in the
Configuration detail for Desktop and Phone window is not applicable for the port profile.
However, no functionality for the Desktop and Phone port profile is affected.
[PR/791323: This issue has been resolved.]
• In the J-Web interface, if you enable a spanning-tree protocol (STP, RSTP, or MSTP) and then exclude some ports from the spanning tree, you might not be able to include these ports as part of a redundant trunk group (RTG). [PR/791759: This issue has been resolved.]
• In the J-Web interface on EX4500 and EX4550 switches, you can configure temporal and exact-temporal buffers, which are not supported by Junos OS. [PR/796719: This issue has been resolved.]
•
In a mixed Virtual Chassis in which an EX4550 switch is the master and at least one
Virtual Chassis member supports Power over Ethernet (PoE), if you click Configure >
POE and then click another tab, a javascript error might be displayed. [PR/797256;
This issue has been resolved.]
• In the J-Web interface on EX4550 switches, if you are using in-band management and select EZSetup, the error message undefined configuration delivery failed is displayed
40 Copyright © 2017, Juniper Networks, Inc.
Resolved Issues in Junos OS Release 12.3 for EX Series Switches even though the configuration has been successfully committed. [PR/800523: This issue has been resolved.]
• On EX2200 switches, in the dashboard in the J-Web interface, the flash memory utilization graph might show an incorrect value of 0%. As a workaround, to view utilization, click Monitor > System View > System Information and then click the Storage
Media tab. [PR/823795: This issue has been resolved.]
Layer 2 and Layer 3 Protocols
• On EX8200 switches with OSPF configured, after a nonstop software upgrade (NSSU) to Junos OS Release 12.1R1, OSPF adjacency might not be established for some RVIs across link aggregation group (LAG) interfaces because the flooding entry is not programmed correctly. As a workaround, disable or enable the problematic interface by issuing the following commands:
• user@switch# set interface interface-name disable
• user@switch# delete interface interface-name disable
[PR/811178: This issue has been resolved.]
•
A BFD session might flap if there are stale BFD entries. [PR/744302: This issue has been resolved.]
• On XRE200 External Routing Engines on which PIM is configured, a nonstop software upgrade (NSSU) operation might fail when performed when an MSDP peer is not yet up. As a workaround, either disable nonstop active routing (NSR) for PIM using the set protocols pim nonstop-routing disable configuration command or ensure that MSDP has reached the Established state before starting an NSSU operation. [PR/799137:
This issue has been resolved.]
• Multicast packets might be lost when the user switches from one IPTV channel to another. [PR/835538: This issue has been resolved.]
Management and RMON
•
On EX8200 Virtual Chassis, when you perform an snmpwalk operation on the jnxPsuMIB, the output shows details only for the power supplies on a single line card member. [PR/689656: This issue has been resolved.]
•
When you are using IS-IS for forwarding only IPv6 traffic and IPv4 routing is not configured, if you perform an SNMP get or walk operation on an IS-IS routing database table, the routing protocol process (rpd) might crash and restart, possibly causing a momentary traffic drop. [PR/753936: This issue has been resolved.]
•
When an SNMP string is longer than 30 characters, it is not displayed in Junos OS command output. [PR/781521: This issue has been resolved.]
• The incorrect ifType might be displayed for counters on physical interfaces.
[PR/784620: This issue has been resolved.]
•
For sFlow monitoring technology traffic on the switches, incorrect information might be displayed for output ports. [PR/784623: This issue has been resolved.]
Copyright © 2017, Juniper Networks, Inc.
41
EX Series Switches Release Notes
42
•
After a Routing Engine switchover, LACP and MIB II process (mib2d) core files might be created. [PR/790966: This issue has been resolved.]
• An SNMP MIB walk might show unwanted data for newly added objects such as jnxVirtualChassisPortInPkts or jnxVirtualChassisPortInOctets. [PR/791848: This issue has been resolved.]
• On EX Series switches, sFlow monitoring technology packets might be dropped when the packet size exceeds 1500 bytes. [PR/813879: This issue has been resolved.]
•
In EX3300 Virtual Chassis, if you perform an SNMP poll of jnxOperatingState for fan operation, the information for the last two members in the Virtual Chassis is incorrect.
[PR/813881: This issue has been resolved.]
• On EX8200 switches, sFlow monitoring technology packets were being generated with an incorrect source MAC address of 20:0b:ca:fe:5f:10. This issue has been fixed, and the EX8200 switches now use the outbound port's MAC address as the source
MAC address for sFlow monitoring technology traffic. [PR/815366: This issue has been resolved.]
•
An SNMP poll might not return clear information for some field-replaceable units
(FRUs), such as fans and power supplies. The FRU description might not indicate which physical switch contains the FRU. [PR/837322: This issue has been resolved.]
Multicast Protocols
•
When an EX Series switch is routing multicast traffic, that traffic might not exit from the multicast router port in the source VLAN. [PR/773787: This issue has been resolved.]
• While multicast is resolving routes, the following SPF-related error might be displayed:
SPF:spf_change_sre(),383: jt_change () returned error-code (Not found:4)!
[PR/774675:
This issue has been resolved.]
•
On EX8200 switches, multicast MDNS packets with the destination address 224.0.0.251
are blocked if IGMP snooping is enabled. [PR/782981: This issue has been resolved.]
• In MPLS implementations on EX Series switches, EXP bits that are exiting the provider edge switch are copied to the three least-significant bits of DSCP—that is, to IP precedence—rather than to the most-significant bits. [PR/799775: This issue has been resolved.]
Power over Ethernet (PoE)
• Power over Ethernet (PoE) and Power over Ethernet Plus (PoE+) cannot be configured by using the EX8200 member switches in an EX8200 Virtual Chassis. [PR/773826:
This issue has been resolved.]
Software Installation and Upgrade
• EX4550 switches might not load the configuration file after you perform an automatic image upgrade. [PR/808964: This issue has been resolved.]
•
On EX8200 Virtual Chassis, nonstop software upgrade (NSSU) with the no-reboot option is not supported. [PR/821811: This issue has been resolved.]
Copyright © 2017, Juniper Networks, Inc.
Resolved Issues in Junos OS Release 12.3 for EX Series Switches
Virtual Chassis
• On EX8200 Virtual Chassis, when you swap the members of a link aggregation group
(LAG), a vmcore or ksyncd core file might be created on the backup Routing Engine.
[PR/711679: This issue has been resolved.]
•
On EX8200 Virtual Chassis, after you ungracefully remove the master Routing Engine from the member switch, traffic might be interrupted for up to 2 minutes.
[PR/742363:This issue has been resolved.]
•
On EX3300 switches, when a Virtual Chassis is formed, the Virtual Chassis backup member's console CLI is not automatically redirected to the Virtual Chassis master's console CLI. As a workaround, manually log out from the Virtual Chassis backup member. [PR/744241:This issue has been resolved.]
•
On EX8200 Virtual Chassis, the request system snapshot command does not take a snapshot on the backup Routing Engine of both members. [PR/750724: This issue has been resolved.]
• On EX8200 Virtual Chassis, the switch might incorrectly send untagged packets. As a result, some hosts in the VLAN might experience connectivity issues. [PR/752021: This issue has been resolved.]
•
On EX8200 Virtual Chassis, after one Virtual Chassis member is rebooted, the line card of the corresponding rebooted member switch is not brought down immediately, and hence the peer sees that the interfaces remain in the Up state. Additionally, the interface state is not cleared immediately in the switch card chassis kernel. The result is that the protocol session goes down, and traffic loss occurs even if you have configured nonstop active routing (NSR). [PR/754603: This issue has been resolved.]
• On XRE200 External Routing Engines, when you issue the show chassis hardware command and specify display xml, duplicate occurrences of the <name> and
<serial-number> tags under the <chassis> tag might result in malformed XML output.
[PR/772507: This issue has been resolved.]
•
In a mixed EX4200 and EX4500 Virtual Chassis, the master chassis view might display the temperature indicator of the backup. [PR/783052: This issue has been resolved.]
• On XRE200 External Routing Engines, a chassism core file might be created.
[PR/791959: This issue has been resolved.]
•
On EX8200 Virtual Chassis, when you swap the members of a link aggregation group
(LAG), a vmcore or ksyncd core file might be created on the backup Routing Engine.
[PR/793778: This issue has been resolved.]
• On XRE200 External Routing Engines on which DHCP snooping and dynamic ARP inspection are enabled, when packets are transmitting out a different line card type from the ingress interface, an sfid core file might be created. [PR/794293: This issue has been resolved.]
• On EX8200 Virtual Chassis, the devbuf process might leak memory, eventually bringing the switch down to a halt. As a workaround, perform a hard shutdown by issuing the ifconfig em[0-8] down command on the em interfaces that are in the down state.
[PR/823045: This issue has been resolved.]
Copyright © 2017, Juniper Networks, Inc.
43
EX Series Switches Release Notes
Issues Resolved in Release 12.3R2
The following issues have been resolved since Junos OS Release 12.3R1. The identifier following the description is the tracking number in our bug database.
Access Control and Port Security
•
On EX Series switches except EX9200, with 802.1X user-based dynamic firewall filters enabled, a stale firewall filter that is properly authenticated after a server timeout might not be purged from an interface even after that interface is disconnected. When this issue occurs, 802.1X authentication fails. [PR/833712: This issue has been resolved.]
•
On EX Series switches, the LLDP-MED media endpoint class is shown as invalid. This problem is just a display issue—there is no functional impact. [PR/840915: This issue has been resolved.]
Class of Service
•
On EX Series switches, EXP CoS classification does not occur if EXP CoS classifiers are deleted and then added. [PR/848273: This issue has been resolved.]
Ethernet Switching and Spanning Trees
• On an EX4200 switch configured for VLAN translation, Windows NetBIOS traffic might not be translated. [PR/791131: This issue has been resolved.]
•
On EX Series switches, the Cisco Discovery Protocol (CDP) and the VLAN Trunking
Protocol (VTP) do not work through Layer 2 protocol tunneling(L2PT). [PR/842852:
This issue has been resolved.]
•
On EX Series switches, the Q-BRIDGE-MIB OID 1.3.6.1.2.1.17.7 reports the VLAN internal index instead of the VLAN ID. [PR/850299: This issue has been resolved.]
• If an EX Series switch has a redundant trunk group (RTG) link, a MAC Refresh message might be sent on a new active link of the RTG when RTG failover occurs. The switch sends the RTG MAC Refresh message with a VLAN tag even though RTGs are configured on access ports. [PR/853911: This issue has been resolved.]
Firewall Filters
• In the case of a stateful proxy, SIP hairpinning does not function, because of which two
SIP users behind the NAT device might be unable to connect through a phone call.
[PR/832364: This issue has been resolved.]
• On EX2200, EX3200, EX3300, EX4200, EX4500, EX4550, and EX6210 switches, a firewall filter with family set to ethernet-switching and configured for IPv4 blocks specific transit IPv6 traffic if the ether_type match condition in the filter is not explicitly set to ipv4. As a workaround, set ether_type to ipv4 in the filter. [PR/843336: This issue has been resolved.]
44 Copyright © 2017, Juniper Networks, Inc.
Resolved Issues in Junos OS Release 12.3 for EX Series Switches
Infrastructure
• The unlink option in the request system software add package-name unlink command does not work on EX Series switches. [PR/739795: This issue has been resolved.]
• On EX Series switches, if the sfid process receives dequeuing packets from various queues, the queue indexes do not increment properly, which might cause the sfid process to generate a core file. [PR/835535: This issue has been resolved]
• On EX8200 switches, multiple rpd process core files might be created on the backup
Routing Engine after a nonstop software upgrade (NSSU) has been performed while multicast traffic is on the switch. [PR/841848: This issue has been resolved.]
•
On EX8200 switches, the commit synchronize command might fail with the error message error: could not open configuration database (juniper.data+). [PR/844315:
This issue has been resolved.]
Interfaces
• On EX Series switches, if you configure a physical interface's maximum transmission unit (MTU) with a large value and you do not reconfigure the family inet MTU, OSPF packets might be dropped when they reach the internal logical interface if the packet size exceeds 1900 bytes. All communications traffic between Routing Engines and between FPCs passes through the internal logical interface. The OSPF neighbor does not receive the OSPF transmissions and ends the OSPF session. The switch displays the error message bmeb_rx failed. [PR/843583: This issue has been resolved.]
Management and RMON
• On EX Series switches, a configured OAM threshold value might be reset when the chassis is rebooted. [PR/829649: This issue has been resolved.]
•
An SNMP query or walk on ipNetToMediaPhysAddress does not match the show arp command output. [PR/850051: This issue has been resolved.]
Virtual Chassis
• On EX2200 Virtual Chassis, when there are multiple equal-cost paths, the show virtual-chassis vc-path source-interface interface-name destination-interface
interface-name
command displays the first discovered shortest path, even though traffic might be flowing in an alternate path. [PR/829752: This issue has been resolved.]
• In a mixed EX4200 and EX4500 Virtual Chassis, link aggregation might generate a
PFEM core file in some member switches. [PR/846498: This issue has been resolved.]
•
On EX4200 Virtual Chassis, CHASSISD_SNMP_TRAP6: SNMP trap generated: Fan/Blower
Removed messages might be generated periodically, even when member switches cited in the messages are not present in the Virtual Chassis. [PR/858565: This issue has been resolved.]
Copyright © 2017, Juniper Networks, Inc.
45
EX Series Switches Release Notes
Issues Resolved in Release 12.3R3
The following issues have been resolved since Junos OS Release 12.3R2. The identifier following the description is the tracking number in our bug database.
Access Control and Port Security
•
On EX Series switches, DHCP snooping binding does not renew the lease time when
IPv6 is configured on the client VLAN. When DHCP snooping is configured with ARP inspection and when a client renews the lease, the switch does not update the DHCP snooping table with the new lease time. The lease eventually times out from the DHCP snooping table, and the client still has a valid lease. The client's ARP request eventually times out of the switch, and the client loses connectivity because ARP inspection blocks the transmission because the client has no entry in the DHCP snooping table. As a workaround, disable and then reenable the client interface or remove IPv6 for the
VLAN. [PR/864078: This issue has been resolved.]
Class of Service
• On EX Series switches, EXP CoS classification does not occur if EXP CoS classifiers are deleted and then added back. [PR/848273: This issue has been resolved.]
•
On EX4500 switches and EX4500 Virtual Chassis, MPLS CoS classifications and rewrites might not work. [PR/869054: This issue has been resolved.]
Ethernet Switching and Spanning Trees
• On EX Series switches, when you issue the show spanning-tree interface vlan-id vlan-id detail command, the vlan-id parameter is ignored, and the output displays information for all interfaces instead of only for interfaces that are associated with the VLAN ID.
[PR/853632: This issue has been resolved.]
•
On EX Series switches, when a topology change is detected on an MSTP-enabled interface, there might be a delay of several seconds before a BPDU is sent out with a topology change flag to all the other interfaces. When such a change is detected on
RSTP-enabled interfaces, a BPDU is sent out immediately with the topology change flag. [PR/860748: This issue has been resolved.]
Hardware
• EX2200 switches are intermittently not recognizing the Redundant Power System
(RPS) after the configuration has been changed and a power supply has been reseated in the RPS. [PR/841785: This issue has been resolved.]
• On EX3200, EX4200, EX8200, EX4500, and EX4550 switches, the receiver signal average optical power is shown as 0.0000 in output for the show interfaces diagnostics optics command. [PR/854726: This issue has been resolved.]
46 Copyright © 2017, Juniper Networks, Inc.
Resolved Issues in Junos OS Release 12.3 for EX Series Switches
High Availability
• On EX8200 Virtual Chassis, a nonstop software upgrade (NSSU) might fail. [PR/871288:
This issue has been resolved.]
Infrastructure
•
After you successfully install Junos OS, if you uninstall AI scripts, an mgd core file might be created. [PR/740554: This issue has been resolved.]
• Rate limiting for management traffic (namely, SSH and Telnet) arriving on network ports causes file transfer speeds to be slow. [PR/831545: This issue has been resolved.]
•
On EX8200 Virtual Chassis, a disabled routed VLAN interface (RVI) might send gratuitous ARP requests. [PR/848852: This issue has been resolved.]
• On EX4200 Virtual Chassis, CHASSISD_SNMP_TRAP6: SNMP trap generated: Fan/Blower
Removed messages might be generated periodically, even when member switches cited in the messages are not present in the Virtual Chassis. [PR/858565: This issue has been resolved.]
•
On EX4500 Virtual Chassis, an SNMP trap generated for Power Supply Removed message might be sent for a nonexistent power supply in an active member of the
Virtual Chassis. [PR/864635: This issue has been resolved.]
• On EX4200 Virtual Chassis, a /var partition is full alarm and a
CHASSISD_RE_CONSOLE_ME_STORM log might occur, caused by a console error storm, even though the /var partition is not full. You can ignore this alarm; it has no effect on the system. [PR/866863: This issue has been resolved.]
Interfaces
•
For EX4500 switches, queue counters are not updated for member interfaces of a LAG when the monitor interface aex command is running. As a workaround, use the monitor interfaces traffic command. [PR/846059: This issue has been resolved.]
• When you boot up an EX2200 or EX3300 switch with Junos OS Release 12.2R1 or later, the message ?dog: ERROR - reset of uninitialized watchdog appears. The message appears even if you reboot the switch by using the proper reboot procedure. The error does not cause a system reset; thus, you can ignore this message. [PR/847469: This issue has been resolved.]
• On EX3200 and EX4200 switches, high traffic on management Ethernet (me0) interfaces might affect switch control and management plane functions. [PR/876110:
This issue has been resolved.]
• On a device that is in configuration private mode, when you attempt to deactivate a previously defined VLAN members list and then commit the change, the mgd process creates a core file. [PR/855990: This issue has been resolved.]
Copyright © 2017, Juniper Networks, Inc.
47
EX Series Switches Release Notes
Layer 2 and Layer 3 Protocols
• If you have configured PIM nonstop active routing (NSR), a core file might be created on an upstream router because of high churn in unicast routes or a continuous clearing of PIM join-distribution in the downstream router. To prevent this possibility, disable
NSR for PIM. [PR/707900: This issue has been resolved.]
• On a device that is running Protocol Independent Multicast (PIM) and with nonstop active routing (NSR) enabled on the device, if a PIM corresponding interface flaps continuously, a PIM thread might attempt to free a pointer that has already been freed.
This attempt causes the routing protocol process (rpd) to crash and create a core file.
[PR/801104: This issue has been resolved.]
• If an invalid PIM-SSM multicast group is configured on the routing device, then when you issue the commit or commit check command, a routing protocol process (rpd) core file is created. There is no traffic impact because the main rpd process spawns another rpd process to parse the corresponding configuration changes, and the new rpd process crashes and creates a core file. When this problem occurs, you might see the following messages: user@router# commit check error: Check-out pass for Routing protocols process (/usr/sbin/rpd) dumped core(0x86) error: configuration check-out failed user@router# commit error: Check-out pass for Routing protocols process (/usr/sbin/rpd) dumped core(0x86) error: configuration check-out failed
[PR/856925: This issue has been resolved.]
• On EX2200 switches, the periodic packet management process (ppmd) might create a core file. [PR/859625: This issue has been resolved.]
Management and RMON
•
When a graceful Routing Engine switchover (GRES) is executed on an EX Series Virtual
Chassis, CHASSISD_SNMP_TRAP6: SNMP trap generated: Power Supply Removed traps are generated periodically for all possible members of the Virtual Chassis—that is, the power supply status is checked for the maximum number of members that the
Virtual Chassis can contain, even though some of those members might not exist in the configured Virtual Chassis. [PR/842933: This issue has been resolved.]
• The sFlow monitoring technology feature is not supported on EX2200, EX2200-C, and
EX3300 switches. [PR/872292: This issue has been resolved.]
48 Copyright © 2017, Juniper Networks, Inc.
Resolved Issues in Junos OS Release 12.3 for EX Series Switches
Multicast
• On EX4500 switches, multicast packet fragments might be dropped. [PR/835855:
This issue has been resolved.]
Power over Ethernet (PoE)
•
On EX2200, EX3200, EX3300 and EX4200 switches, when PoE fails to initialize, the chassism process might cause a memory leak by repeatedly calling a file open without closing it. When this issue occurs, the chassism process, which is responsible for managing hardware inventory, might generate a core file periodically every 8-9 hours.
This might cause interfaces to flap, and impact service performance. [PR/845809:
This issue has been resolved]
Software Installation and Upgrade
•
On an EX2200-24T-DC-4G switch model, autoinstallation is not activated during initial installation because this model is missing a configuration file.
As a workaround, on the switch, starting with the shell prompt, execute these commands: root@: LC:0% cp /etc/config/ex2200-24t-4g-factory.conf
/etc/config/ex2200-24t-dc-4g-factory.conf
root@:
LC:0% cli root> edit root# load factory-default
{linecard:0}[edit] root#: set system root-authentication plain-text-password
New password:
Retype new password:
[PR/873689: This issue has been resolved.]
Virtual Chassis
•
On EX Series Virtual Chassis, if you configure a physical interface on the master switch as a member of an interface range, associate that interface with a VLAN, and then delete the interface from the interface range, the interface is not removed from the
VLAN. [PR/811773: This issue has been resolved.]
•
The request system scripts add command does not install the AI-Scripts bundle package on all nodes of an EX8200 Virtual Chassis. [PR/832975: This issue has been resolved.]
•
On EX4200 Virtual Chassis, if the MAC persistence timer is configured for 0 minutes, the system MAC base address changes when a master switchover occurs and you issue the request chassis routing-engine master switch command. As a workaround, configure a value in the range of 1 through 60 for the mac-persistence-timer statement.
[PR/858330: This issue has been resolved.]
•
On EX8200 Virtual Chassis, NetBIOS traffic might be dropped when it crosses the non-dedicated Virtual Chassis port (that is, fiber-optic ports configured as VCPs) connections. The NetBIOS traffic is dropped because of a conflict on the Packet
Copyright © 2017, Juniper Networks, Inc.
49
EX Series Switches Release Notes
Forwarding Engine of the Virtual Chassis member with the VCPs. [PR/877503: This issue has been resolved.]
Issues Resolved in Release 12.3R4
The following issues have been resolved since Junos OS Release 12.3R3. The identifier following the description is the tracking number in our bug database.
Access Control and Port Security
• On an EX Series switch, when you configure LLDP-MED on a trunk interface and set that interface as a member of both a voice VLAN and another VLAN, and you then change the mode of that interface to port (access) mode, the switch might send two different voice VLAN TLVs in an LLDP advertisement, and a VoIP phone connected to that interface might randomly select a VLAN to join. Use the monitor traffic interface
interface-name
command to check this issue. [PR/884177: This issue has been resolved.]
Class of Service
• On EX4200 switches, if you configure and apply more than 32 CoS rewrite rules, the
Packet Forwarding Engine manager (pfem) process creates core files continuously.
[PR/893911: This issue has been resolved.]
High Availability
• On EX8200 Virtual Chassis, during an NSSU, BGP neighbors might flap during the master switchover. [PR/892219: This issue has been resolved.]
•
On EX8200 Virtual Chassis, during NSSU, all interfaces, including LAGs, might go down during FRU upgrades, resulting in traffic loss. [PR/893440: This issue has been resolved.]
Infrastructure
•
On EX4550 switches, high-temperature alarms are triggered not on the thresholds displayed in the output of the show chassis temperature-thresholds command, but on other internal thresholds. [PR/874506: This issue has been resolved.]
• On EX3200 switches, an SNMP trap for pethPsePortDetectionStatus is not sent when a VoIP phone is disconnected from a PoE port. [PR/877768: This issue has been resolved.]
• On EX2200 and EX3300 switches, storm control does not limit traffic to the set value when that traffic enters through uplink ports; instead, the traffic is limited to 10 times the set value. [PR/879798: This issue has been resolved.]
•
On EX4550 switches, the log message PFC is supported only on 10G interfaces is generated over and over again in logs. [PR/880571: This issue has been resolved.]
• On EX2200 switches, the CPU is completely consumed by the swi7: clock and chassism processes when the Redundant Power System (RPS) is powered off but is connected to the switch. At the same time, link LEDs blink continuously. When the RPS is powered
50 Copyright © 2017, Juniper Networks, Inc.
Resolved Issues in Junos OS Release 12.3 for EX Series Switches up, CPU utilization and switch function becomes normal. [PR/890194: This issue has been resolved.]
• On EX4500 switches, the TLV type 314 is sent as a notification of the DCBX state of a port. In a link flap scenario, the kernel sends a DCBX PFC state TLV to the Packet
Forwarding Engine even if there is no change in the DCBX state. Also, the kernel synchronizes this state to the backup Routing Engine. On the backup Routing Engine, this message is not processed, and the system shows an Unknown TLV type 314 error.
The message in itself is harmless, but it fills up the logs unnecessarily. [PR/893802:
This issue has been resolved.]
• On EX4200 switches, if you issue the request system zeroize media command, the system boots from the backup partition and displays the following message: WARNING:
THIS DEVICE HAS BOOTED FROM THE BACKUP JUNOS IMAGE . If the auto-snapshot feature is not enabled, reinstall Junos OS to recover the primary copy in case it has been corrupted. [PR/894782: This issue has been resolved.]
•
On an EX3300 switch, when another vendor's access point is connected to one of the
EX3300 interfaces, LLDP negotiation might fail and the access point is unable to boot.
The system is storing the organization-specific TLV's OUI and subtype values in the parsed TLV-to-value buffer, and due to this, the offset for reading PoE power negotiation from the buffer has been changed. As a workaround:
1.
Unplug the access point.
2.
Wait until the interface power goes to 0, and verify that the physical interface is down.
3.
Issue the set protocol lldp interface AP-interface-name power-negotiation disable
CLI command and commit the command. This disables power negotiation.
4.
Connect the access point.
The access point powers on in IEEE class mode power (not negotiated power).
[PR/898234: This issue has been resolved.]
•
On EX Series switches, after you issue the request system zeroize media command,
SSH access fails when the switches boot from the backup root partition. This issue does not affect the primary root partition. [PR/898268: This issue has been resolved.]
Interfaces
• On EX Series switches, if you have configured a link aggregation group (LAG) with link protection, ingress traffic does not pass through the backup port. [PR/886205: This issue has been resolved.]
• On EX4200 switches, an aggregated Ethernet interface is not supported as a match condition in a firewall filter. [PR/886476: This issue has been resolved.]
•
On EX Series switches, configuration of a static LACP system ID is not supported.
[PR/889318: This issue has been resolved.]
• EX4500 switches might reboot suddenly because they have accessed an invalid register value for a port; this problem might occur when you insert or remove SFPs, or exchange
Copyright © 2017, Juniper Networks, Inc.
51
EX Series Switches Release Notes
10-gigabit and 1-gigabit SFPs in a specific port. [PR/891733: This issue has been resolved.]
• On EX Series switches, the request interface revert interface-name command might not work. If you issue the command on the switch, the following message appears: error: the redundancy-interface-process subsystem is not running . [PR/892976: This issue has been resolved.]
Management and RMON
•
On EX Series switches, when the ARP table is cleared from the CLI, the SNMP MIB ipNetToMediaPhysAddress might have more entries than the ARP table. [PR/853536:
This issue has been resolved.]
Virtual Chassis
•
If you unplug the management cable from the master switch of an EX2200 Virtual
Chassis, a remote session through the management port is lost even if the backup switch has a management cable. [PR/882135: This issue has been resolved.]
Issues Resolved in Release 12.3R5
The following issues have been resolved since Junos OS Release 12.3R4. The identifier following the description is the tracking number in our bug database.
Class of Service
• Class of service on EX2200 and EX3300 Virtual Chassis ports (VCPs) might not work properly. [PR/902224: This issue has been resolved.]
Firewall Filters
• On EX4200 switches, if you change a firewall filter term and commit or roll back the firewall filter configuration, policer counter restoration might occur. [PR/900078: This issue has been resolved.]
•
On EX Series switches, when two interfaces share the same firewall filter, combining two nodes into one node, and then unbinding the filter from one bind point splits the combined nodes. If the node operation type is UNBIND or DESTROY, the operation wrongly destroys the filter associated with the other node and creates a pfem process core file. [PR/927063: This issue has been resolved.]
Hardware
• On EX2200 and EX3300 switches, for some types of SFP transceivers, the output of the show interfaces diagnostics optics CLI command contains an incorrect value of
0.0000 mW / - Inf dBm for the Receiver signal average optical power field. [PR/909334:
This issue has been resolved.]
•
On EX4550-32T switches, some ports might not link up correctly. [PR/901513: This issue has been resolved.]
52 Copyright © 2017, Juniper Networks, Inc.
Resolved Issues in Junos OS Release 12.3 for EX Series Switches
•
On EX6200 switches, if the LCD backlight is off and you then press the menu or enter buttons on the LCD panel, the LCD is reinitialized. During this reinitialization, the switch might drop some packets. [PR/929356: This issue has been resolved.]
High Availability (HA) and Resiliency
•
On EX Series Virtual Chassis, an upgrade with NSSU might cause a mismatch in the physical interface index numbers between the master and backup Packet Forwarding
Engines, causing result packets to be dropped as they pass through the Virtual Chassis.
[PR/882512: This issue has been resolved.]
Infrastructure
•
On EX Series switches, the messages CMLC: connection in progress for long and pfem: devrt_gencfg_rtsock_msg_handler Incorrect major_type 8 might be displayed, but the messages do not impact switch functionality. [PR/890633: This issue has been resolved.]
• On EX2200 switches, a primary file system corruption might not be detected and the system might not fail over to the backup partition. Some functional problems might occur. [PR/892089: This issue has been resolved.]
• On EX8200 switches, an NSSU might cause some hosts to become unreachable because the ARP index for the impacted host route is incorrectly programmed. The host route references the old ARP index and fails to update the new ARP index.
[PR/894436: This issue has been resolved.]
• On EX8200 switches equipped with EX8200-40XS line cards, when a port on a 40XS line card connects to another device and the port is then disabled, the carrier transition count might increase continuously, which might cause high CPU utilization. The carrier transition count is displayed in the output of the show interfaces interface-name extensive command. [PR/898082: This issue has been resolved.]
• On EX4550 switches running Junos OS Release 12.2R5 or Release 12.3R3, commit operations might cause a spike in CPU utilization, resulting in a timeout of LACP, BFD, and other protocols. [PR/898097: This issue has been resolved.]
•
On EX2200 switches, the system log (syslog) messages might show IP addresses in reverse. For example, an ICMP packet from 10.0.1.114 to 10.0.0.7 might be shown in the log as PFE_FW_SYSLOG_IP: FW: ge-0/0/0.0 R icmp 114.1.0.10 7.0.0.10 0 0 (1 packets) instead of PFE_FW_SYSLOG_IP: FW: ge-0/0/0.0 R icmp 10.0.1.114 10.0.0.7 0 0 (1 packets).
[PR/898175: This issue has been resolved.]
•
On EX Series switches, if the eventd process is not restarted gracefully, the process might crash or exit and the SYSTEM_ABNORMAL_SHUTDOWN: System abnormally shut down message might be generated. [PR/901924: This issue has been resolved.]
•
On an EX6200 switch, if you disconnect the master Routing Engine (RE0) and reconnect it, the backup Routing Engine (RE1) becomes the master, and then when the original
RE0 is rebooted, it becomes the backup; however, that new backup does not appear in show chassis routing-engine command output on RE0 (the new master). [PR/919242:
This issue has been resolved.]
Copyright © 2017, Juniper Networks, Inc.
53
EX Series Switches Release Notes
•
On EX Series switches that are running Junos OS Release 12.1 and later releases, if you install AI-Scripts package releases earlier than 3.6R4 and 3.7R3 and then execute a reboot/commit sequence, the switch might generate a FIPS core file and might crash.
[PR/920478: This issue has been resolved.]
•
On EX Series switches with DHCP snooping enabled, the DHCP reply packets without any DHCP options (BOOTP reply packets) might be dropped. [PR/925506: This issue has been resolved.]
•
Polling the OID mib-2.17.7.1.4.3.1.5...: dot1qPortVlan on an EX9200 switch might cause a memory leak on the l2ald process, and the process might create core files.
[PR/935981: This issue has been resolved.]
Interfaces
•
On EX6200 switches, an interface might not be able to come up after the interface flaps due to a discrepancy on the physical channel. [PR/876512: This issue has been resolved.]
• On EX9200 switches, Layer 3 unicast traffic losses might be seen for a few seconds during graceful Routing Engine switchover (GRES) for host prefixes learned over
MC-LAG interfaces. [PR/880268: This issue has been resolved.]
• On an EX3300 switch, when another vendor's AP is connected to one of the EX3300 interfaces, LLDP negotiation might fail and the AP is unable to boot. The system is storing the organization-specific TLV's OUI and subtype values in the parsed
TLV-to-value buffer, and due to this, the offset for reading PoE power negotiation from the buffer has been changed. As a workaround:
1.
Unplug the AP.
2.
Wait until the interface power goes to 0, and verify that the physical interface is down.
3.
Issue the set protocol lldp interface power-negotiation disable CLI command and commit the command. This will disable power negotiation.
4.
Connect the AP.
The AP will power on in IEEE class mode power (not negotiated power). [PR/898234:
This issue has been resolved.]
54 Copyright © 2017, Juniper Networks, Inc.
Resolved Issues in Junos OS Release 12.3 for EX Series Switches
Layer 2 Protocols
• On EX8200 switches or EX8200 Virtual Chassis with nonstop bridging (NSB) enabled, continuously adding and deleting VLAN members along with continuously creating and deleting VLANs might cause the Ethernet switching process (eswd) to leak memory and create a core file. [PR/878016: This issue has been resolved.]
Multicast
• On EX Series switches, the multicast route cache timer might not be cleared in some situations. As a workaround, issue the show multicast route command several times.
[PR/937695: This issue has been resolved.]
Network Management and Monitoring
• On an EX9200 switch, if you configure port mirroring, the feature might not work and the switch might not be able to mirror Layer 2 and Layer 3 traffic. [PR/920213: This issue has been resolved.]
Software Installation and Upgrade
• On EX8200 Virtual Chassis, the licensing policy specifies that you install the Advanced
Feature Licenses (AFLs) on the master and backup XRE200 External Routing Engines.
In Junos OS 12.3 releases, a warning message might appear at commit indicating that the AFLs have not been installed on the Routing Engines on the EX8200 member switches even though the AFLs have been installed on the external Routing Engines.
[PR/919605: This issue has been resolved.]
Virtual Chassis
•
On EX Series Virtual Chassis, if you convert a physically down Virtual Chassis port
(VCP) to a network port, broadcast and multicast traffic might be dropped on the VCP interface. [PR/905185: This issue has been resolved.]
Issues Resolved in Release 12.3R6
The following issues have been resolved since Junos OS Release 12.3R5. The identifier following the description is the tracking number in our bug database.
Copyright © 2017, Juniper Networks, Inc.
55
EX Series Switches Release Notes
56
Class of Service
• On EX4200-48PX switch models, configuring the traffic shaping rate on an interface using the set class-of-service interfaces interface-name shaping-rate command might return the error message shaping rate not allowed on interface interface-name.
[PR/944172: This issue has been resolved.]
Hardware
•
On EX Series switches, an SFP might stop working unexpectedly with i2c errors and the switch might not recognize the SFP in its existing port. [PR/939041: This issue has been resolved.]
High Availability
•
On EX Series Virtual Chassis with a link aggregation group (LAG) interface configured, if one member link of the LAG is on the backup Routing Engine, traffic loss on the LAG interface might be observed during an NSSU. Traffic resumes after the graceful Routing
Engine switchover (GRES) occurs in the last state of the NSSU. [PR/916352: This issue has been resolved.]
Infrastructure
• EX3200 and EX4200 switches might stop forwarding traffic when the traffic exits from interfaces. [PR/856655: This issue has been resolved.]
•
On EX2200, EX2200-C, and EX3300 switches, if you configure more than one domain-search attribute under the [edit system services dhcp pool] hierarchy level, the dhcpd process might create a core file. [PR/900108: This issue has been resolved.]
• On EX4550 Virtual Chassis, SFPs might not be detected, causing continuous EEPROM read failed errors. [PR/911306: This issue has been resolved.]
•
In EX4200 Virtual Chassis, a member of the Virtual Chassis might reboot and create a pfem core file. [PR/912889: This issue has been resolved.]
• On EX Series switches except EX9200, the network interfaces information about
Receiver signal average optical power that is displayed in command output might be incorrect when you reconfigure a fiber network interface to a Virtual Chassis port (VCP).
You can see this information display by issuing the show virtual-chassis vc-port diagnostics optics command. [PR/916444: This issue has been resolved.]
• On EX Series switches, when an RSTP-enabled interface that becomes active is a member of a VLAN that has a Layer 3 interface, if this interface does not receive any
BPDUs, gratuitous ARP is not sent out. [PR/920197: This issue has been resolved.]
• On EX Series switches, when a packet is received that matches a firewall filter term with action syslog, configured to send the log to a remote syslog server, the switch might not send logs to the syslog server. [PR/926891: This issue has been resolved.]
•
On EX Series switches with a router firewall filter configured, the filter might not work if it is applied to an IPv6 VRRP-enabled interface; also, features corresponding to the filter, such as policers, do not work. [PR/926901: This issue has been resolved.]
Copyright © 2017, Juniper Networks, Inc.
Resolved Issues in Junos OS Release 12.3 for EX Series Switches
•
On an EX Series switch with TACACS+ authentication and accounting enabled, when the TACACS+ server is in an unresponsive state and sends an erroneous response with an End of File (EOF) that indicates that no data can be read from a data source, this circumstance causes the client to fail to decrement the sequence number that it manages locally. During that time, any TACACS+ authentication might fail. [PR/929273:
This issue has been resolved.]
• On EX6200 switches running Junos OS Release 11.3R1 or later, if the LCD backlight is off and then you press the buttons on the LCD panel, the LCD is reinitialized. During this reinitialization, the switch might drop some packets. [PR/929356: This issue has been resolved.]
• On an EX9200 switch configured for DHCP relay, if an IRB interface walks through a
Layer 2 trunk interface and the corresponding DHCP relay is configured in a routing instance, and if you deactivate or activate (or delete or add) a hierarchy that contains a DHCP relay-related configuration, DHCP relay might not work as expected. As a workaround, restart DHCP services after you make any changes to DHCP configurations.
[PR/935155: This issue has been resolved.]
•
On EX3200 and EX4200 switches, if multicast traffic is bursty or cyclical with no traffic for continuous 30-second periods, then the multicast keepalive timer might age out, thus deleting that particular route and causing multicast traffic loss.
As a workaround, use one of the following options:
•
Set a large timeout value for multicast forwarding cache entries using the set routing-options multicast forwarding-cache timeout command.
•
Using a script, issue the show multicast route command continuously every 25 seconds.
[PR/937695: This issue has been resolved.]
• On EX9200 switches that are configured for DHCP relay, if you deactivate or activate an IRB interface, DHCP relay for that interface might stop working and might drop
DHCP packets. [PR/937996: This issue has been resolved.]
• On EX Series switches with dual Routing Engines, with the switch configured with
VRRP, if VRRP is configured under an interface subnet, the kernel might create a core file on the backup Routing Engine because states are out of sync on the master and backup Routing Engines. If this issue occurs on an EX Series Virtual Chassis, it will cause a service impact. [PR/939418: This issue has been resolved.]
• On EX4500 or EX4550 switches, if you apply a firewall filter to a loopback interface, transit packets that match Precise Time Protocol (PTP) errata might be dropped.
[PR/949945: This issue has been resolved.]
• On an EX Series Virtual Chassis that is configured for DHCP services and configured with a DHCP server, when a client sends DHCP INFORM packets and then the same client sends the DHCP RELEASE packet, an IP address conflict might result because the same IP address has been assigned to two clients. As a workaround:
• 1. Clear the binding table: user@switch> clear system services dhcp binding
Copyright © 2017, Juniper Networks, Inc.
57
EX Series Switches Release Notes
58
•
2. Restart the DHCP service: user@switch> restart dhcp
[PR/953586: This issue has been resolved.]
• When the SNMP mib2d process polls system statistics from the kernel, the kernel might cause a memory leak (mbuf leak), which in turn might cause packets such as
ARP packets to be dropped at the kernel. [PR/953664: This issue has been resolved.]
Interfaces
• On EX9200 switches that are equipped with EX9200-32XS or EX9200-2C-8XS line cards, 10-gigabit ports on these cards might stay offline after a link flaps or after an
SFP+ is inserted. [PR/905589: This issue has been resolved.]
• On EX9200 switches, an inter-IRB route might not work if Q-in-Q tunneling is enabled, because the TPID (0x9100) is not set on egress dual-tagged packets, and other devices that receive these untagged packets might drop them. [PR/942124: This issue has been resolved.]
• On an EX9200 switch that is configured for DHCP relay, with the switch acting as the
DHCP relay agent, the switch might not be able to relay broadcast DHCP inform packets, which are used by the client to get more information from the DHCP server.
[PR/946038: This issue has been resolved.]
• On an EX Series switch, if you remove an SFP+ and then add it back or reboot the switch, and the corresponding disabled 10-gigabit interface is a member of a LAG, the link on that port might be activated. [PR/947683: This issue has been resolved.]
Layer 2 Features
• On EX Series switches, the following log message might appear after every commit operation for a configuration change: Aug 20 12:06:35.224 2013 UKLDNHASTST5B01 eswd[1309]: Bridge Address: add ffffffb0:ffffffc6:ffffff9a:69:ffffff9d:ffffff81 Aug 20
12:36:35.423 2013 UKLDNHASTST5B01 eswd[1309]: Bridge Address: add ffffffb0:ffffffc6:ffffff9a:69:ffffff9d:ffffff81 . The MAC address is that of the chassis.
This is an informational message and does not impact any service. [PR/916522: This issue has been resolved.]
•
On EX Series switches that are configured with Ethernet Ring Protection Switching
(ERPS), if the switch is configured as the RPS owner and is in a topology with other vendors' switches that are running ERPSv2 (ERPS version 2), when an indirect link failure occurs on the Ethernet ring, the ring protection link (RPL) end interface might not be able to get into the forwarding state. [PR/944831: This issue has been resolved.]
• On EX Series switches with RSTP enabled at the global level, when a VoIP-enabled interface is also enabled with VSTP, if you deactivate VSTP on this interface, the interface might stop forwarding traffic. [PR/952855: This issue has been resolved.]
•
On EX Series switches (except EX9200) with VSTP configured, if a switch has two access ports looped back that connect to another switch over a trunk port, this might cause an incorrect STP state (BLK or DESG) in the same VLAN on the trunk port. When this issue occurs, service is impacted. [PR/930807: This issue has been resolved.]
Copyright © 2017, Juniper Networks, Inc.
Resolved Issues in Junos OS Release 12.3 for EX Series Switches
Network Management and Monitoring
• An EX Series switch might send sFlow monitoring technology packets with source port
0. [PR/936565: This issue has been resolved.]
Port Security
•
On EX Series switches with VoIP configured, if the switch receives an IP source guard
(IPSG) or dynamic ARP inspection (DAI) route-delete message on an interface, voice
VLAN traffic on these interfaces might be dropped. [PR/937992: This issue has been resolved.]
Software Installation and Upgrade
• On EX8200 Virtual Chassis, an NSSU from Junos OS Release 11.4R9 to Release 12.3R4
brings down LAGs and other interfaces during the member-switch upgrades, and thus large traffic losses occur. [PR/914048: This issue has been resolved.]
Virtual Chassis
• In a protocol-mastership transition, the ksyncd process might fail to clean up the kernel
VPLS routing tables due to dependencies such as VLANs not being cleaned up first, leaving the tables in an inconsistent state. [PR/927214: This issue has been resolved.]
Issues Resolved in Release 12.3R7
The following issues have been resolved since Junos OS Release 12.3R6. The identifier following the description is the tracking number in our bug database.
Copyright © 2017, Juniper Networks, Inc.
59
EX Series Switches Release Notes
60
Authentication and Access Control
• On an EX Series switch that has both 802.1X authentication (dot1x) and a dynamic firewall filter enabled, when the server-timeout value is set to a short time (for example,
3 seconds), if many clients try to authenticate at the same time, a delay success authentication success message might be received on the switch due to a RADIUS server timeout, the firewall filter might corrupt the interfaces on which the authentication attempts were made, and the subsequent client authentications might fail due to the stale firewall filter. As a workaround, configure a server-timeout value that is greater than 30 seconds. [PR/967922: This issue has been resolved.]
Class of Service (CoS)
•
On an EX Series switch, when you configure both inet and inet6 on an interface and both dscp and dscp-ipv6 classifiers are configured on the switch, you might see this system log message: Jan 22 15:56:54.932 2014 EX4200 cosd[1306]: Classifier CLASSIFIER is not supported on ge-0/0/1.0 interface for inet6 family. Jan 22 15:56:54.932 2014 EX4200 cosd[1306]: Classifier CLASSIFIER6 is not supported on ge-0/0/1.0 interface for inet family.
This message has no operational effect on the switch, as this function is supported. You can ignore the message. [PR/956708: This issue has been resolved.]
High Availability
•
On EX Series switches with dual Routing Engines that are configured with IS-IS, if traceoptions is configured under [edit protocols isis], a Routing Engine switchover might cause IS-IS to flap or an rpd core file to be generated. [PR/954433: This issue has been resolved.]
Infrastructure
•
On an EX Series Virtual Chassis that has a virtual management Ethernet (vme) interface, when the Virtual Chassis is initially formed, you might be unable to access the Virtual
Chassis through the vme interface if the management cable is connected to a Virtual
Chassis member other than the master. As a workaround, reboot the Virtual Chassis.
[PR/934867: This issue has been resolved.]
• On EX8200 switches with Multicast Listener Discovery (MLD) snooping enabled, the number of MLD snooping entries might grow in the kernel, increasing the number of multicast groups to such an extent that eventually the forwarding table is filled, causing a service impact. [PR/940623: This issue has been resolved.]
• On EX Series switches with 802.1X enabled, when the RADIUS server is unreachable,
802.1X-enabled interfaces might stop forwarding traffic after you have deactivated the 802.1X protocol by deactivating [edit protocols dot1x]. As a workaround, deactivate
802.1X. [PR/947882: This issue has been resolved.]
•
On EX2200, EX3200, EX3300, EX4200, EX4500, EX4550, and EX6200 switches,
DHCPv6 unicast packets might be dropped after you enable a firewall filter on the loopback interface (lo0.0) to protect the Routing Engine. As a workaround, add a term to accept DHCPv6 packets in the loopback filter. [PR/960687: This issue has been resolved.]
Copyright © 2017, Juniper Networks, Inc.
Resolved Issues in Junos OS Release 12.3 for EX Series Switches
•
On EX9200 switches acting as DHCP relays, broadcast BOOTP reply messages that are received might be dropped. [PR/961520: This issue has been resolved.]
• On EX Series switches, starting in Junos OS Release 12.3, the file /var/log/wtmp is not rotated once a month or every 10 MB. As a workaround, manually rotate /var/log/wtmp by issuing the command set system syslog file wtmpl archive files 10 size 1M. [PR/964118:
This issue has been resolved.]
•
On EX Series switches except for EX9200, when an IPv6 firewall filter that has Layer
4 match conditions (for example, tcp-established) configured, is applied to routed
VLAN interfaces (RVIs) in the egress direction, these match conditions might not work as expected. [PR/972405: This issue has been resolved.]
•
On EX9200 switches, in a DHCP relay scenario, in cases where a binding entry already exists for a client, if the client sends a DHCP discover packet, the device might not relay
DHCP offers from any server other than the server used to establish the existing binding.
[PR/974963: This issue has been resolved.]
Interfaces and Chassis
•
On EX9200 switches with DHCP relay configured and with permanent ARP entries for relay clients installed, if a client is reachable through a different preferred path due to
STP topology changes, MC-LAG changes, and so on, the forwarding state is not refreshed, and traffic might be dropped until the relay binding is cleared. As a workaround, issue the following configuration command to suppress installation of destination routes (DHCPv4 only): set forwarding-options dhcp-relay route-suppression destination . [PR/961479: This issue has been resolved.]
• On EX Series switches with scaled ARP entries (for example, 48K entries), in a normal state, an ARP entry's current time is less than the expiry time. Some events might cause the current time to be greater than the expiry time, which prevents this ARP entry from being flushed, which causes a connectivity issue. One possible trigger event is an ICL flap in an MC-LAG scenario. [PR/963588: This issue has been resolved.]
• On EX9200 switches, the configuration statement mcae-mac-flush is not available in the CLI; it is missing from the [edit vlans] hierarchy level. [PR/984393: This issue has been resolved.]
Layer 3 Features
• On EX Series switches, EBGP neighborship might go down and an rpd core file might be created. [PR/960829: This issue has been resolved.]
•
On EX8200 switches, when the MTU value on a Layer 3 interface is configured as 1518 and you execute the clear pim join command or reboot the switch, multicast traffic might be dropped when packet sizes are greater than 1500, because the multicast route might eventually point to a smaller MTU value and packets cannot pass, even though the packet size is smaller than the MTU-configured value. As a workaround, configure all the Layer 3 interface MTUs to 9192. [PR/966704: This issue has been resolved.]
Copyright © 2017, Juniper Networks, Inc.
61
EX Series Switches Release Notes
Network Management and Monitoring
• On EX Series switches, an OAM CFM interface might not recover automatically if the action in [edit oam ethernet connectivity-fault-management action-profile link-down action action] is interface-down. As a workaround, do not use link-down in the action profile. [PR/948082: This issue has been resolved.]
Platform and Infrastructure
•
On an EX9200 switch working as a DHCP server, when you delete an IRB interface or change the VLAN ID of a VLAN corresponding with an IRB interface, the DHCP process
(jdhcpd) might create a core file after commit, because a stale interface entry in the jdhcpd database has been accessed. [PR/979565: This issue has been resolved.]
Port Security
• On EX Series switches that are configured for voice over IP (VoIP), if dynamic ARP inspection (DAI) is enabled with the voice VLAN, ARP packets might get dropped for this VLAN. [PR/946502: This issue has been resolved.]
Routing Protocols and Firewall Filters
• On EX Series switches that are configured for filter-based forwarding (FBF), if you configure a maximum transmission unit (MTU) on an egress interface, packets that are larger than the configured MTU size might be dropped. [PR/922581: This issue has been resolved.]
• On EX9200 switches with IGMP snooping enabled on an IRB interface, some transit
TCP packets might be treated as IGMP packets, causing packets to be dropped. As a workaround, disable IGMP snooping. [PR/979671: This issue has been resolved.]
Spanning-Tree Protocols
• On EX Series switches except EX2200 and EX9200, when Rapid Spanning Tree Protocol
(RSTP) and VLAN Spanning Tree Protocol (VSTP) are enabled at the same time, an
RSTP topology change might delete MAC entries learned on VLANs managed by VSTP.
[PR/900600:This issue has been resolved.]
Virtual Chassis
• On EX4550 Virtual Chassis and EX4550 mixed mode Virtual Chassis, the chassis manager process (chassism) might crash when the request support information is executed. [PR/977011: This issue has been resolved.]
•
On EX Series switches except EX9200, the Ethernet switching process (eswd) might crash when receiving Link Layer Discovery Protocol (LLDP) packets on a member interface of a LAG. This is because the LAG fails to handle LLDP packets. [PR/983330:
This issue has been resolved.]
62 Copyright © 2017, Juniper Networks, Inc.
Resolved Issues in Junos OS Release 12.3 for EX Series Switches
Issues Resolved in Release 12.3R8
The following issues have been resolved since Junos OS Release 12.3R7. The identifier following the description is the tracking number in our bug database.
Authentication and Access Control
•
On EX Series switches configured for accounting based on 802.1X RADIUS, if the
RADIUS server is enabled with the User-Name attribute and a new username is used to send account information, the switches might ignore this attribute and not send accounting information with the authentication username. [PR/950562: This issue has been resolved.]
•
On EX Series switches with 802.1X authentication enabled, if you associate an
802.1X-enabled interface in single-secure mode with a VLAN, when a client is authenticated on that VLAN and is later authenticated on a dynamic VLAN (a guest
VLAN or a VLAN assigned by a RADIUS server), the client might still be associated with the interface-associated VLAN and receive broadcast and multicast traffic of the VLAN associated with the interface. [PR/955141: This issue has been resolved.]
Class of Service
• On EX2200 or EX3300 switches that are running Junos OS Release 12.3R5 or later releases, CoS settings might remain active on interfaces after you have removed the
CoS-related configuration. [PR/992075: This issue has been resolved.]
Infrastructure
• On EX9200 switches, in a BOOTP relay agent scenario, DHCPACK messages that are sent in response to DHCPINFORM messages might not be forwarded to the DHCP client if these ACK messages are sent from a DHCP server other than the DHCP server that is in the DHCP relay agent's binding table. [PR/994735: This issue has been resolved.]
•
On EX8200 switches with link aggregation groups (LAGs) configured, high CPU utilization might be observed on line cards (FPCs) after you change the configuration of the LAGs. [PR/976781: This issue has been resolved.]
• On EX Series switches with Protocol Independent Multicast (PIM) configured, when the upstream interface on a rendezvous point (RP) changes between a Layer 3 interface and the PIM de-encapsulation interface for the multicast route, the earlier route entry might be deleted twice, which causes a loss of multicast traffic on the RP. [PR/982883:
This issue has been resolved.]
•
On EX4200 switches, the system date and time might change after you reboot the switch. [PR/985819: This issue has been resolved.]
• On EX Series switches, the software forwarding infrastructure process (sfid) might create a core file while processing a packet for which the TTL has expired, because the packet pointer is freed twice. [PR/988640: This issue has been resolved.]
Copyright © 2017, Juniper Networks, Inc.
63
EX Series Switches Release Notes
•
After you reboot an EX Series switch, the interface initial sequence on an aggregated
Ethernet member interface might not proceed properly and the interface might not come up. [PR/989300: This issue has been resolved.]
•
On EX Series switches except EX9200 switches, ARP reply packets might get dropped when the switch receives a large amount of reverse-path forwarding (RPF) multicast failure packets (for example, 300 pps). As a workaround, create a static ARP entry for the next-hop device. [PR/1007438: This issue has been resolved.]
•
On an EX2200 or EX3300 switch that is backed up by a Redundant Power System, if the configuration is committed on the switch side, the RPS might stop providing backup power, and the switch might be powered off. [PR/1011821: This issue has been resolved.]
• On EX Series switches that are configured for filter-based forwarding (FBF) and are running Junos OS 12.3R7 or a later release, configuring the accept action for a firewall filter to forward matched traffic to a specific routing instance might not work as expected, and all traffic is dropped. [PR/1014645: This issue has been resolved.]
Interfaces and Chassis
•
On an EX4500 or EX4550 switch with an MPLS circuit cross-connect (CCC) interface configured, there might be high CPU utilization by the software forwarding infrastructure process (sfid) while large amounts of IPv6 neighbor solicitation packets (for example,
1000 pps) are received on the MPLS CCC interface. [PR/961807: This issue has been resolved.]
•
On EX Series switches with Link Aggregation Control Protocol (LACP) enabled on a
LAG interface, after the master Routing Engine is rebooted, if the first LACP packet is dropped during switchover, the LACP state might get stuck in the same state for a long time (about 10s), which causes the LAG interface to flap and traffic to drop on the interface. [PR/976213: This issue has been resolved.]
• On EX8200 Virtual Chassis running Junos OS Release 12.3R6 or later releases, multicast and broadcast traffic might be dropped on Virtual Chassis ports (VCPs) in the following scenarios:
•
When a few link aggregation group (LAG)member interfaces go up and down continuously.
• When LAG member interfaces go up and down simultaneously.
•
After you delete a VCP that corresponds to a LAG member interface.
[PR/993369: This issue has been resolved.]
• On EX8200 switches with a generic routing encapsulation (GRE) tunnel configured, packets might be dropped permanently on GRE interfaces when you create a logical
GRE interface. The existing GRE interfaces are not affected by the addition of more
GRE interfaces. [PR/995990: This issue has been resolved.]
• On EX9200 switches, if you configure an interface with the mac-rewrite statement, the Layer 2 address learning process (l2ald) might create a core file. [PR/997978: This issue has been resolved.]
64 Copyright © 2017, Juniper Networks, Inc.
Resolved Issues in Junos OS Release 12.3 for EX Series Switches
•
If you configure autoinstallation on an EX3300 switch, you might see the error message
Unaligned memory access error
. [PR/999982: This issue has been resolved.]
• On EX4200 switches, some interface diagnostic optical values might be inconsistent between Junos OS Releases 12.3R6.6 and 12.3R7.7. [PR/1007055: This issue has been resolved.]
Layer 2 Features
• On EX Series switches, on the backup Routing Engine, in the Ethernet-switching process
(eswd), there might be a scenario that causes the backup Routing Engine to miss the sync update from kernel and get into an inconsistent state with respect to flood next-hop. An eswd core file is created on the backup Routing Engine. No outage occurs as the core file is on the backup Routing Engine. [PR/936567: This issue has been resolved.]
•
On EX Series switches, after a switch reboot, a Q-in-Q tunneling interface might not function as expected. The problem occurs when the interface is a member of a PVLAN with mapping set to swap and is also a member of a non-private VLAN. The PVID of the access interface does not get set when the PVLAN is configured before the non-private VLAN. The problem does not occur when the non-private VLAN is configured before the PVLAN. [PR/937927: This issue has been resolved.]
•
On EX Series switches with L2PT and Q-in-Q tunneling enabled, some of the MAC addresses might not be learned. The problem occurs when there is a high volume of
L2PT packets. As a workaround, restart the eswd and sfid processes. [PR/996638:
This issue has been resolved.]
Copyright © 2017, Juniper Networks, Inc.
65
EX Series Switches Release Notes
MPLS
• On EX Series switches running Junos OS Release 12.1R1 or later releases, the MPLS TTL might change to 1 on a transit MPLS switch, causing packets to be dropped on the egress MPLS tunnel due to TTL expiration. As a workaround, enable the no-decrement-ttl statement in the [edit protocols mpls] hierarchy level. [PR/1005436:
This issue has been resolved.]
Port Security
• On EX Series switches except EX9200, the port security allowed-mac feature might not work as expected. When this issue occurs, the traffic from an unauthorized host is unimpeded. [PR/1001124: This issue has been resolved.]
Routing Policy and Firewall Filters
• On EX3300 switches, when you use a wildcard mask in firewall filters, the error message
Unaligned memory access by pid 87736 [dfwc] at 1000f5 PC[4adec] might be displayed at commit. [PR/996083: This issue has been resolved.]
Spanning-Tree Protocols
•
On EX4550 Virtual Chassis switches with xSTP (RSTP, VSTP or MSTP) enabled, multiple xSTP-enabled interfaces might go into the STP Disabled state on the Packet
Forwarding Engine because of the overlap of STP identifiers. Traffic is dropped on these problematic interfaces. [PR/980551: This issue has been resolved.]
Issues Resolved in Release 12.3R9
The following issues have been resolved since Junos OS Release 12.3R8. The identifier following the description is the tracking number in our bug database.
Authentication and Access Control
•
On EX Series switches with 802.1X enabled, if the voice VLAN is authenticated using
MAC-based authentication and the data VLAN is authenticated using 802.1X-based authentication, traffic loss might occur on the voice VLAN during re-authentication.
[PR/1011985: This issue has been resolved.]
•
On an EX Series Virtual Chassis with 802.1X enabled, if the Software Forwarding
Infrastructure process (sfid) generates a core file, it causes the FPC to disconnect from the Routing Engine. The 802.1X process (dot1xd) receives a delete message for the physical interface (ifd) from the kernel, but does not clear the sessions associated with the interface. When those sessions expire and the corresponding timer attempts to access any interface data, then the dot1xd generates a core file. [PR/1016027: This issue has been resolved.]
• On EX Series switches, captive portal authentication is used to redirect Web browser requests to a login page. After the client is successfully authenticated, there might be a delay of 1-3 minutes before captive portal redirects the browser to the login page, and at times, the redirection might fail. [PR1026305: This issue has been resolved.]
66 Copyright © 2017, Juniper Networks, Inc.
Resolved Issues in Junos OS Release 12.3 for EX Series Switches
Class of Service
• On EX4500 switches, if CoS is configured on an interface and MPLS is enabled on the same interface, the configured CoS mapping might disappear. [PR/1034599: This issue has been resolved.]
Dynamic Host Configuration Protocol
• On EX Series switches, DHCP option 125 cannot be configured for use as the byte-stream option. [PR/895055: This issue has been resolved.]
Firewall Filters
•
On EX Series switches, a firewall filter configured on a loopback interface (lo0) containing a match condition for an IPv6 destination address with a prefix length longer than 8 leading bits might not work as expected. [PR/962009: This issue has been resolved.]
High Availability
• On EX4550 Virtual Chassis with LAG interfaces configured, the LAG interfaces might go down for approximately 30 seconds during an NSSU if two switches in the linecard role have consecutive member IDs and are members of a LAG interface with only two child members. LAG downtime will increase with the number of SFPs. [PR/1005024:
This issue has been resolved.]
• On EX Series switches, after you change the VRRP advertise interval, the VRRP Master is Dead timer value might still be based on the previous advertise interval. As a workaround, reboot the switch. [PR/1017319: This issue has been resolved.]
Infrastructure
•
On EX4500 or EX4550 switches, the software forwarding infrastructure process (sfid) might continuously create core files, causing interruptions in traffic, because packets are erroneously freed twice. A possible trigger is the handling of Layer 2 protocol tunneling packets. [PR/941482: This issue has been resolved.]
•
On EX4500 switches with an uplink module installed, if the uplink module is removed and then installed in less than 10 seconds, the chassis manager (chassism) might create a core file. [PR/941499: This issue has been resolved.]
•
On EX Series switches, if you use apply-groups in the configuration, the expansion of interfaces <*> apply-groups is done against all interfaces during the configuration validation process, even if apply-groups is configured only under a specific interface stanza. This does not affect the configuration; if the configuration validation passes, apply-groups is expanded correctly only on interfaces on which apply-groups is configured. [PR/967233: This issue has been resolved.]
• On EX8200 switches, a kernel memory leak might occur and core files might be created when a next-hop device is changed (for example, when MAC or ARP entries from
Layer 3 interfaces that span multiple Packet Forwarding Engines are flushed). You can
Copyright © 2017, Juniper Networks, Inc.
67
EX Series Switches Release Notes view the log files for the memory leak by issuing the show system virtual-memory | match temp command multiple times. [PR/977285: This issue has been resolved.]
•
On EX2200 switches, if CoS is configured on the VCP and network ports, the log message devrt_ifd getting linkstate failed for dev 1 port 0 might appear continuously.
These messages have no service impact. [PR/988063: This issue has been resolved.]
• On EX Series switches, GENCFG: op 8 (COS BLOB) failed; err error messages might appear in the log files. These messages have no service impact. [PR/997946: This issue has been resolved.]
•
On EX Series Virtual Chassis, if the master switch is rebooted or halted while traffic is flowing through one of its interfaces, the FDB entry remains in an incomplete or discard state for about 30 seconds. During that time, traffic that uses the FDB entry is lost.
[PR/1007672: This issue has been resolved.]
•
On EX2200-C switches, the log-out-on-disconnect command might not work, causing the previous console session users to be seen on the switch. [PR/1012964: This issue has been resolved.]
• If the disable-logging option is the only configured option under the [edit system ddos-protection global] hierarchy level, and if this option is deleted, the kernel might generate a core file. [PR/1014219: This issue has been resolved.]
•
On EX Series switches, hosts might lose connectivity to switches when the ARP entry ages out because of a programming error in the ARP entry for the Packet Forwarding
Engine hardware. [PR/1025082: This issue has been resolved.]
• On EX Series switches, the ptopoConnLastVerify MIB returns a wrong value.
[PR/1049860: This issue has been resolved.]
•
On EX Series switches, the ptopoConnRemotePort MIB returns a wrong value.
[PR/1052129: This issue has been resolved.]
Interfaces and Chassis
•
On EX9200 switches that are configured in a multicast scenario with PIM enabled, an
(S,G) discard route might stop programming if the switch receives resolve requests from an incorrect reverse-path-forwarding (RPF) interface. After this issue occurs, the
(S,G) state might not be updated when the switch receives multicast traffic from the correct RPF interfaces, and multicast traffic might be dropped. [PR/1011098: This issue has been resolved.]
• On EX9200 switches, in an MC-LAG scenario, a MAC address might incorrectly point to an inter-chassis control link (ICL) after a MAC move from a single-home LAG to the
MC-LAG. [PR/1034347: This issue has been resolved.]
68 Copyright © 2017, Juniper Networks, Inc.
Resolved Issues in Junos OS Release 12.3 for EX Series Switches
J-Web Interface
• On EX Series switches, the J-Web service might become slow or unresponsive.
[PR/1017811: This issue has been resolved.]
Layer 2 Features
•
On EX Series switches, an Ethernet switching process (eswd) memory leak might occur if the following conditions are met:
• If a VLAN has the VLAN index 0, and the VLAN is deleted, but the memory is not freed accordingly.
•
In a Multiple VLAN Registration Protocol (MVRP) scenario, when a VLAN map entry is deleted, but the memory is not freed accordingly.
[PR/956754: This issue has been resolved.]
•
On EX Series switches running Junos OS Release 12.1R1 or later with Layer 2 protocol tunneling (L2PT) configured, if the switch receives a burst of more than 10 L2PT packets, the excessive L2PT packets might be dropped. [PR/1008983: This issue has been resolved.]
•
On EX Series switches with private VLAN (PVLAN) and DHCP snooping configured, if the interface configured with PVLAN flaps, the Ethernet switching process (eswd) might stop responding to management requests, and high eswd and Software
Forwarding Infrastructure process (sfid) utilization might be observed. [PR/1022312:
This issue has been resolved.]
Network Management and Monitoring
• On EX Series switches, the connectivity fault management process (cfmd) might generate a core file. This happens when the Ethernet switching process (eswd) sends information to the cfmd to update its VLAN database, but because of a timing issue, the VLAN ID that the cfmd has is no longer current. [PR/961662: This issue has been resolved.]
• On EX Series Virtual Chassis, if one member of the Virtual Chassis is rebooted or if there is a switch failover, the connectivity fault management process (cfmd) might continue to send next-hop add requests to the kernel, which results in traffic being dropped when the next-hop space index is exhausted. [PR/1016587: This issue has been resolved].
Port Security
•
On EX Series switches, there might be traffic loss under any of the following conditions:
• IP source guard is enabled and then disabled.
• An interface belonging to a VLAN that has IP source guard enabled is changed to another VLAN that does not have IP source guard enabled.
•
802.1X authentication is enabled or disabled on an interface belonging to a VLAN that has IP source guard enabled.
Copyright © 2017, Juniper Networks, Inc.
69
EX Series Switches Release Notes
[PR/1011279: This issue has been resolved.]
Routing Protocols
• On EX9200 Virtual Chassis, the chassisd on the protocol master RE and the protocol backup Routing Engine connect to the main SNMP process (snmpd) on the protocol master using the following methods:
• Chassisd on the protocol master Routing Engine connects, using a local socket because snmpd is running locally.
•
Chassisd on the protocol backup Routing Engine connects, using a TNP socket because snmpd is not local.
As a result, all processes that run on the protocol master (other than chassisd) attempt to connect to snmpd by using the TNP socket instead of a local socket. The snmpd does not accept these connections. [PR/986009: This issue has been resolved.]
•
On EX Series switches with dual Routing Engines, in a multicast scenario, the routing protocol process (rpd) might generate a core file when the backup Routing Engine processes a multicast resolve request to add a multicast route entry that is already present. [PR/1018896: This issue has been resolved.]
Virtual Chassis
•
On EX Series Virtual Chassis, if VLAN pruning is enabled on a VLAN, traffic on that
VLAN might be dropped on the Virtual Chassis port (VCP) if the link is changed from trunk to access mode and then back to trunk mode. [PR/1012049: This issue has been resolved.]
•
In an EX8200 Virtual Chassis with three members and link aggregation group interfaces configured, traffic might be dropped on the LAG interfaces after one member of the
Virtual Chassis is rebooted. [PR/1016698: This issue has been resolved.]
•
In an EX8200 Virtual Chassis with tunnel interfaces configured, for example, for GRE or a LAG, traffic might be dropped on tunnel interfaces after an upgrade using NSSU.
[PR/1028549: This issue has been resolved.]
Issues Resolved in Release 12.3R10
The following issues have been resolved since Junos OS Release 12.3R9. The identifier following the description is the tracking number in our bug database.
Authentication and Access Control
• On EX4500 and EX8200 switches with LLDP enabled and Edge Virtual Bridging (EVB) configured, when a switch is connected to a virtual machine (VM) server using Virtual
Ethernet Port Aggregator (VEPA) technology, the EVB TLV in LLDP packets might be sent to the incorrect multicast MAC address of 01:80:c2:00:00:0e instead of the correct address 01:80:c2:00:00:00. [PR/1022279: This issue has been resolved.]
• On EX Series switches, the output for the ptopoConnRemotePort MIB might display an incorrect value for portIDMacAddr. [PR/1061073: This issue has been resolved.]
70 Copyright © 2017, Juniper Networks, Inc.
Resolved Issues in Junos OS Release 12.3 for EX Series Switches
Infrastructure
• On EX Series switches, when the auto-negotiation statement is configured at the [edit interfaces interface-name ether-options] hierarchy level, and the configured-flow-control statement is configured at the [edit interfaces interface-name aggregated-ether-options] hierarchy level, and both objects have the same attribute ID (aid), the CoS process
(cosd) might generate a core file. [PR/837458: This issue has been resolved.]
• On EX Series switches, if multiple L3 and non-L2 sub-interfaces are enabled on a physical interface, and the family is deleted on a sub-interface or a sub-interface itself is deleted, traffic might be sent to the Routing Engine instead of the Packet Forwarding
Engine, which can impact performance. [PR/1032503: This issue has been resolved.]
• On an EX8216 switch, if the Switch Interface Board (SIB) or the Switch Fabric (SF) module fails, there are no spare fabric planes available for switchover, which might cause a traffic outage. Depending on the nature of the SIB failure, the plane might need to be taken offline to resolve the issue. [PR/1037646: This issue has been resolved.]
• On EX4200 switches, high levels of traffic bound for the Routing Engine might cause the watchdog timer to expire, which in turn, causes the switch to reboot. This issue is seen with Protocol Independent Multicast (PIM) configurations when the multicast route is not present in the Packet Forwarding Engine for some amount of time, during which the multicast traffic for that route is routed to the CPU. [PR/1047142: This issue has been resolved.]
•
On EX4200 and EX3200 switches, a high number of pause frames received on the switch interfaces might cause a soft reset of the switch. The following messages will be seen in /var/log when the switch undergoes a soft reset:
/kernel: simulated intr
chassism[1293]: cm_java_pfe_critical_error_check: Soft-resetting device 1
If the pause frames are continuous and frequent, this might result in continuous soft reset of the Packet Forwarding Engine. The impact on traffic of a soft reset of the
Packet Forwarding Engine is minor; however, if the switch is a member of a Virtual
Chassis, continuous soft resets due to pause frames might cause the FPC to detach from the Virtual Chassis, leading to other traffic related issues. [PR/1056787: This issue has been resolved.]
•
On EX9200 switches, a software upgrade might cause firewall filters to redirect packets to an incorrect routing instance. [PR/1057180: This issue has been resolved.]
Layer 2 Features
•
On EX Series switches, SNMP MAC notification traps are not generated if an interface goes down after a cable has been removed or disconnected, though traps are generated after the interface comes back up for MAC address removal, and also when a MAC address has been learned. [PR/1070638: This issue has been resolved.]
•
On EX Series switches except EX4600 and EX9200 switches, when MSTP is configured, the Ethernet switching process (eswd) might generate multiple types of core files in the large-scale VLANs that are associated with Multiple Spanning-Tree Instances
(MSTIs). [PR/1083395: This issue has been resolved.]
Copyright © 2017, Juniper Networks, Inc.
71
EX Series Switches Release Notes
MPLS
• On EX4500 and EX8200 switches, if the switch is configured as a P router for MPLS,
MPLS labels might be seen on the P router where the packets transit the Routing Engine on both input and output MPLS interfaces. This might lead to high CPU usage and can impact performance. [PR/1038618: This issue has been resolved.]
Virtual Chassis
• On an EX4550 Virtual Chassis with VLAN pruning enabled, if the LACP child interfaces span different Virtual Chassis members, then changing the Routing Engine mastership and rebooting the backup Routing Engine might cause the LACP child interfaces to remain in detached or passive state. [PR/1021554: This issue has been resolved.]
Issues Resolved in Release 12.3R11
The following issues have been resolved since Junos OS Release 12.3R10. The identifier following the description is the tracking number in our bug database.
Infrastructure
• On EX4500 and EX4550 switches, if you disable an interface on an EX-SFP-10GE-LR uplink module by issuing the CLI command set interface interface-name disable, and then the interface through which a peer device is connected to the interface on the uplink module goes down, the CPU utilization of the chassis manager process
(chassism) might spike, causing chassism to create a core file. [PR/1032818: This issue has been resolved.]
• On EX4200, EX4500, EX6200, and EX8200 switches that are configured with distributed periodic packet management (PPM) mode, if you configure the Bidirectional
Forwarding Detection (BFD) minimum-receive-interval value to a custom interval, BFD packets might be sent to a remote neighbor at a rate that exceeds the remote minimum-receive-interval value. As a workaround, configure PPM in centralized mode.
[PR/1055830: This issue has been resolved.]
• On EX Series switches except EX9200 switches, if you configure both family ethernet-switching and vlan-tagging on the same interface, traffic might be dropped.
[PR/1059480: This issue has been resolved.]
•
On an EX8200 Virtual Chassis, if you configure vlan-tagging on an interface without configuring a family for the interface, the Packet Forwarding Engine might program an improper MAC address (the local chassis MAC) instead of the router MAC, which is used for routing. As a workaround, configure family inet on the interface. [PR/1060148:
This issue has been resolved.]
• On EX Series switches except EX9200, configuring more than 1000 IPv4 addresses might prevent gratuitous ARP packets from being sent to peers. [PR/1062460:This issue has been resolved.]
• On EX4200 switches, if CoS scheduler maps are configured on all interfaces with the loss-priority value set to high, traffic between different Packet Forwarding Engines might be dropped. [PR/1071361: This issue has been resolved.]
72 Copyright © 2017, Juniper Networks, Inc.
Resolved Issues in Junos OS Release 12.3 for EX Series Switches
•
On EX3200 and EX4200 switches, if you apply a firewall filter to or remove it from a large number of interfaces, the Packet Forwarding Engine manager process (pfem) might generate a core file. [PR/1073055: This issue has been resolved.]
•
On EX4500 and EX4550 Virtual Chassis, NFS/UDP fragmented packets might be dropped if these packets ingress over an aggregated bundle and traverse VCP links.
[PR/1074105: This issue has been resolved.]
• On EX3300 switches, the output for the show system license command displays invalid for connectivity-fault-management. You can ignore this output; CFM is included in the
EFL license. [PR/1087581: This issue has been resolved.]
•
On EX Series switches, if you change the PIM mode from sparse to dense or dense to sparse, a pfem core file might be generated. [PR/1087730: This issue has been resolved.]
• On EX Series switches, the Packet Forwarding Engine Manager process (pfem) might crash and generate a core file when the TCAM is full. [PR/1107305: This issue has been resolved.]
•
On EX4500 or EX4550 Virtual Chassis, if an NFS/UDP fragmented packet enters the
Virtual Chassis through a LAG and traverses a Virtual Chassis port (VCP) link, CPU utilization might become high, and the software forwarding infrastructure process
(sfid) might generate a core file. [PR/1109312: This issue has been resolved.]
Layer 2 Features
• On an EX3300 switch, in a broadcast storm situation in which DHCP snooping is enabled and there are repeated DHCP requests and acknowledgements arriving on the switch as a result of IP addresses not being accepted by clients, the eswd process might create a core file. [PR/1109312: This issue has been resolved.]
• On EX4200 switches with DHCP snooping configured, when a host moves from one interface to another interface and then renews its DHCP lease, the DHCP snooping database might not get updated, and thus the host might not connect on the new interface. [PR/1112811: This issue has been resolved.]
Platform and Infrastructure
• On EX4300 and EX9200 switches, the show ethernet-switching table vlan-name
vlan-name | display xml CLI command does not have the vlan-name attribute in the
<l2ng-l2ald-rtb-macdb› xml tag. [PR/955910: This issue has been resolved.]
Issues Resolved in Release 12.3R12
The following issues have been resolved since Junos OS Release 12.3R11. The identifier following the description is the tracking number in our bug database.
Authentication and Access Control
• On an EX Series switch acting as a DHCPv6 server, the server does not send a Reply packet after receiving a Confirm packet from the client; the behavior is not compliant with the RFC3315 standard. [PR/1025019: This issue has been resolved.]
Copyright © 2017, Juniper Networks, Inc.
73
EX Series Switches Release Notes
•
On EX Series switches, if 802.1X authentication (dot1x) is configured on all interfaces, an 802.1X-enabled interface might get stuck in the Initialize state after the interface goes down and comes back up, and 802.1X authentication fails. Also, if 802.1X
authentication (dot1x) is configured on all interfaces and the no-mac-table-binding configuration statement is configured under the [edit protocols dot1x authenticator] hierarchy level, the dot1x process (dot1xd) might generate core files after it is deactivated and then reactivated, and 802.1X authentication might be temporarily impacted until the process restarts automatically. [PR/1127566: This issue has been resolved.]
Infrastructure
•
On an EX2200 or EX3300 switch on which Dynamic Host Configuration Protocol
(DHCP) relay is enabled, when a client requests an IP address, the system might generate a harmless warning message such as: /kernel: Unaligned memory access by pid 19514 [jdhcpd] at 46c906 PC[104de0] . [PR/1076494: This issue has been resolved.]
• On EX3200 and EX4200 switches with multiple member interfaces on an aggregated
Ethernet (AE) interface and with a large-scale CoS configuration enabled on the AE interface, a Packet Forwarding Engine limitation might be exceeded, because of which the PFE might return an invalid ID, and the Packet Forwarding Engine Manager (pfem) process might spike and crash frequently. [PR/1109022: This issue has been resolved.]
• On EX Series switches, an interface with an EX-SFP-1GE-LH transceiver might not come up and the transceiver might be detected as an SFP-EX transceiver. [PR/1109377:
This issue has been resolved.]
• On EX4500 switches, if MPLS and CoS behavior aggregate (BA) classifiers are configured on the same interface, the BA classifiers might not work. As a workaround, use multifield (MF) classifiers instead of BA classifiers. [PR/1116462: This issue has been resolved.]
74 Copyright © 2017, Juniper Networks, Inc.
Changes to and Errata in Documentation for Junos OS Release 12.3 for EX Series Switches
Interfaces and Chassis
• On a two-member EX8200 Virtual Chassis, if the Link Aggregation Control Protocol
(LACP) child interfaces are configured across different Virtual Chassis members, the
MUX state in some of the LAG member interfaces might remain in the
attached/detached state after you disable and enable the aggregated Ethernet (AE) interface. [PR/1102866: This issue has been resolved.]
Network Management and Monitoring
•
On EX Series switches, there are two issues regarding SNMP MIB walks: A private interface—for example, pime.32769—must have an ifIndex value of less than 500. If you do not add the private interface to a static list of rendezvous point (RP) addresses, the mib2d process assigns an ifIndex value from the public pool (with ifIndex values greater than 500) to the interface, which then will have an incorrect ifIndex allocation.
A random Request failed: OID not increasing error might occur when you issue the show snmp mib walk command, because the kernel response for a 10-gigabit interface during an SNMP walk might take more than 1 second, and the mib2d process receives duplicate
SNMP queries from the snmpd process. [PR/1121625: This issue has been resolved.]
Spanning-Tree Protocols
•
On EX Series switches with bridge protocol data unit (BPDU) protection configured on all edge ports, edge ports might not work correctly and might revert to the unblocking state when the drop option is configured under the [edit ethernet-switching-options bpdu-block interface xstp-disabled] hierarchy level. [PR/1128258: This issue has been resolved.]
Related
Documentation
•
New Features in Junos OS Release 12.3 for EX Series Switches on page 6
•
Changes in Default Behavior and Syntax in Junos OS Release 12.3 for EX Series Switches on page 17
•
Limitations in Junos OS Release 12.3 for EX Series Switches on page 20
•
Outstanding Issues in Junos OS Release 12.3 for EX Series Switches on page 29
•
Changes to and Errata in Documentation for Junos OS Release 12.3 for EX Series
•
Upgrade and Downgrade Instructions for Junos OS Release 12.3 for EX Series Switches on page 77
Changes to and Errata in Documentation for Junos OS Release 12.3 for EX Series
Switches
•
Changes to Junos OS for EX Series Switches Documentation on page 76
•
Copyright © 2017, Juniper Networks, Inc.
75
EX Series Switches Release Notes
Changes to Junos OS for EX Series Switches Documentation
The following changes have been made to the documentation for Junos OS Release 12.3
for EX Series switches since it was published:
•
The EZ Touchless Provisioning feature has been renamed Zero Touch Provisioning
(ZTP). The feature was introduced on EX Series switches in Junos OS Release 12.2. For more information, see Understanding Zero Touch Provisioning .
• The EX2200 Virtual Chassis and the EX2200-C Virtual Chassis no longer require a software license. The document describing the software licenses for EX Series switches has been updated with this information. See
Understanding Software Licenses for EX
Series Switches
.
•
The request system software validate command is not supported on EX Series switches.
The documentation for the request system software validate command has been updated with this information. See request system software validate
. [This issue is being tracked by PR/821244.]
• The request system software add command validate option is not supported on EX
Series switches. The documentation for the request system software add command has been updated with this information. See request system software add . [This issue is being tracked by PR/821244.]
Errata
This section lists outstanding issues with the published documentation for Junos OS
Release 12.3 for EX Series switches.
•
The EX4500 switch models that support Converged Enhanced Ethernet (CEE) now also support IEEE Data Center Bridging Capability Exchange protocol (IEEE DCBX).
These switches previously supported only DCBX version 1.01. The documentation does not reflect this support update. See
“New Features in Junos OS Release 12.3 for EX
for more information about the feature.
•
You can configure VN_Port to VN_Port FIP snooping if the hosts are directly connected to the same EX4500 switch. See
Example: Configuring VN2VN_Port FIP Snooping (FCoE
Hosts Directly Connected to the Same FCoE Transit Switch) for details about this configuration. The documentation does not yet reflect this support update for EX4500 switches.
•
The documentation for firewall filters on the switches states: By default, a configuration
that does not contain either ether-type or ip-version in a term applies to IPv4 traffic. This is incorrect; the configuration must include the match condition ether_type = ipv4 for an Ethernet-switching filter to be applied to only IPv4 traffic.
• The documentation for the EX9200 switches does not mention that the EX9200 switches do not process media access control (MAC) PAUSE frames.
•
The documentation for the EX9200 switches does not mention that the EX9200 switches calculate the IRB interface family inet MTU by taking the minimum MTU of its Layer 2 members.
76 Copyright © 2017, Juniper Networks, Inc.
Upgrade and Downgrade Instructions for Junos OS Release 12.3 for EX Series Switches
•
The documentation for the 12.3 release does not mention the dedicated Virtual Chassis port (VCP) link aggregation feature on EX4550 switches. Starting in Junos OS Release
12.3R2, the dedicated VCPs on EX4550 switches automatically form a link aggregation group (LAG) bundle when two or more dedicated VCPs are used to interconnect the same Virtual Chassis member switches . An EX4550 switch can include up to four dedicated VCPs, and all four dedicated VCPs can act as member links in a LAG when they are used to interconnect to the same Virtual Chassis member switch. Dedicated
VCPs and optical ports configured as VCPs cannot be member links in the same LAG and are placed into different LAGs when both are configured to connect to the same
EX4550 member switch.
• The OSPF Configuration Guide incorrectly includes the transmit-interval statement at the [edit protocols ospf area area interface interface-name] hierarchy level. The transmit-interval statement at this hierarchy level is deprecated in the Junos OS CLI.
• The NETCONF XML Management Protocol Guide incorrectly states that when performing a confirmed commit operation using the <commit> element, the <confirm-timeout> value specifies the number of minutes for the rollback deadline. The value of the
<confirm-timeout> element actually specifies the number of seconds for the rollback deadline.
[NETCONF XML Management Protocol Guide]
• PR963565 was erroneously added to the Junos OS 12.3 release notes. We removed it from the Outstanding Issues section of the release notes at Release 12.3R12.
Related
Documentation
•
New Features in Junos OS Release 12.3 for EX Series Switches on page 6
•
Changes in Default Behavior and Syntax in Junos OS Release 12.3 for EX Series Switches on page 17
•
Limitations in Junos OS Release 12.3 for EX Series Switches on page 20
•
Outstanding Issues in Junos OS Release 12.3 for EX Series Switches on page 29
•
Resolved Issues in Junos OS Release 12.3 for EX Series Switches on page 33
•
Upgrade and Downgrade Instructions for Junos OS Release 12.3 for EX Series Switches on page 77
Upgrade and Downgrade Instructions for Junos OS Release 12.3 for EX Series Switches
This section discusses the following topics:
•
Upgrade and Downgrade Support Policy for Junos OS Releases on page 78
•
Upgrading EX Series Switches Using NSSU on page 78
•
Upgrading to Junos OS Release 12.1R2 or Later with Existing VSTP
•
Upgrading from Junos OS Release 10.4R3 or Later on page 80
•
Upgrading from Junos OS Release 10.4R2 or Earlier on page 81
Copyright © 2017, Juniper Networks, Inc.
77
EX Series Switches Release Notes
Upgrade and Downgrade Support Policy for Junos OS Releases
Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life
(EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.
You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example,
Junos OS Releases 10.0, 10.4, and 11.4 are EEOL releases. You can upgrade from Junos OS
Release 10.0 to Release 10.4 or even from Junos OS Release 10.0 to Release 11.4. However, you cannot upgrade directly from a non-EEOL release that is more than three releases ahead or behind. For example, you cannot directly upgrade from Junos OS Release 10.3
(a non-EEOL release) to Junos OS Release 11.4 or directly downgrade from Junos OS
Release 11.4 to Junos OS Release 10.3.
To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.
For more information about EEOL releases and to review a list of EEOL releases, see http://www.juniper.net/support/eol/junos.html
.
Upgrading EX Series Switches Using NSSU
You can use nonstop software upgrade (NSSU) to upgrade Junos OS releases on standalone EX6200 and EX8200 switches with dual Routing Engines and on EX3300,
EX4200, EX4500, EX4550, and EX8200 Virtual Chassis. NSSU enables you to upgrade the software with a single command and minimal disruption to network traffic.
To optimize the quality and reliability of NSSU across multiple EX Series platforms and
Junos OS releases, starting with Junos OS Release 12.3R6, NSSU support is limited to specific release combinations using the following guidelines:
• NSSU support is limited to N-1 to N and N to N+1 major release versions, where N represents a major release version such as 12.1, 12.2, or 12.3.
For example, NSSU from Release 11.4 to Release 12.2 is supported. NSSU from Release
11.x to Release 13.x is not supported.
• NSSU support is limited to N.3 and N.6 minor release versions.
For example, NSSU from Release 11.4R11 to Releases 12.1R3, 12.1R6, 12.2R3, 12.2R6,
12.3R3, and 12.3R6 is supported.
• Additional NSSU support for EEOL releases is provided within the same major release version and is limited to two consecutive prior minor releases.
For example, NSSU from Release 11.4R9 or 11.4R10 to Release 11.4R11 is supported.
For details on the supported Junos OS release combinations for upgrading EX Series switches using NSSU, see the tables in
Junos OS Release Support for Upgrading EX Series
Switches Using NSSU
.
78 Copyright © 2017, Juniper Networks, Inc.
Upgrade and Downgrade Instructions for Junos OS Release 12.3 for EX Series Switches
For details on NSSU, including procedures, see
Understanding Nonstop Software Upgrade on EX Series Switches
.
NOTE: On a Virtual Chassis, you can use NSSU to upgrade from a domestic version of Junos OS to a controlled (MACsec) version of Junos OS. You cannot, however, use NSSU to upgrade from the controlled version of Junos OS to a domestic version of Junos OS.
NOTE: On an EX8200 Virtual Chassis, an NSSU operation can be performed only if you have configured the XRE200 External Routing Engine member ID to be 8 or 9.
NOTE: Do not use NSSU to upgrade the software on an EX8200 switch from
Junos OS Release 10.4 if you have configured the IGMP, MLD, or PIM protocols on the switch. If you attempt to use NSSU, your switch might be left in a nonfunctional state from which it is difficult to recover. If you have these multicast protocols configured, upgrade the software on the EX8200 switch from Junos OS Release 10.4 by following the instructions in Installing Software on an EX Series Switch with Redundant Routing Engines (CLI Procedure) . This issue does not apply to upgrades from Junos OS Release 11.1 or later.
NOTE: If you are using NSSU to upgrade the software on an EX8200 switch from Junos OS Release 10.4 and sFlow technology is enabled, disable sFlow technology before you perform the upgrade using NSSU. After the upgrade is complete, you can reenable sFlow technology. If you do not disable sFlow technology before you perform the upgrade with NSSU, sFlow technology does not work properly. This issue does not affect upgrades from Junos OS
Release 11.2 or later.
Upgrading to Junos OS Release 12.1R2 or Later with Existing VSTP Configurations
If you are upgrading to Junos OS Release 12.1R2 or later from Release 12.1R1 or earlier, ensure that any VSTP configurations on the switch meet the following guidelines. If the
VSTP configurations do not meet these guidelines and you run the upgrade, the upgrade fails and you have to connect the console, change the invalid VSTP configurations, and commit the changed configurations through the console. Guidelines for VSTP configurations are:
• If you have specified physical interfaces for VSTP-configured VLANs, ensure that those interfaces are members of the VLANs specified in the VSTP configuration. If the VSTP configuration specifies vlan all, then the interfaces configured at the [edit protocols vstp vlan all] hierarchy level must be members of all VLANs.
Copyright © 2017, Juniper Networks, Inc.
79
EX Series Switches Release Notes
•
If the interfaces are not members of the VLANs in the VSTP configurations but are already added to the VSTP configurations, remove them from those configurations, add them to the VLANs, and then add them back to the VSTP configurations.
[This issue is being tracked by PR/736488 in our bug database.]
Upgrading from Junos OS Release 10.4R3 or Later
This section contains the procedure for upgrading from Junos OS Release 10.4R3 or later to Junos OS Release 12.2. You can use this procedure to upgrade Junos OS on a standalone
EX Series switch with a single Routing Engine and to upgrade all members of a Virtual
Chassis or a single member of a Virtual Chassis.
To upgrade Junos OS on an EX6200 or EX8200 switch with dual Routing Engines, see
Installing Software on an EX Series Switch with Redundant Routing Engines (CLI Procedure) .
On switches with dual Routing Engines or on Virtual Chassis, you might also be able to use nonstop software upgrade (NSSU) to upgrade Junos OS. See
Switches Using NSSU” on page 78
for more information.
To upgrade Junos OS on a switch with a single Routing Engine or on a Virtual Chassis:
1.
Download the software package as described in
Downloading Software Packages from
Juniper Networks
.
2.
(Optional) Back up the current software configuration to a second storage option.
See the
Junos OS Installation and Upgrade Guide
for instructions.
3.
(Optional) Copy the software package to the switch. We recommend that you use
FTP to copy the file to the /var/tmp directory.
This step is optional because you can also upgrade Junos OS using a software image that is stored at a remote location.
4.
Install the new software package on the switch: user@switch> request system software add package
Replace package with one of the following paths:
• /var/tmp/package.tgz
—For a software package in a local directory on the switch
• ftp://hostname/pathname/package.tgz
or http://hostname/pathname/package.tgz
—For a software package on a remote server
package
.tgz is the name of the package; for example, jinstall-ex-4200-11.4R1.8-domestic-signed.tgz
.
To install software packages on all switches in a mixed EX4200 and EX4500 Virtual
Chassis, use the set option to specify both the EX4200 package and the EX4500 package: user@switch> request system software add set [package package]
To install the software package on only one member of a Virtual Chassis, include the member option: user@switch> request system software add package member member-id
80 Copyright © 2017, Juniper Networks, Inc.
Upgrade and Downgrade Instructions for Junos OS Release 12.3 for EX Series Switches
Other members of the Virtual Chassis are not affected. To install the software on all members of the Virtual Chassis, do not include the member option.
NOTE: To abort the installation, do not reboot your device. Instead, finish the installation and then issue the request system software delete
package.tgz
command, where package.tgz is the name of the package; for example, jinstall-ex-8200-11.4R1.8-domestic-signed.tgz. This is the last chance to stop the installation.
5.
Reboot the switch to start the new software: user@switch> request system reboot
To reboot only a single member in a Virtual Chassis, include the member option: user@switch> request system reboot member
6.
After the reboot has finished, log in and verify that the new version of the software is properly installed: user@switch> show version
7.
Once you have verified that the new Junos OS version is working properly, copy the version to the alternate slice to ensure that if the system automatically boots from the backup partition, it uses the same Junos OS version: user@switch> request system snapshot slice alternate
To update the alternate root partitions on all members of a Virtual Chassis, include the all-members option: user@switch> request system snapshot slice alternate all-members
Upgrading from Junos OS Release 10.4R2 or Earlier
To upgrade to Junos OS Release 12.3 from Junos OS Release 10.4R2 or earlier, first upgrade to Junos OS Release 11.4 by following the instructions in the Junos OS Release 11.4 release notes. See Upgrading from Junos OS Release 10.4R2 or Earlier or Upgrading from Junos OS
Release 10.4R3 or Later in the Junos OS 11.4 Release Notes .
Related
Documentation
•
New Features in Junos OS Release 12.3 for EX Series Switches on page 6
•
Changes in Default Behavior and Syntax in Junos OS Release 12.3 for EX Series Switches on page 17
•
Limitations in Junos OS Release 12.3 for EX Series Switches on page 20
•
Outstanding Issues in Junos OS Release 12.3 for EX Series Switches on page 29
•
Resolved Issues in Junos OS Release 12.3 for EX Series Switches on page 33
•
Changes to and Errata in Documentation for Junos OS Release 12.3 for EX Series
Copyright © 2017, Juniper Networks, Inc.
81
EX Series Switches Release Notes
Revision History
5 January 2016—Revision 1, Junos OS Software for EX Series Switches, Release 12.3R12
29 Sept. 2015—Revision 1, Junos OS Software for EX Series Switches, Release 12.3R11
5 February 2015—Revision 1, Junos OS Software for EX Series Switches, Release 12.3R9
2 August 2012—Revision 1, Junos OS Software for EX Series Switches, Release 12.3B1
30 October 2012—Revision 1, Junos OS Software for EX Series Switches, Release 12.3B2
16 January 2013—Revision 1, Junos OS Software for EX Series Switches, Release 12.3R1
18 March 2013—Revision 1, Junos OS Software for EX Series Switches, Release 12.3R2
5 April 2013—Revision 2, Junos OS Software for EX Series Switches, Release 12.3R2
18 June 2013—Revision 1, Junos OS Software for EX Series Switches, Release 12.3R3
29 August 2013—Revision 1, Junos OS Software for EX Series Switches, Release 12.3R4
08 December 2013—Revision 1, Junos OS Software for EX Series Switches, Release 12.3R5
25 February 2014—Revision 1, Junos OS Software for EX Series Switches, Release 12.3R6
26 February 2014—Revision 2, Junos OS Software for EX Series Switches, Release 12.3R6
10 June 2014—Revision 1, Junos OS Software for EX Series Switches, Release 12.3R7
2 September 2014—Revision 1, Junos OS Software for EX Series Switches, Release 12.3R8
82 Copyright © 2017, Juniper Networks, Inc.
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project