Re: [j-nsp] Best Place to Buy Used Juniper

2016-03-28 Thread Damien DeVille 
 I would suggest that this is different from other used gear options in
that it is actually gear that is officially certified by Juniper and is not
"grey market".  This means that you don't have to pay to get it inspected
and reinstated per
http://www.juniper.net/support/inspection_reinstatement.pdf.

Juniper partnered with PureWRX to make this program work.

Check out http://junipercpo.net/why-buy-jcpo/ and
http://www.businesswire.com/news/home/20150810005317/en/PureWRX-Partners-Juniper-Networks-Offer-Certified-Pre-Owned
for more information.




- Damien

On Mon, Mar 28, 2016 at 12:49 PM, Colton Conor 
wrote:

> Graham,
>
> I have never seen this  http://junipercpo.net/ website until now. Are they
> really any different than the rest of the used Juniper guys? How does their
> pricing compare to what you see on eBay for example?
>
> On Sat, Mar 26, 2016 at 5:44 PM, Graham Brown <
> juniper-...@grahambrown.info>
> wrote:
>
> > Hi Colton,
> >
> > The official used, Juniper-certified gear is available here:
> > http://junipercpo.net/
> >
> > HTH,
> > Graham
> >
> > Graham Brown
> > Twitter - @mountainrescuer 
> > LinkedIn 
> >
> > On 27 March 2016 at 06:10, Colton Conor  wrote:
> >
> >> Where is the best place to buy used Juniper gear?
> >> ___
> >> juniper-nsp mailing list juniper-nsp@puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/juniper-nsp
> >>
> >
> >
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] LAN encription

2015-12-14 Thread Damien DeVille 
A good place to look for feature support is
http://pathfinder.juniper.net/home/ where you can search by product type or
by feature (among other things).

A search for MACsec for switch to switch connections yeilds the following:
http://pathfinder.juniper.net/feature-explorer/feature-info.html?fKey=6117=Media%20Access%20Control%20Security%20%28MACsec%29%20for%20switch%20to%20switch%20connections

I don't believe that MACsec is currently supported on any interfaces other
than 1G/10G sfp/sfp+ interfaces regardless of platform at this time.

-- 
Damien

On Mon, Dec 14, 2015 at 6:39 PM, Kevin Day  wrote:

> My quick notes, since I just went through MACsec research recently:
>
>
> MX: Only supported on MIC-3D-20GE-SFP-E
>
> EX9200: Only supported on EX9200-40FE, and only on even numbered ports.
> Unclear if a license is needed or not.
>
> EX4200: Only supported on ports on optional EX-UM-2X4SFP-M module.
> Requires EX-QFX-MACSEC-ACC license.
>
> EX4300-24T/24P/48T/48P/32F: Supports MACsec on all ports (24 or 48x1G and
> 4x10G). Requires EX-QFX-MACSEC-ACC license
>
> EX4550-32F(but not 32T): Supports MACsec on all ports. Produces a fair
> amount of heat if you have all ports doing MACsec at once, possibly over
> the data sheet’s rated wattage limit - add 8W per macsec enabled port.
> Requires EX-QFX-MACSEC-AGG (not -ACC like above) license.
>
> EX4600: Supports MACsec on all built in ports, as well as on any
> EX4600-EM-8F modules. Only works on 10G ports though, will not work on 1G
> modules. Also does not support “switch-to-host” mode, “switch-to-switch”
> mode only.  Requires EX-QFX-MACSEC-AGG.
>
> QFX5100-24Q: Support only on the 8 ports on an optional EX4600-EM-8F
> module, not the built in ports. 10G only. Does not support “switch-to-host”
> mode. Requires EX-QFX-MACSEC-AGG license.
>
>
> They also explicitly say they don’t support MACsec on copper SFP/SFP+
> modules, but it seems to work here.
>
>
>
> > On Dec 14, 2015, at 5:23 PM, Jeff McAdams  wrote:
> >
> > Last I checked (a month or so ago?) there is only a single MIC (20x1gbps
> maybe) that can do MacSec on the MX. I think the plan is for future MPCs to
> support it with any enet MICs connected, but it's not there, yet.
> >
> > I don't know for the full QFX line, but the EX4600s I have supposedly
> can do line-rate (or at least very close) MacSec on all ports.   I haven't
> had the opportunity, yet, to actually try it.
> >
> > If FIPS 140-2 compliance is relevant for you, MacSec is currently
> excluded from FIPS 140-2 validation.
> >
> > --
> > Jeff
>
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] MX480 Build

2015-07-22 Thread Damien DeVille 
You absolutely can mix MPCs and DPCs in the same chassis.  When the MPCs
first came out there were compatibility issues, but with modern Junos
versions (11.4 and on) those are history.


- Damien

On Wed, Jul 22, 2015 at 10:32 AM, Bill Blackford bblackf...@gmail.com
wrote:

 I agree that this is a good build for what you've stated. I would
 definitely recommend an MS-DPC for off-loading any sampling or crypto.

 You mention higher density with the use of MICs in the future. This would
 require taking the plunge to MPC and a replacement of your DPCs (you cannot
 mix DPC and MPC on the same chassis) and depending on the MPC choices,
 possibly the fans, SBCs and REs as well. Just something to keep in mind.

 Sent from my iPhone

  On Jul 22, 2015, at 06:24, Colton Conor colton.co...@gmail.com wrote:
 
  I am considering buying a used MX480. It will have the following:
 
 
 
  1x MX480-PREMIUM-AC - MX480 Base system with redundant RE-2000, SCB, and
 AC
  power
 
 
  2x DPCE-R-4XGE-XFP - 4x10GE Enhanced DPC for MX, requires optics sold
  separately
 
 
 
  1 x Juniper MS-DPC - IP services line card for MX Series Requires Junos
 OS
  Release 9.3 and later
 
 
 
 
 
  Assuming we have the latest software version from Juniper to install on
  this used box, is there anything we should know about this potential
 setup?
  I believe this DPC cards are EOL, but I think many people are still using
  them. I know there are more dense MIC cards out there, but that is not
  needed at this time.
 
 
 
  I think everything about this system is redundant besides the MS-DPC,
 but I
  could get another one of those too.
 
 
 
  Are there any licensing restrictions or upgrade restrictions I should be
  aware of? Does Juniper have any locks or software limitations on these
  larger routers like they do on the MX-5 through MX-80 and MX 104?
 
 
 
  Besides the chassis size and power consumption anything we should know or
  consider deciding between a MX 240, MX480, and MX960? It seems the MX240
 is
  too small for our needs, so its really the MX480 vs MX960.
 
 
  I would be upgrading from a MX80, so this is quite a jump.
  ___
  juniper-nsp mailing list juniper-nsp@puck.nether.net
  https://puck.nether.net/mailman/listinfo/juniper-nsp
 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Buying a used Juniper

2015-05-05 Thread Damien DeVille 
You guys might want to take a look at the following for Juniper's policies
on these matters.

http://kb.juniper.net/InfoCenter/index?page=contentid=KB9839
https://www.juniper.net/customers/support/downloads/7100156-001-EN.pdf
http://www.juniper.net/support/990222.pdf



- Damien

On Tue, May 5, 2015 at 1:29 PM, Colton Conor colton.co...@gmail.com wrote:

 Correction, $500 per hour not $5000. So basically a one time fee of $2000.

 On Tue, May 5, 2015 at 12:28 PM, Colton Conor colton.co...@gmail.com
 wrote:

  Well, we have a smaller MX80 that doesn't have a support contract. Called
  JTAC with an issue, and they said the unit does not have a support
  contract. They said they have a one issue/call support fee of 4 hours at
  $5000 an hour which does not include software updates. So it does sound
  like they has some sort of oh you don't have a support contract one time
  help fee.
 
  What's the list price on a MX480-PREMIUM-AC Juniper Base system with
  redundant RE-2000, SCB, and power supplies?
 
  On Tue, May 5, 2015 at 12:00 PM, Raphael Mazelier r...@futomaki.net
  wrote:
 
 
 
  Le 05/05/15 18:47, Colton Conor a écrit :
 
  What are the limitations of buying a used Juniper MX router? I assume
  there
  will be no JTAC support, but what would it take to licenses a used
 router
  to get JTAC support?
 
 
  I don't know if juniper allow this, but if yes I think the price will be
  prohibitive :)
 
   Does JTAC offer a one time support call fee for
  unlicensed routers?
 
 
  I don't think so. And why Juniper will make this ? Juniper (as well as
  other network vendor) don't like grey market.
 
 
  The router in question would be a MX480. Used, we can get them for
 under
  20K with redundant everything and 4 10G ports. New from Juniper I don't
  even want to know what these would cost.
 
 
  Lets try it. Juniper can make aggressive price :)
 
 
  --
  Raphael Mazelier
 
  ___
  juniper-nsp mailing list juniper-nsp@puck.nether.net
  https://puck.nether.net/mailman/listinfo/juniper-nsp
 
 
 
 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] solution to a firewall question

2015-04-23 Thread Damien DeVille 
While I don't understand why you have the requirement that you can't use
next-term (seems to be arbitrary), you can accomplish this the input-list
option (
https://www.juniper.net/documentation/en_US/junos14.2/topics/reference/configuration-statement/input-list-edit-interfaces.html
)

Here is a sample configuration:

ddeville@testlab-rtr# show interfaces ge-0/0/0
unit 0 {
family inet {
filter {
input-list [ f1 f2 ];
}
address 192.168.1.2/32;
}
}

ddeville@testlab-rtr# show firewall
filter f1 {
term 1 {
from {
protocol tcp;
destination-port 80;
}
then {
count tcp_80;
accept;
}
}
}
filter f2 {
term 1 {
from {
dscp ef;
}
then {
forwarding-class expedited-forwarding;
accept;
}
}
}





- Damien

On Thu, Apr 23, 2015 at 5:38 PM, Vijesh Chandran vij...@juniper.net wrote:

 Hi Olivier,
  My bad that I didn't specify this in original mail...
 Caveat here is that, next term shall be avoided as per requirement.
 -Thanks,
  Vijesh


 
 From: juniper-nsp juniper-nsp-boun...@puck.nether.net on behalf of
 Olivier Benghozi olivier.bengh...@wifirst.fr
 Sent: Thursday, April 23, 2015 11:39 AM
 To: juniper-nsp@puck.nether.net
 Subject: Re: [j-nsp] solution to a firewall question

 Replace accept with next term in f1 ?

 next term works across filter list from what I see and according to the
 documentation (
 http://www.juniper.net/documentation/en_US/junos13.3/topics/concept/firewall-filter-option-multiple-listed-overview.html
 
 http://www.juniper.net/documentation/en_US/junos13.3/topics/concept/firewall-filter-option-multiple-listed-overview.html
 ).


 Olivier

  Le 23 avr. 2015 à 17:18, Vijesh Chandran vij...@juniper.net a écrit :
 
  Hi all,
   I am wondering if we have a solution to this issue.
   I need two firewall attached to an interface as input-list. e.g.: f1
 and f2.
   Input-list [f1 f2]
   f1 to match a condition (all tcp port 80) and accept and count that
 packet.
   f2 to classify those packets based on code points and push to a
 forwarding class. Is this possible?

 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp
 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] solution to a firewall question

2015-04-23 Thread Damien DeVille 
Actually, my example is incorrect.  Filter f1 should read as follows:

ddeville@testlab-rtr# show firewall
filter f1 {
term 1 {
from {
protocol tcp;
destination-port 80;
}
then {
count tcp_80;
}
}
}

When written this way, the second filter f2 will be evaluated as part of
the chain.  See
http://www.juniper.net/documentation/en_US/junos13.3/topics/concept/firewall-filter-option-multiple-listed-overview.html#jd0e195



- Damien

On Thu, Apr 23, 2015 at 6:12 PM, Damien DeVille damien.devi...@gmail.com
wrote:

 While I don't understand why you have the requirement that you can't use
 next-term (seems to be arbitrary), you can accomplish this the input-list
 option (
 https://www.juniper.net/documentation/en_US/junos14.2/topics/reference/configuration-statement/input-list-edit-interfaces.html
 )

 Here is a sample configuration:

 ddeville@testlab-rtr# show interfaces ge-0/0/0
 unit 0 {
 family inet {
 filter {
 input-list [ f1 f2 ];
 }
 address 192.168.1.2/32;
 }
 }

 ddeville@testlab-rtr# show firewall
 filter f1 {
 term 1 {
 from {
 protocol tcp;
 destination-port 80;
 }
 then {
 count tcp_80;
 accept;
 }
 }
 }
 filter f2 {
 term 1 {
 from {
 dscp ef;
 }
 then {
 forwarding-class expedited-forwarding;
 accept;
 }
 }
 }





 - Damien

 On Thu, Apr 23, 2015 at 5:38 PM, Vijesh Chandran vij...@juniper.net
 wrote:

 Hi Olivier,
  My bad that I didn't specify this in original mail...
 Caveat here is that, next term shall be avoided as per requirement.
 -Thanks,
  Vijesh


 
 From: juniper-nsp juniper-nsp-boun...@puck.nether.net on behalf of
 Olivier Benghozi olivier.bengh...@wifirst.fr
 Sent: Thursday, April 23, 2015 11:39 AM
 To: juniper-nsp@puck.nether.net
 Subject: Re: [j-nsp] solution to a firewall question

 Replace accept with next term in f1 ?

 next term works across filter list from what I see and according to the
 documentation (
 http://www.juniper.net/documentation/en_US/junos13.3/topics/concept/firewall-filter-option-multiple-listed-overview.html
 
 http://www.juniper.net/documentation/en_US/junos13.3/topics/concept/firewall-filter-option-multiple-listed-overview.html
 ).


 Olivier

  Le 23 avr. 2015 à 17:18, Vijesh Chandran vij...@juniper.net a écrit :
 
  Hi all,
   I am wondering if we have a solution to this issue.
   I need two firewall attached to an interface as input-list. e.g.: f1
 and f2.
   Input-list [f1 f2]
   f1 to match a condition (all tcp port 80) and accept and count that
 packet.
   f2 to classify those packets based on code points and push to a
 forwarding class. Is this possible?

 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp
 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp



___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] solution to a firewall question

2015-04-23 Thread Damien DeVille 
You are correct -- I misread the documentation.  I think this will achieve
you goal  -- Though it would be simpler to write a filter with 2 terms the
first to match and count with an action of next-term and the second term
to classify and shunt the packets into a forwarding class.

You can call one filter as part of another, in this example f2 (applied as
the input on the interface) calls f1 prior to processing the match
conditions in term 1:

ddeville@testlab-rtr# show
unit 0 {
family inet {
filter {
input f2;
}
dhcp;
}
}

ddeville@testlab-rtr# show firewall
filter f1 {
term 1 {
from {
protocol tcp;
destination-port 80;
}
then {
count tcp_80;
accept;
}
}
}
filter f2 {
term 1 {
filter f1;
from {
dscp ef;
}
then {
forwarding-class expedited-forwarding;
accept;
}
}
}





- Damien

On Thu, Apr 23, 2015 at 8:24 PM, Vijesh Chandran vij...@juniper.net wrote:

  Is there a programming difference between 'firewall filter' and
 'firewall family inet filter'? (ignore the v4 part of that)?

   afaik, family inet filter will skip all subsequent term if a packet
 matches first term. Is that not true for family filter?


  -Vijesh


  --
 *From:* Damien DeVille damien.devi...@gmail.com
 *Sent:* Thursday, April 23, 2015 5:17 PM
 *To:* Vijesh Chandran
 *Cc:* Olivier Benghozi; juniper-nsp@puck.nether.net

 *Subject:* Re: [j-nsp] solution to a firewall question

   Actually, my example is incorrect.  Filter f1 should read as follows:

 ddeville@testlab-rtr# show firewall
 filter f1 {
 term 1 {
 from {
 protocol tcp;
 destination-port 80;
 }
 then {
 count tcp_80;
 }
 }
 }

  When written this way, the second filter f2 will be evaluated as part
 of the chain.  See
 http://www.juniper.net/documentation/en_US/junos13.3/topics/concept/firewall-filter-option-multiple-listed-overview.html#jd0e195



 - Damien

 On Thu, Apr 23, 2015 at 6:12 PM, Damien DeVille damien.devi...@gmail.com
 wrote:

 While I don't understand why you have the requirement that you can't use
 next-term (seems to be arbitrary), you can accomplish this the input-list
 option (
 https://www.juniper.net/documentation/en_US/junos14.2/topics/reference/configuration-statement/input-list-edit-interfaces.html
 )

 Here is a sample configuration:

 ddeville@testlab-rtr# show interfaces ge-0/0/0
 unit 0 {
 family inet {
 filter {
 input-list [ f1 f2 ];
 }
 address 192.168.1.2/32;
 }
 }

 ddeville@testlab-rtr# show firewall
 filter f1 {
 term 1 {
 from {
 protocol tcp;
 destination-port 80;
 }
 then {
 count tcp_80;
 accept;
 }
 }
 }
 filter f2 {
 term 1 {
 from {
 dscp ef;
 }
 then {
 forwarding-class expedited-forwarding;
 accept;
 }
 }
 }





 - Damien

 On Thu, Apr 23, 2015 at 5:38 PM, Vijesh Chandran vij...@juniper.net
 wrote:

 Hi Olivier,
  My bad that I didn't specify this in original mail...
 Caveat here is that, next term shall be avoided as per requirement.
 -Thanks,
  Vijesh


 
 From: juniper-nsp juniper-nsp-boun...@puck.nether.net on behalf of
 Olivier Benghozi olivier.bengh...@wifirst.fr
 Sent: Thursday, April 23, 2015 11:39 AM
 To: juniper-nsp@puck.nether.net
 Subject: Re: [j-nsp] solution to a firewall question

  Replace accept with next term in f1 ?

 next term works across filter list from what I see and according to the
 documentation (
 http://www.juniper.net/documentation/en_US/junos13.3/topics/concept/firewall-filter-option-multiple-listed-overview.html
 
 http://www.juniper.net/documentation/en_US/junos13.3/topics/concept/firewall-filter-option-multiple-listed-overview.html
 ).


 Olivier

  Le 23 avr. 2015 à 17:18, Vijesh Chandran vij...@juniper.net a écrit
 :
 
  Hi all,
   I am wondering if we have a solution to this issue.
   I need two firewall attached to an interface as input-list. e.g.: f1
 and f2.
   Input-list [f1 f2]
   f1 to match a condition (all tcp port 80) and accept and count that
 packet.
   f2 to classify those packets based on code points and push to a
 forwarding class. Is this possible?

 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp
 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp




___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] EW4200 with Layer 3 interface

2014-12-03 Thread Damien DeVille 
Hi Matthew-

This configuration should get you the desired result.

ge-0/0/4 {
description ;
vlan-tagging;
unit 0 {
vlan-id 0;
family inet {
address 10.10.10.1/30;
}
}
unit 4055 {
vlan-id 4055;
family inet {
address 20.20.20.21/30;
}
}
}


- Damien

On Wed, Dec 3, 2014 at 9:01 AM, Matthew Crocker matt...@corp.crocker.com
wrote:



 I have an EX4200 with the current interface:

 ge-0/0/4 {
 description XX;
 enable;
 unit 0 {
 family inet {
 address A.B.C.D/30;
 }
 }


 I need to reconfigure it to support a VLAN

 ge-0/0/4 {
 description XX;
 enable;
 unit 0 {
 family inet {
 address A.B.C.D/30;
 }
unit 4055
 vlan-id 4055
 family inet {
address X.Y.Z.W/30;
 }
 }

 i.eUnit 0 stays the same,  untagged frames on go to that interface IP
 address.   VLAN 4055 is new, tagged frames go to unit 4055

 Is it as simple as adding vlan-tagging to ge-0/0/4 and set unit 0 to
 vlan-id 0 ?


 --
 Matthew S. Crocker
 President
 Crocker Communications, Inc.
 PO BOX 710
 Greenfield, MA 01302-0710

 E: matt...@crocker.com
 P: (413) 746-2760
 F: (413) 746-3704
 W: http://www.crocker.com





 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] M20 fpc issue

2014-10-15 Thread Damien DeVille 
Hi Joe-

Have you tried an 11.x or 10.x train of code?  The M20 went end of
engineering on 30-Sep-2011 so 12.x versions Junos might not support the FPC.

Also, you should see something in var/log/messages if the system can't
bring the fpc on line.

request chassis fpc online slot slotnumber should also give you an error
message if it can't bring it online.


- Damien

On Wed, Oct 15, 2014 at 2:58 PM, Joe Freeman j...@netbyjoe.com wrote:

 Greetings-

 I have an M20 in the lab that I need to get up for a couple of tests. I
 realize it's an old boat anchor and isn't supported, but it's what I've got
 at the moment. All I really need to do is some MPLS/LDP testing, which it
 should be able to do.

 I have Junos 12.3R1.7 running on this hardware build-
 root@lab-m20 show chassis hardware
 Hardware inventory:
 Item Version  Part number  Serial number Description
 Chassis22178 M20
 BackplaneREV 07   710-001517   AL3655M20 Backplane
 Power Supply A   Rev 03   740-007311   506645AC Power Supply
 Display  REV 04   710-001519   AF4603M20 FPM Board
 Routing Engine 0 REV 01   740-016485   P13004103006  RE-4.0
 Routing Engine 1 REV 06   740-008883   P11123901048  RE-4.0
 SSB 0REV 01   710-001951   AF2998Internet Processor
 IIv1
 SSB 1N/A  N/A  N/A   Backup
 Fan Tray 0   Front Upper Fan
 Tray
 Fan Tray 1   Front Middle Fan
 Tray
 Fan Tray 2   Front Bottom Fan
 Tray
 Fan Tray 3   Rear Fan Tray


 Notice the FPC's aren't showing up They are all offline, and I can't
 get them to come online-
 root@lab-m20 show chassis fpc
  Temp  CPU Utilization (%)   MemoryUtilization (%)
 Slot State(C)  Total  Interrupt  DRAM (MB) Heap Buffer
   0  Offline   27
   1  Offline   29
   2  Offline   27
   3  Offline   27

 root@lab-m20 request chassis fpc slot 3 online
 Online initiated, use show chassis fpc to verify

 root@lab-m20 show chassis fpc
  Temp  CPU Utilization (%)   MemoryUtilization (%)
 Slot State(C)  Total  Interrupt  DRAM (MB) Heap Buffer
   0  Offline   27
   1  Offline   29
   2  Offline   27
   3  Offline  Absent

 root@lab-m20 show chassis fpc
  Temp  CPU Utilization (%)   MemoryUtilization (%)
 Slot State(C)  Total  Interrupt  DRAM (MB) Heap Buffer
   0  Offline   27
   1  Offline   29
   2  Offline   27
   3  Present   27

 They will sit at present for several minutes, then change to empty for a
 few minutes, then return back to offline.

 While they are in the 'present' state, they will show up in the show
 chassis hardware output-
 FPC 3REV 10   710-000175   AA7681FPC

 I've changed to different fpc's, different ssb's, different RE's and
 changed the junos version. I even set the system clock back to 2001. No
 change in symptoms.

 Any and all ideas are appreciated.

 Thanks-
 Joe
 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] User Role Firewall in SRX

2014-09-09 Thread Damien DeVille 
Yes, this is one if the big new features in X47. It's called integrated user 
firewall. 

http://www.juniper.net/techpubs/en_US/junos12.1x47/information-products/pathway-pages/security/security-integrated-user-firewall.html

-- 

Damien DeVille
4108028208


 On Sep 9, 2014, at 10:21 AM, Nc Aji aji14...@gmail.com wrote:
 
 Does the Juniper SRX with Latest version 12.1x47 Support User Firewall
 roles without using MAG.
 
 I wasn't able to see that in the release notes also in the feature explorer.
 
 Thank you all..
 ___
 juniper-nsp mailing list juniper-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp