a 10.101.12.245 (nexthop in vrf default),
00:08:42
Aaron
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Thanks Daniel, I recall that's what another guy suggested... he gave my like 20
lines of junos code... then I found that one-line that did the trick.
Aaron
-Original Message-
From: dverl...@gmail.com [mailto:dverl...@gmail.com] On Behalf Of Daniel Verlouw
Sent: Friday, April 1, 2016 3
Thanks Daniel, this is encouraging... I wonder if I can get the specifics on
when that will be available
Aaron
-Original Message-
From: dverl...@gmail.com [mailto:dverl...@gmail.com] On Behalf Of Daniel Verlouw
Sent: Friday, April 1, 2016 3:03 PM
To: Aaron <aar...@gvtc.com&
interface access-classes or acl's attached to snmp process, etc... I'll get
over it, just wanted to vent :|
I really wish I could find an elegant/simple way to protect system processes
(snmp, http, ssh, etc)
Thanks y'all
Aaron
-Original Message-
From: Eduardo Schoedler [mailto:lis
researched and came across the dhcp-relay thing. If you can give me a
helpers bootp config to work in my routing-instance then I might do it.
Would like to know the compelling reason to go with bootp or dhcp relay...
Thanks again gents
Aaron
-Original Message-
From: juniper-nsp
Thanks Wayne, I tried it and get this error...
agould@eng-lab-acx5048-1# commit confirmed 1 [edit interfaces lo0 unit 0
family inet]
'filter'
Referenced filter 'local_acl' can not be used as default/physical
interface specific with lo0 not supported on ingress loopback interface
error:
what are these routes (access-internal) ? i'm seeing them actually being
sent over my MPLS L3VPN into my other pe's as /32 routes. very interesting.
and seemingly very inefficient and busy. not sure that I like the idea of
host routes for 10's of thousands of hosts being injected into my mpls
I need to only allow 172.17.0.0/16 to be able to remotely access the ACX5048
for snmp, telnet, ssh, http(s) services. How would I do this?
Aaron
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo
flows is what I needed to use to see flows.
Aaron
From: Alexander Arseniev [mailto:arsen...@btinternet.com]
Sent: Tuesday, March 8, 2016 10:36 AM
To: Aaron <aar...@gvtc.com>; juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] nat - non-inline - service card ms-mic-16G in mx104
Hello,
Anybody know what I'm doing wrong ? I can't seem to get nat to work. I'm
trying to do v4 to v4 with port translation (NAPT-44) using NON-inline nat.
so I'm using an MX104 with a MS-MIC-16G
FPC 1 BUILTIN BUILTIN MPC BUILTIN
MIC 0 REV 17
I don't have answers for you Clarke, hopefully others out there will...
But, I do have a question... Does SPRING require an IGP ? And if so, is
ISIS the only IGP that SPRING will/can use?
Aaron
-Original Message-
From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf
Oh man, watch out... now I got your number ! ...just kidding, sort of...
lol
Thanks David, et al, it's great to be a part of a knowledgeable and
well-connected community as this
Aaron
-Original Message-
From: david@orange.com [mailto:david@orange.com]
Sent: Friday, March 4
Thanks David, I should've read this email before asking my previous
question.
I just got this book yesterday. Page 92 says SPRING is aka SR. Thanks
Also I see in preface page xxii that one of the four key contributors to
this book was a guy named David Royis this you? :)
Aaron
These topics are new to me...
I understand that SR is Segment Routing and SPRING is Source Packet Routing
in Networking... so I want to know is "SR" and "SPRING" the exact same thing
? or are there some differences in SR and SPRING ?
Aaron
-Original Message---
Right, very good Saku, thanks.
Interestingly, one of my dsl bb customers may be very offended to find out that
I consider their neighbors voice traffic to be more important than their dsl bb
traffic :| perhaps that's what you meant about being careful with how I
market it.
Aaron
et through during attacks... right ?
2 - if you have links that are regularly experiencing congestion, I mean
like daily/nightly and sustained congestion for an hour or more, then is qos
really the "fix" for that ? sounds like that's a bandwidth issue.
Aaron
-Original Message---
and it looked good.
I tested L2VPN VPLS BGP Auto Discovered w/BGP Sig and /LDP Sig and both were
functional.
Aaron
-Original Message-
From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of
Mark Tinka
Sent: Monday, February 22, 2016 12:31 AM
To: Saku Ytti <s...@ytti
... No
outage on pe. Love it
Aaron
-Original Message-
From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of
tim tiriche
Sent: Thursday, February 18, 2016 12:44 PM
To: juniper-nsp@puck.nether.net
Subject: [j-nsp] Enable EVPN on existing mpls l3vpn network
Hello,
I have
derlying interface-specific
options
> tcc Translational cross-connect parameters
> vpls Virtual private LAN service parameters
[edit]
Thanks,
Aaron
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
29 2016 1
10.101.12.248 rmt Up Feb 5 05:59:29 2016 1
10.101.12.250 rmt Up Feb 5 05:59:29 2016 1
10.101.12.251 rmt Up Feb 5 05:59:29 2016 1
Aaron
-Original Message-
From: juniper-nsp [mail
While that may be completely correct (while not completely provable, it is
entirely reasonable to assume it), the immediate question was whether this
particular vulnerability affected JunOS also, or only ScreenOS.
The answer to that more narrow question is that it only affects ScreenOS.
I
il.gvtc.net/owa/redir.aspx?C=7312c58d24cd4b6a8f8f85b851bb6702;
URL=http%3a%2f%2fthehackernews.com%2f2015%2f12%2fhacking-juniper-firewall-se
curity.html>
Aaron
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of
Aaron
Sent: Monday, December 21, 2015 11:04 AM
To: 'Matthew Crocker'; 'jnsp list'
Subject: Re: [j-nsp] Collapsed MPLS CE/PE/P configuration
Maybe this will help...
this makes L3VPN work for me on a PE...
set interfaces ge-0/0/47
-target import target:1:1
set routing-instances one vrf-target export target:1:1
set routing-instances one vrf-table-label
Aaron
-Original Message-
From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of
Matthew Crocker
Sent: Monday, December 21, 2015 9:42 AM
To: jnsp
check succeeds
commit complete
{master:0}[edit]
Aaron
-Original Message-
From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of
Muhammad Atif Jauhar
Sent: Wednesday, December 09, 2015 9:55 AM
To: Tim St. Pierre
Cc: Juniper List
Subject: Re: [j-nsp] MAC filter on EX
I’m not sure what you mean Eduardo.
I just typed that mac address into the firewall filter as a test. I did not
test this to see if it would really stop traffic.
Aaron
From: Eduardo Schoedler [mailto:lis...@esds.com.br]
Sent: Wednesday, December 09, 2015 1:47 PM
To: Aaron
Cc
unknown
MTU 1500 1500
Aaron
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
d
PW: neighbor 10.101.12.250, PW ID 10100, state is up ( established )
MTU 1500 1500
Aaron
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
nbr global 10.101.0.254 Active open failed - open
timer running
u all
All possible debugging has been turned off
Aaron
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
All possible debugging has been turned off
Aaron
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-
.
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/command/irg-cr-book/bgp-a1.html#wp1306388590
Aaron
-Original Message-
From: Adam Vitkovsky [mailto:adam.vitkov...@gamma.co.uk]
Sent: Tuesday, November 24, 2015 4:43 AM
To: Aaron; juniper-nsp@puck.nether.net; arsen
re and all
is well.
Aaron
p.s. besides, bringing up l2vpn AF on the 5048 and 104 , as I understand it,
SHOULD NOT, cause any other PE's to renegotiate capabilities and AF's on their
bgp neighbor sessions with the RR.
-Original Message-
From: Adam Vitkovsky [mailto:adam.vitkov...@gamma.co
Thanks Dale, RR’s are (2) cisco asr9000’s (one is a 9006 and the other is a
9010), configured in a RR cluster. Both run IOS XR 4.1.2
Aaron
From: dale.s...@gmail.com [mailto:dale.s...@gmail.com] On Behalf Of Dale Shaw
Sent: Monday, November 23, 2015 4:47 PM
To: Aaron
Cc: Adam Vitkovsky
exchange issue,
but now I'm wondering if it's NLRI related.
Thanks group,
Aaron
-Original Message-
From: Adam Vitkovsky [mailto:adam.vitkov...@gamma.co.uk]
Sent: Monday, November 23, 2015 5:55 PM
To: Aaron; juniper-nsp@puck.nether.net; arsen...@btinternet.com
Subject: RE: [j-nsp
the juniper's
signaling lsp's with each other... I wonder if that caused problems with the
other PE's in my network.
Aaron
-Original Message-
From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of
Aaron
Sent: Monday, November 23, 2015 9:50 PM
To: 'Adam Vitkovsky
Notifications
and drop their MP-BGP neighbor sessions to the Route Reflector core and
purge all their vpnv4, vpnv6 and l2vpn topology tables !
Bad customer impact. lots of trouble.
"Rollback 1" on ACX and MX and all is well
Anyway have trouble in this area ?
Aaron
P.S. fo
It's code version dependent. It was raised recently, so if you still see 16
you need to upgrade.
On Oct 29, 2015 5:01 AM, "Cydon Satyr" wrote:
> Hello experts,
>
> Could somebody confirm if 16 is the max number of physical interfaces one
> can have in a LAG on MX? What
table is being learned. BUT NO TRAFFIC SEEMS TO
BE FORWARDED.
EX4550 running JUNOS 12.2R1.9
If the problem is understood to be regarding the bgp license, then just let
me know and I'll troubleshoot elsewhere.
thanks
Aaron
?
Any other comparable products out there y'all know of?
Aaron
-Original Message-
From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of
Raphael Mazelier
Sent: Tuesday, July 14, 2015 12:45 PM
To: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] Cisco ME3600 migration to some
Thanks, yes, I would be wanting NAPT (I believe this is NAT
Overload/PAT) yes I would want this for the public IP address savings
that it achieves.
If I do NAPT, why would I want MS-DPC over MS-PIC or vice versa?
Aaron
-Original Message-
From: juniper-nsp [mailto:juniper-nsp
? Or do most
Juniper SP devices support this ? Do only certain products support sp/cg
nat ?
Aaron
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Yes, the commit will fail if commit check would have also failed. I tend to
use commit check as a check on myself when I’ve done a big cut-and-paste, or
when creating a bunch of objects. The time to fail of commit check is less
than commit if there are discrepancies.
On Sep 28, 2015, at
Apply a filter on lo0.0 which denies traffic from anything but your management
IPs. Or, put a filter on the VR interface denying all traffic destined to that
IP itself.
On Jul 15, 2015, at 10:11 AM, Victor Sudakov v...@mpeks.tomsk.su wrote:
Colleagues,
I have customers' networks
Thanks everyone for your input.
Does the mx80 support all the mpls L3vpn and L2vpn things I mentioned ?
Aaron
From: Mark Tinka [mailto:mark.ti...@seacom.mu]
Sent: Tuesday, July 14, 2015 7:41 AM
To: Phil Bedard; Ivan Ivanov; Aaron
Cc: Juniper List
Subject: Re: [j-nsp] Cisco
Cisco ASR920's for (4) 10 gig ports and several (1) gig
ports. Would this be good ?
What are some comparable Juniper products that would fit here ? Is Juniper
better in that area ?
Aaron
___
juniper-nsp mailing list juniper-nsp
I looked into this once. Support involves a one-time purchase of a contract,
back-dated to when it was last under contract. Depending on how long ago that
was, it may be prohibitive as well.
On May 5, 2015, at 11:00 AM, Raphael Mazelier r...@futomaki.net wrote:
Le 05/05/15 18:47, Colton
Ask your local reseller for a quote.
On May 5, 2015, at 2:13 PM, Colton Conor colton.co...@gmail.com wrote:
Damien,
Thanks for the links. From the website: Juniper Networks, Inc. requires an
inspection or a reinstatement fee for all products that were not originally
purchased, by the then
Is there a way to not show the username in the prompt ?
Is there a way to make set cli commands persist across reboots ?
Aaron
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
I usually
ask of them.. TWC seemed a little harder for me to get through the layers of
the company in order to finally talk to the right person..)
Aaron
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman
...@puck.nether.net] On Behalf Of
Colin Baker
Sent: Tuesday, April 07, 2015 9:28 AM
To: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] ddos rtbh service
On 2015-04-07 08:31, Aaron wrote:
Now, I'm getting a third internet connection with ATT. how do they do
it ?
Any insight into how you all use ATT
Have you tried 0/1 and 128/1 instead of 0/0?
That’s also required for backup-router destination as well, so might solve this
problem too.
On Mar 23, 2015, at 7:33 PM, Nick Schmalenberger n...@schmalenberger.us wrote:
On Thu, Mar 05, 2015 at 06:29:30PM -0800, Nick Schmalenberger wrote:
I need
Thanks everyone. Very helpful
Aaron
-Original Message-
From: Tore Anderson [mailto:t...@fud.no]
Sent: Friday, March 13, 2015 5:46 AM
To: Aaron
Cc: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] how to see users
* Aaron aar...@gvtc.com
I have a user a I've config'd. I see that I
I have a user a I've config'd. I see that I can view it within the config.
Also, I see that I can see users actively logged in.
But how do I show users that are configured without viewing it in the config
file?
Aaron
root@j1# show system login
user a {
uid 2000
What version of code? D10 (frs) had some issues with some cables which is
resolved in more current versions.
Also if this is 5100 to 4300 make sure you have auto negotiation turned off
on the 4300 (but that would probably fail with a juniper branded dac as
well so unlikely to be the issue).
On
90% sure it's nested tunnels (GRE over IPSec). You cannot do them in a cluster.
If you can get the Cisco side to remove the GRE layer and route directly over
the secure tunnel (have not tried it so I don't know if they can or not), then
it will work (using st0 on the SRX). If you can't, your
I have terminated IPSec tunnels on reth interfaces entirely successfully. I
would think that would work fine in your setup as well. It wasn't amazon, but
it was to other remote SRXs. The ISP in question did terminate on both cluster
members (two drops).
That was on a branch SRX. On the
fsck is run automatically every boot. If the automatic fsck fails, it throws
it to the backup partition. So yes, you are correct, but the situation
observed is when that system fails.
On Mar 24, 2014, at 11:04 PM, Victor Sudakov wrote:
Dear Masood,
Thanks for the link to the KB article.
The route is known via some source, and therefore the destination is reachable.
I've never known the source of the route to matter for the peer address on any
platform.
If you want it to go down, you can try the ttl knob to force it down if it's
taking a longer path.
On Mar 17, 2014, at
I can verify that if a VLAN is both named as a member and as a native-vlan-id,
then it will accept traffic both tagged and untagged on that port for that
VLAN. However, traffic will only be sent tagged. That can break some things
(for example APs) which might work during boot but the loaded
I don't know if I'd call them issues. Just ELS introduces different
configuration hierarchies that is the way things will be in the future. The
functionality is still there even if the config bits change some.
The main advantage of the 4300 vs. 4200 is 4x10G uplinks instead of 2, and 40G
It's a name change. vlan is now irb. It depends on platform, but the newer
ones use irb instead of vlan.
So it doesn't work with vlan.103 because the vlan interface physically does not
exist. But you can configure nonexistent interfaces in JunOS.
On Feb 18, 2014, at 9:44 PM, Janusz Wełna
Depending on how you have your redundancy groups set up, only the active
links will be active at any given time. That means that the mxs won't see
two links active, they will see one each. So you should have two
adjacencies on the srx and one on each mx in this scenario.
Lacp would only be
reth interfaces are for failover not for bundle. You can use two LAGs within a
reth interface (multiple interface on a single node in a LAG) but not across
both. It's up (probably) because you aren't running LACP. If you turn on
LACP, then various links will be down. I'm going to guess
That's a pretty normal configuration so I wouldn't expect any issues.
Load balancing over both connections is another story entirely and doesn't
matter the exact platform. You can find a large volume of
books/websites/opinions on BGP load balancing out there. It's not exactly a
trivial
Depends if there are other communities attached besides vpls-z. The first
example would retain all of those.
If that's the only community on the route, then, in that case, they are the
same.
On Oct 31, 2013, at 1:53 PM, Mihai wrote:
Aren't these 2 policies the same thing?
the Internet zone, so I'm betting the flows
wouldn't match. It also seems like an extreme hack.
Removing the static NAT would be awesome, but there are unknown things using
it, so it's not so easy as that.
Anyone have other suggestions?
Thanks!
Aaron
It depends how careful you want to be about it. Multipath and adding the
peer as you've described will get you half traffic on each immediately
which is fine assuming the circuit is good, etc.
If it were me, I'd probably bring up the new one with a different policy
(same group, policy under the
Mine do it automatically. I've never set anything to make them do that.
On Jul 10, 2013, at 9:08 AM, Mark Felder wrote:
Is there some way to make a j2320 auto power on when power is restored? I
can't seem to successfully find this on Google
___
the same CVLAN id.
However, if you use a single SVLAN per customer, then there's no issue.
I'd say it's easier to do this using CCC but YMMV.
Aaron
On Jul 1, 2013, at 4:11 AM, Sebastian Wiesinger wrote:
Hello,
I need to do a sort of dumb Q-in-Q on a MX box. What I want from
the MX is:
Take
.
Note that neither of those experiences are with prepaid or m2m. I imagine
it would be the same until you ran out of credit.
Aaron
On May 1, 2013 10:33 PM, Jeff Rooney jtroo...@nexdlevel.com wrote:
Does anyone have any experience using a prepaid or month to month 3G/4G
connection on a branch SRX
That seems like it should work. Note that you'd need a policy in place
from/to the same zone to allow this traffic. Even intrazone traffic is
denied by default on an srx. I suspect that might be the issue here.
On May 1, 2013 8:49 AM, Bruce Buchanan bbuch...@nexicomgroup.net wrote:
Hi List
Insert doesn't create it, it re-orders existing policies. IMHO it's
confusingly named.
So you create the policy using set (which puts it at the end) then you use
insert to re-order it in the position you want.
On May 1, 2013 8:32 AM, James S. Smith jsm...@windmobile.ca wrote:
I have an SRX240
-identity
command is not there in earlier versions.
Aaron
On May 11, 2011, at 8:53 AM, Pappas, AJ wrote:
I have a srx240. I have someone who has a vpn with us who wants to change
from a static IP address on an ipsec tunnel to a FQDN. Is there any
documentation on how to do
physical outbound
interface (or reth).
Aaron
On Apr 3, 2013, at 2:12 PM, OBrien, Will wrote:
Hey guys, I'm building a new cluster of SRX 5800s and prepping to move
several VPN tunnels to it. All of them are ike/ipsec.
I built a test site on a SRX210 and configured a tunnel between it and my
IIRC, it's possible but not recommended due to the reliability issue of the
switch in between. In your situation, I'd probably give it a shot.
Definitely use different VLANs for control and fabric.
Aaron
On Apr 2, 2013, at 10:47 AM, Mike Williams wrote:
Hey all,
So I've been reading
You'll also need a policy which allows traffic from trust to trust, i.e.:
set security policies from-zone trust to-zone trust match source-address any
set security policies from-zone trust to-zone trust match destination-address
any
set security policies from-zone trust to-zone trust match
,
that's why. Anyway, you get the idea. vlan.3900 will be in a zone, but my
immediate concern is no longer getting a DHCP address from the CX111 (this time
on vlan.10 instead of ge-0/0/0.0).
Does anyone see anything quick that I did wrong here?
Thanks!
Aaron
On Mar 12, 2013, at 7:44 PM, Aaron Dewell wrote:
Quick question for you all (I'm sure I'm doing something dumb here).
I had this working config:
[…]
That was working. Now I want to be able to get to the CX111's management
VLAN, so I changed it to this:
[…]
And yes, I just
Not that I've had to do it - but I'd probably break the cluster to do the
upgrade and run on one during the procedure.
On Mar 8, 2013, at 10:50 AM, Andy Litzinger wrote:
We're evaluating SRX clusters as replacements for our aging ASAs FO pairs in
various places in our network including the
I tried ISSU twice, both times on 3 MX routers during a single maintenance
window, going from 10.x to 11.x. It failed spectacularly on the second router,
requiring manual recovery via the console (mastership was not assumed by the
backup before the primary rebooted), so I completely gave up
ping. I have assigned IP addresses to all devices temporarily to facilitate
testing, the ultimate goal is L2 across to the VMs.
The problem appears to be ARP replies not reaching the VM.
If anyone has any ideas, I'd definitely appreciate it!
Thanks!
Aaron
IP addresses are:
Cluster
Sounds like a Xen bridge issue, but I have no definitive experience or reason
other than that's the only thing in the path which might block it. Strange
that it would pass an arp for a ping but not for SSH. Should be the same arp
off the switch either way.
On Jan 30, 2013, at 5:41 PM, Luca
Not true. Logical interfaces are allocated to logical systems, not physical
interfaces. No problem with what you're doing.
On Jan 24, 2013 4:28 AM, Skeeve Stevens skeeve+juniper...@eintellego.net
wrote:
Hey all,
I want to build this scenario.
2 * MX80, with a trunk between then.
On the
is that the protocol has to be enabled in the
zone/interface.
Aaron
On Jan 8, 2013, at 5:16 PM, Robert Hass wrote:
On Wed, Jan 9, 2013 at 12:40 AM, Chuck Anderson c...@wpi.edu wrote:
set vrrp-group 0 accept-data
Thanks a lot !. It helped.
I used VRRP earlier on MX where this is not necessary to make VRRP
a difference.
Thanks for any insight!
Aaron
ike {
policy remotes {
mode aggressive;
proposal-set standard;
pre-shared-key ascii-text bla;
}
gateway SITEX {
ike-policy remotes;
dynamic inet WAN-SITEX-IP;
local-identity inet WAN-LOCAL-IP
On Nov 29, 2012, at 12:53 AM, Tore Anderson wrote:
* Aaron Dewell
I haven't found an answer to this question (except for Cisco options
which doesn't help me). I want to configure a static route to a DHCP
interface on an SRX240. Here's the scenario:
ge-0/0/0 connected to CX111 (4G modem
because it's not a point to
point interface. I cannot set an IP address as the next-hop because I don't
know when it will change.
Any ideas on how to address that?
Thanks!
Aaron
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https
look the same
(except R8 which is it's buddy and directly connected).
Any ideas on what else to look at? The OSPF database looks reasonable. Our
other shared segments act normal. All routers are on 11.4R2.
Thanks!
Aaron
___
juniper-nsp mailing
On Jul 24, 2012, at 4:56 AM, Wayne Tucker wrote:
On Mon, Jul 23, 2012 at 11:02 PM, Aaron Dewell aaron.dew...@gmail.com wrote:
I ran into an odd behavior here tonight, I'm hoping someone has some ideas.
We have 8 routers on a broadcast OSPF segment. All are advertising their
loopback
On Jul 24, 2012, at 2:04 PM, Wayne Tucker wrote:
On Tue, Jul 24, 2012 at 12:36 PM, Aaron Dewell aaron.dew...@gmail.com wrote:
Yes, Type Transit (2). However, the Network LSA only includes 3 attached
routers (should be 6 currently). There are two Network LSAs in R7. One has
the interface
define static routes for this and move on, but the challenge
that I've not come up with an answer for yet is that the routes to be split are
within the VRF, yet the next-hop is in inet.0.
Any ideas? Thanks for your input!
Aaron
___
juniper-nsp mailing
thing to be the problem.
Has anyone had any issues with an SRX connected to a satellite modem before?
Any suggestions would be greatly appreciated!
Thanks!
Aaron
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net
table and forwarding
table, so I assume that means that (eventually) the DHCP transaction is
complete. Just no pings or anything after that.
Aaron
On May 28, 2012, at 4:49 PM, Tim Eberhard wrote:
What you're most likely running into is the DHCP ttl limitation.
While it's not often
I have observed this on both an srx240 and srx210h. Jtac advised turning
off utm and idp (on 210), yet those were enabled before with no issues. The
240 was fresh out of the box getting initial config (IP, Nat, zones,
policies, I.e. nothing amazing).
I'll be waiting to see the answers too!
On May
might solve the problem as well.
CCC is the old-school Juniper way of doing this pre-l2circuit/l2vpn/vpls.
Aaron
On Mar 27, 2012, at 8:57 AM, Humair Ali wrote:
Hi Ben
not sure if you raised it before, but if you are looking at QinQ, and
point-to-point is a viable solution, you should
Have you tried knobs such as:
loose-authentication-check
level X no-csnp-authentication
level X no-psnp-authentication
The second two sound like what you might be looking for. I have no CRS thus no
further ideas...
Aaron
On Mar 7, 2012, at 7:53 PM, John Neiberger wrote:
I'm pretty new
I haven't tried it, but all the docs I read on it suggested that configured
VC ports acted as more ports, not replacements. On our EXs, the normal VC
ports are still available even though we use two 10g for VC. However, we
aren't using them so i can't confirm... But pretty sure it should work.
On
Sure. Everything is actually routed hop-by-hop. As you've observed, that's a
serious obstacle to multihop eBGP.
Most uses I've seen involve crossing a non-BGP router to a customer, and
redistributing whatever the customer advertises into their IGP. Klunky for
sure, but it does work.
Aaron
We having been losing CFEBs like a plague all with the above error (or
similar) in the logs. No one at Juniper seems to know what RDP is (nearly
30 JTAC tickets opened in the last few months) does anyone on this list have
any insight?
Aaron
___
juniper
Nilesh-
Per subject line the FEB/CFEB failures have been predominantly on 8.5R4.3.
Thank you for the below infromation. I will forward this onto on our NOC and
have them begin uploading that data to the currently open cases.
Thanks
Aaron
-Original Message-
From: Nilesh Khambal
401 - 500 of 508 matches
Mail list logo