background preloader

JUNIPER

Facebook Twitter

Michael Dale - Running JunOS 12.1X47 on first gen SRX240H. Michael Dale So 12.1X47 just came out and no longer supports SRX devices with less than 2GB of ram.

Michael Dale - Running JunOS 12.1X47 on first gen SRX240H

I have a couple of spare Juniper SRX240Hs (so first gen devices with 1GB of ram) and would like to test 12.1X47 in my lab, unfortunately I don't have any 2GB ram devices in my lab. When trying to install 12.1X47 on the SRX240H you get the following error: Copying package ... ERROR: Unsupported platform srx240h for 12.1X47 and higher ERROR: validate-config: junos/+REQUIRE fails So I decided to see if I could work around this and trick JunOS into installing on my 240H, I was successful :D I wouldn't recommend ever using this in production, but I am sure it will work fine for the lab.

Now you can actually upgrade the ram in the SRX240H to 2GB, it just uses standard DDR2 PC ram (you just need to find a 2GB stick, I used 800MHz but 667MHz ram should work too). First Upgrading SRX ram Take off the SRX case and swap out the ram, easy! Juniper Networks - [EX] How to login to the member switch of the Virtual Chassis. Juniper Networks - [SRX] Common and safe files to remove in order to increase available system storage. SRX systems may sometimes run out of system storage capacity, commonly while performing a software upgrade of the device.

Juniper Networks - [SRX] Common and safe files to remove in order to increase available system storage

This article lists the files that can be safely removed from the device in order to increase the storage capacity of the file system. What are the common and safe files that can be removed in order to increase system storage capacity? Below is a typical show system storage command output, showing flash usage and available space. The following options are available to remove unwanted files on an SRX system: The operational mode command request system storage cleanup should be the first command to try in order to reduce the storage on the system. Juniper SRX – error: Could not format alternate root. This week I encountered this error for the first time in the years I’m working with JunOS now.

Juniper SRX – error: Could not format alternate root

Last week I installed two SRX’s at a remote datacenter location in NJ, US. All working fine and once back in my home country I added some monitoring checks to the devices and thought, well lets sync the JunOS alternate partition with the primary. This went just fine: onno@net> show system snapshot media internal Information for snapshot on internal (/dev/da0s1a) (backup) Creation date: Aug 29 13:54:23 2015 JUNOS version on snapshot: junos : 12.1X44-D35.5-domestic Information for snapshot on internal (/dev/da0s2a) (primary) Creation date: Apr 7 13:29:14 2016 JUNOS version on snapshot: junos : 12.1X46-D40.2-domesticonno@net> request system snapshot slice alternate Formatting alternate root (/dev/da0s1a)… Copying ‘/dev/da0s2a’ to ‘/dev/da0s1a’ ..

(this may take a few minutes) The following filesystems were archived: / Juniper Networks - The output of 'show system snapshot media internal all-members' may not populate correctly and throw an error stating 'cannot mount /dev/da0sxa' The output of 'show system snapshot media internal all-members' may not populate correctly and throw an error stating 'cannot mount /dev/da0sxa' Summary: When the command "show system snapshot media internal" is executed, at times the output is not populated correctly, and the following error will be reported - fpcx:error: cannot mount /dev/da0sxa.This article explains why this error is observed and goes over the steps required to recover the system from this state.

Juniper Networks - The output of 'show system snapshot media internal all-members' may not populate correctly and throw an error stating 'cannot mount /dev/da0sxa'

Symptoms: The 'show system snapshot media internal' command is used to display the software versions available on the two slices/partitions as well as which of the two paritions is the active partition.In some instances, the output of this command does not display the complete information and displays an error stating that the alternate partition cannot be mounted. Cause: This can happen if any of the following activities take place when the command is running: How do you delete an AI-Script from a device? - J-Net Community. Question How do you delete an AI-Script from a device?

How do you delete an AI-Script from a device? - J-Net Community

Answer You can delete AI-Scripts from the device in the following ways: NOTE: We recommend that configuration of AI-Scripts Release 5.0R1.0 and later be deleted from a device by using Junos Space Service Now as Service Now calls the correct operational scripts as needed. However, if the connection between Service Now and the device is disrupted and you are unable to reach the device through Service Now, use one of the following commands to delete AI-Scripts from the device. Juniper Networks - [EX/SRX] Recovering from file system corruption during a system reboot, NAND media utility checks for bad blocks in the NAND flash memory. This article discusses the NAND media check utility, which checks for bad blocks in the NAND flash memory that is used for the internal boot media in EX platforms.

Juniper Networks - [EX/SRX] Recovering from file system corruption during a system reboot, NAND media utility checks for bad blocks in the NAND flash memory

The utility can recover the bad blocks using SCSI protocol extension commands provided by the NAND flash controller vendor. The utility checks for the product model and runs only on EX Series and some SRX Branch Series using the ST72682 NAND flash controller as boot media. This utility recovers the bad blocks by erasing them and permits the system to boot successfully in most cases. Example: Configuring Filter-Based Forwarding to a Specific Outgoing Interface or Destination IP Address. Understanding Filter-Based Forwarding to a Specific Outgoing Interface or Destination IP Address Policy-based routing (also known as filter-based forwarding) refers to the use of firewall filters that are applied to an interface to match certain IP header characteristics and to route only those matching packets differently than the packets would normally be routed.

Example: Configuring Filter-Based Forwarding to a Specific Outgoing Interface or Destination IP Address

Starting in Junos OS Release 12.2, you can use then next-interface, then next-ip, or then next-ip6 as an action in a firewall filter. From specific match conditions, IPv4 and IPv6 addresses or an interface name can be specified as the response action to a match. The set of match conditions can be as follows: Example: Disabling a PoE Interface - Technical Documentation - Support - Juniper Networks. This example shows how to disable PoE on all interfaces or on a specific interface.

Example: Disabling a PoE Interface - Technical Documentation - Support - Juniper Networks

Requirements Before you begin: Overview. Solved: Removing a static route - J-Net Community. Example: Setting Up 802.1X for Single-Supplicant or Multiple-Supplicant Configurations on an EX Series Switch. 802.1x port-based network access control (PNAC) authentication on EX Series switches provides three types of authentication to meet the access needs of your enterprise LAN: Authenticate the first end device (supplicant) on an authenticator port, and allow all other end devices also connecting to have access to the LAN.Authenticate only one end device on an authenticator port at one time.

Example: Setting Up 802.1X for Single-Supplicant or Multiple-Supplicant Configurations on an EX Series Switch

Authenticate multiple end devices on an authenticator port. Multiple supplicant mode is used in VoIP configurations. Understanding Authentication on Switches - Technical Documentation - Support - Juniper Networks. You can control access to your network through a Juniper Networks Ethernet Switch using several different authentication methods—802.1X, MAC RADIUS, or captive portal.

Understanding Authentication on Switches - Technical Documentation - Support - Juniper Networks

Authentication prevents unauthorized devices and users from gaining access to your LAN. For 802.1X and MAC RADIUS authentication, end devices must be authenticated before they receive an IP address from a DHCP server. For captive portal authentication, the switch allows the end devices to get an IP address and allows forwarding of DHCP, DNS, and ARP packets. You can allow end devices to access the network without authentication by including the MAC address of the end device in the static MAC bypass list or, for captive portal, by including the MAC address of the end device in the authentication whitelist. You can configure 802.1X, MAC RADIUS, and captive portal on the same interface and in any combination, except that you cannot configure MAC RADIUS and captive portal on an interface without also configuring 802.1X.

Monitoring 802.1X Authentication - Technical Documentation - Support - Juniper Networks. Purpose Use the monitoring feature to display details of authenticated users and users who have failed authentication. Action To display authentication details in the J-Web interface, select Monitoring > Security > 802.1X.

To display authentication details in the CLI, enter the following commands: Verifying That LACP Is Configured Correctly and Bundle Members Are Exchanging LACP Protocol Packets. Verify that LACP has been set up correctly and that the bundle members are transmitting LACP protocol packets. Verifying the LACP Setup Purpose Verify that the LACP has been set up correctly. Action. Example: Configuring an EX4200 Virtual Chassis with a Master and Backup in a Single Wiring Closet - Technical Documentation - Support - Juniper Networks.

A Virtual Chassis configuration is a scalable switch. You can provide secure, redundant network accessibility with a basic two-member EX4200 Virtual Chassis and later expand the Virtual Chassis configuration to provide additional access ports as your office grows. This example describes how to configure an EX4200 Virtual Chassis with a master and backup in a single wiring closet: Virtual Chassis Cabling Configuration Examples for EX4200 Switches - Technical Documentation - Support - Juniper Networks. You can install EX4200 switches in a single rack or multiple racks, or in different wiring closets, and interconnect them to form a Virtual Chassis. There are two dedicated Virtual Chassis ports (VCPs) on the rear panel of the EX4200 switch that are used exclusively to interconnect EX4200 switches as a Virtual Chassis.

The physical location of the switches in a Virtual Chassis is restricted only by the maximum length supported for cables to connect the VCPs. The maximum cable length for interconnecting the dedicated VCPs is 5 meters. Troubleshooting a Site to Site VPN on a SRX Series Gateway. Within this article we will look at the various steps required in debugging a Site to Site VPN on an SRX series gateway. 1.

Confirm Configuration First of all check the VPN configuration. This is also useful if and when you need to confirm the Phase 1 and Phase 2 parameter's with the remote end. admin@srx> show configuration security ikeadmin@srx> show configuration security ipsec Enter Your Email Below to Unlock All Exclusive Content Thanks for subscribing! 2. To confirm the successful completion of Phase 1 run the following command.

Admin@srx> show security ike security-associationsnode1:--------------------------------------------------------------------------Index Remote Address State Initiator cookie Responder cookie Mode6950 [LOCAL PEER IP] UP 33204fba87663d94 70acacd5f938f89b Main. SRXs and policy based routing (aka FBF) : iNETZERO. Untitled. Show arp - Technical Documentation - Support - Juniper Networks. Syntax show arp Release Information. Srx 240 restart only one ipsec tunel site 2 site - J-Net Community. Troubleshooting a Site to Site VPN on a SRX Series Gateway. Juniper Networks - Data Collection Checklists - Master list - 'What to Collect' when opening a case or troubleshooting - Knowledge Base.

Upgrading Software on an EX6200 or EX8200 Standalone Switch Using Nonstop Software Upgrade (CLI Procedure) You can use nonstop software upgrade (NSSU) to upgrade the software on standalone EX6200 or EX8200 switches with redundant Routing Engines. NSSU upgrades the software running on the Routing Engines and line cards with minimal traffic disruption during the upgrade. NSSU is supported on EX8200 switches running Junos OS Release 10.4 or later and on EX6200 switches running Junos OS Release 12.2 or later. Show system rollback. Syntax show system rollback number. Juniper Show Interface Commands. ErrorsSum of the incoming frame aborts and FCS errors. Example: Configuring Custom Policy Application Term Options.

This example shows how to configure custom policy application term options. Requirements Before you begin, configure the required applications. See Example: Adding and Modifying Custom Policy Applications . Juniper Networks - [SRX] When and how to configure Proxy ARP - Knowledge Base. This article describes when and how to configure Proxy ARP, with examples. The Resolution Guides for SRX NAT refer to this article. Juniper Junos commands cheatsheet. Modes. Juniper SRX - Destination NAT / Port Forwarding. Within this article destination NAT is configured to port forward traffic through to multiple servers based upon the destination port. Configuring Junos OS User Accounts by Using a Configuration Group. SRX & J Series Site-to-Site VPN Configurator - Support - Juniper Networks. Reverting to the Default Factory Configuration for the EX Series Switch. Reverting to the Default Factory Configuration for the EX Series Switch.

How to recover the password and configuration for the EX-series Switch Virtual Chassis (VC) setup. Juniper EX Virtual-Chassis notes. Adding or Replacing a Node Device in a QFabric Node Group. Locating the Serial Number on a QFX3500 Device or Component. [SRX] Troubleshooting Chassis Cluster Redundancy Group not failing over. What does priority 0 mean in a JSRP chassis cluster? What does priority 255 mean in a JSRP chassis cluster? Configuring Rapid Spanning-Tree Protocol. Configuring LLDP-MED (CLI Procedure)

[SRX] Performing the In-Service Software Upgrade (ISSU) [EX] How to recover the system from the 'warning: ISSU in progress' error message. Request system reboot. [SRX] Data Collection Checklist - Logs/data to collect for troubleshooting. Solved: can't deactivate policy on SRX5600. MPLS Network Operations Guide. MPLS Network Operations Guide. How to upload large files to a JTAC Case. Real-time Performance Monitoring (RPM) Learning Byte. RPM Overview. Junos Basics – Routing Instances – Aaron's Worthless Words. Solved: delete / default interface - J-Net Community. Tracing SNMP Activity on a Device Running Junos OS. Understanding Point-to-Multipoint LSPs.

Understanding Junos OS Routing Tables. Using Configuration Groups and Inheritance in a Routing Matrix with a TX Matrix Plus Router. How to Configure RSVP-Signaled LSPs on Junos Routers. Junos Default Groups. Configuring Ultimate-Hop Popping for LSPs. Show mpls lsp. Understanding Integrated Routing and Bridging Interfaces and Routed VLAN Interfaces on EX Series Switches. Example Step: Configuring Integrated Bridging and Routing. Configure Logs in Juniper SRX. Example: Configuring VoIP on an EX Series Switch Without Including LLDP-MED Support.

Understanding Virtual Router Routing Instances. Configuring Virtual Router Routing Instances. Example: Configuring an Application Group for Application Firewall. Example: Configuring Address Books and Address Sets. Peer-as (Protocols BGP)