I've got a set of Juniper switches in various configurations with a seemingly unique issue. I have an L3 switch routing VLAN's (everything internal/no internet). That is trunked to an L2 juniper switch (EX2200). This L2 switch is configured with port security so nothing has "rogue" received IP addresses (not using DHCP anyway). I'm getting log messages indicating an invalid MAC address presence on a physical port. The switch is, of course, blocking this "unknown" MAC address and there is nothing to suggest an "invasion". Trying to see if there is a way to determine where this MAC address might be originating. It does not match a MAC on any machines in use but does start with the same hardware vendor ID from the first half of the MAC as some of the other devices. The device connected to the physical interface in question does not have...
How to find rogue devices?
Forward multicast SRX220h
Hello I am hoping someone can help me. I have a BT infinity line with BT TV. Some of these channels are streams from the internet and from what i have learnt from the internet it is multicast/igmp that needs to be allowed in. i can't find the exact addresses or ports nor can BT tell me so have allowed all multicast range and junos-udp-any to come through on the policies. I have included my configuration below in the hope someone will help me ensure that i configured it correctly to allow the multicast streams through.
My outside interface is ppoe and need to forward all the multicast traffic coming into that interface to the home vlan inside the network. (i think)
version 12.1X46-D55.3;
system {
host-name CHG-jFW01;
root-authentication {
encrypted-password "$WsrsPGQsEfFNhfDgpVjY/"; ## SECRET-DATA
}
name-server {
8.8.8.8;...
Juniper Networks Expands Online Proctoring for Certification Exams
Get Certified Today! Schedule your online proctored exam now.
The Juniper Networks Certification Program team is excited to announce that we have expanded our online proctoring (OP) option from our Associate-level exams only to now include our Specialist and Professional-level certification exams.
Become certified in the comfort of your own home or office through online proctoring (OP). OP allows candidates to conveniently take written exams in the location of their choice while being monitored by an offsite proctor.
This expansion means thirteen additional Specialist and Professional certifications are now available to take online including our newest Cloud and Automation/DevOps exams!
Get Started
To simulate an online proctored exam experience and for more information, including policies and procedures, system requirements, and...
how do i back up running-config on a juniper switch 2200 to a tftp server
I read the following article but the commands suggested in the article are not working. Maybe I'm in the wrong configuration mode? Could I please get instructions how to back up to a tftp server.
https://community.spiceworks.com/topic/448131-how-to-save-and-restore-configuration-ex2200-juniper
UPDATE: I used the following commands to get the config to the tftp server
root@Core-Colo start shell
root@Core-Colo:RE:0% tftp 192.168.44.50
tftp put /config
I also copied the config back from the tftp using
tftp get
(files) config
Received 18024 bytes in 0.3 seconds
tftp
but I don't know how to commit the file back to the running-config
So I would appreciate any help i can get.
Syn Ack first recieved - unable to RDP or HTTPs
I am working with a client who has a configuration setup below, Host B is a proxy for a failover site so the gateway is configured for F2, I was having problems connecting to HostB from HostA so I made a new policy Trust-Trust and now I can ping it. That is via UDP ICMP, when I attempt to RDP that fails (tcp packet) on F2 the packet I see is a Syn ACK first not a SYN and so the traffic is dropped. I can remove this feature but that makes it vunerable.
If I have HOSTB configured with R2 as the gateway I can do everything, however that does not work because if the first site went down the proxy would be pointing to a failed site. So I have to have HOSTB configured for F2. I looked at routing on all the devices, but I do not see anything that would be giving this weird issue.
What should I try next?
...
Juniper EX2200-C Switch
I have two Juniper EX2200-C switches
connected to an in-line proxy appliance and am able to ping google.com from the network but unable to get to any websites or send/receive email. When we take the juniper switches out and leave the proxy appliance in-line we have no issues with web traffic or email.
Is anyone familiar with these switches and possibly have an idea if they may be "smart" switches and applying any rules to web traffic or blocking in some way?
What could break if LLDP is disabled?
Wondering if anybody here has any experience with Juniper switches and disabling LLDP. I have a network that I'm considering disabling LLDP and I'm using all static IP's, static MAC/ARP, etc. I'm thinking that it won't be a problem but I am just now getting my feet wet with Juniper equipment. Hoping someone else has more experience with LLDP and/or Juniper's and can answer this. Also, I'm on an open air network with not internet gateway whatsoever.
Juniper Config Files Issue
Hello all, My short time working with Juniper has been delightful in some ways and completely melts my brain in others.
Is there anyway to extract the plain text from a backed up config file?
I am trying to test out different scenarios to bring a switch back up the fastest if they crash. We auto backup after commit on all of our switches to an ftp server.
I was initially attempting to use JWeb to upload that config(.gz) file. All it kept doing was crashing. So I wanted again to use JWeb to just paste in the config and commit. However it doesn't appear I have anyway to open this file in windows...?
So if I am sitting in front of a factory defaulted switch with a laptop plugged into the console and the config file backup for the switch I'm working on, is there not an easy way to just copy the contents of this file into the clipboard so I can...
SRX220h /cf/root cleared on reboot
If I backup the configuration on one of these it goes into a file in /cf/root. However when I reboot the device that file is gone and only the default files remain.
root@srx220% ls
.cshrc .login .profile
This does not happen on other firewalls of the same model. I have tried replacing the CF card and reinstalling Junos but this behaviour persists.
Besides that the SRX appears to be functioning normally. The configuration i write and commit is saved across reboots. Any suggestions on what this might be?
Juniper SRX Ipsec phase I failure
I am trying to set up an ipsec tunnel with a third party. The phase I is failing I will get a cookie from the other company but the tunnel will never establish. When I check the kmd log the only thing I get is:
Apr 24 16:16:50 RounterName-VPN kmd[1255]: IKE Phase-1: (Responder) Policy lookup failed [local_ip="Our public facing IP" remote_ip="Vendor public facing IP"]
I have tried google to find the meaning of this error message but can not find anything useful. Any light that you can shed on this would be helpful.
Open new tcp ports on a Juniper SRX340 Firewall
Hi Spicers - We need a software to access the internet via ports TCP 6184, 6160, 11731, 9395, 6183. Does anyone know the command(s) to do this? I ran a "show system connections | no-more" and its none of those ports are listed in the results so I assume they are being blocked!
Any help is greatly appreciated.
ex2200 on loader prompt - error 2
Hi all,
The Background:
I have been searching for a resolution to this for the last couple of days. I have a slightly technical background with networking from highschool, and haven't done anything with networks other than basic wifi setup since then.
I am wanting to get some internet video cameras which operate with PoE so I found a switch which included PoE with sufficient ports that was supposed to work on ebay, and am now starting to dig into it.
When the switch arrived, it was stuck in the boot cycle. I have since gotten a console cable, installed PuTTY, and have attempted installing the current OS from outside sources (Juniper seems to lock down their software unless you are a company).
The Process:
I have downloadedjinstall-ex-2200-12.3R12.4-domestic-signed.tgz, put it on a USB drive, and gone through the install process from the...
Trunking two Junipers EX series
Hello everyone,
Just need some help getting two Juniper switches EX series to communicate via the trunk.
What are some crucial things we need to do? We have successfully configured a trunk between a Juniper and a Brocade, however Juniper to Juniper, we are running into issues.
We are trying to pass two VLANs over this trunk. Can someone post a very basic config? Or at least somewhere to start looking for troubleshooting?
How to Configure MAG 2600 for NPS for Azure MFA
Hi there,
we are hoping to configure MFA for our VPN users who connect via a MAG2600. So far we have had no success. The MAG passes the authentication to the NPS server, which verifies the credentials, but then kicks off the user. I think it's because of the Network Access Policy which defines the MAG.
Has anyone successfully configure a MAG2600 for NPS and Azure MFA?
JunOS SRX - how to create security zone
Hello,
I have install a Junos Olive on GNS3, but i didn't manage to create a zone in the SRX.
I have only those choice after "set security" :
[edit]
admin@FW-SRX# set security ?
Possible completions:
alarms Configure security alarms
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
authentication-key-chains Authentication key chain configuration
certificates X.509 certificate configuration
ike IKE configuration
ipsec IPSec configuration
log Configure auditable security logs
pki PKI service configuration
ssh-known-hosts SSH known host list
traceoptions Trace options for IPSec key management
[edit]
Do you know why ?
Thanks !
Juniper EX 3200 unreachable, dead lcd, unable to reset to factory default
Hello
I am new to Juniper hardware but very exited to start working with it.
I manage the IT infrastructure for a non profit organization, the network will get a refresh so i picked up a EX3200 48T on ebay for cheap. The switch is used but in good state.
Now I cannot seem to connect to it. not via telnet,ssh and J-Web. The lcd seems to be not working. nor the indication leds.
The switch switches correctly so at least something works :)
Any ideas tips tricks to get this resolved?
Thanks
Juniper SRX sa1 partition missing and getting sapshot error
root> show system storage partitions
Boot Media: internal (da0)
Active Partition: da0s1a
Backup Partition: da0s2a
Currently booted from: backup (da0s2a)
Partitions information:
Partition Size Mountpoint
s2a 617M /
s3e 46M /config
s3f 618M /var
s4a 56M recovery
s4e 5.7M
Partition sa1 and mount mount altroot is not there so when running slice alternate getting error:
error: Partition /dev/da0s1a does not exist on internal (/dev/da0)
Please Help if its a known issue.
where i can download upgraded boot loader for my juniper ex 3300.
i tried juniper website and couldn't find it.
Juniper Networks - Schedule of Upcoming Classes in AMER (TRAINING)
Juniper Networks - Schedule of Upcoming Classes in AMER
Juniper Education Services, AMER is pleased to offer the following technical training classes. Most classes offer the option to attend online. View the schedule of classes on the web.
New Course! The Juniper Cloud Fundamentals course is now available for registration.
Can't find what your looking for? Submit a training request or request a private class.
Course | Location | Start | End | Enroll |
CA, Sunnyvale | Jun.11.2018 | Jun.16.2018 | ||
AMER Online | Jun.11.2018 | Jun.16.2018 | ||
AMER Online | Jul.16.2018 | Jul.20.2018 | ||
VA, Herndon | Aug.20.2018 | Aug.24.2018 | ||
Selectively release an IP address SRX 340
So here's the situation - we're currently on a flat network (255 addresses) with an SRX340. We're in the process of redoing out network with multiple subnets but in the meantime we are running out of IPs FAST.
Is there a way to see what IP addresses are not used by a mac address and selectively release them through the firewall? The SRX is our dhcp server.