Comcast has always worked really well. The last two days at our company, our fiber has dropped and restarted around the same time during the day. I called Comcast. They suggested contacting our IT because they don't show anything on their juniper. The It person is me! I have looked at server and switches when it happened and they are all on and running. Its almost like a reboot! The phones restart and our internet is back up. Its only maybe 30 secs or so and they come back on. I know things are hot. Could their equipment down the line be suffering a brown out? The event logs on the server just show that they lost connect and reconnected. Thoughts?
comcast fiber dropping connection
↧
↧
What is the difference between control and transit traffic?
As it relates to Juniper firewalls? I haven't found a very concrete answer aside from one is trusted and the other one, not so much.
↧
Juniper switch learning MAC address across all VLANs
Got a weird problem. Hooked up some new Juniper 40G port switches to a HPE Synergy blade system with MLAG however the Junipers are reaching their MAC limits as they are learning MACs across all VLANs which should be impossible.
Anyone seen a weird issue like this.
↧
Juniper SRX340 Reth Configuration
We have two Juniper SRX340's. We have two reth's configured on them (one for the outside one for the inside). Each side connects to a pair of stacked cisco switches on which we have etherchannels configured.
Each reth on the Juniper has 4 ports (2 from each Juniper). We have the Juniper's configured in Active/Standby mode therefore at any one time there are two ports active on the reth.
The issue we have is that we appear to have a primary port on the reth configuration. For example the one reth has port 6 and 7 configured. If I remove the cable from port 7 we see no issues on the network. If I remove the cable from port 6 we instantly lose OSPF neighbors. I have also tested adding another port to the reth so a single device has three ports but we still see the same issue with disconnecting port 6.
We have this problem on both reth's...
↧
SRX240h2 automating commands
I was wondering if anyone has the insight on how to create a script on a juniper srx240 firewall to run the following commands:
edit policy-options prefix-list blocked-countries
load update /tmp/blocked.txt relative
commit - if needed
I want to run this every 3 hours. IF anyone can help with the script creation would be greatly appreciated.
↧
↧
Which is the best Material for passing JN0-102 Exam in FIrst Attempt?
It’s my dynamically need to success my Juniper JN0-102 exam in first attempt, and I search appropriate material for it please here is anyone present who guide me for best material of my exam preparation, I really need for your help about my exam preparation…
↧
DSCP Marking/Setting Forwarding Class Priority for different types of traffic
So i am considering setting up Forwarding class priority for different traffic types egressing our edge routers.
So i am thinking of giving the highest priority to our interfaces that go south to our caches, then our private peering customers then our transit peers, then our Corp interfaces( only 1 but im sure they will grow). and then placing these in the appropriate queues 0-4.
this is because we are buying wavelengths to connect our backbone and will run mpls with rsvp for ERO's and bandwidth management. i dont believe we will want to purchase any more waves in the next 3 years unless we get slapped with unexpected growth. so my plan here is to prioritize traffic now so in the near future we dont run into these issues of hitting over 50% utilization on our primary path then that failing and our secondary path is now running near or at...
↧
Best way to monitor Juniper switches
We are starting to replace our Cisco switches with Juniper EX4300's in Virtual Chassis. We are a high school district of 17 schools, two aviation training centers, a general Tech Ed school and a Central Office. Before we started replacing anything, we had just over 100 Cisco switches (mainly 6509, 4506 and 4510) and a variety of smaller unmanaged switches and hubs.
Our first site was almost three years ago and we replaced a Cisco 6509 and three 4506 switches in three switch closets. We replaced that gear with 32 Juniper EX 4300's in three virtual chassis. No problems with the gear or network at all during that time. So, we are moving with a program to replace all the Cisco gear with Juniper. We current have a total of three schools done with two more and out Central Office in the works.
We have never had anything in place (short of a...
↧
Juniper MX 480 PAT Configuration
Here the scenario is juniper MX 480 with MS-MPC service linecard required to configure NAT 192.168.0.0/16 to 10.162.55.60/32.At the same time ip other than 192.168.0.0/16 must communicate outside through the same interface without NAT . Juniper devices are new to me . Highly appreciate early solution to guide me how to configure it.
↧
↧
Configure Layer 2 broadcast domain over layer 3 routed links
Hello all...
I've been tasked with getting some paging equipment working on our campus network. Appears I need to have these touch screen stations in the same broadcast domain as the controller device....but reside in different buildings\routers.
Our network is very tradidtional. Each building is fiber cabled to the campus core witch via their building core, which handles the routed links. Access switches (L2) are trunked off the buidling cores.
What's the best way to span a layer 2 broadcast domain over a layer 3 routed uplink?? GRE??.......I don't care about encrpytion....just want said devices to live in the same l2 vlan across the routers.
Also, there's no way to make an existing routed interface a 802.1q trunk as well correct? And only pass say a single vlan tag?
Appreciate any help!! Thanks...Dennis
Juniper EX series switches -...
↧
Help Trunking Between 2 Juniper Ex4200 Switches
Hi so yesterday I wanted to test out some network equipment. I had previously done this testing a month or two ago and it worked fine. however either i'm running into a bug or i'm not setting it up correctly.
I have 2 Ex4200's both 48 port.
Switch 1 is the " Distribution Switch" It has one trunk port 0 that leads to a sonicwall nsa2650. this trunk caries all customer vlans. IE vlan101 thru vlan125. The vlans are separate from each other so no vlans can communicate, this is handled at the sonicwall level with firewall rules.
All the other Ports on Switch 1 are also trunk ports. For example Port 1 goes to Rack1, Which for example sake could contain vlan101 and vlan102.
port 2 on switch 1 goes to rack2 and could contain whatever customer is located on that rack.
Ok so Switch 2 is basically any switch that sits at the rack level. We have 16...
↧
How to get software for old SSG550
We have an SSG550 that is still in use and need to download software for it. However, apparently we can't even purchase support on it since the unit is not registered to our company (it was here when I took over).
So, does anyone have any suggestions as to a route we could take to obtain software for the box? Due to the complexity of the configuration (over 4500 lines) moving to another platform isn't feasible at this time since it would require unavailable man hours to convert to another OS.
↧
Port forwarding NS208
I have a NS208 I setup a long time ago that the customer has now requested port forwarding. I haven't touched a Juniper device in years so I'm very rusty. I need to forward ports 81, 8554, and 37777 to an internal server. I did a bunch of googling but nothing seems to be working and it could be just that I don't know what I'm doing.
I have ethernet3 as my ISP in a untrust zone with an IP address assigned from the ISP (static).
I have ethernet1 as my internal 192.168.0.1 network in a trust zone.
I have setup a VIP on ethernet3 with an IP address (does this address matter? I've currently set it one digit higher than my ISP) This points to my internal server IP 192.168.0.108
I setup a custom service (3 technically) to forward these 3 ports
I created a policy from untrust to trust between "any" source to the VIP address using all 3 services.
...
↧
↧
PRTG with Juniper EX 4300 switches
We use PRTG with Juniper 4300 EX for monitoring SMTP traffic and that stopped working. PRTG support blames Juniper firmware which is not the case here.
Looks like sensors are working for a short time and shutting down. This is annoying since we have used that for monitoring Juniper ports.
Any thoughts?
↧
Monitor High Bandwidth with Juniper Firewall
Hi guys,
Just wanted to ask people out there with more experience of Juniper Firewalls. How can I get an SRX100b to display which IP addresses are using up all the bandwidth when they connect to the internet?
We have a situation here at my work place, where all of the sudden, our incoming line gets absolutely saturated. We've already checked with our colleagues and there's no excessive use of the internet by them. Also all of our Windows Updates are managed by an internal WSUS server, so it leads me to believe that there's some background program (or the more funky title of App) running in the background somewhere. My idea was to use the Juniper firewall to help me pinpoint this. I have done this in the past with SonicWalls from the WebGUI, but there doesn't seem to be an option on the Juniper, or if there is Just can't find it.
We also...
↧
Juniper SRX "Too many redirects"
TLDR; web management inop, config looks... fine?
Here's a ridiculous story for you.
I'm at SpiceWorld, but I'm sitting in my hotel room, troubleshooting this BS now. Basically this is "I can't print!!1!1!11!", but it's because the printer can't get DHCP, probably because it can't authenticate across the VPN to the NPS server... ugh.
Anyway, I'd like to access the web gui of the branch router, but I keep getting the subject message in IE and Chrome, "too many redirects". I've attached the config for reference, but nothing is jumping out at me. No, I can't reboot it, at least not until later today. My boss drove up there today (about a 4 hour drive for him, and 4 more hours back later today) to work on this printer thing, but I already know it's an infrastructure problem.
Any Juniper experts have any grand insights? I do have SSH to the...
↧
Juniper SRX IPS
Dear Sir,
I am beginer in Juniper.I would lke to know how to clustering IPS devices.
I want to use SRX 1500 as IPS device.
i have experience in SRX 340 clustering.
But i don't know how to cluster IPS.And I don't want to change my network design and IP addressing.
I mean in firewalls,i can use transparent mode for my design.i don't i can't use or not tranparent is support in IPS .
Please help me and explain or if can i get reference links,please provide me.
↧
↧
Move to Juniper from Cisco
I am considering moving from Cisco to Juniper and would appreciate some basic advice. Main reason is cost and the fact that Cisco now make you use on-line licensing which is diabolical for a core or TOR switch, so the switch has to connect to the mother ship or a local VM replicating that functionality with then connects to Cisco.
I have a number of questions which I'd be grateful for answers for.
Firstly, do I need a support contract on a device to access updates for it ? I'm considering buying some second hand kit to play with but I don't want to be stuck on an old version of firmware.
Secondly, when deploying a new switch, how is licensing managed ? On Cisco layer 3 functionality is a different part number or now a different add-on licence. I don't mind that providing the license, once applied, stays applied for life and doesn't need...
↧
Setup Juniper AC1100 EDI Switch
I have a Juniper AC1100 EDI switch Comcast installed onsite to provide a fiber line. Am I able to simply plug a switch into this or do I have to put it in between my current Comcast modem and the desired switch? Is it plug n play or do I have to setup interfaces for the device in the Comcast modem?
↧
Juniper Sflow
I have sflow configured and commited but when I do a show sflow I get sFlow is not configured.
This is What I have set:
protocols {
sflow {
polling-interval 20;
sample-rate {
ingress 100;
egress 100;
}
collector 10.168.2.164 {
udp-port 5556;
}
interfaces ge-1/0/45.0 {
polling-interval 20;
sample-rate {
ingress 100;
egress 100;
}
}
interfaces ge-1/0/46.0 {
polling-interval 20;
sample-rate {
ingress 100;
egress 100;
}
}
interfaces ge-1/0/47.0 {
polling-interval 20;
sample-rate {
ingress 100;
egress 100;
}
}
Any help would be appreciated.
↧
More Pages to Explore .....
