Skip to content

Support



Juniper was the first North American IP routing vendor to achieve the prestigious TL 9000 certification by the Quality of Excellence for Suppliers of Telecommunications (QuEST) Forum in the router category, for design, development, provision and service and support.



What is J-Care?

It's the world-class service and support that you expect from a company that delivers the industry's best infrastructure and security products. With J-Care, you now have the confidence knowing that Juniper will do our part to keep you on top of the world!


Outstanding and Resolved Issues in JUNOS 9.0 for EX-series Switches

Date: 18 November 2008

This page lists the outstanding issues in the JUNOS Release 9.0 software for EX-series switches. It also lists the issues that have been resolved since JUNOS Release 9.0R2.

Outstanding Issues

The following issues are outstanding in the JUNOS Release 9.0R2 software for EX-series switches. The identifier following the description is the tracking number in our bug database.

Access Control and Port Security

  • When you configure the MAC limiting drop action and then change which VLAN the interface is in, packets are not dropped. As a workaround, clear the Ethernet switching table after enabling MAC limiting. [PR/256877]
  • If the VLAN associated with a client is not configured on the switch, users are authenticated and the port is placed in the default VLAN. [PR/263719]
  • After you deactivate an interface on the switch, LLDP does not send a TLV with a TTL value of zero. Because of this, neighbor switches may not immediately flush the switch details from the LLDP database. The neighbor details are flushed after the TTL value expires. [PR/264368]
  • In multiple supplicant mode, if multiple users with dynamic VLAN movement have authenticated successfully, the show vlans detail command displays the interface entry as many times as the number of authentication sessions. [PR/267981]
  • If you simultaneously add or delete an interface to the family ethernet-switching and enable 802.1X on that interface, the show dot1x interface command will display no output. To have this configuration work properly, first add the interface to the family ethernet-switching and commit the configuration, then enable 802.1X on the interface and commit the configuration again.[PR/272364]
  • On EX-series switches, if you include the interface all statement when configuring the 802.1X protocol in the [edit protocols dot1x] configuration hierarchy, dynamic VLAN assignment for 802.1X-authenticated clients is not enabled. As a workaround, enable 802.1X on the individual ports on which you want to use dynamic VLAN assignment. [PR/274265]
  • If the MAC address of a client running 802.1X is added to the static MAC list, 802.1X takes precedence and the static MAC is ignored. As a result, 802.1X authentication is performed for the client. [PR/274365]
  • If a client behind a hub that is connected to an EX-series switch provides invalid credentials and is added to a guest VLAN after unauthenticated failure, after the client disconnects, re-authentication might not correctly clear the 802.1X status for the client. [PR/279081]
  • DHCP snooping is not supported for the local DHCP server. [PR/280291]

Bridging, VLANs, and Spanning Trees

  • In LLDP-MED TLVs, CoS and DSCP values are always sent as zero. [PR/257327]
  • When you configure VRRP on EX-series switches without specifying accept-data in the configuration and a VRRP failover occurs, traffic may be lost for about 5 minutes. As a workaround, issue the clear ethernet-switching table command on the new VRRP master. [PR/271012]
  • After you issue a clear ospf statistics command, the OSPF statistics are not updated at regular intervals. [PR/271881]
  • When frames are switched from access to trunk interfaces (that is, when incoming frames are not tagged), the priority bits in the 802.1q header are set to 1 by default. [PR/273079]
  • Occasionally, VRRP on a tracked interface is down while the interface is physically up. The result is a VRRP switchover to the backup. [PR/277204]
  • Currently, EX-series switches do not support GVRP. [PR/280129]

Class of Service

  • In the output of the show interfaces queue command, the Packets and Bytes values displayed for a queue are the count of transmitted in that queue. [PR 259525]
  • The show interfaces queue command always shows the pps and bps counters as 0. [PR/263374]
  • The show interfaces queue command for any interface always shows that no forwarding classes and no queues are in use. [PR/270670]
  • If you want to modify the fill-level value of an existing drop profile, you have to delete the drop profile, perform a commit and re-add the drop profile with the new fill-level value. [PR276430]
  • If you change the name of a VLAN but not the VLAN identifier and then issue a ping command on the routed VLAN interface, the ping command fails. As a workaround, you must change both the VLAN name and ID and reassign the same IP address to the renamed and renumbered VLAN. [PR/277034]
  • If you apply fewer than four scheduler maps to an interface using wildcards (such as ge-*), you may get a commit error indicating that you are trying to apply more than four different scheduler maps. The workaround is to remove the wildcard and apply the scheduler map to the individual interfaces. [PR/277186]

Firewall Filters

  • TCAM rules installed for DHCP snooping and DAI are not removed when DHCP snooping, DAI, and the corresponding VLANs are deleted at the same time. [PR/270617]
  • When you use the delete vlan default command to delete a VLAN, the filter associated with the default VLAN is not removed. To remove the filter on the default VLAN, use the delete vlan default filter command instead. [PR/273680]
  • When you restart the firewall process, 802.1X filters installed on the EX-series switch are removed. This happens only when the attribute "filter-id" is used on the RADIUS server to install the filter for the 802.1X client. [PR/277203]
  • When you delete a filter on a VLAN, DHCP snooping and ARP inspection stop working on that VLAN. [PR/278705]
  • On EX series switches, if a dynamic filter defined on the RADIUS server for 802.1X clients has more than one match-action pair as a value for the Juniper-Firewall-Filter VSA, only the last match-action pair is installed on the switch. [PR/280395]

Hardware

  • On an EX-series switch, the ALM (alarm) and SYS (system) LEDs are not working as expected. For example, when the switch is booting, the ALM (alarm) LED blinks instead of the SYS (system) LED. The current operation of the LEDs is as follows. ALM blinks green when the Routing Engine is booting and the switch is starting up. ALM is solid green when the switch is loading the JUNOS software. ALM is solid red to indicate a major alarm. ALM is off when there are no alarm conditions. The SYS LED is solid green to indicate normal switch operation. [PR/280830]

Infrastructure

  • When the analyzer output interface is not part of any VLAN, or when the analyzer output interface is part of a VLAN that contains interfaces other than the analyzer output interface, the analyzer output interface receives switched packets. As a workaround, configure the analyzer output interface to be the only interface in its VLAN. [PR/259820]
  • After you restore the factory default configuration, the previous hostname is still present in the configuration. [PR/263647]
  • The J-Web interface does not open in the browser window if a pop-up blocker has been enabled in the installed toolbar (for example, Winamp) or if the toolbar installed in the browser (for example, Megaupload and Firebug) installed in the same browser) does not allow AJAX communication. As a workaround, uninstall these toolbars or disable pop-up blockers and try to start the J-Web interface again. [PR/264741]
  • If you remove or delete syslog or traceoptions files and then need to use them again, you must delete and then reconfigure the syslog and traceoptions configuration for the logging to work. [PR/267706]
  • Logical interface traffic counters show an extra 8 bytes in the output byte statistics. [PR/268667]
  • When an SNMP walk or polling is done on the jnxBoxAnatomy (jnx-chassis.mib), CPU usage remains at 95 to 100 percent until the SNMP walk completes. [PR/270552]
  • If you modify the configuration to change the system host name, the name may not change when you commit the configuration. As a workaround, exit from the terminal session to the switch after you have activated the configuration, then log in again. [PR/272903]
  • After you configure SNMP, you may not be able to commit the configuration. [PR/273505]
  • When you perform an SNMP walk on the switch, the message “unable to create internal request“ might be displayed. [PR/274019]
  • You cannot use the rollback rescue command to revert to a rescue configuration. As a workaround, save a known good configuration to a location from which you can reload it to your switch if needed. [PR/275480]
  • When you configure SNMPv3 with SHA authentication, all queries fail. As a workaround, used MD5 authentication. [PR/277599]
  • When you close the browser by clicking the browser's “X” button or by pressing Alt-F4, J-Web sessions may not terminate properly. Always click the Logout button in the J-Web pop-up browser window to exit the session. [PR/278131]
  • When the dates on the members of an EX 4200 virtual chassis are not synchronized, a member chassis or backup PFEM might not be able to connect to the master. [PR/278784]
  • When you open the J-Web interface, the font style and sizes may not be the defaults. [PR/279113]
  • If you press any key on the keyboard when the switch is rebooting, the switch enters uboot mode instead of rebooting and you see the uboot prompt (=>). If this occurs, issue the boot command at the => prompt to continue the reboot. [PR/280086]
  • Currently, EX-series switches do not support Graceful Routing Engine Switchover (GRES). [PR/280130]

Interfaces

  • You can configure both half-duplex mode and a link speed of 1000m on network or uplink interfaces, but these interfaces do not support half-duplex mode at this speed. [PR/240422]
  • Chassis alarms do not work on the management Ethernet interface. [PR/254483]
  • The speed/duplex LED on the management Ethernet interface sometimes blinks even when no cable is connected. [PR/257290]
  • When you boot the switch, interfaces will come up, then might go down and come back up again. [PR/260543]
  • When you are using the show interfaces extensive command, the queued packet counter is never updated, but always displays a count of 0. [PR/263527]
  • When you configure unsupported or invalid interface parameters for speed, full- and half-duplex, and autonegotiation on 10-Gigabit Ethernet or 1-Gigabit Ethernet interfaces, the CLI does not display an error message. [PR/264630]
  • The output packet counter on aggregated Ethernet interface does not increment correctly. [PR/271057]
  • If you configure the link speed on one end of a LAG interface to be 100 Mbps, then remove this configuration, the LAG interface may go down and remain down. [PR/273415]
  • When you enable spanning tree on an autonegotiation port, the default port cost is 20000 and the link type is point to point. [PR/276191]
  • Currently, EX-series switches allow transit traffic between the out-of-band management interface (me0) and network ports. [PR/279700]

Virtual Chassis

  • In an EX 4200 virtual chassis, the set mastership priority command might not work after you renumber the member identifier. [PR/257066]
  • When you modify the mastership priority of virtual chassis members, Layer 2 packets might be lost for up to 40 seconds. [PR/260701]

Resolved Issues

The following issues have been resolved since JUNOS Release 9.0R2 for EX-series switches. The identifier following the description is the tracking number in our bug database.

Access Control and Port Security

  • After DHCP has granted a lease to a trusted interface (a trunk port), the DHCP snooping database may show interface as “unknown.” [PR/278119]

Class of Service

  • On an EX-series switch with aggregated interfaces, when you apply classifiers on interfaces using wildcards (for example, ge-*) that include the aggregated interface members, occasionally a cosd core is generated in /var/tmp. As a workaround, delete the class-of-service configuration, perform a commit, and add the class-of-service configuration again. [PR/276973]

Firewall Filters

  • If you configure the match conditions source-port or destination-port, you cannot specify a port value of 61. [PR/268033]

Infrastructure

  • When an EX-series switch is rebooting, you may see a large number of messages on a syslog server. [PR/276248]
  • If you enable PIM and then perform an SNMP walk on pimNeighborTable, the SNMP walks enters an infinite loop and cannot complete. [PR/277049]

Virtual Chassis

  • On an EX 4200 virtual chassis, the show virtual status command displays two masters for a short period of time after the virtual chassis members have been rebooted. [PR/260443]
  • Occasionally on an EX 4200 virtual chassis, an 802.1X-enabled interface on a virtual chassis member is not listed in the show dot1x interface command output and authentication fails on those interface. To correct the problem, reboot the virtual chassis. [PR/278506]