Well as the title suggests I am in a bit of a bind due to an overzealous promise from an SE about timelines. I just found out that 6 weeks actually means 12 weeks+ with no delivery SLA until they are in transit.. Wondering what vendors \ models folks have had luck with regarding delivery times. ( Arista were my go to I would consider Juniper \ Cisco \ Maybe Nokia if someone has any recommendations?). The feature set does not matter too much I can get away with L2 and basic L3 Ideally these would be enterprise grade but I can live without removeable PSUs etc if they are reasonably priced. I don't want to look at second hand equipment unless I am really out of options. In summary.. what switch would you recommend if delivery times were tight.
r/Juniper
Trying to configure a mixed mode chassis of EX4600 and 5 EX4300s.
Recently upgraded from an 18 to 21 version (now 21.4R3-S5.4).
I've made a small amount of commits, but a specific commit (adding vlan tag to an interface-ragen) is causing the commit to fail.
During the commit (which hangs for 5-10 minutes before failing) shows this...
root@> show system storage | match rundb
/dev/md17 504M 223M 240M 48% /var/rundb
/dev/md24 236M 236M -18.8M 109% /var/rundb
/dev/md24 236M 236M -18.8M 109% /var/rundb
/dev/md24 236M 236M -18.8M 109% /var/rundb
/dev/md24 236M 236M -18.8M 109% /var/rundb
/dev/md24 236M 236M -18.8M 109% /var/rundb
Though recovers to this after...
root@> show system storage | match rundb
/dev/md17 504M 183M 280M 40% /var/rundb
/dev/md24 236M 194M 23M 89% /var/rundb
/dev/md24 236M 194M 23M 89% /var/rundb
/dev/md24 236M 194M 23M 89% /var/rundb
/dev/md24 236M 195M 22M 90% /var/rundb
/dev/md24 236M 195M 22M 90% /var/rundb
I've tried all the usual tricks like request system storage cleanup, removed the .schema-cache folders (on each member), even removed the extra juniper.data and .save+ files etc.
This is a copy of the largest files on one switch
root@:LC:5% sh -c 'find / -size +10485760c 2> /dev/null' | xargs du -h | sort -nr
108M /packages/junos-ex-21.4R3-S5.4
99M /packages/mfs-junos-ex-4300/junos-ex-4300-21.4R3-S5.4
99M /packages/junos-ex-4300-21.4R3-S5.4
73M /var/tmp/.schema-cache/render.db
73M /packages/mnt/jweb-ex-21.4R3-S5.4/jail/var/tmp/uploads/.schema-cache/render.db
72M /var/rundb/render.db
51M /packages/mnt/junos-ex-4300-21.4R3-S5.4/usr/sbin/pfex_junos
46M /packages/mnt/junos/usr/lib/dd/libjkernel-dd.tlv
40M /var/rundb/cdg.db
33M /packages/mnt/junos/usr/sbin/rpd
29M /boot/modules/mdimage
28M /var/rundb/juniper.data+
27M /var/tmp/.schema-cache/schema.db
27M /packages/mnt/jweb-ex-21.4R3-S5.4/jail/var/tmp/uploads/.schema-cache/schema.db
26M /var/rundb/schema.db
24M /var/rundb/juniper.data
19M /packages/mnt/junos/usr/lib/render/libif-render.tlv
14M /packages/mnt/junos/usr/share/icu/4.6/icudt46l.dat
14M /packages/mnt/junos/modules/bcmsdk_5_9_x.ko
13M /packages/mnt/junos/usr/sbin/authd
13M /packages/mnt/junos/usr/libdata/chassisd/chassisd.static.db
13M /packages/mnt/junos/usr/lib/render/librpd-render.tlv
11M /packages/mnt/junos-ex-4300-21.4R3-S5.4/usr/sbin/mcsnoopd
10M /packages/mnt/junos-ex-4300-21.4R3-S5.4/usr/sbin/autoconfd
(I have previously cleared that .schema-cache folder)
The config isn't so big so will attach the whole lot - the changes I am trying to commit is simply...
> set interfaces interface-range ACCESS-PORTS unit 0 family ethernet-switching vlan members vlan10
version 21.4R3.15;
system {
host-name ;
root-authentication {
encrypted-password "$$";
}
services {
ssh {
root-login allow;
}
web-management {
https {
system-generated-certificate;
}
}
}
time-zone Europe/London;
name-server {
10.0.0.7;
10.0.0.6;
}
syslog {
user * {
any emergency;
}
host log.fhdale.local {
any any;
}
file interactive-commands {
interactive-commands any;
}
file messages {
any notice;
authorization info;
}
source-address 10.0.40.15;
}
processes {
dhcp-service {
traceoptions {
file dhcp_logfile size 10m;
level all;
flag all;
}
}
app-engine-virtual-machine-management-service {
traceoptions {
level notice;
flag all;
}
}
}
ntp {
server 10.0.0.254;
server 10.0.0.100;
}
}
chassis {
aggregated-devices {
ethernet {
device-count 1;
}
}
}
interfaces {
interface-range ACCESS-PORTS {
member ge-5/0/9;
member ge-5/0/11;
member ge-5/0/13;
member-range et-0/1/0 to et-0/2/3;
member-range et-0/0/24 to et-0/0/27;
member-range xe-0/0/24 to xe-0/0/27;
member-range xe-0/0/0 to xe-0/0/23;
member-range et-1/1/0 to et-5/1/3;
member-range xe-1/2/0 to xe-5/2/3;
member-range ge-1/0/0 to ge-5/0/7;
member-range ge-5/0/15 to ge-5/0/47;
native-vlan-id 1;
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members default;
}
}
}
}
ge-5/0/8 {
ether-options {
802.3ad ae0;
}
}
ge-5/0/10 {
ether-options {
802.3ad ae0;
}
}
ge-5/0/12 {
ether-options {
802.3ad ae0;
}
}
ge-5/0/14 {
ether-options {
802.3ad ae0;
}
}
ae0 {
description LAG0;
native-vlan-id 1;
aggregated-ether-options {
lacp {
active;
periodic fast;
}
}
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members [ default vlan10 ];
}
}
}
}
em1 {
unit 0 {
family inet;
}
}
irb {
unit 0 {
family inet {
address 10.0.40.15/16;
}
}
}
vme {
unit 0 {
family inet;
}
}
}
forwarding-options {
storm-control-profiles default {
all;
}
}
protocols {
lldp {
interface all;
}
lldp-med {
interface all;
}
igmp-snooping {
vlan default;
}
}
virtual-chassis {
member 0 {
mastership-priority 255;
}
}
vlans {
default {
vlan-id 1;
l3-interface irb.0;
}
vlan10 {
vlan-id 10;
}
}
The commit | display detail tends to sit at this line for ages...
2026-05-06 09:05:06.461355 BST: pull-configuration success. URL: /var/tmp/juniper.db-patch.sync
2026-05-06 09:05:06.463351 BST: sending load-patch rpc to fpc3
2026-05-06 09:05:06.585266 BST: remote load-configuration success on fpc3
2026-05-06 09:05:06.586562 BST: sending file-delete rpc to fpc3
2026-05-06 09:05:06.751205 BST: sending pull-configuration rpc to fpc4
2026-05-06 09:05:06.752611 BST: filename /var/run/db/juniper.db-patch.sync, size 107
2026-05-06 09:05:07.136246 BST: pull-configuration success. URL: /var/tmp/juniper.db-patch.sync
2026-05-06 09:05:07.137424 BST: sending load-patch rpc to fpc4
2026-05-06 09:05:07.260404 BST: remote load-configuration success on fpc4
2026-05-06 09:05:07.261511 BST: sending file-delete rpc to fpc4
2026-05-06 09:05:07.384814 BST: sending pull-configuration rpc to fpc5
2026-05-06 09:05:07.385954 BST: filename /var/run/db/juniper.db-patch.sync, size 107
2026-05-06 09:05:07.806474 BST: pull-configuration success. URL: /var/tmp/juniper.db-patch.sync
2026-05-06 09:05:07.807930 BST: sending load-patch rpc to fpc5
2026-05-06 09:05:07.931460 BST: remote load-configuration success on fpc5
2026-05-06 09:05:07.932751 BST: sending file-delete rpc to fpc5
2026-05-06 09:05:08.66418 BST: asking fpc1 to commit
2026-05-06 09:05:08.67545 BST: syncing commit db revision to fpc1
2026-05-06 09:05:08.68895 BST: asking fpc2 to commit
2026-05-06 09:05:08.70020 BST: syncing commit db revision to fpc2
2026-05-06 09:05:08.71285 BST: asking fpc3 to commit
2026-05-06 09:05:08.72092 BST: syncing commit db revision to fpc3
2026-05-06 09:05:08.72856 BST: asking fpc4 to commit
2026-05-06 09:05:08.74407 BST: syncing commit db revision to fpc4
2026-05-06 09:05:08.75671 BST: asking fpc5 to commit
2026-05-06 09:05:08.76929 BST: syncing commit db revision to fpc5
2026-05-06 09:05:08.78174 BST: waiting for commit reply from fpc1
fpc1:
2026-05-06 09:05:08.87306 BST: Obtaining lock for commit
2026-05-06 09:05:08.96182 BST: updating commit revision
2026-05-06 09:05:08.97418 BST: UI extensions feature is not configured
2026-05-06 09:05:08.98211 BST: UI change-notification feature is not configured
2026-05-06 09:05:08.99605 BST: Started running translation script
2026-05-06 09:05:08.100662 BST: Finished running translation script
2026-05-06 09:05:08.101733 BST: start loading commit script changes
2026-05-06 09:05:08.103468 BST: no commit script changes
2026-05-06 09:05:08.105526 BST: no transient commit script changes
2026-05-06 09:05:08.106371 BST: finished loading commit script changes
2026-05-06 09:05:08.107028 BST: No translation output from the scripts
2026-05-06 09:05:08.109037 BST: Should rebuild persist groups tree
2026-05-06 09:05:08.109758 BST: building groups inheritance path full in candidate db
2026-05-06 09:05:08.111698 BST: finished groups inheritance path
2026-05-06 09:05:08.112334 BST: copying juniper.db to juniper.data+
2026-05-06 09:05:08.131531 BST: finished copying juniper.db to juniper.data+
2026-05-06 09:05:08.132751 BST: exporting juniper.conf
2026-05-06 09:05:08.169969 BST: expanding interface-ranges
2026-05-06 09:05:15.891272 BST: finished expanding interface-ranges
2026-05-06 09:05:15.892976 BST: building groups inheritance path in committed db for transient changes
2026-05-06 09:05:15.894161 BST: finished groups inheritance path
2026-05-06 09:05:15.894777 BST: setup foreign files
2026-05-06 09:05:15.918344 BST: propagating foreign files
2026-05-06 09:05:15.919265 BST: Sending constraint check command to evaluate constraints
before failing. some times induvidual switches suggest they worked. It then rollsback.
fpc1: error: could not copy to juniper.save+
fpc0: error: remote commit-configuration failed on fpc1
fpc2: error: commit failed: (constraints processing failed)
fpc0: error: remote commit-configuration failed on fpc2
fpc3: error: commit failed: (constraints processing failed)
fpc0: error: remote commit-configuration failed on fpc3
fpc4: error: could not copy to juniper.save+
fpc0: error: remote commit-configuration failed on fpc4
fpc5: commit complete
All I can find online is clearing storage/files, and or upgrading from a bug in 18(?) which these have already been upgraded. Have also started from a zeroize on all boxes (including removing and recreatding /config/vchassis).
Routes Link Between SRX5Ks using 100GB ports
I’m hoping someone here can help.
I’m trying to connect two SRX5Ks using 100GB ports mapped to a non-vlan-tagging reth interfaces.
I’ve configured all the usual settings i.e. SZ, IP addressing, host-inbound traffic ping etc.
I’ve configured RS-FEC on both ends. However, I can’t ping across from one cluster to another using the reth unit 0 IP addresses.
Any ideas?
How on earth could a router in 2026 not support 1G auto-neg? How could it even get past the engineering phase?
Juniper states this is a hardware limitation with the Broadcom chip, so no reason for hoping for a software upgrade to fix this mess.
We are now stuck with 40 ACX7024 routers in our MPLS network not being able to get get link up towards factory default SRX'es, which should be handled by ZTP.
Juniper as of now is a perfect example of Stockholm syndrome. *Sigh*
Hey all,
Running into an issue upgrading an SRX320 and wanted to sanity check what I might be missing.
I was following this Juniper doc around upgrades involving the newer FreeBSD base:
Trying to go from 20.2 → 21.2, so I understand this crosses the FreeBSD upgrade boundary.
CLI output:
SRX320> show version
Model: srx320
Junos: 20.2R3-S4.7
JUNOS Software Release [20.2R3-S4.7]
SRX320> file list /var/tmp/
/var/tmp/:
appidd_cust_app_trace
appidd_trace_debug
bcast.bdisp.log
bcast.disp.log
bcast.rstdisp.log
bcast.undisp.log
cleanup-pkgs.log
eedebug_bin_file
install/
kmdchk.log
krt_rpf_filter.txt
mmcq_authd
mmcq_bbeStatsdGetCollector
mmcq_mmdb_rep_mmcq
mmcq_sdb_bbe_mmcq
mvdsl_debug_file.log
nsd_restart
os-package.tgz <--------------------
package.tgz
pfe-limit
pfe_debug_commands
phone-home/
pics/
policy_status
rtsdb/
sd-upgrade/
sec-download/
vi.recover/
SRX320> request system software add /var/tmp/os-package.tgz
ERROR: Not a package: /var/tmp/os-package.tgz
Questions:
- Where are you actually supposed to download
os-package.tgzfrom? I downloaded it form the link provided in the site. - In the site it says that the package should be something like
os-package-20221105.013526_builder_stable_12.tgz, but where do i find it? - Is os-package.tgz actually valid for this type of upgrade, or should I be using the standard junos-srxsme-21.2...tgz image instead?
- Does the FreeBSD upgrade require a different install method or package format?
- Do I need to extract anything first, or should the .tgz be used directly?
Feels like I’m missing something basic, but the error suggests the file itself isn’t recognised as a valid package.
Any pointers appreciated 👍
Hello,
Can anyone help me? I have several Juniper SRX 300 devices that I want to connect using AutoVPN with a preshared key. One of them will act as the hub, and the others as spokes. But I can't seem to get it to work. Maybe I just don't know what to configure under "security ike gateway dynamic". All the configurations I try result in only one spoke being able to connect. The next one simply hijacks the connection. I understand this is because all the spokes have the same “local-identity hostname.” But when I configure them with different ones, the connection fails with the error: “Negotiation failed with error code AUTHENTICATION_FAILED received from peer”
my config: hub
proposal ike_prop_autovpn {
authentication-method pre-shared-keys;
dh-group group14;
authentication-algorithm sha-256;
encryption-algorithm aes-256-cbc;
lifetime-seconds 86400;
}
policy ike_pol_autovpn {
proposals ike_prop_autovpn;
pre-shared-key ascii-text ## SECRET-DATA
}
gateway gw_autovpn {
ike-policy ike_pol_autovpn;
dynamic hostname example.loc;
local-identity hostname hub.example.loc;
external-interface ge-0/0/0.0;
version v2-only;
}
spoke
proposal ike_prop_autovpn {
authentication-method pre-shared-keys;
dh-group group14;
authentication-algorithm sha-256;
encryption-algorithm aes-256-cbc;
lifetime-seconds 86400;
}
policy ike_vpn_pol {
mode main;
proposals ike_vpn_proposal;
pre-shared-key ascii-text ## SECRET-DATA
}
gateway gw_toJuniperHUB {
ike-policy ike_pol_autovpn;
address HUB_IP;
local-identity hostname spoke1.example.loc;
remote-identity hostname hub.example.loc;
external-interface ge-0/0/0.0;
version v2-only;
}
I have a deadline and wont finish the open learning in time. Anyone have any "advice" to ensure I get a passing score to take the exam at a discounted price???
Hi All. I've just started tinkering with the mist api via postman.
Has anyone come up with a query to determine the current location of a wireless device?
I don't necessarily need the map view, I'm just looking to find the current AP(s) that the username is connected to, but I'm not sure how to get that yet.
I'm looking to use this as part of an automated workflow.
Thanks
Trying to help some colleagues here so I'm short on detail so apologies but hoping there may be something we're all missing.
The TL;DR is we have a mix of older EX2200 and EX2300 we want to connect to an EX4650 and we simply cannot consistently get 1Gbe SFPs to give a link.
Connecting the EX4650 to EX2200s seems OK with the same SFPs.
We've tested with Juniper SFPs and compatibles and the link consistently comes up between the EX4650 and the EX2200 but not the EX4650 and the EX2300.
We've tried all the way up to the latest recommended Junos 23 release.
The PIC groups are set to 1GbE and the links work with the EX2200 which suggests to us the EX4650 is not the issue.
We can loop a couple of 1GbE SFPs together on an isolated EX2300 and the link lights up so we're just completely confused.
We are waiting on TAC but has anyone seen anything similar please?