Hi Guys,
I'd like to know if I can create global address in a LSYS such as:
set logical-systems NAME_OF_LSYS security address-book global address xxx
Thanks
↧
Question abot logical-systems and address-book
↧
Re: hub and spoke VPN
1- NO
2- Yes, you just need to configure proxy-identity on the Route-based side to match the VPN security policy on the policy-based side.
↧
↧
Re: SRX300 usb serial console driver - which one?
This public link might also help:
https://kb.juniper.net/InfoCenter/index?page=content&id=KB31671&cat=&actp=LIST
Summary:
↧
Re: SRX300 usb serial console driver - which one?
PUTTY works perfectly.
The options I set are -
Connection type - Serial
Serial line - COM4
(you may need to use a different COM port)
Speed - 9600
Then I set up the console screen as I want it.
PUTTY is free.
It is working on a Win 10 PRO 64-bit laptop
↧
ICMP screen filling loogs from IPAM scans
RT_SCREEN_ICMP: Address sweep! source: 10.x.x.x, destination: 10.x.x.x zone name: Untrust, interface name: fe-0/0/4.0, action: alarm-without-drop
the source is our solarwinds box IPAM scanning the subents..
I have treid inscrese the time on the IPAM settings to slow it down I have also tried incresing the threshodl on the screen
is ther a way to white list this device for ICMP (you can with TCP)
please help !! thanks
↧
↧
Re: SRX240 cluster with LACP through a Cisco switch
you need to set to active and fast
set interfaces ae1 aggregated-ether-options lacp active
set interfaces ae1 aggregated-ether-options lacp periodic fast
we have a bunch of cisco and junos and I have never had this fail me.
I admit i have never tried it on a RETH but the above should fix you
example
show configuration interfaces ae1 | display set
Jun 07 12:16:09
set interfaces ae1 description "upplink to CORE VIA FEXs rack SA2&3"
set interfaces ae1 aggregated-ether-options minimum-links 1
set interfaces ae1 aggregated-ether-options link-speed 1g
set interfaces ae1 aggregated-ether-options lacp active
set interfaces ae1 aggregated-ether-options lacp periodic fast
set interfaces ae1 unit 0 family ethernet-switching port-mode trunk
set interfaces ae1 unit 0 family ethernet-switching vlan members all
set interfaces ae1 unit 0 family ethernet-switching native-vlan-id 2
set interfaces ae1 unit 0 family ethernet-switching filter output COS-Switch
{master:0}
> show lacp interfaces
Jun 07 12:18:18
Aggregated interface: ae1
LACP state: Role Exp Def Dist Col Syn Aggr Timeout Activity
ge-0/1/0 Actor No No Yes Yes Yes Yes Fast Active
ge-0/1/0 Partner No No Yes Yes Yes Yes Slow Active
ge-0/1/1 Actor No No Yes Yes Yes Yes Fast Active
ge-0/1/1 Partner No No Yes Yes Yes Yes Slow Active
LACP protocol: Receive State Transmit State Mux State
ge-0/1/0 Current Slow periodic Collecting distributing
ge-0/1/1 Current Slow periodic Collecting distributing
show lacp statistics interfaces ae1
Jun 07 12:20:57
Aggregated interface: ae1
LACP Statistics: LACP Rx LACP Tx Unknown Rx Illegal Rx
ge-0/1/0 586616 19727 0 0
ge-0/1/1 586613 19729 0 0
show lacp statistics interfaces ge-0/1/0
Jun 07 12:21:17
Aggregated interface: ae1
LACP Statistics: LACP Rx LACP Tx Unknown Rx Illegal Rx
ge-0/1/0 586636 19727 0 0
↧
Re: SRX240 cluster with LACP through a Cisco switch
whoop had my cisco side wrong for got the FAST but it worked still
we are in a nexus VPC config I can confirm this will work on a regular switch as well
show lacp interfaces
Jun 07 12:28:58
Aggregated interface: ae1
LACP state: Role Exp Def Dist Col Syn Aggr Timeout Activity
ge-0/1/0 Actor No No Yes Yes Yes Yes Fast Active
ge-0/1/0 Partner No No Yes Yes Yes Yes Fast Active
ge-0/1/1 Actor No No Yes Yes Yes Yes Fast Active
ge-0/1/1 Partner No No Yes Yes Yes Yes Fast Active
LACP protocol: Receive State Transmit State Mux State
ge-0/1/0 Current Fast periodic Collecting distributing
ge-0/1/1 Current Fast periodic Collecting distributing
interface Ethernet180/1/32
description vPC to SW
lacp rate fast
switchport mode trunk
switchport trunk allowed vlan 2,900
channel-group 832 mode active
hope this helps
↧
Group-VPN
i studied GVPN and i understood its concept but i haven't seen or worked in a place using GVPN either cisco or juniper ...
i want to know who use GVPN ?? is it used by serivce provider or by enterprises such as bank and its branchs
-Does it used by service provider to secure its MPLS network or its used by enterprise to secure its traffics when it pass through the SP networ ????
↧
Re: web-management port
Worked. Thanks...
Now my last question:
My web-management-url is set "admin".. how do I use this?
my internal IP is 10.196.24.1, so if I put 10.196.24.1/admin is should open the web management?
if yes its not working.
I am using the 8081 port.
Kind regards.
↧
↧
Re: web-management port
Yes, the custom url comes after the ip address. But in your case you also have a custom port which would be added.
10.196.24.1:8081/admin
↧
Re: ICMP screen filling loogs from IPAM scans
I don't see any whitelist options for ICMP either.
↧
Re: Group-VPN
Juniper ADVPN and Cisco DVPN are used generally by large enterprises with a number of remote sites connecting using IPSEC VPN over the internet to a VPN conncentrator at the central site.
These technologies provide a simplicfication of deploy configuration for the large remote site and a measure of automation on the connection and routing that needs to occur for the enterprise WAN.
This free book: Day One: ADVPN Design & Implementation may be of interest.
http://forums.juniper.net/t5/Day-One-Books/Day-One-ADVPN-Design-And-Implementation/ba-p/281108
↧
Re: Group-VPN
One of advantages of Group VPN: Maintains network intelligence such as full-mesh connectivity, natural routing path, and quality of service (QoS) in MPLS networks.
Don't know the market, but from my perspective, the most suitable scenario is an enterprises with full mesh connectivity.
Don't think SP need a VPN because SP has dedicated line.
Only expresses individual viewpoint, only supplies the references.
↧
↧
Re: ICMP screen filling loogs from IPAM scans
Hi
The only option is to put a firewall filter matching the ICMP and send as packet mode.
↧
DHCP option 121. how to specify /16 mask?
Hello,
I'm trying to distribute addition route to dhcp clients using dhcp 121 option and this KB
https://kb.juniper.net/InfoCenter/index?page=content&id=KB26862
set system services dhcp option 121 array ip-address 24.172.16.0
set system services dhcp option 121 array ip-address 192.168.55.1
works as expected - clients getting 172.16.0.0/24 next-hop 192.168.55.1 route
but
set system services dhcp option 121 array ip-address 16.172.16.0
set system services dhcp option 121 array ip-address 192.168.55.1
doesn't work and clients getting some mess.
how to specify / mask?
additional question: no option 249?
↧
Re: DHCP option 121. how to specify /16 mask?
You should try:
set system services dhcp option 121 array ip-address 16.0.172.16
set system services dhcp option 121 array ip-address 192.168.55.1
↧
Re: DHCP option 121. how to specify /16 mask?
bloody mess =)
see attached netmon
↧
↧
Re: DHCP option 121. how to specify /16 mask?
There you go:
set system services dhcp option 121 array ip-address 16.172.16.192
set system services dhcp option 121 array ip-address 168.55.1.0
↧
Re: DHCP option 121. how to specify /16 mask?
nope =)
I've already tried to play a "guess who" game.
↧
Re: DHCP option 121. how to specify /16 mask?
What about this :
set system services dhcp option 121 array integer [16 172 16 192 168 55 1]
↧