Cisco APIC-EM vs Juniper???

HiI discussed with customer about campus solution. Competitor is cisco and they proposed APIC-EM controller worked with catalyst 9xxx series.What is solution should be approach to customer in order to highlighted on SDN within campus such as workflow automation, policies automation like APIC-EM do

Does junos-srxsme-12.3X48-D75.4 support SRX210?

junos-srxsme-12.3X48-D75.4 supports SRX220, does it also support SRX210?


Is there an option to clamp the TCP MSS for PPPoE subs on an MX104?  I see that there is a tcp-mss option under 'family inet' of the dynamic-profile. Will this clamp MSS?  I can't find much information regarding that option in a dynamic-profile.   Running version  17.3R3-S2.2.   Thanks.

qfx 5200 MC LAG configs

THes are in our lab right now, trying to set this up, however fingin conlficing info, and the MX stuff is all mixed in or its for the qfx-10K    the ICCP link - sync traffic only correct ? does this have to be a 100Gb port? can it be on the em0 mgmt port ? (does it mater we have the 18.1x code and are using the mgmt routing instance?) i hate to waste 2x 100G ports for this    ICL - how large does this need to be? 2x 100GB ports? 3 ports ?    bestpractice on the MX s

Juniper Route-based VPN to Cisco Policy-based VPN

Hi All,   Quick question.. Has anyone successfully set up a reliable VPN between a Juniper SRX using IKEv2 (route-based as only that is supported) to a Cisco running IKEv2 policy-based VPN?.... Any issues to expect with this??   Thanks in Advance...

QFX5100 48T - Configure QSFP slot for QSFP-SR4 optics

Hi all,   We are trying to use the QSFP ports on our QFX5100s.  We are wanting to use a full 40GE interface by using an SR4 optic to uplink to our MX core router.  The MX picked up the optics and show them as et interfaces, but the QFX is not picking them up.   When I try to configure them, all I can get is to the channelized 10G, but no options for 40.   The optics do not register in the "show chassis hardware" and I am not sure how to declare those ports as 40Ge.

vSRX Installation

Hi,   Is there any documentation anywhere (like the Day One vMX), on how to install and configure a vSRX on the same Ubuntu Server as the vMX?   Thanks

vMX - Junos 18.2 - Radius - without Accounting-Response

Is it possible to configure radius accounting on Junos 18.2 in a such a way that it would not expect Accounting-Response after Accounting-Request sent to application?Scenario:- Junos sending Radius Accounting-Requests (with all necessary attributes) to application over port 1813/UDP- Junos will not try to retransmit accounting messages when no resposne is recevied from the server.I have tried to set config like this: radius-server { ... retry 1; timeout 1; accounting-retry 0; accounting-tim

Smallest configuartion needed for the master logical system

Hi All,   What is the smallest configuration needed for the master logical system? Could I just create a master security profile for it and the master admin? No physical port/ interface/VR/zone/policy/routing configuration.   Thanks! BR/ Claire

S and D NAT with Policy Based VPN

Hello,   We have a policy based VPN between two of our locations and I can't get them to talk. The issue this that they share the same subnet and I had to do S and D NAT. The IKE comes up but IPSEC shows 0 tunnels. I know that if I switch to route based  VPN my problem will go away, but management insists it to be policy based (don't ask why I don't understand myself).  Configuration is below    DC-Site   proposal LAS-IKE-Preposal { authentication-method pre-shared

Anderson Frank: take the salary survey

Pseudowire-subscriber interface capabilities

Hi friends,   Have any bottleneck in the number of pppoe subscribers when I use pseudowire-subscriber ( ? For example, MX204 can support around 32K pppoe subscribers. This number decreases if I configure pseudowire-subscriber? Thanks!

SRX320 Source route with DHCP enable (Issue)

Hi All,   Previously, one of our branch office is deployed source routing with DHCP and the DHCP subnet exits on ISP2. Right now, I'm doing the same thing on other site but facing some issue.   ISP1  <> ge-0/0/2    FW  <>  irb0     ISP2  <> ge-0/0/5            <>  ge-0/0/4   After deployed the whole set

FW OM should be in master logical-system or not

Hi All,   Now I am spliting the configuration of SRX5800 cluster into one master and one user logical system. To avoid using interconnect logical system, customer wants me to allocate the existing OM-VR and its zone/policy/route into the user logical system. But I found this way that even the connection/policy from OSS/NTP/SNMP to FW own OM address will be in the user logical system. Is this ok, or the FW OM must be in the master logical-system?       

Enable voip on just ports with phones or every port?

Our edge closets have stacks of EX4200 switches. These switches have printers, desktop computers, WiFi access points, security cameras, and HVAC equipment plugged into them. We have separate vlans/subnets to carry these different types of traffic.   We are installing a new IP phone system and will be using LLDP-MED to distinguish phone traffic from data traffic since phones will be daisy chained with either printers or desktop computers. I can enable voip on a port by port basis using these

Spanning Tree config with Routing Instances?

I have VSTP confiured on a EX4600 that has multiple routing instances.  I have VSTP configrued at what I assume is the global switch level (ie "edit protocols vstp") and it appears to be working fine.  However, I have just noticed that there is also the capability to configure spanning tree within routing instances by using "edit routing-instance <instance name> protocols vstp".   What is the difference between configuring STP at the global switch level vs configuring within

Using routing instances

I have SRX240 which is connected to Two ISP's on Eth0/0(Auntrust) and Eth15/0(Buntrust) with their separate zones. Two local-lan subnets( & Now i want that traffic should exit from their respective Untrust interface.   Config is like :   set interfaces vlan unit 0 family inet address interfaces vlan unit 1 family inet address set routing-options static route next-hop pp0.0set routing-opt

fpc 0 and LNS

Hi,   Many apologies for disturbing you guys again with another issue......   As I require to configure 1 of the vMX as an LNS I need to configure certain attributes on fpc 0.   The problem I have discovered is that I am running "lite-mode" and the config for this is:   set chassis fpc 0 lite-mode   This is great as all the ge interfaces come up as expected.   However, once I set any other piece of config on fpc 0, like, tunnel-services bandwidth or inline

802.1x et Wake on Lan

Has somebody a working solution for the following problem.Our administrator uses System center configuration manager (1810) with Wake on Lan for software deployment.on our Ex we use dynamic vlan assignment with mac Radius, so when a workstation has been powered's placed in the 'default' vlan.There is no RVI for which I can configure IP directed broadcast.And the magic packet never arrive to the Pcotherwise when all switch port (Server sending Wol and PC to wake) are in the same vlan it

LNS - si interface

Hi all,   On a physical box, we can get the si interface from the "show chassis hardware command" and this tends to run inline with the physical interface details... so, for example, physical link from LNS to LAC = xe-1/0/0 and the si interface is si-1/0/0.....   If I want to replicate our LNS services on a vMX, how would I go about getting the si interface?

