Limitations in JUNOS Release 10.2 for EX Series Switches

This section lists the limitations in JUNOS Release 10.2R4 for EX Series switches.

Access Control and Port Security

• When you have configured more than 1024 supplicants on a single interface, 802.1X authentication might not work as expected and the 802.1X process (dot1xd) might fail.
• The RADIUS request sent by an EX Series switch contains both Extensible Authentication Protocol (EAP) Identity Response and State attributes.
• When an external RADIUS server goes offline and comes back online after some time, subsequent captive portal authentication requests might fail until the authd daemon is restarted. As a workaround, you can configure the revert interval—the time after which to revert to the primary server—and restart the authd daemon.
• On EX2200, EX3200, and EX4200 switches, deleting a static MAC address entry from the Ethernet switching table does not change the authentication status for the interface in the 802.1X table with MAC RADIUS, and the interface remains authenticated.
• On EX Series switches, configuring 802.1X (dot1x) might generate a core file when VLANs are being configured.

Bridging, VLANs, and Spanning Trees

• There might be traffic loss on VLANs learned through MVRP during a graceful Routing Engine switchover (GRES) operation. After the GRES operation, there will be no traffic loss.
• On EX Series switches, configuring more than 64,000 MAC address clone routes in a single VLAN causes the Routing Engine to create core files and reboot.
• If you modify MSTP configuration and VLAN membership for an interface, that modification could result in inconsistent MSTP membership for that interface. As a workaround, restart the Ethernet switching process (eswd) after making these configuration changes.
• If you configure BPDU block functionality on all interfaces and then disable the spanning-tree protocol, the BPDU block functionality might not work.

Class of Service

• On EX8200 switches, classification of packets using ingress firewall filter rules with forwarding-class and loss-priority configurations does not rewrite the DSCP or 802.1p bits. Rewriting of packets is determined by the forwarding-class and loss-priority values set in the DSCP classifier applied on the interface.
• On EX4200 switches, the traffic is shaped at rates above 500 Kbps, even when the shaping rate configured is less than 500 Kbps. The minimum shaping rate is 500 Kbps.
• If you are configuring an interface as part of an aggregated Ethernet interface and also configuring CoS on that interface, do not commit both configurations using a single commit operation. Use separate commit operations to commit the two configurations.

Firewall Filters

• On EX3200 and EX4200 switches, when interface ranges or VLAN ranges are used in configuring firewall filters, egress firewall filter rules take more than 5 minutes to install.
• On EX3200 and EX4200 switches, IGMP packets are not matched by user-configured firewall filters.

Hardware

• On EX4500 switches, when you hot-remove an SFP+ transceiver and hot-insert an SFP-T transceiver in the same port, the following messages are logged in the system log at 30-second intervals:

  link 1 SFP receive power low  warning setlink 1 SFP receive power low  warning cleared

  These messages are harmless.

• After you have disabled an interface on an EX2200 switch, the LED is still lit on that interface.

Infrastructure

• If you configure interface parameters on an EX3200 or EX4200 switch running JUNOS Release 9.2 or Release 9.3 for EX Series switches and then attempt to upgrade to a later release or a later version of Release 9.3 than the one that is currently installed, the switch might display the following error message: init: interface-control is thrashing , not restarted. As a workaround, on the interfaces you had previously configured, configure no-auto-negotiation and set the link mode to full-duplex, then commit the revised configuration.
• On EX Series switches, an SNMP query fails when the SNMP index size of a table is greater than 128 bytes, because the Net SNMP tool does not support SNMP index sizes greater than 128 bytes.
• When you issue the request system power-off command, the switch halts instead of turning off power.
• In the J-Web interface, the Ethernet Switching monitoring page might not display monitoring details if there are more than 13,000 MAC entries on the switch.
• On EX8200 switches, if IS-IS is enabled on routed VLAN interfaces (RVIs), IS-IS adjacency states go down and come up after a graceful Routing Engine switchover (GRES).
• On EX8200 switches, when IGMP snooping is enabled on an interface, the IPv6 multicast Layer 2 control frame is not forwarded to other interfaces in the same VLAN.
• On EX Series switches, the JUNOS CLI does not auto-complete the options for allow-commands in the system login class configuration, when some regular expressions are used in the allow-commands configuration.
• Momentary loss of an inter-Routing Engine IPC message might trigger the alarm that displays the message Loss of communication with Backup RE. There is no functionality affected.
• On EX8200 switches, when a firewall filter is applied on the loopback (lo0) interface, the switch stops generating local ARP requests for transit traffic. As a workaround, you can do the following:
  • Create firewall filters to block known unwanted traffic to the Routing Engine, and then accept all other traffic.
  • Create firewall filters for specific hosts and all local subnets, and then discard all other traffic.
• On EX2200 switches, the Routing Engine shows 16,000 active routes, but only half of them are installed in the Packet Forwarding Engine.
• On EX8200 switches, after enabling graceful Routing Engine switchover (GRES), you might not be able to connect to the management interface on the backup Routing Engine using Telnet, and an existing Telnet session with the management interface on the backup Routing Engine might become inactive. [PR/520966]
• On EX4500 switches, the following message appears in the system log whenever the uplink modules are taken offline:

  fpc0 539:Port-STG-Set failed(Invalid Params:-2)

• When you issue a traceroute command for a nonexistent IP address, an EX Series switch that is the first hop from the source address might not respond.
• On EX4500 switches, the show chassis environment power-supply-unit command does not display values for the input voltage, the output voltage, and the output current.
• On EX8200 switches, packets with unregistered Layer 2 multicast MAC addresses are not dropped on interfaces that are in the STP blocked state, resulting in some traffic loops that might impact network performance.
• When you include wildcards in a routing policy filter that also includes Classless Interdomain Routing (CIDR) addresses or that maps IPv4 addresses to IPv6 addresses, the forwarding process (pfem) might stop operating.
• If a Routing Engine fails over to the backup Routing Engine, not all multicast groups that were active on the switch recover.
• On EX4200 switches, autonegotiation bypass, which allows a link in a Gigabit Ethernet SFP uplink port to begin operation even if autonegotiation on the link partner is disabled, fails to bring up the link.

Interfaces

• EX Series switches do not support queued packet counters. Therefore, the queued packet counter in the output of the show interfaces interface-name extensive command always displays a count of 0 and is never updated.
• The following message might appear in the system log:

  Resolve request came for an address matching on Wrong nh nh:355, type:Unicast...?

  You can ignore this message.

• On EX3200 and EX4200 switches, when port mirroring is configured on any interface, the mirrored packets leaving a tagged interface might contain an incorrect VLAN ID.
• On EX8200 switches, port mirroring configuration on a Layer 3 interface with the output configured to a VLAN is not supported.
• On EX8200 switches, when an egress VLAN that belongs to a routed VLAN interface (RVI) is configured as the input for a port mirroring analyzer, the analyzer incorrectly appends an 802.1Q (dot1q) header to the mirrored packets or does not mirror any packets at all. As a workaround, configure a port mirroring analyzer with each port of the VLAN as egress input.
• The following interface counters are not supported on routed VLAN interfaces (RVIs): local statistics, traffic statistics, and transit statistics.
• EX Series switches do not support IPv6 interface statistics. Therefore, all values in the output of the show snmp mib walk ipv6IfStatsTable command always display a count of 0.
• The show interfaces interface-name detail | extensive command might display double counting of packets or bytes for the transit statistics and traffic statistics counters. You can use the counter information displayed under the Physical interface section of the output.
• On EX8200 switches, the following message is logged frequently in the /var/log/mastership file:

  mcontrol_refresh_mastership: time 6

  These messages are harmless.

• On EX4500 switches, the show chassis lcd and show chassis led command outputs do not display the details of the uplink module ports and show all network ports as ge- interfaces even though some ports are 10-Gigabit Ethernet interfaces.

J-Web Interface

• In the J-Web interface, the autocompletion feature might not be disabled in the password field. As a workaround, disable the autocompletion feature in the browser.
• In the J-Web interface, when you use the point-and-click configuration editor to change the configuration and if you have made configuration changes simultaneously using the CLI, committing the configuration from the J-Web interface might fail.
• When you open a J-Web session using HTTPS, then enter a username and password and click on the Login button, the J-Web interface takes 20 seconds longer to launch and load the Dashboard page than it does if you use HTTP.

Layer 2 and Layer 3 Protocols

• On EX3200 and EX4200 switches, IPv6 ping is not supported for more than 64 virtual routing and forwarding (VRF) addresses.
• On EX Series switches, an OSPF bfd-liveness-detection timer must not be set to less than 1 second.
• On EX4200 switches, if you have configured a maximum transmission unit (MTU) value on a logical interface and the route information for an inactive route on the interface changes, traffic loss might occur for a few seconds.
• IGMP snooping is not supported on a VLAN that includes a routed VLAN interface (RVI) that is configured as part of a virtual routing instance.

Management and RMON

• On EX Series switches, the show snmp mib walk etherMIB does not display any output, even though the etherMIB is supported. This occurs because the values are not populated at the module level—they are populated at the table level only. You can issue show snmp mib walk dot3StatsTable, show snmp mib walk dot3PauseTable, and show snmp mib walk dot3ControlTable commands to display the output at the table level.
• sFlow technology might not work when you apply a firewall filter to the loopback (lo0) interface.

Virtual Chassis

• On EX4200 switches, the factory default configuration does not set the configuration required for preprovisioning for a Virtual Chassis, making the set system commit factory-settings reset-virtual-chassis-configuration command unavailable after the switch is reset to the factory default configuration. As a workaround, delete the junos.conf* files from the config directory and reset the switch to the factory default configuration.
• On an EX4200 Virtual Chassis, an automatic software update fails if you have configured preprovisioning or mastership priority.

Related Documentation

• New Features in JUNOS Release 10.2 for EX Series Switches
• Changes in Default Behavior and Syntax in JUNOS Release 10.2 for EX Series Switches
• Outstanding Issues in JUNOS Release 10.2 for EX Series Switches
• Resolved Issues in JUNOS Release 10.2 for EX Series Switches
• Errata in Documentation for JUNOS Release 10.2 for EX Series Switches
• Upgrade and Downgrade Issues for JUNOS Release 10.2 for EX Series Switches