Outstanding and Resolved Issues in JUNOS Release 9.3 for EX-series
Switches
Outstanding issues in the
JUNOS Release 9.3R4 software for EX-series switches are described
on the following pages. They also list the issues that have been resolved
since JUNOS Release 9.2R1.
Upgrading from JUNOS Release 9.2 to Release 9.3 for EX-series
Switches
Starting with JUNOS Release 9.3 for EX-series switches, during
the upgrade process the switch performs reference checks on VLANs
and interfaces in the 802.1X configuration stanza. If there are references
in the 802.1X stanza to names or tags of VLANs that are not currently
configured on the switch or to interfaces that are not configured
or do not belong to the ethernet-switching family, the upgrade
will fail. In addition, static MAC addresses on single-supplicant
mode interfaces are not supported.
Caution:
If your Release 9.2 configuration includes any of the following
conditions, revise the configuration before upgrading to Release 9.3.
If you do not take these actions, the upgrade will fail:
Ensure that all VLAN names and tags in the 802.1X configuration
stanza are configured on the switch and that all interfaces are configured
on the switch and assigned to the ethernet-switching family.
If the VLAN or the interface are not configured, the commit will fail.
Remove static MAC addresses on single-supplicant mode
interfaces.
In an 802.1X configuration stanza, if authentication-profile-name does not exist and you try to commit the configuration, the commit
will fail.
In an 802.1X configuration stanza, broadcast and multicast
MAC addresses are not allowed in a static MAC configuration.
Support for static MAC address bypass in single or single-secure
mode has been removed.
In an 802.1X configuration stanza, the switch will not
accept the option vrange as an assigned VLAN name.
Enabling 802.1X and the port mirroring feature on the
same interface is not supported. If you enable 802.1X and the port
mirroring feature on the same interface and then attempt to commit
the configuration, the commit will fail.
In an 802.1X configuration stanza, if the VLAN name or
tag specified under dot1x authenticator static does not exist
and you try to commit the configuration, the commit will fail.
Downgrading from JUNOS Release 9.3 to Release 9.2 for EX 4200
Switches
When a Virtual Chassis configuration is downgraded from JUNOS
Release 9.3 to Release 9.2 for EX-series switches, member switches
might not retain the mastership priorities that had been configured
previously. To restore the previously configured mastership priorities,
commit the configuration by issuing the commit command.
Resolved Issues
Access Control and Port Security
Occasionally, if you toggle the mode of an interface from access to trunk and then back to access, the
switch might not insert the static DHCP binding entries into the DHCP
snooping database. [PR/283444: This issue has been resolved.]
In multiple supplicant mode, sometimes when you move a
user who has been authenticated and logged in to a dynamic VLAN, even
after the user logs off, the output of show dot1x interface shows the user as authenticated. As a workaround, issue clear
dot1x interface to reset the interface. [PR/292850: This issue
has been resolved.]
When you configure a static MAC address for an interface
or delete the static MAC address configuration, traffic forwarding
does not occur. [PR/295898: This issue has been resolved.]
Occasionally, DHCP snooping over multiple routed VLAN
interfaces (RVIs) might fail. [PR/297479: This issue has been resolved.]
802.1X-authenticated clients configured using static MAC
addresses are not cleared from the show dot1x interface interface-name output even after the link is removed.
[PR/302378: This issue has been resolved.]
After you successfully authenticate a user in multiple-supplicant
mode with dynamic VLAN movement and then issue the show vlans command, the interface might not appear in the command output. [PR/304936:
This issue has been resolved.]
On EX-series switches, if you configure 802.1X and enable
MAC-based VLANs and dynamic firewall filters, then after you restart
802.1X, MAC-based VLANs and dynamic firewall filters might not work
as expected. [PR/305097: This issue has been resolved.]
Beginning with JUNOS Release 9.3R2 for EX-series switches,
untagged packets, BPDUs (such as in LACP and STP), and priority tagged
packets are processed on logical interface 0 and not on logical interface
32767. In addition, if you have not configured any untagged interfaces,
the switch creates a default logical interface 0. Logical interface
32767 no longer exists. As a result, you cannot configure a tagged
interface on unit 0, and you can configure an untagged interface on
unit 0 only. [PR/305338: This issue has been resolved.]
In some cases, untrusted ports forward DHCP Request/Discover
packets that contain option 82 information instead of discarding them.
[PR/308678: This issue has been resolved.]
When the switch detects an invalid MAC address on a port
configured for a specific MAC address, the switch does not log this
event to the system messages logs. [PR/401294: This issue has been
resolved.]
Bridging, VLANs, and Spanning Trees
When you configure VRRP on EX-series switches without
specifying accept-data in the configuration and a VRRP failover
occurs, traffic might be lost for about 5 minutes. As a workaround,
issue the clear ethernet-switching table command on the new
VRRP master. [PR/271012: This issue has been resolved.]
When frames are switched from access to trunk interfaces
(that is, when incoming frames are not tagged), the priority bits
in the 802.1Q header are set to 1 by default. [PR/273079:
This issue has been resolved.]
802.1X is not supported on private VLANs (PVLANs). [PR/294406:
This issue has been resolved.]
EX-series switches allow enabling of loop protection on
interfaces that have root protection enabled. [PR/297433: This issue
has been resolved.]
Occasionally after PVLAN membership of an isolated port
has been changed to a different VLAN, replicated MAC addresses are
shown as being static. As a workaround, restart the Ethernet switching
process (eswd). [PR/306633: This issue has been resolved.]
Class of Service
A LAG interface configured with a custom classifier using
the wildcard option is bound to a different classifier when the classifier
type is applied to a single interface. [PR/293795: This issue has
been resolved.]
If a Virtual Chassis configuration splits and you try
to load the factory-default configuration on the individual switches,
the CoS process (cosd) might consume a large percentage of
CPU activity. As a workaround, restart the CoS process. [PR/305883:
This issue has been resolved.]
Infrastructure
EX-series switches do not support interface statistics
for VLAN interfaces. [PR/264501: This issue has been resolved.]
IS-IS is not supported over routed VLAN interfaces (RVIs).
[PR/269391: This issue has been resolved.]
If you modify the configuration to change the system hostname,
the name might not change when you commit the configuration. As a
workaround, exit from the terminal session to the switch after you
have activated the configuration, then log in again. [PR/272903: This
issue has been resolved.]
In some cases, you might not be able to disable interfaces
that belong to a particular Multiple Spanning Tree Instance (MSTI).
[PR/284912: This issue has been resolved.]
Occasionally in a Virtual Chassis configuration, after
a member switch becomes the master switch, you might see a license
error message. If you see this error message, remove the license from
the original master switch using the request system license delete license-identifier command. [PR/285799: This issue
has been resolved.]
The port security and 802.1X features are not supported
with private VLANs (PVLANs) and Q-in-Q tunneling. [PR/299184: This
issue has been resolved.]
In some cases, loopback filters are being applied to all
traffic instead of to Layer 3 traffic only. [PR/311549: This issue
has been resolved.]
Occasionally, when you create a VLAN using the vlan-range configuration statement, the unknown unicast forwarding interface
cannot be created using the VLAN ID. As a workaround, do not use the vlan-range configuration statement when you create the VLAN.
[PR/312364: This issue has been resolved.]
On an EX-series switch running an automatic CoS configuration,
if a switchover occurs more than two times, the switch might stop
classifying packets. [PR/313538: This issue has been resolved.]
When you issue the show interfaces command, the
command output might display incorrect values for IPv6 interface statistics.
[PR/396656: This issue has been resolved.]
When you upgrade from software Release 9.0 to Release
9.3 in a Virtual Chassis configuration using a preprovisioned topology,
after the upgrade you must change the pre-provisioned statement
to preprovisioned in the preprovisioned configuration file.
[PR/386468: This issue has been resolved.]
If you configure a link aggregation group (LAG) interface
as a native VLAN, when you restart the EX-series switch, device packets
might not be forwarded. As a workaround, delete and reconfigure the
LAG (aex) interface. [PR/393895: This
issue has been resolved.]
If you enable or disable a spanning-tree protocol, the
switch might not generate STP-related traps. [PR/397999: This issue
has been resolved.]
The dot1qPortVlanTable object is not indexed
by dot1dBasePort as stated in the MIB definition, and the
values are not those of the VLAN IDs on the switch. [PR/398389: This
issue has been resolved.]
If you configure an IP address on an interface and then
configure a Virtual Router Redundancy Protocol (VRRP) group whose
virtual IP address is the same as the IP address of that interface,
and if you then delete the VRRP group, the interface might continue
to use the virtual MAC address even after the VRRP group has been
deleted. [PR/398650: This issue has been resolved.]
Interfaces
Chassis alarms do not work on the management Ethernet
interface. [PR/254483: This issue has been resolved.]
Layer 2 Protocols
IGMP snooping can process approximately only 100 IGMP
leaves per second. [PR/296545: This issue has been resolved.]
Multicast packets flood on the trunk ports until an IGMP
report is received. [PR/312990: This issue has been resolved.]
Layer 3 Protocols
In some cases, if you issue the show igmp-snooping
membership detail command after a membership timeout on a port,
the command output shows -1 in the Receiver count field. [PR/267781: This issue has been resolved.]
After you issue the clear igmp-snooping static command, the invalid counter and the timeout counter
might not be cleared. [PR/286495: This issue has been resolved.]
In some cases when IGMP snooping is configured, if you
change the community VLAN membership of a PVLAN, all multicast traffic
is flooded. [PR/309602: This issue has been resolved.]
When IGMP snooping has been enabled on all VLANs, multicast
traffic is not flooded on a VLAN that has been enabled for Q-in-Q
tunneling. [PR/393082: This issue has been resolved.]
Virtual Chassis
When the dates on the members of a Virtual Chassis are
not synchronized, a member switch or backup forwarding process (pfem) might not be able to connect to the master. [PR/278784:
This issue has been resolved.]
When two EX 4200 switches are interconnected using the
two 10-gigabit uplink module ports configured as Virtual Chassis ports
(VCPs) to form a Virtual Chassis, the show virtual-chassis status command output shows one of the VCPs only. This problem does not
affect the functioning of the Virtual Chassis. [PR/296511: This issue
has been resolved.]
When the Virtual Chassis port (VCP) of one of the member
switches in a 10-member Virtual Chassis is disabled, traffic loss
occurs for more than 60 seconds. [PR/298958: This issue has been resolved.]
Occasionally, when a Virtual Chassis configuration splits,
the Virtual Chassis configuration might not merge after you reboot
either some member switches or the entire Virtual Chassis. As a workaround,
reboot the Virtual Chassis member switches that had split. [PR/392679:
This issue has been resolved.]
In some cases after rebooting a member switch in a Virtual
Chassis configuration, the Virtual Chassis configuration might show
that some of its member switches are missing. [PR/397054: This issue
has been resolved.]
In a Virtual Chassis configuration, applying a family
inet firewall filter to the loopback (lo0) interface
might cause communication problems between the member switches of
the Virtual Chassis configuration. [PR/402722: This issue has been
resolved.]
Outstanding Issues
The following issues are outstanding in the JUNOS Release 9.3R4
software for EX-series switches. The identifier following the description
is the tracking number in our bug database.
Access Control and Port Security
When you have an interface with membership in a VoIP VLAN
and a guest VLAN and configured with 802.1X authentication, traffic
in the VoIP VLAN is forwarded even after authentication has failed
for the interface. [PR/292268]
On EX-series switches, if you configure the RADIUS revert-interval option, the switch does not attempt to reconnect
to the unreachable server after the revert interval has elapsed. [PR/304637]
If you configure an analyzer session, for port mirroring,
in which the output stanza is a VLAN, but you do not configure an
input stanza, the commit will fail. As a workaround, configure an
input stanza and then commit the configuration again. [PR/407559]
Bridging, VLANs, and Spanning Trees
In a Virtual Chassis configuration with BPDU control enabled,
if the Virtual Chassis undergoes a graceful Routing Engine switchover
(GRES), BPDU control functionality might not work properly. [PR/285726]
Infrastructure
The speed/duplex LED on the management Ethernet port sometimes
blinks even when no cable is connected. [PR/257290]
You cannot use the rollback rescue command to
revert to a rescue configuration. As a workaround, save a known good
configuration to a location from which you can reload it to your switch
if needed. [PR/275480]
If you press any key on the keyboard while the switch
is rebooting, the switch enters uboot mode instead of rebooting
and you see the uboot prompt (=>). If this occurs,
issue the boot command at the => prompt to continue
the reboot. [PR/280086]
After you upgrade or downgrade the software on an EX-series
switch (by using either the CLI or the J-Web interface), the Juniper
Web Device Manager might not function properly until you clear the
cache in your Web browser. [PR/286614]
The RADIUS request sent by an EX-series switch contains
both Extensible Authentication Protocol (EAP) Identity Response and
State attributes. [PR/300790]
In some cases on EX 8208 switches, OSPF, VRRP, and other
control packets generated by the local CPU are not properly tagged
as 802.1p packets. [PR/389276]
If you add a VLAN as the native VLAN on a trunk port that
already belongs to the same VLAN, then that port is displayed twice
in the output of the show vlan vlan-id command. [PR/432729]
When an Ethernet link goes down, the switch does not immediately
update the alarm status. [PR/443206[
When an EX-series switch is running the default system
logging (syslog) configuration and a routed VLAN interface
(RVI) with instances configured goes down and comes back up repeatedly,
the switch generates unwanted debug level messages (PFE TOPO and kernel RT_PFE). [PR/465852]
Layer 2 Protocols
In some cases, when you have a large number of VLANs and
interfaces configured, a configuration change might not immediately
take effect. [PR/390812]
Virtual Chassis
In some cases, after the backup switch in a two-member
Virtual Chassis configuration reboots, it assumes the role of master.
As a workaround, add the set virtual-chassis no-split-detection command to the configuration. [PR/434435]
