Outstanding and Resolved Issues and Upgrade/Downgrade Issues in JUNOS Release 9.5 for EX-series Switches

Outstanding issues in the JUNOS Release 9.5R4 software for EX-series switches and issues regarding software upgrade or downgrade are described on the following pages. The pages also list the issues that have been resolved since the last JUNOS Release 9.4 release:

Outstanding Issues

The following are outstanding issues in the JUNOS Release 9.5R4 software for EX-series switches. The identifier following the description is the tracking number in our bug database.

Note: The following PRs that were previously included in the JUNOS Release 9.5 release notes as outstanding issues have been removed, because these issues are not present in JUNOS Release 9.5R4 for EX-series switches: 286600, 295588, 389276, 390812, 399331, 403842, 406032, 409321, 410947, 411660, 414110, 415772

Access Control and Port Security

• On EX-series switches, if you configure the RADIUS server revert-interval interval option, the switch does not attempt to reconnect to the unreachable server after the revert interval has elapsed. [PR/304637]
• On EX 8208 switches, the medium attachment unit (MAU) type field is empty in the Link Layer Discovery Protocol (LLDP) protocol data unit (PDU). [PR/392043]

Bridging, VLANs, and Spanning Trees

Class of Service

• Packets sent to the CPU are not supported for system log, log, or reject messages on EX-series switches. [PR/399664]

Hardware

• On 48-port SFP line cards used in EX 8208 switches, do not insert a transceiver into the first or last port on the bottom row (ports 1 and 47). Transceivers inserted in these ports are difficult to remove. As a workaround, you can remove the transceiver by using a small flathead screwdriver or other tool to lift the lock on the transceiver. [PR/423694]

Infrastructure

• The RADIUS request sent by an EX-series switch contains both Extensible Authentication Protocol (EAP) Identity Response and State attributes. [PR/300790]
• On EX 8208 switches, RIP version 1 does not work properly. [PR/394905]
• In the J-Web interface, you cannot commit some configuration changes in the Ports Configuration and VLAN Configuration pages because of the following limitations for port mirroring ports and port mirroring VLANs:
  • A port configured as the output port for an analyzer cannot be a member of any VLAN other than the default VLAN.
  • A VLAN configured to receive analyzer output can be associated with only one port.

  [PR/400814]

• After a redundant trunk group (RTG) interface switchover, MAC address aging does not stop, even though traffic is sent continuously and switched correctly. [PR/416739]
• Spanning-tree, GVRP, or IGMP snooping configuration windows might load slowly in the J-Web interface. Wait till the windows load completely before entering information, or some information might get lost. [PR/422523]
• In the J-Web interface on EX 8208 and EX 8216 switches, IPv6 is listed as an option in the Management Options page in the EZSetup wizard, but it is not supported. [PR/425959]
• In the J-Web interface, uploading a package might not work properly if you are using Internet Explorer version 7. [PR/424859]
• In the J-Web interface, the Ethernet Switching monitoring page might not display monitoring details if there are more than 13,000 MAC entries on the switch. [PR/425693]
• If an SRE module, RE module, SF module, line card, or Virtual Chassis member is in offline mode, the J-Web interface might not update the dashboard image accordingly. [PR/431441]
• In the J-Web interface, in the Port Security Configuration page, you are required to configure action when you configure MAC limit even though configuring an action value is not mandatory in the CLI. [PR/434836]
• In the J-Web interface, interfaces configured with no-flow-control might be displayed in the Link Aggregation Configuration page. [PR/437410]
• On routed VLAN interfaces (RVIs), the analyzer (port mirroring configuration) might incorrectly append an 802.1q (802.1Q) header to the packets being mirrored. As a workaround, you can configure an egress analyzer on each port of the egress VLAN. [PR/445393]
• If software forwarding process (sfid) usage is greater than 60 percent, there might be packet losses in packets originating from the Routing Engine. [PR/473753]

Interfaces

• When you use the show interfaces extensive command, the queued packet counter might not get updated and might display a value of 0. [PR/263527]
• On EX 8208 switches, after an interface is blocked by BPDU control, removing the BPDU control configuration does not unblock the interfaces. As a workaround, issue the clear ether bpdu-error command from the CLI. [PR/407020]
• On EX 8208 switches, if primary and backup interfaces for link protection are configured on a LAG interface (under the ether-options 802.3ad statement), packets might egress on the backup interface instead of on the primary interface when the line card is restarted or during Routing Engine switchover. As a workaround, remove and reapply the LAG configuration. [PR/409934]
• On EX 4200 switches, when port mirroring is configured on all interfaces, the mirrored packets leaving a tagged interface might contain an incorrect VLAN ID. [PR/431101]

Layer 3 Protocols

• On EX 8208 switches, if Layer 3 traffic is routed with static routes and static ARP and is egressing on a routed VLAN interface (RVI), Layer 3 traffic might be dropped after you delete all configurations and roll back the configuration. To recover the traffic, flap the egress physical interface. [PR/417024]

Virtual Chassis

• If a member whose MAC address is being used as a system MAC address of the Virtual Chassis goes offline, the mac-persistence-timer parameter determines how long the Virtual Chassis continues to use the member’s MAC address. When the timer expires, the system MAC address of the Virtual Chassis changes and there might be a traffic loss for some period of time until the neighbor switches update the ARP table. As a workaround, you can clear ARP on the neighbor switches so the ARP updates happen immediately. [PR/435084]

Resolved Issues

Access Control and Port Security

• When you have a port with membership in a VoIP VLAN and a guest VLAN and configured with 802.1X authentication, traffic in the VoIP VLAN is forwarded even after authentication has failed for the port. [PR/292268: This issue has been resolved.]
• On EX-series switches, the LLDP-MED voice solution might not work properly unless the VLAN name is configured as voice. As a workaround, configure the VLAN name as voice for LLDP-MED to propagate the VLAN ID to the phone properly. [PR/421741: This issue has been resolved.]
• Dynamic filters are not installed for all 802.1X clients authenticating with the same authentication credentials and are installed only for the first client. [PR/422919: This issue has been resolved.]

Bridging, VLANs, and Spanning Trees

• When frames are switched from access to trunk interfaces (that is, when incoming frames are not tagged), the priority bits in the 802.1Q header are set to 1 by default. [PR/273079: This issue has been resolved.]
• If you have configured VSTP on an aggregated Ethernet interface with LACP enabled, the initial port cost value is shown as 200000000. Deactivate and reactivate VSTP on the interface to set the port cost to the correct value (10000). [PR/412099: This issue has been resolved.]
• When the primary interface in a redundant trunk group (RTG) is disabled and then enabled, the ports in the RTG do not move into appropriate states. [PR/413089: This issue has been resolved.]
• When a VLAN is configured in the analyzer stanza with an invalid VLAN tag, the Ethernet switching process (eswd) will terminate abnormally. As a workaround, correct the VLAN index being referenced. [PR/421105: This issue has been resolved.]
• When a gratuitous ARP message is sent to the switch, the message is ignored by the routed VLAN interface (RVI) and the switch does not update the ARP table. [PR/426810: This issue has been resolved.]
• When the ethernet-switching-options secure-access-port part of the configuration is enabled along with VSTP, under a high traffic rate, the VSTP BPDUs are sent to the Routing Engine with an incorrect code that causes a blocking port to go into the Forwarding state, which results in a spanning-tree loop. [PR/468095: This issue has been resolved.]

Class of Service

• On EX 8208 switches, when link protection is enabled on a LAG interface, the scheduler map configured on the LAG interface will not be active after a graceful Routing Engine switchover (GRES) or after the class-of-service process (cosd) is restarted. As a workaround, remove and reapply the scheduler map on the LAG interface. [PR/415476: This issue has been resolved.]
• Interchanging routed VLAN interfaces (RVIs) between VLANs does not interchange classifiers. Restart the class-of-service process (cosd) to interchange classifiers and make the classification work properly. [PR/417236: This issue has been resolved.]
• On EX 8208 switches, when multiple forwarding classes are mapped to the same queue, the tail-drop counters for some queues might show an incorrect value. [PR/413673: This issue has been resolved.]

Firewall Filters

• Policers might be shared across interfaces that are part of the same Packet Forwarding Engine. If the same policer is applied to two interfaces on the same Packet Forwarding Engine, then the policer is shared. If the same policer is applied to two interfaces on different Packet Forwarding Engines, the policer is not shared and functions as two separate policers. [PR/405111: This issue has been resolved.]

Hardware

• On EX 8216 switches, a fan failure trap is not generated when the fans go into a failed state. [PR/413426: This issue has been resolved.]
• When an EX8216 switch power cycle completes, the Last reboot reason for the master and backup Routing Engines in the show chassis routing-engine command output might display incorrect values. [PR/415569: This issue has been resolved.]
• On EX 8216 switches, online insertion and removal of a Switch Fabric (SF) module is not supported. [PR/422276: This issue has been resolved.]
• Occasionally, on a switch with SFP FE-BX transceivers plugged into the uplink module, the I2C bus locks up and the uplink module is unusable after running traffic for a few hours. The system recovers after a reboot. [PR/430237: This issue has been resolved.]

Infrastructure

• If you reboot an EX 3200 or EX 4200 switch after you have configured the Power over Ethernet (PoE) guard-band value, the two ports that had been shut down because of their low priority become active again. They should have remained shut down. [PR/285262: This issue has been resolved.]
• In the J-Web interface, neither the Add window nor the Edit window in the Link Aggregation Configuration page displays the interfaces for which speed is configured explicitly. [PR/301532: This issue has been resolved.]
• On EX 8208 switches, a 48-port RJ-45 line card configured for fixed mode (no-auto-negotiation) does not disable interfaces when the two ends of the connection are configured with different speeds. [PR/307834: This issue has been resolved.]
• On EX 8208 switches, while commits of configuration changes under the interfaces stanza or routing-options stanza are in progress, VRRP advertisement does not occur for a short time. This can result in a change of VRRP mastership. [PR/310524: This issue has been resolved.]
• On EX 8208 switches, during chassis bootup, the system log might display the following messages:

  "RT-HAL,rt_entry_add_msg_check,1116:unknown vlan index 0"
  "RT-HAL,rt_msg_handler,407:route check failed"

  [PR/313185, PR/313187: This issue has been resolved.]

• On EX 8208 switches, occasionally the system log might display the following message when the switch is receiving simultaneous traffic:

  ex8200-re0 fpc7 Old expected RT_NH is NULL

  [PR/314377: This issue has been resolved.]

• In the Ports Configuration page in the J-Web interface, the default values displayed for Speed, Duplex, and Auto Negotiation for ports with SFP or XFP transceivers are incorrect. [PR/398858: This issue has been resolved.]
• On EX 8208 switches, after a graceful Routing Engine switchover (GRES), the first sample (show snmp rmon history output) shows incorrect statistics for broadcast and multicast packets. Correct statistics are displayed after the first sample. [PR/399317: This issue has been resolved.]
• When you have connected a management device to an EX 8208 switch using Telnet, issuing the show lacp statistics interfaces command might cause the CLI to stop responding. [PR/402393: This issue has been resolved.]
• On EX 8208 switches, the storm control configuration displays the default level for storm control as 80 percent of the link bandwidth although the actual default value and the maximum value for the storm control level is 50 percent of the link bandwidth. [PR/407540: This issue has been resolved.]
• If you configure a port mirroring session in which the output is set to a VLAN with the input not configured, the commit will fail. As a workaround, configure the input and then commit the configuration. [PR/407559: This issue has been resolved.]
• In the J-Web interface, when packets are being captured using Troubleshoot > Packet capture, the PHP process consumes more than 90 percent of the CPU cycles. [PR/411070: This issue has been resolved.]
• On EX 8208 switches in some topologies with multifeature scaling, multicast traffic to some groups might be dropped after multiple graceful Routing Engine switchovers (GRESs). [PR/412908: This issue has been resolved.]
• On EX 8208 switches, transitioning from a remote port mirroring configuration to a local port mirroring configuration or the reverse does not work properly. For example, if a remote port mirroring configuration transitions to a local port mirroring configuration, packets are mirrored as tagged packets. As a workaround, restart the line card. [PR/414122: This issue has been resolved.]
• On EX 8208 switches with GRES enabled, sometimes the state of the backup Routing Engine is shown as:

  Kernel database: Connection error, Initialize error.

  As a workaround, deactivate and reactivate GRES on the switch. [PR/413637: This issue has been resolved.]

• If the power supplied to an EX 8208 switch is insufficient, the behavior of the switch becomes nondeterministic and affects the operation of the switch. [PR/414718: This issue has been resolved.]
• On EX 8208 switches, the in-band management option is not supported in the EZSetup wizard. Use the out-of-band management option while using the EZSetup wizard for initial configuration. [PR/414960: This issue has been resolved.]
• On EX 8208 switches, in a scaled environment with a large number of routes and ARP entries, OSPF adjacency links might not come up while the switch is deleting ARP entries when there is data traffic through the interface. Stopping data traffic on the OSPF interface resolves this condition. [PR/414998: This issue has been resolved.]
• On EX 8208 switches, if port mirroring is configured with a link aggregation group (LAG) interface as the input interface, packets are not mirrored correctly after a graceful Routing Engine switchover (GRES). As a workaround, restart the line card. [PR/415213: This issue has been resolved.]
• On EX-series switches, the storm control command options no-broadcast and no-unknown-unicast do not have any effect. [PR/415542: This issue has been resolved.]
• On EX 8208 switches, the LCD displays FAN FAIL even though the fans are operational and running at normal speed. [PR/415756: This issue has been resolved.]
• Learned MAC address entries are not flushed when the interface mode changes for RTG interfaces. Clearing the Ethernet switching table resolves this problem. [PR/416103: This issue has been resolved.]
• On EX 8208 switches, after a graceful Routing Engine switchover (GRES), unicast routed traffic might egress as untagged packets or as packets with incorrect tag values. As a workaround, restart the egress line card. [PR/416358: This issue has been resolved.]
• When the MSTP topology changes in an extended VLAN topology, sometimes sessions such as those for VRRP, BFD, and upper protocols dependent upon BFD (such as PIM or OSPF) bounce briefly. [PR/416400: This issue has been resolved.]
• On EX 8208 switches, when you commit some firewall filter configurations, the following error might be displayed:

  internal error: database reference has invalid type - not a container

  [PR/416685: This issue has been resolved.]

• Traffic might not be forwarded correctly in a Q-in-Q VLAN if a customer VLAN is added and deleted. [PR/416817: This issue has been resolved.]
• In the J-Web interface, you cannot edit the Layer 2 Uplink port role without changing the group name of the redundant trunk group (RTG) on the Ports Configuration page. [PR/417174: This issue has been resolved.]
• An EX 4200 or EX 3200 switch with JUNOS Release 9.3R3 or earlier might experience an optical interface or Virtual Chassis interface transition resulting in a few milliseconds of traffic loss. [PR/418128: This issue has been resolved.]
• On EX 3200 and EX 4200 switches, if you configure more than one analyzer (port mirroring) session, an incorrect commit check error is displayed. As a workaround, configure only one analyzer session. [PR/428689: This issue has been resolved.]
• In the J-Web interface, when you use the port profiles in the Ports configuration window to configure RSTP while STP or MSTP is configured on the switch and is in a disabled state, an error message might be displayed and the port profile configuration might be prevented from being committed. As a workaround, delete the disabled STP or MSTP configuration from the switch. [PR/429615: This issue has been resolved.]
• In the J-Web interface, when you are editing interfaces through either the Add VLAN or Edit VLAN window in the IGMP Snooping Configuration page, the Edit interfaces section might not display interfaces details that have not yet been committed. [PR/432664: This issue has been resolved.]
• In the J-Web interface, the Redundant Trunk Group Add or Edit window might list all the trunk interfaces configured on the switch without verifying the interface information. If a Virtual Chassis member ID is changed or a line card is moved to a different slot, the previous interface details might also be listed. [PR/433427: This issue has been resolved.]
• In the J-Web interface, the Edit MSTI window in the Spanning Tree Configuration page might not display details of an uncommitted interface configuration. [PR/433506: This issue has been resolved.]
• If all interfaces is configured as analyzer (port mirroring configuration) input in the ingress or egress direction, the analyzer output interface might not be removed from the input list of interfaces, resulting in a mirroring loop. As a workaround, delete that particular analyzer configuration, commit the change and reconfigure the analyzer. [PR/436304: This issue has been resolved.]
• On EX 8200 series switches, when multiple analyzer (port mirroring configuration) sessions refer to a VLAN in the analyzer output stanza, the VLAN is created in the same commit cycle, and only the first analyzer will be functional in the system. As a workaround, you can restart the Ethernet switching process (eswd) after the commit. [PR/437098: This issue has been resolved.]
• In the J-Web interface, if a VLAN has been configured in the interfaces stanza an incorrect validation message might be displayed when you are specifying an interface for an MST instance. [PR/437448: This issue has been resolved.]
• In rare occurrences the hardware device routing table goes out of sync with the software routing table thereby resulting in packet drops. The device routing table is responsible for correct packet transfer between interfaces across Virtual Chassis members. [PR/439486: This issue has been resolved.]

Interfaces

• On EX 8208 switches with 48-port RJ-45 line cards, interface links might go down and come back up while you are adding the interfaces to an aggregated Ethernet interface. [PR/395936: This issue has been resolved.]
• On EX 8208 switches, sometimes the autonegotiation status on interfaces is shown as None, even though flow control is negotiated correctly, enabled, and functioning. [PR/302662: This issue has been resolved.]
• On EX 8208 switches, if an analyzer (a port mirroring configuration) is configured to mirror traffic on both ingress and egress interfaces, traffic loss is observed on the mirrored port. [PR/398182: This issue has been resolved.]
• On EX 8208 switches, when a Layer 3 subinterface and an RVI are next hops for a multicast group, modifying the subinterface configuration causes flooding in the VLAN until the IGMP snooping table is populated. [PR/403597: This issue has been resolved.]
• On EX 8208 switches, if autonegotiation is enabled on an interface, the interface might go down and come up again after a GRES. As a workaround, configure the speed as 1 gigabit and the duplex mode as full duplex. [PR/410816: This issue has been resolved.]
• On EX 8208 switches, multifield classifier (MFC)-based rewrites might not work. [PR/412106: This issue has been resolved.]
• On EX 3200 and EX 4200 switches, ping traffic does not always go through on an aggregated Ethernet interface. [PR/422148: This issue has been resolved.]
• On EX 8208 switches, if a Layer 3 LAG interface is configured with VLAN tagging, disabling one subinterface disables the aggregated Ethernet interface.

  As a workaround, do the following:

  1. Deactivate and activate the configuration.
  2. Delete and add the LAG interface again.
  3. Restart the respective line card.

  [PR/413110: This issue has been resolved.]

Layer 3 Protocols

• On EX 8208 switches, if you issue the clear pim join command multiple times in a short time, multicast traffic fails to recover. As a workaround, restart the line card. [PR/405899: This issue has been resolved.]
• On EX 8208 switches, after a graceful Routing Engine switchover (GRES), under certain circumstances, Layer 3 unicast traffic might egress with the wrong MAC address. As a workaround, issue the clear arp command to refresh the Address Resolution Protocol (ARP) entries. [PR/418325: This issue has been resolved.]

Virtual Chassis

• When the dates on the members of a Virtual Chassis are not synchronized, a member switch or backup forwarding process (pfem) might not be able to connect to the master. [PR/278784: This issue has been resolved.]

Upgrading or Downgrading from JUNOS Release 9.4R1 for EX-series Switches

The ARP aging time configuration in the system configuration stanza in JUNOS Release 9.4R1 is incompatible with the ARP aging time configuration in JUNOS Release 9.3R1 or earlier and JUNOS Release 9.4R2 or later. If you have configured system arp aging-timer aging-time on EX-series switches running JUNOS Release 9.4R1 and upgrade to JUNOS Release 9.4R2 or later or downgrade to JUNOS Release 9.3R1 or earlier, the switch will display configuration errors on booting up after the upgrade or downgrade. As a workaround, delete the arp aging-timer aging-time configuration in the system configuration stanza and reapply the configuration after you complete the upgrade or downgrade.

Upgrading from JUNOS Release 9.3R1 to Release 9.5 for EX-series Switches

If you are upgrading from JUNOS Release 9.3R1 and have voice over IP (VoIP) enabled on a private VLAN (PVLAN), you must remove this configuration before upgrading, to prevent upgrade problems. VoIP on PVLAN interfaces is not supported in releases later than JUNOS Release 9.3R1.

Upgrading from JUNOS Release 9.2 to Release 9.5 for EX-series Switches

For JUNOS Release 9.3 and later for EX-series switches, during the upgrade process, the switch performs reference checks on VLANs and interfaces in the 802.1X configuration stanza. If there are references in the 802.1X stanza to names or tags of VLANs that are not currently configured on the switch or to interfaces that are not configured or do not belong to the ethernet-switching family, the upgrade will fail. In addition, static MAC addresses on single-supplicant mode interfaces are not supported.

Caution: If your Release 9.2 configuration includes any of the following conditions, revise the configuration before upgrading to Release 9.5. If you do not take these actions, the upgrade will fail: Ensure that all VLAN names and tags in the 802.1X configuration stanza are configured on the switch and that all interfaces are configured on the switch and assigned to the ethernet-switching family. If the VLAN or the interface is not configured and you try to commit the configuration, the commit will fail. Remove static MAC addresses on single-supplicant mode interfaces. If they exist and you try to commit the configuration, the commit will fail. In an 802.1X configuration stanza, if authentication-profile-name does not exist and you try to commit the configuration, the commit will fail. In an 802.1X configuration stanza, broadcast and multicast MAC addresses are not allowed in a static MAC configuration. If they exist and you try to commit the configuration, the commit will fail. Support for static MAC address bypass in single or single-secure mode has been removed. If static MAC bypass in those modes exists and you try to commit the configuration, the commit will fail. In an 802.1X configuration stanza, the switch will not accept the option vrange as an assigned VLAN name. If it exists and you try to commit the configuration, the commit will fail. Enabling 802.1X and the port mirroring feature on the same interface is not supported. If you enable 802.1X and port mirroring on the same interface and then attempt to commit the configuration, the commit will fail. In an 802.1X configuration stanza, if the VLAN name or tag specified under dot1x authenticator static does not exist and you try to commit the configuration, the commit will fail. In the interfaces configuration stanza, if no-auto-negotiation is configured but speed and link duplex settings are not configured under ether-options and you try to commit the configuration, the commit will fail. If no-auto-negotiation is configured under ether-options, you must configure speed and link duplex settings. In the ethernet-switching-options configuration, if action is not configured for the number of MAC addresses allowed on the interface (under secure-access-port interface interface-name mac-limit in the CLI or in the Port Security Configuration page in the J-Web interface), you must configure an action for the MAC address limit before upgrading from Release 9.2 to Release 9.5. If it is not configured and you try to commit the configuration, the commit will fail. If you have configured a tagged interface on logical interface 0 (unit 0), configure a tagged interface on a logical interface other than unit 0 before upgrading from Release 9.2 to Release 9.5. If you have not done this and you try to commit the configuration, the commit will fail. Beginning with JUNOS software Release 9.3 for EX-series switches, untagged packets, BPDUs (such as in LACP and STP), and priority-tagged packets are processed on logical interface 0 and not on logical interface 32767. In addition, if you have not configured any untagged interfaces, the switch creates a default logical interface 0. On EX 4200 switches, if you have installed advanced licenses for features such as BGP, rename the /config/license directory to /config/.license_priv before upgrading from Release 9.2 to Release 9.3 or later. If the switch does not have a /config/license directory, create the /config/.license_priv directory manually before you upgrade. If you do not rename the /config/license directory or create the /config/.license_priv directory manually, the licenses installed will be deleted after you upgrade from Release 9.2 to Release 9.3 or later.

Downgrading from JUNOS Release 9.5 to Release 9.2 for EX 4200 Switches

When you downgrade a Virtual Chassis configuration from JUNOS Release 9.5 to JUNOS Release 9.2 for EX-series switches, member switches might not retain the mastership priorities that had been configured previously. To restore the previously configured mastership priorities, commit the configuration by issuing the commit command.

Related Topics

• New Features in JUNOS Software for EX-series Switches, Release 9.5
• Changes in Default Behavior and Syntax
• Errata in Documentation for JUNOS Software Release 9.5 for EX-series Switches