On J6350 Services Routers handling more
than 1000 simultaneous MGCP calls, the success rate for all MGCP ALG
calls is approximately 95 percent. [PR/254297]
JUNOS software with enhanced services does not
have an option for setting default values for Sun RPC and Microsoft
RPC applications. As a workaround, you can define a security policy
that specifies a Sun RPC or Microsoft RPC application with the value any for the source address, destination address, and application
name. [PR/256971]
Authentication
During user authentication, the firewall
authentication table in the output of the security firewall-authentication
users command displays multiple failures even though the network
table in the output of show network-access requests statistics shows successful authentications. [PR/250780]
Your attempt to log in to the router from
a management device through FTP or Telnet might fail if you type your
username and password in quick succession before the prompt is displayed,
in some operating systems. As a workaround, type your username and
password after getting the prompts. [PR/255024]
Chassis Cluster
In a chassis cluster, the show interface
terse command on the secondary routing engine does not display
the same details as that of the primary routing engine. [PR/237982]
Because the clear security alg sip
call command triggers a SIP RTO to synchronize sessions in a
chassis cluster, use of the command on one node with the node-id, local, or primary option might result in a SIP
call being removed from both nodes. [PR/263976]
When a new redundancy group is added to
a chassis cluster, the node with lower priority might be elected as
primary when the preempt option is not enabled for the nodes
in the redundancy group. [PR/265340]
In a chassis cluster, if you manually
fail over redundant groups to move the system from active-passive
mode to active-active mode during an active call, a subsequent call
transfer involving the endpoints of the existing call might fail.
[PR/265598]
When you commit a configuration for a
node belonging to a chassis cluster, all the redundancy groups might
fail over to node 0. If graceful protocol restart is not configured,
the failover can destabilize routing protocol adjacencies and disrupt
traffic forwarding. To allow the commit operation to take place without
causing a failover, we recommend that you use the set chassis
cluster heartbeat-threshold 5 command on the cluster. [PR/265801]
In a chassis cluster, Layer 2 switching
does not work for 4-Port Fast Ethernet ePIMs, 8-Port Gigabit Ethernet
uPIMS, and 16-Port Gigabit Ethernet uPIMs. [PR/266857]
In a chassis cluster, if a forwarding
process restart or system reboot triggers a cold synchronization during
an active SIP call, the call might stay in both routing nodes even
after the endpoints hang up. As a work around, use the clear security
alg sip call command to clear the call. [PR/267696]
In a chassis cluster, a high load of SIP
ALG traffic might result in some call leaks in active resource manager
groups and gates on the backup router. [PR/268613]
A chassis cluster using Web authentication
might display an “invalid username-password” message even
though the user is successfully authenticated locally or through authentication
servers. To verify user authentication success, use the show security
firewall-authentication users command. [PR/274077]
In a chassis cluster, CA certificate enrollment from the
secondary Routing Engine does not work. As a workaround, enroll the
CA certificate from the primary Routing Engine. [PR/278420]
In a chassis cluster, J-Web does not enable you to configure
the address book. We recommend that you use the command-line interface
(CLI) to configure the address book. [PR/281986]
Class of Service
J4350 and J6350 Services
Routers might not have the requisite data buffers needed to meet expected
delay-bandwidth requirements. Lack of data buffers might degrade CoS
performance with smaller-sized (500 bytes or less) packets. [PR/73054]
With a CoS configuration, when you try
to delete all the flow sessions using the clear security flow
session command, the WX application acceleration platform may
fail over with heavy traffic. [PR/273843]
In J2350 Services Routers, the CoS does not work when
the data sent to the egress GE interface is more than 100 MB. [PR/281367]
Flow
Firewall filter counters for ingress (inbound)
and egress (outbound) forwarding table filters (FTFs) do not work
for IPv4. [PR/97230]
OSPF over GRE over IPSec does not work.
[PR/105279]
In JUNOS software with enhanced services,
the TTL value on the Internet control message protocol (ICMP) responses
is set to 65. [PR/233844]
Even when forwarding options are set to
drop packets for the ISO protocol family, the router forms End System-to-Intermediate
System (ES-IS) adjacencies and transmits packets because ES-IS packets
are Layer 2 terminating packets. [PR/252957]
OSPF over a multipoint interface connected as a hub-and-spoke
network does not restart when a new path is found to the same destination.
[PR/280771]
On J-series Services Routers, outbound
filters will be applied twice for host-generated IPv4 traffic. [PR/301199]
Infrastructure
On J-series Services Routers,
you cannot use a USB device that provides U3 features (such as the
U3 Titanium device from SanDisk Corporation) as the media device during
system boot. You must remove the U3 support before using the device
as a boot medium. For the U3 Titanium device, you can use the U3 Launchpad
Removal Tool on a Windows-based system to remove the U3 features.
The tool is available for download at http://www.sandisk.com/Retail/Default.aspx?CatID=1415. (To restore the U3 features, use the U3 Launchpad Installer Tool
accessible at http://www.sandisk.com/Retail/Default.aspx?CatID=1411). [PR/102645]
If the router does not have an ARP entry
for an IP address, it drops the first packet from itself to that IP
address. [PR/233867]
On J2320, J2350,
J4350, and J6350 Services Routers, when you press the F10 key to save
and exit from BIOS configuration mode, the operation might not work
as expected. As a workaround, use the Save and Exit option
from the Exit menu. This issue can be seen on the J4350 and
J6350 routers with BIOS Version 080011 and on the J2320 and J2350
routers with BIOS Version 080012. [PR/237721]
On J2320, J2350,
J4350, and J6350 Services Routers, the Clear NVRAM option in
the BIOS configuration mode does not work as expected. This issue
can be seen on the J4350 and J6350 routers with BIOS Version 080011
and on the J2320 and J2350 routers with BIOS Version 080012. To help
mitigate this issue, note any changes you make to the BIOS configuration
so that you can revert to the default BIOS configuration as needed.
[PR/237722]
If you enable security trace options,
the log file might not be created in the default location at /var/log/security-trace. As a workaround, manually set the log file to the directory /var/log/security-trace. [PR/254563]
Interfaces and Chassis
The link status of the onboard Gigabit
Ethernet interfaces (ge-0/0/0 through ge-0/0/3)
or the 1-port Gigabit Ethernet ePIM interface on J4350 and J6350 Services Routers
fails when you configure these interfaces in loopback mode. [PR/72381]
If the MTU is set to more
than 6 KB for a built-in Gigabit Ethernet port or a 1-port Gigabit
Ethernet ePIM, packets might be discarded with an FCS error. [PR/82245]
For policy-based IPsec VPNs, you cannot
configure proxy-id. The proxy-id field is supported
for only route-based IPsec VPNs. [PR/296468]
Routing
Asymmetric routing, such as tracing
a route to a destination behind J-series routers running JUNOS software
with enhanced services with Virtual Router Redundancy Protocol (VRRP),
does not work. [PR/237589]
System
The ping status of the generic routing interfaces (gr-x/y/x)
connection established through ISDN simulator fails. As a workaround,
deactivate and reactivate the generic routing interfaces. [PR/282588]
WXC Integrated Services Module
When two J-series routers with WXC Integrated Services Modules
(ISM 200s) installed are configured as peers, traceroute fails if redirect-wx is configured on both peers. [PR/227958]
JUNOS software with enhanced services
does not support policy-based VPN with WXC Integrated Services Modules
(ISM200s). [PR/281822]
