Errata

This section lists outstanding issues with the documentation.

Software Installation and Upgrade

The JUNOS Software Installation and Upgrade Guide for Release 9.1 was revised in two locations regarding more information about how to upgrade from JUNOS Release 5.x or later to JUNOS Release 7.x or later. The changes are as follows:
- Documentation previous to Release 9.1: For more information about how to upgrade from Release 5.x or later to 7.x or later, see the Knowledge Base Asset # 24602 on the Juniper Networks Support Web site at http://www.juniper.net/support.
- Beginning with Release 9.1 documentation: For more information about how to upgrade from Release 5.x or later to 7.x or later, see the Juniper Networks Support Knowledge Base article http://kb.juniper.net/KB11295.
Note: The target link and the name of the Knowledge Base were both changed.

Platform and Infrastructure

Whenever you configure allow-fragmentation on a GRE tunnel, you must also include either the tunnel key or the clear-dont-fragment-bit statement. This configuration enables the router to send affected packets to the PIC so that the correct IP header can be placed in the fragments. Otherwise, on the reassembly side some packets might be lost when fragments arrive in the PIC out of sequence at high speeds. [Services Interfaces]
The documentation incorrectly states the following: “The JUNOS software saves the current core file (0) and the four previous core files, which are numbered 1 through 4 (from newest to oldest).” In reality, in the output of the show system core-dumps command after five or more core files are generated, the .0 file is the oldest while the .4 file is the newest and is overwritten each time a new core file is generated. [System Basics]

The following note is omitted from the section titled “Requirements for Routers with a Backup Router Configuration” in Chapter 6 of the High Availability Configuration Guide.

Note: If you have a backup router configuration in which multiple static routes point to a gateway from fxp0, you must configure prefixes that are more specific than the static routes or include the retain flag at the [edit routing-options static route] hierarchy level.

For example, if you configure the static route 172.16.0.0/12 from fxp0 for management purposes, you must specify the backup router configuration as follows:



backup-router 172.29.201.62 destination [172.16.0.0/13
172.16.128.0/13]

[High Availability]

User Interface and Configuration

J-Web Quick Configuration pages do not support IPv6 addressing and routing. [J-series Basic Configuration]
The new bridge option to the show system statistics command displays system statistics on MX-series routers. The option is not documented in the System Basics and Services Command Reference.
The new static-mac statement at the [edit routing-instances instance-name protocols l2vpn site site-name interface interface-name] and [edit routing-instances instance-name protocols vpls site site-name interface interface-name] is not documented in the JUNOS VPNs Configuration Guide.
The documentation incorrectly states the following: "The JUNOS software saves the current core file (0) and the four previous core files, which are numbered 1 through 4 (from newest to oldest)." In reality, when you observe the output of the show system core-dumps command after five or more core dumps, the .0 file is the oldest while the .4 file is the newest and is overwritten each time a new core dump file is generated. [System Basics]
When specifying a URL in a JUNOS statement using an IPv6 host address, you must enclose the entire URL in quotation marks (" ") and enclose the IPv6 host address in brackets ([ ]). For example, "ftp://username<:password>@[host-address]<:port>/url-path" or "scp://username<:password>@[host-address]<:port>/url-path". This type of URL format appears in the system archival statement syntax. Not using the quotations and brackets in conjunction with using an IPv6 host address results in a failure when the transfer on commit is executed. [System Basics]
The show chassis temperature-thresholds command output displays temperatures in degrees Celsius. [System Basics Command Reference]
The traceroute mpls ldp and the traceroute mpls rsvp commands are used to trace the route to a remote host for an MPLS-label switched path signaled by LDP and RSVP respectively. Both these commands have some command options specific to them that are not available in the parent traceroute command.
The syntax of the traceroute mpls ldp command is:
traceroute mpls <ldp> fec <destination> <detail> <exp> <fanout> <logical-system> <no-resolve> <paths> <retries> <routing-instance> <source> <ttl> <update> <wait>
The following options are specific to the traceroute mpls ldp command:
fec — Specify the IP address and optional prefix of FEC.destination — (Optional) Specify the destination address to use when sending probes.detail — (Optional) Display detailed output.exp — (Optional) Specify the class-of-service to use when sending probes. The range of values is 0 through 7. The default value is 7.fanout — (Optional) Specify the maximum number of nexthops to search per node. The range of values is 1 through 16. The default value is 16.paths — (Optional) Specify the number of paths to search. The range of values is 1 through 255. The default value is 16.retries — (Optional) Specify the number of times to resend probe. values. The range of values is 1 through 9. The default value is 3.
The syntax of the traceroute mpls rsvp command is:
traceroute mpls <rsvp> lsp-name <detail> <exp> <logical-system> <no-resolve> <retries> <source>
The following options are specific to the traceroute mpls rsvp command:
lsp-name — Specify the name of the LSP to be traced.detail — (Optional) Display detailed output.exp — (Optional) Specify the class-of-service to use when sending probes. The range of values is 0 through 7. The default value is 7.retries — (Optional) Specify the number of times to resend probe. The range of values is 1 through 9. The default value is 3.
For a description of the other common command options, see the documentation for the parent traceroute command. [System Basics Command Reference]
The correct description of the compress-configuration-files statement available at the [edit system] hierarchy level is “Compress the current operational configuration file. By default, the current operational configuration file is compressed, and is stored in the file juniper.conf, in the /config file system, along with the last three committed versions of the configuration.” [System Basics]
The correct description of the path-mtu-discovery statement available at the [edit system internet-options] hierarchy level is:
Configure path MTU discovery for outgoing Transmission Control Protocol (TCP) connections:
- path-mtu-discovery—Path MTU discovery is enabled.
- no-path-mtu-discovery—Path MTU discovery is disabled.
[System Basics]

The “Configuring the Authentication Order” topic has been revised to address some issues. The following is the revised content:

Configuring the Authentication Order—Using the authentication-order statement, you can prioritize the order in which the JUNOS software tries the different authentication methods when verifying user access to a router.

To configure the authentication order, include the authentication-order statement at the [edit system] hierarchy level:



[edit system]
authentication-order [authentication-methods ];

Specify one or more of the following authentication methods in the preferred order, from first tried to last tried:

radius—Verify the user using RADIUS authentication services
tacplus—Verify the user using TACACS+ authentication services.
password—Verify the user using the username and password configured locally by including the authentication statement at the [edit system login user] hierarchy level.

For each login attempt, the JUNOS software tries the configured authentication methods in order until the password is accepted. If the username and password are accepted, the login attempt succeeds and no other authentication methods are tried. The next method in the authentication order is consulted if the previous authentication method fails to respond OR if the method returns a reject response to the login attempt due to an incorrect username or password.

If none of the configured authentication methods accept the login credentials and if a reject response is received, the login attempt fails. If no response is received from any configured authentication method, the JUNOS software consults local password authentication as a last resort.

Using RADIUS or TACACS+ Authentication—You can configure the JUNOS software to be both a RADIUS or TACACS+ authentication client.

If an authentication method included in the [authentication-order] statement is not available, or if the authentication is available but returns a reject response, the JUNOS software tries the next authentication method included in the authentication-order statement.

The RADIUS or TACACS+ server authentication might fail because of the following reasons:

The authentication method is configured, but the corresponding authentication servers are not configured. For instance, the radius and tacplus authentication methods are included in the authentication-order statement, but the corresponding RADIUS or TACACS+ servers are not configured at the respective [edit system radius-server] and [edit system tacplus-server] hierarchy levels.
The RADIUS or TACACS+ server does not respond within the timeout period configured at the [edit system radius-server] or [edit system tacplus-server] hierarchy levels.
The RADIUS or TACACS+ server is not reachable due to a network problem.

The RADIUS or TACACS+ server authentication might return a reject response because of the following reasons:

The user profiles of users accessing a router might not be configured on the RADIUS or TACACS+ server.
The user enters incorrect logon credentials.

Using Local Password Authentication—You can explicitly configure the password authentication method or use this method as a fallback mechanism when remote authentication servers fail. The password authentication method consults the local user profiles configured at the [edit system login] hierarchy level. Users can log in to a router using their local user name and password in the following scenarios:

The password authentication method (password) is explicitly configured as one of the authentication methods in the [authentication-order authentication-methods] statement. In this case, the password authentication is consulted if no previous authentication accepts the logon credentials. This is true whether the previous authentication method fails to respond or returns a reject response due to an incorrect username or password.
The password authentication method is not explicitly configured as one of the authentication methods in the [authentication-order authentication-methods] statement. In this case, the password authentication method is consulted only if all configured authentication methods fail to respond. It is not consulted if any configured authentication method returns a reject response due to an incorrect username or password.

Order of Authentication Attempts—The following table describes how the authentication-order statement at the [edit system] hierarchy level determines the procedure that the JUNOS software uses to authenticate users for access to a routing platform:

Table 2: Order of Authentication Attempts

Syntax	Order of Authentication Attempts
authentication-order radius;	Try configured RADIUS authentication servers. If RADIUS server is available and authentication is accepted, grant access. If RADIUS server is available but authentication is rejected, deny access. If RADIUS servers are not available, try password authentication. Note: If a RADIUS server is available, password authentication is not attempted, because it is not explicitly configured in the authentication order.
authentication-order [ radius password ];	Try configured RADIUS authentication servers. If RADIUS servers fail to respond or return a reject response, try password authentication, because it is explicitly configured in the authentication order.
authentication-order [ radius tacplus ];	Try configured RADIUS authentication servers. If RADIUS server is available and authentication is accepted, grant access. If RADIUS servers fail to respond or return a reject response, try configured TACACS+ servers. If TACACS+ server is available and authentication is accepted, grant access. If TACACS+ server is available but authentication is rejected, deny access. If both RADIUS and TACACS+ servers are not available, try password authentication. Note: If either RADIUS or TACACS+ servers are available, password authentication is not attempted, because it is not explicitly configured in the authentication order.
authentication-order [ radius tacplus password ];	Try configured RADIUS authentication servers. If RADIUS server is available and authentication is accepted, grant access. If RADIUS servers fail to respond or return a reject response, try configured TACACS+ servers. If TACACS+ server is available and authentication is accepted, grant access. If TACACS+ servers fail to respond or return a reject response, try password authentication, because it is explicitly configured in the authentication order.
authentication-order tacplus;	Try configured TACACS+ authentication servers. If TACACS+ server is available and authentication is accepted, grant access. If TACACS+ server is available but authentication is rejected, deny access. If TACACS+ servers are not available, try password authentication. Note: If a TACACS+ server is available, password authentication is not attempted, because it is not explicitly configured in the authentication order.
authentication-order [ tacplus password ];	Try configured TACACS+ authentication servers. If TACACS+ servers fail to respond or return a reject response, try password authentication, because it is explicitly configured in the authentication order.
authentication-order [ tacplus radius ];	Try configured TACACS+ authentication servers. If TACACS+ server is available and authentication is accepted, grant access. If TACACS+ servers fail to respond or return a reject response try configured RADIUS servers. If RADIUS server is available and authentication is accepted, grant access. If RADIUS server is available but authentication is rejected, deny access. If both TACACS+ and RADIUS servers are not available, try password authentication. Note: If either TACACS+ or RADIUS servers are available, password authentication is not attempted, because it is not explicitly configured in the authentication order.
authentication-order [ tacplus radius password ];	Try configured TACACS+ authentication servers. If TACACS+ server is available and authentication is accepted, grant access. If TACACS+ servers fail to respond or return a reject response try configured RADIUS servers. If RADIUS server is available and authentication is accepted, grant access. If RADIUS servers fail to respond or return a reject response try password authentication, because it is explicitly configured in the authentication order.
authentication-order password;	Try to authenticate the user, using the password configured at the [edit system login] hierarchy level. If the authentication is accepted, grant access. If the authentication is rejected, deny access.

[System Basics]

Interfaces and Chassis

For 10-Gigabit Ethernet IQ2 interfaces, you can define the Tag Protocol Identifiers (TPIDs) expected to be sent or received on a particular virtual LAN (VLAN) . For each Gigabit Ethernet port, you can configure up to eight TPIDs using the tag-protocol-id statement. However only the first four TPIDs are supported on 10-Gigabit Ethernet IQ2 interfaces. Network Interfaces Configuration Guide
Ethernet interfaces on M320, MX-series, and T-series routing platforms support the IEEE 802.1ag standard for Operation, Administration, and Management (OAM). The documentation incorrectly includes the M120 as one of the routing platforms on which Ethernet interfaces support the IEEE 802.1ag standard for OAM. [JUNOS Network Interfaces Configuration Guide]
To display the FRU model number, part number, and serial number, issue the show chassis hardware models command. To display the FRU model number, part number, and CLEI code, issue the show chassis hardware clei-models command. [System Basics and Services Command Reference]
FRF.12 is supported on link services (ls-) interfaces on the J-series routing platform. [Services Interfaces]
The drop-and-insert multiplexer is now integrated into channelized T1/E1 PIMs on J-series Services Routers. The data-input (system | interface interface-name) statement at the [edit interfaces ds-pim/0/port:channel] hierarchy level is not documented in the JUNOS Network Interfaces Configuration Guide.
IP address definition for the master Routing Engine—Enables you to configure a management IP address so that it is always used by the master Routing Engine, even in the case of a failover event. To configure this feature, include the master-only statement at the [edit interfaces fxp0 unit logical-unit-number family inet address ip-address] hierarchy level on the master Routing Engine. [Network Interfaces Configuration Guide]

General Routing

The manuals currently state that only the following routing platforms support GRES for VPLS: M10i, M20, M40e, M320, T320, and T640. The TX Matrix routing platform also supports GRES for VPLS. [System Basics, Feature Guide, VPNs]
Nonstop routing for BGP is supported for unicast IPv4 and IPv6 only. If any other address family type is configured, the BGP session will not be maintained during a Routing Engine switchover. [High Availability]
The VRRP Configuration Guidelines chapter states that you cannot configure both IPv4 and IPv6 virtual IP addresses for a single interface. In fact, you can configure both an IPV4 and IPv6 virtual IP address for a single interface. [High Availability]
The range of values for the inet6-advertise-interval statement at the [edit interfaces interface-name unit logical-unit-number family inet6 address address vrrp-inet6-group group-id] is documented incorrectly. The correct range of values, in milliseconds (ms), is 100 to 40,950. [High Availability]
In the section titled "Specifying Static Route Options," the following statement appears at two locations in each of the two configuration hierarchies:(active | passiverib-groups);
The correct statement is the following:
(active | passive);
However, the passiverib-groups statement links correctly to the summary page for the passive statement. [Routing]
The description of the show system switchover command output field Peer state is documented as “Routing Engine peer state: Synchronization completed—Peer completed switchover transition; Synchronizing—Peer in switchover transition.” The description should read: “Routing Engine peer state: Steady State—Peer completed switchover transition; Peer Connected—Peer in switchover transition.” [System Basics Command Reference]

Routing Protocols

Change in use of special characters for routing instance names—You can no longer use special characters within the names of routing instances. A commit check and upgrade to JUNOS Release 9.0 fails if you include a special character within a routing instance name. The routing instance name can include letters, numbers, and hyphens. In addition, a routing instance name can now be up to 128 characters long. You configure a routing instance name at the [edit routing-instances routing-instance-name] hierarchy level. The commit check is enforced wherever a routing instance name is referenced in the JUNOS CLI.
A commit check is also now enforced for firewall filter and policy statement names. The commit check fails if these names include special characters. You configure firewall filters at the [edit firewall filter filter-name] hierarchy level. You configure a policy statement at the [edit policy-options policy-statement policy-name] hierarchy level. [Routing Protocols Configuration Guide, Policy Framework Configuration Guide]
To configure the Link Aggregation Control Protocol (LACP), include the lacp statement at the [edit protocols] hierarchy level. [Network Interfaces Configuration Guide]
To configure Layer 2 control protocol features, include the layer2-control statement at the [edit protocols] hierarchy level. [Routing Protocols Configuration Guide]
When you specify the same AS number in more than one routing instance on the local router, you must configure the same number of loops for the AS number in each instance. For example, if you configure a value of 3 for the loops statement in a VRF routing instance that uses the same AS number as that of the master instance, you must also configure a value of 3 loops for the AS number in the master instance. Include the loops statement at the [edit routing-options autonomous-system number number] hierarchy level. In addition, you must include the independent-domain statement if the loops statement must be enabled only on a subset of routing instances. [Routing Protocols Configuration Guide]

MPLS Applications

Inter-AS traffic engineering (Phase 2) enables traffic-engineered MPLS LSPs to dynamically discover OSPF autonomous system boundary routers (ASBRs) and enables routers to establish a traffic-engineered LSP across multiple autonomous systems (ASs). Each AS is assumed to be under the control of a single service provider and to use OSPF. To configure traffic engineering across multiple ASs using OSPF, include the traffic-engineering statement at the [edit protocols (ospf | ospf3) area area-id interface interface-name passive] hierarchy level. [MPLS Applications]

VPNs

The LDP BGP VPLS Interworking feature is currently supported only on MX-series and M320 routers. The JUNOS VPNs Configuration Guide and JUNOS Feature Guide do not list this limitation. [VPNs, Feature Guide]
The statement hierarchy for the vpls statement shown in the “Configuring the VPLS Routing Instance” section includes an extraneous bracket character (}). The corrected statement hierarchy is as follows:
vpls { active-inteface { any; primary interface-name; } interface-mac-limit limit; mac-table-size size; neighbor neighbor-id; no-tunnel-services; site site-name { active-interface { any; primary interface-name; } interface interface-name { interface-mac-limit limit; } multi-homing; site-identifier identifier; site-preference preference-value; } site-range number; traceoptions { file filename <replace> <size size> <files number> <no-stamp>; flag flag <flag-modifier> <disable>; } tunnel-services { devices device-names; primary primary-device-name; } vpls-id vpls-id; }[VPNs]
You cannot configure the mac-table-aging-time statement on MX-series routers. [VPNs]

Class of Service

The JUNOS Class of Service Configuration Guide states that rich queuing (per-VLAN queuing) is NOT supported on the Enhanced Queuing Distributed Port Concentrators (EQ DPCs) used in MX-series routers. This is not correct. Rich queuing is supported on EQ DPCs. [CoS]
As stated in the documentation, you can selectively set the DSCP field of IPv4 and IPv6 packets to 0 without affecting output queue assignment, and continue to set the MPLS EXP field according to the configured rewrite table, based on forwarding classes. This feature is not supported with GRE and IP-IP tunnels. The documentation incorrectly implies that you can use the dscp 0 action modifier to set the DSCP field of IPv4 and IPv6 packets to 0. For IPv4 traffic, the dscp 0Service action modifier at the [edit firewall family inet filter filter-name term term-name then] hierarchy level is valid. However, for IPv6 traffic, you configure this feature by including the traffic-class 0 action modifier at the [edit firewall family inet6 filter filter-name term term-name then] hierarchy level. [CoS]
For IQ2 PICs running JUNOS software 8.3, 8.4, and 8.5, the rate-limit option for the transmit-rate statement has nothing to do with congestion. The rate-limit is a simple single-rate two-color policer placed on the egress queue. [Class of Service]

Network Management

In the description for the request snmp spoof-trap command, the description for the trap option incorrectly states that the asterisk (*) can be used to spoof all traps. [System Basics and Services Command Reference]

[Contents][Prev][Next][Report an Error]