Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
[+] Expand All
[-] Collapse All

Known Behavior

This section lists known behavior, system maximums, and limitations in hardware and software in Junos OS Release 14.2R8 for the EX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Authentication and Access Control

  • On EX9200 switches with 802.1X authentication enabled, if you associate an 802.1X-enabled interface in single-secure mode with a VLAN, when a client is authenticated on that VLAN and then is later authenticated on a dynamic VLAN (a guest VLAN or a VLAN assigned by a RADIUS server), the client might still be associated with the interface-associated VLAN and receive the broadcast and multicast traffic of that VLAN. PR955141
  • On EX9200 switches, if you configure a firewall filter name (filter name plus term name plus counter name) that has more than 128 characters, 802.1X (dot1x) authentication might fail and cause the Network Processing Card (NPC) to crash. As a workaround, configure the filter name, term name, and counter name such that when the total length of those three names is added to the length of the interface name and the MAC address, the total length does not exceed 128 characters. PR1083132
  • On EX9200 switches, the LLDP-MED bypass feature is not supported. PR1124537


  • On EX9200 switches, the value for the udpOutDatagrams object displayed in the output of the show snmp mib walk decimal udpOutDatagrams command is different from the value for the same object displayed in the output of the show system statistics udp member 0 command. The value for datagrams dropped due to no socket field is incorrectly used as the value for udpOutDatagrams in the show snmp mib walk decimal udpOutDatagrams output. As a workaround, use the show system statistics udp member 0 command. PR1104831

Interfaces and Chassis

  • On EX9200 switches, BFD on IRB interfaces flaps if BFD is configured for subsecond timers. PR844951
  • On EX9200 switches, a transient loop might be seen when interfaces are brought up on an EVPN PE device or when a PE device having one of the ESIs comes up after reboot. PR1110285
  • On EX9200 switches, traffic loss might occur for a few seconds (two through six seconds) on the active node of an MC-LAG when the ICCP (Inter-Chassis Control Protocol) goes down and then comes back. PR1107001
  • On EX9200 switches, OSPF sessions between CE devices might flap when a PE device that provides EVPN multihoming is rebooted. PR1113013
  • On EX9200 switches, with single-active EVPN, a loop might lead to an OSPF flap between CE devices when the BGP session between the PE devices that provide EVPN multihoming flaps. PR1113023

Network Management and Monitoring

  • On EX9200 switches, the interface index value is displayed as 0 on the sFlow collector. PR1083226

Open vSwitch Database (OVSDB) Management Protocol

  • The amount of time that it takes for Juniper Networks devices that function as hardware virtual tunnel endpoints (VTEPs) to learn a new MAC address after the first packet is sent from this MAC address is a maximum of 4.5 seconds. (The amount of time depends upon the server configuration that VMware NSX is running.) During this time, traffic destined for this MAC address floods the VXLAN. PR962945
  • After the connections with NSX controllers are disabled on a Juniper Networks device, interfaces that were configured to be managed by OVSDB continue to transmit traffic. PR980577
  • If an entity with a particular MAC address is moved from one Juniper Networks device so that its traffic is handled by a different Juniper Networks device that functions as a hardware virtual tunnel endpoint (VTEP), this MAC address is not learned by entities served by the new hardware VTEP until the hardware VTEP that previously handled its traffic ages out from the MAC address. During this transitional period, traffic destined for this MAC address is dropped. PR988270


  • On EX9200 switches running OpenFlow v1.3.1, the output for the show openflow flows command displays IPv6-related fields. However, the Junos OS implementation of OpenFlow v1.3.1 for EX9200 switches does not support IPv6 specifications. Therefore, the output for these fields typically displays None.
  • On EX9200 switches running OpenFlow v1.3.1, topology discovery might fail when an LLDP packet-in message is sent to the controller at a traffic rate of 1 Mbps. PR897917
  • On EX9200 switches, after a restart of the firewall filter daemon, an OpenFlow 1.3.1 packet might not be received on an interface. PR969520
  • On EX9200 switches running OpenFlow v1.3.1, if OpenFlow is enabled when you query port information, the values for duration_nsec and duration_sec are always shown as 0. PR978321
  • On EX9200 switches running OpenFlow v1.3.1, flow statistics show packet flow as increasing even when the output port link is down. PR987753
  • On EX9200 switches running OpenFlow v1.3.1, ADPC line cards are not supported. Configure enhanced IP network services mode to disable ADPC line cards. PR988256
  • On EX9200 switches running OpenFlow v1.3.1, EtherType 0x806 (ARP) and IPv4 address fields are not supported as match fields. PR990196
  • On a hybrid interface on EX9200 switches running OpenFlow v1.3.1, OpenFlow traffic can exit only a logical interface that has the same VLAN-ID range as that of the ingress interface. PR865320
  • On EX9200 switches running OpenFlow v1.3.1, a BGP session might flap while an OpenFlow interface is receiving line-rate traffic to which the default action packet-in is applied, as it has no matching rule. PR892310

Software Installation and Upgrade

  • On EX9200 switches, if you issue a unified ISSU from Junos OS Release 13.2 or earlier to Junos OS Release 14.1 or later, approximately 20 seconds of traffic drop occurs for IPv6 protocols (for example, OSPFv6, BGPv6, or RIPv6) that are enabled on integrated routing and bridging (IRB) interfaces. The problem occurs because different link local addresses have been generated in the two releases for the same IRB logical units. As a workaround, configure different local IPv6 interfaces for different IRB logical units. PR1086775

Virtual Chassis

  • On EX9200 Virtual Chassis, a generic error message might appear when you add second/redundant VCPs. Configure redundant VCPs after the FPC that has the port comes online. PR990861


  • On EX9200 switches, IGMP snooping does not work on virtual tunnel endpoint (VTEP) interfaces. PR989664

Modified: 2017-12-12