Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
  
[+] Expand All
[-] Collapse All

Resolved Issues

This section lists the issues fixed in the 14.2 Junos OS main release and the maintenance releases.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: Release 14.2R8

Authentication and Access Control

  • On EX9200 switches, dot1x authentication might fail, with a dot1xd core file created. PR1204104

DHCP

  • On EX Series platforms, during the jdhcpd initialization phase, jdhcpd attempts to open the dhcpv4 socket without checking whether dhcp-security is configured or not, which might cause the helper bootp for DHCPv4 and DHCP-Relay DHCPv6 not to work together. PR1053807

Firewall Filters

  • On EX9200 switches, if a firewall filter that has action tcp-reset is applied to an IRB interface, action tcp-reset does not work properly. PR1219953

Forwarding and Sampling

  • On EX9200, during chassis reboot and daemons restarting, if a mib2d client tries to connect to the stats daemon, there are two connections established from the mib2d client to the stats daemon, and there are a few MIB requests in the queue for processing coming in both the connections. Because of the nature of the two connections, there is a chance of a deadlock where connection establishment of one connection is blocked by processing of a request on another connection that continues in a loop. This can cause two problems: (1) A walk on some OIDs (for example, 1.3.6.1.2.1.2 or 1.3.6.1.2.1.31) will not give results; (2) LLDP neighbor information will not be read. PR1221888

Hardware

  • On EX9200 platforms with MPC5E installed, in a high-temperature situation, the temperature thresholds for triggering the high temperature alarm and controlling fan speed are based on the FPC level. Any sensor values in the FPC that exceed the temperature threshold of the FPC trigger the actions associated with temperature thresholds. PR1199447

Infrastructure

  • On EX9200 switches, when family ethernet-switching is configured on an interface that is also configured with encapsulation extended-vlan-bridge, then transit packets (for example, IP, ping, or Q-in-Q packets) might be dropped on this interface. PR1078076
  • On EX9200 switches, periodic packet management (PPM) core files might be generated following a commit. This happens only on a large-scale setup, when the logical interface number of PFE exceeds 64. PR1187104
  • On EX9200 switches, if you enable the feature VRRP delegate-processing ae-irb, VRRP and BFD might keep flapping. PR1219882

Interfaces and Chassis

  • On an EX9200 switch with MC-LAG, when the enhanced-convergence statement is enabled and when the kernel sends a next-hop message to the Packet Forwarding Engine, the full Layer 2 header is not sent and a packet might be generated with an invalid source MAC address for some VLANs. PR1223662
  • On EX Series platforms where MC-LAG with IPv6 is supported, the l2ald memory might leak for every IPv6 ND (Neighbor Discovery) message it receives from a peer MC-LAG and it does not free the memory allocated, causing l2ald memory exhaustion and an l2ald process crash. PR1277203

Platform and Infrastructure

  • On EX9200 switches, if you use the load replace command or the load merge command to configure a device, and you included an annotation just before a delete action in the loaded configuration file, the management daemon (mgd) might create a core file. PR1064036

Security

  • A vulnerability in IPv6 processing has been discovered that may allow a specially crafted IPv6 Neighbor Discovery (ND) packet destined to an EX Series Ethernet Switches to cause a slow memory leak. A malicious network-based packet flood of these crafted IPv6 NDP packets may eventually lead to resource exhaustion and a denial of service. PR1206593

Software Installation and Upgrade

  • On EX9200 switches, if unified in-service software upgrade (ISSU) is used to upgrade Junos OS, it is possible that an unnecessary thread would run on a Flexible PIC Concentrator (FPC) after the upgrade procedure. This thread could potentially enter into a loop and trigger a stop of forwarding traffic on that particular FPC. PR1249375
  • On EX9200 switches, all interfaces on 1-gigabit line cards with copper SFPs might flap during a unified ISSU. The unused ports might flap as well. One or more interfaces might flap on a 10-gigabit line card with 32 ports in an MC-LAG/LACP configuration. PR1007038

Resolved Issues: Release 14.2R7

Network Management and Monitoring

  • On EX9200 switches, sFlow sampling might remain enabled after you delete an sFlow sample-rate configuration from an interface. PR1075789
  • On EX9200 switches, ingress sFlow samples of packets routed on an IRB interface might be dropped, and an error message similar to the following might be displayed for every drop: Sflow trinity_sflow_handle_packet, 145ifl 1245541 NULL. PR1147719
  • On EX9200 switches, an sFlow flow sample with an incorrect Frame Length value in a raw packet header might be generated for frames larger than 128 bytes, because of which, traffic volume calculated based on Frame Length and Sampling rate values in the sFlow collector might be inaccurate. PR1152275

Platform and Infrastructure

  • On EX9200 switches, attempts by line cards to make unnecessary connections to the Routing Engine might continuously generate debugging-level log messages, which consume system resources. PR1113309

Resolved Issues: Release 14.2R6

Authentication and Access Control

  • On an EX9200 switch acting as a DHCPv6 server, the server does not send a Reply packet on receiving a Confirm packet from the client; the behavior is not compliant with the RFC3315 standard. PR1025019

Interfaces and Chassis

  • On EX9200 switches, an IRB unicast next hop in a scenario with a Layer 2 LAG as the underlying interface might result in traffic blackholing. PR1114540

Resolved Issues: Release 14.2R5

Access Control and Authentication

  • On EX9200 switches, RADIUS authentication might fail if the switch receives an Access-Accept message containing a Cisco vendor-specific attribute (VSA). PR1095197

Dynamic Host Configuration Protocol

  • On EX9200 switches, DHCP snooping and related access security features of ARP inspection, IP source guard, neighbor discovery inspection and IPv6 source guard are not supported at the [edit logical-systems logical-system-name vlans vlan-name forwarding-options dhcp-security] hierarchy level. PR1087680
  • On EX9200 and QFX5100 switches, if you configure DHCP relay with the DHCP server and the DHCP client in separate routing instances, unicast DHCP reply packets, such as a DHCPACK message in response to a DHCPRENEW message, might be dropped. PR1079980

Firewall Filters

  • On EX9200 switches, 32k is the minimum value that you must configure for policer bandwidth limits. If you configure a policer bandwidth limit that is less than 32k, an error message is displayed. PR1109780

Interfaces and Chassis

  • On EX9200 switches, a remote attacker can make a denial-of-service attack by using maliciously crafted uBFD packets that are received directly through VPN, MPLS, and multicast or broadcast traffic, and on Virtual Tunnel (VT) interfaces, or otherwise. This issue affects both IPv4 and IPv6 traffic in Ethernet environments where the crafted packet is received over physical interfaces. PR1102581

Network Management and Monitoring

  • On EX9200 switches, if you configure an invalid interface address as the SNMP source address, SNMP traps might not be sent even after you change the SNMP source address to a valid interface address. As a workaround, restart the snmpd process. PR1099802

Platform and Infrastructure

  • On EX9200 switches with MPC3E/MPC4E line cards installed, if you enable the flow detection feature at the [edit system ddos-protection] hierarchy level, suspicious control flow might not be detected on the line cards; or, if the suspicious control flows are detected, they might never time out, even if the traffic flows no longer violate the control parameters. PR1102997

Routing Protocols

  • On EX9200 switches operating in a routing domain with a PIM-embedded IPv6 rendezvous point (RP), accessing the RP after the memory is freed might cause the routing protocol process to generate a core file. PR1101377

Resolved Issues: Release 14.2R4

Interfaces and Chassis

  • On EX9200 switches, the Dynamic Host Configuration Protocol (DHCP) relay feature, which allows the client interface and the server interface to be in separate virtual routing and forwarding (VRF) instances, does not work if the client interface is configured as an integrated routing and bridging (IRB) interface. PR1064889
  • On EX9200 switches, if DHCP relay is configured using the forward-only and forward-only-replies statements at the [edit forwarding-options dhcp-relay] hierarchy level, and the DHCP local server is configured with the forward-snooped-clients statement at the [edit system services dhcp-local-server] hierarchy level, then the configuration for forward-snooped-clients takes precedence over the configuration for forward-only and forward-only-replies. As a result, DHCP message exchange between VRF instances might not work as expected. As a workaround, do not configure forward-only and forward-only-replies together with forward-snooped-clients. PR1077016
  • On EX9200 switches, the unsupported auto-10m-100m option no longer appears in the CLI. PR1077020
  • On EX9200 switches, if you configure an MC-LAG with two devices, and then delete and re-create an MC-AE interface, broadcast and multicast traffic that is flooded might loop for several milliseconds. PR1082775
  • On EX9200 switches, if you configure a virtual private LAN service (VPLS), no label-switched interface (LSI) belongs to a VLAN even though the VPLS connection is in the UP state, and traffic does not flood to an LSI. As a workaround, configure VPLS on the routing instance instead of on the virtual-switch instance. PR1083561
  • An EX9200-40F-M line card drops all traffic on an IRB logical interface, including both data plane and control plane traffic. If an IRB logical interface is configured on an EX9200-40F-M line card as part of a VLAN, any device connected through that interface cannot use Layer 3 forwarding outside the subnet, because EX9200-40F-M does not handle the ARP function correctly. Configuring static ARP on devices using the EX9200 as a gateway is not a workaround, because packets are still dropped if the Routing Engine of the EX9200 has the routes and the ARP entry for the destination IP. PR1086790
  • On EX9200 switches, if you add a VLAN on an existing virtual-switch instance for virtual private LAN service (VPLS), the label-switched interface (LSI) might not be associated with the new VLAN. PR1088541

Layer 2 Features

  • On EX9200 switches, if you configure a virtual private LAN service (VPLS) routing instance and then add interfaces to that VPLS routing instance, the system might create a core file and go into db (debug) mode, because the addition of the interfaces to the routing instance caused a buffer overflow. PR1068898

Resolved Issues: Release 14.2R3

Access Control and Authentication

  • On EX9200 switches, the output for the ptopoConnRemotePort MIB might display an incorrect value for portIDMacAddr. PR1061073
  • On EX9200 switches, when clients are authenticated with dynamic VLAN assignment on an 802.1X-enabled interface, disabling 802.1X authentication on that interface might cause the Layer 2 Address Learning daemon (l2ald) to generate a core file. PR1064491

Dynamic Host Configuration Protocol

  • On EX9200 switches with DHCPv6 snooping configured, if the Juniper Enterprise ID (2636) is included in the prefix of DHCPv6 option 37 (Remote ID) or DHCPv6 option 16 (Vendor Class ID), the Juniper Enterprise ID will be encoded in binary. The DHCPv6 options are appended to DHCPv6 packets if DHCPv6 snooping is configured on the switch. PR1052956

Firewall Filters

  • On EX9200 switches, after you upgrade Junos OS to Release 14.1R1 or a later release, configuring ipv6-payload-protocol as a firewall filter match condition might cause the related filters to stop working. PR1066725

Interfaces and Chassis

  • On EX9200 switches, when the switch receives LACP control packets from an interface other than an aggregated Ethernet (AE) interface, it forwards the packets, causing LACP peer devices that receive the packets to reset the LACP connections. This might cause continuous flaps for all AE or multichassis aggregated Ethernet (MC-AE) interfaces. PR1034917
  • On EX9200 switches, although the minimum Junos OS release that supports the EX9200-6QS line card is Release 14.2R1, if an IRB logical interface is configured on an EX9200-6QS line card as part of a VLAN, any device connected through that interface is unable to route outside of the subnet because EX9200-6QS drops all ARP requests. As a result, the EX9200-6QS line card drops all routed traffic, including both data plane and control plane traffic. Configuring static ARP on devices that use an EX9200 switch as gateway is not a workaround because the packets are still dropped if the Routing Engine of the EX9200 has the routes and ARP entry for the destination IP. As a workaround, upgrade your software to the release specified in TSB16659 if your switch configuration includes an IRB logical interface configured on an EX9200-6QS line card as part of a VLAN. PR1055566
  • On EX9200 switches, if a 100-gigabit interface is configured as part of a Link Aggregation Group (LAG), committing any configuration change causes the interface to flap. PR1065512

Layer 2 Features

  • On EX9200 switches, if MVRP is configured on an aggregated Ethernet (AE) interface, MVRP might become unstable if the CLI command no-attribute-length-in-pdu is configured. PR1053664

OpenFlow

  • On EX9200 switches running OpenFlow v1.3.1, the switching device stops responding if an interface goes down when the echo interval timeout is set to less than 11 seconds. PR989308

Platform and Infrastructure

  • On EX9200 switches, if the switch receives a BFD control packet that is larger than 52 bytes, the BFD process might create a core file. PR1004482
  • On EX9200 switches, recurring local memory (LMEM) data errors might cause a chip wedge. PR1033660
  • On EX9200 switches, when the switch is configured as a DHCP relay agent with option 82, and the circuit ID is configured with the CLI statement use-interface-description with the device option, then the string of the option 82 field in the DHCP DISCOVER message that is forwarded to the DHCP server must include the switch name, physical interface name, and the VLAN name. However, the string contains integrated routing and bridging (IRB) information in place of the physical interface name. PR1037687
  • On EX9200 switches, a process that fails multiple times in a short period of time might not generate a core file. PR1058192

Routing Protocols

  • On EX9200 switches on which virtual private LAN service (VPLS) is enabled, if the interfaces on the CE device belong to multiple FPCs, traffic might keep flooding the VPLS routing-instance for more than 2 seconds during the MAC learning phase when the links between the PE device and the CE device flap, or when the administrator clears the VPLS MAC table. PR1031791

Resolved Issues: Release 14.2R2

Dynamic Host Configuration Protocol

  • On EX9200 switches, the DHCPv6 binding table as shown in the output of the show dhcp-security ipv6 binding might contain stale entries under the following conditions:
    1. There is a mismatch in the link local address between the link local binding and the dynamic binding.
    2. There is no dynamic binding, and a SOLICIT message that matches the link local entry is received, causing the state of the IPv6 address to transition from BOUND to WAITING. This resets the lease timer and creates a stale entry.

    The presence of stale entries in the DHCPv6 binding table might cause the jdhcpd process to create a core file. PR1012556

  • On EX9200 switches, Dynamic Host Configuration Protocol (DHCP) relay functionality might stop working and DHCP does not form new bindings if the number of subscribers exceeds 1000. PR1033921

Infrastructure

  • On EX9200 switches, if the switch receives an ARP packet while the forwarding information base (FIB) has exceeded the limit of 262144 routes, the kernel might generate a core file. PR1028714

Interfaces and Chassis

  • On EX9200 switches, in an MC-LAG scenario, a MAC address might incorrectly point to an inter-chassis control link (ICL) after a MAC move from a single-home LAG to the MC-LAG. PR1034347

Spanning-Tree Protocols

  • On EX9200 switches running the VLAN Spanning Tree Protocol (VSTP), incoming BPDUs might not be included in the output of the show spanning-tree statistics interface command. PR847405

Modified: 2017-12-12