Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Resolved Issues

 

This section lists the issues fixed in the Junos OS main release and the maintenance releases.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: Release 15.1R7

Authentication and Access Control

  • On EX Series switches, captive portal authentication is used to redirect Web browser requests to a login page. After the client is successfully authenticated, there might be a delay of 1-3 minutes before captive portal redirects the browser to the login page, and sometimes the redirection might fail. PR1026305

  • On a dot1x-enabled interface, sometimes when you log in, log off, and then log in within a short interval (within subseconds), the logical interface plus the bridge domain or VLAN remain in a pending state, and you will not be able to access the network. PR1230073

  • In 802.1X (dot1x) single-supplicant mode, after username and password were configured on interfaces and dot1x supplicants were started, the users were authenticated with the Radius_DataVlan VLAN, but the Ethernet-switching table was not updated for one of the interfaces. PR1283880

  • In Power over Ethernet (PoE) using Link Layer Discovery Protocol(LLDP) scenario, the LLDP Power-via-MDI TLV and LLDP Media Endpoint Discovery (LLDP-MED) TLV will transmit the wrong power class type. PR1296547

  • On EX Series platforms, dot1x might stop authentication if continuous dot1x clients reauthentication requests cannot be processed. PR1300050

  • If dynamic assignment of VoIP VLAN is used, the switch might not send the correct VoIP VLAN information in LLDP-MED packets after a configuration change and commit. PR1311635

  • On EX Series standalone switches or their Virtual Chassis with dot1x configured, there will be memory leaks for port-based network access control authentication (PNAC AUTH) in dot1xd. Once the memory block of PNAC AUTH used by dot1xd grows to its limit size, the switch might not process client authentications further, resulting in dot1x clients reauthenticating constantly. The dot1xd process always runs irrespective of configuration and as part of its initialization it tries to connect with authd; if authd is not running, then there is a memory leak in dot1xd. PR1313578

DHCP

  • On EX Series switches (except EX4300, EX4600, and EX9200), the switch cannot send DHCP option 2 when the extended DHCP local server is configured. The switch sends DHCP option 2 incorrectly when a traditional DHCP server is configured. PR1252437

  • On EX4200 Virtual Chassis, if dhcp-relay under forwarding-options helpers is configured along with bpdu-block and an interface configured with bpdu-block receives a BPDU and the interface is disabled and reenabled, a memory allocation issue might be seen that can lead to a memory exhaustion issue for DHCP relay. PR1259918

  • DHCP requests or discovers are duplicated between L2 interfaces on Junos OS Release 15.1R5. PR1268550

  • On all EX Series switches (except for EX4300, EX4600, and EX9200), in a DHCP relay with an option 82 scenario, the jdhcpd memory might leak if dhcp-relay with option 82 is configured. The messages are logged as follows and the process stops working: /kernel: Process (3126,jdhcpd) attempted to exceed RLIMIT_DATA: attempted 131076 KB Max 131072 KB . PR1277433

Hardware

  • On EX4200 platforms using PSU module EX-PWR3-930-AC, the PSU is not detected by the show chassis hardware command and is listed as “absent” in the show chassis environment command output. PR1256980

Firewall Filters

  • On EX4300 switches with the firewall loopback rule ip-options, only any is available for an ip-options match. PR1173347

Infrastructure

  • On EX4600 and EX4300 switches, when the system receives traffic when the TTL is 1 and the DF bit is set (for example, reply for a trace router), the system replies with ICMP Destination Unreachable ( Fragment needed ) and MTU 0. PR1251523

  • When an EX4550-32T boots up, a 1G interface is up for 60 seconds, then turns down, and then turns up again a few seconds later. While the unexpected link up is seen, a peer device sends traffic to that port, causing a traffic black hole. PR1257932

  • On EX2200, EX3300,EX4200, EX4500, EX6200, and EX8200 switches and on jdhcpd relay for the IRB case, permanent ARP entries might be seen in the ARP table, even if for those entries there is no static MAC set and during the time of issue the connectivity to those hosts might be lost. PR1258489

  • On EX8200 switches, if a Layer 3 interface is configured with vlan-tagging, then the switch might use the wrong source MAC address when it routes traffic to this Layer 3 interface. PR1262928

  • Starting in Junos OS Release 13.2X50-D15, for EX Series Virtual Chassis (except EX4300, EX4600, and EX9200), when small UDP (<80 bytes) packets are forwarded between endpoints across a Virtual Chassis port (VCP) link, a certain UDP destination port gets black-hole traffic. PR1262969

  • No space in an EX8200 line card to save Packet Forwarding Engine manager (pfem) core files. PR1263024

  • In a mixed Virtual Chassis scenario (EX4500-40F with EX4200; EX4500-40F is a master), if a speed of 100 Mbps is configured on an EX4200 PIC interface of a Virtual Chassis member, then the configuration will not get applied on the interface as it is unsupported by the PIC. The speed remains 1000 Mbps on the interface. This issue is only seen on an EX4500-40F platform. PR1291992

  • On EX2200, EX3300, EX4200, EX4500, EX4550, EX6200, and EX8200 switches with DHCP snooping enabled, an sfid memory leak and core file might occur if a socket connection between the sfid and eswd fails. PR1303241

  • On EX2200, EX3300, EX4200, EX4500, EX4550, EX6200, or EX8200 switches or Virtual Chassis, when the ternary content-addressable memory (TCAM) is in an "out of memory space" condition, a pfem core file might be seen when you add a new route entry in the TCAM. PR1304299

  • On EX2200, EX3300, EX4200, EX4500, EX4550, EX6200, or EX8200 platforms, file system corruption might happen if bad blocks are in the flash or filesystem. The upgrade might fail. PR1317628

  • On an EX4600 switch, priority-based flow control (PFC) frames might not work. PR1322439

  • ifinfo core files might be created on EX4600 Virtual Chassis. PR1324326

  • On EX2200, EX3300, EX4200, EX4500, or EX4550 platforms, a high CPU load for the sfid process might be seen if a high rate of ARP packets is received (for example, 500pps) and IGMP snooping is enabled for that VLAN. PR1325026

  • Support for archiving a dmesg file; currently, only the Last reboot logs are recorded. PR1327021

  • On EX4200, EX4500, EX4550, and EX8200 Virtual Chassis, VLAN pruning might not work as expected and a VCP might have traffic flooding if the VCP flaps when VLAN pruning is enabled. PR1328294

  • VLAN translation (swap) is not working if the packet destination is the IRB interface of the translation switch. PR1342432

Interfaces and Chassis

  • If an interface on an EX4550-32T switch is configured with a fixed speed of 100 Mbps without autonegotiation, sometimes the interface does not come up, because the peer device that supports auto-MDI detects incorrectly, causing the link to go down. PR1235868

  • On EX4500 or EX4550 switches that have two routing instances configured with the same IP address, after you commit the configuration, you will get an IP address conflict in the configuration and the commit will fail. PR1256904

  • For EX Series switches, in a rare condition (for example: rebooting the switch or reloading configuration), the MAC address of an AE interface and its member links might be inconsistent, which causes unexpected behavior for some routing protocols. PR1272973

  • On EX Series platforms where MC-LAG with IPv6 is supported, the l2ald memory might leak for every IPv6 Neighbor Discovery Protocol (NDP) message that it receives from a peer MC-LAG. The leak does not free the memory allocated, causing l2ald memory exhaustion and an l2ald process crash. PR1277203

  • On a Virtual Chassis, when the master member FPC reboots and the interface on which the ARP is learned goes down along with the master FPC, traffic loss might be observed for about 10 seconds. At that time, the ARP entry cannot be learned from the remaining FPC. PR1283702

  • On EX4300 Virtual Chassis, when persistent learning with a mac-limit value of 1 is enabled on the interface, the switch might not forward the Internet Group Management Protocol (IGMP) report upstream to the router or any Layer 2 device connected through the interface. PR1285807

  • On EX4300 switches, filter-based forwarding (FBF) might not work properly after deactivating or activating. PR1293581

  • When a non-root user accesses the device via SSH, issues the load replace terminal CLI command, and attempts to replace the interface stanza in the same operation, the current CLI session might be terminated, leaving the user session hanging. PR1293587

  • On EX2200, EX3300, EX4200, EX4500, EX4550, EX6200, and EX8200 platforms, an eswd core file might be created if apply-groups is configured under interface-range. PR1300709

  • On EX4300 platforms, the FRU PSU removal and insertion traps might not get generated when the PSU is removed or inserted. PR1302729

  • On EX4300 platforms, OSPF packets with IEEE P-bit 6 might change to 0 while being received if OSPF is configured on VLAN-tagged Layer 3 interfaces or IRB interfaces. PR1306750

  • On an EX4300 platform with PIM and IGMP snooping enabled on an IRB interface, if an IGMPv2 report that creates a (*,G) entry is sent first, and then multicast data traffic for the same group is sent, the multicast receiver connected to the EX4300 might not be able to get the multicast streaming. PR1308269

  • On EX4300 Virtual Chassis, IGMP snooping might not learn a multicast router interface dynamically if PIM hello messages are received on the interface where IGMP snooping is configured. PR1312128

  • On EX4300 switch, if an interface with a 1G SFP port is configured with the no-auto-negotiation option, the interface might stay down after the switch reboots. PR1315668

  • On an Enhanced Layer 2 Software (ELS) platform, an l2cpd core filemight be created if the interface is disabled under VSTP and then is enabled under RSTP, causing inconsistency in the spanning tree. PR1317908

  • On EX4300 Virtual Chassis, high latency might be observed between the master and another FPC if a traffic burst is received on the master every 3 to 4 seconds. PR1319795

  • On standalone EX4300 switches or EX4300 Virtual Chassis, if you configure an interface under the vlan stanza—for example, set vlans name interface ge-x/y/z.0—VLAN programming does not happen appropriately in hardware, possibly causing improper Spanning Tree Protocol (STP) convergence for certain VLANs. PR1320719

  • On EX4200 Virtual Chassis and EX4550 Virtual Chassis, if an aggregated Ethernet (AE) interface is configured with links on both master and backup members of the Virtual Chassis, there might be too long of a delay of Link Aggregation Control Protocol (LACP) failover when the member that has the active AE member link is rebooted. PR1322345

  • On an EX4300 platform, multicast traffic might not be forwarded to one of the receivers if IGMPv3 and IGMPv2 reports are received for the same group on the same VLAN. PR1323499

  • If an interface is configured as a member of an interface set, it may not work properly after an unrelated FPC (not the one where the interface resides) restarts. The affected FPC is the restarted one. PR1329896

  • On all Junos OS platforms with a LAG enabled, l2cpd might create a core file if set protocols layer2-control mac-rewrite or set protocols layer2-control bpdu-block is configured on any child members of the LAG. PR1325917

  • On EX4300 switches, if an interface is configured as a redundant trunk group (RTG) backup interface and multicast-router-interface is configured on the same interface under igmp-snooping, a loop might be generated between RTG interfaces and cause Internet Group Management Protocol (IGMP) packets to go out of the RTG backup interface. PR1335733

Layer 2 Features

  • The destination-MAC validation feature uses MLP handshakes to detect stale destination-MAC addresses. If a stale MAC address is detected, the system automatically deletes it. The deletion of destination MACs does not cause traffic drops, as the next packet is flooded and valid MACs are relearned. On EX9200 Virtual Chassis, MLP handshakes are occasionally dropped across Virtual Chassis members. This drop is random and occurs only when a source MAC and its related destination-MAC addresses are on different member chassis. This causes intermittent destination-MAC deletion and flooding; however, no packet drop results because of this. PR1249788

  • A memory leak might happen due to the eswd daemon on some EX Series platforms. A message like the following will be displayed in the system log: eswd[1330]: JTASK_OS_MEMHIGH: Using 212353 KB of memory, 158 percent of available /kernel: KERNEL_MEMORY_CRITICAL: System low on free memory, notifying init (#2). /kernel: Process (1254,eswd) has exceeded 85% of RLIMIT_DATA: used 114700 KB Max 131072 KB . PR1262563

  • On EX Series switches (except for EX4300, EX4600, or EX9200), in a Virtual Chassis scenario, a LAG interface with bpdu-block disabled might go into a down state after the master Flexible PIC Concentrator (FPC) switch is rebooted. PR1262703

  • On EX9200 switches, if a command such as set protocols rstp interface all edge is configured, all interfaces might go into bridge protocol data unit (BPDU) block, even if an interface is explicitly disabled under the [edit protocols rstp] hierarchy level. PR1266035

  • The eswd process might crash after doing an RE switchover in an EX Series Virtual Chassis scenario. The crash happens due to disordered processing of a VLAN or a vmember by eswd and L2PT modules. As the order of processing does not remain the same every time, the crash is random across the switchover. PR1275468

  • Configuration statements that were allowed in Junos OS Release 12.3 are invalid in Junos OS Release 14.1X53 and 15.1. As a result, when you upgrade an EX Series switch from Junos OS Release 12.3 to 14.1X53 or 15.1R1, the switch might lose its configuration and run in line-card mode or go to "amnesiac" mode. PR1281947

  • On EX Series platforms (except for EX4300, EX4600, or EX9200), the Multiple Spanning Tree Protocol (MSTP) might not be able to detect topology changes after a nonstop software upgrade (NSSU) process, which might lead to a packet loop. The topology change count is shown as 0 after that. PR1284415

  • When EX2200, EX3300, EX4200, EX4500, EX4550, EX6200, EX8200, or XRE200 platforms are configured with Spanning Tree Protocol and nonstop bridging (NSB), interface flapping (link up/down events) causes eswd memory leaks. PR1287184

  • In an x Spanning Tree Protocol (xSTP) scenario on EX4500 or EX4550 switches, some ports may not come up on PIC 1 or PIC 2 when the third PIC is inserted. PR1298155

  • An Ethernet ring protection switching (ERPS) route update fails during the addition of a new member to the ERPS-configured VLAN. PR1301595

  • In a Multiple VLAN Registration Protocol (MVRP) scenario with the no-dynamic-vlan related configuration statement configured, if one of the multiple access ports configured with the same VLAN on the access or edge node is deactivated or activated, then the corresponding VLAN on the aggregation or distribution node may be deleted improperly after the involved interface comes up. PR1311825

Network Management and Monitoring

  • After the reboot of the EX4600 Virtual Chassis, authentication of SNMPv3 users fails due to the change of the local engine ID. PR1256166

  • On EX2200, EX3300, EX4200, EX4500, EX4550, EX8200, or XRE200 platforms configured with sFlow and mac-radius authentication, MAC authentication requests might incorrectly be sent because transit DHCPv6 traffic is picked up by the sFlow agent. PR1298646

  • In EX2200, EX3300, EX4200, EX4500, and EX4550 platforms with a Virtual Chassis environment, the SNMP output for some SNMP values (for example, CPU, memory, temperature, and so on) might not be read anymore if the member ID is changed from (0,1) to different IDs. PR1299330

Platform and Infrastructure

  • An unauthenticated root login may allow upon reboot when a commit script is used. A commit script allows a device administrator to execute certain instructions during commit, which is configured under the [system scripts commit] stanza. Please Refer to https://kb.juniper.net/JSA10835 for more information. PR1179601

  • On EX9200 platforms with MPC5E installed, in a high-temperature situation, the temperature thresholds for triggering the high temperature alarm and controlling fan speed are based on the FPC level. Any sensor values in the FPC that exceed the temperature threshold of the FPC trigger the actions associated with temperature thresholds. PR1199447

  • On EX4300 switches with redundant trunk groups (RTGs) configured, Layer 3 protocol packets, such as OSPF or RIP packets, might not be sent. PR1226976

  • On EX4300 switches, Dynamic Host Configuration Protocol (DHCP) with a PXE boot server is not working as expected due to a PXE unicast ACK packet drop. The communication between the DHCP client and PXE server might be affected. PR1230096

  • During bootup, EX4200, EX4550, and EX4300 switches might have no display or might display gibberish on the LCD. This is an LCD corruption issue. PR1233580

  • The egress PE device (EX4300) sends out LLDP frames toward the CE device with a destination MAC address that is a duplicated frame and is rewritten by the ingress (PE) device. PR1251391

  • On EX4300 switches, traffic is not forwarded through the GRE tunnel in some cases. PR1254638

  • On an EX4300 platform with power redundancy in the N+N mode, PoE interfaces flap when any power supply unit (PSU) is removed and only one PSU is left. PR1258107

  • On EX4300 Virtual Chassis, pfex might restart during a master reboot or during a nonstop software upgrade (NSSU) if the old master reboots at the end of NSSU phases. PR1258863

  • On EX4300 switches with flexible-vlan-tagging and extended-vlan-bridge configured, a traffic black hole might be observed if a VLAN ID for a logical interface does not match a VLAN ID for a VLAN configuration. PR1259310

  • On EX4300 Virtual Chassis, a 10-gigabit VCP might not get a neighbor after a system reboot. PR1261363

  • Cannot use secure shell (SSH) or telnet to the switch and sshd core files are generated. PR1266045

  • On Enhanced Layer 2 Software (ELS) platforms, due to a memory leak issue, the l2ald process might crash when many dot1x clients are being reauthenticated. PR1269945

  • On Virtual Chassis based on EX4300, EX4600, or EX9200 switches, the IRB interfaces that are only associated with physical interfaces on the master do not turn down when the master is rebooted or halted. PR1273176

  • The jdhcpd process might generate a core file due to a memory leak if Dynamic Host Configuration Protocol (DHCP) security is enabled, and then DHCP relay might stop working. As a result, a DHCP client might not get an IP address from the DHCP server. PR1273452

  • On EX4300 and EX4600 platforms, with DHCP relay traffic flowing, CPU usage of pfex_junos might go high. The issue might be seen if the DHCP relay function is on and DHCP relay packets are received continuously. PR1276995

  • Starting in Junos OS Release 15.1R3, the 40G-gigabit link with SR4 transceivers on an EX4550 device will fail to come up after a PIC offline or online event or a link up and down event. PR1281983

  • On EX4600 switches, if an interface is configured with a speed of 100 Mbps explicitly and no-auto-negotiation, the interface might be down after a reboot. PR1283531

  • On EX4200 Virtual Chassis, there is a memory leak for the chassisd process. PR1285832

  • On EX2200 switches, when a redundant power system (RPS) is connected and not powered on, the small form-factor pluggable (SFP) interface might flap and this has an impact on traffic forwarding. PR1307748

  • On EX3300 platforms, when a network port is used for a Virtual Chassis port, it does not work properly. Once it goes down, it does not come up even though it is physically correct. This issue has been seen only on network ports and this issue has service impact. PR1310819

Routing Protocols

  • An rpd core file might be generated if there is a high load in the system when an OSPF area is removed internally. PR1199629

  • On EX4600 switches, when a new filter-based forwarding (FBF) firewall filter is applied on an integrated routing and bridging (IRB) interface that is not a Layer 3 interface, or while binding or unbinding the FBF filter on Layer 3 interfaces, the FXPC might hit 100 percent CPU usage. PR1263896

  • On Junos OS-based platforms with IS-IS enabled, a slow memory leak is caused when IS-IS processes update (the more updates or link flaps, the faster the leak). The available memory may run low due to this memory leak, eventually resulting in the system hanging or halting on both the master and backup. PR1283272

  • When an incorrect IP address is duplicated with an existing address on a common subnet and is configured, it is expected that Open Shortest Path First (OSPF) forms an adjacency. After removing the wrong configuration, OSPF neighbors can form an adjacency (full state) and the entire database can be received. However, the OSPF routes cannot be installed to the routing table, and the corresponding traffic cannot be forwarded until the link-state advertisement refresh timer expires. PR1316348

Security

  • On EX4600 switches, when LACP is configured together with MACsec, the links in the bundle might not all work. Rebooting the switch might solve the problematic links but might also create the same issue on other child interfaces. PR1093295

  • On EX4600 standalone switches and Virtual Chassis, MACsec connections are deleted randomly after a switch reboot, optics removal, deactivation or activation of a MACsec configuration, or fxpc process restart. PR1234447

  • After the MACsec session flaps, data traffic sent over the MACsec-enabled link might not be properly received, and the receiving device might report the received frames as framing errors in the output of the show interfaces command. PR1269229

  • On EX2200, EX3300, EX4200, EX4500, EX4550, EX6200, or EX8200 platforms with DHCP snooping enabled, when the switch gets rebooted and the DHCP daemon attempts to fetch the DHCP snooping binding database before the interfaces come up, the DHCP snooping binding database might fail to be fetched from the TFTP server. PR1318374

Software Installation and Upgrade

  • On EX9200 switches, if unified in-service software upgrade (ISSU) is used to upgrade Junos OS, it is possible that an unnecessary thread would run on a Flexible PIC Concentrator (FPC) after the upgrade procedure. This thread could potentially enter into a loop and trigger a stop of forwarding traffic on that particular FPC. PR1249375

  • Upgrading EX8200 Virtual Chassis through NSSU from any Junos OS Release 15.1Rx branch or to a Junos OS Release 15.1Rx branch might not be successful. PR1305813

  • Configuration validation support is added for EX4500 and EX4550 switches. PR1313501

Spanning Tree Protocols

  • On EX8200 platforms with dual Routing Engines, rebooting both Routing Engines at the same time with any STP protocol configured, the port might continue to stay in a blocking state if it continues to receive BPDUs from the peer end. PR1305954

  • On EX Series switches (except for EX4300, EX4600, or EX9200), the VoIP interfaces might be blocked by Rapid Spanning-Tree Protocol (RSTP) if the voice VLAN is running VLAN Spanning Tree Protocol (VSTP) and the data VLAN is running RSTP. PR1306699

System Management

  • If you issue the command request system snapshot on a Virtual Chassis, some Virtual Chassis members might go down if traceoption or syslog is enabled. This might occur because of a snapshot copy causing a CPU-busy condition with multiple kernel errors and also the Virtual Chassis Control Protocol (VCCP) adjacency going down. PR1180386

  • On EX2200, EX3300, EX4200, EX4500, and EX4550 platforms, typing boot -s after the loader prompt can start up the system in single-user mode. Users can set up password recovery in that mode. If boot -s is typed after the loader prompt in Junos OS Releases 15.1R1 through 15.1R6, the system does not go into the single-user mode but reboots from the alternate slice. PR1265386

Virtual Chassis and Virtual Chassis Fabric

  • When you add an EX4300 switch to a VCF, the following error message is seen: ?ch_opus_map_alarm_id alarm ignored: object 0x7e reason?. PR1234780

  • When the linecard role FPC is removed and rejoined to the Virtual Chassis immediately, the LAG interface on the master or backup would not be reprogrammed in the rejoined FPC. PR1255302

  • On an EX4550 switch in a Virtual Chassis configuration, the fast-failover function for a VCP will work properly when you initially add this configuration. However, if the device is rebooted, the function would not take effect next time. PR1267633

  • On EX Series switches (except for EX4300, EX4600, or EX9200), packet drops might be seen during the failover or switchover from the master switch to the backup switch in a Virtual Chassis, due to the delay in ARP updates during the failover or switchover of the master Routing Engine. PR1278214

  • On EX4300 FRUs, the removal or insertion trap is not generated for non-master (backup or line card) FPCs. PR1293820

  • On EX2200, EX3300, EX4200, EX4500, EX4550, or EX8200 Virtual Chassis platforms, the interface MAC address might not be restored after the configuration is deleted or rolled back, possibly causing the hardware address and the current address to not be the same. PR1319234

Resolved Issues: Release 15.1R6

Authentication and Access Control

  • On EX9200 Virtual Chassis, MAC address learning might fail on an authenticated interface assigned to the voice VLAN by dynamic VLAN assignment in single-secure mode. PR1212826

  • On EX4200 switches, in some scenarios, the thirty-sixth port in a captive portal configuration is not redirecting to the URL as configured. This problem is seen with set system services web-management https system-generated-certificate configured. PR1217743

  • On EX9200 switches, a MAC address corresponding to an authenticated session (dot1x) might age out as soon as traffic is not received from this MAC address for more than a few seconds (approximately 10 seconds). This leads to deletion of the authenticated session and a corresponding traffic loss. As a workaround, you can prevent the session deletion by configuring the no-mac-binding statement on the dot1x configuration:

    PR1233261

  • On an EX4300 switch or Virtual Chassis with 802.1X (dot1x) enabled, in a scenario with more than 254 clients (supplicants), many of the clients might be going to the server-reject VLAN and have limited access to the server-reject VLAN although the clients have correct credentials. For a few authenticated clients, the authentication method might be displayed as Server-Reject although the client was authenticated in the data VLAN. PR1251530

  • On EX3300 switches, an AUTHD core file is created every time with authentication. PR1241326

Dynamic Host Configuration Protocol (DHCP)

  • On EX4300 switches with DHCP relay configured, DHCP return packets—for example, DHCPREPLY and DHCPOFFER—that are received across a GRE tunnel might not be forwarded to clients, which can impact DHCP services. PR1226868

High Availability (HA) and Resiliency

  • On EX4300 and QFX Series Virtual Chassis, when a switchover with GRES enabled is performed, this warning might appear: All Packet Forwarding Engines are not ready for RE switchover and may be reset. PR1158881

  • On EX4600, QFX3500, and QFX5100 Virtual Chassis, VRRP might be preempted in case of a priority tie, but functionality is not impacted. PR1204969

Infrastructure

  • On EX4300 switches, starting in Junos OS Release 15.1R3, a pfex_junos core file might be created when you add or delete a native VLAN configuration with flexible-vlan-tagging. PR1089483

  • On EX4300 switches, if you configure a firewall filter on a loopback (lo0) interface to accept BGP flow and an OTHER term with the discard action, and the receiving host-inbound traffic with a designated TCP port 179 to the Routing Engine, existing BGP sessions might go down. PR1090033

  • If you use the request system snapshot slice alternate command on EX2200 and EX3300 switches, a timeout error might occur and prevent completion of the file copy. The error message error: timeout waiting for response from fpc0 is displayed when the timeout value expires before the files are copied. PR1229520

  • When you load and commit a configuration on an EX2200 or EX3300 switch, the system might automatically go into db mode. As a result, you might not be able to access the switch through SSH, and a vmcore file is generated. PR1237559

  • On EX4500 Virtual Chassis, there is a busy condition where the device reports incorrectly that PIC 3 has been removed. As PIC 3 is not hot-swappable, this condition should not be allowed. If this situation arises, then the device attempts to clear this illegal state by crashing chassisd. PR1238981

  • EX Series switches running the ESWD process might not learn MAC addresses after a reboot if a duplicate Interface index is seen. The show ethernet-switching interfaces detail | match Index command can be used to confirm if each interface is showing a duplicate Interface index or if the same index is provided to two different ports. This issue is seen intermittently after a reboot when the count of Number of VLANs * Number of Ports carrying VLANs is in multiples of thousands. PR1248051

  • On EX2200-C switches, the switch might show the Failed state for an item when you issue the show chassis environment operational command. This issue does not have service or traffic impact. PR1255421

Interfaces and Chassis

  • On EX4300 switches, multicast traffic might be dropped after an IGMP join is received on an MC-LAG interface. PR1167651

  • On EX Series Virtual Chassis that support PoE, when the master Routing Engine member is rebooted, PoE devices connected to the master might not come back online after the reboot. As a workaround, when configuring PoE interfaces, use the set poe interface all configuration command instead of configuring specific interfaces individually. To recover connections after seeing this issue, disable and reenable the ports with the issue. PR1203880

MPLS

  • If an EX9200 switch is configured as a PE router connected to a multihomed site in an EVPN/MPLS network, RPD core files might be created on the EX9200 when more than 255 logical interfaces from the same physical interface/ESI are added to the virtual switch instance configuration. Then some logical interfaces are removed from the ESI (that is, rollback of the configuration). PR1251473

Multicast Protocols

  • IGMP snooping is for IPv4 and should not affect IPv6 multicast traffic. On EX4300, EX4600, and QFX5100 switches in a Virtual Chassis configuration, IPv6 multicast packets might be affected and not be flooded in a VLAN if IGMP snooping is enabled and the ingress interface is on a different FPC than the egress interface. PR1205416

  • On EX3300 and EX8200 switches, IGMP-snooping host routes might be retained after IGMP snooping has been deactivated. PR1231751

Network Management and Monitoring

  • On EX4300 switches with sFlow configured, some harmless log messages regarding sFlow might be seen continuously. PR1116568

  • Despite the EX4300 switch or the QFX5100 switch being configured with the network analytics feature, the analytics process might not run. As a result, the network analytics feature might be unable to collect traffic, queue statistics, and generate reports. PR1165768, PR1184720

  • On EX4600 switches, when temperatures for FPCs are polled, the temperatures might not be polled for all SNMP members. PR1232911

Platform and Infrastructure

  • On an EX4300 switch, aggregated Ethernet interfaces do not display statistics for logical interfaces. PR984998

  • On an EX4300 switch with Bidirectional Forwarding Detection (BFD) configured, the BFD packets might be forwarded to the best-effort queue (queue 0) instead of to the network-control queue (queue 3). When queue 0 is congested, the BFD session might flap continuously. PR1032137

  • On EX4300 switches and EX4300 Virtual Chassis, PIM register messages are not forwarded to a rendezvous point (RP) when the RP is not directly connected to the first-hop router of the multicast source. PR1134235

  • An EX4300 switch might drop packets received on a Layer 2 interface (for example, set interfaces ge-1/0/24 unit 0 family ethernet-switching) under the following conditions: (1) The interface is divided into one or more Layer 3 subinterfaces (for example, set interfaces ge-1/0/24 unit 30 family inet address 10.0.0.254/24). (2) The destination MAC address in the packet matches the MAC address of the Layer 3 subinterface in the routing table and in MY STATION TCAM. PR1157058

  • On an EX4300 Virtual Chassis with Q-in-Q enabled, when vlan-id-list is configured on a C-VLAN interface and, for example, if the VLAN range vlist element is in [1-3] or [5-50], C-VLAN traffic is not sent properly across the Q-in-Q network from the C-VLAN interface. PR1159854

  • On EX4300 switches with IGMP snooping enabled with flexible-vlan-tagging configured on ingress and egress interfaces for passthrough multicast traffic, IGMPv2 membership report messages might not be forwarded from the receiver to the sender. PR1175954

  • On EX4300 switches and EX4300 Virtual Chassis, Hot Standby Router Protocol (HSRP) packets might be dropped in a VLAN if IGMP snooping is configured. As a workaround, configure the switch to flood multicast 224.0.0.2. PR1211440

  • On an EX4300, if you install a firewall filter with filter-based forwarding rules to multiple bind points, it might exhaust the available TCAM. In this case, the filter is deleted from all the bind points. You can work around this issue by applying the filter to the bind points with a series of commits, applying the filter to some of the bind points with each commit. PR1214151

  • On EX4300 switches, EBGP packets with ttl=1 and non-EBGP packets with ttl=1, whether destined for the device or even transit traffic, go to the same queue. In the event of a heavy inflow of non-EBGP ttl=1 packets, occasionally valid EBGP packets might be dropped, causing EBGP to flap. PR1215863

  • When the set vlans vlan-name interface all configuration is used on EX4300, EX4600, or QFX Series switches, the Junos OS device control process (dcd) might crash as this is an unsupported configuration option on these platforms. PR1221803

  • On EX Series switches except EX4300, EX4600, and EX9200 switches, Over temperature SNMP traps are sent when the CPU temperature gets higher than the bad fan temperature threshold even when there are no bad fans in the chassis. PR1226388

  • On EX4300 switches, if a Layer 3 interface receives a frame with the CFI/DEI bit set to 1, this frame might be dropped and not be processed further. PR1237945

  • At startup, occasionally the SFP+ ID EEPROM read fails and as a result, the SFP+ module is not recognized. As a workaround, reseat the unrecognized SFP+; for an unattended device, issue another system reboot. PR1247172

  • On EX4300 switches, problems with connectivity might arise on 100M interfaces set to full duplex and half duplex or on 10M interfaces set to full duplex or half duplex. The links appear, but connectivity to end devices might not work. The port does not transmit packets even though port statistics show packets as transmitted. As a workaround: (1) Move the device to a different port. (2) Set the port to negotiate and connect a device that will autonegotiate to 1 G, full duplex; then reset the port to 10/100 full duplex or half duplex and reconnect the device. (3) Restart the pfex process. PR1249170

Port Security

  • On EX2200 and EX3300 switches, ARP requests might be dropped when IP source guard is enabled and 802.1X (dot1x) authentication assigns a new dynamic VLAN to the client MAC. PR1169150

  • High CPU caused by fxpc can lead to MACsec session drops. PR1247479

Routing Policy and Firewall Filters

  • On EX Series switches other than EX9200, EX4300, and EX4600 switches, if a static MAC entry and a static ARP entry are configured, an incorrect firewall filter counter value might be displayed in command output. PR1159940

  • On EX8200 Virtual Chassis, if you configure scaled firewall filters and if total terms with its own match conditions across all these filters exceed TCAM space, and you configure examine-dhcp, traffic will drop. PR1215704

  • On EX9200 switches, if a firewall filter that has action tcp-reset is applied to an IRB interface, action tcp-reset does not work properly. PR1219953

Software Installation and Upgrade

  • On EX9200 switches, after an ISSU is performed, storm control takes effect only after you delete the storm control configuration and then re-create it. PR1151346

User Interface and Configuration

  • On an EX Series switch that is supporting the zeroize feature, after the switch is booted up from request system zeroize and then a configuration is saved, the saved configuration won't be restored after the switch is rebooted. PR1228274

Virtual Chassis

  • On EX4300 Virtual Chassis, a message such as /kernel: %KERN-5: tcp_timer_keep: Dropping socket connection due to keepalive timer expiration might be seen repeatedly. There is no service impact from the condition that causes the message (a Packet Forwarding Engine timeout trying to connect to a process that is not active). As a workaround, you can use a system-logging (syslog) filter to mask the messages. PR1209847

  • On member switches in an EX Series Virtual Chassis, the request virtual-chassis vc-port set CLI command allows specifying an invalid or nonexistent Virtual Chassis port (VCP) interface name. An entry with the invalid VCP interface name is added to the database, and the CLI command show virtual-chassis vc-port displays these entries with the invalid VCP interface names, but these entries cannot subsequently be removed. PR1215004

  • OID jnxFruState disappears after one of the members of the Virtual Chassis is rebooted on EX2200, EX3300, EX4200, EX4500, or EX4550 Virtual Chassis. PR1221943

Resolved Issues: Release 15.1R5

Authentication and Access Control

  • On EX4200 and EX4300 switches, dot1x server fail might not work as expected. PR1147894

  • On EX9200 and EX4300 switches, 802.1X supplicants might not be reauthenticated by server fail fallback authentication after the server becomes reachable. PR1157032

  • On EX9200 switches, captive portal services might not work on a switch running under Junos OS Release 15.1R4. PR1191640

  • On EX4300 and EX9200 switches, dot1x scenarios involving the single-supplicant mode, mac-radius, and the server-fail deny or no server-fail action is configured, the supplicant authentication sessions might not recover after the Quiet While timer expires, once it enters the Held state. As a restoration workaround, disable and enable the interface to bring the authentication session back to the Connecting state. PR1193944

Infrastructure

  • On EX8200 switches, the pfem process might crash and generate a core file. This might impact traffic. PR1138059

  • On QFX5100 and EX4600 switches, in a rare timing condition, if there was already a request to gather some info from the QSFP and remove it at the same time, the packet forwarding engine manager (fxpc) might crash. PR1151295

  • On EX2200-C switches, during a software upgrade to Junos OS Release 14.1X53-D35 or 15.1R3, the error messages Triggering freezing circuitry or Triggering overheat circuitry might be generated after rebooting, and then the switch shuts down. PR1183631

  • On an EX8200 Virtual Chassis, doing Routing Engine failovers before booting up the line cards might cause the VLAN interface MAC address to be automatically and incorrectly set to 00:00:00:00:00:01. PR1185678

  • On EX4300, EX4600, QFX3500, QFX3600, or QFX5100 switches with vlan-rewrite configured on an AE interface, a VLAN rewrite might fail and result in traffic loss. PR1186821

  • On EX9200 switches, periodic packet management (PPM) core files might be generated following a commit. This happens only on a large-scale setup, when the logical interface number of PFE exceeds 64. PR1187104

  • On EX4200 Virtual Chassis, when an interface flaps and it has hold-time up configured over a long period of time (for example, 16 days), a chassis manager (chassism) process memory leak might occur due to the incorrectly accumulated task timer. About 128 bytes of the process leak every time the memory leak is triggered. PR1188403

  • On EX4300 switches, VLAN rewrite does not work on aggregated links. PR1194585

  • On an EX4600 switch, when you remove the 40GBASE-ER4 QSFP+ module, the show chassis hardware command still shows that the module is inserted. PR1208805

  • On EX4200 switches and Virtual Chassis, firewall filters with syslog might not work, because as part of packet processing, packets were incorrectly mapped to the ppmd queue instead of the DFW queue. PR1208491

  • On EX4200 Virtual Chassis or EX4500 or EX4550 Virtual Chassis, the Packet Forwarding Engine might not update learned MACs to an RTG active interface after RTG failover. This issue is seen with RTGs that areconfigured across FPCs in a Virtual Chassis setup. PR1208491

  • On EX2200-C switches, the alarm Major Management Ethernet Link Down is not properly generated in cases of management link failure. PR1209323

Interfaces and Chassis

  • If an EX4550-32F switch in a Virtual Chassis reboots and comes online, LACP interfaces on any member of the Virtual Chassis might go down and not come up. PR1035280

  • On EX Series switches except EX9200, EX4300, and EX4600, if PoE is configured, when one IP phone is connected with a PoE interface, the phone cannot receive PoE power from the switch. PR1174025

  • PoE might not work on all EX4300 ports on a mixed-mode Virtual Chassis (mixed-mode EX4600 and EX4300 or mixed-mode QFX5100 and EX4300). PR1195946

  • On EX4200 and EX4550 switches on which you can configure mdi-mode manually the mode does not work properly with 15.1 releases. PR1216549

Layer 2 Features

  • If an EX2200 switch is configured as a part of an ERPS ring, deactivating or deleting the ERPS configuration might cause traffic to stop forwarding through one or more VLANs. PR1189585

  • An EX Series switch might not process ERPS PDUs that are received from other nodes. This could lead to the ERPS ring not operating correctly. PR1190007

  • On EX4300 Virtual Chassis, a Layer 2 interface might not be associated with the default VLAN after you add the interface to the ethernet-switching family. PR1192679

  • On EX9200, EX4300, EX4600, QFX3500, QFX3600, QFX3500, and QFX5100 switches, if 'set protocols xstp interface all edge' is configured in combination with 'set protocols xstp bpdu-block-on-edge', interfaces do not go down (Disabled - Bpdu-Inconsistent) when they receive BPDUs; they transition to non-edge. If an interface is configured specifically with 'set protocols xstp interface interface-name edge', then when that interface receives a BPDU, it goes down or transitions into Disabled - Bpdu-Inconsistent correctly. As a workaround, configure set protocols layer2-control bpdu-block interface all.PR1210678

Layer 3 Features

  • On a switch that has secure-access-port configured, when you change the MTU size of interfaces and commit, VRRP sessions might flap between the VRRP master and backup. PR1163652

  • On EX2200, EX3300, EX4200, EX4500, EX4550, EX6200, and EX8200 switches, when VRRP configuration changes from ethernet-switching to inet family and vice-versa, then the local IP of the master VRRP switch cannot be reached on the backup VRRP switch and vice-versa. Virtual IP is always reached on both switches. PR1171220

MPLS

  • On EX4600 switches, when traffic enters an MPLS interface and is destined to the loopback interface in the routing instance, the firewall filter might not work properly. PR1205626

Platform and Infrastructure

  • If you use the load replace command or the load merge command to configure a device and have included an annotation just before a delete action in the loaded configuration file, the management daemon (mgd) might create a core file. PR1064036

  • On EX4300 Virtual Chassis, if a Q-in-Q S-VLAN interface with MC-LAG is configured, when a backup EX4300 is acting as master, the connection to the management IP address through the interface might be lost, causing a management traffic loss. PR1131755

  • On EX4300 switches, when xSTP is configured, if you unplug and then plug in one loopback cable between ports of different FPCs, an interface might go down and a BPDU error might bedetected on this port, causing traffic to drop on another egress port. PR1160114

  • On EX4300 switches, when DHCP security is enabled on a VLAN, unicast packets (for example, DHCP Offers and ACKs ) might be forwarded to all ports in the VLAN. PR1172730

  • On EX4300 switches, if an Ethernet port receives a frame with a CFI/DEI bit set to 1, then this frame would not be bridged to an untagged (access) port; it could be bridged to a trunk port. PR1176770

  • When IGMP snooping and storm control are enabled, EX Series switches are supposed to forward traffic with destination IP address 224.0.0.0/24 to all ports on a VLAN. But for EX4300, except for the well-known addresses in this range—for example, 224.0.0.5/6 for OSPF, 224.0.0.20 for VRRP—all other multicast traffic with a destination in 224.0.0.0/24 is dropped. PR1176802

  • If you upgrade the Power over Ethernet (PoE) firmware on a member of an EX4300 Virtual Chassis, the PoE firmware upgrade process might fail or get interrupted on that member switch. You can recognize that this problem has occurred if the member switch is not listed in the command output when you issue the "show poe controller" command. The problem is also indicated if you issue the ?show chassis firmware detail? command and the ?PoE firmware? version field is not shown in the output or has a value of 0.0.0.0. PR1178780

  • On EX4300 switches, if there is a mismatch in the speed configuration between two interfaces, the link might be autonegotiated to half-duplex mode instead of full-duplex mode. PR1183043

  • On EX4300 switches configured with dscp and 802.1p rewrite rules on an interface, if you delete 802.1p rewrite-rules from the interface, the 802.1p rewrite might still happen along with the dscp rewrite. PR1187175

  • On EX4300, EX4600, and QFX Series switches with VSTP enabled for multiple VLANs and participated in a VSTP topology, when BPDU packets are received on the Packet Forwarding Engine from other switches, the switch sends BPDU packets to the Routing Engine for further VSTP computing. But, in rare cases, the switch might not send VSTP packets for all VLANs to the Routing Engine. For example, for a VLAN, BPDU packets are not reaching the Routing Engine, even though VSTP is enabled for that VLAN. This will result in this VLAN considering itself the root bridge and advertising itself as the root bridge and sending BPDUs to other VSTP switches. Other switches might block related ports. PR1187499

  • On EX Series Virtual Chassis, a next-hop change message might not be sent from the Routing Engine when a LAG member is added or deleted, and hence packets are dropped in the Packet Forwarding Engine, as the next hop is not updated properly. PR1201740

  • When seating an SFP in a operating EX4300 switch, sometimes the SFP would be recognized as unsupported or as an SFP+-10G. The cause is that the switch reads the EEPROM information of the SFP before waiting long enough for SFP initialization. PR1202730

  • On EX4300 switches, if you activate DHCP security features for IPv6, a JDHCPD core file might be generated. PR1212239

  • On an EX9200 switch, with a services REST configuration, after a reboot, the configuration is not applied and SSH stops working. PR1212425

  • 1G fiber link ports might be down with MACsec configured on EX4300 switches when the switch is rebooted. PR1172833

Routing Protocols

  • On EX4300 Virtual Chassis with IGMP snooping enabled, when IGMP hosts subscribe to the same group, IGMP queries might not go through between a member in the linecard role and the master. PR1200008

Spanning-Tree Protocols

  • On EX Series switches except for EX4300, EX4600, and EX9200, while the switch is processing an xSTP-disabled interface with a BPDU block configuration, current code flow might set the bpdu_control flag for RSTP-enabled interfaces as well. This might result in RSTP-enabled ports becoming blocked when they receive a BPDU. PR1185402

  • On EX9200, EX4300, EX4600, QFX3500, QFX3600, and QFX5100 platforms, when any type of spanning tree (STP, RSTP, MSTP, or VSTP) is configured, the MAC address part of the bridge ID might be set to all zeros (for example, 4096.00:00:00:00:00:00) after you power cycle the device without issuing the request system halt command. As a workaround, issue the restart l2-learning command. PR1201493

Resolved Issues: Release 15.1R4

High Availability (HA) and Resiliency

  • On EX4300 Virtual Chassis, after a nonstop software upgrade (NSSU), the master might detect the backup coming up after the upgrade and reprogram the trunk, even though the backup member links are down. Traffic might drop when the master tries to push the traffic through trunk members that have not yet come up. Traffic resumes after the links come up. PR1115398

  • On EX4300 Virtual Chassis, traffic loss might occur for about 10 seconds when the master leaves the Virtual Chassis for upgrade. PR1173754

Interfaces and Chassis

  • On EX2200 switches, in Ethernet ring protection switching (ERPS) configurations, no VLAN is included in data-channel if data-channel is not explicitly configured, and a MAC flush does not happen for any data VLAN while the switch receives an SF signal, which might cause a traffic issue before the MAC address ages out. PR1152188

  • On EX2200 switches, in an ERPS configuration, many SF (signal failure) packets might appear in a link-end ring node during a link failure that existed for a short time. PR1169372

  • On EX4300 Virtual Chassis, Layer 2 multicast might not work properly when both Layer 2 and Layer 3 entries are present for the same group on two different integrated routing and bridging (IRB) interfaces. PR1183531

Network Management and Monitoring

  • On EX9200 switches, ingress sFlow samples of packets routed on an integrated routing and bridging (IRB) interface might be dropped. PR1147719

  • On EX9200 switches, an sFlow flow sample with an incorrect frame length value in a raw packet header might be generated for frames larger than 128 bytes, and traffic volumes calculated based on frame length and sampling rate values in the sFlow collector might be inaccurate. PR1152275

  • On EX9200 switches, eventd might run out of memory and crash because of excessive kernel logging. PR1162722

Platform and Infrastructure

  • On EX4500, EX4550, EX6200, and EX8200 switches, if you replace a 1-gigabit SFP transceiver with a 10-gigabit SFP+ transceiver on one port, the adjacent port might go down. For example, if you install an SFP transceiver in each of port-0/0/36 and port-0/0/37, and replace each SFP transceiver with an SFP+ transceiver in port-0/0/36 and port-0/0/37, then port-0/0/36 might go down during the insertion of the SFP+ transceiver in port-0/0/37. PR1073184

  • In an EX8200 Virtual Chassis in which the external Routing Engine (XRE200) has two DC power supplies installed, when one power supply fails, no logs or SNMP traps are generated. PR1162165

  • If a configuration is pushed to an EX Series switch using Zero Touch Provisioning (ZTP), then after a subsequent reboot, the configuration might be deleted. PR1170165

  • On EX3300 and EX4200 switches, after the request system zeroize media command has been executed, J-Web might stop responding. PR1177214

  • On an EX4300 switch or Virtual Chassis, the chassisd daemon might get stuck and become unresponsive. If you issue a chassisd-related show command, the command returns the error message error: the chassis-control subsystem is not responding to management requests. PR1038830

  • On ARM platforms such as EX3300 switches, configuring internal IPsec security associations containing the authentication hmac-sha2-256 might throw a kernel alignment exception. PR1149565

  • On EX4300 switches, if IGMP snooping is enabled, packets with destination 224.0.0.0/24 might be dropped, except for well-known addresses (for example, 224.0.0.5/6 for OSPF). PR1167859

  • On EX4300 switches, ICMP-tagged packets might transit the egress interface of a PVLAN access port. PR1169116

Software Installation and Upgrade

  • On EX8200 Virtual Chassis, traffic might be lost for multicast and Layer 3 protocols (such as RIP, OSPF, BGP, and VRRP) during a nonstop software upgrade (NSSU). PR1185456

  • On EX6200 switches, multicast traffic and Layer 3 protocol traffic (such as RIP, OSPF, BGP, and VRRP) might be lost during a nonstop software upgrade (NSSU). PR1185816

  • On EX8200 switches, multicast traffic might be lost during a nonstop software upgrade (NSSU). PR1185888

Spanning Tree Protocols

  • On EX4300, EX4600, and EX9200 switches, when root guard is in effect or cleared, there appropriate system log messages might not be displayed. PR1176240

User Interface and Configuration

  • On a device configured with an SSH public key for which the string buffer size exceeds 1 Kb, if you load the configuration by using the load override command, the management daemon (mgd) might create a core file. PR1153392

Virtual Chassis and Virtual Chassis Fabric (VCF)

  • On EX3300 Virtual Chassis, the vcp-snmp-statistics configuration statement is not listed in the [edit virtual-chassis] hierarchy. PR1178467

Resolved Issues: Release 15.1R3

Note

Some resolved issues at Release 15.1R3 apply to both QFX Series and EX Series switches. Those shared issues are listed in the QFX Series Resolved Issues: Release 15.1R3 section.

Authentication and Access Control

  • On EX2200 switches, if you issue the CLI command request system services dhcp release interface-name, an IP address release message DHCP packet is sent from the client and processed at the server. At the same time, the client clears the IP address on the same interface, and the clearance of the IP address on the interface leads to the acquisition of a new IP address from the server. If you then issue the CLI command show system services dhcp client interface-name, the output of this operational command indicates that the command had no impact. PR1072319

  • On an EX2200 or EX3300 switch on which Dynamic Host Configuration Protocol (DHCP) relay is enabled, when a client requests an IP address, the system might generate a harmless warning message such as: /kernel: Unaligned memory access by pid 19514 [jdhcpd] at 46c906 PC[104de0]. PR1076494

  • On EX9200 switches, when 802.1X (dot1x) authentication is configured, the show dot1x authentication-failed-users command output might not show the Failure Count attribute correctly. PR1080451

  • On EX Series switches, if 802.1X authentication (dot1x) is configured on all interfaces, an 802.1X-enabled interface might get stuck in the Initialize state after the interface goes down and comes back up, and 802.1X authentication fails. Also, if 802.1X authentication (dot1x) is configured on all interfaces and the no-mac-table-binding configuration statement is configured under the [edit protocols dot1x authenticator] hierarchy level, the dot1x process (dot1xd) might generate core files after it is deactivated and then reactivated, and 802.1X authentication might be temporarily impacted until the process restarts automatically. PR1127566

  • On EX Series switches, the use-option-82 statement under the [edit ethernet-switching-options secure-access-port vlan vlan-name dhcpv6-option18] hierarchy might not work as expected after you commit the configuration. PR1146588

  • On EX4300 switches, if you change the server-fail VLAN, all authenticated supplicants are disconnected. They are then authenticated again, and during this disconnection and reconnection, there is a service impact for three through four seconds. PR1151234

Dynamic Host Configuration Protocol

  • On EX9200 switches, DHCP snooping and related access security features ARP inspection, IP source guard, Neighbor Discovery inspection, and IPv6 source guard, are not supported at the [edit logical-systems logical-system-name vlans vlan-name forwarding-options dhcp-security] hierarchy level. PR1087680

High Availability (HA) and Resiliency

  • On EX8200 switches, a nonstop software upgrade (NSSU) might fail during the master Routing Engine upgrade step, and an NSSU process might abort with this message: mgd: unable to execute /var/etc/reboot.ex: Authentication error. PR1122628

Infrastructure

  • On EX2200 switches, system log messages might display IP addresses in reverse order. For example, an ICMP packet from 10.0.1.114 to 10.0.0.7 might be displayed in the log as: PFE_FW_SYSLOG_IP: FW: ge-0/0/0.0 R icmp 114.1.0.10 7.0.0.10 0 0 (1 packet). The correct log message is: PFE_FW_SYSLOG_IP: FW: ge-0/0/0.0 R icmp 10.0.1.114 10.0.0.7 0 0 (1 packet). PR898175

  • On EX2200 and EX3300 Virtual Chassis, the Internal state in ERPS is not updated properly in certain conditions. As a workaround, check the interface state and update the ERPS engine accordingly so that they are always in sync. PR975104

  • On EX4300 switches, if a Gigabit Ethernet interface is directly connected to an MX104 management interface (fxp0), the physical link will be down. PR1069198

  • On EX4300 switches, traffic sampling is not supported. If you configure traffic sampling, the sampling process (sampled) might generate a core file. PR1091826

  • On an EX4300 Virtual Chassis or a mixed mode Virtual Chassis that has an EX4300 as a member, if you disable root login connections to the console port by issuing the set system ports console insecure command, users can still log in as root from the backup and linecard members of the Virtual Chassis. PR1096018

  • On EX4600 switches, the EX4600-EM-8F expansion module interfaces might not come up if the module is removed and re-inserted or if the PIC is taken offline and then brought online. PR1100470

  • On EX8200 switches with multicast protocols configured, when a multicast-related (non-aggregated Ethernet) interface goes down and comes back up, ARP installation for certain hosts might fail because stale entries have not been cleared, and traffic might be lost as well. PR1105025

  • On EX4200 switches with multiple member interfaces on an aggregated Ethernet (AE) interface and with a large-scale CoS configuration enabled on the AE interface, a Packet Forwarding Engine limit might be exceeded, the Packet Forwarding Engine might return an invalid ID, and the Packet Forwarding Engine manager (pfem) process might generate core files. PR1109022

  • On EX4500 or EX4550 Virtual Chassis, if an NFS/UDP fragmented packet enters the Virtual Chassis through a LAG and traverses a Virtual Chassis port (VCP) link, CPU utilization might become high, and the software forwarding infrastructure (sfid) process might generate a core file. PR1109312

  • On EX Series switches, an interface with an EX-SFP-1GE-LH transceiver might not come up and the transceiver might be detected as an SFP-EX transceiver. PR1109377

  • On EX9200 switches, starting with Junos OS Release 14.1R1, 32k is the minimum value that you must configure for policer bandwidth limits. If you configure a policer bandwidth limit that is less than 32k, an error message is displayed. PR1109780

  • On EX4500 switches, if MPLS and CoS behavior aggregate (BA) classifiers are configured on the same interface, the BA classifiers might not work. As a workaround, use multifield (MF) classifiers instead of BA classifiers. PR1116462

  • On EX4200 and EX4550 switches, the xe- interfaces in a 10-gigabit SFP+ expansion module (EX4550-EM-8XSFP) or an SFP+ MACsec uplink module (EX-UM-2X4SFP-M) might stop forwarding traffic if the module is removed and reinserted or if the PIC goes offline and comes back online. PR1113375

  • On EX Series switches, if you deactivate an output interface that is configured with family mpls, a nondefault CoS classifier configured on the interface might be deleted, placing traffic in the wrong queue. PR1123191

  • On EX4300 switches, when there is a redundant trunk group (RTG) link failover, media access control (MAC) refresh packets might be sent out from a non-RTG interface that is in the same VLAN as the RTG interface, and a traffic drop might occur because of MAC flapping. PR1133431

  • On EX9200 switches, the Layer 2 address learning daemon (l2ald) might crash continuously and create core files after you configure the fxp0 interface as ethernet-switching and commit the configuration. PR1127324

  • On EX4300 switches, if the switch works as part of a target subnet, while receiving the targeted broadcast traffic, packets might be forwarded to the destination with the switch's MAC address as the destination MAC address, rather than the Layer 2 broadcast frame with destination MAC address FFFF.FFFF.FFFF. PR1127852

  • On EX Series switches, an interface with a non-Juniper Networks 1000BASE-EX SFP Module-40km might not come up because register values are not set to correct values. This issue occurs only during initial deployment of the switch or when the switch is upgraded to Junos OS Release 12.3R8, 13.2X51-D30, 14.1X53-D10, or 15.1R2 onwards. PR1142175

  • On EX9200 switches, an IRB unicast next hop in a scenario with a Layer 2 LAG as the underlying interface might result in traffic blackholing. PR1114540

  • On EX9200 switches, a secondary VLAN might be mapped to the primary VLAN IRB interface to facilitate ARP synchronization across MC-LAG peers running a PVLAN configuration. PR1145623

Interfaces and Chassis

  • If an EX4550-32F switch in a Virtual Chassis reboots and comes online, LACP interfaces on any of the member switches of the Virtual Chassis might go down and not come up. PR1035280

  • On a two-member EX8200 Virtual Chassis, if the Link Aggregation Control Protocol (LACP) child interfaces span different Virtual Chassis members, the MUX state in the LAG member interfaces might remain in the Attached or Detached state after you disable and then reenable the AE interface. PR1102866

Layer 2 Features

  • On EX Series switches, if you configure Ethernet ring protection (ERP) with interfaces configured with vlan members all, commit the changes, then add a new VLAN and commit the configuration again, the Ethernet switching process (eswd) might crash when a non-ERP interface goes down and then comes back up. PR1129309

  • On EX Series switches except EX4300, EX4600, and EX9200, the Ethernet switching process (eswd) might crash if you delete a VLAN tag and then add the VLAN name by using a single commit, in the configuration under the [edit ethernet-switching-options unknown-unicast-forwarding] hierarchy. PR1152343

Multicast

  • On EX Series switches, unregistered multicast packets are not filtered and are instead forwarded to all unexpected ports, even though IGMP snooping is enabled. PR1115300

  • On an EX3300 switch, if you configure IGMP snooping with a VLAN that is not on the switch, the commit fails. PR1149509

Network Management and Monitoring

  • On EX Series switches (except EX4300, EX4600, and EX9200), when system log is enabled and an RPM probe is set to greater than 8000 bytes, the message ?PING_RTT_THRESHOLD_EXCEEDED? is not displayed, although it should be. PR1072059

  • On EX Series switches, there are two issues regarding SNMP MIB walks: A private interface—for example, pime.32769—must have an ifIndex value of less than 500. If you do not add the private interface to a static list of rendezvous point (RP) addresses, the mib2d process assigns an ifIndex value from the public pool (with ifIndex values greater than 500) to the interface, which then will have an incorrect ifIndex allocation. A random Request failed: OID not increasing error might occur when you issue the show snmp mib walk command, because the kernel response for a 10-gigabit interface during an SNMP walk might take more than one second, and the mib2d process receives duplicate SNMP queries from the snmpd process. PR1121625

  • On EX9200 switches, the value for the udpOutDatagrams object displayed in the output of the show snmp mib walk decimal udpOutDatagrams command is different from that displayed for the same object in the output of the show system statistics udp member 0 command. The value for the datagrams dropped due to no socket field is incorrectly used as the udpOutDatagrams value in the output for show snmp mib walk decimal udpOutDatagrams. As a workaround, use the show system statistics udp member 0 command. PR1104831

Platform and Infrastructure

  • Setting link speed to 100 Mbps does not work in the following situations:

    • When network interfaces are used on an EX4600 switch

    • When an EX4600-EM-8F expansion module is installed in a QFX5100-24Q switch or an EX4600 switch

    PR1032257

  • On EX4300 switches with redundant trunk groups (RTGs) configured, after an RTG primary link comes online from the offline state, it becomes the active link and the other link becomes the backup link. After this, the Layer 2 address learning daemon (l2ald) sends a MAC refresh packet out of the new active RTG logical interface, which is not yet programmed in the Packet Forwarding Engine. This causes the primary link to incorrectly update the MAC entry and also causes traffic loss. PR1095133

  • On EX4300 switches with Virtual Router Redundancy Protocol (VRRP) configured on an integrated routing and bridging (IRB) logical interface, when the IRB logical interface is disabled or deleted, the kernel does not send VRRP dest-mac-filter delete messages to the Packet Forwarding Engine, which might cause loss of traffic that comes from another device's same VRRP group master VIP to the backup (or backup to master). PR1103265

  • On EX4300 switches, VSTP BPDUs are not flooded in the VLAN when VSTP is not configured on the switches. PR1104488

  • On EX4300 switches, if a policer ICMP filter is applied on the loopback interface, incoming ICMP packets might be dropped on the ingress Packet Forwarding Engine and ARP requests might not be generated. PR1121067

  • On EX4300 switches, configuring set groups group_name interfaces interface-name unit 0 family ethernet-switching and committing the configuration might cause the Layer 2 address learning process (l2ald) to generate a core file. PR1121406

  • On EX4300 switches, port vector corruption on a physical port might be caused by the interface flapping multiple times, which leads to a Packet Forwarding Engine manager (pfem) crash and a Routing Engine reboot. PR1121493

  • On EX4300 switches with a Q-in-Q configuration, when Layer 2 protocol tunneling (L2PT) for VLAN Spanning Tree Protocol (VSTP) is enabled, the C-VLAN (inner VLAN or customer VLAN) might not be encapsulated in the PDUs that exit the trunk port. PR1121737

  • On an EX4300 Virtual Chassis, if a redundant trunk group (RTG) interface flaps, when control packets originating from the switch are going over that RTG interface, the core device become nonresponsive and you would have to reload the device to restore connectivity. PR1130419

  • On EX4300 Virtual Chassis, traffic from or to a Routing Engine through an aggregated Ethernet (AE) member interface that is not in the master might be dropped, but traffic transmitted through the switch (that is, hardware switched) is not affected. PR1130975

  • On an EX4300 switch, when an SNMP walk is performed to query the native VLAN, for most of the trunk interfaces, the query might return a value of 0 instead of the configured native VLAN ID. PR1132752

  • On EX4300 switches configured with Ethernet ring protection switching (ERPS), the ping might not go through after the Wait to Restore (WTR) timer expires. PR1132770

  • On EX4300 switches, a filter might not work as expected when you commit a filter-based forwarding (FBF) configuration for the first time after rebooting the switch. PR1135771

  • On EX Series switches, the following DEBUG messages might be incorrectly displayed as output with logging level INFO: %USER-6: [EX-BCM PIC] ex_bcm_pic_eth_an_config %USER-6: [EX-BCM PIC] ex_bcm_pic_check_an_config_change. PR1143904

  • On EX4300 switches, if an IPv6 firewall filter term exceeds the maximum, the Packet Forwarding Engine manager (pfex) might crash continuously. PR1145432

  • On EX4300 switches with redundant trunk groups (RTGs) configured, VSTP BPDUs coming into an RTG backup interface might be incorrectly forwarded out of interfaces other than the RTG primary interface. PR1151113

Software Installation and Upgrade

  • On EX8200 switches, an NSSU from Junos OS Release 15.1R1 to Release 15.1R2 fails with the message: mgd: unable to execute /var/etc/reboot.ex: Authentication error. PR1122628

Spanning-Tree Protocols

  • On EX Series switches with dual Routing Engines or on an EX Series Virtual Chassis, the switch or the Virtual Chassis might send multiple proposal BPDUs on an alternate port after a Routing Engine switchover or a nonstop software upgrade (NSSU), resulting in the peer device receiving multiple proposal BPDUs and triggering a dispute condition. The peer port states constantly alternate between FORWARDING and BLOCKING. PR1126677

  • On EX Series switches with bridge protocol data unit (BPDU) protection configured on all edge ports, edge ports might not work correctly and might revert to the unblocking state when the drop option is configured under the [edit ethernet-switching-options bpdu-block interface xstp-disabled] hierarchy. PR1128258

Virtual Chassis

  • On a two-member EX Series Virtual Chassis in which the same mastership priority is configured on both members, if there are more than 34 SFPs present in the current master and if a reboot is issued in the current master, then the backup becomes the master. When the original master rejoins the Virtual Chassis, it regains mastership. PR1111669

Resolved Issues: Release 15.1R2

Class of Service (CoS)

  • On EX4200 switches, if CoS scheduler maps are configured on all interfaces with the loss-priority value set to high, traffic between different Packet Forwarding Engines might be dropped. PR1071361

Dynamic Host Configuration Protocol

  • On EX9200 switches, when DHCP relay is configured using the forward-only and forward-only-replies statements at the [edit forwarding-options dhcp-relay] hierarchy level, if the DHCP local server is also configured with the forward-snooped-clients statement at the [edit system services dhcp-local-server] hierarchy level, the configuration for forward-snooped-clients takes precedence over the configuration for forward-only and forward-only-replies. As a result, DHCP message exchange between VRFs might not work as expected. PR1077016

  • On EX Series switches except EX9200, the configuration of options for the circuit-id CLI statement at the [edit forwarding-options dhcp-relay group group-name relay-option-82] hierarchy level does not work as expected. The format of the DHCP option 82 Circuit ID must be switch-name:physical-interface-name:vlan-name, but instead, the format is switch-name:vlan-name. PR1081246

  • On EX9200 switches, a DHCPv6 security dynamic entry binding might not work as expected, resulting in the DHCPv6 bindings being stuck in the wait state. PR1092885

  • On EX Series switches except EX9200 switches, with DHCP relay configured on the IRB interface for BOOTP relay, if the client is connected to the physical interface that belongs to the same VLAN as the IRB interface, and sends BOOTP request packets to the server, BOOTP reply packets from the server might be dropped on the IRB interface. PR1096560

Infrastructure

  • Unnecessary fpc0 dfw_counter_get_by_name failed inst 0 policer index 0 status 7 log messages are seen when eithershow firewall counter or snmp mib get jnxFirewallCounterTable is executed. PR1035113

Interfaces and Chassis

  • On EX9200 switches, if an interface range is configured that includes large-scale physical interfaces, and with the family option set to ethernet-switching, the configuration might take a long time to commit. PR1072147

  • On EX9200 switches, if an interface for which the MAC move limit action is set to shutdown goes down and comes up, and then a Layer 2 learning (l2ald) process restarts, the logical interface remains down even if you issue the command clear ethernet-switching recovery-timeout. PR1072358

  • On EX9200 switches, when family ethernet-switching is configured on an interface that is also configured with encapsulation extended-vlan-bridge , then transit packets (for example, IP, ping, or Q-in-Q packets) might be dropped on this interface. PR1078076

  • On EX9200 switches, when a MAC move limit is configured on two VLAN members and the limit is configured with the action vlan-member-shutdown on two VLAN members, if the limit is reached on one VLAN member, both members are disabled, blocking all traffic. PR1078676

  • On EX9200 platforms, if you configure an MC-LAG with two devices, and then delete and re-create an MC-AE interface, broadcast and multicast traffic that is flooded might loop for several milliseconds. PR1082775

  • An EX9200-40F-M line card drops all traffic on an IRB logical interface, including both data plane and control plane traffic. If an IRB logical interface is configured on an EX9200-40F-M line card as part of a VLAN, any device connected through that interface cannot use Layer 3 forwarding outside the subnet, because the EX9200-40F-M line card does not handle the ARP function correctly. Configuring static ARP on devices using the EX9200 as a gateway is not a workaround, because packets are still dropped if the Routing Engine of the EX9200 has the routes and ARP entry for the destination IP. PR1086790

Media Access Control Security (MACsec)

  • On EX4200 and EX4550 switches, if MACsec is configured to transit traffic between switches through Ethernet over SONET, packets might be dropped. PR1056790

Network Management and Monitoring

  • On EX Series switches, configuring an invalid SNMP source address might prevent SNMP traps from being generated, even after the configuration is corrected with a valid SNMP source address. PR1099802

Platform and Infrastructure

  • On EX4500 and EX4550 switches, if an interface on the EX-SFP-10GE-LR uplink module is disabled by using the CLI command set interface disable, and the interface through which a peer device is connected to the interface on the uplink module goes down, CPU utilization of the chassis manager process (chassism) might spike, causing the chassism process to generate a core file. PR1032818

  • On EX Series switches, BFD packets might be sent to a remote neighbor at a rate that exceeds the remote minimum receive interval value. PR1055830

  • On an EX8200 Virtual Chassis, if vlan-tagging is configured without specifying the interface family, the Packet Forwarding Engine might program the local chassis MAC address instead of the router MAC address, which is used for routing. As a workaround, configure family inet on the interface. PR1060148

  • On EX Series switches except EX9200 switches, when configuring large numbers of inet addresses on the switch, for example, more than 1000 IP addresses, gratuitous ARP packets might not be sent to peer devices. PR1062460

  • On EX8200 Virtual Chassis, local ECMP hashing changes when a remote (nonlocal) interface flaps if the number of local interfaces does not equal the number of remote interfaces. This might impact ECMP load balancing. PR1084982

  • On EX8200 switches, when the PIM mode is changed between sparse mode and dense mode, the pfem process might generate a core file. PR1087730

  • On EX9200 switches operating in a routing domain with a PIM-embedded IPv6 rendezvous point (RP), accessing the RP after the memory is freed might cause the routing protocol process to generate a core file. PR1101377

Spanning-Tree Protocols

  • On EX Series Virtual Chassis, if STP is configured, and each member's mastership priority values are different, rebooting some or all of the Virtual Chassis members might cause a traffic failure, even after the reboot has completed. PR1066897

  • On EX Series switches except EX9200, when MSTP is configured, the Ethernet switching process (eswd) might generate multiple types of core files in the large-scale VLANs that are associated with multiple spanning-tree instances (MSTIs). PR1083395

VPLS

  • On EX9200 switches, when you add a VLAN on an existing virtual-switch instance for virtual private LAN service (VPLS), the label-switched interface (LSI) might not be associated with the new VLAN. PR1088541

Resolved Issues: Release 15.1R1

Interfaces and Chassis

  • On EX Series switches on which Link Aggregation Control Protocol (LACP) is enabled on a link aggregation group (LAG) interface, after you reboot the master Routing Engine and if the first LACP packet is dropped during switchover, LACP might get stuck in the same state for a long time (about 10 seconds), causing the LAG interface to flap and traffic drop on the LAG interface. PR976213