Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for EX Series Switches

 

These release notes accompany Junos OS Release 17.1R3 for the EX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os .

New and Changed Features

This section describes the new features and enhancements to existing features in the Junos OS main release and the maintenance releases for EX Series.

Note

The following EX Series switches are supported in Release 17.1R3: EX4300, EX4600, and EX9200.

Note

In Junos OS Release 17.1R3, J-Web is supported on the EX4300 and EX4600 switches in both standalone and Virtual Chassis setup.

The J-Web distribution model being used provides two packages:

  • Platform package—Installed as part of Junos OS; provides basic functionalities of J-Web.

  • Application package—Optionally installable package; provides complete functionalities of J-Web.

For details about the J-Web distribution model, see Release Notes: J-Web Application Package Release 17.1A1 for EX4300 and EX4600 Switches  .

Release 17.1R3 New and Changed Features

Restoration Procedure Failure

  • Device recovery mode introduced in Junos OS with upgraded FreeBSD (EX Series)—Starting in Junos OS Release 17.1R3, for devices running Junos OS with upgraded FreeBSD, provided you have saved a rescue configuration on the device, there is an automatic device recovery mode that goes into action should the system go into amnesiac mode.The new process is for the system to automatically retry to boot with the saved rescue configuration. In this circumstance, the system displays the banner Device is in recovery mode in the CLI (in both the operational and configuration modes). Previously, there was no automatic process to recover from amnesiac mode. A user with load and commit permission had to log in using the console and fix the issue in the configuration before the system would reboot.

    [See Saving a Rescue Configuration File.]

Release 17.1R2 New and Changed Features

  • There are no new features or enhancements to existing features for EX Series in Junos OS Release 17.1R2.

Release 17.1R1 New and Changed Features

Hardware

Authentication, Authorization, and Accounting (AAA) (RADIUS)

  • Access control and authentication (EX4300-EX4600 mixed VC)—Starting with Junos OS Release 17.1R1, EX4600 switches operating in a mixed Virtual Chassis with EX4300 switches support controlling access to your network using 802.1X authentication and MAC RADIUS authentication.

    802.1X authentication provides port-based network access control (PNAC) as defined in the IEEE 802.1X standard. Supported features include guest VLAN, private VLAN, server fail fallback, dynamic changes to a user session, RADIUS accounting, and configuration of port-filtering attributes on the RADIUS server using VSAs.

    MAC RADIUS authentication is used to authenticate end devices independently of whether they are enabled for 802.1X authentication. You can permit end devices that are not 802.1X-enabled to access the LAN by configuring MAC RADIUS authentication on the switch interfaces to which the end devices are connected.

    Access control features in a mixed EX4300-EX4600 Virtual Chassis are supported only on EX4300 ports.

    This feature was previously supported in an “X” release of Junos OS.

    [See Access Control on a Mixed EX4300-EX4600 Virtual Chassis.]

Class of Service (CoS)

  • Support for classification of multidestination traffic (EX4300)—Multidestination traffic includes BUM (broadcast, unknown unicast, and multicast) traffic and Layer 3 multicast traffic. By default on EX4300 Series switches, all multidestination traffic is classified to the Mcast-BE traffic class mapped to queue 8. Beginning with Junos OS Release 17.1R1, you can classify multidestination traffic to four different queues, queues 8-11, based on either the IEEE 802.1p bits or the DSCP IPv4/v6 bits. You can classify multidestination traffic by including the multi-destination statement at the [edit class-of-service] (to apply globally) or to an individual interface at the [edit class-of-service interfaces interfaces-name] hierarchy. Classification at an individual interface takes precedence over global classification.

    [See Example: Configuring Multidestination (Multicast, Broadcast, DLF) Classifiers.]

  • Firewall filter with policer action as forwarding-class and loss priority (PLP) (EX4300 switches)—Starting with Junos OS Release 14.1X53-D35 and Junos OS Release 17.1R1, on EX4300 switches you can configure the firewall with policer action as forwarding-class and loss priority (PLP). When the traffic hits the policer, PLP changes as per the action rule. The supported PLP designations are low, medium-low, medium-high, and high. You configure policer actions at the [edit firewall] hierarchy level.

    [See then (Policer Action).]

High Availability (HA) and Resiliency

  • New options for the show vrrp track command (EX Series)—Starting in 17.1R1, the show vrrp track routes command gives you the option to view all tracked routes. Another new option for the show vrrp track command, all, is equivalent to the already existing command show vrrp track.

    [See show vrrp track.]

Interfaces and Chassis

  • LLDP-MED power negotiation (EX4300 Switches) —Starting with Junos OS Release 17.1R1, EX4300 switches support Link Layer Discovery Protocol Media Endpoint Discovery (LLDP-MED) power negotiation with high power (802.3at) devices. LLDP-MED power negotiation enables the PoE controller to dynamically allocate power to an interface based on the power required by the connected powered device.

    [See Power over Ethernet (PoE) User Guide for EX4300 Switches.]

  • Half-duplex link support (EX4300 switches)—Starting with Junos OS 17.1R1, half-duplex communication is supported on all built-in network copper ports on EX4300 switches. Half-duplex is bidirectional communication, but signals can flow in only one direction at a time. Full-duplex communication means that both ends of the communication can send and receive signals at the same time. Half-duplex is configured by default on EX4300 switches. This feature was previously supported in an “X” release of Junos OS.

    [See Configuring Gigabit Ethernet Interfaces (CLI Procedure).]

Junos OS XML API and Scripting

  • Support for Python language for commit, event, op, and SNMP scripts (EX Series)—Starting in Junos OS Release 17.1R1, you can author commit, event, op, and SNMP scripts in Python on devices that include the Python extensions package in the software image. Creating automation scripts in Python enables you to take advantage of Python features and libraries as well as leverage Junos PyEZ APIs supported in Junos PyEZ Release 1.3.1 and earlier releases to perform operational and configuration tasks on devices running Junos OS. To enable execution of Python automation scripts, which must be owned by either root or a user in the Junos OS super-user login class, configure the language python statement at the [edit system scripts] hierarchy level, and configure the filename for the Python script under the hierarchy level appropriate to that script type. Supported Python versions include Python 2.7.x.

    [See Understanding Python Automation Scripts for Devices Running Junos OS.]

Management

  • Support for adding non-native YANG modules to the Junos OS schema (EX Series)—Starting in Junos OS Release 17.1R1, you can load custom YANG models on devices running Junos OS to add data models that are not natively supported by Junos OS but can be supported by translation. Doing this enables you to extend the configuration hierarchies and operational commands with data models that are customized for your operations. The ability to add data models to a device is also beneficial when you want to create device-agnostic and vendor-neutral data models that enable the same configuration or RPC to be used on different devices from one or more vendors. You can load custom YANG modules by using the request system yang add operational command.

    [See Understanding the Management of Non-Native YANG Modules on Devices Running Junos OS.]

OpenFlow

  • Support for OpenFlow v1.0 and v1.3.1 (EX4600 switches)—Starting with Junos OS Release 17.1R1, EX4600 switches support OpenFlow v1.0 and v1.3.1. OpenFlow v1.0 enables you to control traffic in a network by adding, deleting, and modifying flows in the switch. You can configure one OpenFlow virtual switch and one active OpenFlow controller at the [edit protocols openflow] hierarchy level on each EX4600 switch in the network.

    Also, OpenFlow v1.3.1 allows the action specified in one or more flow entries to direct packets to a base action called a group. The group action further processes these packets and assigns a more specific forwarding action to them. You can view groups that were added, modified, or deleted from the group table by using the show openflow groups command. You can view group statistics by using the show openflow statistics groups command.

    [See Understanding OpenFlow Operation and Forwarding Actions on Devices Running Junos OS.]

Software Installation and Upgrade

  • Support for unified in-service software upgrade (ISSU) (EX9200-6QS)—Starting with Junos OS Release 17.1R1,you can perform a unified ISSU on the EX9200-6QS line card. ISSU enables you to upgrade between two different Junos OS releases with no disruption on the control plane and with minimal disruption of traffic.

    [See Unified ISSU System Requirements.]

Changes in Behavior and Syntax

This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands from Junos OS Release 17.1R3 for the EX Series.

General Routing

  • Support for deletion of static routes when the BFD session goes down (EX Series)—Starting with Junos OS Release 17.1R3, the default behavior of the static route at the [edit routing-options static static-route bfd-admin-down] hierarchy level is active. So, the static routes are deleted when the BFD receives a session-down message.

    [See Enabling BFD on Qualified Next Hops in Static Routes for Route Selection.]

High Availability (HA) and Resiliency

  • In-service software upgrade (EX4600 switches)—Starting with Junos OS Release 17.1R1, you cannot perform an ISSU from a Junos OS Release earlier than 17.1R1 to later Junos OS releases.

MPLS

  • Representation for OSPF DR node—Up until version -10 of the BGP-LS draft, the OSPF DR node representation was ambiguous. One could represent DR node as 'AdvertisingRouterId-InterfaceIpAddress' or 'InterfaceIpAddress-1'. Junos OS used to follow 'InterfaceIpAddress-1' format. Starting with version '-11' of the BGP-LS draft, the representation for OSPF DR node must be 'AdvertisingRouterId-InterfaceIpaddress'. Junos OS now follows the latest format.

Network Management and Monitoring

  • SNMP syslog messages changed (EX Series)—Starting in Junos OS Release 17.1R1, two misleading SNMP syslog messages have been rewritten to accurately describe the event:

    • Old message—AgentX master agent failed to respond to ping. Attempting to re-register

      New message—AgentX master agent failed to respond to ping, triggering cleanup!

    • Old message—NET-SNMP version %s AgentX subagent connected

      New message—NET-SNMP version %s AgentX subagent Open-Sent!

    [See the MIB Explorer.]

  • Update to SNMP support of apply-path statement (EX Series)—Starting in Junos OS Release 17.1R2, SNMP implementation for the apply-path configuration statement supports only two lists:

    • apply-path "policy-options prefix-list <list-name> <*>"

      This configuration has been supported from day 1.

    • apply-path "access radius-server <*>"

      This configuration is supported as of Junos OS 17.1R2 release.

  • MIB loading errors fixed (EX Series)—Starting in Junos OS Release 17.1R1, duplicated entries and errors while loading MIBs on ManageEngine MIB browser are fixed for the following MIB files:

    • jnx-gen-set.mib

    • jnx-ifotn.mib

    • jnx-optics.mib

    [See MIB Explorer.]

  • Change in default log level setting (EX Series)—In Junos OS Release, 17.1R3, the following changes were made in default logging levels:

    Before this change:

    • SNMP_TRAP_LINK_UP was LOG_INFO for both the physical (IFD) and logical (IFL) interfaces.

    • SNMP_TRAP_LINK_DOWN was LOG_WARNING for both the physical and logical interfaces.

    After this change:

    • IFD LinkUp -> LOG_NOTICE (because this is an important message but occurs less frequently)

    • IFL LinkUp -> LOG_INFO (no change)

    • IFD and IFL LinkDown -> LOG_WARNING (no change)

    [See the MIB Explorer.]

  • New context-oid option for trap-options configuration statement to distinguish the traps that come from a non-default routing instance and a non-default logical system (EX Series)—Starting in Junos OS Release 17.1, a new option, context-oid, for the trap-options statement, allows you to handle prefixes such as <routing-instance name>@<trap-group> or <logical-system name>/<routing-instance name>@<trap-group> as an additional varbind.

    [See trap-options.]

  • Need to reconfigure SNMPv3 configuration after upgrade (EX4600)—Starting in Junos OS Release 17.1R2, you might need to reconfigure SNMPv3 after upgrading from an earlier release to this release. This is necessary only if you are using SNMPv3 and if the engine ID is based on the MAC address because the engine ID is changed. It used to be that customers had to reconfigure SNMPv3 every time after a reboot. This problem was fixed. If you upgrade, you must still reconfigure SNMPv3, but only once—if you have already reconfigured SNMPv3 in an earlier release, you do not need to reconfigure SNMPv3 again. To reconfigure SNMP v3, use the delete snmp v3 command, commit, and then reconfigure SNMPv3 parameters.

    [See Configuring the Local Engine ID.]

Services Applications

  • Device discovery with device-initiated connection (EX Series)—In Junos OS Release 17.1R1 and later releases, when you configure statements and options under the [system services ssh] hierarchy and commit the configuration, make sure that the system reaches a stable state before you commit any outbound-ssh configurations.

    You use the device discovery feature in the Devices workspace to add devices to Junos Space Network Management Platform. By default, Junos Space manages devices by initiating and maintaining a connection to the device.

    [See Device Discovery Overview.]

System Management

  • Peers option not supported in batch configuration mode— Starting in Junos OS Release 17.1R1, the peers option at the [edit system commit] hierarchy level is not supported in batch configuration mode.

User Interface and Configuration

  • Integers in configuration data in JSON format are displayed without quotation marks (EX Series)—Starting in Junos OS Release 17.1R1, integers in Junos OS configuration data emitted in JavaScript Object Notation (JSON) format are not enclosed in quotation marks. Prior to Junos OS Release 17.1R1, integers in JSON configuration data were treated as strings and enclosed in quotation marks.

  • Changes to the show system schema module juniper-command output directory (EX Series)—Starting in Junos OS Release 17.1, when you issue the show system schema module juniper-command operational command in the Junos OS CLI, the device places the generated output files in the current working directory, which defaults to the user’s home directory. Prior to Junos OS Release 17.1, the generated output files are placed in the /var/tmp directory.

Virtual Chassis

  • Starting with Junos OS Release 17.1R1, EX9200 Virtual Chassis is no longer supported. You should not upgrade an existing EX9200 Virtual Chassis to Junos OS Release 17.1R1 or later. For deployments with EX9200 switches, we recommend planning or moving to MC-LAG or Junos Fusion Enterprise architectures instead of using a Virtual Chassis.

Known Behavior

This section lists known behavior, system maximums, and limitations in hardware and software in Junos OS Release 17.1R3 for the EX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

General Routing

  • On EX4600 switches, the Zero Touch Provisioning might take more than normal time to complete because TFTP might take a long time to fetch the required data. PR980530

  • On an EX4300 or a QFX5100 Virtual Chassis, when you perform an NSSU, there might be more than five seconds of traffic loss for multicast traffic. PR1125155

  • On EX4300 switches, when 802.1X single-supplicant authentication is initiated, multiple "EAP Request Id Frame Sent" packets might be sent. PR1163966

  • On EX4300 10G links, preexisting MACsec sessions might not come up after following events: 1. Process (for example, the pfex and dot1x process) restart or system restart 2. Link flaps PR1294526

High Availability (HA) and Resiliency

  • Unified ISSU incompatibility with VPLS dynamic profiles (EX Series)—Using unified ISSU to upgrade from an earlier Junos OS release to Junos OS Release 17.1R1 does not work if VPLS dynamic profiles are configured and enhanced subscriber management is not configured.

    [See ISSU System Requirements.]

  • During a nonstop software upgrade (NSSU) on an EX4300 Virtual Chassis, a traffic loop or loss might occur if the current Junos OS software version and the Junos OS software version that you are upgrading to use different internal message formats. PR1123764

Interfaces and Chassis

  • The same IP address can be configured on different logical interfaces from different physical interfaces in the same routing instance (including master routing instance), but only one logical interface is assigned with the identical address after commit. There are no warning messages seen during the commit; only syslog messages are seen indicating incorrect configuration. PR1221993

Known Issues

This section lists the known issues in hardware and software in Junos OS Release 17.1R3 for the EX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

General Routing

  • On EX9200 switches, the analyzer configurations with analyzer input and output statements, containing members of the same VLAN or the VLAN itself, are not supported. With such configurations, packets can mirror in a loop, resulting in LU chip errors. As a workaround, use the mirror-once option if the input is for ingress mirroring. If it is for ingress and egress mirroring, configure the output interface as an access interface. PR1068405

  • On EX9200 and EX4300 switches, 802.1X supplicants might not be reauthenticated by server fail fallback authentication after the server becomes reachable. PR1157032

  • On EX4300 switches, when 802.1X single-supplicant authentication is initiated, multiple "EAP Request Id Frame Sent" packets might be sent. PR1163966

  • On an EX9200-12QS line card, interfaces with the default speed of 10-Gigabit Ethernet are not brought down even when the remote end of the connection is incorrectly configured as 40-Gigabit Ethernet. PR1175918

  • On an EX9200-40XS line card, if you toggle the MACsec encryption option multiple times, encryption and protected MACsec statistics might be updated incorrectly. As a workaround, restart the line card. PR1185659

  • On an EX9200-6QS line card, storm control might not work for multicast traffic. PR1191611

  • On all platforms running Junos OS, the file copy CLI command uses /var/home/<user> as a temporary staging directory for a nonroot user, and uses /var/tmp for the root user. When you issue the file copy user@x.x.x.x:/dir/ /var/tmp/ CLI command to copy a file to the device, and if the file you are trying to transfer is larger than the temporary staging directory size, the copy operation might fail. PR1195599

  • On EX Series Virtual Chassis that support PoE, when the master Routing Engine member is rebooted, PoE devices connected to the master might not come back online after the reboot. As a workaround, when configuring PoE interfaces, use the set poe interface all configuration command instead of configuring specific interfaces individually. To recover connections after observing this issue, disable and re-enable the ports affected by the issue. PR1203880

  • Various common situations lead to different views of forwarding information between kernel and Packet Forwarding Engines. For example, fpc7 KERNEL/PFE APP=NH OUT OF SYNC: error code 3 REASON: NH add received for an ifl that does not exist ERROR-SPECIFIC INFO: nh_id=562 , type = Hold, ifl index 334 does not exist TYPE-SPECIFIC INFO: none. No service impact is seen in MPC2 and MPC3 type cards. PR1205593

  • When a configuration that moves the Packet Forwarding Engine offline and another configuration that brings the Packet Forwarding Engine back online are committed in quick succession, the out-of-synchronization syslog errors might occur. Most of the time these are benign errors, but sometimes these errors might crash the Packet Forwarding Engine. PR1232178

  • On EX Series switches except EX4300, EX4600, and EX9200, the switch cannot send DHCP option 2 when extended DHCP local server is configured. The switch sends DHCP option 2 incorrectly when a traditional DHCP server is configured. PR1252437

  • On EX Series switches (except EX4300, EX4600, or EX9200), in a Virtual Chassis scenario, a LAG interface with bpdu-block disabled might go into a down state after the master Flexible PIC Concentrator (FPC) switch is rebooted. PR1262703

  • When the em0 interface is unplugged, Management Ethernet Links Down Alarms might flap. PR1271325

  • On EX Series switches (excluding EX4300, EX4600, and EX9200) that are in a DHCP relay with option 82 scenario, the jdhcpd memory might leak. The process will stop working with the following logged messages /kernel: Process (3126, jdhcpd) attempted to exceed RLIMIT_DATA: attempted 131076 KB Max 131072 KB. PR1277433

  • Configuration statements that were allowed in Junos OS Release 12.3 are now invalid in Junos OS Releases 14.1X53 and 15.1. As a result, when you upgrade an EX Series switch from Junos OS Release 12.3 to Release 14.1X53 or Release 15.1R1, the switch might lose its configuration and run in a line-card mode or go into amnesiac mode. PR1281947

  • The error in TQ-chip MACsec software a MACsec session might not reestablish after a physical link flap. Additionally, an FXPC core file might be generated because of this error. PR1283314

  • When the EX4300-32F's 1/10 Gigabit Ethernet ports are reset, MACsec sessions might stay down and will not be able to reestablished. PR1299484

  • Every load override and rollback operation increases the refcount by 1 and after it reaches the maximum value (65,535), an mgd crash will be observed and the session will get killed. When mgd crashes, the active lock might remain, preventing any further commits. PR1313158

  • Some configurations that are valid for Junos OS Release 12.3 are not valid for Junos OS Release 15.1. When you try to upgrade from Junos OS Release 12.3 to Junos OS Release 15.1 with such configurations, the post-upgrade device goes into amnesiac(brick) mode. PR1313501

  • EX4300 Virtual Chassis system might fail to register some jnxOperating SNMP OIDs related to the Routing Engine. This behavior is more likely if Virtual Chassis members 0 and 1 (FPC0 and FPC1) are not selected as Routing Engine. PR1368845

  • On EX9200 Series platforms, if a packet-length keyword under the firewall filter is applied on the interface egress, the configuration is not committed, because of the commit-check failure. PR1378901

  • In an aggregated interfaces and STP scenario, the STP does not work when the aggregated interface number is "ae1000" or above in QFX5000 and "ae480" or above in other QFX Series or EX Series platforms. Such interfaces remain in incorrect STP discarding state and might not forward packets. PR1403338

  • On EX9200 device with MCLAG configuration and other features enabled, there is a loss of 20 seconds during the restart of routing daemon. This traffic loss varies with the configuration that is done. PR1409773

Infrastructure

  • When an SNMP poll is performed for the following OID's, the backup Routing Engine returns the value 6 (6=down) for the FAN and 1 (1=unknown) for the PSU's, even though the FAN and PSU's are UP. Fan: 1.3.6.1.4.1.2636.3.1.13.1.6 PSU: 1.3.6.1.4.1.2636.3.1.13.1.6.2. For a permanent fix, upgrade the chassis to Junos OS Release 15.1R8 or later. PR1360962

Junos Fusion Enterprise

  • On a Junos Fusion, when using LLDP, the power through MDI and extended power through MDI TLVs are not transmitted. PR1105217

  • On a Junos Fusion Enterprise, Link Layer Discovery Protocol-Media Endpoint Discovery (LLDP-MED) fast start does not work. PR1171899

  • On a Junos Fusion Enterprise, when the satellite devices of a cluster are rebooted, the output of the CLI command show chassis satellite shows the port state of the cascade ports as Present. PR1175834

  • On a Junos Fusion Enterprise, a loss of connectivity of the link connecting the standalone switch might cause conversion of the switch from Junos OS to SNOS to fail. PR1232798

  • On a Junos Fusion Enterprise, the satellite device might not come online when the system is converted from cluster to non-cluster mode without accompanying topology changes. PR1251790

  • When on the aggregation device Junos Fusion Enterprise is powered OFF or powered ON, it might take 6 to 30 seconds for the traffic to converge. PR1257057

  • During Routing Engine switchover on a Junos Fusion Enterprise, the BUM traffic is duplicated to indirectly connected satellite devices. This occurs because there is no current support to notify the GRES event to indirectly connected satellite devices. PR1298434

  • The ppm-lite process might generate a core file on the Fusion satellite devices. It is unexpectedly treating IEEE PORT VLAN ID TLV on LLDP packets as a DCBXv1.01 TLV. PR1364265

  • Power over Ethernet (PoE) over Link Layer Discovery Protocol (LLDP) negotiation is not supported in Junos Fusion Enterprise (JFE) setup. The issue results in powering up failure when a device makes PoE over LLDP negotiation with the JFE. PR1366106

Layer 2 Features

  • The eswd process might crash after doing a Routing Engine switchover in EX Series Virtual Chassis scenario. The crash happens because of disordered processing of a VLAN or its member by eswd and L2PT modules. As the order of processing does not remain the same every time, the crash is random across switchovers. PR1275468

  • On EX Series platforms, except for EX4300/EX4600/EX9200, the multiple spanning tree protocol (MSTP) might not be able to detect the topology changes after a nonstop software upgrade (NSSU) process, which might lead to a packet loop. The topology change count is shown as 0 after that. user@switch> show spanning-tree bridge msti 2 ++++++++++++++++Output Snipped++++++++++++++ STP bridge parameters for MSTI 2 MSTI regional root : 8194.78:fe:3d:b1:e4:01 Hello time : 2 seconds Maximum age : 20 seconds Forward delay : 15 seconds Number of topology changes : 0 >>>>>> showing 0 Topology change last recvd. from : 88:a2:5e:35:70:04 Local parameters Bridge ID : 8194.78:fe:3d:b1:e4:01 Extended system ID : 0 Internal instance ID : 2. PR1284415

  • The ERP route update fails during the addition of a new member to the ERP-configured VLAN. PR1301595

  • The following syslog messages occur during ERPS PDU in ERPS setup every few minutes on ERPS owner: eswd[1200]: ESWD_MAC_SMAC_BRIDGE_MAC_IDENTICAL: Bridge Address Add: XX:XX:db:2b:26:81 SMAC is equal to bridge MAC hence don't learn. This message can be ignored. PR1372422

Multicast

  • IGMP query packets might be duplicated between Layer 2 interfaces with IGMP snooping enabled. PR1391753

Network Management and Monitoring

  • On EX Series switches except EX4300, EX4600, EX9200, when redundant trunk group (RTG) switchover, then the /var/log/shadow.log or /var/log/shadow_debug.log is rotated. And it might cause Packet Forwarding Engine process to crash. PR1233050

  • The default syslog level is LOG_NOTICE in the default configuration. SNMP_TRAP_LINK_UP for the physical interface is logged as LOG_INFO. To help debug physical link up issues, SNMP_TRAP_LINK_UP events will be logged by default. PR1287244

Platform and Infrastructure

  • On EX4300, EX4600, and QFX5100 switches, if a remote analyzer has an output IP address that is reachable through a route learned by BGP, the analyzer might be in a down state. PR1007963

  • On EX4300-VC, if you configure a Q-in-Q S-VLAN interface with MC-LAG, when the backup EX4300 is acting as master, you might lose connection to the management IP address through the interface. As a result, management traffic might be dropped. PR1131755

  • In case SP style configuration is used, deactivated or deleted one of the logical interfaces on LAG might cause traffic failure passing through the same LAG interface. PR1422920

Spanning Tree Protocols

  • On EX Series switches except for EX4300, EX4600, and EX9200, the VoIP interfaces might be blocked by Rapid Spanning Tree Protocol (RSTP) if voice VLAN is running VLAN Spanning Tree Protocol (VSTP) and data VLAN is running RSTP respectively. PR1306699

Virtual Chassis

  • If the linecard role FPC is removed from and rejoined to the Virtual Chassis, then the LAG interface on the master or backup switch is not reprogrammed in the rejoined FPC. PR1255302

  • On EX Series switches except for EX4300/EX4600/EX9200, the packet drop might be seen during the failover or switchover from the master switch to backup switch in a Virtual Chassis. This is because of the delay in ARP update during the failover or switchover of the master Routing Engine (RE) . PR1278214

Resolved Issues

This section lists the issues fixed in the Junos OS main release and the maintenance releases.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 17.1R3

Authentication and Access Control

  • The LLDP-MED protocol cannot forward the correct POE class. PR1296547

  • The dot1x process might stop authenticating if continuous reauthentication requests from dot1x clients do not get processed. PR1300050

  • Dot1xd core file might be generated when dot1x interface is configured with EAP-PEAP as an authentication protocol. PR1322891

Class of Service (CoS)

  • On EX4300 and EX4600 switches, traffic might be dropped when there is more than one forwarding class under forwarding-class-sets. PR1255077

Forwarding and Sampling

  • Unexpected messages might be seen in logs. PR1270686

General Routing

  • LACP does not work when MACsec is enabled. PR1093295

  • The storm control action-shutdown configuration does not work as expected. PR1130099

  • After an access is rejected, the dot1x process might crash because of a memory leak. PR1160059

  • On an 802.1X-enabled interfaces, clients might not be able to access the network when they are connected or disconnected for a short period of time. PR1230073

  • An LCD corruption issue is observed when an EX Series switch boots up. PR1233580

  • The EOAM LFM adjacency on an MX Series MPC or an EX9200 might flap when an unrelated MIC, which is in the same MPC slot, is brought online. PR1253102

  • The interface-range command cannot be used to set speed and autonegotiation properties for a group of interfaces. PR1258851

  • The management daemon (MGD) might crash after invoke a specific RPC, SSH/console need to be reconnected. PR1271024

  • FPC connections might drop with the following syslog messages: CHASSISD_MAIN_THREAD_STALLED: main chassis-control thread stalled for XXX sec -- exiting. PR1276605

  • The l2ald memory might leak for every IPv6 ND (Neighbor Discovery) message it receives from a peer MC-LAG and it is not freeing the allocated memory. PR1277203

  • Interfaces configured with 100 Mbps speed might go down after reboot. PR1283531

  • The show security macsec statistics command does not display the expected results. This is a MACsec issue. PR1283544

  • The VLAN association does not get updated in the Ethernet switching table when the device is configured in single-supplicant mode. PR1283880

  • The jhdcpd process might generate core files if dhcpv6-security is configured. PR1287074

  • The dot1x process might crash on EX4300 switches when traffic is flooded and if a VLAN configuration commit is in progress. PR1293011

  • On executing the load replace terminal command and attempting to replace the interface stanza might terminate the current CLI session and leave the user session hanging. PR1293587

  • A warning message Interface matching is supported only in a stand-alone might be seen when had a commit operation with "from interface" condition in firewall filter on single device on a single device. PR1296767

  • Network analytics does not transmit data. PR1297535

  • The eswd process might generate a core file if apply-groups is configured under interface-range. PR1300709

  • An l2ald crash might occur with no apparent trigger. PR1302344

  • The show snmp mib walk command used for jnxMIMstMstiPortState does not display any output on an EX4600 running Junos OS Release 17.1R2. PR1305281

  • Traffic loss is observed while performing NSSU. PR1311977

  • PEM alarms and Iayer 2 circuit failures are observed on EX9200 Series switches. PR1312336

  • The dhcp-security binding table might not get updated. PR1312670

  • A memory leak is seen for the dot1xd process. PR1313578

  • A vmcore file might be displayed and the device might reboot after the ICL is changed from an aggregated Ethernet interface to a physical interface. PR1318929

  • The EX Series switches do not send RADIUS requests after the interface-range configuration is modified. PR1326442

  • Traffic going through an aggregated Ethernet interface might be dropped because of a mastership change. PR1327578

  • The rpd might crash on new backup Routing Engine when chassis switchover is triggered without GRES. PR1330750

  • On an EX9200 switch, when the anchor FPC has no active child, BPDUs are not sent out on the other active child [VSTP/MSTP]. PR1333872

  • On EX9200 switches, the MQSS error with error code 0x2203cb is observed. PR1334928

  • The l2cpd crash might be seen in vstp scenario during Routing Engine switchover. PR1341246

  • The statistics pfed process might generate a core file on an upgrade between certain releases. PR1346925

  • The EX4600 switch detects a LATENCY OVER-THRESHOLD event with a wrong value. PR1348749

  • After an FPC becomes online, the other FPC's CPU usage might go up to 100 percent and have a traffic loss for around 30 seconds. PR1346949

  • The latency over-threshold event might be detected with an incorrect value. PR1348749

  • The 40G interfaces might not forward traffic. PR1349675

  • PPE errors async xtxn error when FPC is restarted or removed. PR1350909

  • Commit error is observed when box is downgraded from Junos OS Release 18.2 or 18.3 to Junos OS Release 17.3R3. PR1355542

  • FPM board status is missing in SNMP MIB walk result. PR1364246

  • The l2cpd process might crash when configuring MVRP with private VLAN and RSTP interface all. PR1365937

  • MAC refresh packet might not be sent out from the new primary link after RTG failover. PR1372999

  • FPC might crash when flapping the output interface of analyzer or sampling. PR1374861

  • ARP request packets might be sent out with 802.1Q VLAN tag. PR1379138

  • The dot1x does not work with Microsoft NPS server. PR1381017

  • On EX9200 platforms, the warning message prefer-status-control-active is used with status-control standby might be seen whenever you commit an operation. PR1386479

  • MAC-limit with persistent MAC is not working after reboot. PR1400507

  • The l2cpd might crash if the VSTP traceoptions and VSTP VLAN all commands are configured. PR1407469

  • PEM alarm for backup FPC remains on master FPC though backup FPC is detached from VC. PR1412429

High Availability (HA) and Resiliency

  • GRES might fail to start because of the missing state acknowledgment message from the Package Forwarding Engine. PR1236882

Infrastructure

  • On an EX4300 egress VLAN-based firewall filter on a Q-in-Q interface, after a switch reboot, firewall counters might not increment as expected. PR1165450

  • When system ports console log-out-on-disconnect is enabled, system reboot or switchover can result in processes remaining in the wait state and failure of the syslog feature. PR1253544

  • On EX4300 switches , the aggregated Ethernet interface goes down when interface member VLAN is P-VLAN and LACP is enabled. PR1264268

  • Unable to provide management when em0 interface of FPC is connected to another FPC Layer 2 interface of the same Virtual Chassis. PR1299385

  • The monitor interface traffic does not display incoming ICMP packets. PR1303947

  • The file system might be corrupted multiple times during an image upgrade or while committing an operation. PR1317250

  • The upgrade might fail if bad blocks occur in the flash memory device or file system. PR1317628

  • The PFC feature might not work on EX4600. PR1322439

  • The ifinfo process generates a core file on an EX4600 Virtual Chassis. PR1324326

  • Need support for archiving dmesg file /var/run/dmesg.boot*. PR1327021

  • EX4600 might be sending packet with incorrect destination mac-address in MPLS php scenario. PR1334929

Interfaces and Chassis

  • The MAC address between aggregated Ethernet interface and the member port might be inconsistent in rare conditions. PR1272973

  • The interface might not work properly after the FPC restarts. PR1329896

  • On EX4300-VC platforms, the MAC address assigned to an aggregated Ethernet member interface is not the same as that of its parent aggregated Ethernet interface upon master Routing Engine halt. PR1333734

  • Packets might drop on ICL of MC-LAG peer where MC-LAG is up. PR1345316

  • MC-LAG peer does not send ARP request to the host. PR1360216

Junos Fusion Enterprise

  • Mirrored packets are dropped if analyzer output extended port is reachable through the ICL link. PR1211123

  • On dual-AD JFE setup, while applying Routing Engine lo0 filters and setting the cascade port down on AD2, the SD goes to "ProvSessionDown" on that AD2 while it stays online on AD1. PR1275290

  • DHCP snooping entry is deleted after l2ald restarts. PR1281824

  • VRRP has a split-brain in dual autodiscovery Junos Fusion. PR1293030

  • AD without cascade port cannot reach hosts over ICL link if they are authenticated by dot1x in a different VLAN than the default (manually assigned) VLAN. PR1298880

  • The dot1x authentication might fail in a Junos Fusion setup. PR1299532

  • Dot1x might crash in a Junos Fusion setup with dual AD. PR1303909

  • In Junos Fusion environment SD displays U-Boot on the LCD screen. PR1304784

  • Two to three seconds of packet loss is seen every 5 minutes on Junos Fusion. PR1320254

  • A satellite device does not recover PoE after the device is offline for more than 10 minutes and rejoins the AD. PR1356478

  • The l2ald might crash when issuing clear ethernet-switching table persistent-learning command. PR1409403

Layer 2 Ethernet Services

  • BOOTP packets might be dropped if BOOTP-support is not enabled at the global level. PR1373807

Layer 2 Features

  • RTG MAC refresh packets will be sent out from non-RTG ports if the RTG interface belonging to the Virtual Chassis master flaps. PR1389695

Layer 3 Features

  • The l2ald might crash when issuing clear ethernet-switching table persistent-learning. PR1381739

MPLS

  • On a EX4600 switch, unified ISSU is not supported with MPLS configuration. PR1264786

Network Management and Monitoring

  • Some parts of SNMP MIB jnxBoxAnatomy hierarchy related to chassis components might be missing. PR1278197

Platform and Infrastructure

  • Ping does not go through device after WTR timer expires in ERPS scenario. PR1132770

  • Layer 3 protocol packets are not being sent out from the switch. PR1226976

  • On an EX4300 switch, PXE unicast ACK packets are dropped. PR1230096

  • Traffic is not forwarded through the GRE tunnel on an EX4300 in some cases. PR1254638

  • The PoE interfaces flap on an EX4300 when one PSU is removed in power redundancy N+N mode. PR1258107

  • Unexpected pfex restart is seen when the Routing Engine switches over. PR1258863

  • The mismatch of VLAN IDs between a logical interface and the VLAN configuration might result in traffic being silently dropped or discarded. PR1259310

  • On an EX4300 Virtual Chassis, a 10-Gigabit Ethernet VCP might not get a neighbor after a system reboot. PR1261363

  • The EX Series switch does not respond to SSH or Telnet. PR1266045

  • The IRB interface does not go down when the master chassis is rebooted or halted. PR1273176

  • The DHCP discover/offer packets might cause memory leaks and jdhcpd core files might be generated.PR1273452

  • CPU utilization for pfex_junos usage might go high if DHCP relay packets are received continually. PR1276995

  • Traffic loss might be observed for about 10 seconds if the master member FPC reboots. PR1283702

  • IGMP report packets might be dropped on EX4300-VC with persistent learning enabled. PR1285807

  • The FBF might not work properly after the feature is activated or deactivated.PR1293581

  • Some packets might be dropped after GRE encapsulation on EX4300. PR1293787

  • On EX4300 switches, some functions of IPv6 Router Advertisement Guard do not work. PR1294260

  • On EX4300 switches, when unknown unicast ICMP packets are received by an interface, packets are routed, so TTL is decremented. PR1302070

  • The FRU PSU removal and insertion traps might not get generated PR1302729

  • Unknown IPv6 multicast traffic is dropped if mld-snooping is enabled. PR1304345

  • Inconsistent IEEE P-bit marking in 802.1Q header for OSPF packets. PR1306750

  • Multicast receiver connected to the EX4300 switch might not be able to get the multicast streaming. PR1308269

  • The Traceroute command is not working for routing instances on EX9200 devices running on Junos OS Release 17.1R3. PR1310615

  • Autonegotiation is not working as expected between EX4300 and SRX5800. PR1311458

  • IGMP snooping might not learn multicast router interface dynamically. PR1312128

  • The interface with 1-gigabit SFP transceiver might go down if no-auto-negotiation is configured. PR1315668

  • The l2cpd core files are generated if the interface is disabled under VSTP and enabled under RSTP. PR1317908

  • High latency might be observed between the master Routing Engine and other FPCs. PR1319795

  • The VLAN might not be processed, which leads to improper convergence of the STP. PR1320719

  • Multicast traffic might not be forwarded to one of the receivers. PR1323499

  • MAC learning issue and new VLANs creation failure might happen for some VLANs on EX4300 platform. PR1325816

  • The L2cpd might generate core files if set protocols layer2-control mac-rewrite or set protocols layer2-control bpdu-block is configured on any of the child members of a LAG. PR1325917

  • Extra EAP request packets might be sent unnecessarily. PR1328390

  • The SNMP trap message are always sent out with log about "Fan/Blower OK" on EX4300-VC switch. PR1329507

  • On EX4300 Series switch, when the TCAM is being exhausted, the TCAM table filter continues to be programmed. PR1330148

  • On EX4300 platforms, storm control logs stopped after adding RTG configuration. PR1335256

  • The IGMP packets are forwarded out of the RTG backup interface. PR1335733

  • L2cpd memory leak appears on EX Series platforms with VoIP configured. PR1337347

  • The show spanning-tree statistics bridge command output gives 0 for all VLAN instance IDs. PR1337891

  • MAC source address filter with the statement accept-source-mac does not work if MAC move limit is configured. PR1341520

  • MSTP might not work normally after a commit is performed. PR1342900

  • A firewall filter might not be programmed in Packet Forwarding Engine even though TCAM entries are available. PR1345296

  • Packet drop might be seen on the logical tunnel interfaces lt-x/2/x or lt-x/3/x. PR1345727

  • On EX4300/EX4600s the VLAN translation feature does not work for the control plane traffic. PR1348094

  • On EX4300 platforms, traffic drop might happen if LLC packets are received with DSAP and SSAP as 0x88 and 0x8e. PR1348618

  • Firewall syslog is not sent to the syslog server. PR1351548

  • A high usage chassis alarm in /var does not clear from the EX4300 Virtual Chassis when a file is copied from fpc1 (master) to fpc0 (backup). PR1354007

  • The ports using SFP-T transceiver might be still up after system halt. PR1354857

  • The FPC would crash because of the memory leak caused by the VTEP traffic. PR1356279

  • Interface flapping is seen on EX4300 switch. PR1361483

  • On EX4300/EX4600 platforms, the l2ald process might crash in dot1x scenario. PR1363964

  • Packet Forwarding Engine might crash if encountering frequent MAC move. PR1367141

  • Traffic drops on Packet Forwarding Engine as "invalid L2 token" when protocol changes from VPLS to EVPN. PR1368802

  • The LLDP TLV with incorrect switch port capabilities might be sent. PR1372966

  • Traffic might be dropped and discarded with indirect next hop and load balancing. PR1376057

  • Packet drops on interface if the statement gigether-options loopback is configured. PR1380746

  • IRB interface does not turn down when master of Virtual Chassis is rebooted or halted. PR1381272

  • On the EX4300 switch, if a loss priority value of high is set for multicast packets by a classifier at the ingress interface, the configuration is overridden by the storm-control filter. PR1382893

  • EX4300 device chooses incorrect bridge-id as RSTP bridge-id. PR1383356

  • The dhcp-security binding table might not be updated because of the renew request with '0.0.0.0' value in 'ciaddr'. PR1394341

Routing Protocols

  • Observed mcsnoopd core file at __raise,abort,__task_quit__,task_quit,task_terminate_timer_callback,task_timer_dispatch,task_scheduler_internal and (enable_slip_detector=true, no_exit=true) at ../../../../../../src/junos/lib/libjtask/base/task_scheduler.c:275. PR1305239

  • The OSPF routes cannot be installed to the routing table until the lsa-refresh timer expires. PR1316348

  • BGP peer is not established after Routing Engine switchover when graceful-restart and BFD enabled. PR1324475

  • The IGMP snooping feature might be enabled unexpectedly. PR1327048

  • In Junos OS EX Series paltform, the stateless firewall filter ignores IPv6 extension headers (CVE-2019-0005). See https://kb.juniper.net/JSA10905 for more details. PR1346052

  • The parity errors in Layer 3 IPv4 table in the Packet Forwarding Engine memory might silently drop and discard the traffic. PR1364657

  • Host destined packets with filter log action might reach the Routing Engine. PR1379718

  • EX4300 might drop incoming IS-IS hello packets when IGMP or MLD snooping is configured. PR1400838

User Interface and Configuration

  • On EX4300, the J-Web allows the configuration of source-address-filter, which is not the expected behavior. PR1281290

Virtual Chassis

  • On an EX4300 switch , FRU removal or insertion of trap is not generated for non-master members (the switch in backup or linecard role).. PR1293820

Resolved Issues: 17.1R2

Authentication, Authorization, and Accounting (AAA) (RADIUS)

  • On an EX4300 switch or Virtual Chassis with 802.1X (dot1x) enabled, in a scenario with more than 254 clients (supplicants), plenty of clients might be going to the server-reject VLAN and have limited access to the server-reject VLAN although the clients have correct credentials. For a few authenticated clients, the authentication method might be displayed as "Server-Reject" although the client was authenticated in the correct VLAN---that is, the data VLAN. PR1251530

  • After configuration change with "commit", "dot1x" radius authentication request may not be sent out when having the "wait-for-acct-on-ack" configuration option within "access profile" PR1252456

EVPN

  • If an EX9200 switch is configured as a PE router connected to a multihomed site in an EVPN/MPLS network, RPD core files might be created on the EX9200 when more than 255 logical interfaces from the same physical interface/ESI are added to the virtual switch instance configuration. Then some logical interfaces are removed from the ESI (that is, rollback of the configuration). PR1251473

Infrastructure

  • On EX/QFX Series switches, if the switch was power cycled then some process (like jdhcp/lacp/lldpd...could be any other process) might stop working after rebooting. PR1222504

Interfaces and Chassis

  • MPC might crash during ISSU from Junos OS Release 15.1R1 to a later release when QSFP/CXP/CFP2 optics are present. PR1216924

Junos Fusion Enterprise

  • On a Junos Fusion Enterprise, the EX4300 running Junos OS Release 17.1R2 cannot be added as a satellite. PR1267767

  • On a Junos Fusion Enterprise, restarting satellite-related daemons and L2 learning result in some MAC entries getting stuck in DLR state. PR1268619

Network Management and Monitoring

  • On EX9208 switches, after ISSU, storm control is taking effect only after deletion and re-creation. PR1151346

  • The following system error is logged: JAM: Plugin installed for %s PIC. PR1189100

  • After the reboot of the EX4600 Virtual Chassis, authentication of SNMPv3 users fails due to the change of the local engine ID. PR1256166

Platform and Infrastructure

  • On EX4300 switches, Layer 2 traffic is dropped in some cases. PR1157058

  • When a policer with the action of loss of priority is applied to the lo0 interface, all ICMP packets might be dropped. PR1243666

  • SFP+ might not be recognized after EX4300 reboot. PR1247172

  • On EX9200 switches, if ISSU is used to upgrade Junos, it is possible that an unnecessary thread will run on an FPC after the upgrade procedure. This thread can potentially enter into a loop and trigger a stop of forwarding traffic on that particular FPC. PR1249375

  • The egress PE device (EX4300) sends out LLDP frames toward the CE device with the destination MAC address of 01:00:0c:cd:cd:d0 which is a duplicated frame and rewritten by ingress (PE) device. PR1251391

  • On EX4300 switches, traffic is not forwarded through the GRE tunnel in some cases. PR1254638

  • After you deactivate IPv6 RA and commit the configuration, the feature is not deactivated. PR1257697

  • The filter applied to the lo0 interface with policer action might break the BGP session. PR1258038

  • On the EX4300-VC, FPC crash and PFEX core file might occur. PR1261852

Port Security

  • MACsec connections are deleted randomly in some scenarios. PR1234447

  • High CPU usage caused by fxpc can lead to MACsec session drops. PR1247479

  • After MACsec link flaps, traffic stops forwarding across the MACsec link. PR1269229

Routing Protocols

  • The BGP session might flap during ISSU, resulting in 40-50 seconds of dropped traffic. PR1247937

Spanning Tree Protocols

  • RSTP interface all edge with the BPDU block configures all interfaces to go into BPDU block even if an interface is explicitly disabled under RSTP. PR1266035

Subscriber Access Management

  • The authd process generates core files continuously during RADIUS authentication. PR1241326

System Management

  • On MX Series and EX9200 platforms, an enhancement for implementing sensor-specific temperature thresholds is needed. PR1199447

Virtual Chassis

  • When you add the EX4300 to the VCF, the following error message is seen: ch_opus_map_alarm_id alarm ignored: object 0x7e reason. PR1234780

Resolved Issues: 17.1R1

Authentication and Access Control

  • A dot1xd core file is observed during CoA with Juniper-Switching-Filter. PR1219538

  • Security certificates are lost after reboot or upgrade, and the following error is seen: Unable to derive certificate from input . PR1237732

Infrastructure

  • BGP sessions are dropped on the EX4300 when sending BGP host-inbound traffic. PR1090033

  • GRE counters are incrementing very slowly after deactivating and activating the gr- interface. PR1183521

  • DHCP return packets received across a GRE tunnel are not forwarded to clients. PR1226868

  • A timeout error occurs when using the request system snapshot slice alternate command. PR1229520

Interfaces and Chassis

  • MPC might crash during ISSU from Junos OS Release 15.1R1 to a later release when QSFP/CXP/CFP2 optics are present. PR1216924

  • Restarting the interface process causes traffic loss in aggregate Ethernet (ae) bundle in MC-LAG scenario. PR1229001

MPLS

  • Virtual Chassis/Virtual Chassis Fabric-l2ckt: FXPC core file is seen when deactivating core interface on MPLS l2ckt configuration using IRB interface. PR1242203

Platform and Infrastructure

  • Firewall filter is getting deleted when a new bind point is added. PR1214151

  • EBGP packets with ttl=1 and non-EBGP packets with ttl=1 go to the same queue on EX4300. PR1215863

  • The dcd process might crash with configuration of set vlans xxx interface all. PR1221803

  • Frame with CFI / DEI bit set to 1 dropped on ingress L3 interface on EX4300 in Junos OS Release 14.1X53-D40.8 PR1237945

  • EX4300: Too many interfaces after >request system zeroize in default configuration. PR1238848

  • Stale dot1x state leads to packet loss on trunk links if they are converted from access to trunk. PR1239252

  • Certain multicast traffic might cause network impact on EX4300 switch. PR1244351

  • EX4300 connectivity issue with 10/100M and full/half duplex interface. PR1249170

  • On Junos Fusion Enterprise, Power over Ethernet (PoE) telemetries do not work. PR1112953

  • Changes made in PoE configuration during SD Offline state are not getting reflected once the SD is back Online. PR1154486

  • On a Junos Fusion Enterprise, issues with ARP traffic might occur if the Junos Fusion topology exceeds the documented limit of 6,000 extended port interfaces. PR1186077

  • FF reject tcp-reset does not work on IRB interface. PR1219953

  • Issue with the show command occurs in single supplicant mode captive portal. PR1240259

  • ELS Style -There is no command to enable DHCP snooping without having to enable other FHS features. PR1245559

Routing Protocols

  • Hops through GRE tunnel endpoints are seen in traceroute. PR1236343

Virtual Chassis

  • Repeated log message kernel: %KERN-5: tcp_timer_keep: Dropping socket connection due to keepalive timer expiration is seen on EX4300. PR1209847

Documentation Updates

This section lists the errata and changes in Junos OS Release 17.1R3 for the EX Series switches documentation.

Documentation Updates

  • Support for deletion of static routes when the BFD session goes down (EX Series)—Starting with Junos OS 17.1R3, the default behavior of the static route at the [edit routing-options static static-route bfd-admin-down] hierarchy level is active. So, the static routes are deleted when the BFD receives a session down message.

  • Starting with Junos OS Release 17.1R1, EX9200 Virtual Chassis is no longer supported, and the EX9200 Virtual Chassis documentation has been archived. See EX Series Documentation Archives. For deployments with EX9200 switches, we recommend planning or moving to MC-LAG or Junos Fusion Enterprise architectures instead of using a Virtual Chassis.

Migration, Upgrade, and Downgrade Instructions

This section contains the upgrade and downgrade support policy for Junos OS for the EX Series. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network. For information about software installation and upgrade, see the Installation and Upgrade Guide.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 15.1, 16.1 and 16.2 are EEOL releases. You can upgrade from Junos OS Release 15.1 to Release 16.1 or even from Junos OS Release 15.1 to Release 16.2. However, you cannot upgrade directly from a non-EEOL release that is more than three releases ahead or behind.

To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see https://support.juniper.net/support/eol/software/junos/.

Product Compatibility

Hardware Compatibility

To obtain information about the components that are supported on the devices, and the special compatibility guidelines with the release, see the Hardware Guide for the product.

To determine the features supported on EX Series switches in this release, use the Juniper Networks Feature Explorer, a Web-based application that helps you to explore and compare Junos OS feature information to find the right software release and hardware platform for your network. Find Feature Explorer at https://apps.juniper.net/feature-explorer/.

Hardware Compatibility Tool

For a hardware compatibility matrix for optical interfaces and transceivers supported across all platforms, see the Hardware Compatibility tool.