Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for EX Series Switches


These release notes accompany Junos OS Release 17.2R3 for the EX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at

New and Changed Features

This section describes the new features and enhancements to existing features in the Junos OS main release and the maintenance releases for EX Series.


The following EX Series switches are supported in Release 17.2R3: EX4300, EX4600, and EX9200.


In Junos OS Release 17.2R3, J-Web is supported on the EX4300 and EX4600 switches in both standalone and Virtual Chassis setup.

The J-Web distribution model being used provides two packages:

  • Platform package—Installed as part of Junos OS; provides basic functionalities of J-Web.

  • Application package—Optionally installable package; provides complete functionalities of J-Web.

For details about the J-Web distribution model, see Release Notes: J-Web Application Package Release 17.2A1 for EX4300 and EX4600 Switches.

Release 17.2R3 New and Changed Features

Restoration Procedures and Failure Handling

  • Device recovery mode introduced in Junos OS with upgraded FreeBSD (EX Series)—In Junos OS Release 17.2R3, for devices running Junos OS with upgraded FreeBSD, provided you have saved a rescue configuration on the device, an automatic device recovery mode is activated if the system goes into amnesiac mode. In this process, the system automatically retries to boot with the saved rescue configuration. During this process, the system displays a banner "Device is in recovery mode” in the CLI (in both operational and configuration modes). In releases before Junos OS Release 17.2R3, there is no automatic process to recover from amnesiac mode. In those releases, a user with load and commit permission has to log in using the console and fix the issue in the configuration before the system reboots.

    [See Saving a Rescue Configuration File.]

Release 17.2R2 New and Changed Features

  • There are no new features or enhancements to existing features for EX Series in Junos OS Release 17.2R2.

Release 17.2R1 New and Changed Features

Authentication, Authorization, and Accounting (AAA) (RADIUS)

  • Authentication order with priority (EX4300 switches)—Starting in Junos OS Release 17.2R1, you can configure EX4300 switches not to trigger re-authentication for a client that has been authenticated using MAC RADIUS authentication or captive portal authentication. If the switch receives an EAP-Start message from an authenticated client, the switch typically responds with an EAP-Request message, which triggers re-authentication using 802.1X authentication. You can use the eapol-block statement to configure the switch to ignore EAP-Start messages sent by a client that has been authenticated using MAC RADIUS authentication or captive portal authentication, and maintain the existing authentication session for the client.

    [See Understanding Authentication on Switches.]

  • Protected Extensible Authentication Protocol (PEAP) for MAC RADIUS authentication (EX4300 switches)—Starting in Junos OS Release 17.2R1, you can configure the Protected Extensible Authentication Protocol (PEAP) as the authentication method for MAC RADIUS authentication. PEAP is a protocol that encapsulates EAP packets within an encrypted and authenticated Transport Layer Security (TLS) tunnel. The inner authentication protocol, used to authenticate the client's MAC address inside the tunnel, is the Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAPv2). The encrypted exchange of information inside the tunnel ensures that user credentials are safe from eavesdropping.

    [See Understanding Authentication on Switches.]


  • EVPN proxy ARP and ARP suppression (EX9200 switches)—Starting with Junos OS Release 17.2R1, EX9200 switches that function as provider edge (PE) devices in an Ethernet VPN-MPLS (EVPN-MPLS) or Ethernet VPN-Virtual Extensible LAN (EVPN-VXLAN) environment support proxy Address Resolution Protocol (ARP) and ARP suppression. The proxy ARP and ARP suppression capabilities are enabled by default. For both features to work properly, the configuration of an integrated and routing (IRB) interface on the PE device is required.

    IRB interfaces configured on a PE device deliver ARP requests from both local and remote customer edge (CE) devices. When a PE device receives an ARP request from a CE device, the PE device searches its media access control (MAC)-IP address bindings database for the requested IP address. If the PE device finds the MAC-IP address binding in its database, it responds to the request. If the device does not find the MAC-IP address binding, it swaps the source MAC address in the request with the MAC address of the IRB interface on which the request was received and sends the request to all interfaces.

    Even when a PE device responds to an ARP request, ARP packets might still be flooded across the WAN. ARP suppression prevents this flooding from occurring.

    [See EVPN Proxy ARP and ARP Suppression.]

Layer 3 Features

  • Port-based LAN broadcast traffic forwarding (port helpers) for multiple destination servers (EX4300 switches and Virtual Chassis)—Starting in Junos OS Release 17.2R1, you can configure port helpers on EX4300 switches and EX4300 Virtual Chassis on a per-port basis for multiple destination servers. Port helpers are port-based filters that listen on configured UDP ports for incoming LAN broadcast traffic, and forward those packets to configured destination servers as unicast traffic. Configure port helper filters using the forwarding-options helpers port port-number configuration statement with any of the following scopes:

    • Global—Match incoming broadcast traffic on any interface for a configured port, and forward the traffic to the configured server:

      set forwarding-options helpers port port-number server server-ip-address
    • VLAN-specific—Match incoming broadcast traffic on an IRB interface for a configured port, and forward the traffic to the configured server:

      set forwarding-options helpers port port-number interface irb-interface-name server server-ip-address
    • Interface-specific—Match incoming broadcast traffic on a Layer 3 interface for a configured port, and forward the traffic to the configured server:

      set forwarding-options helpers port port-number interface interface-name server server-ip-address

    [See Configuring Port-based LAN Broadcast Packet Forwarding.]


  • Support for device family and release in Junos OS YANG modules (EX Series)—Starting in Junos OS Release 17.2, Junos OS YANG modules are specific to a device family, and each module’s namespace includes the module name, device family, and Junos OS release string. Furthermore, each juniper-command module uses its own unique module name as the module’s prefix. Device families include junos, junos-es, junos-ex, and junos-qfx.

    [See Understanding Junos OS YANG Modules.]


  • Support for static multicast route leaking for VRF and virtual-router instances (QFX5100 and EX4300 switches)—Starting in Junos OS Release 17.2R1, you can configure your switch to share IPv4 multicast routes among different virtual routing and forwarding (VRF) instances or different virtual-router instances. On EX4300 switches, multicast route leaking is supported only when the switch functions as a line card in a Virtual Chassis, not as a standalone switch. Only multicast static routes with a destination-prefix length of /32 are supported for multicast route leaking. Only Internet Group Management Protocol version 3 is supported. To configure multicast route leaking for VRF or virtual-router instances , include the next-table routing-instance-name.inet.0 statement at the [edit routing-instances routing-instance-name routing-options static route destination-prefix/32] hierarchy level. For routing–instance-name, include the name of a VRF or virtual-router instance. This feature was previously introduced in Junos OS Release 14.X53-D40.

    [See Understanding Multicast Route Leaking for VRF and Virtual-Router Instances.]

Network Management and Monitoring

  • SNMP support for monitoring tunnel statistics (EX Series)—Starting in Junos OS Release 17.2R1, SNMP MIB jnxTunnelStat supports monitoring of tunnel statistics for IPV4 over IPV6 tunnels. This is a new enterprise-specific MIB, Tunnel Stats MIB, that currently displays three counters: tunnel count in rpd, tunnel count in Kernel, and tunnel count in the Packet Forwarding Engine. This MIB can be extended to support other tunnel statistics. The MIB is defined in jnx-tunnel-stats.txt. This MIB is attached to jnxMibs.

System Management

  • Dynamic power management (EX9200 switches)—Starting with Junos OS Release 17.2R1, EX9200 switches support dynamic power management.

    [See System Services on EX9200 Switches].

Changes in Behavior and Syntax

This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands from Junos OS Release 17.2R3 for the EX Series.

General Routing

  • Support for deletion of static routes when the BFD session goes down (EX Series)—Starting with Junos OS 17.2R2, the default behavior of the static route at the [edit routing-options static static-route bfd-admin-down] hierarchy level is active. So, the static routes are deleted when the BFD receives a session down message.

IP Tunneling

  • Deprecated no-path-mtu-discovery configuration option for ipip6 tunnels—Starting in Junos OS Release 17.2R1, the no-path-mtu-discovery configuration statement in the [edit interfaces ip-fpc/pic/port unit logical-unit-number tunnel] and [edit interfaces gr-fpc/pic/port unit logical-unit-number tunnel] hierarchies is no longer available for ipip6 tunnels.


  • Changes to the rfc-compliant configuration statement (EX Series)—Starting in Junos OS Release 17.2R1, Junos OS YANG modules are specific to a device family, and each module’s namespace includes the module name, device family, and Junos OS release string. If you configure the rfc-compliant statement at the [edit system services netconf] hierarchy level and request configuration data in a NETCONF session on a device running Junos OS Release 17.2R1 or later, the NETCONF server sets the default namespace for the <configuration> element in the RPC reply to the same namespace as in the corresponding YANG model.

    [See Configuring RFC-Compliant NETCONF Sessions and rfc-compliant.]

  • Junos OS YANG module namespace and prefix changes (EX Series)—Starting in Junos OS Release 17.2R1, Junos OS YANG modules are specific to a device family, and each module’s namespace includes the module name, device family, and Junos OS release string. Furthermore, each juniper-command module uses its own unique module name as the module’s prefix. In earlier releases, Junos OS YANG modules used only a unique identifier to differentiate the namespace for each module, and the prefix for all juniper-command modules was jrpc.

    Device families include junos, junos-es, junos-ex, and junos-qfx. The Junos OS YANG extension modules, junos-extension and junos-extension-odl, use the junos device family identifier in the namespace, but the modules are common to all device families.

    [See Understanding Junos OS YANG Modules.]


  • Support for per-source multicast traffic forwarding with IGMPv3 (EX4300)—Starting in Junos OS Release 17.2R3, EX4300 switches forward multicast traffic on a per-source basis according to received IGMPv3 INCLUDE and EXCLUDE reports. In releases prior to these releases, EX4300 switches process IGMPv3 reports, but instead of source-specific multicast (SSM) forwarding, they consolidate IGMPv3 INCLUDE and EXCLUDE mode reports for a group into one route for all sources sending to the group. As a result, with the prior behavior, receivers might get traffic from sources they didn’t specify.

    [See IGMP Snooping Overview.]

Network Management and Monitoring

  • SNMP syslog messages changed (EX Series)—In Junos OS Release 17.2R1, two misleading SNMP syslog messages have been rewritten to accurately describe the event:

    • Old Message- AgentX master agent failed to respond to ping. Attempting to re-register

      New Message- AgentX master agent failed to respond to ping, triggering cleanup!

    • Old Message- NET-SNMP version %s AgentX subagent connected

      New Message- NET-SNMP version %s AgentX subagent Open-Sent!

    [See the MIB Explorer.]

  • Update to SNMP support of apply-path statement (EX Series)—In Junos OS Release 17.2R1, SNMP implementation of the apply-path configuration statement supports only two lists:

    • apply-path "policy-options prefix-list <list-name> <*>"

      This configuration has been supported from day one.

    • apply-path "access radius-server <*>"

      This configuration is supported as of this release.

  • Change in default log level setting (EX Series)—In Junos OS Release 17.2R3, the following changes are made to the default logging levels:

    Before this release:

    • SNMP_TRAP_LINK_UP was LOG_INFO for both the physical (IFD) and logical (IFL) interfaces.

    • SNMP_TRAP_LINK_DOWN was LOG_WARNING for both the physical and logical interfaces.

    From this release onward:

    • IFD LinkUp -> LOG_NOTICE (as this is an important message but less frequent)

    • IFL LinkUp -> LOG_INFO (no change)

    • IFD and IFL LinkDown -> LOG_WARNING (no change)

    See the MIB Explorer.

  • Need to reconfigure SNMPv3 configuration after upgrade (EX4600)—In Junos OS Release 17.2R1, you might need to reconfigure SNMPv3 after upgrading from an earlier release to this release. This is necessary only if you are using SNMPv3 and if the engine ID is based on the MAC address because the engine ID is changed. In releases before Junos OS Release 17.2R1, you need to reconfigure SNMPv3 every time after a reboot.This problem is now fixed. If you upgrade, you must still reconfigure SNMPv3, but only once—if you have already reconfigured SNMPv3 in an earlier release, you do not need to reconfigure SNMPv3 again. To reconfigure SNMP v3, use the delete snmp v3 command, commit, and then reconfigure SNMPv3 parameters.

    [See Configuring the Local Engine ID.]

Subscriber Management and Services

  • DHCPv6 lease renewal for separate IA renew requests (EX Series)—Starting in Junos OS Release 17.2R3, the jdhcpd process handles the second renew request differently in the situation where the DHCPv6 client CPE device does both of the following:

    • Initiates negotiation for both the IA_NA and IA_PD address types in a single solicit message.

    • Sends separate lease renew requests for IA_NA and IA_PD and the renew requests are received back-to-back.

    The new behavior is as follows:

    1. When the reply is received for the first renew request, if a renew request is pending for the second address type, the client stays in the renewing state, the lease is extended for the first IA, and the client entry is updated.

    2. When the reply is received for the second renew request, the lease is extended for the second IA and the client entry is updated again.

    In earlier releases:

    1. The client transitions to the bound state instead of staying in the renewing state. The lease is extended for the first IA and the client entry is updated.

    2. When the reply is received for the second renew request, the lease is not renewed for the second address type and the reply is forwarded to the client. Consequently, when that lease ages out, the binding for that address type is cleared, the access route is removed, and subsequent traffic is dropped for that address or address prefix.

    [See Using DHCPv6 IA_NA with DHCPv6 Prefix Delegation Overview.]

Known Behavior

This section lists known behavior, system maximums, and limitations in hardware and software in Junos OS Release 17.2R3 for the EX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

General Routing

  • On EX4600 switches, Zero Touch Provisioning might take more than normal time (or a longer time) to complete because TFTP might take a long time to fetch the required data. PR980530

  • On an EX4300 Virtual Chassis, when you perform a nonstop software upgrade (NSSU), there might be more than five seconds of traffic loss for multicast traffic. PR1125155

  • On EX4300 switches, when 802.1X single-supplicant authentication is initiated, multiple "EAP Request Id Frame Sent" packets might be sent. PR1163966

  • On EX4300 10-Gigabit Ethernet links, preexisting MACsec sessions might not come up after the following events: 1)The pfex or dot1x process restarts. 2)The system restarts and the link flaps. PR1294526

High Availability (HA) and Resiliency

  • Residual and baseline statistics loss from ISSU—Using unified ISSU to upgrade to Junos OS Release 17.2R1 or later will result in a loss of residual and baseline statistics for interfaces, interface set specific statistics, and BBE subscriber service statistics because of an update to the statistics database.

    [See Unified ISSU System Requirements.]

  • During an NSSU on an EX4300 Virtual Chassis, a traffic loop or loss might occur if the Junos OS software version that you are upgrading from and the Junos OS software version that you are upgrading to use different internal message formats. PR1123764

  • ISSU restrictions—Unified ISSU from Junos OS Release 17.2R1 to Junos OS Release 17.2R2 is not supported.

Interfaces and Chassis

  • Previously, the same IP address could be configured on different logical interfaces from different physical interfaces in the same routing instance (including master routing instance), but only one logical interface was assigned with the identical address after commit. There was no warning during the commit, only syslog messages indicating incorrect configuration. This issue is fixed and it is now not allowed to configure the same IP address (the length of the mask does not matter) on different logical interfaces. PR1221993

Known Issues

This section lists the known issues in hardware and software in Junos OS Release 17.2R3 for the EX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

General Routing

  • On an EX9200-12QS line card, interfaces with the default speed of 10-Gbps are not brought down even when the remote end of a connection is misconfigured as 40-Gigabit Ethernet. PR1175918

  • On an EX9200-40XS line card, if you toggle the MACsec encryption option multiple times, encryption and protected MACsec statistics might be updated incorrectly. As a workaround, restart the line card. PR1185659

  • On EX Series Virtual Chassis that support PoE, when the master Routing Engine member is rebooted, PoE devices connected to the master might not come back online after the reboot. As a workaround to avoid this issue, when configuring PoE interfaces, use the set poe interface all configuration command instead of configuring specific interfaces individually. To recover connections after seeing this issue, disable and reenable the ports affected by the issue. PR1203880

  • Various common situations lead to different views of forwarding information between kernel and Packet Forwarding Engines. For example, fpc7 KERNEL/PFE APP=NH OUT OF SYNC: error code 3 REASON: NH add is received for a logical interface that does not exist with the following error message ERROR-SPECIFIC INFO: nh_id=562 , type = Hold, ifl index 334 does not exist TYPE-SPECIFIC INFO: none. As such , there is no service impact in MPC2 and MPC cards. PR1205593

  • On an EX9200 switch with MC-LAG, when the enhanced-convergence statement is enabled, and when the kernel sends a next-hop message to the Packet Forwarding Engine, the full Layer 2 header is not sent and a packet might be generated with an invalid source MAC address for some VLANs. PR1223662

  • When a configuration that takes a Packet Forwarding Engine offline and another configuration that brings the Packet Forwarding Engine back online are committed in quick succession, there could be a Routing Engine-Packet Forwarding Engine out-of-sync errors logged in the syslog. Most of the time these are benign errors, but sometimes they might result in Packet Forwarding Engine crashes. PR1232178

  • On an EX Series router, if Dynamic Host Configuration Protocol (DHCP) relay or DHCP server is configured along with bpdu-block, a memory allocation issue might be seen. This issue can lead to a memory exhaustion for the DHCP prcocess. PR1259918

  • The EX4300 Virtual Chassis might fail to register some jnxOperating SNMP OIDs related to the Routing Engines. This behavior is more likely if Virtual Chassis members 0 and 1 (FPC0 and FPC1) are not selected as Routing Engines. PR1368845

  • On EX4300-48MP, when regression scripts are run, the syslog error Error in bcm_port_sample_rate_set(ifl_cmd) : Reason Invalid port appears. PR1376504

Authentication and Access Control

  • This PR is related to Auto-conversion of Network ports for Virtual Chassis ports feature. A network port is automatically converted to a Virtual Chassis port if the following conditions are met: 1) Two ports are connected back to back between two members in a Virtual Chassis 2) LLDP is enabled on the ports 3) Virtual Chassis is configured using Pre-provisioned mode. But, the conversion to VCP does not complete until the Virtual Chassis members are rebooted. This creates a situations where there could be loops caused by these ports. The command will internally not start the state machine for auto-conversion. This will prevent conversion of any further network ports after the command is configured. This configuration is persistent, across reboots, switchover, and restart of VCCPd. Once configured, the VCCPd will not trigger the exchange of 3-way handshake TLVs with the peer. The interface will remain in INIT state. If any interface is in midway of the conversion, this command has no effect on that and the conversion might be successful. Also, this command will not move the converted ports to Network ports. PR1207566


  • When the ESI configuration on an interface is changed from all-active to single-active, and back to all-active, the EVPN split horizon label is not allocated and is shown as 0. PR1307056


  • On EX4300 switches, if you configure a firewall filter policer with the forwarding-class action on an egress filter, Junos OS might allow the configuration to commit although that action is not supported. PR1104868

  • In a VLAN swap case, the ARP packet processed at SFI contains the original dsa-tag (cvid), which is derived as an invalid hw-token. For this special case, the packet is sent to the kernel. The VLAN classification or regeneration for the invalid hw-token returns zero as the hw-token. PR1342432

Layer 2 Features

  • The eswd process might crash after a Routing Engine switchover is performed in an EX Series Virtual Chassis scenario. The crash occurs because of disordered processing of VLAN or VLAN members by eswd and L2PT modules. As the order of processing does not remain the same every time, the crash is random across switchovers. PR1275468

  • The eswd[1200]: ESWD_MAC_SMAC_BRIDGE_MAC_IDENTICAL: Bridge Address Add: XX:XX:db:2b:26:81 SMAC is equal to bridge mac hence don't learn error is seen in the syslog every few minutes on the ERPS owner. Because the log is caused by ERPS PDUs in an ERPS setup, you can ignore the message. PR1372422

Network Management and Monitoring

  • The default syslog level is LOG_NOTICE in the default configuration. SNMP_TRAP_LINK_UP for the physical interface (IFD) was logged as LOG_INFO from day one. To help debug physical link up issues, SNMP_TRAP_LINK_UP events are now logged by default. PR1287244

  • Trace files are not closed properly; as a result, writing of traceoptions to the log file suddenly stops. PR1380764

Platform and Infrastructure

  • On EX4300, EX4600, and QFX5100 switches, if a remote analyzer has an output IP address that is reachable through a route learned by BGP, the analyzer might be in a down state. PR1007963

  • On all platforms running Junos OS, the file copy CLI command uses /var/home/<user> as a temporary staging directory for a nonroot user, and uses /var/tmp for the root user. When you issue the file copy user@x.x.x.x:/dir/ /var/tmp/ CLI command to copy a file to the device, and if the file you are trying to transfer is larger than the temporary staging directory size, the copy operation might fail. PR1195599

  • Every load override and rollback operation increases the refcount by 1. If the count reaches the maximum value of 65,535, the mgd process might crash and the session might be terminated. When mgd crashes, the active lock might remain up preventing any further commits. PR1313158

  • On EX4300 switches, in an RSTP scenario, if you set a wrong bridge ID as the RSTP bridge-id, loops might be created in the network. PR1383356

Virtual Chassis

  • When the FPC in the linecard role is removed and rejoined to the Virtual Chassis immediately, the LAG interface on the master or backup is not reprogrammed in the rejoined FPC. PR1255302

Resolved Issues

This section lists the issues fixed in the Junos OS main release and the maintenance releases.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 17.2R3

General Routing

  • After access is rejected, the dot1x process might crash because of a memory leak. PR1160059

  • An LCD corruption issue occurs while you are booting up EX Series switches. PR1233580

  • The MACsec session cannot be recovered after physically flapping one link of an aggregated Ethernet interface. PR1283314

  • The show security macsec statistics command does not show the expected results. PR1283544

  • The EX4300-32F MACsec session stays down on 1-Gigabit and 10-Gigabit Ethernet links after certain events, when events are performed with traffic running. PR1299484

  • The eswd prcoess generates core files if apply-groups is configured under interface-range. PR1300709

  • An l2ald crash might occur with no apparent trigger. PR1302344

  • The show snmp mib walk command used for jnxMIMstMstiPortState does not display any output in Junos OS Release 17.1R2 on EX4600 switches. PR1305281

  • Traffic loss is observed while performing NSSU. PR1311977

  • PEM alarms and I2C failures are observed on MX240, MX480, and MX960 routers, EX9200 switches, and the SRX5000 line of devices.PR1312336

  • The DHCP-security binding table might not get updated. PR1312670

  • A memory leak is seen for dot1xd. PR1313578

  • The vmcore might be seen and the device might reboot after the ICL is changed from an aggregated Ethernet interface to a physical interface. PR1318929

  • The EX Series switches do not send RADIUS requests after the interface-range configuration is modified. PR1326442

  • The major alarm about Fan & PSU Airflow direction mismatch might be seen when you remove the management cable. PR1327561

  • Traffic going through an aggregated Ethernet interface might be dropped if mastership changes. PR1327578

  • CoS is wrongly applied on the Packet Forwarding Engine leading to egress traffic drop. PR1329141

  • The rpd generates core files on the new backup Routing Engine at task_quit,task_terminate_timer_callback,task_timer_dispatch,task_scheduler after disabling NSR+GRES. PR1330750

  • The STP BPDUs are not sent out on the other active child when the anchor FPC has no active child. PR1333872

  • MQSS errors and alarms might occur with the interface going down. PR1334928

  • The l2cpd process might crash in a VSTP scenario during Routing Engine switchover. PR1341246

  • The statistics process pfed might generate core files on an upgrade between certain releases. PR1346925

  • After an EX9200 FPC comes online, other FPC might increase the CPU usage to 100 percent and result in traffic loss for around 30 seconds. PR1346949

  • The EX4600 switch detects a LATENCY OVER-THRESHOLD event with a wrong value. PR1348749

  • The 40-Gigabit Ethernet might not forward traffic. PR1349675

  • A commit error is observed if the device is downgraded from Junos OS Release 18.2 or Release 18.3 to Junos OS Release 17.3R3 PR1355542

  • On EX4300-48MP, the 802.1x protocol subsystem is taking a longer time to respond to management requests, and the error the dot1x-protocol subsystem is not responding to management requests. PR1361398

  • Unexpected DCD_PARSE_ERROR_SCHEDULER messages are logged when an MS-MPC or MS-MIC is taken offline or brought online. PR1362734

  • The l2cpd process might crash when MVRP is being configured with private VLAN and with the RSTP interface all option enabled. PR1365937

  • MAC refresh packet might not be sent out from the new primary link after an RTG failover. PR1372999

  • BOOTP packets might be dropped if BOOTP-support is not enabled at the global level. PR1373807

  • NPC core files are generated when FPCs on the EX9200 line of switches reboot. PR1374861

  • The dot1x does not work with the Microsoft NPS server. PR1381017

Authentication and Access Control

  • The LLDP-MED cannot forward the correct PoE class. PR1296547

  • The dot1x process might stop authenticating if continuous reauthentication requests clients cannot get processed. PR1300050

  • The dot1xd process might generate core files if you configure the 802.1x interface with EAP-PEAP as an authentication protocol. PR1322891

High Availability (HA) and Resiliency

  • When igmp-snooping and bpdu-block-on-edge are enabled, IP multicast traffic sourced by the kernel, such as OSPF and VRRP traffic, gets dropped at the Packet Forwarding Engine level. PR1301773


  • Unable to provide management when the em0 interface of an FPC is connected to another FPC Layer 2 interface of the same Virtual Chassis. PR1299385

  • The file system might be corrupted multiple times during an image upgrade or when an operation is committed. PR1317250

  • The upgrade might fail if as a result of file system corruption due to the presence of bad blocks in the flash drive or file system. PR1317628

  • The PFC feature might not work on EX4600. PR1322439

  • The ifinfo prcoess might generate core files on EX4600 Virtual Chassis. PR1324326

  • Support for archiving dmesg file. PR1327021

Interfaces and Chassis

  • On EX4300 Virtual Chassis, an LACP flap is observed after rebooting the master FPC with PDT configurations. PR1301338

  • The interface might not work properly after the FPC restarts. PR1329896

  • The MAC address assigned to an aggregated Ethernet member interface is not the same as that of its parent aggregated Ethernet interface upon master node removal. PR1333734

  • On EX4600, the MC-LAG after reboot of the VRRP master and backup discards the traffic to the downstream switches. PR1345316

  • The MC-LAG peer does not send ARP requests to the host. PR1360216

Platform and Infrastructure

  • The interface-range command cannot be used to set speed and autonegotiation properties for a group of interfaces. PR1258851

  • The mismatch of VLAN IDs between a logical interface and a VLAN configuration might result in traffic to be discarded. PR1259310

  • On EX4300 Virtual Chassis, a 10-Gigabit Ethernet VCP might not get a neighbor after a system reboot. PR1261363

  • The IRB interface does not turn down when the master switch is rebooted or halted. PR1273176

  • The CPU utilization for pfex_junos usage might go high if DHCP relay packets are received continuously. PR1276995

  • Traffic loss might be observed for about 10 seconds if the master member FPC reboots. PR1283702

  • Issuing the load replace terminal CLI command and attempting to replace the interface statements might terminate the current CLI session and leave your session hanging. PR1293587

  • Some packets might be dropped after GRE encapsulation on EX4300. PR1293787

  • The ERROR: /dev/da0s1a is not a JUNOS snapshot error is seen during the system startup. PR1297888

  • On EX4300 switches, when unknown unicast ICMP packets are received by an interface, packets are routed, so TTL is decremented. PR1302070

  • The FRU PSU removal and insertion traps might not get generated. PR1302729

  • The unknown IPv6 multicast traffic is dropped if mld-snooping is enabled. PR1304345

  • Inconsistent IEEE P-bit marking in 802.1Q header for OSPF packets. PR1306750

  • The multicast receiver connected to an EX4300 switch might not be able to get the multicast streaming. PR1308269

  • Traceroute not working in an EX9200 device for routing instances running on Junos OS Release 17.1R3. PR1310615

  • Autonegotiation not working as expected between EX4300 and SRX5800. PR1311458

  • IGMP snooping might not learn the multicast router interface dynamically. PR1312128

  • The interface with 1-Gigabit SFP transceiver might go down if no-auto-negotiation is configured. PR1315668

  • IGMPv3 on EX4300 does not have the correct outgoing interfaces in the Packet Forwarding Engine that are listed in the kernel. PR1317141

  • The l2cpd might generate core files if the interface is disabled under VSTP and enabled under RSTP. PR1317908

  • High latency might be observed between the master Routing Engine and other FPCs. PR1319795

  • VLAN might not be processed, which leads to improper STP convergence improperly. PR1320719

  • Multicast traffic might not be forwarded to one of the receivers. PR1323499

  • A MAC learning issue and failure to create VLANs might be experienced by some VLANs on the EX4300. PR1325816

  • The l2cpd might generate a core file. PR1325917

  • Extra EAP request packets might be sent unnecessarily. PR1328390

  • The SNMP trap message are always sent out with the log message Fan/Blower OK on an EX4300-VC switch. PR1329507

  • When the TCAM table is being exhausted, the filter might be incorrectly programmed. PR1330148

  • The EX4300 does not generate l2ald storm control action logs if the interface has the RTG configuration. PR1335256

  • IGMP packets are forwarded out of RTG backup interfaces. PR1335733

  • An l2cpd memory leak is seen on EX Series platforms with VoIP configured. PR1337347

  • The show spanning-tree statistics bridge command output displays 0 for all VLAN instance IDs. PR1337891

  • The MAC source address filter with accept-source-mac does not work if the MAC move limit is configured. PR1341520

  • MSTP might not work normally after permitting commit. PR1342900

  • The filter might not be programmed in the Packet Forwarding Engine even though TCAM entries are available. PR1345296

  • Packet drop might be seen on the logical tunnel interfaces lt-x/2/x or lt-x/3/x. PR1345727

  • On EX4300 or EX4600 switches, the VLAN translation feature does not work for the control plane traffic. PR1348094

  • On EX4300 switches, traffic drop might happen if LLC packets are received with DSAP and SSAP as 0x88 and 0x8e, respectively. PR1348618

  • Running RSI through the console port might cause the system to crash and reboot. PR1349332

  • On EX4300 switches (standalone and Virtual Chassis) running Junos OS Release 16.1R5 or 16.1R6, the firewall filter with the syslog option is unable to send syslog messages to the syslog server. PR1351548

  • A high-usage chassis alarm in /var does not clear from the EX4300 Virtual Chassis when a file is copied from fpc1 (master) to fpc0 (backup). PR1354007

  • The ports using SFP-T transceiver might still be up after a system halt. PR1354857

  • The FPC might crash because of the memory leak caused by the VTEP traffic. PR1356279

  • Interface flapping is seen on EX4300 switches. PR1361483

  • On EX4300 and EX4600 switches, the l2ald process might crash in an 802.1x scenario. PR1363964

  • The Packet Forwarding Engine might crash if MAC move is encountered frequently. PR1367141

  • The LLDP TLV might be sent with the wrong switch port capabilitie. PR1372966

  • Traffic is discarded silently with indirect next hop and load balancing. PR1376057

  • The IRB interface does not go down when the master chassis is rebooted or halted. PR1381272

Routing Protocols

  • The mcsnoopd process generates a core file at __raise,abort,__task_quit__,task_quit,task_terminate_timer_callback,task_timer_dispatch,task_scheduler_internal and (enable_slip_detector=true, no_exit=true) at ../../../../../../src/junos/lib/libjtask/base/task_scheduler.c:275. PR1305239

  • The OSPF routes cannot be installed to the routing table until the lsa-refresh timer expires. PR1316348

  • The BGP peer is not established after Routing Engine switchover when BFD is enabled and a graceful restart is performed. PR1324475

  • IGMP snooping might be enabled unexpectedly. PR1327048

Virtual Chassis

  • On EX4300 FRU, the removal insertion trap is not generated for nonmaster (backup or line card) FPCs. PR1293820

Resolved Issues: 17.2R2

Class of Service (CoS)

  • On QFX5100, EX4300, or EX4600, traffic might be dropped when there is more than one forwarding class under the [forwarding-class-sets] hierarchy. PR1255077

General Routing

  • Clients not getting IP addresses or ports are programmed under an incorrect VLAN. PR1230073

  • The FPC might encounter errors and stop forwarding traffic. PR1249375

  • EX9200: EVPN active/active ARP is not resolving on hosts. PR1267769

  • After MACsec link flaps, traffic stops forwarding across the MACsec link. PR1269229

  • The l2ald memory might leak for every IPv6 ND message it receives from peer the MC-LAG, and it does not free the memory allocated. PR1277203

  • An l2ald crash occurs with no apparent trigger. PR1302344


  • On an EX4300 egress VLAN-based firewall filter on a Q-in-Q interface, after a switch reboot, firewall counters might not increment as expected. PR1165450

  • The EX4300 aggregated interface goes down when the interface member VLAN is PVLAN and LACP is enabled. PR1264268

Interfaces and Chassis

  • An interface explicitly disabled under RSTP is blocked under some conditions. PR1266035

Junos Fusion Enterprise

  • EX4300 running Junos OS Release 17.1R1 cannot be converted on satellite mode. PR1267767

  • With show ethernet-switching table a few entries are stuck in DLR state after l2-learning restart. PR1268619

  • VRRP split brain in dual access device Junos Fusion. PR1293030

  • An access device without a cascade port cannot reach hosts over ICL link if they are authenticated by dot1x in a different VLAN than the default (manually assigned) VLAN. PR1298880

Platform and Infrastructure

  • Layer 3 protocol packets are not being sent out from the switch. PR1226976

  • Preboot Execution Environment (PXE) unicast ACK packet isdropped on EX4300. PR1230096

  • Traffic is not forwarded through GRE tunnel on EX4300 in some cases. PR1254638

  • Unexpected Packet Forwarding Enginer manager (pfex) restart is seen on RE switchover. PR1258863

  • The mismatch of vlan-id between an interface IFL and VLAN config might result in traffic blackhole. PR1259310

  • On the EX4300 Virtual Chassis, the FPC might crash and a pfex core file might be generated. PR1261852

  • IPv6 neighbor solicitation messages are dropped when MLD snooping is enabled on EX4300. PR1263535

  • The l2ald process might crash when many dot1x clients are being re-authenticated. PR1269945

  • On EX4300, CPU usage related to pfex_junos increases because of DHCP relay traffic. PR1276995

Routing Protocols

  • The BGP session might flap during ISSU, resulting in 40-50 seconds of dropped traffic. PR1247937

Virtual Chassis

  • When you add an EX4300 switch to the VCF, the following error message is seen: ?ch__map_alarm_id alarm ignored: object 0x7e reason?. PR1234780

VLAN Infrastructure

  • VLAN association is not being updated in the Ethernet switching table when the device is configured in single supplicant mode. PR1283880

Resolved Issues: 17.2R1

Interfaces and Chassis

  • MPC might crash during ISSU from Junos OS Release 15.1R1 to a later release when QSFP/CXP/CFP2 optics are present. PR1216924

Network Management and Monitoring

  • After the rebooting of the Virtual Chassis, authentication of SNMPv3 users fails due to the change of the local engine ID. PR1256166

Platform and Infrastructure

  • The egress PE device (EX4300) sends out LLDP frames toward the CE device with the destination MAC address of 01:00:0c:cd:cd:d0, which is a duplicated frame and rewritten by the ingress (PE) device. PR1251391

Port Security

  • On EX4600 switches and Virtual Chassis, MACsec connections are deleted randomly after a switch reboot, optics removal, deactivation or activation of a MACsec configuration, or fxpc process restart. PR1234447

Routing Protocols

  • The BGP session might flap during ISSU, resulting in 40-50 seconds of dropped traffic. PR1247937

Documentation Updates

There are no errata or changes in Junos OS Release 17.2R3 for the EX Series switches documentation.

Migration, Upgrade, and Downgrade Instructions

This section contains the upgrade and downgrade support policy for Junos OS for the EX Series. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network. For information about software installation and upgrade, see the Installation and Upgrade Guide.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release, even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 16.1, 16.2 and 17.1 are EEOL releases. You can upgrade from Junos OS Release 16.1 to Release 16.2 or even from Junos OS Release 16.1 to Release 17.1. However, you cannot upgrade directly from a non-EEOL release that is more than three releases ahead or behind.

To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information on EEOL releases and to review a list of EEOL releases, see

Product Compatibility

Hardware Compatibility

To obtain information about the components that are supported on the devices, and the special compatibility guidelines with the release, see the Hardware Guide for the product.

To determine the features supported on EX Series switches in this release, use the Juniper Networks Feature Explorer, a Web-based application that helps you to explore and compare Junos OS feature information to find the right software release and hardware platform for your network. Find Feature Explorer at

Hardware Compatibility Tool

For a hardware compatibility matrix for optical interfaces and transceivers supported across all platforms, see the Hardware Compatibility tool.