New and Changed Features
This section describes the new features and enhancements to existing features in the Junos OS main release and the maintenance releases for EX Series.
The following EX Series switches are supported in Release 17.2R2: EX4300, EX4600, and EX9200.
In Junos OS Release 17.2R2, J-Web is supported on the EX4300 and EX4600 switches in both standalone and Virtual Chassis setup.
The J-Web distribution model being used provides two packages:
Platform package—Installed as part of Junos OS; provides basic functionalities of J-Web.
Application package—Optionally installable package; provides complete functionalities of J-Web.
For details about the J-Web distribution model, see Release Notes: J-Web Application Package Release 17.2A1 for EX4300 and EX4600 Switches.
Release 17.2R2 New and Changed Features
There are no new features or enhancements to existing features for EX Series in Junos OS Release 17.2R2.
Release 17.2R1 New and Changed Features
Authentication, Authorization, and Accounting (AAA) (RADIUS)
Authentication order with priority (EX4300 switches)—Starting in Junos OS Release 17.2R1, you can configure EX4300 switches not to trigger re-authentication for a client that has been authenticated using MAC RADIUS authentication or captive portal authentication. If the switch receives an EAP-Start message from an authenticated client, the switch typically responds with an EAP-Request message, which triggers re-authentication using 802.1X authentication. You can use the eapol-block statement to configure the switch to ignore EAP-Start messages sent by a client that has been authenticated using MAC RADIUS authentication or captive portal authentication, and maintain the existing authentication session for the client.
Protected Extensible Authentication Protocol (PEAP) for MAC RADIUS authentication (EX4300 switches)—Starting in Junos OS Release 17.2R1, you can configure the Protected Extensible Authentication Protocol (PEAP) as the authentication method for MAC RADIUS authentication. PEAP is a protocol that encapsulates EAP packets within an encrypted and authenticated Transport Layer Security (TLS) tunnel. The inner authentication protocol, used to authenticate the client's MAC address inside the tunnel, is the Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAPv2). The encrypted exchange of information inside the tunnel ensures that user credentials are safe from eavesdropping.
EVPN proxy ARP and ARP suppression (EX9200 switches)—Starting with Junos OS Release 17.2R1, EX9200 switches that function as provider edge (PE) devices in an Ethernet VPN-MPLS (EVPN-MPLS) or Ethernet VPN-Virtual Extensible LAN (EVPN-VXLAN) environment support proxy Address Resolution Protocol (ARP) and ARP suppression. The proxy ARP and ARP suppression capabilities are enabled by default. For both features to work properly, the configuration of an integrated and routing (IRB) interface on the PE device is required.
IRB interfaces configured on a PE device deliver ARP requests from both local and remote customer edge (CE) devices. When a PE device receives an ARP request from a CE device, the PE device searches its media access control (MAC)-IP address bindings database for the requested IP address. If the PE device finds the MAC-IP address binding in its database, it responds to the request. If the device does not find the MAC-IP address binding, it swaps the source MAC address in the request with the MAC address of the IRB interface on which the request was received and sends the request to all interfaces.
Even when a PE device responds to an ARP request, ARP packets might still be flooded across the WAN. ARP suppression prevents this flooding from occurring.
Layer 3 Features
Port-based LAN broadcast traffic forwarding (port helpers) for multiple destination servers (EX4300 switches and Virtual Chassis)—Starting in Junos OS Release 17.2R1, you can configure port helpers on EX4300 switches and EX4300 Virtual Chassis on a per-port basis for multiple destination servers. Port helpers are port-based filters that listen on configured UDP ports for incoming LAN broadcast traffic, and forward those packets to configured destination servers as unicast traffic. Configure port helper filters using the forwarding-options helpers port port-number configuration statement with any of the following scopes:
Global—Match incoming broadcast traffic on any interface for a configured port, and forward the traffic to the configured server:
set forwarding-options helpers port port-number server server-ip-address
VLAN-specific—Match incoming broadcast traffic on an IRB interface for a configured port, and forward the traffic to the configured server:
set forwarding-options helpers port port-number interface irb-interface-name server server-ip-address
Interface-specific—Match incoming broadcast traffic on a Layer 3 interface for a configured port, and forward the traffic to the configured server:
set forwarding-options helpers port port-number interface interface-name server server-ip-address
Support for device family and release in Junos OS YANG modules (EX Series)—Starting in Junos OS Release 17.2, Junos OS YANG modules are specific to a device family, and each module’s namespace includes the module name, device family, and Junos OS release string. Furthermore, each
juniper-commandmodule uses its own unique module name as the module’s prefix. Device families include
Support for static multicast route leaking for VRF and virtual-router instances (QFX5100 and EX4300 switches)—Starting in Junos OS Release 17.2R1, you can configure your switch to share IPv4 multicast routes among different virtual routing and forwarding (VRF) instances or different virtual-router instances. On EX4300 switches, multicast route leaking is supported only when the switch functions as a line card in a Virtual Chassis, not as a standalone switch. Only multicast static routes with a destination-prefix length of /32 are supported for multicast route leaking. Only Internet Group Management Protocol version 3 is supported. To configure multicast route leaking for VRF or virtual-router instances , include the next-table routing-instance-name.inet.0 statement at the [edit routing-instances routing-instance-name routing-options static route destination-prefix/32] hierarchy level. For routing–instance-name, include the name of a VRF or virtual-router instance. This feature was previously introduced in Junos OS Release 14.X53-D40.
Network Management and Monitoring
SNMP support for monitoring tunnel statistics (EX Series)—Starting in Junos OS Release 17.2R1, SNMP MIB jnxTunnelStat supports monitoring of tunnel statistics for IPV4 over IPV6 tunnels. This is a new enterprise-specific MIB, Tunnel Stats MIB, that currently displays three counters: tunnel count in rpd, tunnel count in Kernel, and tunnel count in the Packet Forwarding Engine. This MIB can be extended to support other tunnel statistics. The MIB is defined in jnx-tunnel-stats.txt. This MIB is attached to jnxMibs.
Dynamic power management (EX9200 switches)—Starting with Junos OS Release 17.2R1, EX9200 switches support dynamic power management.