Junos OS Release Notes for EX Series Switches


These release notes accompany Junos OS Release 17.4R2 for the EX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

New and Changed Features

This section describes the new features and enhancements to existing features in Junos OS Release 17.4R2 for the EX Series.


The following EX Series switches are supported in Release 17.4R2: EX4300, EX4600, and EX9200.


In Junos OS Release 17.4R2, J-Web is supported on the EX4300 and EX4600 switches in both standalone and Virtual Chassis setup.

The J-Web distribution model being used provides two packages:

  • Platform package—Installed as part of Junos OS; provides basic functionalities of J-Web.

  • Application package—Optionally installable package; provides complete functionalities of J-Web.

For details about the J-Web distribution model, see Release Notes: J-Web Application Package Release 17.4A1 for EX4300 and EX4600 Switches.

Release 17.4R2 New and Changed Features


  • EVPN proxy ARP and ARP suppression without IRB interfaces (MX Series routers with MPCs, EX9200 switches)—MX Series routers and EX9200 switches that function as provider edge (PE) devices in an Ethernet VPN-MPLS (EVPN-MPLS) or EVPN-Virtual Extensible LAN (EVPN-VXLAN) environment support the proxy Address Resolution Protocol (ARP) and ARP suppression. Both ARP capabilities are enabled by default.

    Starting with Junos OS Release 17.4R2, these features no longer require the configuration of an IRB interface on the PE device. Any interface configured on a PE device can now deliver ARP requests from both local customer edge (CE) devices only. Proxy ARP and ARP suppression are not supported on remote CE devices.

    Also, you can now control the following aspects of the MAC-IP address bindings database on a PE device:

    • The maximum number of MAC-IP address entries in the database.

    • The amount of time a locally learned MAC-IP address binding remains in the database.

    [See EVPN Proxy ARP and ARP Suppression.]

Restoration Procedures and Failure Handling

  • Device recovery mode support introduced in Junos OS with upgraded FreeBSD (EX Series)—Starting in Junos OS Release 17.4R2, devices running Junos OS with an upgraded FreeBSD and a saved rescue configuration have an automatic device recovery mode should the system go into amnesiac mode. The new process has the system automatically reboot with the saved rescue configuration. Then the system displays "Device is in recovery mode” in the CLI (in both operational and configuration modes). Previously, there was no automatic process to recover from amnesiac mode. A user with load and commit permission had to log in using the console and fix the issue in the configuration before the system would reboot.

    [See Saving a Rescue Configuration File.]

Release 17.4R1 New and Changed Features


  • Aggregation device support on EX9200 with EX9200-RE2 routing engine (Junos Fusion Enterprise)—Starting with Junos OS Release 17.4, EX9200 switches with the EX9200-RE2 Routing Engine module are supported as aggregation devices in a Junos Fusion Enterprise. The EX9200-RE2 module supports virtual machine (VM) architecture in an EX9200 switch.

    [See Understanding Junos Fusion Enterprise Software and Hardware Requirements.]

Authentication, Authorization and Accounting (AAA)

  • Periodic refresh of authorization profile on TACACS server (EX Series)—Starting with Junos OS Release 17.4R1, periodic refresh of the authorization profile that is received from the TACACS server is supported. The authorization profile that is configured for the user on the TACACS server is sent to the Junos OS device after the user is successfully authenticated. The authorization profile is stored locally on the Junos OS device. With the periodic refresh feature, the authorization profile is periodically fetched from the TACACS server to refresh the authorization profile that is stored locally. User authorization is reevaluated using the refreshed authorization profile.

    [See Configuring Periodic Refresh of the TACACS+ Authorization Profile.]


  • EVPN-MPLS interworking with Junos Fusion Enterprise and MC-LAG (EX9200 switches)—Starting with Junos OS Release 17.4R1, you can use Ethernet VPN (EVPN) to extend your Junos Fusion Enterprise or MC-LAG network over an MPLS network. Typically, Junos Fusion Enterprise is extended to a geographically distributed campus or enterprise network, while an MC-LAG network is extended to a data center network or geographically distributed campus or enterprise network.

    The EVPN-MPLS interworking feature offers the following benefits:

    • Ability to use separate virtual routing and forwarding (VRF) instances to control inter-VLAN routing.

    • VLAN translation.

    • Default Layer 3 virtual gateway support, which eliminates the need to run such protocols as Virtual Router Redundancy Protocol (VRRP).

    • Load balancing to better utilize both links when using EVPN multihoming.

    • The use of EVPN type 2 advertisement routes (MAC+IP) reduces the need for flooding domains with ARP packets.

    [See Understanding EVPN-MPLS Interworking with Junos Fusion Enterprise and MC-LAG.]

  • Support for duplicate MAC address detection and suppression (EX9200 switches)— When a MAC address relocates, PE devices can converge on the latest location by using sequence numbers in the extended community field. Misconfigurations in the network can lead to duplicate MAC addresses. Starting in Junos OS Release 17.4R1, Juniper supports duplicate MAC address detection and suppression.

    You can modify the duplicate MAC address detection settings on the switch by configuring the detection window for identifying duplicate MAC address and the number of MAC address moves detected within the detection window before duplicate MAC detection is triggered and the MAC address is suppressed. In addition, you can also configure an optional recovery time that the switch waits before the duplicate MAC address is automatically unsuppressed.

    To configure duplicate MAC detection parameters, use the detection-window, detection-threshold, and auto-recovery-time statements at the [edit routing instance routing-instance-name protocols evpn duplicate-mac-detection] hierarchy level.

    To clear duplicate MAC suppression manually, use the clear evpn duplicate-mac-suppression command.

    [See Overview of MAC Mobility. ]

Junos OS XML API and Scripting

  • Automation script library additions and upgrades (EX Series)—Starting in Junos OS Release 17.4R1, devices running Junos OS include new and upgraded Python modules as well as upgraded versions of Junos PyEZ and libslax. On-box Python automation scripts can use features supported in Junos PyEZ Release 2.1.4 and earlier releases to perform operational and configuration tasks on devices running Junos OS. Python automation scripts can also leverage new on-box Python modules including ipaddress, jxmlease, pyang, serial, and six, as well as upgraded versions of existing modules. In addition, SLAX automation scripts can include features supported in libslax release 0.22.0 and earlier releases.

    [See Overview of Python Modules Available on Devices Running Junos OS and libslax Distribution Overview.]

Layer 2 Features

  • Layer 2 protocol tunneling support (EX4600 switches and Virtual Chassis)—Starting with Junos OS Release 17.4R1, Layer 2 protocol tunneling (L2PT) is supported on EX4600 switches and EX4600 Virtual Chassis. You can configure the switch to tunnel any of the following Layer 2 protocols: CDP, E-LMI, GVRP, IEEE 802.1X, IEEE 802.3AH, LACP, LLDP, MMRP, MVRP, STP (including RSTP and MSTP), UDLD, VSTP, and VTP.

    [See Layer 2 Protocol Tunneling.]

  • Q-in-Q support on redundant trunk links using LAGs with link protection (EX4300 switches and Virtual Chassis)—Starting in Junos OS Release 17.4R1, Q-in-Q is supported on redundant trunk links (also called “RTGs”) using LAGs with link protection. Redundant trunk links provide a simple solution for network recovery when a trunk port on a switch goes down. In that case, traffic is routed to another trunk port, keeping network convergence time to a minimum.

    Q-in-Q support on redundant trunk links on a LAG with link protection also includes support for the following items:

    • Configuration of flexible VLAN tagging on the same LAG that supports the redundant links configurations

    • Multiple redundant-link configurations on one physical interface

    • Multicast convergence

    [See Q-in-Q Support on Redundant Trunk Links Using LAGs with Link Protection.]


  • Enhancements to LSP events sensor for Junos Telemetry Interface (EX4600 and EX9200 switches) —Starting with Junos OS Release 17.4R1, telemetry data streamed through gRPC for LSP events and properties is reported separately for each routing instance. To export data for LSP events and properties, you must now include /network-instances/network-instance/[name_'instance-name']/ in front of all supported paths. For example, to export LSP events for RSVP Signaling protocol attributes, use the following path: /network-instances/network-instance[name_'instance-name']/mpls/signaling-protocols/rsvp-te/. Use the telemetrySubscribe RPC to specify telemetry parameters and provision the sensor. If your device is running a version of Junos OS with an upgraded FreeBSD kernel, you must download the Junos Network Agent software package, which provides the interfaces to manage gRPC subscriptions.

    [See Guidelines for gRPC Sensors.]

  • Support for multiple, smaller configuration YANG modules (EX Series)—Starting in Junos OS Release 17.4R1, the YANG module for the Junos OS configuration schema is split into a root configuration module that is augmented by multiple, smaller modules. The root configuration module comprises the top-level configuration node and any nodes that are not emitted as separate modules. Separate, smaller modules augment the root configuration module for the different configuration statement hierarchies. Smaller configuration modules enable YANG tools and utilities to more quickly and efficiently compile and work with the modules, because they only need to import the modules required for the current operation.

    [See Understanding the YANG Modules That Define the Junos OS Configuration.]

  • Enhancement to BGP sensor for Junos Telemetry Interface (EX4600 and E9200 switches)—Starting with Junos OS Release 17.4R1, you can specify to export the number of BGP peers in a BGP group for telemetry data exported through gRPC. To export the number of BGP peers for a group, use the following OpenConfig path: /network-instances/network-instance[name_'instance-name']/protocols/protocol/

    . The BGP peer count value exported reflects the number of peering sessions in a group. For example, for a BGP group with two devices, the peer count reported is 1 (one) because each group member has one peer. To provision the sensor to export data through gRPC, use the telemetrySubcribe RPC to specify telemetry parameters.

    [See Guidelines for gRPC Sensors.]


  • MLD snooping versions 1 and 2 (EX4600 switches and Virtual Chassis)—Starting with Junos OS Release 17.4R1, EX4600 switches and EX4600 Virtual Chassis support Multicast Listener Discovery (MLD) snooping version 1 (MLDv1) and version 2 (MLDv2). MLD snooping constrains the flooding of IPv6 multicast traffic on VLANs. When MLD snooping is enabled on a VLAN, the switch examines MLD messages encapsulated within ICMPv6 packets transferred between hosts and multicast routers. The switch learns which hosts are interested in receiving traffic for a multicast group and forwards multicast traffic only to those interfaces in the VLAN that are connected to interested receivers instead of flooding the traffic to all interfaces. You configure MLD snooping parameters and enable MLD snooping using configuration statements at the [edit protocols] mld-snooping vlan vlan-name hierarchy.

    [See Understanding MLD Snooping on Switches.]

Routing Protocols

  • Support for EBGP route server (EX Series)—Starting in Junos OS Release 17.4R1, BGP feature is enhanced to support EBGP route server functionality. A BGP route server is the external BGP (EBGP) equivalent of an internal IBGP (IBGP) route reflector that simplifies the number of direct point-to-point EBGP sessions required in a network. EBGP route server propagates unmodified BGP routing information between external BGP peers to facilitate high scale exchange of routes in peering points such as Internet Exchange Points (IXPs). When BGP is configured as a route server, EBGP routes are propagated between peers unmodified, with full attribute transparency (NEXT_HOP, AS_PATH, MULTI_EXIT_DISC, AIGP, and Communities).

    The BGP JET bgp_route_service.proto API has been enhanced to support route server functionality as follows:

    • Program the EBGP route server.

    • Inject routes to the specific route server RIB for selectively advertising it to the client groups in client-specific RIBs.

    The BGP JET bgp_route_service.proto API includes a peer-type object that identifies individual routes as either EBGP or IBGP (default).

    [See BGP Route Server Overview.]

  • Support for importing IGP topologies into BGP-LS (EX Series)—Starting in Junos OS Release 17.4R1, you can import IGP, that is IS-IS and OSPF topologies into BGP-LS. Prior to Junos OS Release 17.4R1, Junos OS BGP-LS implementation exports only Traffic Engineering enabled (RSVP-enabled) links. This feature allows you to export IGP links (that do not have RSVP enabled) and Traffic Engineering enabled links into BGP-LS.

Software Installation and Upgrade

  • Configuration validation for image upgrade or downgrade (EX4300)—Starting in Junos OS Release 17.4R1, when you install a new version of Junos OS on the switch, the system validates that the existing configuration is compatible with the new image. Without the validation feature, configuration incompatibilities or insufficient memory to load the new image might cause the system to lose its current configuration or go offline. With the validation feature, if validation fails, the new image is not loaded, and an error message provides information about the failure.

    Image validation is supported only on the jinstall package.

    If you invoke validation from an image that does not support validation, the new image is loaded but validation does not occur.

    Invoke validation by issuing either request system software add or request system software nonstop-upgrade. You can also issue request system software validate to run just configuration validation.

    Image validation does not work in a downgrade from Release 17.4 to 17.2 or earlier if graceful switchover is enabled and image loading is done without NSSU. Use one of the following options:

    • To downgrade with graceful switchover but without image validation—Issue the request system software add image-name reboot no-validate command.

    • To downgrade with image validation but without graceful switchover—Remove the graceful-switchover configuration and then issue the request system software add image-name reboot command.

    • To downgrade with image validation and graceful switchover—Use NSSU by issuing the request system software nonstop-upgrade image-name command.

    [See Understanding Software Installation on EX Series Switches.]

Changes in Behavior and Syntax

This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands from Junos OS Release 17.4R2 for the EX Series.


  • Change to show vlans evpn command (EX9200 switches)—Starting with Junos OS Release 17.4R2, the show vlans evpn command is replaced by the show ethernet-switching evpn command.


  • Changes to Junos OS YANG module naming conventions (EX Series)—Starting in Junos OS Release 17.4R1, the native Junos OS YANG modules use a new naming convention for the module's name, filename, and namespace. The module name and filename include the device family and the area of the configuration or command hierarchy to which the schema in the module belongs. In addition, the module filename includes a revision date. The module namespace is simplified to include the device family, the module type, and an identifier that is unique to each module and that differentiates the namespace of the module from that of other modules.

    [See Understanding Junos OS YANG Modules.]

Network Management and Monitoring

  • Change in default log level setting (EX Series)—In Junos OS Release, 17.4R1, the following changes were made in default logging levels:

    Before this change:

    • SNMP_TRAP_LINK_UP was LOG_INFO for both the physical (IFD) and logical (IFL) interfaces.

    • SNMP_TRAP_LINK_DOWN was LOG_WARNING for both the physical (IFD) and logical (IFL) interfaces.

    After this change:

    • IFD LinkUp -> LOG_NOTICE (because this is an important message but less frequent)

    • IFL LinkUp -> LOG_INFO (no change)

    • IFD and IFL LinkDown -> LOG_WARNING (no change)

    [See the MIB Explorer.]

  • SNMP syslog messages changed (EX Series)—Starting in Junos OS Release 17.4R1, two misleading SNMP syslog messages have been rewritten to accurately describe the event:

    • OLD --AgentX master agent failed to respond to ping. Attempting to re-register

      NEW –- AgentX master agent failed to respond to ping, triggering cleanup!

    • OLD –- NET-SNMP version %s AgentX subagent connected

      NEW --- NET-SNMP version %s AgentX subagent Open-Sent!

    [See the SNMP MIB Explorer.]

  • New context-oid option for trap-options configuration statement to distinguish the traps that come from a non-default routing instance with a non-default logical system (EX Series)—Starting in Junos OS Release 17.4R2, a new option, context-oid, for the trap-options statement allows you to handle prefixes such as <routing-instance name>@<trap-group> or <logical-system name>/<routing-instance name>@<trap-group> as an additional varbind.

    [See trap-options.]


  • Support for logging SSH key changes—Starting with Junos OS Release 17.4R1, the configuration statement log-key-changes is introduced at the [edit system services ssh ] hierarchy level. When log-key-changes configuration statement is enabled and committed (with the commit command in configuration mode), Junos OS logs the changes to the set of authorized SSH keys for each user (including the keys that were added or removed). Junos OS logs the differences since the last time log-key-changes was enabled. If log-key-changes was never enabled, then Junos OS logs all the authorized SSH keys.

Software Licensing

  • Key generator adds one day to make the duration of license show as 365 days (EX Series)—Starting in Junos OS Release 17.4R1, the duration of subscription licenses as generated by the show system license command and shown in the output is correct to the numbers of days. Before this fix, for example, for a 1-year subscription license, the duration was generated as 364 days. After the fix, the duration of the 1-year subscription now shows as 365 days.

    [See show system license.]

Subscriber Management and Services

  • DHCPv6 lease renewal for separate IA renew requests (EX Series)—Starting in Junos OS Release 17.4R2, the jdhcpd process handles the second renew request differently if the DHCPv6 client CPE device does both of the following:

    • Initiates negotiation for both the IA_NA and IA_PD address types in a single solicit message.

    • Sends separate lease renew requests for the IA_NA and the IA_PD and the renew requests are received back-to-back.

    The new behavior is as follows:

    1. When the reply is received for the first renew request, if a renew request is pending for the second address type, the client stays in the renewing state, the lease is extended for the first IA, and the client entry is updated.

    2. When the reply is received for the second renew request, the lease is extended for the second IA and the client entry is updated again.

    In earlier releases:

    1. The client transitions to the bound state instead of staying in the renewing state. The lease is extended for the first IA and the client entry is updated.

    2. When the reply is received for the second renew request, the lease is not renewed for the second address type and the reply is forwarded to the client. Consequently, when that lease ages out, the binding for that address type is cleared, the access route is removed, and subsequent traffic is dropped for that address or address prefix.

    [See Using DHCPv6 IA_NA with DHCPv6 Prefix Delegation Overview.]

Virtual Chassis

  • New configuration option to disable automatic Virtual Chassis port conversion (EX4300 and EX4600 Virtual Chassis)—Starting in Junos OS Release 17.4R2, you can use the no-auto-conversion statement at the [edit virtual-chassis] hierarchy level to disable automatic Virtual Chassis port (VCP) conversion in an EX4300 or EX4600 Virtual Chassis. Automatic VCP conversion is enabled by default on these switches. When automatic VCP conversion is enabled, if you connect a new member to a Virtual Chassis or add a new link between two existing members in a Virtual Chassis, the ports on both sides of the link are automatically converted into VCPs when all of the following conditions are true:

    • LLDP is enabled on the interfaces for the members on both sides of the link. The two sides exchange LLDP packets to accomplish the port conversion.

    • The Virtual Chassis must be preprovisioned with the switches on both sides of the link already configured in the members list of the Virtual Chassis using the set virtual-chassis member command.

    • The ports on both ends of the link are supported as VCPs and are not already configured as VCPs.

    Automatic VCP conversion is not needed when using default-configured VCPs on both sides of the link to interconnect two members. On both ends of the link, you can also manually configure network or uplink ports that are supported as VCPs, whether or not the automatic VCP conversion feature is enabled.

    Deleting the no-auto-conversion statement from the configuration returns the Virtual Chassis to the default behavior, which reenables automatic VCP conversion.

    [See no-auto-conversion].

Known Behavior

This section lists known behavior, system maximums, and limitations in hardware and software in Junos OS Release 17.4R2 for the EX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

High Availability (HA) and Resiliency

  • During a nonstop software upgrade (NSSU) on an EX4300 Virtual Chassis, a traffic loop or loss might occur if the Junos OS software version that you are upgrading and the Junos OS software version that you are upgrading to use different internal message formats. PR1123764


  • The issue is specific to a downgrade(17.4T) and a core is seen only once during the downgrade because of a timing issue in the sdk toolkit upgradation, after which dcpfe recovers on its own and no issues are seen after that. PR1337008

Interfaces and Chassis

  • Configuring link aggregation group (LAG) hashing with the [edit forwarding-options enhanced-hash-key] inet vlan-id statement uses the VLAN ID in the hashing algorithm calculation. On some switching platforms, when this option is configured for a LAG that spans FPCs, such as in a Virtual Chassis or Virtual Chassis Fabric (VCF), packets are dropped due to an issue with using an incorrect VLAN ID in the hashing algorithm. As a result, the vlan-id hashing option is not supported in a Virtual Chassis or VCF containing any of the following members: EX4300, EX4600, QFX5100, or QFX5110 switches. Under these conditions, use any of the other supported enhanced-hash-key hashing configuration options instead. PR1293920

Platform and Infrastructure

  • On EX4300 and EX4600 switches, if a remote analyzer has an output IP address that is reachable through a route learned by BGP, the analyzer might be in a down state. PR1007963

  • On an EX4300 Virtual Chassis, when you perform an NSSU, there might be more than five seconds of traffic loss for multicast traffic. PR1125155

  • On EX4300 switches, when 802.1X single-supplicant authentication is initiated, multiple "EAP Request Id Frame Sent" packets might be sent. PR1163966

  • On EX4300 10G links, preexisting MACsec sessions might not come up after the following events: Process (pfex, dot1x) restart or system restart link flaps PR1294526

  • mcsnoopd might crash when all the core facing interfaces that are part of the L2 domain have flapped and it is attempting to flood a packet received over a CE interface, over the core-facing interfaces. PR1329694

Virtual Chassis

Known Issues

This section lists the known issues in hardware and software in Junos OS Release 17.4R2 for the EX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.


  • The set system ports console log-out-on-disconnect configuration statement does not work. PR1146891

  • When ML license is installed and if the master Routing Engine is operating at scale beyond the default limit, a ksyncd core file and a vmcore can be seen if gres configuration is enabled [while the master is scaling beyond the default limit]. PR1376362

Platform and Infrastructure

  • On an EX9200-12QS line card, interfaces with the default speed of 10-Gigabit Ethernet are not brought down even when the remote end of a connection is misconfigured as 40-Gigabit Ethernet. PR1175918

  • Various common situations lead to different views of forwarding information between kernel and Packet Forwarding Engines. For example, fpc7 KERNEL/PFE APP=NH OUT OF SYNC: error code 3 REASON: NH add received for an ifl that does not exist ERROR-SPECIFIC INFO: nh_id=562 , type = Hold, ifl index 334 does not exist TYPE-SPECIFIC INFO: none. There is no service impact observed in MPC2 and MPC3 type cards. PR1205593

  • On EX4300 switches, when a policer with the action of loss of priority is applied to the lo0 interface, all ICMP packets might be dropped. PR1243666

  • On EX4300 10G links, preexisting MACsec sessions might not come up after the following events: process (pfex, dot1x) restart or system restart link flaps. PR1294526

  • In Streaming Telemetry scenario, if commit full is performed, na-grpd daemon might restart causing disconnection of streaming telemetry. PR1326366

  • MPC5 - inline-ka PPP echo requests are not transmitted when anchor-point is lt-x/2/x or lt-x/3/x in a pseudowire deployment. PR1345727

Resolved Issues

This section lists the issues fixed in the Junos OS main release and the maintenance releases for the EX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 17.4R2

Authentication and Access Control

  • Macsec statistics display output is not proper. PR1355339


  • The traffic might get dropped as the core-facing interface is down. PR1343515

  • Proxy ARP might not work as expected in an EVPN environment. PR1368911

High Availability (HA) and Resiliency

  • When igmp-snooping and bpdu-block-on-edge are enabled, IP protocol multicast traffic sourced by the kernel (such as OSPF, VRRP, and so on) gets dropped in the Packet Forwarding Engine level. PR1301773


  • Unable to provide management when em0 interface of FPC is connected to another FPC L2 interface of the same Virtual Chassis. PR1299385

  • The file system might be corrupted multiple times during an image upgrade or a commit operation. PR1317250

  • The upgrade might fail if bad blocks are in the flash/filesystem and corruption occurs. PR1317628

  • PFC feature might not work on an EX4600. PR1322439

  • ifinfo core files can be created on an EX4600 Virtual Chassis. PR1324326

  • There is support for archiving dmesg file /var/run/dmesg.boot.PR1327021

  • Enabling mac-move-limit stops ping on flexible-vlan-tagging enabled interface. PR1357742

  • The dot1x filter might be removed from the Packet Forwarding Engine when static-mac-address ages out or is learned by eswd. PR1335125

Interfaces and Chassis

  • An identical IP address can be configured on different logical interfaces from different physical interfaces in the same routing instance (including the master routing instance). PR1221993

  • An EX4300 Virtual Chassis LACP flap is observed after rebooting a master FPC with PDT configurations PR1301338

  • The interface might not work properly after FPC restarts. PR1329896

  • The MAC address assigned to an aggregated Ethernet member interface is not the same as that of its parent aggregated Ethernet interface upon master node removal. PR1333734

  • An EX4600 MC-lAG is observed after the reboot of a VRRP master and backup There are also black holes in traffic to downstream switches. PR1345316

Platform and Infrastructure

  • After access is rejected, the dot1x process might crash due to a memory leak. PR1160059

  • The mismatch of VLAN-ID between an interface IFL and VLAN configuration might result in a traffic black hole. PR1259310

  • MACsec session cannot be recovered after physically flapping one link of an aggregated Ethernet. PR1283314

  • Performing load replace terminal and attempting to replace the interface stanza might terminate the current CLI session and leave the user session hanging. PR1293587

  • You might observe some eswd core files if apply-groups is configured under interface-range. PR1300709

  • Multicast receiver connected to EX4300 might not be able to get the multicast streaming. PR1308269

  • Traceroute is not working in an EX9200 device for routing instances running on Junos OS Release 17.1R3. PR1310615

  • Autonegotiation is not working as expected between an EX4300 and an SRX5800. PR1311458

  • Traffic loss is observed while performing NSSU. PR1311977

  • IGMP snooping might not learn a multicast router interface dynamically. PR1312128

  • PEM alarms and I2C failures are observed on EX9200 Series. PR1312336

  • The DHCP-security binding table might not get updated. PR1312670

  • Traffic going through an aggregated Ethernet interface might be dropped if there is a mastership change. PR1327578

  • A memory leak is seen for dot1xd. PR1313578

  • The Fan speed might frequently fluctuate between normal and full for MX Series platform. PR1316192

  • The interface with 1G SFP might go down if no-auto-negotiation is configured. PR1315668

  • Replace the show vlans evpn command to the show ethernet-switching evpn command for the EX9200 line of switches.. PR1316272

  • IGMPv3 on EX4300 does not have the correct outgoing interfaces in the Packet Forwarding Engine that are listed in the kernel. PR1317141

  • The L2cpd core files might be seen if the interface is disabled under VSTP and enabled under RSTP. PR1317908

  • The vmcore might be seen and the device might reboot after the ICL is changed from an aggregated Ethernet to a physical interface. PR1318929

  • High latency might be observed between a master Routing Engine and another FPC. PR1319795

  • VLAN might not be processed, which leads to improper STP convergence. PR1320719

  • Multicast traffic might not be forwarded to one of the receivers. PR1323499

  • MAC learning issue and new VLANs creation failure might happen for some VLANs on an EX4300 platform. PR1325816

  • The L2cpd might create a core file. PR1325917

  • Extra EAP request packets might be sent unnecessarily. PR1328390

  • EX4300 crashes when it receives more than 120kpps ARPs on me0 interface. PR1329430

  • EX Series switches do not send RADIUS request after modifying the interface-range configuration. PR1326442

  • The major alarm Fan & PSU Airflow direction mismatch might be seen by removing the management cable. PR1327561

  • The SNMP trap message is always sent out with log about Fan/Blower OK on an EX4300 Virtual Chassis switch. PR1329507

  • When exhausting a TCAM table, the filter might be incorrectly programmed. PR1330148

  • The Rpd process crashed and generated core files on the new backup Routing Engine at task_quit,task_terminate_timer_callback,task_timer_dispatch,task_scheduler after disabling NSR and GRES. PR1330750

  • The dot1xd might crash if ports in multi-supplicant mode flaps. PR1332957

  • The interface on which the VSTP is disabled by CLI might stay in the Discarding state after rebooting the device. PR1333684

  • STP BPDUs are not sent out on the other active child when the anchor FPC has no active child. PR1333872

  • MQSS errors and alarms might occur when the interface goes down. PR1334928

  • EX9208: vstp vlan all statement has created L2CPD core files are generated during Routing Engine switchover or commit. PR1341246

  • EX4300 storm control does not generate any action log after adding an RTG configuration. PR1335256

  • IGMP packets are forwarded out of an RTG backup interface. PR1335733

  • An L2cpd memory leak appears on EX Series platforms with VoIP configured. PR1337347

  • The show spanning-tree statistics bridge command output gives 0 for all VLAN instance IDs. PR1337891

  • MAC source address filter with the configuration statement accept-source-mac. does not work if MAC move limit is configured. PR1341520

  • MSTP might not work normally after permitting a commit. PR1342900

  • The filter might not be programmed in the Packet Forwarding Engine even though TCAM entries are available. PR1345296

  • Statistics daemon PFED might generate core files on an upgrade between certain releases. PR1346925

  • After the EX9200 FPC comes online, the other FPC CPU might use 100 percent and has traffic loss for about 30 seconds. PR1346949

  • On EX4300 or EX4600 switches the VLAN translation feature does not work for the control plane traffic. PR1348094

  • On EX4300 platforms, traffic drop might happen if LLC packets are received with DSAP and SSAP as 0x88 and 0x8e. PR1348618

  • Running RSI via console port might cause system crash and reboot. PR1349332

  • EX4600 detects a LATENCY OVER-THRESHOLD event with the incorrect value. PR1348749

  • Commit error observed if box is downgraded from Junos OS 18.2/18.3 release to Junos OS Release 17.3R3. PR1355542

  • On EX4300 platforms (Virtual Chassis and standalone) running Junos OS Release 16.1R5 or Junos OS Release 16.1R6, a firewall filter with a syslog option is unable to send syslog messages to the syslog server. PR1351548

  • A high usage chassis alarm in "/var" does not clear from the EX4300 Virtual Chassis when a file is copied from fpc1 (master) to fpc0 (backup). PR1354007

  • The ports using an SFP-T transceiver might still be up after system halt. PR1354857

  • The FPC might crash due to the memory leak caused by the VTEP traffic. PR1356279

  • Some interfaces cannot be added under STP configuration. PR1363625

  • On EX4300/EX4600 platforms, the l2ald process might crash in dot1x scenario. PR1363964

  • Packet Forwarding Engine might crash if encountering frequent MAC move. PR1367141

  • The request system zeroize non-interactively might not erase the configuration on EX4300. PR1368452

Routing Protocols

  • Observed mcsnoopd core file at __raise,abort,__task_quit__,task_quit,task_terminate_timer_callback,task_timer_dispatch,task_scheduler_internal (enable_slip_detector=true, no_exit=true) at ../../../../../../src/junos/lib/libjtask/base/task_scheduler.c:275.PR1305239

  • OSPF routes cannot be installed on the routing table until the lsa-refresh timer expires. PR1316348

  • BGP peer is not established after a Routing Engine switchover when graceful-restart and BFD are enabled. PR1324475

  • The igmp-snooping might be enabled unexpectedly. PR1327048

Resolved Issues: 17.4R1

Authentication, Authorization, and Accounting (AAA)

  • Dot1x crash on EX4300 can occur when traffic is flooded while a VLAN configuration commit is in progress PR1293011

Class of Service (CoS)

  • On EX4300 or EX4600, traffic might be dropped when there is more than one forwarding-class under forwarding-class-sets. PR1255077


  • An l2ald crash occurs with no apparent trigger. PR1302344


  • EX4300 aggregated Ethernet interface goes down when interface member VLAN is PVLAN and LACP is enabled. PR1264268

Junos Fusion Enterprise

  • CoS shaping is not happening properly according to the configured shaping rate. PR1268084

  • Request chassis satellite beacon functionality to specific SD is not working, causing all the SDs to enable the beacon LED. PR1272956

  • On Dual-AD JFE setup, while applying Routing Engine lo0 filters and setting the cascade port down on AD2, the SD goes to "ProvSessionDown" on that AD2 while it stays online on AD1. PR1275290

  • Issues are seen during conversion from Junos OS release to SNOS. PR1289809

  • VRRP has a split-brain in dual autodiscovery Junos Fusion. PR1293030

  • AD without cascade port cannot reach hosts over ICL link if they are authenticated by dot1x in a different VLAN than the default (manually assigned) VLAN. PR1298880

  • The dot1x authentication might fail in a Junos Fusion setup. PR1299532

  • IPv6 multicast is not forwarded over MC-LAG ICL interface until interface toggle. PR1301698

  • Dot1x might crash in a Junos Fusion setup with dual AD. PR1303909

  • All the dot1x sessions are removed when AUTO ICCP link is disabled. PR1307588

  • LACP aggregated Ethernet interfaces go to a down state when performing commit synchronize. PR1314561

Layer 2 Features

  • Feature swap-swap might not work as expected in Q-in-Q scenario. PR1297772

Network Management and Monitoring

  • The show snmp mib walk command used for jnxMIMstMstiPortState does not display anything in Junos OS Release 17.1R2 on the EX4600 platform. PR1305281

Platform and Infrastructure

  • Layer 3 protocol packets are not being sent out from the switch. PR1226976

  • PXE unicast ACK packets are dropped on EX4300. PR1230096

  • The EOAM LFM adjacency on EX9200 might flap when the unrelated MIC that is in the same MPC slot is brought online. PR1253102

  • The interface-range command cannot be used to set speed and autonegotiation properties for a group of interfaces. PR1258851

  • On EX4300 Virtual Chassis, a 10-Gigabit Ethernet VCP might not get a neighbor after a system reboot. PR1261363

  • CPU utilization for pfex_junos usage might go high if DHCP relay packets are coming continually. PR1276995

  • On EX4300 some functions of IPv6 Router Advertisement Guard do not work. PR1294260

  • ERROR: /dev/da0s1a is not a JUNOS snapshot is seen during system startup. PR1297888

  • On EX4300 switches, when unknown unicast ICMP packets are received by an interface, packets are routed, so TTL is decremented. PR1302070

  • On EX4300 Virtual Chassis, the FRU PSU removal and insertion traps are not generated for master or backup FPCs. PR1302729

Port Security

  • MACsec might not work on a 10-Gigabit Ethernet interface after the switch is rebooted. PR1276730

User Interface and Configuration

  • On EX4300, J-Web allows configuration of source-address-filter. PR1281290

Virtual Chassis

  • On EX4300 FRU removal/insertion trap not generated for non-master (backup/line card) FPCs. PR1293820

VLAN Infrastructure

  • VLAN association is not being updated in the Ethernet switching table when the device is configured in single supplicant mode. PR1283880

Documentation Updates

There are no errata or changes in Junos OS Release 17.4R2 for the EX Series switches documentation.

Migration, Upgrade, and Downgrade Instructions

This section contains the upgrade and downgrade support policy for Junos OS for the EX Series. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network. For information about software installation and upgrade, see the Installation and Upgrade Guide.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1, 17.2 and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3. However, you cannot upgrade directly from a non-EEOL release that is more than three releases ahead or behind.

To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see https://www.juniper.net/support/eol/junos.html.

Product Compatibility

Hardware Compatibility

To obtain information about the components that are supported on the devices, and the special compatibility guidelines with the release, see the Hardware Guide for the product.

To determine the features supported on EX Series switches in this release, use the Juniper Networks Feature Explorer, a Web-based application that helps you to explore and compare Junos OS feature information to find the right software release and hardware platform for your network. Find Feature Explorer at https://pathfinder.juniper.net/feature-explorer/.

Hardware Compatibility Tool

For a hardware compatibility matrix for optical interfaces and transceivers supported across all platforms, see the Hardware Compatibility tool.