Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for EX Series Switches


These release notes accompany Junos OS Release 18.2R3 for the EX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at

New and Changed Features

This section describes the new features and enhancements to existing features in the Junos OS main release and the maintenance releases for the EX Series.


The following EX Series switches are supported in Release 18.2R3: EX2300, EX3400, EX4300, EX4600, and EX9200.

Release 18.2R3 New and Changed Features

There are no new features or enhancements to existing features for EX Series in Junos OS Release 18.2R3.

Release 18.2R2 New and Changed Features

Port Security

  • Media Access Control security (MACsec) (EX4300-48MP)—Starting in Junos OS Release 18.2R2, MACsec is supported on EX4300-48MP switches. MACsec is an 802.1AE IEEE industry-standard security technology that provides secure communication for all traffic on point-to-point Ethernet links.

    [See Understanding Media Access Control Security (MACsec).]

Release 18.2R1 New and Changed Features


  • EX4300-48MP and EX4300-48MP-S switches—Starting with Junos OS Release 18.2R1, two new models of EX4300 switches are available—EX4300-48MP and EX4300-48MP-S switches. These models provide 24 built-in 10/100/1000BASE-T Ethernet network ports, 24 built-in 100/1000/2500/5000/10000BASE-T Ethernet network ports, and four built-in 40-Gigabit Ethernet quad small form-factor pluggable plus (QSFP+) ports that can house 40-Gigabit QSFP+ transceivers. The 24 built-in 10/100/1000BASE-T Ethernet network ports support 10 Mbps, 100 Mbps, and 1 Gbps speeds. The 24 built-in 100/1000/2500/5000/10000BASE-T Ethernet network ports support 100 Mbps, 1 Gbps, 2.5 Gbps, 5 Gbps, and 10 Gbps speeds. All network ports are equipped for PoE+ and provide up to 95 watts of power. The QSFP+ ports are configured as Virtual Chassis Ports (VCPs) by default. You can use them to connect the switches to other devices in a Virtual Chassis configuration.

    [See EX4300 Switch Hardware Guide.]

  • EX9253 switches—Starting with Junos OS Release 18.2R1, EX9253 switches are available as a modular switch. The switch has two dedicated slots for line cards and supports EX9253-6Q12C and EX9253-6Q12C-M line cards. The switch is available in two variants—with AC power supply and with DC power supply.

    [See EX9253 Switch Hardware Guide.]

Authentication and Access Control

  • Enhancement to NTP authentication method (EX4300)— Starting in Junos OS Release 18.2R1, Junos OS supports NTP authentication for both SHA-1 and SHA2-256, in addition to the existing NTP authentication method, MD5. You can now choose from among MD5, SHA-1, and SHA2-256 for synchronizing the clocks of Juniper Network routers, switches, and other security devices on the Internet. Using SHA-1 instead of MD5 improves the security of devices with very little impact to timing, while using SHA2-256 provides an increase in security over SHA-1.


    By default, network time synchronization is unauthenticated.

    To implement authentication, use set authentication-key <key_number> type at the [edit system ntp] hierarchy level.

    • To enable SHA-1 authentication, use set authentication key <key_number> type sha1 value <password> at the [edit system ntp] hierarchy level.

    • To enable SHA2-256 authentication, use set authentication key <key_number> type sha256 value <password> at the [edit system ntp] hierarchy level.

    [See authentication-key and Configuring NTP Authentication Keys].

Authentication, Authorization, and Accounting (AAA)

  • RADIUS over IPv6 (EX Series)—Starting with Junos OS Release 18.2R1, EX2300, EX3400, EX4600 and EX4300-48MP switches support IPv6 for user authentication, authorization, and accounting (AAA) using RADIUS servers, in addition to the existing IPv4 support. You can specify which source address Junos OS uses to contact an external RADIUS server. To configure an IPv6 source address for RADIUS authentication, include the source-address statement at the [edit system radius-server server-address] hierarchy level. To configure an IPv6 source address for RADIUS accounting, include the source-address statement at the [edit system accounting destination radius server server-address] hierarchy level.

    [See source-address.]

Class of Service (CoS)

  • Support for setting unique IEEE 802.1p code point for host-generated RPM packets (EX2300, EX3400, and EX4300)—You can already set the DSCP code point and IEEE 802.1p code point for all host-generated packets by setting the dscp-code-point code-point-value option at the [class-of-service host-outbound-traffic] hierarchy level, where the first three bits of the defined DSCP code point value are set as the IEEE 802.1p code point value. Starting with Junos OS Release 18.2R1, you can override this IEEE 802.1p code point value for host-generated RPM packets and set a separate value for these packets by setting the dscp-code-point code-point-value option at the [services rpm probe owner test test-name] hierarchy level, where again the first three bits of the defined DSCP code point value are set as the IEEE 802.1p code point value.

    [See dscp-code-point (Services).]

Dynamic Host Configuration Protocol (DHCP)

  • DHCP smart relay (EX4600)—Starting with Junos OS Release 18.2R1, you can configure alternative IP addresses for the gateway interface so that if the server fails to reply to the requests sent from the primary gateway address, the switch can resend the requests using alternative gateway addresses. To use this feature, you must configure an IRB interface or Layer 3 subinterface with multiple IP addresses and configure that interface as a relay agent.

    [See Configuring DHCP and BOOTP Relay.]


  • Note

    NSR and unified ISSU support for point-to-multipoint LSP for EVPN provider tunnel is documented but not supported in Junos OS Release 18.2R1.

    NSR and unified ISSU support for point-to-multipoint LSP for EVPN provider tunnel (EX9200)—Starting in Junos OS Release 18.2R1, Junos OS provides nonstop routing (NSR) and unified ISSU support for point-to-multipoint (P2MP) inclusive provider tunnels. This ensures that broadcast, unknown unicast, and multicast (BUM) packets continue after a Routing Engine switchover occurs when NSR is enabled.

    [See Understanding P2MPs LSP for the EVPN Inclusive Provider Tunnel].

  • IGMP snooping support for EVPN-MPLS (EX9200)—Starting with Junos OS Release 18.2R1, you can configure IGMP snooping on EX9200 switches in an Ethernet VPN (EVPN) over an MPLS network. Enabling IGMP snooping helps to constrain multicast traffic to interested receivers in a broadcast domain.

    Multicast sources and receivers in the EVPN instance (EVI) can each be single-homed to one provider edge (PE) device or multihomed (in all-active mode only) to multiple PE devices. When IGMP snooping is configured with multihomed receivers, IGMP state information is synchronized among peer PE devices by exchanging BGP EVPN Type 7 (Join Sync Route) and Type 8 (Leave Sync Route) network layer reachability information (NLRI). When PE devices receive multicast traffic from the EVPN core on a multihomed Ethernet segment (ES), only the designated forwarder (DF) PE device forwards the traffic, and the DF forwards the traffic only to interested receivers (selective multicast forwarding) based on IGMP snooping reports and BGP EVPN Type 7 routes. PE devices serving single-homed receivers also use selective multicast forwarding based on IGMP snooping reports to forward the traffic only to interested receivers, conserving network bandwidth.

    All PE devices perform inclusive multicast forwarding using ingress replication to forward multicast traffic into the EVPN core to reach all remote PE devices. Multicast traffic at Layer 3 is routed between bridge domains or VLANs using IRB interfaces.

    This feature is supported with multiple EVIs, multicast sources and receivers on the same or different sites, and IGMP snooping in proxy mode only.

    To enable IGMP snooping on PE devices in an EVPN instance, include the igmp-snooping proxy statement at the [edit routing-instances routing-instance-name protocols] or the [edit routing-instances routing-instance-name bridge-domain bridge-domain-name protocols] hierarchy level.

    For inter-VLAN multicast forwarding, PIM distributed DR (PIM DDR) mode must be enabled on all participating IRBs.

    EVPN and IGMP snooping operational mode commands can be used to view information learned from IGMP snooping messages or EVPN Type 7 and Type 8 messages.

    [See Overview of Multicast Forwarding with IGMP Snooping in an EVPN-MPLS Environment.]

  • Support for OSPF, IS-IS, BGP, and static routing on IRB interfaces in EVPN-VXLAN networks (EX Series)—Starting in Junos OS Release 18.2R1, you can configure OSPF, IS-IS, BGP, and static routing with Bidirectional Forwarding Detection (BFD) on an IRB interface that is used as a routed interface in EVPN. This allows protocol adjacencies to be established between an IRB on a Layer 3 gateway and a CE device and between an IRB on a Layer 3 gateway and a CE device connected to a Layer 2 leaf device in an EVPN-VXLAN network.

    [See Supported Protocols on an IRB Interface in EVPN-VXLAN].

  • Note

    This feature is documented but not supported in Junos OS Release 18.2R1

    EVPN P2MP bud node support (EX9200)—Starting in Junos OS Release 18.2R1, Junos OS supports configuring a point-to-multipoint (P2MP) label-switched path (LSP) as a provider tunnel on a bud node. The bud node functions both as an egress node and a transit node.

    To enable a bud node to support P2MP LSP, include the evpn p2mp-bud-support statement at the [edit routing-instances routing-instance-name protocols evpn] hierarchy level.

    [See Configuring Bud Node Support].

  • Layer 2 VXLAN gateway in EVPN-VXLAN overlay network (EX4600 switches)—By using a Layer 3 IP-based underlay network coupled with an Ethernet VPN-Virtual Extensible LAN (EVPN-VXLAN) overlay network, you can deploy larger networks than those possible with traditional Layer 2 Ethernet-based architectures. With overlay networks, endpoints (bare-metal servers [BMSs] or virtual machines [VMs]) can be placed anywhere in the network and remain connected to the same logical Layer 2 network, enabling the virtual topology to be decoupled from the physical topology.

    The physical underlay network over which EVPN-VXLAN is commonly deployed is a two-layer IP fabric, which includes spine and leaf devices. The spine devices provide connectivity between the leaf devices, and the leaf devices function as Layer 2 VXLAN gateways and provide connectivity to the attached endpoints. Starting with Junos OS Release 18.2R1, you can deploy EX4600 switches as leaf nodes in the EVPN-VXLAN overlay network.

    [See Understanding EVPN with VXLAN Data Encapsulation.]

  • EVPN-VXLAN support of Virtual Chassis (EX4600, and EX4600 Virtual Chassis)—Ethernet VPN (EVPN) supports multihoming active-active mode, which enables a host to be connected to two leaf devices through a Layer 2 LAG interface. Starting with Junos OS Release 18.2R1, the two leaf devices can be EX4600 standalone switches or EX4600 switches configured as a Virtual Chassis.

    On each leaf device, the LAG interface is configured with the same Ethernet segment identifier (ESI) for the host. The two leaf devices on which the same ESI is configured are peers to each other.

    [See EVPN-VXLAN Support of Virtual Chassis and Virtual Chassis Fabric].

  • Tunneling Q-in-Q traffic through an EVPN-VXLAN overlay network (EX4600 switches)—Starting in Junos OS Release 18.2R1, EX4600 switches that function as Layer 2 VXLAN tunnel endpoints (VTEPs) can tunnel single-tagged and double-tagged Q-in-Q packets through an Ethernet VPN-Virtual Extensible LAN (EVPN-VXLAN) overlay network. In addition to tunneling Q-in-Q packets, the ingress and egress VTEPs can perform the following Q-in-Q actions:

    • Delete, or pop, an outer service VLAN (S-VLAN) tag from an incoming packet.

    • Add, or push, an outer S-VLAN tag onto an outgoing packet.

    • Map a configured range of customer VLAN (C-VLAN) IDs to an S-VLAN.


      EX4600 switches do not support the pop and push actions with a configured range of VLANs.

    The ingress and egress VTEPs support the tunneling of Q-in-Q packets and the Q-in-Q actions in the context of specific traffic patterns.

    [See Examples: Tunneling Q-in-Q Traffic in an EVPN-VXLAN Overlay Network.]

Interfaces and Chassis

  • Support for hyper mode to increase packet processing rate on line cards with enhanced MPCs (EX9200 switches)—Starting in Junos OS Release 18.2R1, EX9200 line cards that include enhanced MPCs (such as MPC4E and MPC5E) support the hyper mode feature. Enabling the hyper mode feature increases the rate at which a data packet is processed, which results in the optimization of the lifetime of a data packet. Optimization of the data packet lifetime enables better performance and throughput.


    You can enable hyper mode only if the network-service mode on the switch is configured as either enhanced-ip or enhanced-ethernet. Also, you cannot enable the hyper mode feature for a specific Packet Forwarding Engine on an MPC—that is, when you enable the feature, it is applicable for all Packet Forwarding Engines on the switch.

    When you enable the hyper mode feature, the following actions and features are not supported:

    • Creating Virtual Chassis.

    • Padding Ethernet frames with VLANs.

    • Sending Internet Control Message Protocol (ICMP) redirect messages.

    • Terminating or tunneling subscriber-based services.

    [See Understanding the Hyper Mode Feature on Enhanced MPCs for MX Series Routers and EX9200 Switches.]

  • Multi-rate and non-multi-rate support (EX4300-MP switches)—Starting in Junos OS Release 18.2R1, you can configure an interface to support multiple speeds on EX4300-MP switches. The interfaces now support 2.5G, 5G, and 10G speeds. In previous releases, interfaces supported only 100M and 1G speeds.

    The naming convention for multi-rate interfaces (including 100M and 1G) is “mge-n/n/n”. The differentiation between multi-rate interfaces and 1G interfaces is based on the speed values. The front panel ports have different color coding to differentiate multi-rate and 1G interfaces.

  • 4x10SFP+ Uplink Modules support (EX4300-MP Switches)—Starting in Junos OS Release 18.2R1, you can configure the operating mode on the module to match the type of transceiver you want to use. EX4300-MP switches contain four ports for 10-gigabit small form-factor pluggable (SFP+) transceivers when configured to operate in 10-gigabit mode.

Layer 2 Features

  • L2PT support for tunneling additional protocols (EX2300 and EX3400 switches)—Starting with Junos OS Release 18.2R1, you can configure Layer 2 protocol tunneling (L2PT) for the following new protocols on EX2300 and EX3400 switches: E-LMI, IEEE 802.1X, MMRP, and UDLD.


    Support for tunneling these additional protocols does not apply to multigigabit models of the EX2300 switch (EX2300-24MP or EX2300-48MP).

    [See Layer 2 Protocol Tunneling.]

  • Ethernet ring protection switching (ERPS)(EX2300 and EX3400 switches and Virtual Chassis)—Starting in Junos OS Release 18.2R1, you can use ERPS to reliably achieve carrier-class network requirements for Ethernet topologies forming a closed loop. ITU-T Recommendation G.8032 version 1 is supported.

    ERPS version 1 comprises the following features:

    • Support for revertive mode of operation of the Ethernet ring

    • Support for multiple ring instances on the same interfaces

    • Support for multiple ring instances on different interfaces

    • Support for interworking with Spanning Tree Protocol, Multiple Spanning Tree Protocol, and redundant trunk groups

    [See Understanding Ethernet Ring Protection Switching Functionality.]

Operation, Administration, and Maintenance (OAM)

  • Ethernet Connectivity Fault Management (CFM) Support (EX2300 and EX3400 switches)—Starting with Junos OS Release 18.2R1, Connectivity Fault Management (CFM) is supported on EX2300 and EX3400 switches. The major features of CFM are:

    • Fault monitoring using the continuity check protocol. This is a neighbor discovery and health check protocol that discovers and maintains adjacencies at the VLAN or link level.

    • Path discovery and fault verification using the linktrace protocol. Similar to IP traceroute, this protocol maps the path taken to a destination MAC address through one or more bridged networks between the source and destination

    • Fault isolation using the loopback protocol. Similar to IP ping, this protocol works with the continuity check protocol during troubleshooting.

    You can configure the Ethernet CFM using the set protocols oam ethernet connectivity-fault-management command, and verify the configuration using the show oam ethernet connectivity-fault-management command.

  • Ethernet link fault management (LFM) support (EX4600 switches)—Starting with Junos OS Release 18.2R1, link fault management (LFM) is supported on EX4600 switches. Ethernet OAM provides the tools that network management software and network managers can use to determine how a network of Ethernet links is functioning. The following OAM LFM features are supported:

    • Discovery and link monitoring

    • Remote fault detection

Port Security

  • Media Access Control security with 256-bit cipher suite (EX9200)—Starting in Junos OS Release 18.2R1, the GCM-AES-256 cipher suite for MACsec in static CAK mode is supported on EX9200 switches with EX9200-40XS line cards installed. The GCM-AES-256 cipher suite has a maximum key length of 256 bits and is also available with extended packet numbering (GCM-AES-XPN-256).

    [See Understanding Media Access Control Security (MACsec).]

  • IP source guard (EX2300 and EX3400 switches and Virtual Chassis)—Starting with Junos OS Release 18.2R1, you can configure the IP source guard access port security feature to mitigate the effects of source IP address spoofing and source MAC address spoofing. If IP source guard determines that a host connected to an access interface has sent a packet with an invalid source IP address or source MAC address in the packet header, it discards the packet.

    [See Understanding IP Source Guard for Port Security on EX Series Switches.]

  • Support for 802.1X authentication on private VLANs (PVLANs) (EX2300, EX3400, and EX4300 switches and Virtual Chassis)—Starting in Junos OS Release 18.2R1, you can enable 802.1X (dot1x) authentication for security purposes on access ports that are in a PVLAN.

    PVLANs provide Layer 2 isolation between ports within a VLAN, splitting a broadcast domain into multiple discrete broadcast subdomains by creating secondary VLANs. PVLANs are useful for restricting the flow of broadcast and unknown unicast traffic and for limiting the communication between known hosts.

    Authentication prevents unauthenticated devices and users from gaining access to your LAN. For 802.1X and MAC RADIUS authentication, end devices must be authenticated before they receive an IP address from a Dynamic Host Configuration Protocol (DHCP) server.

    On a switch that is configured with both 802.1X authentication and PVLANs, when a new device is attached to the PVLAN network, the device is authenticated and then is assigned to a secondary VLAN based on the PVLAN configuration or RADIUS profile. The device then obtains an IP address and is given access to the PVLAN network.

    [See Using 802.1X Authentication and Private VLANs Together on the Same Interface.]

  • Private VLANs (EX2300 switches)—Starting in Junos OS Release 18.2R1, you can enable private VLANs (PVLANs) on EX2300 platforms.

    PVLANs provide Layer 2 isolation between ports within a VLAN, splitting a broadcast domain into multiple discrete broadcast subdomains by creating secondary VLANs. PVLANs are useful for restricting the flow of broadcast and unknown unicast traffic and for limiting the communication between known hosts.

    [See Understanding Private VLANs. ]

  • Support for DHCP snooping and other access port security features on private VLANs (EX4300 switches and Virtual Chassis)—Starting in Junos OS Release 18.2R1, you can enable Dynamic Host Configuration Protocol (DHCP) snooping for security purposes on access ports that are in a PVLAN. You can also protect those ports with DHCP options, dynamic ARP inspection (DAI), IP source guard, and neighbor discovery inspection.

    PVLANs provide Layer 2 isolation between ports within a VLAN, splitting a broadcast domain into multiple discrete broadcast subdomains by creating secondary VLANs. PVLANs are useful for restricting the flow of broadcast and unknown unicast traffic and for limiting the communication between known hosts.

    Ethernet LANs are vulnerable to attacks such as address spoofing (forging) and Layer 2 denial of service (DoS) on network devices. The following port security features help protect access ports on your device against loss of information and productivity that such attacks can cause:

    • DHCP snooping—Filters and blocks ingress DHCP server messages on untrusted ports. DHCP snooping builds and maintains a database of DHCP lease information, which is called the DHCP snooping database.

    • DHCPv6 snooping—DHCP snooping for IPv6.

    • DHCP option 82—Also known as the DHCP Relay Agent Information option. Helps protect the switch against attacks such as spoofing of IP addresses and MAC addresses and DHCP IP address starvation.

    • DHCPv6 option 37—Remote ID option for DHCPv6. Used to insert information about the network location of the remote host into DHCPv6 packets.

    • DHCPv6 option 18—Circuit ID option for DHCPv6. Used to insert information about the client port into DHCPv6 packets.

    • DHCPv6 option 16—Vendor ID option for DHCPv6. Used to insert information about the vendor of the client hardware into DHCPv6 packets.

    • DAI—Prevents Address Resolution Protocol (ARP) spoofing attacks. ARP requests and replies are compared against entries in the DHCP snooping database, and filtering decisions are made on the basis of the results of those comparisons.

    • IP source guard—Mitigates the effects of IP address spoofing attacks on the Ethernet LAN. The source IP address in the packet sent from an untrusted access interface is validated against the DHCP snooping database.

    • IPv6 source guard—IP source guard for IPv6.

    • IPv6 neighbor discovery inspection—Prevents IPv6 address spoofing attacks. Neighbor discovery requests and replies are compared against entries in the DHCPv6 snooping database, and filtering decisions are made on the basis of the results of those comparisons.

    [See Putting Access Port Security on Private VLANs.]

Restoration Procedures Failure

  • Device recovery mode introduced in Junos OS with upgraded FreeBSD (EX Series)—Starting in Junos OS Release 18.2R1, for devices running Junos OS with upgraded FreeBSD, provided you have saved a rescue configuration on the device, there is an automatic device recovery mode that goes into action should the system go into amnesiac mode. The new process is for the system to automatically retry to boot with the saved rescue configuration. In this circumstance, the system displays the banner Device is in recovery mode in the CLI (in both the operational and configuration modes). Previously, there was no automatic process to recover from amnesiac mode. A user with load and commit permission had to log in using the console and fix the issue in the configuration before the system would reboot.

    [See Saving a Rescue Configuration File.]

Software Installation and Upgrade

  • Phone-home client (EX2300 and EX3400 switches)—Starting with Junos OS Release 18.2R1, you can use either the legacy DHCP-options-based ZTP or the phone-home client (PHC) to provision software for the switch. If the switch boots up and there are DHCP options received from the DHCP server for ZTP, ZTP resumes. If DHCP options are not present, PHC is attempted. PHC enables the switch to securely obtain bootstrapping data, such as a configuration or software image, with no user intervention other than having to physically connect the switch to the network. When the switch first boots, PHC connects to a redirect server, which will redirect to a phone home server to get the configuration or software image.

    To initiate either DHCP-options-based ZTP or PCH, the switch must either be in a factory-default state, or you can issue the request system zeroize command.

Software Licensing

  • Advanced Feature License (AFL) (EX3400 switches)—Starting with Junos OS Release 18.2R1, the following features are available as part of the AFL:

    • Border Gateway Protocol (BGP) and multiprotocol BGP (MBGP)

    • IPv6 routing protocols: IPv6 BGP and IPv6 for MBGP

    • IS-IS

    • Virtual routing and forwarding (VRF) BGP

    [See Understanding Licenses for EX Series.]

System Management

  • New tool to detect high CPU utilization (EX Series)—Starting in Junos OS Release 18.2R1, a flight recorder tool is introduced to gather historical data on when the CPU utilization on a device was high and what processes caused the high utilization. The tool collects snapshots of data enabling detection of high CPU usage and faster resolution of issues.

    Because some of the high CPU utilization cases are intentional or expected, you can enable and disable the flight recorder tool to avoid false alarms.

    [See request flight-recorder set high-cpu and show flight-recorder status.]

User Interface and Configuration

  • Support for displaying ephemeral configuration data with filtering (EX Series)—Starting in Junos OS Release 18.2R1, the show ephemeral-configuration command enables you to specify the scope of the configuration data to display. To filter the displayed configuration data, append the statement path of the requested hierarchy to the command.

    [See Displaying Ephemeral Configuration Data in the Junos OS CLI.]

Virtual Chassis

  • Virtual Chassis support (EX4300-48MP)—Starting in Junos OS Release 18.2R1, EX4300-48MP switches can be interconnected into a Virtual Chassis as one logical device managed as a single chassis. An EX4300-MP Virtual Chassis can contain up to 10 members in either of the following combinations:

    • A non-mixed Virtual Chassis if the members are all EX4300-48MP switches.

    • A mixed Virtual Chassis if the members are a combination of EX4300-48MP switches with other EX4300 switches. The mixed-mode setting is required on all switches. The members in the Routing Engine role must be EX4300-48MP switches, and other EX4300 switches can only be configured in the linecard role. The EX4300-48MP cannot form a mixed Virtual Chassis with any other type of switches.

    The 40-Gbps ports on the rear panel of EX4300-48MP switches are dedicated Virtual Chassis ports (VCPs). You must use those ports to interconnect EX4300-48MP Virtual Chassis members into a non-mixed or mixed Virtual Chassis. The dedicated VCPs cannot be converted into and used as network ports, and no other ports on the EX4300-48MP switch can be used as VCPs. In addition, EX4300 members in a mixed Virtual Chassis with EX4300-48MP members must have a special port mode enabled on VCPs to interconnect with VCPs on EX4300-48MP members. To enable this mode for all VCPs on an EX4300 switch, include the ieee-clause-82 option when setting mixed mode on the switch, as follows:

    user@switch> request virtual-chassis mode ieee-clause-82 mixed

    Otherwise, configuring and administering a non-mixed or mixed mode EX4300-48MP Virtual Chassis is the same as for other EX4300 Virtual Chassis or QFX Series Virtual Chassis.

    [See Understanding EX4300 Virtual Chassis.]

Changes in Behavior and Syntax

This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands from Junos OS Release 18.2R3 for the EX Series.


  • On EX9200 switches, you can configure EVPN to extend a Junos Fusion Enterprise or multichassis link aggregation group (MC-LAG) network over an MPLS network to a data center or campus network. For both Junos Fusion Enterprise and MC-LAG use cases, you must include the bgp-peer configuration statement in the [edit routing-instances name protocols evpn mclag] hierarchy level. This configuration enables the interworking of EVPN-MPLS with Junos Fusion Enterprise or MC-LAG. If you do not include the bgp-peer configuration statement in your configuration, unexpected behavior and a core dump could result. To enforce this configuration, we now check for this configuration during the commit. If the configuration is not present, an error occurs.

    See [Understanding EVPN-MPLS Interworking with Junos Fusion Enterprise and MC-LAG .]

General Routing

  • Enhancement to the show interfaces mc-ae extensive command—You can now view additional LACP information about the LACP partner system ID when you run the show interfaces mc-ae extensive command. The output now displays the following two additional fields:

    • Local Partner System ID-LACP partner system ID as seen by the local node.

    • Peer Partner System ID-LACP partner system ID as seen by the MC-AE peer node.

    Previously, the show interfaces mc-ae extensive command did not display these additional fields.

    [See show interfaces mc-ae..]

High Availability (HA) and Resiliency

  • commit fast-synchronize option not supported for products with single Routing Engine (EX Series)—Starting in Junos OS Release 18.2R1, Junos OS does not support the configuration option commit fast-synchronize at the [edit system] hierarchy level for all the products with single Routing Engine for which chassis redundancy graceful-switchover is not supported. This option is disabled from the CLI.

Interfaces and Chassis

  • EEE not supported on mge interfaces operating at 100-Mbps speed (EX2300-24MP and EX2300-48MP)—In Junos OS Releases 18.1R2, 18.2R1, and later, if both Energy Efficient Ethernet (EEE) and 100-Mbps speed are configured on a rate-selectable (or multirate) Gigabit Ethernet (mge) port on EX2300-24MP and EX2300-48MP switches, the port operates only at 100-Mbps speed but EEE is not enabled on that port. EEE is supported only on mge interfaces that operate at 1-Gbps and 2.5-Gbps speeds.

  • No support for performance monitoring on AE Interfaces (EX4300)—Y.1731 performance monitoring (PM) over Aggregated Ethernet Interfaces is not supported on EX4300 switches. [See sla-iterator-profile.]

Junos OS XML, API, and Scripting

  • Junos XML protocol <open-configuration> operation no longer emits an uncommitted changes warning (EX Series)—Starting in Junos OS Release 18.2R1, the Junos XML protocol <open-configuration> operation does not emit an "uncommitted changes will be discarded on exit" warning message when opening a private copy of the candidate configuration. However, Junos OS still discards the uncommitted changes upon closing the private copy.

  • MD5 and SHA-1 hashing algorithms are no longer supported for script checksums (EX Series)—Starting in Junos OS Release 18.2R2, Junos OS does not support configuring an MD5 or SHA-1 checksum hash to verify the integrity of local commit, event, op, SNMP, or Juniper Extension Toolkit (JET) scripts or support using an MD5 or SHA-1 checksum hash with the op url url key option to verify the integrity of remote op scripts.

Junos Telemetry Interface

  • Change to the configuration location for gRPC-based sensor subscriptions from an external collector (EX Series)—Starting in Junos OS Release 18.2R1, when an external streaming server, or collector, provisions sensors to export data through gRPC on devices running Junos OS, the sensor configuration is committed to the junos-analytics instance of the ephemeral configuration database, and the configuration can be viewed by using the show ephemeral-configuration instance junos-analytics operational command. In earlier releases, the sensor configuration is committed to the default instance of the ephemeral configuration database.

Layer 2 Features

  • Configuration option for LLDP VLAN name type, length, and value (TLV) (EX3400, EX4300)—Starting in Junos OS Release 18.2R1, you can configure the vlan-name-tlv-option (name | vlan-id) statement at the [edit protocols lldp] hierarchy level to select whether to transmit the VLAN name or simply the VLAN ID for the Link Layer Discovery Protocol (LLDP) VLAN name TLV when exchanging LLDP messages. By default, EX Series switches running Enhanced Layer 2 Software (ELS) transmit the VLAN ID for the LLDP VLAN name TLV, and the show lldp detail command displays the default string vlan-vlan-id for an interface’s VLAN name in the Vlan-name output field. Switches that support the vlan-name-tlv-option statement behave the same as the default if you configure the vlan-id option with this statement. If you configure the name option, the switch transmits the VLAN name instead, and the show lldp detail command displays the VLAN name in the Vlan-name output field.

  • input-native-vlan-push (EX2300, EX3400, EX4600, EX4650, and the QFX5000 line of switches)—From Junos OS Release 18.2R3, the configuration statement input-native-vlan-push at the [edit interfaces interface-name] hierarchy level is introduced. You can use this statement in a Q-in-Q tunneling configuration to enable or disable whether the switch inserts a native VLAN identifier in untagged frames received on the C-VLAN interface, when the configuration statement input-vlan-map with a push operation is configured.

    [See input-native-vlan-push.]

Network Management and Monitoring

  • New context-oid option for trap-options configuration statement to distinguish the traps which come from a non-default routing instance and non-default logical system (EX Series)—In Junos OS Release 18.2R1, a new option, context-oid, for the trap-options statement allows you to handle prefixes such as <routing-instance name>@<trap-group> or <logical-system name>/<routing-instance name>@<trap-group> as an additional varbind.

    [See trap-options.]

  • Junos OS does not support management of YANG packages in configuration mode (EX Series)—Starting in Junos OS Release 18.2R2, adding, deleting, or updating YANG packages using the run command in configuration mode is not supported.

  • The NETCONF server omits warnings in RPC replies when the rfc-compliant statement is configured and the operation returns <ok/> (EX Series)—Starting in Junos OS Release 18.2R2, when you configure the rfc-compliant statement at the [edit system services netconf] hierarchy level to enforce certain behaviors by the NETCONF server, if the server reply after a successful operation includes both an <ok/> element and one or more <rpc-error> elements with a severity level of warning, the warnings are omitted. In earlier releases, or when the rfc-compliant statement is not configured, the NETCONF server might issue an RPC reply that includes both an <rpc-error> element with a severity level of warning and an <ok/> element.


  • Firewall warning message (EX2300 switches)—Starting in Junos OS 18.2R2, a warning message is displayed whenever a firewall term includes log or syslog with the accept filter action.

  • Syslog or log action on firewall drops packets (EX4600 switches) —Starting in Junos OS 18.2R3, if you configure a syslog or log action on an ingress firewall filter, control packets and ICMP packets sent to the Routing Engine might be dropped.

Software Installation and Upgrade

  • New DHCP option introduced for ZTP retry (EX Series)—Starting in Junos OS Release 18.2R1, a new DHCP option is introduced to set the timeout value for the file downloads over FTP. If the transfer-mode is set as FTP, the default value for the time out is automatically set as 120 minutes. That is, if the FTP session gets interrupted due to loss of connectivity in the middle of a file transfer, it will timeout after 120 minutes and ZTP will attempt to retry the file-fetching process. This value can be overridden using the DHCP option as follows:

    where “val” is the user configurable timeout value in seconds and must be provided (for example, “val”).

Subscriber Management and Services

  • DHCPv6 lease renewal for separate IA renew requests (EX Series)—Starting in Junos OS Release 18.2R2, the jdhcpd process handles the second renew request differently in the situation where the DHCPv6 client CPE device does both of the following:

    • Initiates negotiation for both the IA_NA and IA_PD address types in a single solicit message.

    • Sends separate lease renew requests for the IA_NA and the IA_PD and the renew requests are received back-to-back.

    The new behavior is as follows:

    1. When the reply is received for the first renew request, if a renew request is pending for the second address type, the client stays in the renewing state, the lease is extended for the first IA, and the client entry is updated.

    2. When the reply is received for the second renew request, the lease is extended for the second IA and the client entry is updated again.

    In earlier releases:

    1. The client transitions to the bound state instead of staying in the renewing state. The lease is extended for the first IA and the client entry is updated.

    2. When the reply is received for the second renew request, the lease is not renewed for the second address type and the reply is forwarded to the client. Consequently, when that lease ages out, the binding for that address type is cleared, the access route is removed, and subsequent traffic is dropped for that address or address prefix.

    [See Using DHCPv6 IA_NA with DHCPv6 Prefix Delegation Overview.]

User Interface and Configuration

  • Changes to the show ephemeral-configuration command (EX Series)—Starting in Junos OS Release 18.2R1, the show ephemeral-configuration operational mode command has the following changes:

    • To display the configuration data in the default instance of the ephemeral configuration database, issue the show ephemeral-configuration instance default command. In earlier releases, ephemeral configuration data for the default instance is displayed using the show ephemeral-configuration command.

    • To display the configuration data in a user-defined instance of the ephemeral configuration database, issue the show ephemeral-configuration instance instance-name command. In earlier releases, ephemeral configuration data for a user-defined instance is displayed using the show ephemeral-configuration instance-name command.

    • To view the complete post-inheritance configuration merged with the configuration data in all instances of the ephemeral database, issue the show ephemeral-configuration merge command. In earlier releases, the merged view is displayed using the show ephemeral-configuration | display merge command.

  • Change to the maximum number of user-defined instances supported by the ephemeral configuration database (EX Series)—Starting in Junos OS Release 18.2R1, devices running Junos OS that support configuring the ephemeral configuration database enable configuring a maximum of seven user-defined instances of the ephemeral database. In earlier releases, you can configure up to eight user-defined instances. User-defined instances are configured using the instance instance-name statement at the [edit system configuration-database ephemeral] hierarchy level.

Virtual Chassis

  • New configuration option to disable automatic Virtual Chassis port conversion (EX4300 and EX4600 Virtual Chassis)—Starting in Junos OS Release 18.2R2, you can use the no-auto-conversion statement at the [edit virtual-chassis] hierarchy level to disable automatic Virtual Chassis port (VCP) conversion in an EX4300 or EX4600 Virtual Chassis. Automatic VCP conversion is enabled by default on these switches. When automatic VCP conversion is enabled, if you connect a new member to a Virtual Chassis or add a new link between two existing members in a Virtual Chassis, the ports on both sides of the link are automatically converted into VCPs when all of the following conditions are true:

    • LLDP is enabled on the interfaces for the members on both sides of the link. The two sides exchange LLDP packets to accomplish the port conversion.

    • The Virtual Chassis must be preprovisioned with the switches on both sides of the link already configured in the members list of the Virtual Chassis using the set virtual-chassis member command.

    • The ports on both ends of the link are supported as VCPs and are not already configured as VCPs.

    Automatic VCP conversion is not needed when using default-configured VCPs on both sides of the link to interconnect two members. On both ends of the link, you can also manually configure network or uplink ports that are supported as VCPs, whether or not the automatic VCP conversion feature is enabled.

    Deleting the no-auto-conversion statement from the configuration returns the Virtual Chassis to the default behavior, which reenables automatic VCP conversion.

Known Behavior

This section lists known behavior, system maximums, and limitations in hardware and software in Junos OS Release 18.2R3 for the EX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.


  • When a VLAN uses an IRB interface as the routing interface, the vlan-id parameter must be set to none to ensure proper traffic routing. This issue is platform-independent. PR1287557


  • OAM Boot Menu options are not supported in EX4300-48MP. PR1336127

  • This issue is specific to a downgrade (17.4T) and a core file is seen only once during the downgrade because of a timing issue in the sdk toolkit upgrade. After the upgrade, dcpfe recovers on its own and no issues are seen after that. PR1337008

  • When the Layer 3 interface comes up, there can be a mismatch in logical interface counters between the Routing Engine and the Junos telemetry interface. This mismatch pertains to ARP/GARP packets. As the ARP/GARP packets get initiated the moment the Layer 3 interface comes up (from spirent/DUT), Routing Engine ends up with one packet less on the logical interface. PR1361282

Interfaces and Chassis

  • The same IP address could be configured on different logical interfaces from different physical interfaces in the same routing instance (including the master routing instance), but only one logical interface was assigned with the identical address after commit. There was no warning during the commit, only syslog messages indicating incorrect configuration. PR1221993

  • EEE not supported on mge interfaces operating at 100-Mbps speed (EX4300-48MP)—Starting in Junos OS Releases 18.2R1, if both Energy Efficient Ethernet (EEE) and 100-Mbps speed are configured on a rate-selectable (or multirate) Gigabit Ethernet (mge) port, the port operates only at 100-Mbps speed but EEE is not enabled on that port. Note that EEE is supported only on mge interfaces that operate at 1-Gbps, 2.5-Gbps, 5-Gbps, and 10-Gbps speeds.

Platform and Infrastructure

  • On EX4300 10-Gigabit links, preexisting MACsec sessions might not come up after the following events: process (pfex, dot1x) restart, system restart, or link flaps. PR1294526

  • LAGs with member links of different interface types (for example, ge and mge) is not supported. PR1297309

  • On EX2300 and EX3400 switches, L2PT will not work with tag-protocol-id 0x9100. PR1333475

  • Smartd verification is not supported on EX4300-48-MP. Instead, ssd-stats can be used from host OS to get an overall current health status of the SSD. PR1343091

  • On EX4300-48MP, when the primary is corrupted and the switch is power- cycled, the switch gets stuck at Linux after boot. The switch needs to be manually rebooted from the secondary SSD partition and recover the corrupted primary partition. PR1344938

  • Broadcast route is not pingable when NTP is configured in broadcast mode. Ping to Broadcast route is not supported. PR1347480

  • In case of an aggressive BFD timer value (for example, 1 second), BFD packets get delayed during Virtual Chassis switchover and results in BFD session flap. The minimum BFD timer value should be 3 seconds before Virtual Chassis switchover. PR1356693

  • On EX2300 and EX3400 switches, image upgrade might fail due to insufficient space issue. PR1376488

  • If there are non-recovery (cheap) snapshots present in the system, upgrade may fail due to space constraints and it may be necessary to delete non-recovery (cheap) snapshots to get the upgrade going successfully. PR1470823

Virtual Chassis

  • A Virtual Chassis internal loop might happen on a node coming up from a reboot. During nonstop software upgrade (NSSU) on a QFX5100 Virtual Chassis, a minimal traffic disruption or traffic loop (greater than 2 seconds) might occur. PR1347902

Known Issues

This section lists the known issues in hardware and software in Junos OS Release 18.2R3 for the EX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Authentication and Access Control

  • On EX Series switches except EX4300, EX4600, and EX9200, the Link Layer Discovery Protocol (LLDP) core files might be seen when the LLDP neighbor gets expired, and all the information gathered through LLDP will be affected. For example, MAC address and physical layer information, and Power information. PR1408707

General Routing

  • There was a timing issue between the Junos OS software and the I2C controllers on an MPC5E during a reboot. The software has been corrected to wait for I2C controllers to be ready before the software starts monitoring the voltage levels and current levels. PR1051902

  • Certain QFX and EX Series devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from the previous packets. This issue is also known as 'Etherleak' and often detected as CVE-2003-0001. Refer to JSA10773 for more information. PR1063645

  • On an EX9200-12QS line card, interfaces with the default speed of 10-Gigabit Ethernet are not brought down even when the remote end of a connection is misconfigured as 40-Gigabit Ethernet. PR1175918

  • On an EX9200-40XS line card, if you toggle the MACsec encryption option multiple times, encryption and protected MACsec statistics might be updated incorrectly. As a workaround, restart the line card. PR1185659

  • The dcpfe process might crash and generate a core file if an unsupported SFP-T is put in the switch. PR1290318

  • A loopback filter configured in the switch affects the control traffic from both management and data ports. As a result, the switch management connection is lost, depending on the loopback filter configuration. PR1297264

  • In a streaming telemetry scenario, when performing commit full, the na-grpd daemon might restart, causing the streaming telemetry to be disconnected. PR1326366

  • Default route check for loose mode is added for EX4300-48MP. If a route is taking the default route in loose mode, the packets will be dropped. If that is not set, then any route which is not in the routing table will hit the default route and gets forwarded. PR1341673

  • When the primary SSD partition /boot is corrupted and a power-cycle is issued to the switch, the switch will take the default 10 minutes to time out the watchdog timer and then will start booting from the secondary SSD partition. PR1342180

  • On the EX4300-48-MP switch, commit of irb bind to a VLAN without the IRB logical interface defined is blocked. The IRB logical interface has to be defined before binding the same to the VLAN. PR1342443

  • Interface range for channelized interfaces is not supported on EX9253. The user has to configure interfaces individually. PR1350635

  • On EX3400, when me0 ports are connected between two EX3400 switches, the link does not come up. The link comes up when me0 is connected to a network port. PR1351757

  • The working uplink module SFP-T might go down with Junos OS Release 17.2R1 and later. PR1360602

  • On a MACsec static-CAK configuration, the traffic will be blocked expect for STP, Pause, EAPOL, and any other acceptable protocols configured through exclude-protocol option. This leads to disruption of all protocols running in the system besides the above mentioned. PR1366031

  • EX4300 Virtual Chassis systems might fail to register some jnxOperating SNMP OIDs related to the Routing Engines. This behavior is more likely if Virtual Chassis members 0 and 1 (FPC0 and FPC1) are not selected as Routing Engines. PR1368845

  • Traffic drops might be observed with a swapout of a Virtual Chassis of QFX5100 to the EX9253 for testing some heavy multicast traffic, even when IRB interface comes up. PR1369099

  • Multicast router advertisement (RA) packets coming on a VLAN need to be flooded to interfaces of all FPCs belonging to the same VLAN. Packets when traversing through HighGig port (that connects different FPCs) need to hit hardware filter to transmit packets in other FPCs. In issue state, the filter is not applicable for the HighGig ports, so multicast RA packets do not traverse through other FPCs. PR1370329

  • The interface might not flap when both flap-on-disconnect and port-bounce are sent. PR1372619

  • Error messages similar to the following might be observed on MPC cards: LOG: Err] PQ3_IIC(WR): bus transfer timeout on byte 1 LOG: Err] PQ3_IIC(WR): transfer not complete on byte 1 LOG: Err] PQ3_IIC(WR): I/O error (i2c_stat=0x21, i2c_ctl[0]=0xb0, bus_addr=0x76) LOG: Err] Failed to disable PCA9548(0x76)->channel(0-7) LOG: Err] zlpmb_set_channel: Failed to select channel 0 for MPC-PCIE1V0-LTC3880 One root cause is that, the time to wait for the i2c transaction is not sufficient to finish the i2c transaction intermediately, so once in a while this i2c transaction error is seen. These errors do not impact any functionality on the card. PR1374450

  • On EX2300/EX3400 platforms with SFP-T (copper SFP) pluggable module, the interface link status on the SFP-T module might be down while its peer connected interface link status is up. For example, in the EX3400-48T switch with ge-0/2/0 (SFP-T copper SFP) connected back-to-back with ge-0/0/36 (built-in copper port), the link ge-0/2/0 is down, but the link ge-0/0/36 is up. PR1374522

  • An EX4300 configured with a firewall filter on lo0 and DHCP security on VLAN simultaneously might drop legitimate DHCP renew requests from clients on the corresponding VLANs. This occurs due to implementation design and chipset limitation. PR1376454

  • For EX4300-48MP switches, active SSD firmware upgrade is supported where power-cycle to switch is not required after SSD firmware upgrade. PR1389543

  • When the show command takes a long time to display results, the STP might change states as BPDUs are no longer processed and cause lots of outages. PR1390330

  • If PTP transparent clock is configured on the QFX5200, and if IGMP snooping is configured for the same VLAN as PTP traffic, the PTP over Ethernet traffic might be dropped. PR1395186

  • On an EX9200 device with MCLAG configuration and other features enabled, there is a loss of approximately 20 seconds during restart of the routing daemon. This traffic loss varies with the configuration that is done. PR1409773

  • The factory-default configuration for EX4300, EX2300, EX3400 and EX4300 MP platforms now include DHCP client configuration on IRB and VME to facilitate connectivity to the phone-home server ( from phone-home-client running on the device. The factory default configuration will include the following:

    dhcp enabled on vme and irb

    default vlan with vlan-id 1 and l3-interface as irb.0PR1423015

  • Whenever native VLAN configuration is done along with flexible VLAN tagging on a Layer 3 subinterface, untagged packets will be dropped on that Layer 3 subinterface. PR1434646

  • The issue is limited to DB-related to MAC-MOVE scenario. When dhcp-security is configured, if multiple IPv4 and IPv6 clients’ MAC-MOVE happens, the jdhcpd might consume 100% CPU and jdhcpd will crash afterwards. PR1425206

  • Added support for i40e NVM upgrade in EX9208. PR1436223


  • This issue is specific to a downgrade(17.4T) and a core file is seen only once during the downgrade because of a timing issue in the SDK toolkit upgrade after which dcpfe recovers on its own and no issues are seen after that. PR1337008

  • The command request system zeroize will result in the device going to a continuous reboot on EX platforms. PR1337826

  • Junos OS can hang trying to acquire the SMP IPI lock while rebooting when it is running as a VM on Linux and QEMU hypervisor. PR1359339

  • In a private VLAN (PVLAN) multiple switches scenario, on EX2300, EX3400, EX4300, EX4600, and QFX Series switches (except for QFX10000), after rebooting the device, isolated VLAN traffic received from the inter-switch link might be dropped. The configuration inter-switch-link statement is used when a private PVLAN spans multiple switches. PR1388186

Interfaces and Chassis

  • On GRES switchover, VSTP port cost on aggregated Ethernet interfaces might get changed, leading to a topology change. PR1174213

Layer 2 Features

  • On EX2300 and EX3400, if L2PT is configured and the user wants to enable LLDP, then the user needs to configure LLDP individually on the port. The interface all option does not work. There is no functional impact. PR1361114

  • The message eswd[1200]: ESWD_MAC_SMAC_BRIDGE_MAC_IDENTICAL: Bridge Address Add: XX:XX:db:2b:26:81 SMAC is equal to bridge mac hence do not learn is seen in syslog every few minutes on the ERPS owner. The logs occur during ERPS PDU in ERPS setup. This message can be ignored. PR1372422


  • IGMP query packets might be duplicated between Layer 2 interfaces with IGMP snooping enabled. PR1391753

Platform and Infrastructure

  • On EX4300, Media Access Control Security (MACsec) might not work properly on PHY84756 1-Gigabit SFP ports, if AN is on and MACsec is configured on those ports. On the EX4300 copper box, all four uplink ports (PIC 2) are attached to PHY84756. On EX4300 fiber box, the last four ports of base board(PIC 0) and eight 1-Gigabit/10-Gigabit uplink ports(PIC 2) are attached to PHY84756. PR1291724

  • There are multiple failures when events such as node reboots, ICL flaps, and ICCP flaps happen. Even with enhanced convergence configured, there is no guarantee that subsecond convergence will be achieved. PR1371493

  • ICMPv6 packets are hitting the dynamic ingress filter with higher priority, thus never reaching an MF or static classifier. PR1388324

  • Adding the second IRB to an aggregated Ethernet and then removing it would cause the first IRB to stop working. PR1423106

  • On EX4300 platform with equal-cost multipath enabled, interface flapping might trigger a sequence of ulst next-hop install/uninstall events, which exceed the system limit, leading to next-hop installation failure on the Packet Forwarding Engine. PR1426760

Routing Protocols

  • On EX4300 and EX4600 switches, and QFX Series switches (except for QFX10000), if host-destined packets (that is, the destination address belongs to the device) come from the interface with ingress filter of log/syslog action (for example, filter <> term <> then log/syslog), such packets might not be dropped and reach the Routing Engine unexpectedly. PR1379718

  • In a multicast routing scenario using PIM, if configuring a static route with qualified next hop for multicast source, the rpd process might crash. This is because qualified-next-hop points to the GF_DLI (gateway family data links) address, which PIM is unable to process, resulting in the crash. PR1408443

Subscriber Access Management

  • Authd reuses addresses too quickly before jdhcpd completely cleans up the old subscribers which causes flooding of error logs such as: jdhcpd: %USER-3-DH_SVC_DUPLICATE_IPADDR_ERR: Failed to add as it is already used by 1815. PR1402653


  • MVPN using PIM dense mode does not prune traffic when a Join request is received from an IGMP or PIM client. PR1425876

Known Issues: 18.2R3-S2

  • In server_fail scenario, when tagged traffic is sent for first client, MAC learning happen for both data and voice. But for the second client, the same interface learning happen only for voice. Because VLAN is already added for an interface due to first client authentication process. PR1462479

  • On EX3400, after loading a scaled configuration, the backup member might rarely crash with a kernel panic. This crash occurs as some of the operations from master member is not synchronized to the backup member. When Virtual Chassis is recovered, system moves to stable state. PR1470163

  • On EX9214, after reboot and MACsec enabled link flap, error errorlib_set_error_log(): err_id(-1718026239) is observed. PR1448368

  • On EX2300 syslog error jsr_kkcm_socket_accept: soaccept failed is seen when you commit the configuration. PR1449894

  • On a V44 or Junos Fusion Environment system, intermediate traffic drop is seen between AD and SD when sflow is enabled on ingress interface. This is not seen always. When sFLOW is enabled, the original packet is getting corrupted for those packets which hit the sFLOW filter. Because few packets transmitted from the egress of AD1 is short of FCS (4 bytes) + 2 bytes of data due to which the drop occur. It is seen that the normal data packets are of size 128 bytes (4 bytes FCS + 14 bytes Ethernet header + 20 bytes IP header + 90 bytes data) while the corrupted packet is 122 bytes (14 bytes Ethernet header + 20 bytes IP HEADER + 88 bytes data). PR1450373

  • If the dynamic assignment of VoIP VLAN is used, the switch might not send correct VoIP VLAN information in LLDP MED packets after any configuration change and commit. PR1458559

  • In EX2300 and EX3400 Virtual Chassis while upgrading image through URL option, /var/tmp/ location might not get cleared automatically and image upgrade might fail due to space constraint in the device. PR1464483

  • In a Virtual Chassis, during reboot of one of the members or during mastership switchover, PFEX core file might be generated. PR1465526

  • In EX3400 Virtual Chassis during reboot or upgrade, because of a high CPU load in slow path of fxpc TCP keep alive message is not sent. Hence it is observed that some Virtual Chassis members might take longer to join the Virtual Chassis. PR1467707

  • On EX3400 traffic loss is seen when SFP-T is connected because of auto-negotiation failure. PR1469750

  • With auto-negotiation enabled, EX3400 advertise only 100m whenever we configure the speed 100m. PR1471931

  • Under certain conditions, FXPC core files might be generated when renumber FPC master. Traffic might affect by around 1 to 2 minutes. PR1470185

  • If Junos OS panics with a filesystem-related panic, such as 'dup alloc', recovery through the OAM shell might be needed. From the OAM shell, run 'fsck' on the root volume until it is marked clean. Only at this point is it safe to reboot to the normal volume. PR1444941

  • USB upgrade/recovery might fail with management daemon not responding and unknown class 'junos-login-defaults' when uboot mode date is too far away. PR1454950

  • On EX4300 platforms configured with ERP, after multiple devices reboots and then restarts at the same time, ERP might not revert back to the idle state. This issue might be seen in situations where the ERP node-id is not configured manually and after the restart, the default node-id (switch base MAC address) might get reset to 00:00:00:00:00:00, effectively causing multiple devices to have the same node-id. PR1461434

  • Though traffic is sent below the configured rate of 80 percent, policing occur because of the bursty traffic and storm in effect messages that are sent to Routing Engine. Burst size allowed 1500 kbs by default and is not user configureable. PR1463979

  • On EX4300-MP, incorrect part-number is displayed for SFP+-10G-CU3M dac under show chassis hardware. It does not show the complete part number. PR1471583

  • On a EX2300 switch, the output of the command show chassis routing-engine might display an incorrect value of mac reset for the ’last reboot reason’ field. PR1331264

  • When a file system is full you can expect the system to behave unexpectedly. This results in generating core files like these are bound to happen. PR1450143

  • In EX4300 switches when 1-Gigabit Ethernet SFP is connected to 10-Gigabit Ethernet port, auto-negotiation should be disabled (when enabled causes many issues like ARP, link down). Hence when AN is disabled somehow corrupting the TX_DISABLE field hence Laser Tx remain enabled when disabling and plug-out - plug-in.PR1445626

  • For a EX4300 system the CLI set chassis routing-engine on-disk-failure disk-failure-action (reboot | halt) statement is not supported. PR1450093

Resolved Issues

This section lists the issues fixed in the Junos OS main release and the maintenance releases.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 18.2R3

Authentication and Access Control

  • Without configuring anything related to dot1x, the syslog message dot1xd[2192]: task_connect: task PNACAUTH./var/run/authd_control addr /var/run/authd_control: Connection refused is generated repeatedly. PR1406965


  • A few minutes of traffic loss might be observed during recovery from link failure. PR1396597

  • The device might proxy the ARP probe packets in an EVPN environment. PR1427109


  • IfSpeed and IfHighSpeed erroneously reported as zero on EX2300. PR1326902

  • Packet Forwarding Engine is flooded with messages // pkt rx on ifd NULL unit 0. PR1381151

Interfaces and Chassis

  • The logical interfaces in EVPN routing instances might flap after committing configurations. PR1425339

Layer 2 Features

  • On EX2300/EX3400, LLDP packets are dropped at L2PT NNI port when the configuration is applied for the first time. PR1362173

Layer 3 Features

  • The l2ald might crash when issuing clear ethernet-switching table persistent-learning.PR1381739

Layer 2 Ethernet Services

  • The malfunction of the core isolation feature in EVPN-VXLAN scenarios causes traffic to be silently dropped. PR1417729

Network Management and Monitoring

  • Over Temperature trap is sent out even though there is Temperature Hot alarm. PR1412161

Platform and Infrastructure

  • Ping does not go through the device after WTR timer expires in ERPS scenario. PR1132770

  • The RE-PFE out-of-sync errors might be seen in syslog. PR1232178

  • OAM Ethernet connectivity-fault-management configured on aggregated Ethernet interfaces is not supported but there is no commit error. PR1367588

  • IPv6 router advertisement (RA) messages might increase internal kernel memory usage. PR1369638

  • Login lockout might never expire because the timestamp of "Lockout start" and "Lockout end" are the same. PR1373803

  • RIPv2 update packets might not send with IGMP snooping enabled. PR1375332

  • EX4300: upgrade fails during validation of slax script during the upgrade. PR1376750

  • ECMP route installation failure with log messages such as unilist install failure might be observed on EX4300 device. PR1376804

  • Unicast DHCP request might get misforwarded to backup RTG link. PR1388211

  • EX3400 Virtual Chassis - Error tvp_status_led_set and Error:tvp_optics_diag_eeprom_read logs were generated. PR1389407

  • Input rate pps do not increase on EX2300-MP uplink ports when the packet is a pure Layer 2 packet such as non-etherII or non-EtherSnap. PR1389908

  • Continuous log messages get printed on EX4300 after upgrading to Junos OS Release 17.4 or later. PR1391942

  • Interface flaps on an EX3400 Virtual Chassis cause interface generated IGMP query packets to be sent to all the members ports, except the master FPC. PR1393405

  • PTP over Ethernet traffic could be dropped if IGMP and PTP TC are configured together. PR1395186

  • On EX2300 MAC table is not populated after interface-mode change. PR1396422

  • EX3400 might not learn 30000 MAC addresses when sending MAC learning traffic. PR1399575

  • EX4300 OAM LFM might not work on extended VLAN bridge interface with native VLAN configured. PR1399864

  • The FBF routing-instance instance-type "forwarding" is missed for EX Series (EX3400). PR1400163

  • The authd might crash when issuing show network-access requests pending command during the authd restarting. PR1401249

  • The TCP connection between ppmd and ppman might be dropped due to a kernel issue. PR1401507

  • adt7470_set_pwm message is continuously seen after an upgrade to Junos OS Release 18.1R3.3. PR1401709

  • The STP does not work when aggregated interfaces number is "ae1000" or above in QFX5000 and "ae480" or above in other QFX or EX Series switches. PR1403338

  • The DHCP discover packets are forwarded out of an interface incorrectly if DHCP snooping is configured on that interface. PR1403528

  • 12th and 13th SFP-T ports are going down with the Junos OS Release 18.4R1.3 image installation. PR1404756

  • Traffic drop is seen on EX4300 when 10-Gigabit fiber port is using 1-Gigabit Ethernet SFP optics with Auto-Negotiation enabled. PR1405168

  • MAC address movement might not happen in Flexible Ethernet Services mode when family inet/inet6 and VLAN bridge are configured on the same physical interface. PR1408230

  • EX3400 PSU status is still taking "check" status even though PSU module has been removed. PR1408675

  • On EX2300-24P, the error message dc-pfe: BRCM_NH-,brcm_nh_resolve_get_nexthop(),346:Failed to find if family. PR1410717

  • The traffic to the NLB server might not be forwarded if the NLB cluster works on multicast mode. PR1411549

  • EX Series/QFX Series: PEM alarm for backup FPC will remain on master FPC though backup FPC was detached from Virtual Chassis. PR1412429

  • EX4300-48MP: Chassis Status LED shows yellow instead of amber. PR1413194

  • EX4300 Q-in-Q - untagged UNI traffic egress as single-tagged on NNI interface. PR1413700

  • Chassisd output power budget is received continually per 5 seconds without any alarm after the upgrade to Junos OS Release 18.1R3. PR1414267

  • VXLAN Encapsulation next Hop (VENH) does not get installed during BGP flap or restart routing. PR1415450

  • EX3400: show chassis environment repeats "OK" and "Failed" at short intervals. PR1417839

  • The EX3400 Virtual Chassis status might be unstable during the restarting of the Virtual Chassis or after the Virtual Chassis port flaps. PR1418490

  • EX4300: Runt counter never incremented. PR1419724

  • EX4300 does not send Fragmentation needed message when MTU is exceeded with DF bit set. PR1419893

  • The pfex process might crash and generate core files when SFP is reinserted. PR1421257

  • Virtual Chassis might become unstable and FXPC generates core files when there are a lot of configured filter entries. PR1422132

  • Traffic loss is experienced when one of the logical interfaces on LAG is deactivated or deleted. PR1422920

  • Multicast traffic might be silently dropped on ingress port with igmp-snooping enabled. PR1423556

  • MACsec connection on EX4600 will not come back up after interface disconnect while traffic is passing. PR1423597

  • On MX204 optics "SFP-1GE-FE-E-T" I2C read errors are seen when an SFP-T is inserted into a disabled state port. PR1423858

  • Auditd crashed when accounting RADIUS server is not reachable. PR1424030

  • The native VLAN ID of packets might fail to be removed when forwarded out. PR1424174

  • Interface flapping scenario might lead to ECMP nexthop install failure on EX4300. PR1426760

  • fxpc core files are generated on EX2300 Virtual Chassis. PR1427391

  • Rebooting Virtual Chassis member causes traffic on RTG link to be down for about 30 seconds. PR1427500

  • VIP might not forward the traffic if VRRP is configured on an aggregated Ethernet interface. PR1428124

  • EX2300-24P: L2Ald core files are observed after removal and readdition of multiple supplicant mode with PVLAN on interface. PR1428469

  • Verification of ND inspection with a dynamically bound client, moved to a different VLAN on the same Port is failing. PR1428769

  • EX4300 does not drop FCS frames on XE interfaces. PR1429865

  • Incorrect model information while polling via SNMP from Virtual Chassis. PR1431135

  • The ERPS failover does not work as expected on EX4300 device. PR1432397

  • i40e NVM upgrade support for EX platform. PR1436223

Routing Protocols

  • The PPM mode for BFD session in EX4300 is centralized and not distributed by default. PR1361800

  • EX4300 might drop incoming IS-IS hello packets when IGMP or MLD snooping is configured. PR1400838

  • Host-generated ICMPv6 RA packets might be dropped on the backup member of Virtual Chassis if igmp-snooping is configured. PR1413543

  • The QFX and EX Series switch might not install all IRB MAC addresses in the initialization. PR1416025

  • Sometimes, IGMP snooping might not work. PR1420921

Software Installation and Upgrade

  • Configuration loss and traffic loss might be seen if the backup Routing Engine is zeroized and is then switched over to master within a short time. PR1389268

Spanning Tree Protocols

  • The l2cpd might crash if the VSTP traceoptions and VSTP VLAN all commands are configured. PR1407469

Resolved Issues: 18.2R3-S1

  • In EVPN scenario when local L2 interfaces are down, IRB interfaces might also observed to be down even when IM (inclusive multicast) route is available. This might cause a traffic impact. PR1436207

  • In an EVPN scenario, if the 25-Gigabit Ethernet interface of Leaf node is configured with an Ethernet Segment Identifier (ESI), and it actually only has a single-homed to reach its peer, that might cause the packets to the peer to be discarded. PR1438227

  • On EX2300 as CE/PE device, transit OSPF traffic over Q-in-Q tunneling might be dropped if a firewall filter is applied to Lo0 interface. PR1355111

  • l2ald process might crash and generate a core file on EX Series VC when converted a trunk port to dot1x access port while tagged traffic is flowing. There might be a race-condition, where interface mode is being changed while traffic is running and l2ald has processed interface delete but dot1x has not. PR1362587

  • On EX Series platform, if storm control is applied on multiple ports, storm control logging might not take effect. PR1401086

  • On EX2300 and EX3400 devices, the software installation fails with an error message indicating that there is not enough space to unpack the software image. PR1417441

  • If the 2 consecutively produced switches placed in the same Layer 2 network, then their MAC might have overlapped before this fix. PR1425123

  • In a Virtual Chassis scenario, when the interfaces flap or VLAN configuration is changed frequently, the network topology will be changed accordingly, then CPU utilization will be dramatically increased to very high within a short time, which might cause the failure of essential communications between VC master and members. When the communication fail, FPC will automatically restart. As a result, VC is split and traffic is lost. PR1427075

  • On EX2300/3400 Virtual Chassis platforms in GRES/NSB scenario, if the RSTP/MSTP is enabled, after the shutdown of the master Routing Engine (by 'request system halt' or power shutdown), the GRES is triggered but the delay in transmission of BPDUs might occur for several seconds. Apart from this, if the bpdu-timeout-action block statement is enabled on the RSTP/MSTP peer, the STP re-convergence might occur instead of RSTP/MSTP re-convergence, which results in traffic loss for about 30 seconds. PR1428935

  • When the native VLAN is configured along with the flexible VLAN tagging on a L3 subinterface, untagged packets might be dropped on that L3 subinterface. PR1434646

  • In a dual mc-ae scenario, if an LACP active device reboots or all AEs are disabled and then enabled on the device, the LACP partner and its mc-ae peer might have different partner system ID, it causes mc-ae to get stuck in waiting state resulting in a traffic impact in the network. PR1435874

  • On EX9200s, when configuring too many VLANs and interfaces under VSTP a commit error might occur xSTP:Trying to configure too many interfaces for given protocol. PR1438195

  • On EX Series platforms with DHCP snooping configuration, the DHCP snooping table of default VLAN ID 1 might be cleared if another VLAN ID is added to the DHCP snooping configuration. The impact is that all the hosts' traffic in the default VLAN 1 might be blocked, especially if other features that leverage the DHCP snooping table (like Dynamic ARP inspection) are also configured on the device. PR1438351

  • The rpd process might generate a core file during router boot up due to file pointer issue as there are two code paths that can close the file. We are attempting to close the file without validating the file pointer. PR1438597

  • On EX Series next-generation platforms that support "DHCP snooping with PVLAN" (for example, EX4300, EX2300, and EX3400), when using PVLAN with dot1x and dhcp-security, and IRB interface is not configured for the PVLAN, due to the DHCP packets getting dropped on the promiscuous port. Clients in an isolated VLAN might not get IP addresses after completing authentication. PR1442078

  • EX3400 FAN alarm (Fan X not spinning) appears and disappears repeatedly after the fantray (absent) is removed. PR1442134

  • If DHCPv6 relay is configured, the device might relay the DHCPv6 request without adding "link-layer-type" value to DHCP Option-79 in the relay packet (normally, the value in DHCP option-79 consists of 2 bytes for link-layer type + 6 bytes for client MAC address). When the DHCP server receives this relay packet, it might misunderstand the option value and cannot provide the IPv6 address correctly to the DHCPv6 client. PR1442867

  • /var/host/motd does not exist message is flooded every 5 seconds in chassisd logs since EX2300 and EX3400 do not support a backup partition. PR1444903

  • EX4600 generates a major alarm once any sensor temperature is hit at 56 degrees celsius. PR1446363

  • Provisioning an EX4300 device using phone-home client feature can result in a failed upgrade. PR1447291

  • On EX3400 platform, because on-disk-failure CLI is not supported, when a disk error occurs, the device might go into hang state. For EX3400 virtual chassis, this issue might cause other devices in the VC to stop working. PR1447853

  • Version compare in PHC might fail making PHC to download the same image. PR1453535

  • On EX4300, when static /64 IPv6 route is configured and points to the interface where uRPF is configured, IPv6 packets which match the routes might be dropped. PR1427866

  • On EX4300 Series platforms, the unicast ARP request received might not be replied if no-arp-trap option is configured. This can cause ARP resolutions to fail on remote peer devices. PR1429964

  • EX4300 has enabled the soft error recovery feature on the Packet Forwarding Engine, which can automatically detect the Packet Forwarding Engine parity error and recover by itself. PR1430079

  • On all platforms which support Zero Touch Provisioning (ZTP), the /var/db/scripts directory might get deleted after executing request system zeroize, and it might not be recreated automatically. PR1436773

  • On EX4300 PoE platforms, the PoE might not work if the PoE firmware upgrade hangs (for example, abnormal interruption to the PoE firmware upgrade, such as power failure during upgrade) during the PoE firmware upgrade. As a result, it is unable to provide power to the PoE device. PR1446915

  • On EX4300 platform, if FBF filters are applied on IRB with LAG configuration also existing on the box, the firewall filters cannot be created and function correctly due to TCAM programming issues. PR1447012

  • Error message RPD_DYN_CFG_GET_PROF_NAME_FAILED: Get profile name for session XXX failed: -7, might be seen in syslog after restarting routing daemon. PR1439514

  • In the DDOS-protection scenario, when the aggregate bandwidth value (for example, value A) of protocols (l3mtu-fail/ttl/ip-opt/rsvp/ldp/bgp/unknown-l2mc/rip/ospf/stp/pvstp/lldp) is configured, this bandwidth value might be reset to the default value (for example, value B) after the device reboot or Packet Forwarding Engine restart. PR1440847

  • On EX Series platforms, the loopback address exported into other VRF instance might not work. PR1449410

Resolved Issues: 18.2R3-S2

  • Under EVPN multihoming mode, if ARP request or Neighbor Solicitation (NS) message encapsulated in dual tagged VLAN arrives at the designated forwarder (DF) which might send it back to the local segment as it was, that might cause a loop and at last, overwhelms the device. PR1459830

  • On EX2300/EX3400 Virtual Chassis setup, the interface on failed member FPC retains as up state for 120 seconds. This issue might cause traffic loss of about 120 seconds. PR1422507

  • With MLD snooping enabled, IPv6 multicast traffic might be dropped on Virtual Chassis if ingress and egress interfaces are on different VC members. PR1423310

  • There is a sequence issue when Virtual Chassis member reboots in an aggregated interface. After the VC member reboots, the Routing Engine kernel inject MAC entry to FPC that reboots. Because of the sequence issue, Routing Engine added MAC entry, originally source MAC entry, to FPC as remote MAC entry. And MAC entry is never aged out because it is a remote entry. PR1440574

  • After converging VSTP, if there is a VSTP configuration change and then BPDU might not be flooded because of which port role might be in incorrect state in the adjacent switches. There is no loop created in the network. PR1443489

  • If a firewall filter is configured with the action 'then vlan' in a VC scenario on some specific platforms (for example, EX2300, EX3400, and EX4600), some of the traffic which matches that filter might be dropped. PR1446844

  • When a unicast ARP request is received by EX3400 switch and it is configured with set switch-options no-arp-trap option, the ARP request might not be replied. This has been fixed and unicast ARP request will be replied even with set switch-options no-arp-trap option configuration. PR1448071

  • On EX3400 platform, IPv6 routes received through BGP routing protocol might show an age time of '00:00:00' when displayed using the CLI command show route. PR1449305

  • From Junos OS release 14.1X53-D15, 15.1R1, and later due to a software defect, DHCP snooping static binding might not take effect after deleting and readding the entries with commit. As a workaround, use commit full after the configuration changes. PR1451688

  • On EX3400 with half duplex mode on 10M or 100M speed at medium traffic rates, MAC pause frames will be seen on the port and egress traffic on the port will stop to flow. PR1452209

  • The VLAN specific parameters might not be used if configuring VLAN all option and VLAN specific configuration. PR1453505

  • EX2300 switches generate SNMP trap for high temperature after upgrading to any of the affected Junos OS software. This is due to a temperature threshold value being set incorrectly in the software, SNMP false trap related to temperature gets generated and results in over temperature logs. PR1457456

  • Storage space limitation leads to image installation failure during Phone home on EX2300 and EX3400 platforms. PR1460087

  • With the statement system ports console log-out-on-disconnect configured, if executing some operations on console, the console operations might fail to work properly. PR1433224

  • On EX2300/EX2300-C platforms, if Junos OS software is with FreeBSD kernel version 11 with the build date on or after 2019-02-12, the switch might stop forwarding traffic or responding to console. PR1442376

  • Certain EX Series platforms might generate vmcore by panic and gets reset. This is a rare case since it occurs only when Junos FreeBSD Extension statistic- too_long_complete is incremented. PR1456668

  • VRRP-V6 state is flapping with init and idle states after configuring vlan-tagging. PR1445370

  • In a Junos Fusion Enterprise environment, when traffic originates from a peer device connected to the aggregation device and the ICL is a LAG, there might be a reachability issue if the cascade port is disabled and traffic has to flow through the ICL LAG to reach the satellite device. As a workaround, use single interface as the ICL instead of a LAG. PR1447873

  • In DHCP relay scenario, if the device (DHCP relay) receives a request packet with option 50 where the requested IP address matches the IP address of an existing subscriber session, such request packet would be dropped. In such a case the subscriber may need more time to get IP address assigned. The subscriber may remain in this state until it's lease expires if it has previously bound with the address in the option 50. PR1435039

  • On EX2300, EX3400, EX4300, and EX4600 and QFX Series switches except for QFX10k, if committing the configuration all together (for example, after the reboot), the fxpc/PFE core files might be generated. In the Virtual Chassis scenario, the VC members might be splitted because the VC ports might not be created in time. PR1467763

  • On EX2300/EX3400/EX4300/EX4600 platforms, DMA buffer leaking might hit once the next hop of received traffics is not resolved and eventually cause an FPC/pfex crash if the DMA buffer runs exhaustion. PR1436642

  • CM errors on certain MPC line cards are classified as major which should be minor or non-fatal. If these errors are generated, it might get projected as a bad hardware condition and therefore triggers Packet Forwarding Engine disable action. PR1449427

  • On QFX5100/EX4600 switches due to Bad Chip ID, an fxpc core can be seen during the device reboot. This is due to a transient error related to a chip where vendor tries to get the chip ID and it results in improper info. PR1432023

  • On QFX5K/EX4600 with SP (Service Provider) style VLAN configuration (in this method, each VLAN-ID is locally significant to a physical interface), if interface-mac-limit/mac-table-size is configured (i.e. software MAC learning is enabled) and the scale of MAC addresses on the box is more than 2000, traffic might be dropped after QinQ enabled interface is flapped or a change is made to the vlan-id-list. PR1441402

  • On EX Series platforms, when there is MAC change for LDP neighbor and IP remains the same, ARP update is proper but MPLS LDP might still use the stale MAC of the neighbor. If there is any application/service such as MP-BGP using LDP as next hop, all transit traffic pointing to the stale MAC will be dropped. PR1451217

  • Problem with access to J-web after upgrading Junos OS Release 18.2R2 to 18.2R3, causing incorrect permissions in the php session dir. PR1454150

  • Current MAC address might change when deleting one of the multiple L3 interfaces and it has traffic impact when this issue occurs. PR1449206

  • On EX2300 and EX3400 platforms, the recovery snapshot might not be able to be created after a system zeroize. This is due to certain hardware space limitation over time where there is not enough space to save full snapshot. PR1439189

Resolved Issues:18.2R2

Authentication and Access Control

  • On EX4300-48MP, need to hide commands to configure DHCPv6 client. PR1373691


  • Proxy ARP might not work as expected in an EVPN environment. PR1368911

General Routing

  • EX4300-32F MACsec session stays down on 1G or 10G links after events when events are performed with running traffic. PR1299484

  • EX23 and EX34 bridge-id is assigned to "02:00:00:00:00:10" irrespective of base-mac addresses. PR1315633

  • Incorrect value of optical power is displayed. PR1326642

  • CoS is incorrectly applied on Packet Forwarding Engine, leading to egress traffic drop. PR1329141

  • On EX3400 and EX2300 platforms, a redirect message is sent from the switch even when no-redirect is set for the specified interface. PR1333153

  • The FXPC process might crash after adding or deleting a Q-in-Q VLAN to an interface on EX2300 and EX3400 platforms. PR1334850

  • VLAN change for reauthentication and CoA scenarios is supported only when no other client is authenticated in the same PVLAN domain. PR1346936

  • After an FPC becomes online, the other FPC's CPU usage might go up to 100 percent and have traffic loss for around 30 seconds. PR1346949

  • The 40G interfaces might not forward traffic. PR1349675

  • On EX4300-48MP, when DAI and IPSG are configured for many VLANs, then DAI statistics for one interface show incorrect values. PR1355963

  • On EX2300, EX3400, and EX4300MP platforms in a Virtual Chassis setup, dynamic ARP inspection might fail after Virtual Chassis switchover when VSTP is enabled along with no-mac-table-binding. PR1359753

  • When EX2300/EX3400 platforms are used as transit switches, the traffic sent out of an IRB interface might use the original MAC address instead of the configured MAC address for the IRB interface. PR1359816

  • On EX2300MP platforms, the fan count is incorrect in jnxFruName, jnxFilledDescr, and jnxContainersCount.4. PR1361025

  • On EX4300-48MP platforms, dot1x protocol subsystem is taking a long time to respond to management requests with the error the dot1x-protocol subsystem is not responding to management requests. PR1361398

  • Non-existent fan tray 1 reported by chassisd on EX2300. PR1361696

  • EX4300MP MACsec AES-GCM-128-XPN and AES-GCM-256-XPN cipher suites are not supported for MGE ports. PR1362035

  • Unexpected DCD_PARSE_ERROR_SCHEDULER messages are logged when MS-MPC and MS-MIC are brought offline or online. PR1362734

  • FPM board status is missing in SNMP MIB walk result. PR1364246

  • On EX2300 platforms, show filter hw summary is showing incomplete output. PR1364930

  • The l2cpd process might crash when configuring MVRP with private VLAN and RSTP interface all. PR1365937

  • Virtual Chassis split followed by fxpc core file might occur upon scaling VLAN members. PR1369678

  • Unicast ARP packet loop might be observed in DAI scenario. PR1370607

  • NTP broadcast packets are not forwarded out on L2 ports. PR1371035

  • MAC refresh packet might not be sent out from the new primary link after the RTG failover. PR1372999

  • BOOTP packets might be dropped if BOOTP-support is not enabled at the global level. PR1373807

  • FPC might crash when flapping the output interface of analyzer or sampling. PR1374861

  • Port access list group is not properly reallocating TCAM slices. PR1375022

  • On EX4300-48MP, syslog error Error in bcm_port_sample_rate_set(ifl_cmd) : Reason Invalid port is seen. PR1376504

  • The interface ae480 or above might be in STP discarding state on the EX9200. PR1378272

  • MACsec issue on EX3400 Virtual Chassis running on Junos OS Release 15.1X53-D59. PR1378710

  • ARP request packets might be sent out with 802.1Q VLAN tag even though the outgoing interface is an access port. PR1379138

  • On EX4300-48MP, the IP transit traffic hits the lo0 filter. PR1379328

  • All interfaces belonging to certain FPCs might be lost after multiple GRES in Virtual Chassis. PR1379790

  • The dot1x does not work with Microsoft NPS server. PR1381017

  • On EX4300-48MP, the session-option stanza under the access profile hierarchy for EX Series and QFX Series platforms is not applicable. PR1385229

  • On EX9200 platforms, the warning message prefer-status-control-active is used with status-control standby might be seen whenever you commit an operation. PR1386479

  • On EX2300 with Q-in-Q (flexible-vlan-tagging) is unable to obtain DHCP IP for IRB after a reboot/power-cycle. PR1387039

High Availability (HA) and Resiliency

  • The backup Routing Engine might go to db prompt after removing or restoring the configuration. PR1269383


  • Unable to provide management when em0 interface of FPC is connected to another FPC Layer 2 interface of the same Virtual Chassis. PR1299385

  • The upgrade might fail if bad blocks occur in the flash memory device or file system. PR1317628

  • Need support for archiving dmesg file /var/run/dmesg.boot*. PR1327021

  • Enabling mac-move-limit stops ping on flexible-vlan-tagging enabled interface. PR1357742

  • Core file is generated upon attempt to commit configuration. PR1376362

Interfaces and Chassis

  • MC-LAG peer does not send ARP request to the host. PR1360216

Layer 2 Features

  • The dcpfe and fxpc process might crash on Packet Forwarding Engines with low memory while allocating a huge memory. PR1362332

  • RTG MAC refresh packets will be sent out from non-RTG ports if the RTG interface belonging to the Virtual Chassis master flaps. PR1389695

Platform and Infrastructure

  • The mismatch of vlan-id between a logical interface and VLAN configuration might result in traffic getting silently dropped and discarded. PR1259310

  • Packet drop might be seen on the lt-x/2/x or lt-x/3/x logical tunnel interfaces. PR1345727

  • The ports using SFP-T transceiver might still be up after the system stops. PR1354857

  • Interface flapping is seen on EX4300 switch. PR1361483

  • Some interfaces cannot be added under MSTP configuration. PR1363625

  • On EX4300 and EX4600 platforms, the l2ald process might crash in dot1x scenario. PR1363964

  • The Packet Forwarding Engine might crash when it encounters a frequent MAC move. PR1367141

  • Forwarding broken after adding protocol EVPN extended-vlan-id. PR1368802

  • LLDP TLV with incorrect switch port capabilities might be sent. PR1372966

  • On EX4300-48MP, the unsupported 1G optics in 10G uplink module cause interface traffic drop. PR1374390

  • Packet drop to the router is observed with indirect next hop when load balancing is configured. PR1376057

  • Packet drops on interface if the statement gigether-options loopback is configured. PR1380746

  • IRB interface does not turn down when the master chassis of the Virtual Chassis is rebooted or halted. PR1381272

  • On the EX4300 switch, if a loss priority value of high is set for multicast packets by a classifier at the ingress interface, the configuration is overridden by the storm-control filter. PR1382893

  • EX4300 device chooses incorrect bridge-id as RSTP bridge-id. PR1383356

  • On EX4300-48MP mixed Virutal Chassis, the Packet Ordering Engine interface maximum power configuration on EX4300 member gives error when configured more than 30. PR1383717

  • Layer 3 IP route will be destroyed after Layer 2 next-hop change is seen. PR1389688

Routing Protocols

  • On EX4300-48MP, stale VLAN entries are seen after continuous script run involving split, merge, and reboot. PR1363739

Resolved Issues: 18.2R1

Forwarding and Sampling

  • DHCP service crashes after EX9251 switch is set to factory default by zeroize. PR1329682

General Routing

  • Traffic loss is observed while performing NSSU. PR1311977

  • The major alarm Fan and PSU Airflow direction mismatch might be seen when removing the management cable. PR1327561

  • A new configuration statement operational status detail statement is added in show poe interface. PR1330183

  • The rpd process generates a core file on new backup Routing Engine at task_quit,task_terminate_timer_callback,task_timer_dispatch,task_scheduler after disabling NSR+GRES. PR1330750

  • Cannot install backup Linux first when both SSD partitions are corrupted. PR1342168

  • On EX2300-24MP chassis, the FAN count is incorrect in jnxFruName, jnxFilledDescr and jnxContainersCount.4. PR1361025

  • On EX4300-48MP, while running regression scripts, syslog error Error in bcm_port_sample_rate_set(ifl_cmd) : Reason Invalid port is seen. 1376504

  • IP transit traffic hits the lo0 filter. PR1379328

  • In EX4300-48MP on rare occasion, when arp-inspection and ip-source-guard are configured for around 150 VLANs together, then some port might show incorrect large value for DAI statistics. PR1379443

  • On rare occasions in EX4300-48MP, when dynamic-arp-inspectionand ip-source-guard are removed and added back for around 150 VLANs in one go, then arp-inspection statistics for one of the port shows garbage value. PR1379447

Interfaces and Chassis

  • On EX2300 and EX3400, IPv6 neighborship is not created on the IRB interface. PR1198482

  • On all Junos OS platforms with MC-LAG and VRRP enabled, ARP request might be generated with IRB IP and IRB MAC instead of VIP and VRRP MAC if MC-LAG and VRRP configuration are done in a single commit. PR1257246

  • The interface might not work properly after FPC restarts. PR1329896

Layer 2 Ethernet Services

  • EX Series platforms might display a false positive CB alarm PMBus Device Fail. PR1298612

Layer 2 Features

  • The DCPFE/FXPC process might crash and generate a core file. PR1362332


  • A unified ISSU is not supported with MPLS configuration. PR1264786

Platform and Infrastructure

  • Autonegotiation is not working as expected between EX4300 and SRX5800. PR1311458

  • The FPC might crash because of the memory leak caused by the VTEP traffic. PR1356279

Documentation Updates

There are no errata or changes in Junos OS Release 18.2R2 documentation for the EX Series switches.

Migration, Upgrade, and Downgrade Instructions

This section contains the upgrade and downgrade support policy for Junos OS for the EX Series. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network. For information about software installation and upgrade, see the Installation and Upgrade Guide.


NSSU is not supported on EX2300-VC/EX3400-VC from Junos OS Release 15.1X53 to Junos OS Release 18.1R1 or later releases. For example, NSSU is not supported from Junos OS Release 15.1X53-D58 to Junos OS Release 18.1R1 or Junos OS Release 15.1X53-D57 to Junos OS Release 18.2R2.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1, 17.2 and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.

You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see

Product Compatibility

Hardware Compatibility

To obtain information about the components that are supported on the devices, and the special compatibility guidelines with the release, see the Hardware Guide for the product.

To determine the features supported on EX Series switches in this release, use the Juniper Networks Feature Explorer, a Web-based application that helps you to explore and compare Junos OS feature information to find the right software release and hardware platform for your network. Find Feature Explorer at

Hardware Compatibility Tool

For a hardware compatibility matrix for optical interfaces and transceivers supported across all platforms, see the Hardware Compatibility tool.