Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for EX Series Switches


These release notes accompany Junos OS Release 18.4R3 for the EX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at

New and Changed Features

This section describes the new features and enhancements to existing features in Junos  OS Release 18.4 for the EX Series.


The following EX Series switches are supported in Release 18.4R3: EX2300, EX2300-C, EX3400, EX4300, EX4600-40F, EX4650, EX9200, EX9204, EX9208, EX9214, EX9251, and EX9253.

Release 18.4R3 New and Changed Features

There are no new features or enhancements to existing features for EX Series in Junos OS Release 18.4R3.

Release 18.4R2-S3 New and Changed Features


  • Layer 2 and 3 families, encapsulation types, and VXLAN on the same physical interface (EX4600 switches)—You can configure and commit the following on a physical interface of an EX4600 switch in an EVPN-VXLAN environment:

    • Layer 2 bridging (family ethernet-switching) on any logical interface unit number (unit 0 and any nonzero unit number).

    • VXLAN on any logical interface unit number (unit 0 and any nonzero unit number).

    • Layer 2 bridging (family ethernet-switching and encapsulation vlan-bridge) on different logical interfaces (unit 0 and any nonzero unit number).

    • Layer 3 IPv4 routing (family inet) and VXLAN on different logical interfaces (unit 0 and any nonzero unit number).

    For these configurations to be successfully committed and to work properly, you must specify the encapsulation flexible-ethernet-services configuration statement at the physical interface level—for example, set interfaces xe-0/0/5 encapsulation flexible-ethernet-services.

    [See Understanding Flexible Ethernet Services Support With EVPN-VXLAN.]

Release 18.4R2 New and Changed Features


  • Layer 2 and Layer 3 VXLAN gateways (EX4650 and QFX5120 switches)—Starting with Junos OS Release 18.4R2, you can deploy EX4650 and QFX5120 switches as follows:

    • As a Layer 2 VXLAN gateway, or a Layer 2 and Layer 3 VXLAN gateway in an EVPN overlay network

    • (QFX5120 switches only) As a Layer 2 or Layer 3 VXLAN gateway in an Open vSwitch Database (OVSDB) overlay network

    VXLAN is an overlay technology that allows you to stretch Layer 2 connections over an intervening Layer 3 network by encapsulating (tunneling) Ethernet frames in a VXLAN packet that includes IP addresses. Using VXLANs to connect Layer 2 domains over a Layer 3 network means that you do not need to use the Spanning Tree Protocol (STP) to converge the topology (so no links are blocked) but can use more robust routing protocols in the Layer 3 network instead.

    [See Understanding VXLANs.]

  • EVPN control plane and VXLAN data plane support (EX4650 and QFX5120 switches)—Starting with Junos OS Release 18.4R2, EX4650 and and QFX5120 switches support EVPN-VXLAN. By using a Layer 3 IP-based underlay network coupled with an EVPN-VXLAN overlay network, you can place endpoints anywhere in the network and remain connected to the same logical Layer 2 network.

    EVPN-VXLAN is commonly deployed over the following physical underlay architectures:

    • A two-layer IP fabric that includes spine devices (Layer 3 VXLAN gateways) and leaf devices (Layer 2 VXLAN gateways). You can deploy EX4650 or QFX5120 switches as spine or leaf devices in this fabric.

    • An edge-routed briding overlay, which is a one-layer IP fabric that includes leaf devices that function as both Layer 2 and Layer 3 VXLAN gateways. You can deploy EX4650 or QFX5120 switches as leaf nodes in this fabric.

    [See Understanding EVPN with VXLAN Data Encapsulation.]

  • EVPN pure type-5 route support (EX4650 and QFX5120 switches)—Starting with Junos OS Release 18.4R2, you can configure pure type-5 routing in an EVPN-VXLAN environment. Pure type-5 routing is used when the Layer 2 domain does not exist at the remote data centers. A pure type-5 route advertises the summary IP prefix and includes a BGP extended community called a router MAC, which is used to carry the MAC address of the sending switch and to provide next-hop reachability for the prefix. To configure pure type-5 routing, include the ip-prefix-routes advertise direct-nexthop statement at the [edit routing-instances routing-instance-name protocols evpn] hierarchy level. To enable two-level equal-cost multipath (ECMP) next hops in an EVPN-VXLAN overlay network, you must also include the overlay-ecmp statement at the [edit forwarding-options vxlan-routing] hierarchy level.

    [See ip-prefix-routes.]

  • Features supported on EX4650 and QFX5120 switches—Starting with Junos OS Release 18.4R2, the following Junos OS features are supported on EX4650 and QFX5120 switches:

Software Defined Networking

  • Layer 2 and Layer 3 VXLAN gateways (EX4650 and QFX5120 switches)—Starting with Junos OS Release 18.4R2, you can deploy EX4650 and QFX5120 switches as follows:

    • As a Layer 2 VXLAN gateway, or a Layer 2 and Layer 3 VXLAN gateway in an EVPN overlay network

    • (QFX5120 switches only) As a Layer 2 or Layer 3 VXLAN gateway in an Open vSwitch Database (OVSDB) overlay network

    VXLAN is an overlay technology that allows you to stretch Layer 2 connections over an intervening Layer 3 network by encapsulating (tunneling) Ethernet frames in a VXLAN packet that includes IP addresses. Using VXLANs to connect Layer 2 domains over a Layer 3 network means that you do not need to use the Spanning Tree Protocol (STP) to converge the topology (so no links are blocked) but can use more robust routing protocols in the Layer 3 network instead.

    [See Understanding VXLANs.]

Release 18.4R1 New and Changed Features


  • 2-port QSFP+/1-port QSFP28 uplink module for EX4300-48MP and EX4300-48MP-S switches—Starting with Junos OS Release 18.4R1, EX4300-48MP and EX4300-48MP-S switches support the 2-port QSFP+/1-port QSFP28 uplink module. The 2-port QSFP+/1-port QSFP28 uplink module can house two QSFP+ transceivers or one QSFP28 transceiver.

    [See EX4300 Switch Hardware Guide.]

Authentication, Authorization and Accounting (AAA) (RADIUS)

  • Support for password change policy enhancement (EX Series)—Starting in Junos OS Release 18.4R1, the Junos OS password change policy for local user accounts is enhanced to comply with additional password policies. As part of the policy improvement, you can configure the following:

    • maximum-lifetime-value—The maximum duration of a password. The password expires after the maximum is reached.

    • minimum-lifetime-value—The minimum duration of a password. You cannot change the password until the minimum duration is reached.

    [See password.]


  • Support for graceful restart on EVPN-VXLAN (EX9200)—Starting in Junos OS Release 18.4R1, Junos OS supports graceful restart on EVPN-VXLAN on EX9200 and QFX Series switches and MX Series Routers. Graceful restart allows the device to recover from a routing process restart or Routing Engine switchover without nonstop active routing (NSR) enabled.

    [See NSR and Unified ISSU Support for EVPN Overview.]

  • Support for VMTO for ingress traffic (EX9200)—Starting in Junos OS Release 18.4R1, you can configure a leaf or spine device that is configured as a Layer 3 gateway to support virtual machine traffic optimization (VMTO) for ingress traffic. VMTO eliminates the unnecessary ingress routing to default gateways when a virtual machine is moved from one data center to another.

    To enable VMTO, configure remote-ip-host routes at the [edit routing-instances routing-instance-name protocols evpn] hierarchy level. You can also filter out the unwanted routes by configuring an import policy under the remote-ip-host routes option.

    [See Configuring EVPN Routing Instances.]

  • Support for multihomed proxy advertisement (EX9200)—Starting in Junos OS Release 18.4R1, Junos OS now provides enhanced support to proxy advertise the MAC address and IP route entry from all leaf devices that are multihomed to a customer edge (CE) device. Using proxy advertisement prevents traffic loss when one of the connections to the leaf device fails. To support the multihomed proxy advertisement, all multihomed provider edge (PE) devices should have the same multihomed proxy advertisement bit value. The multihomed proxy advertisement feature is enabled by default, and Junos OS uses the default multihomed proxy advertisement bit value of 0x20.

    [See EVPN Multihoming Overview.]

  • MLD snooping support for EVPN-MPLS (EX9200)—Starting with Junos OS Release 18.4R1, you can configure Multicast Listener Discovery (MLD) protocol snooping on EX9200 switches in an EVPN over an MPLS network. Enabling MLD snooping helps to constrain IPv6 multicast traffic to interested receivers in a broadcast domain. Multicast sources and receivers in the EVPN instance (EVI) can each be single-homed to one provider edge (PE) device or multihomed in all-active mode to multiple PE devices.

    MLD snooping support in this environment includes:

    • Either MLDv1 and MLDv2 with any-source multicast (*,G) or MLDv2 with source-specific multicast (S,G) (configurable)

    • MLD state synchronization among multihoming PE devices using BGP EVPN Type 7 (Join Sync Route) and Type 8 (Leave Sync Route) network layer reachability information (NLRI)

    • Inclusive multicast forwarding from the ingress PE device into the EVPN core to reach all other PE devices

    • Forwarding across bridge domains (VLANs) using IRB interfaces and PIM operating in passive and distributed designated router (PIM-DDR) modes

    [See Overview of Multicast Forwarding with IGMP or MLD Snooping in an EVPN-MPLS Environment.]

Forwarding and Sampling

  • Support for activating or deactivating static routes on the basis of RPM test results (EX Series) —Starting in Junos OS 18.4R1, you can use RPM probes to detect link status, and change the preferred-route state on the basis of the probe results. Tracked routes can be IPv4 or IPv6, and support a single IPv4 or IPv6 next hop. For example, you can send RPM probes to an IP address to determine whether the link is up, and if it is so, take the action of installing a static route in the route table. RPM-tracked routes are installed with preference 1 and are thus preferred over any existing static routes for the same prefix.

    [See Configuring RPM Probes , rpm-tracking, and show route rpm-tracking.]

Interfaces and Chassis

  • Support for uplink module with two 40-Gigabit Ethernet ports and one 100-Gigabit Ethernet port (EX4300-48MP)—Starting with Junos OS Release 18.4R1, the 2-port QSFP+/1-port QSFP28 uplink module on EX4300-48MP switches can be configured to operate either two 40-Gigabit Ethernet ports or one 100-Gigabit Ethernet port. By default, the uplink module operates only the two 40-Gbps ports. To enable 100-Gbps speed, issue the set chassis fpc 0 pic 2 port 0 speed 100g command. The uplink module then enables the 100-Gigabit Ethernet port and disables the adjacent 40-Gigabit Ethernet ports.

    • You can install the 2-port QSFP+/1-port QSFP28 uplink module only in PIC slot 2 on the switch.

    • You can configure 100-Gbps speed only on port 0 of PIC 2 (which is the uplink module slot on the switch).

    You can also channelize 40-Gigabit Ethernet interfaces, to four independent 10-Gigabit Ethernet interfaces using breakout cables.

    [See Setting the Mode on 2-port QSFP+/1-port QSFP28 Uplink Module (CLI Procedure).]

Junos Telemetry Interface

  • Packet Forwarding Engine and Routing Engine sensor support for Junos Telemetry Interface (JTI) (EX4600 switches)—Starting in Junos OS Release 18.4R1, JTI supports Packet Forwarding Engine and Routing Engine statistics for EX4600 switches:

    The following Routing Engine statistics are supported through JTI:

    • LACP state export

    • Chassis environmentals export

    • Network discovery chassis and components

    • LLDP export and LLDP model

    • BGP peer information (RPD)

    • RSVP interface export

    • RPD task memory utilization export

    • LSP event export

    • Network Discovery ARP table state

    • Network Discovery NDP table state

    The following Packet Forwarding Engine statistics are supported through JTI:

    • Congestion and latency monitoring

    • Logical interface

    • Filter

    • Physical interface

    • LSP

    • NPU/LC memory

    • Network Discovery NDP table state

    To provision a sensor to export data through gRPC, use the telemetrySubscribe RPC to specify telemetry parameters. Streaming telemetry data through gRPC also requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support the Junos Telemetry Interface (JTI).

    [See Configuring a Junos Telemetry Interface Sensor (CLI Procedure), Configure a Telemetry Sensor in Junos and Guidelines for gRPC Sensors (Junos Telemetry Interface).]


  • Multicast VLAN registration (MVR) (EX2300 and EX3400 switches and Virtual Chassis)—Starting in Junos OS Release 18.4R1, EX2300 and EX3400 switches and Virtual Chassis support multicast VLAN registration (MVR). MVR efficiently distributes IPTV multicast streams across an Ethernet ring-based Layer 2 network, reducing the bandwidth required for this traffic by using a multicast VLAN (M-VLAN) over which multicast traffic is forwarded to interested listeners on other VLANs that are configured as MVR receiver VLANs. You can configure MVR at the [edit protocols igmp-snooping vlan vlan-name data-forwarding] source and receiver hierarchy levels, and use the show igmp snooping data-forwarding CLI command to view configured M-VLAN and MVR receiver VLAN associations. (The feature described above is documented but not supported on EX2300 and EX3400 switches and Virtual Chassis in Junos OS Release 18.4R1.)

    [See Understanding Multicast VLAN Registration.]

Port Security

  • Support for DHCP snooping and other access port security features on private VLANs (EX2300 and EX3400 switches and Virtual Chassis)—Starting in Junos OS Release 18.4R1, you can enable Dynamic Host Configuration Protocol (DHCP) snooping for security purposes on access ports that are in a private VLAN (P-VLAN). You can also protect those ports with DHCP options, dynamic ARP inspection (DAI), IP source guard, and neighbor discovery inspection.

    PVLANs provide Layer 2 isolation between ports within a VLAN, splitting a broadcast domain into multiple discrete broadcast subdomains by creating secondary VLANs. PVLANs are useful for restricting the flow of broadcast and unknown unicast traffic and for limiting the communication between known hosts.

    Ethernet LANs are vulnerable to attacks such as address spoofing (forging) and Layer 2 denial of service (DoS) on network devices. The following port security features help protect access ports on your device against loss of information and productivity that such attacks can cause:

    • DHCP snooping—Filters and blocks ingress DHCP server messages on untrusted ports. DHCP snooping builds and maintains a database of DHCP lease information, which is called the DHCP snooping database.

    • DHCPv6 snooping—DHCP snooping for IPv6.

    • DHCP option 82—Also known as the DHCP Relay Agent Information option. This option helps protect the switch against attacks such as spoofing of IP addresses and MAC addresses and DHCP IP address starvation.

    • DHCPv6 option 37—Remote ID option for DHCPv6. The option is used to insert information about the network location of the remote host into DHCPv6 packets.

    • DHCPv6 option 18—Circuit ID option for DHCPv6. The option is used to insert information about the client port into DHCPv6 packets.

    • DHCPv6 option 16—Vendor ID option for DHCPv6. The option is used to insert information about the vendor of the client hardware into DHCPv6 packets.

    • DAI—Prevents Address Resolution Protocol (ARP) spoofing attacks. ARP requests and replies are compared against entries in the DHCP snooping database, and filtering decisions are made on the basis of the results of those comparisons.

    • IP source guard—Mitigates the effects of IP address spoofing attacks on the Ethernet LAN. The source IP address in the packet sent from an untrusted access interface is validated against the DHCP snooping database.

    • IPv6 source guard—IP source guard for IPv6.

    • IPv6 neighbor discovery inspection—Prevents IPv6 address spoofing attacks. Neighbor discovery requests and replies are compared against entries in the DHCPv6 snooping database, and filtering decisions are made on the basis of the results of those comparisons.

    [See Putting Access Port Security on Private VLANs.]

  • Untrusted mode on trunk interfaces for DHCP snooping (EX2300, EX3400, EX4300 and EX4600 switches)—Starting in Junos OS Release 18.4R1, you can configure a trunk interface as untrusted for DHCP security. Trunk interfaces in untrusted mode support DHCP snooping and DHCPv6 snooping, dynamic ARP inspection (DAI), and IPv6 neighbor discovery (ND) inspection.

    [See Understanding Trusted and Untrusted Ports.]

Virtual Chassis

  • Virtual Chassis support (EX2300-24MP, EX2300-48MP)—Starting in Junos OS Release 18.4R1, multigigabit EX2300 switches can be interconnected into a Virtual Chassis with other EX2300 model switches as follows:

    • Any combination of up to four EX2300-24MP, EX2300-48MP, EX2300, and EX2300-C switches is supported.

    • You do not need to set mixed mode.

    • Any models of EX2300 switches can be in the master or backup Routing Engine roles.

    • Any 10-Gbps uplink ports installed with SFP+ transceivers can be configured as Virtual Chassis ports (VCPs) to interconnect member switches.

    • Use the same steps as for configuring any other EX2300, EX3400, or EX4300 Virtual Chassis.

    [See Understanding EX Series Virtual Chassis.]


  • Support to control traceroute over Layer 3 VPN (EX Series)—Starting in Junos OS Release 18.4R1, in a Layer 3 VPN topology with vrf-table-label configured and multiple customer edge (CE) routers configured in the same VPN routing and forwarding (VRF) routing instance, when you perform traceroute to a remote provider edge (PE) router for a CE-facing network, the ICMP time exceeded packet determines the correct IP address as the source address.

    To control the traceroute, configure allow-l3vpn-traceroute-src-select at [edit system] hierarchy level This configuration determines the correct IP source address by reviewing the destination routing instance and destination IP address.

    [See allow-l3vpn-traceroute-src-select.]

Changes in Behavior and Syntax

This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands from Junos OS main release and the maintenance releases for the EX Series.

Changes in Behavior and Syntax: 18.4R3-S6

Platform and Infrastructure

  • Updates to ON-CHANGE and periodic dynamic subscriber interface metadata sensors (MX Series routers and EX9200 line of switches)—We've made the following updates to the /junos/system/subscriber-management/dynamic-interfaces/interfaces/meta-data/interface[sid='sid-value']/ sensor:

  • Notifications are sent when subscribers log in on either IP demux or VLAN demux interfaces. In earlier releases, login notifications are sent only for IP demux logins.

  • The interface-set end path has been added to the logical interface metadata. The interface-set field appears in both ON-CHANGE and periodic notifications. In earlier releases, this field is not included in the sensor metadata or notifications.

[See gRPC Sensors for Subscriber Statistics and Queue Statistics for Dynamic Interfaces and Interface-Sets (Junos Telemetry Interface).]

Changes in Behavior and Syntax: 18.4R3

Routing Protocols

  • Advertising /32 secondary loopback addresses to traffic engineering database as prefixes (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—We've made changes to export multiple loopback addresses to the lsdist.0 and lsdist.1 routing tables as prefixes. This eliminates the issue of advertising secondary loopback addresses as router IDs instead of prefixes. In earlier releases, multiple secondary loopback addresses in the traffic engineering database were added to the lsdist.0 and lsdist.1 routing tables as part of node characteristics and advertised them as the router ID.

Changes in Behavior and Syntax: 18.4R2

Interfaces and Chassis

  • No support for performance monitoring on aggregated Ethernet Interfaces (EX4300)—EX4300 switches do not support Y.1731 performance monitoring (PM) over aggregated Ethernet Interfaces.

    [See sla-iterator-profile.]

  • Logical Interface is created along with physical Interface by default (EX Series switches)—In Junos OS Release 18.4R2 and later, by default, logical interfaces are created on ge-, et-, xe- interfaces along with the physical interface. In earlier Junos OS releases, by default, only physical interfaces are created.

    For example, in earlier Junos OS releases, if you run the show interfaces command for ge- interfaces, then by default, only the physical interface (ge-0/0/0) is displayed. From Junos OS Release 18.4R2 onward, the logical interface (ge-0/0/0.16386) is also displayed.

Routing Protocols

  • Change in the default behavior of advertise-from-main-vpn-tables configuration statement—BGP now advertises EVPN routes from the main bgp.evpn .0 table. You can no longer configure BGP to advertise the EVPN routes from the routing instance table. In earlier Junos OS Releases, BGP advertised EVPN routes from the routing instance table by default.

    [See advertise-from-main-vpn-tables.]


  • Syslog or log action on firewall drops packets (EX4600 switches)—Starting in Junos OS Release 18.4R2, if you configure syslog and log references to the actual action terms configured in a firewall filter, control packets and ICMP packets sent to the Routing Engine might be dropped.

Changes in Behavior and Syntax: 18.4R1

Interfaces and Chassis

  • Enhanced AC PEM in high-line power configuration supplies 2400 W power (EX9204)—Starting in Junos OS Release 18.4R1, on EX9204 switches, the enhanced AC PEM in ahigh-line power configuration provides a power output of 2400 W. On Junos OS releases before Release 18.4R1, the PEM provided only 2050 W of power output.

    [See show chassis power.]

  • Support for creating Layer 2 logical interface independently (ACX Series, EX Series, MX Series, PTX Series, and QFX Series)—In Junos OS Releases 18.4R1, 18.4R2 and later, EX Series switches support creating Layer 2 logical interfaces independent of the Layer 2 routing-instance type. That is, you can configure and commit the Layer 2 logical interfaces separately and add the interfaces to the bridge domain or Ethernet VPN (EVPN) routing instance separately. Note that the Layer 2 logical interfaces work fine only when they are added to the bridge domain or EVPN routing instance.

    In earlier Junos OS releases, when you use a Layer 2 logical interface configuration (units with encapsulation vlan-bridge configuration), then you must add the logical interface as part of a bridge domain or EVPN routing instance for the commit to succeed.

Network Management and Monitoring

  • The NETCONF server omits warnings in RPC replies when the rfc-compliant statement is configured and the operation returns <ok/> (EX Series)—Starting in Junos OS Release 18.4R1, when you configure the rfc-compliant statement at the [edit system services netconf] hierarchy level to enforce certain behaviors by the NETCONF server, the server must not return an RPC reply that encloses both an <rpc-error> element and an <ok/> element. If the operation is successful, but the server reply would enclose one or more <rpc-error> elements of severity warning in addition to the <ok/> element, then the warnings are omitted. In earlier releases, or when the rfc-compliant statement is not configured, the NETCONF server might issue an RPC reply that encloses both an <rpc-error> element of severity warning and an <ok/> element.

  • SNMP customization configuration introduced (EX Series)—In Junos OS Release 18.4R1, we have introduced the CLI configuration command set snmp customization ether-stats-ifd-only. When ether-stats-ifd-only is configured, the show snmp mib walk etherstatsTable command displays data only for physical interfaces.

    [See customization (SNMP).]


  • Firewall warning message (EX2300 switches)—Starting in Junos OS Release 18.4R1, a warning message is displayed whenever a firewall term includes log or syslog with the accept filter action.

Known Behavior

This section lists known behavior, system maximums, and limitations in hardware and software in Junos OS Release 18.4R3 for the EX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Class of Service (CoS)

  • On EX4650 switches, if the CoS configurations are modified when egress traffic is shaped at a very low rate (< 50 Mbps), packets might get stuck in the MMU buffers permanently. This might cause ingress or egress traffic drops. When low rate shapers (< 50 Mbps) are applied on egress queues, we recommend you to deactivate shaping before any CoS modification or ensure traffic is stopped before modifying the CoS configuration. PR1367432


  • When a VLAN uses an IRB interface as the routing interface, the vlan-id parameter must be set to none to ensure proper traffic routing. This issue is platform independent. PR1287557

General Routing

  • When vlan is added as an action for changing the VLAN in both ingress and egress filters, the filter will not be installed. PR1362609

  • A few error messages related to the function rt_mesh_group_add_check() are seen during reboot. These errors are harmless. PR1365049

  • Automatic channelization is not supported for 40GBASE-BXSR, QSFP+40GE-LX4, QSFP-100G-PSM4, and 100GBASE-BXSR optics. PR1366103

  • On the EX4300-MP switch, the et-0/2/* (100-Gigabit Ethernet) interface multicast queue in strict-priority mode gets the priority treatment only across other multicast queues. PR1377692


  • If Junos OS panics with a file-system-related panic, such as 'dup alloc', recovery through the OAM shell might be needed. From the OAM shell, run fsck on the root volume until it is marked clean. Only at this point it is safe to reboot to the normal volume. PR1444941

Routing Protocols

  • On EX4650 switches, 254 neighbors and 200,000 routes can be scaled for IS-IS v4. Beyond 200,000 routes with 254 neighbors, adjacency flaps and traffic drop will be seen. However, with 40 neighbors, scaling of 351,000 routes is achieved. PR1368106

Virtual Chassis

  • A Virtual Chassis internal loop might occur on a node coming up from a reboot. During nonstop software upgrade (NSSU) on a EX4600 or EX4300 Virtual Chassis, minimal traffic disruption or a traffic loop (greater than 2 seconds) might occur. PR1347902

Known Issues

This section lists the known issues in hardware and software in Junos OS Release 18.4R3 for the EX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Authentication and Access Control

  • Before running the load ssl-certificate path PATHNAME command, configure the path using the set protocols dot1x ssl-certificate-path PATHNAME command, if the default pathname is not /var/tmp/. PR1431086

General Routing

  • ARP queue limit has been changed from 100 pps to 3000 pps. PR1165757

  • When you run request system reboot, the box undergoes zeroization, which triggers zero-touch provisioning (ZTP). During the mounting stage, /var/db/scripts/import does not get created, which later causes the configuration to be committed partially. This is seen in the warning Warning: Commit failed, activating partial configuration. Warning: Edit the router configuration to fix these errors.. PR1289782

  • On an EX2300 switch, the output of the show chassis routing-engine command might display an incorrect value of mac reset for the last reboot reason field. PR1331264

  • There is no support of interface range for channelized interfaces on an EX9253 switch. The user has to configure interfaces individually. PR1350635

  • On an EX4650 switch, if lcmd is restarted, a chassisd core file will be generated with traffic drop for a few seconds. PR1363652

  • On an EX4300 switch configured with a firewall filter on lo0 and DHCP security on a VLAN simultaneously might drop legitimate DHCP renew requests from clients on the corresponding VLANs. This occurs because of the implementation design and chipset limitation. PR1376454

  • On EX2300 and EX3400 switches, image upgrade might fail due to insufficient space issue. PR1376488

  • On an EX9208 switch, few xe- interfaces are going down with the error message if_msg_ifd_cmd_tlv_decode ifd xe-0/0/0 #190 down with ASIC Error . PR1377840

  • PXE installation might fail due to a failure in image upgrade post PXE initialization. PR1406743

  • On an EX9200 switch with MC-LAG configuration and other features enabled, there is a loss of approximately 20 seconds during restart of routing daemon. This traffic loss varies with the configuration that is done. PR1409773

  • The error smic_bcm8238x_set_phy_mode: unable to set front panel mode (err -11) is observed while rebooting the AD-2 with base configurations. PR1417121

  • On EX2300-24T and EX4650 platforms, uRPF check in strict mode might not work properly. PR1417546

  • Issue with installing EFL license on EX4300-XXMP switches only. When adding the license, the license fails to add. For example: {master:0} root@d06-34> request system license add terminal Mar 01 12:03:05 [Type ^D at a new line to end input, enter blank line between each license key] EmergencyJUNOS285602007 aeaqia qmlbjd amrrha 2tcmbr gayaqb ycsbdm mjggim gbastv nzuxaz lsebew 45dfoj xgc3ah fbo6ct 7vv3hl ykp4zq 5g6xch szi7aq 3pek5e vh4myw jdi5wq dxyi3c rkgydi 3crzkr szq terminal:1 error: EmergencyJUNOS285602007: license not valid for this product add license failed (1 errors). This issue affects only EFL licenses (AFL is not affected) and EX4300-MP devices. As a workaround, upgrade to Junos OS Release 18.3R3 and later or to Junos OS Release 18.4R2 and later. PR1421033

  • BUM traffic rate limiting is done after removing Ethernet headers. L1 TX rate on ingress interface: 1G Tx rate with headers: 865Mbps Rx rate on the egress interface:800M L1 RX rate on egress interface: 925Mbps. Storm control functionalities in MX-L card is achieved by poilcer and hence the below mentioned policer inaccuracy is applicable for storm control feature as well. Since XM sprays packets to 4 different LUs, each LU will be processing packets of varying sizes.XM does not do strict round-robin, so even if all the incoming packets were to be of exact same sizes (which is not a practical scenario), each LU will still be loaded differently, hence there will be some periods where some LUs policing limit may reach sooner than the others (either due to processing more packets or due to processing larger packets). Hence, it is possible that, some LUs, who see the policing limit reached sooner may drop the packet or color them differently that might result into eventual drop while the other LUs could queue the packets for transmission; We could see this behavior within a single flow as well. Hence the policier functionality can be unpredictable at times. In an extreme case, a packet flow might be sent to a single LU and the policer result is 1/4th of what it is expected. Since the policer functionality, in general, might not work correctly, we will see the impact on all the policing features - for example, input-policer, three-color-policer (srTCM, trTCM), output-policer. PR1442842

  • MAC addresses learned on redundant trunk group (RTG) might not be aged out after aging time if the source interface is configured as RTG. PR1461293

  • On EX3400 Virtual Chassis, during reboot or upgrade, because of a high CPU load in slow path of FXPC, TCP keep alive message is not sent. Hence, it is observed that sometimes a few Virtual Chassis members might take longer to join the Virtual Chassis. PR1467707

  • On EX3400 switches, traffic loss is seen when SFP-T is connected because of autonegotiation failure. PR1469750


  • Junos OS might hang when trying to acquire the SMP IPI lock while rebooting when it is running as a VM on Linux and QEMU hypervisor. PR1359339

  • When an SNMP poll is performed for the following OIDs, the backup Routing Engine returns the value 6 (6=down) for the fan and 1 (1=unknown) for the PSUs, even though the fan and PSUs are up. Fan: PSU: For a permanent fix, upgrade the chassis to Junos OS Release 15.1R8 or later. PR1360962

  • On EX3400 and EX2300 switches, during zero-touch provisioning (ZTP) with configuration and image upgrade with FTP as file transfer, image upgrade is successful, but sometimes VM core file might be generated. PR1377721

  • On EX Series switches, if configuring large-scale number of firewall filters on some interfaces, the FPC crash with core files might be seen. PR1434927

  • On an EX4300 switch, the CLI configuration set chassis routing-engine on-disk-failure disk-failure-action (reboot | halt) is not supported. PR1450093

Interfaces and Chassis

  • On GRES, VSTP port cost on aggregated Ethernet interfaces might get changed, leading to a topology change. PR1174213


  • IGMP query packets might be duplicated between Layer 2 interfaces with IGMP snooping enabled. PR1391753

Network Management and Monitoring

  • In a rare case, where trace files are not properly closed by the OS, traceoption logs might stop writing to a log file. PR1380764

Platform and Infrastructure

  • On EX4300 or EX4300 Virtual Chassis, if the VLAN Spanning Tree Protocol (VSTP) is configured, when some operations with VSTP (for example, deactivating/activating VSPT interface, deactivating/activating VSPT VLAN, and so on) are done, it might cause a pfex process crash. PR1178539

  • There are multiple failures when an event, such as node reboot, ICL flap, or ICCP flap occurs; and even with enhanced convergence configured there is no guarantee that subsecond convergence will be achieved. PR1371493

  • On EX2300 and EX3400 platforms, when doing an upgrading operation, as image size grows over a period of time and subsequently storage is insufficient to install images, the upgrade might fail with the error message not enough space to unpack. PR1464808

Routing Protocols

  • Error messages pimd_rtrequest_v4(1133), IS_MASTER_RE: 1, Process: rpd, RTM_ID: 5, error: 17, errmsg: rt exists; ifindex = 340 are cosmetic and expected logs. These logs are not harmful and have no functional impact, it just shows the state of PIM register messages. These logs are already LOG_DEBUG for external builds, you do not need to do any change in any of the components. PR1371431

  • mcsnoopd might crash when all the core-facing interfaces that are part of the Layer 2 domain have flapped and it is attempting to flood a packet received over a CE interface, over the core-facing interfaces. PR1470183

Subscriber Access Management

  • The authd reuses address too quickly before jdhcpd completely cleans up the old subscriber, which results in syslog errors: : jdhcpd: %USER-3-DH_SVC_DUPLICATE_IPADDR_ERR: Failed to add as it is already used by 1815. PR1402653

Resolved Issues

This section lists the issues fixed in the Junos OS Release 18.4R3 for EX Series switches.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 18.4R3

Resolved Issues

General Routing

  • Certain EX Series devices are vulnerable to 'Etherleak' memory disclosure in Ethernet padding data (CVE-2017-2304). PR1063645

  • Transit OSPF traffic over Q-in-Q tunneling might be dropped if a firewall filter is applied to lo0 interface. PR1355111

  • l2ald process might crash and generate a core file on EX2300 Virtual Chassis when a trunk is converted port to a dot1x access port with tagged traffic flowing. PR1362587

  • The interface on a failed member FPC of EX2300 and EX3400 Virtual Chassis might stay up 120 seconds. PR1422507

  • IPv6 multicast traffic received on one Virtual Chassis member might be dropped when exiting an other Virtual Chassis member if MLD snooping is enabled. PR1423310

  • MAC overlapping between different switches. PR1425123

  • Virtual Chassis split after network topology changed. PR1427075

  • The FXPC or Packet Forwarding Engine might crash on EX2300 and EX3400 switches. PR1427391

  • Rebooting or halting Virtual Chassis member might cause traffic on redundant trunk group (RTG) link to be down for about 30 seconds. PR1427500

  • On EX2300-24P switches, l2ald core file is observed after removal and re-addition of multiple supplicant mode with PVLAN on interface. PR1428469

  • Verification of ND inspection with a dynamically bound client, moved to a different VLAN on the same port is failing. PR1428769

  • The delay in transmission of BPDUs after GRES might result in loss of traffic on EX2300 and EX3400 Virtual Chassis. PR1428935

  • EX4300-48MP switch cannot learn MAC address through some access ports that are directly connected to a host when auto-negotiation is used. PR1430109

  • Disabling DAC QSFP port might not work on EX9251 switches.PR1430921

  • Erroneous log messages and chassis environment output related to fan tray in EX4300MP-EX4300-48P Virtual Chassis. PR1431263

  • The l2cpd process might crash and generate a core file when interfaces are flapping. PR1431355

  • Packet drop might be seen if native VLAN is configured along with flexible VLAN tagging. PR1434646

  • Micro-BFD session might flap upon inserting a QSFP to other port. PR1435221

  • The MC-AE interface might get stuck in waiting state in dual MC-AE scenario. PR1435874

  • I40e NVM upgrade support for EX9200 platform. PR1436223

  • IRB over VTEP unicast traffic might get dropped on EX9200 switches. PR1436924

  • GE/MGE SFP-T interface might not come up on EX2300, EX3400, and EX4300 switches. PR1438078

  • Commit check error for VSTP on EX9200 switches: xSTP:Trying to configure too many interfaces for given protocol. PR1438195

  • LEDs turn on even after the Virtual Chassis members are powered off. PR1438252

  • The DHCP snooping table might be cleared for VLAN ID 1 after adding a new VLAN ID to it. PR1438351

  • RPD might generate core file during router boot up because of a file pointer issue as there are two code paths that can close the file. PR1438597

  • The dot1x might not work when captive port is also configured on the interface on backup or non-master FPC. PR1439200

  • DHCPv6 relay binding is not up while verifying the DHCP snooping along with DHCPv6 relay. PR1439844

  • EX4600 Virtual Chassis does not come up after fiber connection on Virtual Chassis port is replaced with DAC cable. PR1440062

  • CPU might hang or interface might be stuck down on particular 100-Gigabit Ethernet port on EX Series switches. PR1440526

  • MAC addresses learned on redundant trunk group (RTG) might not be aged out after a Virtual Chassis member is rebooted. PR1440574

  • Clients in isolated VLAN might not get IP addresses after completing authentication when both dhcp-security and dot1x are configured. PR1442078

  • EX3400 fan alarm (Fan X not spinning) appears and disappears repeatedly after the fan tray (absent) is removed. PR1442134

  • The rpd might crash when BGP sends a notification message. PR1442786

  • DHCPv6 client might fail to get an IP address. PR1442867

  • Non-designated port is not moving to backup port role. PR1443489

  • The /var/host/motd does not exist message is flooded every 5 seconds in chassisd logs. PR1444903

  • [EX4300-MP] Log generated continuously rpd[6550]: task_connect: task AGENTD I/O. addr Connection refused. PR1445618

  • Major alarm log messages for temperature conditions for EX4600 switch at 56 degrees Celsius. PR1446363

  • The traffic might be dropped when a firewall filter rule uses then vlan as the action in a Virtual Chassis scenario. PR1446844

  • Phone home on EX3400 switches fails because sysctl cannot read the device serial number. PR1447291

  • EX3400 Virtual Chassis might hang when a disk error occurs on EX3400 switches. PR1447853

  • Unicast ARP requests are not replied to with no-arp-trap option. PR1448071

  • On EX3400 switches, IPv6 routes received through BGP do not show the correct age time. PR1449305

  • Except one aggregated Ethernet member link, the other links do not send out sFlow sample packets for ingress traffic. PR1449568

  • Tunneling-encapsulated packets are dropped on Layer 3 VPN MPLS PE-CE interface. PR1451032

  • DHCP snooping static binding does not take effect after deleting and re-adding the entries. PR1451688

  • On EX3400 switches with half-duplex mode on 10-Mbps or 100-Mbps speed at medium traffic egress traffic flow might stop on the port and MAC pause frames will be incrementing on receive direction. PR1452209

  • The l2ald and eventd are hogging 100 percent after the clear ethernet-switching table command is issued. PR1452738

  • Configuration change in VLAN-all option might affect the per-VLAN configuration. PR1453505

  • Version compare in PHC might fail making PHC download the same image. PR1453535

  • A firewall filter might not be able to be applied in a particular Virtual Chassis or Virtual Chassis Fabric member as TCAM is running out of space. PR1455177

  • Packet drop might be seen after removing and reinserting the SFP of the 40G Uplink Module ports. PR1456039

  • Link up delay after rebooting one of Flexible PIC Concentrator (FPC) in EX4600 Switch Virtual Chassis. PR1456336

  • Timeout connecting to peer 'database-replication'. PR1457284

  • Overtemperature SNMP trap messages are displayed after update even though the temperatures are within the system thresholds. PR1457456

  • The correct VoIP VLAN information in LLDP-MED packets might not be sent after commit if dynamic VoIP VLAN assignment is used. PR1458559

  • The FXPC process might crash due to several BGP IPv6 session flaps. PR1459759

  • Storage space limitation leads to image installation failure during Phone home on EX2300 and EX3400 switches. PR1460087

  • Configure any combination of VLANs and interfaces under VSTP/MSTP might cause VSTP/MSTP related configuration cannot be committed. PR1463251

  • There are some command lines to disable MAC learning and some of them were not working. PR1464797

  • On EX2300 switches, an FXPC core file is seen after mastership election based on user's priority. PR1465526

  • The MAC move message might have an incorrect "from" interface when MAC moves rapidly. PR1467459

  • Optics measurements might not be streamed for interfaces of a PIC over JTI. PR1468435

  • EX3400 switch is advertising only 100 Mbps when a speed of 100 Mbps is configured with autonegotiation enabled. PR1471931

  • On EX4600 switches, the shaping of CoS does not work after reboot. PR1472223

Authentication and Access Control

  • Without 802.1x configuration, the syslog message dot1xd[2192]: task_connect: task PNACAUTH./var/run/authd_control addr /var/run/authd_control: Connection refused is generated repeatedly. PR1406965

Class of Service (CoS)

  • CoS is incorrectly applied on Packet Forwarding Engine, leading to egress traffic drop. PR1329141

  • Shaping does not work after the reboot if shaping-rate is configured. PR1432078

  • The traffic is placed in network-control queue on extended port even if it comes in with different DSCP marking. PR1433252


  • EVPN or MPLS IRB logical interfaces might not come up when the local Layer 2 interface is down. PR1436207

  • Configuring ESI on a single-homed 25-Gigabit Ethernet port might not work. PR1438227

  • ARP request or NS might be sent back to the local segment by DF router. PR1459830

  • The rpd might crash after changing EVPN related configuration. PR1467309

Forwarding and Sampling

  • Enable interface with input or output vlan-maps to be added to a routing instance configured with a vlan-id or vlan-tags (instance type virtual-switch/vpls). PR1433542

  • The l2ald process might observe memory leak on Junos OS. PR1455034

  • Type 1 ESI/AD route might not be generated locally on EVPN PE in the all-active mode. PR1464778


  • The operations on console might not work if the system ports console log-out-on-disconnect statement is configured. PR1433224

  • Certain EX Series platforms might generate VM core file by panic and reboot. PR1456668

  • Error messages related to soft reset of port due to queue buffers being stuck could be seen on EX4600 and EX4300 Virtual Chassis. PR1462106

  • On EX2300 Virtual Chassis scenario, continuous dcpfe error messages and eventd process hog might be seen. PR1474808

Interfaces and Chassis

  • EX9214 switches show an unexpected duplicate VLAN-ID commit error . PR1430966

  • VRRPv6 state is flapping with init and idle states after configuring vlan-tagging. PR1445370

  • The traffic might be forwarded to wrong interfaces in an MC-LAG scenario. PR1465077

  • Executing commit might hang up due to stuck device control process. PR1470622


  • Some error messages might be seen when using J-Web. PR1446081

Junos Fusion Enterprise

  • Reachability issue of the host connected to the SD might be affected in a Junos fusion enterprise environment with EX9200 devices as ADs. PR1447873

Junos Fusion Satellite Software

  • The dpd crash might be observed on satellite devices in Junos fusion for enterprise. PR1460607

Layer 2 Features

  • Ethernet ring protection switching (ERPS) nodes might not converge to IDLE state after failure recovery or reboot. PR1431262

  • Physical layer and MAC/ARP learning might not work for copper base SFP-T onEX4600 switches. PR1437577

  • The Link Layer Discovery Protocol (LLDP) function might fail when a Juniper device connects to a non-Juniper device. PR1462171

  • FXPC core file might be seen when committing the configuration all together, for example, after the reboot. PR1467763

Layer 2 Ethernet Services

  • The DHCP DECLINE packets are not forwarded to DHCP server when forward-only is set within dhcp-reply. PR1429456

  • The jdhcpd_era log files constantly consume 121M of space out of 170M, resulting into file system full and traffic impact. PR1431201

  • DHCP request might get dropped in DHCP relay scenario. PR1435039

  • On EX9200 switches, DHCP-Relay is stripping the 'GIADDR' field in messages towards the DHCP clients. PR1443516

Platform and Infrastructure

  • LACP DDOS policer is incorrectly triggered by other protocol traffic on all EX92XX/T4000 platforms. PR1409626

  • EX4300-48MP-18.3R1.9: Overtemperature SNMP trap generated wrongly for LC (EX4300-48P) based on master Routing Engine (EX4300-48MP) temperature threshold value. PR1419300

  • On EX4300 switches, runt counter never incremented. PR1419724

  • SNMP (ifHighSpeed) value is not getting displayed properly only for VCP interfaces, and appears as zero. PR1425167

  • Packet drops, replication failure, or ksyncd crashes might be seen on the logical system of a device running Junos OS after Routing Engine switchover. PR1427842

  • IPv6 traffic might be dropped when static /64 IPv6 routes are configured. PR1427866

  • EX4300 switches do not drop FCS frames with CRC error on xe- interfaces. PR1429865

  • Unicast ARP requests are not replied to with the no-arp-trap option. PR1429964

  • EX4300 switches without soft error recovery (parity check, correction and memscan) enable. PR1430079

  • The device might not be accessible after the upgrade. PR1435173

  • The FPC or PFEX crash might be observed because of DMA buffer leaking. PR1436642

  • The /var/db/scripts directory might be deleted after executing request system zeroize. PR1436773

  • The laser TX might be enabled while the interface is disabled. PR1445626

  • The PoE might not work after upgrading the PoE firmware on EX4300 switches. PR1446915

  • The firewall filters might not be created due to TCAM issues. PR1447012

  • NSSU cause a traffic loss again after the backup to master transitions. PR1448607

  • On certain MPC line cards, cm errors need to be reclassified. PR1449427

  • REST API process will become non-responsive when the number of requests is high. PR1449987

  • The OSPF neighbor might go down when mDNS/PTP traffic is received at a rate higher than 1400 pps. PR1459210

  • ERP might not revert to IDLE state after reload or reboot of multiple switches. PR1461434

  • Traffic loss might be observed longer than 20 seconds when performing NSSU on EX4300 Virtual Chassis. PR1461983

  • IGMP reports are dropped with mixed enterprise or SP configuration styles on EX4300 switches. PR1466075

  • The switch might not be able to learn MAC address with dot1x and interface-mac-limit configured. PR1470424

Routing Protocols

  • Host-destined packets with filter log action might not reach the Routing Engine if log or syslog is enabled. PR1379718

  • EX9208: BGP v4/v6 convergence and RIB install/delete time degraded in 19.1R1/19.2R1/19.3R1/19.4R1. PR1414121

  • The traffic with destination UDP port 521 (RIPng) gets dropped on EX4600 switches. PR1429543

  • The FXPC core file might be seen during the reboot of device on EX4600 switches. PR1432023

  • Error message RPD_DYN_CFG_GET_PROF_NAME_FAILED: Get profile name for session XXX failed: -7, might be seen in syslog after restarting routing daemon. PR1439514

  • The bandwidth value of the DDOS-protection might cause packet loss after a device reboot. PR1440847

  • Traffic might be dropped after the Q-in-Q enabled interface is flapped or a change is made to vlan-id-list. PR1441402

  • IPv6 connectivity between MC-LAG peers might fail when multiple IRB interfaces are present. PR1443507

  • Junos OS BFD sessions with authentication flaps after a certain time. PR1448649

  • Loopback address exported into other VRF instance might not work on EX Series platforms. PR1449410

  • MPLS LDP might still use stale MAC of the neighbor even the LDP neighbor's MAC changes. PR1451217

User Interface and Configuration

  • EX4600 switches were unable to commit baseline configuration after zeroization. PR1426341

  • Problem with access to J-Web after update from Junos OS Release 18.2R2 to 18.2R3. PR1454150

Virtual Chassis

  • Current MAC address might change when deleting one of the multiple Layer 3 interfaces. PR1449206


  • MVPN using PIM dense mode does not prune the OIF when PIM prune is received. PR1425876

Resolved Issues: 18.4R2


  • The device might proxy the ARP probe packets in an EVPN environment. PR1427109

  • Configuring ESI on a single-homed 25G port might not work. PR1438227

General Routing

  • On QFX5120 and EX4650, the convergence delay between PE1 and P router link is more than the expected delay value. PR1364244

  • OAM Ethernet connectivity-fault-management configured on aggregated Ethernet interfaces is not supported but there is no commit error. PR1367588

  • IPv6 router advertisement (RA) messages can increase internal kernel memory usage. PR1369638

  • RIPv2 update packets might not be sent with IGMP snooping enabled. PR1375332

  • EX-4300 Virtual Chassis : Commit error is observed for the first time while loading the Mini-PDT base configurations. PR1383469

  • On QFX5120 and EX4650, occasionally two of the channelized 25Gbps Ethernet ports using 4x25-Gigabit breakout cable do not come up after Junos OS reboot. PR1384898

  • EX3400-Virtual Chassis: The Error tvp_status_led_set and Error:tvp_optics_diag_eeprom_read logs are seen. PR1389407

  • The Input rate pps is not increased on EX2300-MP uplink ports if the packet is a pure Layer 2 packet such as non-etherII or non-EtherSnap. PR1389908

  • Interface flapping on an EX3400 Virtual Chassis causes interface-generated IGMP query packets to be sent to all the members ports, except the master FPC. PR1393405

  • PTP over Ethernet traffic might be dropped if IGMP and PTP TC are configured together. PR1395186

  • On EX2300 the MAC table is not populated after the interface-mode value is changed. PR1396422

  • The fxpc core file might be seen if scaled number of filter-based forwarding (FBF) filters are configured. PR1398256

  • High jsd or na-grpcd CPU usage might be seen when JET or JTI is not used. PR1398398

  • EX3400 might not learn 30,000 MAC addresses while sending MAC learning traffic. PR1399575

  • MAC limit with persistent MAC does not after reboot. PR1400507

  • The authd process might crash when you issue show network-access requests pending command during the restarting of authd. PR1401249

  • The TCP connection between ppmd and ppman might be dropped due to a kernel issue. PR1401507

  • The adt7470_set_pwm message is continuously getting displayed after upgrade to Junos OS Release 18.1R3.3. PR1401709

  • The STP does not work when the aggregated Ethernet interfaces number is AE1000 or above in QFX5000 and AE480 or greater in other QFX Series or EX Series switches. PR1403338

  • The DHCP discover packets are forwarded out of an interface incorrectly if DHCP snooping is configured on that interface. PR1403528

  • EX4300-48MP: Packets are dropped after the traffic filter and routing instance are configured. PR1407424

  • MAC address movement might not happen in Flexible Ethernet Services mode when family inet/inet6 and vlan-bridge are configured on the same physical interface. PR1408230

  • The l2cpd might crash if the vstp traceoptions and vstp-vlan-all commands are configured. PR1407469

  • EX3400 PSU status continues to be check even though the PSU module has been removed. PR1408675

  • On EX2300-24P, the error message dc-pfe: BRCM_NH-,brcm_nh_resolve_get_nexthop(),346:Failed to find if family. PR1410717

  • On EX Series and QFX Series switches, PEM Alarm for the backup FPC remains on Master FPC although backup FPC was detached from the Virtual Chassis. PR1412429

  • On EX4300-48MP, the chassis Status LED shows yellow instead of amber. PR1413194

  • chassisd output power budget received continually every 5 seconds without any alarm after upgrade to Junos OS 18.1R3 PR1414267

  • VXLAN Encapsulation next hop (VENH) doesnt get installed during BGP flap or restart routing. PR1415450

  • On EX3400, the show chassis environment repeats OK and Failed at short intervals. PR1417839

  • The EX3400 Virtual Chassis status might be unstable during the bootup of the Virtual Chassis or after the Virtual Chassis port flaps. PR1418490

  • Virtual Chassis might become unstable and FXPC core files when there are multiple configured filter entries. PR1422132

  • On EX3400, autonegotiation status shows incomplete on ge-0/2/0 using SFP-SX. PR1423469

  • MACsec connection on EX4600 will not come back up after interface disconnect while traffic is passing. PR1423597

  • On MX204 optics SFP-1GE-FE-E-T I2C read errors are seen when an SFP-T is inserted into a disabled-state port. PR1423858

  • Incorrect model information while polling through SNMP from Virtual Chassis. PR1431135


  • IfSpeed and IfHighSpeed erroneously reported as zero on EX2300. PR1326902

  • The Packet Forwarding Engine is flooded with messages: pkt rx on ifd NULL unit 0 PR1381151

  • The dot1x could not work when dot1x is configured with isolated VLAN on one interface. PR1404664

Interfaces and Chassis

  • Missing mandatory ICCP configuration statement redundancy-group-id-list produces misleading error message. PR1402606

  • The IFLs in EVPN routing instances might flap after committing configurations. PR1425339

Junos Fusion Enterprise

  • PoE over LLDP negotiation is not supported on a Junos Fusion Enterprise setup. PR1366106

  • error: peer_daemon: bad daemon: scpd error is seen on EX9251 running Junos OS Releases 18.1R1 and 18.1R2. PR1369646

  • Juniper Fusion Enterprise: Cannot log in to SD cluster although it is recognized by AD properly. PR1395570

  • The l2ald might crash if you issue the clear ethernet-switching table persistent-learning command. PR1409403

  • Extended ports in Junos Fusion Enterprise do not adjust the MTU value when VoIP is enabled. PR1411179

  • Traffic might get discarded silently in a Junos Fusion Enterprise scenario with dual aggregation devices. PR1417139

Layer 2 Features

  • On EX2300/EX3400 LLDP packets are dropped at L2PT NNI port when the configuration is applied for the first time. PR1362173

Layer 3 Features

  • The l2ald might crash when you issue the clear ethernet-switching table persistent-learning command. PR1381739

Layer 2 Ethernet Services

  • The malfunction of the core isolation feature in EVPN-VXLAN scenarios causes traffic to be discarded silently. PR1417729

Network Management and Monitoring

  • Overtemperature trap is not sent out even though there is a Temperature Hot alarm. PR1412161

Platform and Infrastructure

  • Ping does not go through device after WTR timer expires in ERPS scenario. PR1132770

  • EX4300 upgrade fails during validation of the SLAX script during upgrade. PR1376750

  • ECMP route installation failure with log messages such as unilist install failure might be observed on the EX4300 switch. PR1376804

  • Unicast DHCP request get misforwarded to backup RTG link on EX4300 Virtual Chassis. PR1388211

  • Continuous log messages get displayed on EX4300 after upgrading to a Junos OS Release 17.4 or later release. PR1391942

  • EX4300 OAM LFM might not work on an extended VLAN bridge interface with native VLAN configured. PR1399864

  • Traffic drop is seen on EX4300 when the 10-Gigabit Ethernet fiber port is using 1-gigabit Ethernet SFP optics with autonegotiation enabled. PR1405168

  • The policer might not work when it is applied through the dynamic filter. PR1410973

  • EX4300 QinQ - untagged UNI Traffic egress as single-tagged on NNI Interface. PR1413700

  • EX4300 does not send fragmentation needed message when MTU is exceeded with DF bit set. PR1419893

  • The traffic to the NLB server might not be forwarded if the NLB cluster works in multicast mode. PR1411549

  • The pfex process might crash and core files generated when a SFP transceiver is reinserted. PR1421257

  • Traffic might be lost when one of the logical interfaces on the LAG is deactivated or deleted. PR1422920

  • The authd process crashes when the Accounting RADIUS server is not reachable. PR1424030

  • EX9200-12QS switch sends tagged packets through the access interface and through the trunk interface with a native VLAN ID. PR1424174

  • Interface flapping scenario might lead to ECMP next hop install failure on EX4300s. PR1426760

  • VIP might not forward the traffic if VRRP is configured on an aggregated Ethernet interface. PR1428124

  • The ERPS failover does not work as expected on EX4300 device. PR1432397

Routing Protocols

  • EX4300 might drop incoming IS-IS hello packets when IGMP or MLD snooping is configured. PR1400838

  • Host-generated ICMPv6 RA packets might be dropped on the backup member of a Virtual Chassis if IGMP snooping is configured. PR1413543

  • The QFX Series and EX Series switch might not install all IRB MAC addresses when the device is initialized. PR1416025

  • Sometimes, IGMP snooping might not work. As a workaround, restart the multicast-snooping process. PR1420921

Subscriber Access Management

  • EX4300 /var file is showing full as the var/log/dfcd_enc file grows in size. PR1425000

Resolved Issues: 18.4R1

General Routing

  • On the EX4300-32F, the MACsec session stays down on 1-Gigabit and 10-Gigabit Ethernet links after certain events, when events are performed with traffic running. PR1299484

  • On EX2300 and EX3400 switches, the bridge ID is assigned to 02:00:00:00:00:10 irrespective of the base-MAC addresses. PR1315633

  • Incorrect value of optical power is displayed. PR1326642

  • On EX3400 and EX2300 switches, a redirect message is sent from the switch even when no-redirect is set for the specified interface. PR1333153

  • The fxpc process might crash after Q-in-Q VLAN is added to or deleted from an interface on EX2300 or EX3400 switches. PR1334850

  • Consideration of relaxing P-VLAN conflict rules during VLAN change for reauthentication and CoA scenarios. PR1346936

  • The 40-Gigabit Ethernet interfaces might not forward traffic. PR1349675

  • On EX2300, EX3400, and EX4300MP switches in a Virtual Chassis setup, dynamic Arp inspection might fail after Virtual Chassis switchover when VSTP is enabled along with no-mac-table-binding. PR1359753

  • The traffic uses the original IRB MAC address if you are configuring a MAC address for an IRB interface. PR1359816

  • On EX2300MP switches, the fan count is wrong in jnxFruName,jnxFilledDescr and jnxContainersCount.4. PR1361025

  • The EX4300-MP MACsec AES-GCM-128-XPN and AES-GCM-256-XPN cipher suites are not supported for MGE ports. PR1362035

  • FPM board status is missing in the SNMP MIB walk result. PR1364246

  • The l2cpd process might crash when you configure MVRP with private VLAN and RSTP interface-all. PR1365937

  • Virtual Chassis split followed by generation of fxpc core files might occur when VLAN members are scaled. PR1369678

  • Unicast ARP packet loop might be observed in a DAI scenario. PR1370607

  • NTP broadcast packets are not forwarded out on Layer 2 ports. PR1371035

  • MAC refresh packet might not be sent out from the new primary link after an RTG failover. PR1372999

  • BOOTP packets might be dropped if BOOTP-support is not enabled at the global level. PR1373807

  • FPC might crash when the output interface flaps with analyzer or sampling configured. PR1374861

  • The port access list group is not properly reallocating the TCAM slices. PR1375022

  • The interface AE480 or above might be in STP discarding state on EX9200 switches. PR1378272

  • On EX4300-48MP, the IP transit traffic hits the lo0 filter. PR1379328

  • All interfaces belonging to a certain FPC might be lost after multiple GRES in Virtual Chassis. PR1379790

  • The 802.1X configuration does not work with Microsoft NPS server. PR1381017

  • On EX4300-48MP, as the session-option configuration under the access profile hierarchy is not applicable for EX Series and QFX Series, do not use that statement and options under it PR1385229

  • On EX9200, a warning message prefer-status-control-active is used with status-control standby is seen whenever you commit a configuration. PR1386479

  • On an EX2300 with Q-in-Q (flexible-vlan-tagging), you are unable to obtain the DHCP IP for the IRB interface after power-cycling the device. PR1387039

  • The smid process might generate core files during sanity script execution on QFX5100 and EX4300. PR1391909


  • Proxy ARP might not work as expected in an EVPN environment. PR1368911

High Availability (HA) and Resiliency

  • The backup Routing Engine might go to database prompt after performing configurations such as remove and restore are performed. PR1269383


  • Core files might be generated upon attempt to commit a configuration. PR1376362

Junos Fusion Enterprise

  • The peer_daemon: bad daemon: scpd error message is seen on EX9251 running Junos OS Releases 18.1R1 and 18.1R2. PR1369646

Layer 2 Features

  • The firewall filter might not work correctly with the match condition of dot1q-tag on an EX Series switch. PR1369592

  • RTG MAC refresh packets are sent out from non-RTG ports if the RTG interface belonging to the Virtual Chassis master flaps. PR1389695

Network Management and Monitoring

  • On EX4600 switches, unsupported CLI configurations and show commands from the cfm hierarchy or sub-hierarchy are allowed. PR1359052

  • While toggling multiple times between baseline and CFM configurations, all 30 CFM sessions are not up. PR1360907

  • The event-policy generated traps are sent with UTC, even though the time zone is defined under the system hierarchy. PR1380777

Platform and Infrastructure

  • Interface flapping is seen on an EX4300 switch. PR1361483

  • Some interfaces cannot be added under the MSTP configuration. PR1363625

  • On EX4300 and EX4600 switches, the l2ald process might crash in an 802.1x scenario. PR1363964

  • The Packet Forwarding Engine might crash if frequent MAC moves are encountered. PR1367141

  • The LLDP TLV with the wrong switch port capabilities might be sent. PR1372966

  • Login lockout might never expire because the timestamps of Lockout start and Lockout end are same. PR1373803

  • On EX4300-48MP, unsupported 1-gigabit optics in the 10-gigabit uplink module might cause interface traffic to be dropped. PR1374390

  • Traffic might be silently discarded with indirect next hop and load balancing. PR1376057

  • The IRB interface does not go down when the master Virtual Chassis is rebooted or halted. PR1381272

  • On the EX4300 switch, if a loss priority value of high is set for multicast packets by a classifier at the ingress interface, the configuration is overridden by the storm-control filter. PR1382893

  • The EX4300 device chooses a wrong bridge ID as the RSTP Bridge ID. PR1383356

  • On EX4300-48MP mixed Virtual Chassis, the Power over Ethernet interface maximum power configuration on a member EX4300 gives an error if the power is configured to be more than 30 W. PR1383717

  • Layer 3 IP route is destroyed after the Layer 2 next hop is changed. PR1389688

Routing Protocols

  • On EX4300-48MP, stale VLAN entries might be seen after a script involving split or merge reboots is run continuously. PR1363739

Documentation Updates

There are no errata or changes in Junos OS Release 18.4R3 documentation for the EX Series switches.

Migration, Upgrade, and Downgrade Instructions

This section contains the upgrade and downgrade support policy for Junos OS for the EX Series. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network. For information about software installation and upgrade, see the Installation and Upgrade Guide.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1, 17.2 and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.

You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see

Release History Table
Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support the Junos Telemetry Interface (JTI).