Junos OS Release Notes for EX Series Switches
These release notes accompany Junos OS Release 18.4R3 for the EX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.
You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.
New and Changed Features
This section describes the new features and enhancements to existing features in Junos OS Release 18.4 for the EX Series.
The following EX Series switches are supported in Release 18.4R3: EX2300, EX2300-C, EX3400, EX4300, EX4600-40F, EX4650, EX9200, EX9204, EX9208, EX9214, EX9251, and EX9253.
Release 18.4R3 New and Changed Features
There are no new features or enhancements to existing features for EX Series in Junos OS Release 18.4R3.
Release 18.4R2-S3 New and Changed Features
EVPNs
Layer 2 and 3 families, encapsulation types, and VXLAN on the same physical interface (EX4600 switches)—You can configure and commit the following on a physical interface of an EX4600 switch in an EVPN-VXLAN environment:
Layer 2 bridging (family ethernet-switching) on any logical interface unit number (unit 0 and any nonzero unit number).
VXLAN on any logical interface unit number (unit 0 and any nonzero unit number).
Layer 2 bridging (family ethernet-switching and encapsulation vlan-bridge) on different logical interfaces (unit 0 and any nonzero unit number).
Layer 3 IPv4 routing (family inet) and VXLAN on different logical interfaces (unit 0 and any nonzero unit number).
For these configurations to be successfully committed and to work properly, you must specify the encapsulation flexible-ethernet-services configuration statement at the physical interface level—for example, set interfaces xe-0/0/5 encapsulation flexible-ethernet-services.
[See Understanding Flexible Ethernet Services Support With EVPN-VXLAN.]
Release 18.4R2 New and Changed Features
EVPNs
Layer 2 and Layer 3 VXLAN gateways (EX4650 and QFX5120 switches)—Starting with Junos OS Release 18.4R2, you can deploy EX4650 and QFX5120 switches as follows:
As a Layer 2 VXLAN gateway, or a Layer 2 and Layer 3 VXLAN gateway in an EVPN overlay network
(QFX5120 switches only) As a Layer 2 or Layer 3 VXLAN gateway in an Open vSwitch Database (OVSDB) overlay network
VXLAN is an overlay technology that allows you to stretch Layer 2 connections over an intervening Layer 3 network by encapsulating (tunneling) Ethernet frames in a VXLAN packet that includes IP addresses. Using VXLANs to connect Layer 2 domains over a Layer 3 network means that you do not need to use the Spanning Tree Protocol (STP) to converge the topology (so no links are blocked) but can use more robust routing protocols in the Layer 3 network instead.
[See Understanding VXLANs.]
EVPN control plane and VXLAN data plane support (EX4650 and QFX5120 switches)—Starting with Junos OS Release 18.4R2, EX4650 and and QFX5120 switches support EVPN-VXLAN. By using a Layer 3 IP-based underlay network coupled with an EVPN-VXLAN overlay network, you can place endpoints anywhere in the network and remain connected to the same logical Layer 2 network.
EVPN-VXLAN is commonly deployed over the following physical underlay architectures:
A two-layer IP fabric that includes spine devices (Layer 3 VXLAN gateways) and leaf devices (Layer 2 VXLAN gateways). You can deploy EX4650 or QFX5120 switches as spine or leaf devices in this fabric.
An edge-routed briding overlay, which is a one-layer IP fabric that includes leaf devices that function as both Layer 2 and Layer 3 VXLAN gateways. You can deploy EX4650 or QFX5120 switches as leaf nodes in this fabric.
EVPN pure type-5 route support (EX4650 and QFX5120 switches)—Starting with Junos OS Release 18.4R2, you can configure pure type-5 routing in an EVPN-VXLAN environment. Pure type-5 routing is used when the Layer 2 domain does not exist at the remote data centers. A pure type-5 route advertises the summary IP prefix and includes a BGP extended community called a router MAC, which is used to carry the MAC address of the sending switch and to provide next-hop reachability for the prefix. To configure pure type-5 routing, include the ip-prefix-routes advertise direct-nexthop statement at the [edit routing-instances routing-instance-name protocols evpn] hierarchy level. To enable two-level equal-cost multipath (ECMP) next hops in an EVPN-VXLAN overlay network, you must also include the overlay-ecmp statement at the [edit forwarding-options vxlan-routing] hierarchy level.
[See ip-prefix-routes.]
Features supported on EX4650 and QFX5120 switches—Starting with Junos OS Release 18.4R2, the following Junos OS features are supported on EX4650 and QFX5120 switches:
Automatically generated Ethernet segment identifiers (ESIs) in EVPN-VXLAN and EVPN-MPLS networks.
[See Understanding Automatically Generated and Assigned ESIs in EVPN Networks.]
Firewall filtering and policing on EVPN-VXLAN traffic.
[See Understanding VXLANs and Overview of Firewall Filters.]
Graceful restart on EVPN-VXLAN.
[See Graceful Restart in EVPN.]
IGMPv2 snooping for EVPN-VXLAN in a multihomed environment.
[See Overview of IGMP Snooping in an EVPN-VXLAN Environment.]
IPv6 data traffic support through an EVPN-VXLAN overlay network.
[See Routing IPv6 Data Traffic through an EVPN-VXLAN Network with an IPv4 Underlay.]
Layer 2 and 3 families, encapsulation types, and VXLAN on the same physical interface.
[See Understanding Flexible Ethernet Services Support with EVPN-VXLAN.]
MAC limiting, storm control, and port mirroring support in EVPN-VXLAN overlay networks.
[See MAC Limiting, Storm Control, and Port Mirroring Support in an EVPN-VXLAN Environment.]
Multihomed proxy advertisement.
Selective multicast forwarding and SMET route support in EVPN-VXLAN.
Standard class-of-service (CoS) features—classifiers, rewrite rules, and schedulers—are supported on VXLAN interfaces.
VMTO for ingress traffic.
Software Defined Networking
Layer 2 and Layer 3 VXLAN gateways (EX4650 and QFX5120 switches)—Starting with Junos OS Release 18.4R2, you can deploy EX4650 and QFX5120 switches as follows:
As a Layer 2 VXLAN gateway, or a Layer 2 and Layer 3 VXLAN gateway in an EVPN overlay network
(QFX5120 switches only) As a Layer 2 or Layer 3 VXLAN gateway in an Open vSwitch Database (OVSDB) overlay network
VXLAN is an overlay technology that allows you to stretch Layer 2 connections over an intervening Layer 3 network by encapsulating (tunneling) Ethernet frames in a VXLAN packet that includes IP addresses. Using VXLANs to connect Layer 2 domains over a Layer 3 network means that you do not need to use the Spanning Tree Protocol (STP) to converge the topology (so no links are blocked) but can use more robust routing protocols in the Layer 3 network instead.
[See Understanding VXLANs.]
Release 18.4R1 New and Changed Features
Hardware
2-port QSFP+/1-port QSFP28 uplink module for EX4300-48MP and EX4300-48MP-S switches—Starting with Junos OS Release 18.4R1, EX4300-48MP and EX4300-48MP-S switches support the 2-port QSFP+/1-port QSFP28 uplink module. The 2-port QSFP+/1-port QSFP28 uplink module can house two QSFP+ transceivers or one QSFP28 transceiver.
[See EX4300 Switch Hardware Guide.]
Authentication, Authorization and Accounting (AAA) (RADIUS)
Support for password change policy enhancement (EX Series)—Starting in Junos OS Release 18.4R1, the Junos OS password change policy for local user accounts is enhanced to comply with additional password policies. As part of the policy improvement, you can configure the following:
maximum-lifetime-value—The maximum duration of a password. The password expires after the maximum is reached.
minimum-lifetime-value—The minimum duration of a password. You cannot change the password until the minimum duration is reached.
[See password.]
EVPNs
Support for graceful restart on EVPN-VXLAN (EX9200)—Starting in Junos OS Release 18.4R1, Junos OS supports graceful restart on EVPN-VXLAN on EX9200 and QFX Series switches and MX Series Routers. Graceful restart allows the device to recover from a routing process restart or Routing Engine switchover without nonstop active routing (NSR) enabled.
Support for VMTO for ingress traffic (EX9200)—Starting in Junos OS Release 18.4R1, you can configure a leaf or spine device that is configured as a Layer 3 gateway to support virtual machine traffic optimization (VMTO) for ingress traffic. VMTO eliminates the unnecessary ingress routing to default gateways when a virtual machine is moved from one data center to another.
To enable VMTO, configure remote-ip-host routes at the [edit routing-instances routing-instance-name protocols evpn] hierarchy level. You can also filter out the unwanted routes by configuring an import policy under the remote-ip-host routes option.
Support for multihomed proxy advertisement (EX9200)—Starting in Junos OS Release 18.4R1, Junos OS now provides enhanced support to proxy advertise the MAC address and IP route entry from all leaf devices that are multihomed to a customer edge (CE) device. Using proxy advertisement prevents traffic loss when one of the connections to the leaf device fails. To support the multihomed proxy advertisement, all multihomed provider edge (PE) devices should have the same multihomed proxy advertisement bit value. The multihomed proxy advertisement feature is enabled by default, and Junos OS uses the default multihomed proxy advertisement bit value of 0x20.
[See EVPN Multihoming Overview.]
MLD snooping support for EVPN-MPLS (EX9200)—Starting with Junos OS Release 18.4R1, you can configure Multicast Listener Discovery (MLD) protocol snooping on EX9200 switches in an EVPN over an MPLS network. Enabling MLD snooping helps to constrain IPv6 multicast traffic to interested receivers in a broadcast domain. Multicast sources and receivers in the EVPN instance (EVI) can each be single-homed to one provider edge (PE) device or multihomed in all-active mode to multiple PE devices.
MLD snooping support in this environment includes:
Either MLDv1 and MLDv2 with any-source multicast (*,G) or MLDv2 with source-specific multicast (S,G) (configurable)
MLD state synchronization among multihoming PE devices using BGP EVPN Type 7 (Join Sync Route) and Type 8 (Leave Sync Route) network layer reachability information (NLRI)
Inclusive multicast forwarding from the ingress PE device into the EVPN core to reach all other PE devices
Forwarding across bridge domains (VLANs) using IRB interfaces and PIM operating in passive and distributed designated router (PIM-DDR) modes
[See Overview of Multicast Forwarding with IGMP or MLD Snooping in an EVPN-MPLS Environment.]
Forwarding and Sampling
Support for activating or deactivating static routes on the basis of RPM test results (EX Series) —Starting in Junos OS 18.4R1, you can use RPM probes to detect link status, and change the preferred-route state on the basis of the probe results. Tracked routes can be IPv4 or IPv6, and support a single IPv4 or IPv6 next hop. For example, you can send RPM probes to an IP address to determine whether the link is up, and if it is so, take the action of installing a static route in the route table. RPM-tracked routes are installed with preference 1 and are thus preferred over any existing static routes for the same prefix.
[See Configuring RPM Probes , rpm-tracking, and show route rpm-tracking.]
Interfaces and Chassis
Support for uplink module with two 40-Gigabit Ethernet ports and one 100-Gigabit Ethernet port (EX4300-48MP)—Starting with Junos OS Release 18.4R1, the 2-port QSFP+/1-port QSFP28 uplink module on EX4300-48MP switches can be configured to operate either two 40-Gigabit Ethernet ports or one 100-Gigabit Ethernet port. By default, the uplink module operates only the two 40-Gbps ports. To enable 100-Gbps speed, issue the set chassis fpc 0 pic 2 port 0 speed 100g command. The uplink module then enables the 100-Gigabit Ethernet port and disables the adjacent 40-Gigabit Ethernet ports.
Note You can install the 2-port QSFP+/1-port QSFP28 uplink module only in PIC slot 2 on the switch.
You can configure 100-Gbps speed only on port 0 of PIC 2 (which is the uplink module slot on the switch).
You can also channelize 40-Gigabit Ethernet interfaces, to four independent 10-Gigabit Ethernet interfaces using breakout cables.
[See Setting the Mode on 2-port QSFP+/1-port QSFP28 Uplink Module (CLI Procedure).]
Junos Telemetry Interface
Packet Forwarding Engine and Routing Engine sensor support for Junos Telemetry Interface (JTI) (EX4600 switches)—Starting in Junos OS Release 18.4R1, JTI supports Packet Forwarding Engine and Routing Engine statistics for EX4600 switches:
The following Routing Engine statistics are supported through JTI:
LACP state export
Chassis environmentals export
Network discovery chassis and components
LLDP export and LLDP model
BGP peer information (RPD)
RSVP interface export
RPD task memory utilization export
LSP event export
Network Discovery ARP table state
Network Discovery NDP table state
The following Packet Forwarding Engine statistics are supported through JTI:
Congestion and latency monitoring
Logical interface
Filter
Physical interface
LSP
NPU/LC memory
Network Discovery NDP table state
To provision a sensor to export data through gRPC, use the telemetrySubscribe RPC to specify telemetry parameters. Streaming telemetry data through gRPC also requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support the Junos Telemetry Interface (JTI).
[See Configuring a Junos Telemetry Interface Sensor (CLI Procedure), Configure a Telemetry Sensor in Junos and Guidelines for gRPC Sensors (Junos Telemetry Interface).]
Multicast
Multicast VLAN registration (MVR) (EX2300 and EX3400 switches and Virtual Chassis)—Starting in Junos OS Release 18.4R1, EX2300 and EX3400 switches and Virtual Chassis support multicast VLAN registration (MVR). MVR efficiently distributes IPTV multicast streams across an Ethernet ring-based Layer 2 network, reducing the bandwidth required for this traffic by using a multicast VLAN (M-VLAN) over which multicast traffic is forwarded to interested listeners on other VLANs that are configured as MVR receiver VLANs. You can configure MVR at the [edit protocols igmp-snooping vlan vlan-name data-forwarding] source and receiver hierarchy levels, and use the show igmp snooping data-forwarding CLI command to view configured M-VLAN and MVR receiver VLAN associations. (The feature described above is documented but not supported on EX2300 and EX3400 switches and Virtual Chassis in Junos OS Release 18.4R1.)
Port Security
Support for DHCP snooping and other access port security features on private VLANs (EX2300 and EX3400 switches and Virtual Chassis)—Starting in Junos OS Release 18.4R1, you can enable Dynamic Host Configuration Protocol (DHCP) snooping for security purposes on access ports that are in a private VLAN (P-VLAN). You can also protect those ports with DHCP options, dynamic ARP inspection (DAI), IP source guard, and neighbor discovery inspection.
PVLANs provide Layer 2 isolation between ports within a VLAN, splitting a broadcast domain into multiple discrete broadcast subdomains by creating secondary VLANs. PVLANs are useful for restricting the flow of broadcast and unknown unicast traffic and for limiting the communication between known hosts.
Ethernet LANs are vulnerable to attacks such as address spoofing (forging) and Layer 2 denial of service (DoS) on network devices. The following port security features help protect access ports on your device against loss of information and productivity that such attacks can cause:
DHCP snooping—Filters and blocks ingress DHCP server messages on untrusted ports. DHCP snooping builds and maintains a database of DHCP lease information, which is called the DHCP snooping database.
DHCPv6 snooping—DHCP snooping for IPv6.
DHCP option 82—Also known as the DHCP Relay Agent Information option. This option helps protect the switch against attacks such as spoofing of IP addresses and MAC addresses and DHCP IP address starvation.
DHCPv6 option 37—Remote ID option for DHCPv6. The option is used to insert information about the network location of the remote host into DHCPv6 packets.
DHCPv6 option 18—Circuit ID option for DHCPv6. The option is used to insert information about the client port into DHCPv6 packets.
DHCPv6 option 16—Vendor ID option for DHCPv6. The option is used to insert information about the vendor of the client hardware into DHCPv6 packets.
DAI—Prevents Address Resolution Protocol (ARP) spoofing attacks. ARP requests and replies are compared against entries in the DHCP snooping database, and filtering decisions are made on the basis of the results of those comparisons.
IP source guard—Mitigates the effects of IP address spoofing attacks on the Ethernet LAN. The source IP address in the packet sent from an untrusted access interface is validated against the DHCP snooping database.
IPv6 source guard—IP source guard for IPv6.
IPv6 neighbor discovery inspection—Prevents IPv6 address spoofing attacks. Neighbor discovery requests and replies are compared against entries in the DHCPv6 snooping database, and filtering decisions are made on the basis of the results of those comparisons.
Untrusted mode on trunk interfaces for DHCP snooping (EX2300, EX3400, EX4300 and EX4600 switches)—Starting in Junos OS Release 18.4R1, you can configure a trunk interface as untrusted for DHCP security. Trunk interfaces in untrusted mode support DHCP snooping and DHCPv6 snooping, dynamic ARP inspection (DAI), and IPv6 neighbor discovery (ND) inspection.
Virtual Chassis
Virtual Chassis support (EX2300-24MP, EX2300-48MP)—Starting in Junos OS Release 18.4R1, multigigabit EX2300 switches can be interconnected into a Virtual Chassis with other EX2300 model switches as follows:
Any combination of up to four EX2300-24MP, EX2300-48MP, EX2300, and EX2300-C switches is supported.
You do not need to set mixed mode.
Any models of EX2300 switches can be in the master or backup Routing Engine roles.
Any 10-Gbps uplink ports installed with SFP+ transceivers can be configured as Virtual Chassis ports (VCPs) to interconnect member switches.
Use the same steps as for configuring any other EX2300, EX3400, or EX4300 Virtual Chassis.
VPNs
Support to control traceroute over Layer 3 VPN (EX Series)—Starting in Junos OS Release 18.4R1, in a Layer 3 VPN topology with vrf-table-label configured and multiple customer edge (CE) routers configured in the same VPN routing and forwarding (VRF) routing instance, when you perform traceroute to a remote provider edge (PE) router for a CE-facing network, the ICMP time exceeded packet determines the correct IP address as the source address.
To control the traceroute, configure allow-l3vpn-traceroute-src-select at [edit system] hierarchy level This configuration determines the correct IP source address by reviewing the destination routing instance and destination IP address.
Changes in Behavior and Syntax
This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands from Junos OS main release and the maintenance releases for the EX Series.
Changes in Behavior and Syntax: 18.4R3-S6
Platform and Infrastructure
Updates to ON-CHANGE and periodic dynamic subscriber interface metadata sensors (MX Series routers and EX9200 line of switches)—We've made the following updates to the /junos/system/subscriber-management/dynamic-interfaces/interfaces/meta-data/interface[sid='sid-value']/ sensor:
Notifications are sent when subscribers log in on either IP demux or VLAN demux interfaces. In earlier releases, login notifications are sent only for IP demux logins.
The
interface-setend path has been added to the logical interface metadata. The interface-set field appears in both ON-CHANGE and periodic notifications. In earlier releases, this field is not included in the sensor metadata or notifications.
Changes in Behavior and Syntax: 18.4R3
Routing Protocols
Advertising /32 secondary loopback addresses to traffic engineering database as prefixes (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—We've made changes to export multiple loopback addresses to the lsdist.0 and lsdist.1 routing tables as prefixes. This eliminates the issue of advertising secondary loopback addresses as router IDs instead of prefixes. In earlier releases, multiple secondary loopback addresses in the traffic engineering database were added to the lsdist.0 and lsdist.1 routing tables as part of node characteristics and advertised them as the router ID.
Changes in Behavior and Syntax: 18.4R2
Interfaces and Chassis
No support for performance monitoring on aggregated Ethernet Interfaces (EX4300)—EX4300 switches do not support Y.1731 performance monitoring (PM) over aggregated Ethernet Interfaces.
[See sla-iterator-profile.]
Logical Interface is created along with physical Interface by default (EX Series switches)—In Junos OS Release 18.4R2 and later, by default, logical interfaces are created on ge-, et-, xe- interfaces along with the physical interface. In earlier Junos OS releases, by default, only physical interfaces are created.
For example, in earlier Junos OS releases, if you run the show interfaces command for ge- interfaces, then by default, only the physical interface (ge-0/0/0) is displayed. From Junos OS Release 18.4R2 onward, the logical interface (ge-0/0/0.16386) is also displayed.
Routing Protocols
Change in the default behavior of advertise-from-main-vpn-tables configuration statement—BGP now advertises EVPN routes from the main bgp.evpn .0 table. You can no longer configure BGP to advertise the EVPN routes from the routing instance table. In earlier Junos OS Releases, BGP advertised EVPN routes from the routing instance table by default.
Security
Syslog or log action on firewall drops packets (EX4600 switches)—Starting in Junos OS Release 18.4R2, if you configure syslog and log references to the actual action terms configured in a firewall filter, control packets and ICMP packets sent to the Routing Engine might be dropped.
Changes in Behavior and Syntax: 18.4R1
Interfaces and Chassis
Enhanced AC PEM in high-line power configuration supplies 2400 W power (EX9204)—Starting in Junos OS Release 18.4R1, on EX9204 switches, the enhanced AC PEM in ahigh-line power configuration provides a power output of 2400 W. On Junos OS releases before Release 18.4R1, the PEM provided only 2050 W of power output.
[See show chassis power.]
Support for creating Layer 2 logical interface independently (ACX Series, EX Series, MX Series, PTX Series, and QFX Series)—In Junos OS Releases 18.4R1, 18.4R2 and later, EX Series switches support creating Layer 2 logical interfaces independent of the Layer 2 routing-instance type. That is, you can configure and commit the Layer 2 logical interfaces separately and add the interfaces to the bridge domain or Ethernet VPN (EVPN) routing instance separately. Note that the Layer 2 logical interfaces work fine only when they are added to the bridge domain or EVPN routing instance.
In earlier Junos OS releases, when you use a Layer 2 logical interface configuration (units with encapsulation vlan-bridge configuration), then you must add the logical interface as part of a bridge domain or EVPN routing instance for the commit to succeed.
Network Management and Monitoring
The NETCONF server omits warnings in RPC replies when the rfc-compliant statement is configured and the operation returns
<ok/>(EX Series)—Starting in Junos OS Release 18.4R1, when you configure the rfc-compliant statement at the [edit system services netconf] hierarchy level to enforce certain behaviors by the NETCONF server, the server must not return an RPC reply that encloses both an<rpc-error>element and an<ok/>element. If the operation is successful, but the server reply would enclose one or more<rpc-error>elements of severity warning in addition to the<ok/>element, then the warnings are omitted. In earlier releases, or when therfc-compliantstatement is not configured, the NETCONF server might issue an RPC reply that encloses both an<rpc-error>element of severity warning and an<ok/>element.SNMP customization configuration introduced (EX Series)—In Junos OS Release 18.4R1, we have introduced the CLI configuration command set snmp customization ether-stats-ifd-only. When ether-stats-ifd-only is configured, the show snmp mib walk etherstatsTable command displays data only for physical interfaces.
Security
Firewall warning message (EX2300 switches)—Starting in Junos OS Release 18.4R1, a warning message is displayed whenever a firewall term includes log or syslog with the accept filter action.
Known Behavior
This section lists known behavior, system maximums, and limitations in hardware and software in Junos OS Release 18.4R3 for the EX Series.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
Class of Service (CoS)
On EX4650 switches, if the CoS configurations are modified when egress traffic is shaped at a very low rate (< 50 Mbps), packets might get stuck in the MMU buffers permanently. This might cause ingress or egress traffic drops. When low rate shapers (< 50 Mbps) are applied on egress queues, we recommend you to deactivate shaping before any CoS modification or ensure traffic is stopped before modifying the CoS configuration. PR1367432
EVPN
When a VLAN uses an IRB interface as the routing interface, the vlan-id parameter must be set to none to ensure proper traffic routing. This issue is platform independent. PR1287557
General Routing
When vlan is added as an action for changing the VLAN in both ingress and egress filters, the filter will not be installed. PR1362609
A few error messages related to the function
rt_mesh_group_add_check()are seen during reboot. These errors are harmless. PR1365049Automatic channelization is not supported for 40GBASE-BXSR, QSFP+40GE-LX4, QSFP-100G-PSM4, and 100GBASE-BXSR optics. PR1366103
On the EX4300-MP switch, the et-0/2/* (100-Gigabit Ethernet) interface multicast queue in strict-priority mode gets the priority treatment only across other multicast queues. PR1377692
Infrastructure
If Junos OS panics with a file-system-related panic, such as 'dup alloc', recovery through the OAM shell might be needed. From the OAM shell, run fsck on the root volume until it is marked clean. Only at this point it is safe to reboot to the normal volume. PR1444941
Routing Protocols
On EX4650 switches, 254 neighbors and 200,000 routes can be scaled for IS-IS v4. Beyond 200,000 routes with 254 neighbors, adjacency flaps and traffic drop will be seen. However, with 40 neighbors, scaling of 351,000 routes is achieved. PR1368106
Virtual Chassis
A Virtual Chassis internal loop might occur on a node coming up from a reboot. During nonstop software upgrade (NSSU) on a EX4600 or EX4300 Virtual Chassis, minimal traffic disruption or a traffic loop (greater than 2 seconds) might occur. PR1347902
Known Issues
This section lists the known issues in hardware and software in Junos OS Release 18.4R3 for the EX Series.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
Authentication and Access Control
Before running the load ssl-certificate path PATHNAME command, configure the path using the set protocols dot1x ssl-certificate-path PATHNAME command, if the default pathname is not
/var/tmp/. PR1431086
General Routing
ARP queue limit has been changed from 100 pps to 3000 pps. PR1165757
When you run request system reboot, the box undergoes zeroization, which triggers zero-touch provisioning (ZTP). During the mounting stage,
/var/db/scripts/importdoes not get created, which later causes the configuration to be committed partially. This is seen in the warning Warning: Commit failed, activating partial configuration. Warning: Edit the router configuration to fix these errors.. PR1289782On an EX2300 switch, the output of the show chassis routing-engine command might display an incorrect value of mac reset for the last reboot reason field. PR1331264
There is no support of interface range for channelized interfaces on an EX9253 switch. The user has to configure interfaces individually. PR1350635
On an EX4650 switch, if lcmd is restarted, a chassisd core file will be generated with traffic drop for a few seconds. PR1363652
On an EX4300 switch configured with a firewall filter on lo0 and DHCP security on a VLAN simultaneously might drop legitimate DHCP renew requests from clients on the corresponding VLANs. This occurs because of the implementation design and chipset limitation. PR1376454
On EX2300 and EX3400 switches, image upgrade might fail due to insufficient space issue. PR1376488
On an EX9208 switch, few xe- interfaces are going down with the error message if_msg_ifd_cmd_tlv_decode ifd xe-0/0/0 #190 down with ASIC Error . PR1377840
PXE installation might fail due to a failure in image upgrade post PXE initialization. PR1406743
On an EX9200 switch with MC-LAG configuration and other features enabled, there is a loss of approximately 20 seconds during restart of routing daemon. This traffic loss varies with the configuration that is done. PR1409773
The error smic_bcm8238x_set_phy_mode: unable to set front panel mode (err -11) is observed while rebooting the AD-2 with base configurations. PR1417121
On EX2300-24T and EX4650 platforms, uRPF check in strict mode might not work properly. PR1417546
Issue with installing EFL license on EX4300-XXMP switches only. When adding the license, the license fails to add. For example: {master:0} root@d06-34> request system license add terminal Mar 01 12:03:05 [Type ^D at a new line to end input, enter blank line between each license key] EmergencyJUNOS285602007 aeaqia qmlbjd amrrha 2tcmbr gayaqb ycsbdm mjggim gbastv nzuxaz lsebew 45dfoj xgc3ah fbo6ct 7vv3hl ykp4zq 5g6xch szi7aq 3pek5e vh4myw jdi5wq dxyi3c rkgydi 3crzkr szq terminal:1 error: EmergencyJUNOS285602007: license not valid for this product add license failed (1 errors). This issue affects only EFL licenses (AFL is not affected) and EX4300-MP devices. As a workaround, upgrade to Junos OS Release 18.3R3 and later or to Junos OS Release 18.4R2 and later. PR1421033
BUM traffic rate limiting is done after removing Ethernet headers. L1 TX rate on ingress interface: 1G Tx rate with headers: 865Mbps Rx rate on the egress interface:800M L1 RX rate on egress interface: 925Mbps. Storm control functionalities in MX-L card is achieved by poilcer and hence the below mentioned policer inaccuracy is applicable for storm control feature as well. Since XM sprays packets to 4 different LUs, each LU will be processing packets of varying sizes.XM does not do strict round-robin, so even if all the incoming packets were to be of exact same sizes (which is not a practical scenario), each LU will still be loaded differently, hence there will be some periods where some LUs policing limit may reach sooner than the others (either due to processing more packets or due to processing larger packets). Hence, it is possible that, some LUs, who see the policing limit reached sooner may drop the packet or color them differently that might result into eventual drop while the other LUs could queue the packets for transmission; We could see this behavior within a single flow as well. Hence the policier functionality can be unpredictable at times. In an extreme case, a packet flow might be sent to a single LU and the policer result is 1/4th of what it is expected. Since the policer functionality, in general, might not work correctly, we will see the impact on all the policing features - for example, input-policer, three-color-policer (srTCM, trTCM), output-policer. PR1442842
MAC addresses learned on redundant trunk group (RTG) might not be aged out after aging time if the source interface is configured as RTG. PR1461293
On EX3400 Virtual Chassis, during reboot or upgrade, because of a high CPU load in slow path of FXPC, TCP keep alive message is not sent. Hence, it is observed that sometimes a few Virtual Chassis members might take longer to join the Virtual Chassis. PR1467707
On EX3400 switches, traffic loss is seen when SFP-T is connected because of autonegotiation failure. PR1469750
Infrastructure
Junos OS might hang when trying to acquire the SMP IPI lock while rebooting when it is running as a VM on Linux and QEMU hypervisor. PR1359339
When an SNMP poll is performed for the following OIDs, the backup Routing Engine returns the value 6 (6=down) for the fan and 1 (1=unknown) for the PSUs, even though the fan and PSUs are up. Fan: 1.3.6.1.4.1.2636.3.1.13.1.6 PSU: 1.3.6.1.4.1.2636.3.1.13.1.6.2. For a permanent fix, upgrade the chassis to Junos OS Release 15.1R8 or later. PR1360962
On EX3400 and EX2300 switches, during zero-touch provisioning (ZTP) with configuration and image upgrade with FTP as file transfer, image upgrade is successful, but sometimes VM core file might be generated. PR1377721
On EX Series switches, if configuring large-scale number of firewall filters on some interfaces, the FPC crash with core files might be seen. PR1434927
On an EX4300 switch, the CLI configuration set chassis routing-engine on-disk-failure disk-failure-action (reboot | halt) is not supported. PR1450093
Interfaces and Chassis
On GRES, VSTP port cost on aggregated Ethernet interfaces might get changed, leading to a topology change. PR1174213
Multicast
IGMP query packets might be duplicated between Layer 2 interfaces with IGMP snooping enabled. PR1391753
Network Management and Monitoring
In a rare case, where trace files are not properly closed by the OS, traceoption logs might stop writing to a log file. PR1380764
Platform and Infrastructure
On EX4300 or EX4300 Virtual Chassis, if the VLAN Spanning Tree Protocol (VSTP) is configured, when some operations with VSTP (for example, deactivating/activating VSPT interface, deactivating/activating VSPT VLAN, and so on) are done, it might cause a pfex process crash. PR1178539
There are multiple failures when an event, such as node reboot, ICL flap, or ICCP flap occurs; and even with enhanced convergence configured there is no guarantee that subsecond convergence will be achieved. PR1371493
On EX2300 and EX3400 platforms, when doing an upgrading operation, as image size grows over a period of time and subsequently storage is insufficient to install images, the upgrade might fail with the error message not enough space to unpack. PR1464808
Routing Protocols
Error messages pimd_rtrequest_v4(1133), IS_MASTER_RE: 1, Process: rpd, RTM_ID: 5, error: 17, errmsg: rt exists; ifindex = 340 are cosmetic and expected logs. These logs are not harmful and have no functional impact, it just shows the state of PIM register messages. These logs are already LOG_DEBUG for external builds, you do not need to do any change in any of the components. PR1371431
mcsnoopd might crash when all the core-facing interfaces that are part of the Layer 2 domain have flapped and it is attempting to flood a packet received over a CE interface, over the core-facing interfaces. PR1470183
Subscriber Access Management
The authd reuses address too quickly before jdhcpd completely cleans up the old subscriber, which results in syslog errors: : jdhcpd: %USER-3-DH_SVC_DUPLICATE_IPADDR_ERR: Failed to add 10.1.128.3 as it is already used by 1815. PR1402653
Resolved Issues
This section lists the issues fixed in the Junos OS Release 18.4R3 for EX Series switches.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
Resolved Issues: 18.4R3
Resolved Issues
General Routing
Certain EX Series devices are vulnerable to 'Etherleak' memory disclosure in Ethernet padding data (CVE-2017-2304). PR1063645
Transit OSPF traffic over Q-in-Q tunneling might be dropped if a firewall filter is applied to lo0 interface. PR1355111
l2ald process might crash and generate a core file on EX2300 Virtual Chassis when a trunk is converted port to a dot1x access port with tagged traffic flowing. PR1362587
The interface on a failed member FPC of EX2300 and EX3400 Virtual Chassis might stay up 120 seconds. PR1422507
IPv6 multicast traffic received on one Virtual Chassis member might be dropped when exiting an other Virtual Chassis member if MLD snooping is enabled. PR1423310
MAC overlapping between different switches. PR1425123
Virtual Chassis split after network topology changed. PR1427075
The FXPC or Packet Forwarding Engine might crash on EX2300 and EX3400 switches. PR1427391
Rebooting or halting Virtual Chassis member might cause traffic on redundant trunk group (RTG) link to be down for about 30 seconds. PR1427500
On EX2300-24P switches, l2ald core file is observed after removal and re-addition of multiple supplicant mode with PVLAN on interface. PR1428469
Verification of ND inspection with a dynamically bound client, moved to a different VLAN on the same port is failing. PR1428769
The delay in transmission of BPDUs after GRES might result in loss of traffic on EX2300 and EX3400 Virtual Chassis. PR1428935
EX4300-48MP switch cannot learn MAC address through some access ports that are directly connected to a host when auto-negotiation is used. PR1430109
Disabling DAC QSFP port might not work on EX9251 switches.PR1430921
Erroneous log messages and chassis environment output related to fan tray in EX4300MP-EX4300-48P Virtual Chassis. PR1431263
The l2cpd process might crash and generate a core file when interfaces are flapping. PR1431355
Packet drop might be seen if native VLAN is configured along with flexible VLAN tagging. PR1434646
Micro-BFD session might flap upon inserting a QSFP to other port. PR1435221
The MC-AE interface might get stuck in waiting state in dual MC-AE scenario. PR1435874
I40e NVM upgrade support for EX9200 platform. PR1436223
IRB over VTEP unicast traffic might get dropped on EX9200 switches. PR1436924
GE/MGE SFP-T interface might not come up on EX2300, EX3400, and EX4300 switches. PR1438078
Commit check error for VSTP on EX9200 switches: xSTP:Trying to configure too many interfaces for given protocol. PR1438195
LEDs turn on even after the Virtual Chassis members are powered off. PR1438252
The DHCP snooping table might be cleared for VLAN ID 1 after adding a new VLAN ID to it. PR1438351
RPD might generate core file during router boot up because of a file pointer issue as there are two code paths that can close the file. PR1438597
The dot1x might not work when captive port is also configured on the interface on backup or non-master FPC. PR1439200
DHCPv6 relay binding is not up while verifying the DHCP snooping along with DHCPv6 relay. PR1439844
EX4600 Virtual Chassis does not come up after fiber connection on Virtual Chassis port is replaced with DAC cable. PR1440062
CPU might hang or interface might be stuck down on particular 100-Gigabit Ethernet port on EX Series switches. PR1440526
MAC addresses learned on redundant trunk group (RTG) might not be aged out after a Virtual Chassis member is rebooted. PR1440574
Clients in isolated VLAN might not get IP addresses after completing authentication when both dhcp-security and dot1x are configured. PR1442078
EX3400 fan alarm (Fan X not spinning) appears and disappears repeatedly after the fan tray (absent) is removed. PR1442134
The rpd might crash when BGP sends a notification message. PR1442786
DHCPv6 client might fail to get an IP address. PR1442867
Non-designated port is not moving to backup port role. PR1443489
The /var/host/motd does not exist message is flooded every 5 seconds in chassisd logs. PR1444903
[EX4300-MP] Log generated continuously rpd[6550]: task_connect: task AGENTD I/O.128.0.0.1+9500 addr 128.0.0.1+9500: Connection refused. PR1445618
Major alarm log messages for temperature conditions for EX4600 switch at 56 degrees Celsius. PR1446363
The traffic might be dropped when a firewall filter rule uses then vlan as the action in a Virtual Chassis scenario. PR1446844
Phone home on EX3400 switches fails because sysctl cannot read the device serial number. PR1447291
EX3400 Virtual Chassis might hang when a disk error occurs on EX3400 switches. PR1447853
Unicast ARP requests are not replied to with no-arp-trap option. PR1448071
On EX3400 switches, IPv6 routes received through BGP do not show the correct age time. PR1449305
Except one aggregated Ethernet member link, the other links do not send out sFlow sample packets for ingress traffic. PR1449568
Tunneling-encapsulated packets are dropped on Layer 3 VPN MPLS PE-CE interface. PR1451032
DHCP snooping static binding does not take effect after deleting and re-adding the entries. PR1451688
On EX3400 switches with half-duplex mode on 10-Mbps or 100-Mbps speed at medium traffic egress traffic flow might stop on the port and MAC pause frames will be incrementing on receive direction. PR1452209
The l2ald and eventd are hogging 100 percent after the clear ethernet-switching table command is issued. PR1452738
Configuration change in VLAN-all option might affect the per-VLAN configuration. PR1453505
Version compare in PHC might fail making PHC download the same image. PR1453535
A firewall filter might not be able to be applied in a particular Virtual Chassis or Virtual Chassis Fabric member as TCAM is running out of space. PR1455177
Packet drop might be seen after removing and reinserting the SFP of the 40G Uplink Module ports. PR1456039
Link up delay after rebooting one of Flexible PIC Concentrator (FPC) in EX4600 Switch Virtual Chassis. PR1456336
Timeout connecting to peer 'database-replication'. PR1457284
Overtemperature SNMP trap messages are displayed after update even though the temperatures are within the system thresholds. PR1457456
The correct VoIP VLAN information in LLDP-MED packets might not be sent after commit if dynamic VoIP VLAN assignment is used. PR1458559
The FXPC process might crash due to several BGP IPv6 session flaps. PR1459759
Storage space limitation leads to image installation failure during Phone home on EX2300 and EX3400 switches. PR1460087
Configure any combination of VLANs and interfaces under VSTP/MSTP might cause VSTP/MSTP related configuration cannot be committed. PR1463251
There are some command lines to disable MAC learning and some of them were not working. PR1464797
On EX2300 switches, an FXPC core file is seen after mastership election based on user's priority. PR1465526
The MAC move message might have an incorrect "from" interface when MAC moves rapidly. PR1467459
Optics measurements might not be streamed for interfaces of a PIC over JTI. PR1468435
EX3400 switch is advertising only 100 Mbps when a speed of 100 Mbps is configured with autonegotiation enabled. PR1471931
On EX4600 switches, the shaping of CoS does not work after reboot. PR1472223
Authentication and Access Control
Without 802.1x configuration, the syslog message dot1xd[2192]: task_connect: task PNACAUTH./var/run/authd_control addr /var/run/authd_control: Connection refused is generated repeatedly. PR1406965
Class of Service (CoS)
CoS is incorrectly applied on Packet Forwarding Engine, leading to egress traffic drop. PR1329141
Shaping does not work after the reboot if shaping-rate is configured. PR1432078
The traffic is placed in network-control queue on extended port even if it comes in with different DSCP marking. PR1433252
EVPN
EVPN or MPLS IRB logical interfaces might not come up when the local Layer 2 interface is down. PR1436207
Configuring ESI on a single-homed 25-Gigabit Ethernet port might not work. PR1438227
ARP request or NS might be sent back to the local segment by DF router. PR1459830
The rpd might crash after changing EVPN related configuration. PR1467309
Forwarding and Sampling
Enable interface with input or output vlan-maps to be added to a routing instance configured with a vlan-id or vlan-tags (instance type virtual-switch/vpls). PR1433542
The l2ald process might observe memory leak on Junos OS. PR1455034
Type 1 ESI/AD route might not be generated locally on EVPN PE in the all-active mode. PR1464778
Infrastructure
The operations on console might not work if the system ports console log-out-on-disconnect statement is configured. PR1433224
Certain EX Series platforms might generate VM core file by panic and reboot. PR1456668
Error messages related to soft reset of port due to queue buffers being stuck could be seen on EX4600 and EX4300 Virtual Chassis. PR1462106
On EX2300 Virtual Chassis scenario, continuous dcpfe error messages and eventd process hog might be seen. PR1474808
Interfaces and Chassis
EX9214 switches show an unexpected duplicate VLAN-ID commit error . PR1430966
VRRPv6 state is flapping with init and idle states after configuring vlan-tagging. PR1445370
The traffic might be forwarded to wrong interfaces in an MC-LAG scenario. PR1465077
Executing commit might hang up due to stuck device control process. PR1470622
J-Web
Some error messages might be seen when using J-Web. PR1446081
Junos Fusion Enterprise
Reachability issue of the host connected to the SD might be affected in a Junos fusion enterprise environment with EX9200 devices as ADs. PR1447873
Junos Fusion Satellite Software
The dpd crash might be observed on satellite devices in Junos fusion for enterprise. PR1460607
Layer 2 Features
Ethernet ring protection switching (ERPS) nodes might not converge to IDLE state after failure recovery or reboot. PR1431262
Physical layer and MAC/ARP learning might not work for copper base SFP-T onEX4600 switches. PR1437577
The Link Layer Discovery Protocol (LLDP) function might fail when a Juniper device connects to a non-Juniper device. PR1462171
FXPC core file might be seen when committing the configuration all together, for example, after the reboot. PR1467763
Layer 2 Ethernet Services
The DHCP DECLINE packets are not forwarded to DHCP server when forward-only is set within dhcp-reply. PR1429456
The jdhcpd_era log files constantly consume 121M of space out of 170M, resulting into file system full and traffic impact. PR1431201
DHCP request might get dropped in DHCP relay scenario. PR1435039
On EX9200 switches, DHCP-Relay is stripping the 'GIADDR' field in messages towards the DHCP clients. PR1443516
Platform and Infrastructure
LACP DDOS policer is incorrectly triggered by other protocol traffic on all EX92XX/T4000 platforms. PR1409626
EX4300-48MP-18.3R1.9: Overtemperature SNMP trap generated wrongly for LC (EX4300-48P) based on master Routing Engine (EX4300-48MP) temperature threshold value. PR1419300
On EX4300 switches, runt counter never incremented. PR1419724
SNMP (ifHighSpeed) value is not getting displayed properly only for VCP interfaces, and appears as zero. PR1425167
Packet drops, replication failure, or ksyncd crashes might be seen on the logical system of a device running Junos OS after Routing Engine switchover. PR1427842
IPv6 traffic might be dropped when static /64 IPv6 routes are configured. PR1427866
EX4300 switches do not drop FCS frames with CRC error on xe- interfaces. PR1429865
Unicast ARP requests are not replied to with the no-arp-trap option. PR1429964
EX4300 switches without soft error recovery (parity check, correction and memscan) enable. PR1430079
The device might not be accessible after the upgrade. PR1435173
The FPC or PFEX crash might be observed because of DMA buffer leaking. PR1436642
The /var/db/scripts directory might be deleted after executing request system zeroize. PR1436773
The laser TX might be enabled while the interface is disabled. PR1445626
The PoE might not work after upgrading the PoE firmware on EX4300 switches. PR1446915
The firewall filters might not be created due to TCAM issues. PR1447012
NSSU cause a traffic loss again after the backup to master transitions. PR1448607
On certain MPC line cards, cm errors need to be reclassified. PR1449427
REST API process will become non-responsive when the number of requests is high. PR1449987
The OSPF neighbor might go down when mDNS/PTP traffic is received at a rate higher than 1400 pps. PR1459210
ERP might not revert to IDLE state after reload or reboot of multiple switches. PR1461434
Traffic loss might be observed longer than 20 seconds when performing NSSU on EX4300 Virtual Chassis. PR1461983
IGMP reports are dropped with mixed enterprise or SP configuration styles on EX4300 switches. PR1466075
The switch might not be able to learn MAC address with dot1x and interface-mac-limit configured. PR1470424
Routing Protocols
Host-destined packets with filter log action might not reach the Routing Engine if log or syslog is enabled. PR1379718
EX9208: BGP v4/v6 convergence and RIB install/delete time degraded in 19.1R1/19.2R1/19.3R1/19.4R1. PR1414121
The traffic with destination UDP port 521 (RIPng) gets dropped on EX4600 switches. PR1429543
The FXPC core file might be seen during the reboot of device on EX4600 switches. PR1432023
Error message RPD_DYN_CFG_GET_PROF_NAME_FAILED: Get profile name for session XXX failed: -7, might be seen in syslog after restarting routing daemon. PR1439514
The bandwidth value of the DDOS-protection might cause packet loss after a device reboot. PR1440847
Traffic might be dropped after the Q-in-Q enabled interface is flapped or a change is made to vlan-id-list. PR1441402
IPv6 connectivity between MC-LAG peers might fail when multiple IRB interfaces are present. PR1443507
Junos OS BFD sessions with authentication flaps after a certain time. PR1448649
Loopback address exported into other VRF instance might not work on EX Series platforms. PR1449410
MPLS LDP might still use stale MAC of the neighbor even the LDP neighbor's MAC changes. PR1451217
User Interface and Configuration
EX4600 switches were unable to commit baseline configuration after zeroization. PR1426341
Problem with access to J-Web after update from Junos OS Release 18.2R2 to 18.2R3. PR1454150
Virtual Chassis
Current MAC address might change when deleting one of the multiple Layer 3 interfaces. PR1449206
VPNs
MVPN using PIM dense mode does not prune the OIF when PIM prune is received. PR1425876
Resolved Issues: 18.4R2
EVPN
The device might proxy the ARP probe packets in an EVPN environment. PR1427109
Configuring ESI on a single-homed 25G port might not work. PR1438227
General Routing
On QFX5120 and EX4650, the convergence delay between PE1 and P router link is more than the expected delay value. PR1364244
OAM Ethernet connectivity-fault-management configured on aggregated Ethernet interfaces is not supported but there is no commit error. PR1367588
IPv6 router advertisement (RA) messages can increase internal kernel memory usage. PR1369638
RIPv2 update packets might not be sent with IGMP snooping enabled. PR1375332
EX-4300 Virtual Chassis : Commit error is observed for the first time while loading the Mini-PDT base configurations. PR1383469
On QFX5120 and EX4650, occasionally two of the channelized 25Gbps Ethernet ports using 4x25-Gigabit breakout cable do not come up after Junos OS reboot. PR1384898
EX3400-Virtual Chassis: The Error tvp_status_led_set and Error:tvp_optics_diag_eeprom_read logs are seen. PR1389407
The Input rate pps is not increased on EX2300-MP uplink ports if the packet is a pure Layer 2 packet such as non-etherII or non-EtherSnap. PR1389908
Interface flapping on an EX3400 Virtual Chassis causes interface-generated IGMP query packets 224.0.0.1 to be sent to all the members ports, except the master FPC. PR1393405
PTP over Ethernet traffic might be dropped if IGMP and PTP TC are configured together. PR1395186
On EX2300 the MAC table is not populated after the interface-mode value is changed. PR1396422
The fxpc core file might be seen if scaled number of filter-based forwarding (FBF) filters are configured. PR1398256
High jsd or na-grpcd CPU usage might be seen when JET or JTI is not used. PR1398398
EX3400 might not learn 30,000 MAC addresses while sending MAC learning traffic. PR1399575
MAC limit with persistent MAC does not after reboot. PR1400507
The authd process might crash when you issue show network-access requests pending command during the restarting of authd. PR1401249
The TCP connection between ppmd and ppman might be dropped due to a kernel issue. PR1401507
The adt7470_set_pwm message is continuously getting displayed after upgrade to Junos OS Release 18.1R3.3. PR1401709
The STP does not work when the aggregated Ethernet interfaces number is AE1000 or above in QFX5000 and AE480 or greater in other QFX Series or EX Series switches. PR1403338
The DHCP discover packets are forwarded out of an interface incorrectly if DHCP snooping is configured on that interface. PR1403528
EX4300-48MP: Packets are dropped after the traffic filter and routing instance are configured. PR1407424
MAC address movement might not happen in Flexible Ethernet Services mode when family inet/inet6 and vlan-bridge are configured on the same physical interface. PR1408230
The l2cpd might crash if the vstp traceoptions and vstp-vlan-all commands are configured. PR1407469
EX3400 PSU status continues to be check even though the PSU module has been removed. PR1408675
On EX2300-24P, the error message dc-pfe: BRCM_NH-,brcm_nh_resolve_get_nexthop(),346:Failed to find if family. PR1410717
On EX Series and QFX Series switches, PEM Alarm for the backup FPC remains on Master FPC although backup FPC was detached from the Virtual Chassis. PR1412429
On EX4300-48MP, the chassis Status LED shows yellow instead of amber. PR1413194
chassisd output power budget received continually every 5 seconds without any alarm after upgrade to Junos OS 18.1R3 PR1414267
VXLAN Encapsulation next hop (VENH) doesnt get installed during BGP flap or restart routing. PR1415450
On EX3400, the show chassis environment repeats OK and Failed at short intervals. PR1417839
The EX3400 Virtual Chassis status might be unstable during the bootup of the Virtual Chassis or after the Virtual Chassis port flaps. PR1418490
Virtual Chassis might become unstable and FXPC core files when there are multiple configured filter entries. PR1422132
On EX3400, autonegotiation status shows incomplete on ge-0/2/0 using SFP-SX. PR1423469
MACsec connection on EX4600 will not come back up after interface disconnect while traffic is passing. PR1423597
On MX204 optics SFP-1GE-FE-E-T I2C read errors are seen when an SFP-T is inserted into a disabled-state port. PR1423858
Incorrect model information while polling through SNMP from Virtual Chassis. PR1431135
Infrastructure
IfSpeed and IfHighSpeed erroneously reported as zero on EX2300. PR1326902
The Packet Forwarding Engine is flooded with messages: pkt rx on ifd NULL unit 0 PR1381151
The dot1x could not work when dot1x is configured with isolated VLAN on one interface. PR1404664
Interfaces and Chassis
Missing mandatory ICCP configuration statement redundancy-group-id-list produces misleading error message. PR1402606
The IFLs in EVPN routing instances might flap after committing configurations. PR1425339
Junos Fusion Enterprise
PoE over LLDP negotiation is not supported on a Junos Fusion Enterprise setup. PR1366106
error: peer_daemon: bad daemon: scpd error is seen on EX9251 running Junos OS Releases 18.1R1 and 18.1R2. PR1369646
Juniper Fusion Enterprise: Cannot log in to SD cluster although it is recognized by AD properly. PR1395570
The l2ald might crash if you issue the clear ethernet-switching table persistent-learning command. PR1409403
Extended ports in Junos Fusion Enterprise do not adjust the MTU value when VoIP is enabled. PR1411179
Traffic might get discarded silently in a Junos Fusion Enterprise scenario with dual aggregation devices. PR1417139
Layer 2 Features
On EX2300/EX3400 LLDP packets are dropped at L2PT NNI port when the configuration is applied for the first time. PR1362173
Layer 3 Features
The l2ald might crash when you issue the clear ethernet-switching table persistent-learning command. PR1381739
Layer 2 Ethernet Services
The malfunction of the core isolation feature in EVPN-VXLAN scenarios causes traffic to be discarded silently. PR1417729
Network Management and Monitoring
Overtemperature trap is not sent out even though there is a Temperature Hot alarm. PR1412161
Platform and Infrastructure
Ping does not go through device after WTR timer expires in ERPS scenario. PR1132770
EX4300 upgrade fails during validation of the SLAX script during upgrade. PR1376750
ECMP route installation failure with log messages such as unilist install failure might be observed on the EX4300 switch. PR1376804
Unicast DHCP request get misforwarded to backup RTG link on EX4300 Virtual Chassis. PR1388211
Continuous log messages get displayed on EX4300 after upgrading to a Junos OS Release 17.4 or later release. PR1391942
EX4300 OAM LFM might not work on an extended VLAN bridge interface with native VLAN configured. PR1399864
Traffic drop is seen on EX4300 when the 10-Gigabit Ethernet fiber port is using 1-gigabit Ethernet SFP optics with autonegotiation enabled. PR1405168
The policer might not work when it is applied through the dynamic filter. PR1410973
EX4300 QinQ - untagged UNI Traffic egress as single-tagged on NNI Interface. PR1413700
EX4300 does not send fragmentation needed message when MTU is exceeded with DF bit set. PR1419893
The traffic to the NLB server might not be forwarded if the NLB cluster works in multicast mode. PR1411549
The pfex process might crash and core files generated when a SFP transceiver is reinserted. PR1421257
Traffic might be lost when one of the logical interfaces on the LAG is deactivated or deleted. PR1422920
The authd process crashes when the Accounting RADIUS server is not reachable. PR1424030
EX9200-12QS switch sends tagged packets through the access interface and through the trunk interface with a native VLAN ID. PR1424174
Interface flapping scenario might lead to ECMP next hop install failure on EX4300s. PR1426760
VIP might not forward the traffic if VRRP is configured on an aggregated Ethernet interface. PR1428124
The ERPS failover does not work as expected on EX4300 device. PR1432397
Routing Protocols
EX4300 might drop incoming IS-IS hello packets when IGMP or MLD snooping is configured. PR1400838
Host-generated ICMPv6 RA packets might be dropped on the backup member of a Virtual Chassis if IGMP snooping is configured. PR1413543
The QFX Series and EX Series switch might not install all IRB MAC addresses when the device is initialized. PR1416025
Sometimes, IGMP snooping might not work. As a workaround, restart the multicast-snooping process. PR1420921
Subscriber Access Management
EX4300
/varfile is showing full as the var/log/dfcd_enc file grows in size. PR1425000
Resolved Issues: 18.4R1
General Routing
On the EX4300-32F, the MACsec session stays down on 1-Gigabit and 10-Gigabit Ethernet links after certain events, when events are performed with traffic running. PR1299484
On EX2300 and EX3400 switches, the bridge ID is assigned to 02:00:00:00:00:10 irrespective of the base-MAC addresses. PR1315633
Incorrect value of optical power is displayed. PR1326642
On EX3400 and EX2300 switches, a redirect message is sent from the switch even when no-redirect is set for the specified interface. PR1333153
The fxpc process might crash after Q-in-Q VLAN is added to or deleted from an interface on EX2300 or EX3400 switches. PR1334850
Consideration of relaxing P-VLAN conflict rules during VLAN change for reauthentication and CoA scenarios. PR1346936
The 40-Gigabit Ethernet interfaces might not forward traffic. PR1349675
On EX2300, EX3400, and EX4300MP switches in a Virtual Chassis setup, dynamic Arp inspection might fail after Virtual Chassis switchover when VSTP is enabled along with no-mac-table-binding. PR1359753
The traffic uses the original IRB MAC address if you are configuring a MAC address for an IRB interface. PR1359816
On EX2300MP switches, the fan count is wrong in jnxFruName,jnxFilledDescr and jnxContainersCount.4. PR1361025
The EX4300-MP MACsec AES-GCM-128-XPN and AES-GCM-256-XPN cipher suites are not supported for MGE ports. PR1362035
FPM board status is missing in the SNMP MIB walk result. PR1364246
The l2cpd process might crash when you configure MVRP with private VLAN and RSTP interface-all. PR1365937
Virtual Chassis split followed by generation of fxpc core files might occur when VLAN members are scaled. PR1369678
Unicast ARP packet loop might be observed in a DAI scenario. PR1370607
NTP broadcast packets are not forwarded out on Layer 2 ports. PR1371035
MAC refresh packet might not be sent out from the new primary link after an RTG failover. PR1372999
BOOTP packets might be dropped if BOOTP-support is not enabled at the global level. PR1373807
FPC might crash when the output interface flaps with analyzer or sampling configured. PR1374861
The port access list group is not properly reallocating the TCAM slices. PR1375022
The interface AE480 or above might be in STP discarding state on EX9200 switches. PR1378272
On EX4300-48MP, the IP transit traffic hits the lo0 filter. PR1379328
All interfaces belonging to a certain FPC might be lost after multiple GRES in Virtual Chassis. PR1379790
The 802.1X configuration does not work with Microsoft NPS server. PR1381017
On EX4300-48MP, as the session-option configuration under the access profile hierarchy is not applicable for EX Series and QFX Series, do not use that statement and options under it PR1385229
On EX9200, a warning message prefer-status-control-active is used with status-control standby is seen whenever you commit a configuration. PR1386479
On an EX2300 with Q-in-Q (flexible-vlan-tagging), you are unable to obtain the DHCP IP for the IRB interface after power-cycling the device. PR1387039
The smid process might generate core files during sanity script execution on QFX5100 and EX4300. PR1391909
EVPN
Proxy ARP might not work as expected in an EVPN environment. PR1368911
High Availability (HA) and Resiliency
The backup Routing Engine might go to database prompt after performing configurations such as remove and restore are performed. PR1269383
Infrastructure
Core files might be generated upon attempt to commit a configuration. PR1376362
Junos Fusion Enterprise
The peer_daemon: bad daemon: scpd error message is seen on EX9251 running Junos OS Releases 18.1R1 and 18.1R2. PR1369646
Layer 2 Features
The firewall filter might not work correctly with the match condition of dot1q-tag on an EX Series switch. PR1369592
RTG MAC refresh packets are sent out from non-RTG ports if the RTG interface belonging to the Virtual Chassis master flaps. PR1389695
Network Management and Monitoring
On EX4600 switches, unsupported CLI configurations and show commands from the cfm hierarchy or sub-hierarchy are allowed. PR1359052
While toggling multiple times between baseline and CFM configurations, all 30 CFM sessions are not up. PR1360907
The event-policy generated traps are sent with UTC, even though the time zone is defined under the system hierarchy. PR1380777
Platform and Infrastructure
Interface flapping is seen on an EX4300 switch. PR1361483
Some interfaces cannot be added under the MSTP configuration. PR1363625
On EX4300 and EX4600 switches, the l2ald process might crash in an 802.1x scenario. PR1363964
The Packet Forwarding Engine might crash if frequent MAC moves are encountered. PR1367141
The LLDP TLV with the wrong switch port capabilities might be sent. PR1372966
Login lockout might never expire because the timestamps of Lockout start and Lockout end are same. PR1373803
On EX4300-48MP, unsupported 1-gigabit optics in the 10-gigabit uplink module might cause interface traffic to be dropped. PR1374390
Traffic might be silently discarded with indirect next hop and load balancing. PR1376057
The IRB interface does not go down when the master Virtual Chassis is rebooted or halted. PR1381272
On the EX4300 switch, if a loss priority value of high is set for multicast packets by a classifier at the ingress interface, the configuration is overridden by the storm-control filter. PR1382893
The EX4300 device chooses a wrong bridge ID as the RSTP Bridge ID. PR1383356
On EX4300-48MP mixed Virtual Chassis, the Power over Ethernet interface maximum power configuration on a member EX4300 gives an error if the power is configured to be more than 30 W. PR1383717
Layer 3 IP route is destroyed after the Layer 2 next hop is changed. PR1389688
Routing Protocols
On EX4300-48MP, stale VLAN entries might be seen after a script involving split or merge reboots is run continuously. PR1363739
Documentation Updates
There are no errata or changes in Junos OS Release 18.4R3 documentation for the EX Series switches.
Migration, Upgrade, and Downgrade Instructions
This section contains the upgrade and downgrade support policy for Junos OS for the EX Series. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network. For information about software installation and upgrade, see the Installation and Upgrade Guide.
Upgrade and Downgrade Support Policy for Junos OS Releases
Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.
You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1, 17.2 and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.
You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.
For more information about EEOL releases and to review a list of EEOL releases, see https://www.juniper.net/support/eol/junos.html.