Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for EX Series Switches

 

These release notes accompany Junos OS Release 19.2R2 for the EX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

What’s New

Learn about new features introduced in the Junos OS main and maintenance releases for EX Series switches.

Note

The following EX Series switches are supported in Release 19.2R2: EX2300, EX2300-C, EX3400, EX4300, EX4600-40F, EX4650, EX9200, EX9204, EX9208, EX9214, EX9251, and EX9253.

What’s New in Release 19.2R2

There are no new features or enhancements to existing features for EX Series switches in Junos OS Release 19.2R2.

Whats’s New in Release 19.2R1-S1

Routing Protocols

  • Decouple RSVP for IGP-TE (MX Series, PTX Series, ACX Series, QFX Series, SRX Series, and EX Series)—Starting in Junos OS Release 19.2R1-S1, device can advertise selective traffic-engineering attributes such as admin-color and maximum-bandwidth, without enabling RSVP, for segment routing and interior gateway protocol (IGP) deployments.

What’s New in Release 19.2R1

Authentication, Authorization, and Accounting (AAA)

  • 802.1X authentication (EX4650 switches)—Starting with Junos OS Release 19.2R1, EX4650 switches support port-based network access control using 802.1X authentication as defined in the IEEE 802.1X standard.

    [See 802.1X for Switches Overview.]

Dynamic Host Configuration Protocol

  • Support for DHCP snooping and other access port security features on private VLANs (EX4300-MP switches and Virtual Chassis)—Starting in Junos OS Release 19.2R1, you can enable DHCP snooping for security purposes on access ports that are in a private VLAN (PVLAN). You can also protect those ports with DHCP options, dynamic ARP inspection (DAI), IP source guard, and neighbor discovery inspection.

    [See Putting Access Port Security on Private VLANs.]

EVPN

  • Support for BFD, BGP, IS-IS, and OSPF on IRB interfaces in EVPN-MPLS networks (EX series)—Starting with Junos OS Release 19.2R1, you can configure Bidirectional Forwarding Detection (BFD), BGP, IS-IS, and OSPF routing protocols on the IRB interface in an EVPN-MPLS network to route and forward EVPN traffic. This feature supports single-homed, single-active, and all-active multihomed networks.

    [See EVPN with IRB Solution Overview.]

  • EVPN support of VLAN ID ranges and lists in service provider style interface configurations (EX9200 switches)—Starting in Junos OS Release 19.2R1, EX9200 switches, ACX5448 and MX Series routers, and vMX virtual routers support the use of VLAN ID ranges and lists in a service provider style interface configuration, which must be referenced in an EVPN routing instance. This configuration is supported with the following EVPN environments, services, and features:

    • Environments:

      • EVPN with VXLAN encapsulation

      • EVPN with MPLS encapsulation

    • VLAN bundle service:

      • E-LAN

      • E-Tree

      • E-Line

    • Features:

      • EVPN multihoming:

        • All-active

        • Single-active

      • Singlehoming

    [See VLAN ID Ranges and Lists in an EVPN Environment.]

  • Support for control word in EVPN-VPWS (EX9200 switches)—Starting with Junos OS Release 19.2R1, Junos OS supports the insertion of a control word between the label stack and the MPLS payload in a network with EVPN-VPWS service. This feature prevents a transit device from delivering out-of-order packets as a result of the device’s load-balancing hashing algorithm. When you enable the control word feature on a PE device, the PE device advertises support for a control word. If all the PE devices in an EVI on the EVPN-VPWS serviced network support control word, then the PE device inserts a control word between the label stack and the L2 header in the packet thus preventing the packet from being misidentified by transit devices.

    [See Control Word for EVPN-VPWS.]

JWeb

  • Support for EX4650 switches—Starting in Junos OS Release 19.2R1, you can use J-Web to configure, monitor, and manage EX4650 switches.

    To configure the EX4650 switch using the J-Web interface, you must connect the cable to the port labeled CON on the rear panel of the switch.

    Note

    In J-Web, the chassis viewer displays only the standalone EX4650 switches view. It does not display the Virtual Chassis configuration because the EX4650 switch does not support the Virtual Chassis configuration.

    [See Dashboard for EX Series Switches and Connecting and Configuring an EX Series Switch (J-Web Procedure).]

Layer 2 Features

  • L2PT support (EX4300 multigigabit switches)—Starting with Junos OS Release 19.2R1, you can configure Layer 2 protocol tunneling (L2PT) for the following protocols on EX4300 multigigabit switches (EX4300-48MP models): CDP, E-LMI, GVRP, IEEE 802.1X, IEEE 802.3AH, LACP, LLDP, MMRP, MVRP, STP (including RSTP and MSTP), UDLD, VSTP, and VTP.

    [See Layer 2 Protocol Tunneling.]

Multicast

  • Support for multicast traffic counters (EX4300, EX4300-MP, EX4300 Virtual Chassis)—Starting with Junos OS Release 19.2R1, you can use firewall filters to count packets and check the bandwidth of multicast traffic received by a host from a particular source and group in a routing instance. To enable this feature, include the multicast-statistics statement at the [edit system packet-forwarding-options] hierarchy level. To check the packet count and bandwidth for each multicast route, use the show multicast route extensive command.

    [See multicast-statistics (system-packet forwarding).]

  • IGMP snooping with private VLANs (EX4300 multigigabit switches)—Starting in Junos OS Release 19.2R1, EX4300 multigigabit switches (EX4300-48MP models) support IGMP snooping with private VLANs (PVLANs). A PVLAN consists of secondary isolated and community VLANs configured within a primary VLAN. Without IGMP snooping support on the secondary VLANs, switches receive multicast streams on a primary VLAN and flood them to the secondary VLANs. This feature extends IGMP snooping on a primary VLAN to its secondary VLANs to further constrain multicast streams only to interested receivers on PVLANs. When you enable IGMP snooping on a primary VLAN, you implicitly enable it on all secondary VLANs, and the secondary VLANs learn the multicast group information on the primary VLAN.

    Note

    Ports in a secondary VLAN cannot be used as IGMP multicast router interfaces. Secondary VLANs can receive multicast data streams ingressing on promiscuous trunk ports or inter-switch links acting as multicast router interfaces.

    [See IGMP Snooping Overview.]

Network Management and Monitoring

  • Support for displaying valid user input in the CLI for command options and configuration statements in custom YANG data models (EX Series)—Starting in Junos OS Release 19.2R1, the CLI displays the set of possible values for a given command option or configuration statement in a custom YANG data model when you include the action-expand extension statement in the option or statement definition and reference a script that handles the logic. The action-expand statement must include the script child statement, which defines the Python action script that is invoked when a user requests context-sensitive help in the CLI for the value of that option or statement.

    [See Displaying Valid Command Option and Configuration Statement Values in the CLI for Custom YANG Modules.]

Port Security

  • Stateless address autoconfiguration (SLAAC) snooping (EX2300, EX3400, EX4300, and Virtual Chassis)—Starting in Junos OS Release 19.2R1, Junos OS supports SLAAC snooping on EX2300, EX2300 VC, EX3400, EX3400 VC, EX4300, and EX4300 VC. IPv6 clients using SLAAC for dynamic address assignment are validated against the SLAAC snooping binding table before being allowed access to the network.

    [See IPv6 Stateless Address Autoconfiguration (SLAAC) Snooping.]

  • Fallback PSK for Media Access Control Security (MACsec) (EX Series)—Starting in Junos OS Release 19.2R1, fallback PSK for MACsec is supported on EX Series routers that support MACsec. The fallback PSK provides functionality to establish a secure session in the event that the primary PSKs on each end of a MACsec-secured link do not match.

    [See Configuring MACsec on EX, SRX and Fusion Devices.]

  • Support for 802.1X authentication on private VLANs (PVLANs) (EX4300-48MP switches and Virtual Chassis)—Starting in Junos OS Release 19.2R1, you can enable 802.1X (dot1x) authentication for security purposes on access ports that are in a PVLAN.

    PVLANs provide Layer 2 isolation between ports within a VLAN, splitting a broadcast domain into multiple discrete broadcast subdomains by creating secondary VLANs. PVLANs are useful for restricting the flow of broadcast and unknown unicast traffic and for limiting the communication between known hosts.

    Authentication prevents unauthenticated devices and users from gaining access to your LAN. For 802.1X and MAC RADIUS authentication, end devices must be authenticated before they receive an IP address from a DHCP server.

    On a switch that is configured with both 802.1X authentication and PVLANs, when a new device is attached to the PVLAN network, the device is authenticated and then is assigned to a secondary VLAN based on the PVLAN configuration or RADIUS profile. The device then obtains an IP address and receives access to the PVLAN network.

    [See Using 802.1X Authentication and Private VLANs Together on the Same Interface.]

  • Media Access Control security with 256-bit cipher suite (EX4300)—Starting in Junos OS Release 19.2R1, the GCM-AES-256 cipher suite for MACsec in static CAK mode is supported on the 2-port QSFP+/1-port QSFP28 uplink module for EX4300-48MP switches. The GCM-AES-256 cipher suite has a maximum key length of 256 bits and is also available with extended packet numbering (GCM-AES-XPN-256).

    [See Understanding Media Access Control Security (MACsec).]

  • Support for MACsec PSK keychain (EX9253)—Starting in Junos OS Release 19.2R1, EX9253 switches support MACsec PSK chains hitless rollover and Key Agreement Protocol Fail Open mode.

    [See Configuring MACsec on EX, SRX and Fusion Devices.]

System Management

  • Support for transferring accounting statistics files and router configuration archives using HTTP URL (EX Series)—Starting in Junos OS Release 19.2R1, you can transfer accounting statistics files and router configuration archives to remote servers by using an HTTP URL. In addition to SCP and FTP, the following HTTP URL will be supported under the archive-sites statement:

    http://username@host:url-path password password

    • To transfer accounting statistics files, configure archive-sites under [edit accounting-options file <filename>] hierarchy.

    • To transfer router configuration archival, configure archive-sites under edit system archival configuration hierarchy.

    • To view the statistics of transfer attempted, succeeded, and failed, use the show accounting server statistics archival-transfer command.

    • To clear the statistics of transfer attempted, succeeded, and failed, use the clear accounting server statistics archival-transfer command.

    [See archive-sites, Backing Up Configurations to an Archive Site, show accounting server statistics archival-transfer, and clear accounting server statistics archival-transfer].

What’s Changed

Learn about what changed in Junos OS main and maintenance releases for EX Series.

What’s Changed in Release 19.2R2

General Routing

  • Support for full inheritance paths of configuration groups to be built into the database by default (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting with Junos OS Release 19.2R2, the persist-groups-inheritance option at the [edit system commit] hierarchy level is enabled by default. To disable this option, use no-persist-groups-inheritance.

    [See commit (System).]

Interfaces and Chassis

  • Support for creating Layer 2 logical interfaces independently (ACX Series, EX Series, MX Series, PTX Series, and QFX Series)—In Junos OS Releases 18.4R1, 18.4R2, 19.1R1, 19.1R2, 19.2R2, and later, EX Series switches support creating Layer 2 logical interfaces independent of the Layer 2 routing-instance type. That is, you can configure and commit the Layer 2 logical interfaces separately and add the interfaces to the bridge domain or Ethernet VPN (EVPN) routing instance separately. Note that the Layer 2 logical interfaces work fine only when they are added to the bridge domain or EVPN routing instance.

    In earlier Junos OS releases, when you use a Layer 2 logical interface configuration (units with encapsulation vlan-bridge configuration), then you must add the logical interface as part of a bridge domain or EVPN routing instance for the commit to succeed.

  • Logical Interface is created along with physical Interface by default (EX Series, MX Series, and QFX Series)—In Junos OS Release 19.2R2 and later, logical interface is created on ge, et, xe interfaces along with the physical interface, by default. In earlier Junos OS Releases, by default, only physical interfaces are created.

    For example, for ge interfaces, earlier when you view the show interfaces command, by default, only the physical interface (ge-0/0/0), is displayed. Now, the logical interface (ge-0/0/0.16386) is also displayed.

Layer 2 Feature

  • input-native-vlan-push (EX2300, EX3400, EX4600, EX4650, and the QFX5000 line of switches)—In Junos OS Release 19.2R2, we have introduced the configuration statement input-native-vlan-push at the [edit interfaces interface-name] hierarchy level. You can use this statement in a Q-in-Q tunneling configuration to enable or disable whether the switch inserts a native VLAN identifier in untagged frames received on the C-VLAN interface, when the configuration statement input-vlan-map with a push operation is configured.

    [See input-native-vlan-push.]

Multicast

  • Multicast Layer 2 transit traffic statistics by multicast source and group (EX4600, EX4650, and the QFX5000 line of switches)—Starting in Junos OS Release 19.2R2, EX4600, EX4650, and the QFX5000 line of switches provide statistics on the packet count for each multicast group and source when passing multicast transit traffic at Layer 2 with IGMP snooping. Run the show multicast snooping route extensive CLI command to see this count in the Statistics: … n packets output field. The other statistics in that output field, kBps and pps, are not available (values displayed there are not valid statistics for multicast traffic at Layer 2). In earlier Junos OS releases, all three values in the Statistics output field for kBps, pps, and packets do not provide valid statistics for multicast traffic at Layer 2.

    [See show multicast snooping route.]

Routing Protocols

  • XML RPC equivalent included for the show bgp output-scheduler | display xml rpc CLI command (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 19.2R2, we have included an XML RPC equivalent for the show bgp output-scheduler | display xml rpc CLI command. In Junos OS releases before Release 19.2R2, the show bgp output-scheduler | display xml rpc CLI command does not have an XML RPC equivalent.

    [See show bgp output-scheduler.]

What’s Changed in Release 19.2R1

Interfaces and Chassis

  • Deprecation of the [edit fabric protocols bgp] hierarchy level (EX Series)—Starting in Junos OS Release 19.2R1, the [edit fabric protocols bgp] hierarchy level is deprecated.

Network Management and Monitoring

  • The show system schema command and <get-yang-schema> RPC require specifying an output directory (EX Series)—Starting in Junos OS Release 19.2R1, when you issue the show system schema operational mode command in the CLI or execute the <get-yang-schema> RPC in a remote session to retrieve schema files, you must specify the directory in which to generate the output files by including the output-directory command option in the CLI or the <output-directory> element in the RPC. In earlier releases, you can omit the output-directory argument when requesting a single module to display the module in standard output.

  • Custom YANG RPC support for input parameters of type empty (EX Series)—Starting in Junos OS Release 19.2R1, custom YANG RPCs support input parameters of type empty when executing the RPC’s command in the Junos OS CLI, and the value passed to the action script is the parameter name. In earlier releases, input parameters of type empty are only supported when executing the RPC in a NETCONF or Junos XML protocol session, and the value passed to the action script is the string 'none'.

    [See Creating Action Scripts for YANG RPCs on Devices Running Junos OS.]

VLAN Infrastructure

  • Specifying a descending VLAN ID range (EX9200 switches)—In Junos OS releases prior to Junos OS Release 19.2R1, the system accepts a descending range—for example, 102-100, with the vlan-id-range configuration statement in the [edit interfaces interface-name unit logical-unit-number] hierarchy.

    Starting with Junos OS Release 19.2R1, the system considers a descending range specified with vlan-id-range to be invalid and raises an error if you try to commit this configuration.

Known Limitations

Learn about the Limitation PRs in Junos OS main and maintenance releases for EX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

EVPN

  • When a VLAN uses an IRB interface as the routing interface, the VLAN-ID parameter must be set to "none" to ensure proper traffic routing. This issue is platform independent. PR1287557

General Routing

  • With a MAC scale of 288,000 entries, the output of the Routing Engine show ethernet-switching table summary command displays the learned scale entries after a delay of around 60 seconds. PR1367538

  • When the box is loaded and unloaded with MACsec configuration multiple times with operations made continuously, L3 connectivity is been lost and hence stops the system followed by a reboot to resume operation. PR1416499

Platform and Infrastructure

  • Filters are installed only during route add if there is enough space. If the filter fails because of the non-availability of TCAM space, those routes might not be processed for filter add later when space becomes available. PR1419926

Open Issues

Learn about the open issues in hardware and software in Junos OS Release 19.2R2 for EX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Authentication and Access Control

  • Before running the load ssl-certificate path PATHNAME command, configure the path using the set protocols dot1x ssl-certificate-path PATHNAME command if the default pathname is not /var/tmp/. PR1431086

General Routing

  • ARP queue limit has been changed from 100 pps to 3000 pps. PR1165757

  • In an EX2300 switch, the output of the show chassis routing-engine command might display an incorrect value of Router rebooted after a normal shutdown for the last reboot reason field. PR1331264

  • When a VLAN is added as an action for changing the VLAN in both ingress and egress filters, the filter will not be installed. PR1362609

  • An EX4300 configured with a firewall filter on lo0 and DHCP security on a VLAN simultaneously might drop legitimate DHCP renew requests from clients on the corresponding VLANs. This occurs because of the implementation design and chipset limitation. PR1376454

  • On an EX9208 switch, a few xe- interfaces are going down with the error message if_msg_ifd_cmd_tlv_decode ifd xe-0/0/0 #190 down with ASIC Error. PR1377840

  • After the MACsec session is deleted, the corresponding interfaces might lose their MACsec function if LACP is enabled on them and the statement exclude lacp is configured under the [edit security macsec] hierarchy. PR1378710

  • DCPFE did not come up in some instances of abrupt power-off/power-on of EX4650. Power-cycle of the device or host reboot will recover the device. PR1393554

  • There is a possibility of seeing multiple reconnect logs, JTASK_IO_CONNECT_FAILED message during the device initialization. There is no functionality impact because of these messages. These messages can be ignored. PR1408995

  • On EX9200 devices with MCLAG configuration and other features enabled, there is a loss of approximately 20 seconds during restart of the routing daemon. This traffic loss varies with the configuration that is done. PR1409773

  • On EX4650 line of switches, uRPF check in strict mode might not work properly. PR1417546

  • On committing the configuration, the interface-range configuration defined over a wildcard range such as ge-*/*/* is not supported. As a result, valid rages for STP port IDs are exceeded. The commit fails. Here is a sample configuration set interfaces interface-range RANGE1 member ge-*/*/* and set interfaces interface-range RANGE1 mtu 2000. PR1421446

  • In certain scenarios, IGMP transit query packets might not be flooded on the VLAN, causing momentary drop in Layer 2 multicast traffic. PR1427542

  • On EX9200 and MX Series platforms running as PE nodes in an EVPN-VXLAN scenario, if the enhanced-ip mode is enabled for chassis configuration, and the EVPN routing instance is configured with an integrated routing and bridging (IRB) interface, the unicast traffic that is sent through IRB over VTEP might get dropped because it could not get routed toward the core network due to this issue. PR1436924

  • On the EX9214 device, if the MACsec-enabled link flaps after reboot, the error errorlib_set_error_log(): err_id(-1718026239) is observed. PR1448368

Infrastructure

  • On EX3400 and EX2300 line of switches during ZTP with configuration and image upgrade with FTP as file transfer, image upgrade is successful but sometimes VM core file might be generated. PR1377721

  • On EX Series switches, if you are configuring a large number of firewall filters on some interfaces, the FPC might crash and generate core files. PR1434927

Interfaces and Chassis

  • On GRES, VSTP port cost on aggregated Ethernet interfaces might get changed, leading to a topology change. PR1174213

Platform and Infrastructure

  • There are multiple failures when an event such as node reboot, ICL flap or ICCP flap occurs; and even with enhanced convergence configured there is no guarantee that subsecond convergence will be achieved. PR1371493

  • On EX2300 and EX3400 platforms, when doing an upgrading operation, as image size grows over a period of time and subsequently storage is insufficient to install images, the upgrade might fail with the error message not enough space to unpack. PR1464808

Spanning Tree Protocols

  • On committing interface-range configuration defined over wild-card range like ge-*/*/* is not supported. As a result, exceeding valid range for stp-port-ids. The commit fails. Sample example configuration is set interfaces interface-range RANGE1 member ge-*/*/* and set interfaces interface-range RANGE1 mtu 2000. PR1421446

  • After converging VSTP, if there is a VSTP configuration change and then BPDU might not be flooded because of which port role might be in incorrect state in the adjacent switches. There is no loop created in the network. PR1443489

Resolved Issues

This section lists the issues fixed in the Junos OS main release and the maintenance releases.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 19.2R2

Class of Service (CoS)

  • Shaping does not work after the reboot if shaping-rate is configured. PR1432078

  • The traffic is placed in network-control queue on an extended port even if it comes in with a different DSCP marking. PR1433252

EVPN

  • EVPN or MPLS IRB logical interfaces might not come up when local Layer 2 interfaces are down. PR1436207

  • Configuring ESI on a single-homed 25-Gigabit Ethernet port might not work. PR1438227

  • An ARP request or a Neighbor Solicitation message might be sent back to the local segment by the designated forwarder (DF) router. PR1459830

  • The rpd might crash after the EVPN-related configuration is changed. PR1467309

Forwarding and Sampling

  • Enable interface with input/output vlan-maps to be added to a routing instance configured with a VLAN ID or VLAN tags (instance type virtual-switch/vpls). PR1433542

  • The l2ald process might experience memory leak on devices running Junos OS. PR1455034

  • Type 1 ESI/AD route might not be generated locally on EVPN PE devices in all-active mode. PR1464778

General Routing

  • Transit OSPF traffic over Q-in-Q tunneling might be dropped if a firewall filter is applied to loopback interface. PR1355111

  • The l2ald process might crash and generate a core file on EX Virtual Chassis when converting a trunk port to dot1x access port with tagged traffic flowing. PR1362587

  • The interface on a failed member FPC of EX2300 and EX3400 Virtual Chassis might stay up for 120 seconds. PR1422507

  • IPv6 multicast traffic received on one Virtual Chassis member might be dropped when exiting through another Virtual Chassis member if MLD snooping is enabled. PR1423310

  • The MAC address pool might overlap between different switches. PR1425123

  • Virtual Chassis split is seen after the network topology is changed. PR1427075

  • The fxpc or the Packet Forwarding Engine process might crash on EX2300 and EX3400 switches. PR1427391

  • Rebooting or halting a Virtual Chassis member might cause traffic on the RTG link to be down for about 30 seconds. PR1427500

  • The l2ald process crashes after the dot1x configuration is deleted when dot1x and private VLAN (PVLAN) are enabled simultaneously on EX Series and QFX Series switches. PR1428469

  • A client might fail to get an IP address from the DHCPv6 server. PR1428769

  • The delay in transmission of BPDUs after GRES might result in loss of traffic on EX2300 and EX3400 Virtual Chassis. PR1428935

  • The EX4300-48MP switch cannot learn MAC addresses through some access ports that are directly connected to a host when auto negotiation is used. PR1430109

  • Disabling DAC QSFP ports might not work on MX204, MX10003, or EX9251. PR1430921

  • Erroneous log messages and chassis environment output related to fan tray in EX4300MP-EX4300-48P Virtual Chassis. PR1431263

  • The l2cpd process might crash and generate a core file when interfaces are flapping. PR1431355

  • Packet drop might be seen if native VLAN is configured along with flexible VLAN tagging. PR1434646

  • Micro BFD-session might flap upon inserting a QSFP transceiver into another port. PR1435221

  • Traffic drop might be seen after MACsec session key rollover between primary and fallback for more than ten times. PR1435277

  • The multichassis aggregated Ethernet (mc-ae) interface might get stuck in the Waiting state in a dual mc-ae scenario. PR1435874

  • i40e NVM upgrade support for EX9200 platform. PR1436223

  • The Gigabit Ethernet or multigigabit Ethernet SFP-T interface might not come up on EX2300, EX3400, and EX4300 switches. PR1438078

  • Commit check error for VSTP on EX9200 switches: xSTP:Trying to configure too many interfaces for given protocol.PR1438195

  • LED turns on even after the Virtual Chassis members are powered off. PR1438252

  • The DHCP Snooping table might be cleared for VLAN ID 1 after adding a new VLAN ID to it. PR1438351

  • The rpd might crash during the booting process in certain conditions. PR1438597

  • The dot1x configuration might not work when captive port is also configured on the interface on a backup or non-master FPC. PR1439200

  • LACP state might get stuck in Attached state after disabling peer active members. PR1439268

  • On EX9200 DHCPv6 relay scenario, when DHCPv6 snooping and Neighbor Discovery Inspection (NDI) are enabled simultaneously on an IRB interface, the DHCPv6 relay binding does not come up. PR1439844

  • The EX4600 and QFX5100 Virtual Chassis might not come up after you replace the Virtual Chassis port fiber connection with a DAC cable. PR1440062

  • CPU might hang or an interface might be stuck down on a particular 1-Gigabit Ethernet port on MX Series, EX Series, and PTX Series devices. PR1440526

  • MAC addresses learned on an RTG might not be aged out after a Virtual Chassis member is rebooted. PR1440574

  • Clients in isolated VLANs might not get IP addresses after completing authentication when both dhcp-security and dot1x are configured. PR1442078

  • EX3400 fan alarm (Fan X not spinning) appears and disappears repeatedly after the fantray (Absent) is removed. PR1442134

  • The rpd might crash when BGP sends a notification message. PR1442786

  • DHCPv6 client might fail to get an IP address. PR1442867

  • The port role might be incorrect in STP after the STP configuration is changed. PR1443489

  • The /var/host/motd does not exist message is flooded every 5 seconds in chassisd logs. PR1444903

  • On EX4300-MP, the following log message is generated continuously: rpd[6550]: task_connect: task AGENTD I/O.128.0.0.1+9500 addr 128.0.0.1+9500: Connection refused. PR1445618

  • Major alarm log messages are seen for temperature conditions at 56 degrees Celsius. PR1446363

  • The traffic might be dropped when a firewall filter rule uses then vlan as the action in a Virtual Chassis scenario. PR1446844

  • Phone home on EX Series devices because sysctl cannot read the device serial number. PR1447291

  • EX3400 Virtual Chassis might go into hang state when a disk error occurs on EX3400. PR1447853

  • Unicast ARP requests are not replied to with the no-arp-trap option. PR1448071

  • On EX3400, IPv6 routes received through BGP do not show the correct age time. PR1449305

  • Except one aggregated Ethernet member link, the other links do not send out sFlow sample packets for ingress traffic. PR1449568

  • Tunneling encapsulated packets are dropped on the Layer 3 VPN MPLS PE-CE interface. PR1451032

  • DHCP snooping static binding does not take effect after deleting and re-adding the entries. PR1451688

  • The MAC pause frames will be incrementing in the Receive direction if half-duplex mode on 10-Mbps or 100-Mbpa speed is configured. PR1452209

  • The l2ald and eventd processes are hogging 100 percent CPU after the clear ethernet-switching table command is issued. PR1452738

  • Configuration change in VLAN all option might affect the per-VLAN configuration. PR1453505

  • Version compare in PHC might fail, making the PHC to download the same image. PR1453535

  • You might not be able to apply a firewall filter in a particular VC/VCF member as TCAM space runs out. PR1455177

  • Packet drop might be seen after removing and reinserting the SFP transceiver of the 40-Gigabit uplink module ports. PR1456039

  • Link-up delay and traffic drop might be seen on mixed SP Layer 2 or Layer 3 and EP Layer 2 type configurations. PR1456336

  • The syslog message timeout connecting to peer database-replication is generated when the show version detail command is issued. PR1457284

  • Overtemperature SNMP trap messages are displayed after the software upgrade and update even though the temperatures are within the system thresholds. PR1457456

  • The correct VoIP VLAN information in LLDP-MED packets might not be sent after commit if dynamic VoIP VLAN assignment is used. PR1458559

  • The fxpc process might crash due to several BGP IPv6 session flaps. PR1459759

  • Storage space limitation leads to image installation failure when phone home is used on EX2300 and EX3400 platforms. PR1460087

  • MAC addresses learned on an RTG might not be aged out after aging time. PR1461293

  • RTG link faces nearly 20 seconds downtime when the backup node is rebooting. PR1461554

  • Configuring any combination of VLANs and interfaces under VSTP/MSTP might cause VSTP/MSTP-related configurations that cannot be committed. PR1463251

  • The Virtual Chassis function might be broken after upgrading on EX2300 and EX3400 switches. PR1463635

  • On EX Series switches with ELS and on QFX Series switches, some command lines to disable MAC learning are not working. PR1464797

  • The jdhcpd might consume high CPU and no further subscribers can be brought up if more than 4000 DHCP-relay clients in the MAC-MOVE scenario. PR1465277

  • The fxpc might crash after mastership election on EX2300 and EX3400 switches. PR1465526

  • The broadcast and multicast traffic might be dropped over IRB or LAG interfaces in QFX Series and EX Series Virtual Chassis scenario. PR1466423

  • The MAC move message might have an incorrect from interface when rapid MAC moves occurs. PR1467459

  • In EX3400 FPCs get disconnected from Virtual Chassis briefly after the image upgrades or reboots. PR1467707

  • Optics measurements might not be streamed for interfaces of a PIC over JTI. PR1468435

  • FPC might be down when configuring vxlan-routing. PR1468736

  • On the EX3400, traffic loss is observed between SFP-T connected interfaces because of auto negotiation failure. PR1469750

  • EX3400 is advertising only 100 Mbps when configured with 100-Mbps speed with auto negotiation enabled. PR1471931

  • The shaping of CoS does not work after reboot. PR1472223

  • The RIPv2 packets forwarded across a Layer 2 circuit connection might be dropped. PR1473685

  • The dhcpd process might crash in a Junos fusion environment. PR1478375

  • TFTP installation from loader prompt might not succeed on the EX Series switches. PR1480348

  • ARP request packets for unknown hosts might get dropped in the remote PE device in an EVPN-VXLAN scenario. PR1480776

  • On the EX2300 Series, the SNMP traps are not generated when MAC addresses when the limit is reached. PR1482709

Infrastructure

  • The operations on the console might not work if the system ports console log-out-on-disconnect configuration statement is configured. PR1433224

  • On the EX4300 Series, the CLI configuration on-disk-failure is not supported. PR1450093

  • Certain EX Series switches might panic and generate VM core files, leading to reboot. PR1456668

  • Error messages related to soft reset of ports due to queue buffers being stuck could be seen on EX4600 and EX4300 Virtual Chassis. PR1462106

  • Traffic drop is seen on an EX4300-48MP device that acts as a leaf node in a Layer 2 IP fabric EVPN-VXLAN environment. PR1463318

  • Continuous dcpfe error messages and eventd process hog might be seen in an EX2300 Virtual Chassis scenario. PR1474808

Interfaces and Chassis

  • On EX9200 devices, an unexpected duplicate VLAN-ID commit error might be seen. PR1430966

  • The VRRP IPv6 state might flap between init and idle states after VLAN tagging is configured. PR1445370

  • Traffic might be forwarded to wrong interfaces in an MC-LAG scenario. PR1465077

  • Executing commit might hang because of a stuck dcd process. PR1470622

J-Web

  • Some error messages might be seen when using J-Web. PR1446081

Junos Fusion for Enterprise

  • Reachability of the host connected to the satellite device might be affected in a Junos fusion for enterprise environment with EX9200 Series switches as aggregation devices. PR1447873

  • Loop detection might not work on extended ports in a Junos fusion scenarios. PR1460209

Layer 2 Features

  • Ethernet ring protection switching (ERPS) nodes might not converge to the Idle state after failure recovery or reboot. PR1431262

  • Physical layer and MAC/ARP learning might not work for copper base SFP-T transceivers on QFX5100, QFX5110, and EX4600. PR1437577

  • The traffic leaving QFX5000 and EX4600 switches might not be properly load balanced over aggregated Ethernet interfaces. PR1448488

  • The LLDP function might fail when a Juniper Networks device connects to a non-Juniper device. PR1462171

  • An fxpc core file might be seen when committing the configuration all together. For example, after a reboot PR1467763

  • Traffic might be affected if composite next hop is enabled. PR1474142

Layer 2 Ethernet Services

  • The DHCP decline packets are not forwarded to the DHCP server when forward-only is set within DHCP reply. PR1429456

  • The jdhcpd_era log files constantly consume 121 MB of space out of 170 MB, resulting into a full file system traffic impact. PR1431201

  • DHCP request might get dropped in a DHCP relay scenario. PR1435039

  • In EX9200 switches, DHCP relay is stripping the GIADDR field in messages toward the DHCP clients. PR1443516

Platform and Infrastructure

  • LACP DDoS policer is incorrectly triggered by other protocol- traffic on all EX9200, T4000, and MX Series platforms. PR1409626

  • On the EX4300-48MP running Junos OS Release 18.3R1.9, overtemperature SNMP trap is generated wrongly for line card (EX4300-48P) based on master Routing Engine (EX4300-48MP) temperature threshold value. PR1419300

  • On the EX4300, the runt counter never increments. PR1419724

  • SNMP (ifHighSpeed) value does not appear properly only for VCP interfaces; , it appears as zero. PR1425167

  • Packet drops, replication failure, or ksyncd crashes might be seen on the logical system of a device running Junos OS after Routing Engine switchover. PR1427842

  • IPv6 traffic might be dropped when static /64 IPv6 routes are configured. PR1427866

  • EX4300 does not drop FCS frames with CRC error on xe- interfaces. PR1429865

  • Unicast ARP requests are not replied with the no-arp-trap option. PR1429964

  • EX4300 without soft error recovery (parity check, correction and memscan) enabled. PR1430079

  • The device might not be accessible after the upgrade. PR1435173

  • An FPC/pfex crash might be observed due to DMA buffer leaking. PR1436642

  • The /var/db/scripts directory might be deleted after the request system zeroize command is executed. PR1436773

  • The laser TX might be enabled while the interface is disabled PR1445626

  • The PoE might not work after the PoE firmware on EX4300 switches is upgraded. PR1446915

  • The firewall filters might not be created due to TCAM issues. PR1447012

  • NSSU causes a traffic loss after the backup-to-master transitions. PR1448607

  • The Errors on certain MPCs are classified as major, which should be minor or non-fatal. PR1449427

  • The REST API process becomes nonresponsive when a number of requests come at a high rate. PR1449987

  • The IRB traffic might drop after a mastership switchover. PR1453025

  • The traffic for some VLANs might not be forwarded when vlan-id-list is configured. PR1456879

  • The OSPF neighbor might go down when mDNS or PTP traffic is received at a rate higher than 1400 pps. PR1459210

  • ERP might not revert to the Idle state after reload or reboot of multiple switches. PR1461434

  • Traffic loss might be observed longer than 20 seconds when performing NSSU on EX4300 Virtual Chassis. PR1461983

  • IGMP reports are dropped with mixed enterprise/SP configuration styles on EX4300 switches. PR1466075

  • The switch might not be able to learn MAC addresses with dot1x and interface-mac-limit configured. PR1470424

  • On an EX4300, the input firewall filter attached to isolated or community VLANs is not matching dot1p bits on the VLAN header. PR1478240

  • The Virtual Chassis VRRP peer drops packets to VRRP VIP after IRB is disabled. PR1491348

Routing Protocols

  • Host-destined packets with the filter log action might not reach the Routing Engine if log/syslog is enabled. PR1379718

  • BGP IPv4 or IPv6 convergence and RIB might delete and then install the time degraded in Junos OS Releases 19.1R1, 19.2R1, 19.3R1, and 19.4R1. PR1414121

  • The traffic with destination UDP port 520 (RIP) or 521 (RIPng) gets dropped on the QFX5000 and EX4600 switches. PR1429543

  • The fxpc core file might be seen during the reboot of QFX5100 and EX4600 devices. PR1432023

  • The RPD_DYN_CFG_GET_PROF_NAME_FAILED: Get profile name for session XXX failed: -7 error message might be seen in syslog after restarting the routing process. PR1439514

  • The bandwidth value of DDoS protection might cause packet loss after a device reboot. PR1440847

  • Traffic might be dropped after the Q-in-Q-enabled interface is flapped or a change is made to the vlan-id-list configuration. PR1441402

  • IPv6 connectivity between MC-LAG peers might fail when multiple IRB interfaces are present. PR1443507

  • The routing protocol process (rpd) crashes while processing a specific BGP update information. PR1448425

  • Junos OS BFD sessions with authentication flap after a certain time. PR1448649

  • Loopback address exported into other VRF instances might not work on ACX Series, EX Series, and QFX Series. PR1449410

  • MPLS LDP might still use the stale MAC address of the neighbor even the LDP neighbor's MAC address changes. PR1451217

  • The other querier present interval timer cannot be changed in the IGMP/MLD snooping scenario. PR1461590

  • The MUX state in an LACP interface does not go to collecting and distributing and remains attached after enabling the aggregated Ethernet interface. PR1484523

  • Receipt of certain genuine BGP packets from any BGP speaker causes rpd to crash. PR1497721

User Interface and Configuration

  • The switch might be unable to commit baseline configuration after zeroization. PR1426341

  • Problem with access to J-Web after update from Junos OS Release 18.2R2 to Junos OS Relesae 18.2R3. PR1454150

  • The umount: unmount of /.mount/var/val/chroot/packages/mnt/jweb-ex32-d2cf6f6b failed: Device busy message is seen when Junos OS is upgraded with the validate option. PR1478291

Virtual Chassis

  • The current MAC address might change when one of the multiple Layer 3 interfaces is being deleted. PR1449206

VPNs

  • MVPN using PIM dense mode does not prune the OIF when PIM prune is received. PR1425876

Resolved Issues: 19.2R1

Authentication and Access Control

  • Without configuring anything related to dot1x, the syslog dot1xd[2192]: task_connect: task PNACAUTH./var/run/authd_control addr /var/run/authd_control: Connection refused is generated repeatedly. PR1406965

EVPN

  • The device might proxy the ARP probe packets in an EVPN environment. PR1427109

  • ESI is configured on a single-homed 25G port might not work. PR1438227

General Routing

  • On EX4650 switches, convergence delay between PE1 and P router link is more than the expected delay value. PR1364244

  • OAM Ethernet connectivity-fault-management configured on aggregated Ethernet interfaces is not supported and no commit error is seen. PR1367588

  • IPv6 router advertisement (RA) messages potentially increase internal kernel memory usage. PR1369638

  • RIPv2 update packets might not be sent with IGMP snooping enabled. PR1375332

  • Input rate PPS does not increase on EX2300-MP uplink ports when the packet is a pure L2 packet like non-etherII or non-EtherSnap. PR1389908

  • EX3400VC - When an interface in a Virtual Chassis member switch that is not master, is flapped, IGMP query packets 224.0.0.1 are sent to all the ports of the members except the master FPC. PR1393405

  • PTP over Ethernet traffic might be dropped when IGMP and PTP TC are configured together. PR1395186

  • EX3400 might not learn 30,000 MAC addresses while sending MAC learning traffic. PR1399575

  • MAC-limit with persistent MAC is not working after reboot. PR1400507

  • After upgrading to Junos OS Release 18.1R3.3, adt7470_set_pwm output message is observed continuously. PR1401709

  • The DHCP discover packets are forwarded out of an interface incorrectly when DHCP snooping is configured on that interface. PR1403528

  • On EX4300-48MP devices, the packets drop when the traffic filter and the routing instance are configured. PR1407424

  • The l2cpd might crash if the vstp traceoptions and vstp vlan all commands are configured. PR1407469

  • MAC address movement might not happen in flexible Ethernet services mode when family inet/inet6 and vlan-bridge are configured on the same physical interface. PR1408230

  • EX3400 PSU status is still taking "check" status even though PSU module has been removed. PR1408675

  • On EX2300-24P switches, error message dc-pfe: BRCM_NH-,brcm_nh_resolve_get_nexthop(),346:Failed to find if family is seen. PR1410717

  • On EX Series devices, the PEM alarm for backup FPC remains on master FPC though the backup FPC is detached from Virtual Chassis. PR1412429

  • On EX4300-48MP devices, the chassis status LED shows yellow instead of amber. PR1413194

  • The chassisd output power budget is received continually per 5 seconds without any alarm after an upgrade to Junos OS Release 18.1R3. PR1414267

  • VXLAN encapsulation next hop (VENH) does not get installed during BGP flap or when routing is restarted. PR1415450

  • On EX3400 switches, the show chassis environment repeats OK and Failed at short intervals. PR1417839

  • The EX3400 VC status might be unstable during the boot-up of the Virtual Chassis or after the Virtual Chassis port flaps. PR1418490

  • Virtual Chassis might become unstable and FXPC crashes and generates a core file when there are a lot of configured filter entries. PR1422132

  • On EX3400 auto-negotiation status shows incomplete on ge-0/2/0 using SFP-SX. PR1423469

  • On EX4600 line of switches, MACsec might not connect when the interface disconnects while traffic is passing. PR1423597

  • I2C read errors are seen when an SFP-T is inserted into a disabled state port configured with set interface <*> disable command. PR1423858

  • Incorrect model information while polling through SNMP from Virtual Chassis. PR1431135

Infrastructure

  • IfSpeed and IfHighSpeed erroneously reported as zero on EX2300. PR1326902

  • Packet Forwarding Engine is flooded with messages // pkt rx on physical interface NULL unit 0. PR1381151

Interfaces and Chassis

  • Missing mandatory ICCP configuration statement redundancy-group-id-list produces misleading error message. PR1402606

  • EVPN aggregated Ethernet interface flaps followed by a commit. PR1425339

Junos Fusion Enterprise

  • PoE over LLDP negotiation is not supported on Junos Fusion Enterprise setup. PR1366106

  • New satellite device cannot be added to the Fusion scenario. PR1374982

  • Cascade port might go down after SD reboot in Junos Fusion Enterprise environment. PR1382091

  • Cannot log in to SD cluster though it is recognized by AD properly. PR1395570

  • The l2ald might crash when clear ethernet-switching table persistent-learning command is issued. PR1409403

  • Extended ports in Junos Fusion Enterprise do not adjust MTU when VoIP is enabled. PR1411179

  • The traffic might silently drop and get discarded in Junos Fusion Enterprise scenario with dual-AD. PR1417139

Layer 2 Ethernet Services

  • The malfunction of core isolation feature in EVPN VXLAN scenarios might cause traffic to get silently dropped and discarded. PR1417729

Network Management and Monitoring

  • Over temperature trap is not sent out even when there is a temperature-hot-alarm. PR1412161

Platform and Infrastructure

  • Ping does not go through the device after WTR timer expires in Ethernet ring protection switching (ERPS) scenario. PR1132770

  • EX4300 upgrade fails during validation of SLAX script. PR1376750

  • Unicast DHCP request gets misforwarded to backup RTG link on EX4300 Virtual Chassis. PR1388211

  • EX4300 OAM LFM might not work on extended-vlan-bridge interface with native vlan configured. PR1399864

  • Traffic drop is seen on EX4300 when 10-Gigabit fiber port is using 1-Gigabit Ethernet SFP optics with auto-negotiation enabled. PR1405168

  • On EX4300, when power supply (PEM) is removed, alarm is not generated. PR1405262

  • The policer might not work when it is applied through the dynamic filter. PR1410973

  • The traffic to the NLB server might not be forwarded if the NLB cluster works on multicast mode. PR1411549

  • EX4300 QinQ - untagged UNI traffic egress as single-tagged on NNI interface. PR1413700

  • Runt counter never incremented. PR1419724

  • EX4300 does not send fragmentation needed message when MTU is exceeded with DF bit set. PR1419893

  • The pfex process might crash and core files might be generated when SFP is reinserted. PR1421257

  • Traffic might get silently dropped when one of logical interfaces on LAG is deactivated or deleted. PR1422920

  • Auditd crashes when accounting RADIUS server is not reachable. PR1424030

  • The native VLAN ID of packets might fail when leaving out. PR1424174

  • Interface flapping scenario might lead to ECMP next-hop install failure on EX4300 switches. PR1426760

  • VIP might not forward the traffic if VRRP is configured on an aggregated Ethernet interface. PR1428124

  • EX4300 does not drop FCS frames on XE interfaces. PR1429865

  • The ERPS failover does not work as expected on EX4300 device. PR1432397

Routing Protocols

  • Host-destined packets with filter log action might reach the Routing Engine. PR1379718

  • The rpd crashes on static route configuration for multicast source. PR1408443

  • Host-generated ICMPv6 RA packets might be dropped on the backup member of Virtual Chassis if igmp-snooping is configured. PR1413543

  • The EX Series switches might not install all IRB MAC addresses in the initialization. PR1416025

  • After restarting multicast-snooping process, igmp-snooping might not work. PR1420921

Software Installation and Upgrade

  • Configuration loss and traffic loss might be seen if backup Routing Engine is zeroized and is then switched over to master within a short time. PR1389268

Subscriber Access Management

  • authd reuses address quickly before jdhcpd completely cleans up the old subscriber that gives the following error log DH_SVC_DUPLICATE_IPADDR_ERR: Failed to add x.x.x.x as it is already used by xxx. PR1402653

  • On EX4300 /var showing full /var/log/dfcd_enc file grows in size. PR1425000

Documentation Updates

This section lists the errata and changes in Junos OS Release 19.2R2 for the EX Series switches documentation.

Installation and Upgrade

  • Veriexec explained (EX Series)—Verified Exec (also known as veriexec) is a file-signing and verification scheme that protects the Junos operating system (OS) against unauthorized software and activity that might compromise the integrity of your device. Originally developed for the NetBSD OS, veriexec was adapted for Junos OS and enabled by default from Junos OS Release 7.5 onwards.

    [See Veriexec Overview.]

Migration, Upgrade, and Downgrade Instructions

This section contains the upgrade and downgrade support policy for Junos OS for the EX Series. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network. For information about software installation and upgrade, see the Installation and Upgrade Guide.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1, 17.2, and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.

You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see https://support.juniper.net/support/eol/software/junos/.