Junos OS Release Notes for EX Series Switches
These release notes accompany Junos OS Release 19.2R3 for the EX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.
You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.
What’s New
Learn about new features introduced in the Junos OS main and maintenance releases for EX Series switches.
The following EX Series switches are supported in Release 19.2R2: EX2300, EX2300-C, EX3400, EX4300, EX4600-40F, EX4650, EX9200, EX9204, EX9208, EX9214, EX9251, and EX9253.
What’s New in Release 19.2R3
There are no new features or enhancements to existing features for EX Series switches in Junos OS Release 19.2R3.
What’s New in Release 19.2R2
There are no new features or enhancements to existing features for EX Series switches in Junos OS Release 19.2R2.
What’s New in Release 19.2R1-S1
Routing Protocols
Decouple RSVP for IGP-TE (MX Series, PTX Series, ACX Series, QFX Series, SRX Series, and EX Series)—Starting in Junos OS Release 19.2R1-S1, device can advertise selective traffic-engineering attributes such as admin-color and maximum-bandwidth, without enabling RSVP, for segment routing and interior gateway protocol (IGP) deployments.
What’s New in Release 19.2R1
Authentication, Authorization, and Accounting (AAA)
802.1X authentication (EX4650 switches)—Starting with Junos OS Release 19.2R1, EX4650 switches support port-based network access control using 802.1X authentication as defined in the IEEE 802.1X standard.
[See 802.1X for Switches Overview.]
Dynamic Host Configuration Protocol
Support for DHCP snooping and other access port security features on private VLANs (EX4300-MP switches and Virtual Chassis)—Starting in Junos OS Release 19.2R1, you can enable DHCP snooping for security purposes on access ports that are in a private VLAN (PVLAN). You can also protect those ports with DHCP options, dynamic ARP inspection (DAI), IP source guard, and neighbor discovery inspection.
EVPN
Support for BFD, BGP, IS-IS, and OSPF on IRB interfaces in EVPN-MPLS networks (EX series)—Starting with Junos OS Release 19.2R1, you can configure Bidirectional Forwarding Detection (BFD), BGP, IS-IS, and OSPF routing protocols on the IRB interface in an EVPN-MPLS network to route and forward EVPN traffic. This feature supports single-homed, single-active, and all-active multihomed networks.
EVPN support of VLAN ID ranges and lists in service provider style interface configurations (EX9200 switches)—Starting in Junos OS Release 19.2R1, EX9200 switches, ACX5448 and MX Series routers, and vMX virtual routers support the use of VLAN ID ranges and lists in a service provider style interface configuration, which must be referenced in an EVPN routing instance. This configuration is supported with the following EVPN environments, services, and features:
Environments:
EVPN with VXLAN encapsulation
EVPN with MPLS encapsulation
VLAN bundle service:
E-LAN
E-Tree
E-Line
Features:
EVPN multihoming:
All-active
Single-active
Singlehoming
Support for control word in EVPN-VPWS (EX9200 switches)—Starting with Junos OS Release 19.2R1, Junos OS supports the insertion of a control word between the label stack and the MPLS payload in a network with EVPN-VPWS service. This feature prevents a transit device from delivering out-of-order packets as a result of the device’s load-balancing hashing algorithm. When you enable the control word feature on a PE device, the PE device advertises support for a control word. If all the PE devices in an EVI on the EVPN-VPWS serviced network support control word, then the PE device inserts a control word between the label stack and the L2 header in the packet thus preventing the packet from being misidentified by transit devices.
[See Control Word for EVPN-VPWS.]
JWeb
Support for EX4650 switches—Starting in Junos OS Release 19.2R1, you can use J-Web to configure, monitor, and manage EX4650 switches.
To configure the EX4650 switch using the J-Web interface, you must connect the cable to the port labeled CON on the rear panel of the switch.
Note In J-Web, the chassis viewer displays only the standalone EX4650 switches view. It does not display the Virtual Chassis configuration because the EX4650 switch does not support the Virtual Chassis configuration.
[See Dashboard for EX Series Switches and Connecting and Configuring an EX Series Switch (J-Web Procedure).]
Layer 2 Features
L2PT support (EX4300 multigigabit switches)—Starting with Junos OS Release 19.2R1, you can configure Layer 2 protocol tunneling (L2PT) for the following protocols on EX4300 multigigabit switches (EX4300-48MP models): CDP, E-LMI, GVRP, IEEE 802.1X, IEEE 802.3AH, LACP, LLDP, MMRP, MVRP, STP (including RSTP and MSTP), UDLD, VSTP, and VTP.
[See Layer 2 Protocol Tunneling.]
Multicast
Support for multicast traffic counters (EX4300, EX4300-MP, EX4300 Virtual Chassis)—Starting with Junos OS Release 19.2R1, you can use firewall filters to count packets and check the bandwidth of multicast traffic received by a host from a particular source and group in a routing instance. To enable this feature, include the multicast-statistics statement at the [edit system packet-forwarding-options] hierarchy level. To check the packet count and bandwidth for each multicast route, use the show multicast route extensive command.
IGMP snooping with private VLANs (EX4300 multigigabit switches)—Starting in Junos OS Release 19.2R1, EX4300 multigigabit switches (EX4300-48MP models) support IGMP snooping with private VLANs (PVLANs). A PVLAN consists of secondary isolated and community VLANs configured within a primary VLAN. Without IGMP snooping support on the secondary VLANs, switches receive multicast streams on a primary VLAN and flood them to the secondary VLANs. This feature extends IGMP snooping on a primary VLAN to its secondary VLANs to further constrain multicast streams only to interested receivers on PVLANs. When you enable IGMP snooping on a primary VLAN, you implicitly enable it on all secondary VLANs, and the secondary VLANs learn the multicast group information on the primary VLAN.
Note Ports in a secondary VLAN cannot be used as IGMP multicast router interfaces. Secondary VLANs can receive multicast data streams ingressing on promiscuous trunk ports or inter-switch links acting as multicast router interfaces.
[See IGMP Snooping Overview.]
Network Management and Monitoring
Support for displaying valid user input in the CLI for command options and configuration statements in custom YANG data models (EX Series)—Starting in Junos OS Release 19.2R1, the CLI displays the set of possible values for a given command option or configuration statement in a custom YANG data model when you include the
action-expandextension statement in the option or statement definition and reference a script that handles the logic. Theaction-expandstatement must include thescriptchild statement, which defines the Python action script that is invoked when a user requests context-sensitive help in the CLI for the value of that option or statement.
Port Security
Stateless address autoconfiguration (SLAAC) snooping (EX2300, EX3400, EX4300, and Virtual Chassis)—Starting in Junos OS Release 19.2R1, Junos OS supports SLAAC snooping on EX2300, EX2300 VC, EX3400, EX3400 VC, EX4300, and EX4300 VC. IPv6 clients using SLAAC for dynamic address assignment are validated against the SLAAC snooping binding table before being allowed access to the network.
[See IPv6 Stateless Address Autoconfiguration (SLAAC) Snooping.]
Fallback PSK for Media Access Control Security (MACsec) (EX Series)—Starting in Junos OS Release 19.2R1, fallback PSK for MACsec is supported on EX Series routers that support MACsec. The fallback PSK provides functionality to establish a secure session in the event that the primary PSKs on each end of a MACsec-secured link do not match.
Support for 802.1X authentication on private VLANs (PVLANs) (EX4300-48MP switches and Virtual Chassis)—Starting in Junos OS Release 19.2R1, you can enable 802.1X (dot1x) authentication for security purposes on access ports that are in a PVLAN.
PVLANs provide Layer 2 isolation between ports within a VLAN, splitting a broadcast domain into multiple discrete broadcast subdomains by creating secondary VLANs. PVLANs are useful for restricting the flow of broadcast and unknown unicast traffic and for limiting the communication between known hosts.
Authentication prevents unauthenticated devices and users from gaining access to your LAN. For 802.1X and MAC RADIUS authentication, end devices must be authenticated before they receive an IP address from a DHCP server.
On a switch that is configured with both 802.1X authentication and PVLANs, when a new device is attached to the PVLAN network, the device is authenticated and then is assigned to a secondary VLAN based on the PVLAN configuration or RADIUS profile. The device then obtains an IP address and receives access to the PVLAN network.
[See Using 802.1X Authentication and Private VLANs Together on the Same Interface.]
Media Access Control security with 256-bit cipher suite (EX4300)—Starting in Junos OS Release 19.2R1, the GCM-AES-256 cipher suite for MACsec in static CAK mode is supported on the 2-port QSFP+/1-port QSFP28 uplink module for EX4300-48MP switches. The GCM-AES-256 cipher suite has a maximum key length of 256 bits and is also available with extended packet numbering (GCM-AES-XPN-256).
Support for MACsec PSK keychain (EX9253)—Starting in Junos OS Release 19.2R1, EX9253 switches support MACsec PSK chains hitless rollover and Key Agreement Protocol Fail Open mode.
System Management
Support for transferring accounting statistics files and router configuration archives using HTTP URL (EX Series)—Starting in Junos OS Release 19.2R1, you can transfer accounting statistics files and router configuration archives to remote servers by using an HTTP URL. In addition to SCP and FTP, the following HTTP URL will be supported under the archive-sites statement:
http://username@host:url-path password password
To transfer accounting statistics files, configure archive-sites under [edit accounting-options file <filename>] hierarchy.
To transfer router configuration archival, configure archive-sites under edit system archival configuration hierarchy.
To view the statistics of transfer attempted, succeeded, and failed, use the show accounting server statistics archival-transfer command.
To clear the statistics of transfer attempted, succeeded, and failed, use the clear accounting server statistics archival-transfer command.
[See archive-sites, Backing Up Configurations to an Archive Site, show accounting server statistics archival-transfer, and clear accounting server statistics archival-transfer].
What’s Changed
Learn about what changed in Junos OS main and maintenance releases for EX Series.
What’s Changed in Release 19.2R3
General Routing
Advertising /32 secondary loopback addresses to traffic engineering database as prefixes (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—We've made changes to export multiple loopback addresses to the lsdist.0 and lsdist.1 routing tables as prefixes. This eliminates the issue of advertising secondary loopback addresses as router IDs instead of prefixes. In earlier releases, we added multiple secondary loopback addresses in the traffic engineering database to the lsdist.0 and lsdist.1 routing tables as part of node characteristics and advertised them as the router ID.
Juniper Extension Toolkit (JET)
Set the trace log to only show error messages (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series)— You can set the verbosity of the trace log to only show error messages using the error option at the edit system services extension-service traceoptions level hierarchy.
What’s Changed in Release 19.2R2
Interfaces and Chassis
Support for creating Layer 2 logical interfaces independently (ACX Series, EX Series, MX Series, PTX Series, and QFX Series)—In Junos OS Releases 18.4R1, 18.4R2, 19.1R1, 19.1R2, 19.2R2, and later, EX Series switches support creating Layer 2 logical interfaces independent of the Layer 2 routing-instance type. That is, you can configure and commit the Layer 2 logical interfaces separately and add the interfaces to the bridge domain or Ethernet VPN (EVPN) routing instance separately. Note that the Layer 2 logical interfaces work fine only when they are added to the bridge domain or EVPN routing instance.
In earlier Junos OS releases, when you use a Layer 2 logical interface configuration (units with encapsulation vlan-bridge configuration), then you must add the logical interface as part of a bridge domain or EVPN routing instance for the commit to succeed.
Logical Interface is created along with physical Interface by default (EX Series, MX Series, and QFX Series)—In Junos OS Release 19.2R2 and later, logical interface is created on ge, et, xe interfaces along with the physical interface, by default. In earlier Junos OS Releases, by default, only physical interfaces are created.
For example, for ge interfaces, earlier when you view the show interfaces command, by default, only the physical interface (ge-0/0/0), is displayed. Now, the logical interface (ge-0/0/0.16386) is also displayed.
Layer 2 Feature
input-native-vlan-push (EX2300, EX3400, EX4600, EX4650, and the QFX5000 line of switches)—In Junos OS Release 19.2R2, we have introduced the configuration statement input-native-vlan-push at the [edit interfaces interface-name] hierarchy level. You can use this statement in a Q-in-Q tunneling configuration to enable or disable whether the switch inserts a native VLAN identifier in untagged frames received on the C-VLAN interface, when the configuration statement input-vlan-map with a push operation is configured.
[See input-native-vlan-push.]
Multicast
Multicast Layer 2 transit traffic statistics by multicast source and group (EX4600, EX4650, and the QFX5000 line of switches)—Starting in Junos OS Release 19.2R2, EX4600, EX4650, and the QFX5000 line of switches provide statistics on the packet count for each multicast group and source when passing multicast transit traffic at Layer 2 with IGMP snooping. Run the show multicast snooping route extensive CLI command to see this count in the Statistics: … n packets output field. The other statistics in that output field, kBps and pps, are not available (values displayed there are not valid statistics for multicast traffic at Layer 2). In earlier Junos OS releases, all three values in the Statistics output field for kBps, pps, and packets do not provide valid statistics for multicast traffic at Layer 2.
Routing Protocols
XML RPC equivalent included for the show bgp output-scheduler | display xml rpc CLI command (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 19.2R2, we have included an XML RPC equivalent for the show bgp output-scheduler | display xml rpc CLI command. In Junos OS releases before Release 19.2R2, the show bgp output-scheduler | display xml rpc CLI command does not have an XML RPC equivalent.
[See show bgp output-scheduler.]
What’s Changed in Release 19.2R1
Interfaces and Chassis
Deprecation of the [edit fabric protocols bgp] hierarchy level (EX Series)—Starting in Junos OS Release 19.2R1, the [edit fabric protocols bgp] hierarchy level is deprecated.
Network Management and Monitoring
The show system schema command and
<get-yang-schema>RPC require specifying an output directory (EX Series)—Starting in Junos OS Release 19.2R1, when you issue the show system schema operational mode command in the CLI or execute the<get-yang-schema>RPC in a remote session to retrieve schema files, you must specify the directory in which to generate the output files by including the output-directory command option in the CLI or the<output-directory>element in the RPC. In earlier releases, you can omit the output-directory argument when requesting a single module to display the module in standard output.Custom YANG RPC support for input parameters of type empty (EX Series)—Starting in Junos OS Release 19.2R1, custom YANG RPCs support input parameters of type
emptywhen executing the RPC’s command in the Junos OS CLI, and the value passed to the action script is the parameter name. In earlier releases, input parameters of typeemptyare only supported when executing the RPC in a NETCONF or Junos XML protocol session, and the value passed to the action script is the string'none'.[See Creating Action Scripts for YANG RPCs on Devices Running Junos OS.]
VLAN Infrastructure
Specifying a descending VLAN ID range (EX9200 switches)—In Junos OS releases prior to Junos OS Release 19.2R1, the system accepts a descending range—for example, 102-100, with the vlan-id-range configuration statement in the [edit interfaces interface-name unit logical-unit-number] hierarchy.
Starting with Junos OS Release 19.2R1, the system considers a descending range specified with vlan-id-range to be invalid and raises an error if you try to commit this configuration.
Known Limitations
Learn about known limitations in this release for EX Series.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
EVPN
Commit blocks for VLAN-ID none with EVPN routing-instance and without routing-instance. PR1287557
Platform and Infrastructure
On the EX4300 device, multicast traffic statistics do not get tracked for active s,g route streams even after all the 512 routes get timed out and programmed filter entries are cleared. PR1419926
With 288000 MAC scale, the Routing Engine command output shows the learned scale entries after a delay of around 60 seconds. PR1367538
Unable to ping peer IP over MACsec with AES-256 cipher suite. PR1416499
Memory spike or leakage is seen after the image upgrades to Junos OS Release 19.2R1.8 in a mixed mode Virtual Chassis. PR1464062
The following error message might appear: Failed to complete DFE tuning. This error message has no functional impact and can be ignored. PR1473280
Open Issues
Learn about the open issues in hardware and software in Junos OS Release 19.2R3 for EX Series.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
Authentication and Access Control
The lldpd process might crash when the LLDP neighbor expires. PR1408707
After reboot, the SSL certificates are not present. PR1431086
Infrastructure
Some PIM groups are not able to send out native multicast traffic. PR1209585
On the EX3400 and EX2300 devices during ZTP with configuration and image upgrade with FTP as file transfer, image upgrade is successful but sometimes VM generates core files. PR1377721
Switch encapsulate protocol PDUs even if it is not configured for the Layer 2 PT tunneling. PR1395638
The dot1x authentication might fail to be authenticated. PR1408717
Error messages are seen at
(pkt tx) ifd get failed 700 ,(brcm_port_learning_config:1375) Setting L2 learning unit:0, port_num:68,learn_flg 5, Disabling DHCP trapping on xe-0/0/40 dev:0, port:68 & routing_chip_output_packet:8001 (pkt tx) ifd get failed 700. PR1422402The FPC crashes with pfem generating core file might be seen if large-scale number of firewall filters are configured. PR1434927
The following error message is observed: IFDE: Null uint32 set vector, ifd and IFFPC: 'IFD Ether uint32 set' (opcode 151) failed continuously in AD with base configurations. PR1485038
Interfaces and Chassis
The GRES and VSTP ports cost on the aggregated Ethernet interfaces might get changed, leading to topology change. PR1174213
Traffic convergence is greater than 12 seconds for events like node reboot, ICCP and ICL flaps. PR1371493
Junos Fusion for Enterprise
On the Junos fusion environment system, intermediate traffic drop is seen between AD and SD when sFlow is enabled on the ingress interface. PR1450373
Layer 2 Features
GARPs are being sent from the switch once in every 10 minutes. PR1192520
Network Management and Monitoring
The Packet Forwarding Engine process might crash in scenarios where there are large log messages. PR1233050
Platform and Infrastructure
On the EX2300 and EX3400 devices, the upgrade might fail because of the shortage of space. PR1464808
When 3000 ARPs are pushed to the EX Series switch with DAI enabled, the ARP inspection fails for valid hosts. PR1165757
On the EX2300 device, the last reboot reason might display wrong values. PR1331264
On the EX4650 device, the filter action to change VLAN does not work. PR1362609
The EX4300 device might not update the dhcp-security binding upon renewal when the loopback filter and DHCP-security configuration are used together. PR1376454
In the EX9208 device, a few xe interfaces go down with the following error message: f_msg_ifd_cmd_tlv_decode ifd xe-0/0/0 #190 down with ASIC Error. PR1377840
MACsec session might fail to reestablish after the interface flaps. PR1378710
DCPFE does not come up in some instances of abrupt power-off or power-on. PR1393554
The following error message is observed after multiple triggers: JTASK_IO_CONNECT_FAILED. PR1408995
Traffic loss of approximately 26-32 seconds is observed after restarting the routing daemon on the EX9200 device with the MC-LAG configurations. PR1409773
uRPF in strict mode does not work. PR1417546
Committing the configurations that involve the interface-range defined over wild-card range such as ge-*/*/* are not supported. PR1421446
IGMP transit query packets might not be flooded on VLAN. PR1427542
On the EX9214 device, the following error message are observed after reboot and MACsec-enabled link flaps: errorlib_set_error_log(): err_id(-1718026239). PR1448368
In some cases, if we have an OSPF session on the IRB over LAG interface with 40-Gigabit Ethernet port as member, the session gets stuck in restart. PR1498903
On the EX4600 device with VXLAN enabled, the ARP request might get dropped if the storm control is configured. PR1515254
Routing Protocols
Packet loss is observed for the stream bLock:irb_lacp_tr_ospf while verifying traffic from access to core network for IPv4. PR1520059
Resolved Issues
This section lists the issues fixed in the Junos OS main release and the maintenance releases.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
Resolved Issues: 19.2R3
Authentication and Access Control
On the EX4600 and EX4300 switches, MAC entry is not present in the Ethernet-Switching table for the MAC-RADIUS client in a server fail scenario when tagged traffic is sent for two clients. PR1462479
On the EX2300-48MP switch, client does not receive the captive-portal success page by downloading the ACL parameter, because the authentication failed. PR1504818
The DOT1XD_AUTH_SESSION_DELETED event is not triggered with a single supplicant mode. PR1512724
EVPN
The ESI of IRB interfaces does not update after autonomous-system number change if the interface is down. PR1482790
The l2ald memory leakage might be observed in any EVPN scenario. PR1498023
The VXLAN function might be broken due to a timing issue. PR1502357
Infrastructure
On the EX2300 and EX3400 switches, kernel might generate core file when deactivating daemon. PR1483644
Junos Fusion Satellite Software
On the EX4300 in Junos fusion scenario, temperature sensor alarm is observed. PR1466324
Layer 2 Ethernet Services
Issues with DHCPv6 Relay processing confirm and reply packets are observed. PR1496220
MPLS
BGP session might keep flapping between two directly connected BGP peers because of the use of wrong TCP MSS (maximum segment size). PR1493431
Platform and Infrastructure
MAC learning under bridge-domain stops after MC-LAG interface flaps. PR1488251
Packets get dropped when next hop is IRB over lt interface. PR1494594
On the EX4300 switches, the NSSU upgrade might fail due to storage issue on the
/var/tmpdirectory. PR1494963IPv6 neighbor solicitation packets might be dropped in a transit device. PR1493212
On the EX4300 device, traffic loss might be seen with framing errors or runts if MACsec is configured. PR1502726
On the EX9200 device, IRB over VTEP unicast traffic might get dropped. PR1436924
On the EX4300, EX3400, and EX2300 Virtual Chassis with NSB and xSTP enabled, continuous traffic loss might be observed while performing GRES. PR1500783
On the EX4600 device, traffic loss might be seen with framing errors or runts if MACsec is configured. PR1469663
On the EX4600 device, DSCP marking might not work as expected if the fixed classifiers are applied to interfaces. PR1472771
ERP might not come up properly when MSTP and ERP are enabled on the same interface. PR1473610
MPCs might stop when there is bulk route update failure in a corner case. PR1478392
DHCP binding might fail when the PVLAN is configured with a firewall to block or allow certain IPv4 packets. PR1490689
On the EX4650 switch, traffic loss might be seen under MC-LAG scenario. PR1494507
Outbound SSH connection flaps or leaks memory during push configuration to ephemeral database with high rate. PR1497575
Traffic might get dropped if the aggregated Ethernet member interface is deleted or added, or a SFP of the aggregated Ethernet member interface is unplugged or plugged. PR1497993
LLDP is not acquired when native-vlan-id and tagged VLAN-ID are the same on a port. PR1504354
Routing Protocols
The BGP route-target family might prevent RR from reflecting Layer 2 VPN and Layer 3 VPN routes. PR1492743
Resolved Issues: 19.2R2
Class of Service (CoS)
Shaping does not work after the reboot if shaping-rate is configured. PR1432078
The traffic is placed in network-control queue on an extended port even if it comes in with a different DSCP marking. PR1433252
EVPN
EVPN or MPLS IRB logical interfaces might not come up when local Layer 2 interfaces are down. PR1436207
Configuring ESI on a single-homed 25-Gigabit Ethernet port might not work. PR1438227
An ARP request or a Neighbor Solicitation message might be sent back to the local segment by the designated forwarder (DF) router. PR1459830
The rpd might crash after the EVPN-related configuration is changed. PR1467309
Forwarding and Sampling
Enable interface with input/output vlan-maps to be added to a routing instance configured with a VLAN ID or VLAN tags (instance type virtual-switch/vpls). PR1433542
The l2ald process might experience memory leak on devices running Junos OS. PR1455034
Type 1 ESI/AD route might not be generated locally on EVPN PE devices in all-active mode. PR1464778
General Routing
Transit OSPF traffic over Q-in-Q tunneling might be dropped if a firewall filter is applied to loopback interface. PR1355111
The l2ald process might crash and generate a core file on EX Virtual Chassis when converting a trunk port to dot1x access port with tagged traffic flowing. PR1362587
The interface on a failed member FPC of EX2300 and EX3400 Virtual Chassis might stay up for 120 seconds. PR1422507
IPv6 multicast traffic received on one Virtual Chassis member might be dropped when exiting through another Virtual Chassis member if MLD snooping is enabled. PR1423310
The MAC address pool might overlap between different switches. PR1425123
Virtual Chassis split is seen after the network topology is changed. PR1427075
The fxpc or the Packet Forwarding Engine process might crash on EX2300 and EX3400 switches. PR1427391
Rebooting or halting a Virtual Chassis member might cause traffic on the RTG link to be down for about 30 seconds. PR1427500
The l2ald process crashes after the dot1x configuration is deleted when dot1x and private VLAN (PVLAN) are enabled simultaneously on EX Series and QFX Series switches. PR1428469
A client might fail to get an IP address from the DHCPv6 server. PR1428769
The delay in transmission of BPDUs after GRES might result in loss of traffic on EX2300 and EX3400 Virtual Chassis. PR1428935
The EX4300-48MP switch cannot learn MAC addresses through some access ports that are directly connected to a host when auto negotiation is used. PR1430109
Disabling DAC QSFP ports might not work on MX204, MX10003, or EX9251. PR1430921
Erroneous log messages and chassis environment output related to fan tray in EX4300MP-EX4300-48P Virtual Chassis. PR1431263
The l2cpd process might crash and generate a core file when interfaces are flapping. PR1431355
Packet drop might be seen if native VLAN is configured along with flexible VLAN tagging. PR1434646
Micro BFD-session might flap upon inserting a QSFP transceiver into another port. PR1435221
Traffic drop might be seen after MACsec session key rollover between primary and fallback for more than ten times. PR1435277
The multichassis aggregated Ethernet (mc-ae) interface might get stuck in the Waiting state in a dual mc-ae scenario. PR1435874
i40e NVM upgrade support for EX9200 platform. PR1436223
The Gigabit Ethernet or multigigabit Ethernet SFP-T interface might not come up on EX2300, EX3400, and EX4300 switches. PR1438078
Commit check error for VSTP on EX9200 switches: xSTP:Trying to configure too many interfaces for given protocol.PR1438195
LED turns on even after the Virtual Chassis members are powered off. PR1438252
The DHCP Snooping table might be cleared for VLAN ID 1 after adding a new VLAN ID to it. PR1438351
The rpd might crash during the booting process in certain conditions. PR1438597
The dot1x configuration might not work when captive port is also configured on the interface on a backup or non-master FPC. PR1439200
LACP state might get stuck in Attached state after disabling peer active members. PR1439268
On EX9200 DHCPv6 relay scenario, when DHCPv6 snooping and Neighbor Discovery Inspection (NDI) are enabled simultaneously on an IRB interface, the DHCPv6 relay binding does not come up. PR1439844
The EX4600 and QFX5100 Virtual Chassis might not come up after you replace the Virtual Chassis port fiber connection with a DAC cable. PR1440062
CPU might hang or an interface might be stuck down on a particular 1-Gigabit Ethernet port on MX Series, EX Series, and PTX Series devices. PR1440526
MAC addresses learned on an RTG might not be aged out after a Virtual Chassis member is rebooted. PR1440574
Clients in isolated VLANs might not get IP addresses after completing authentication when both dhcp-security and dot1x are configured. PR1442078
EX3400 fan alarm (Fan X not spinning) appears and disappears repeatedly after the fantray (Absent) is removed. PR1442134
The rpd might crash when BGP sends a notification message. PR1442786
DHCPv6 client might fail to get an IP address. PR1442867
The port role might be incorrect in STP after the STP configuration is changed. PR1443489
The /var/host/motd does not exist message is flooded every 5 seconds in chassisd logs. PR1444903
On EX4300-MP, the following log message is generated continuously: rpd[6550]: task_connect: task AGENTD I/O.128.0.0.1+9500 addr 128.0.0.1+9500: Connection refused. PR1445618
Major alarm log messages are seen for temperature conditions at 56 degrees Celsius. PR1446363
The traffic might be dropped when a firewall filter rule uses then vlan as the action in a Virtual Chassis scenario. PR1446844
Phone home on EX Series devices because sysctl cannot read the device serial number. PR1447291
EX3400 Virtual Chassis might go into hang state when a disk error occurs on EX3400. PR1447853
Unicast ARP requests are not replied to with the no-arp-trap option. PR1448071
On EX3400, IPv6 routes received through BGP do not show the correct age time. PR1449305
Except one aggregated Ethernet member link, the other links do not send out sFlow sample packets for ingress traffic. PR1449568
Tunneling encapsulated packets are dropped on the Layer 3 VPN MPLS PE-CE interface. PR1451032
DHCP snooping static binding does not take effect after deleting and re-adding the entries. PR1451688
The MAC pause frames will be incrementing in the Receive direction if half-duplex mode on 10-Mbps or 100-Mbpa speed is configured. PR1452209
The l2ald and eventd processes are hogging 100 percent CPU after the clear ethernet-switching table command is issued. PR1452738
Configuration change in VLAN all option might affect the per-VLAN configuration. PR1453505
Version compare in PHC might fail, making the PHC to download the same image. PR1453535
You might not be able to apply a firewall filter in a particular VC/VCF member as TCAM space runs out. PR1455177
Packet drop might be seen after removing and reinserting the SFP transceiver of the 40-Gigabit uplink module ports. PR1456039
Link-up delay and traffic drop might be seen on mixed SP Layer 2 or Layer 3 and EP Layer 2 type configurations. PR1456336
The syslog message timeout connecting to peer database-replication is generated when the show version detail command is issued. PR1457284
Overtemperature SNMP trap messages are displayed after the software upgrade and update even though the temperatures are within the system thresholds. PR1457456
The correct VoIP VLAN information in LLDP-MED packets might not be sent after commit if dynamic VoIP VLAN assignment is used. PR1458559
The fxpc process might crash due to several BGP IPv6 session flaps. PR1459759
Storage space limitation leads to image installation failure when phone home is used on EX2300 and EX3400 platforms. PR1460087
MAC addresses learned on an RTG might not be aged out after aging time. PR1461293
RTG link faces nearly 20 seconds downtime when the backup node is rebooting. PR1461554
Configuring any combination of VLANs and interfaces under VSTP/MSTP might cause VSTP/MSTP-related configurations that cannot be committed. PR1463251
The Virtual Chassis function might be broken after upgrading on EX2300 and EX3400 switches. PR1463635
On EX Series switches with ELS and on QFX Series switches, some command lines to disable MAC learning are not working. PR1464797
The jdhcpd might consume high CPU and no further subscribers can be brought up if more than 4000 DHCP-relay clients in the MAC-MOVE scenario. PR1465277
The fxpc might crash after mastership election on EX2300 and EX3400 switches. PR1465526
The broadcast and multicast traffic might be dropped over IRB or LAG interfaces in QFX Series and EX Series Virtual Chassis scenario. PR1466423
The MAC move message might have an incorrect from interface when rapid MAC moves occurs. PR1467459
In EX3400 FPCs get disconnected from Virtual Chassis briefly after the image upgrades or reboots. PR1467707
Optics measurements might not be streamed for interfaces of a PIC over JTI. PR1468435
FPC might be down when configuring vxlan-routing. PR1468736
On the EX3400, traffic loss is observed between SFP-T connected interfaces because of auto negotiation failure. PR1469750
EX3400 is advertising only 100 Mbps when configured with 100-Mbps speed with auto negotiation enabled. PR1471931
The shaping of CoS does not work after reboot. PR1472223
The RIPv2 packets forwarded across a Layer 2 circuit connection might be dropped. PR1473685
The dhcpd process might crash in a Junos fusion environment. PR1478375
TFTP installation from loader prompt might not succeed on the EX Series switches. PR1480348
ARP request packets for unknown hosts might get dropped in the remote PE device in an EVPN-VXLAN scenario. PR1480776
On the EX2300 Series, the SNMP traps are not generated when MAC addresses when the limit is reached. PR1482709
Infrastructure
The operations on the console might not work if the system ports console log-out-on-disconnect configuration statement is configured. PR1433224
On the EX4300 Series, the CLI configuration on-disk-failure is not supported. PR1450093
Certain EX Series switches might panic and generate VM core files, leading to reboot. PR1456668
Error messages related to soft reset of ports due to queue buffers being stuck could be seen on EX4600 and EX4300 Virtual Chassis. PR1462106
Traffic drop is seen on an EX4300-48MP device that acts as a leaf node in a Layer 2 IP fabric EVPN-VXLAN environment. PR1463318
Continuous dcpfe error messages and eventd process hog might be seen in an EX2300 Virtual Chassis scenario. PR1474808
Interfaces and Chassis
On EX9200 devices, an unexpected duplicate VLAN-ID commit error might be seen. PR1430966
The VRRP IPv6 state might flap between init and idle states after VLAN tagging is configured. PR1445370
Traffic might be forwarded to wrong interfaces in an MC-LAG scenario. PR1465077
Executing commit might hang because of a stuck dcd process. PR1470622
J-Web
Some error messages might be seen when using J-Web. PR1446081
Junos Fusion for Enterprise
Reachability of the host connected to the satellite device might be affected in a Junos fusion for enterprise environment with EX9200 Series switches as aggregation devices. PR1447873
Loop detection might not work on extended ports in a Junos fusion scenario. PR1460209
Layer 2 Features
Ethernet ring protection switching (ERPS) nodes might not converge to the Idle state after failure recovery or reboot. PR1431262
Physical layer and MAC/ARP learning might not work for copper base SFP-T transceivers on QFX5100, QFX5110, and EX4600. PR1437577
The traffic leaving QFX5000 and EX4600 switches might not be properly load balanced over aggregated Ethernet interfaces. PR1448488
The LLDP function might fail when a Juniper Networks device connects to a non-Juniper device. PR1462171
An fxpc core file might be seen when committing the configuration all together. For example, after a reboot PR1467763
Traffic might be affected if composite next hop is enabled. PR1474142
Layer 2 Ethernet Services
The DHCP decline packets are not forwarded to the DHCP server when forward-only is set within DHCP reply. PR1429456
The jdhcpd_era log files constantly consume 121 MB of space out of 170 MB, resulting into a full file system traffic impact. PR1431201
DHCP request might get dropped in a DHCP relay scenario. PR1435039
In EX9200 switches, DHCP relay is stripping the GIADDR field in messages toward the DHCP clients. PR1443516
Platform and Infrastructure
LACP DDoS policer is incorrectly triggered by other protocol- traffic on all EX9200, T4000, and MX Series platforms. PR1409626
On the EX4300-48MP running Junos OS Release 18.3R1.9, overtemperature SNMP trap is generated wrongly for line card (EX4300-48P) based on master Routing Engine (EX4300-48MP) temperature threshold value. PR1419300
On the EX4300, the runt counter never increments. PR1419724
SNMP (ifHighSpeed) value does not appear properly only for VCP interfaces; , it appears as zero. PR1425167
Packet drops, replication failure, or ksyncd crashes might be seen on the logical system of a device running Junos OS after Routing Engine switchover. PR1427842
IPv6 traffic might be dropped when static /64 IPv6 routes are configured. PR1427866
EX4300 does not drop FCS frames with CRC error on xe- interfaces. PR1429865
Unicast ARP requests are not replied with the no-arp-trap option. PR1429964
EX4300 without soft error recovery (parity check, correction and memscan) enabled. PR1430079
The device might not be accessible after the upgrade. PR1435173
An FPC/pfex crash might be observed due to DMA buffer leaking. PR1436642
The
/var/db/scriptsdirectory might be deleted after the request system zeroize command is executed. PR1436773The laser TX might be enabled while the interface is disabled PR1445626
The PoE might not work after the PoE firmware on EX4300 switches is upgraded. PR1446915
The firewall filters might not be created due to TCAM issues. PR1447012
NSSU causes a traffic loss after the backup-to-master transitions. PR1448607
The Errors on certain MPCs are classified as major, which should be minor or non-fatal. PR1449427
The REST API process becomes nonresponsive when a number of requests come at a high rate. PR1449987
The IRB traffic might drop after a mastership switchover. PR1453025
The traffic for some VLANs might not be forwarded when vlan-id-list is configured. PR1456879
The OSPF neighbor might go down when mDNS or PTP traffic is received at a rate higher than 1400 pps. PR1459210
ERP might not revert to the Idle state after reload or reboot of multiple switches. PR1461434
Traffic loss might be observed longer than 20 seconds when performing NSSU on EX4300 Virtual Chassis. PR1461983
IGMP reports are dropped with mixed enterprise/SP configuration styles on EX4300 switches. PR1466075
The switch might not be able to learn MAC addresses with dot1x and interface-mac-limit configured. PR1470424
On an EX4300, the input firewall filter attached to isolated or community VLANs is not matching dot1p bits on the VLAN header. PR1478240
The Virtual Chassis VRRP peer drops packets to VRRP VIP after IRB is disabled. PR1491348
Routing Protocols
Host-destined packets with the filter log action might not reach the Routing Engine if log/syslog is enabled. PR1379718
BGP IPv4 or IPv6 convergence and RIB might delete and then install the time degraded in Junos OS Releases 19.1R1, 19.2R1, 19.3R1, and 19.4R1. PR1414121
The traffic with destination UDP port 520 (RIP) or 521 (RIPng) gets dropped on the QFX5000 and EX4600 switches. PR1429543
The fxpc core file might be seen during the reboot of QFX5100 and EX4600 devices. PR1432023
The RPD_DYN_CFG_GET_PROF_NAME_FAILED: Get profile name for session XXX failed: -7 error message might be seen in syslog after restarting the routing process. PR1439514
The bandwidth value of DDoS protection might cause packet loss after a device reboot. PR1440847
Traffic might be dropped after the Q-in-Q-enabled interface is flapped or a change is made to the vlan-id-list configuration. PR1441402
IPv6 connectivity between MC-LAG peers might fail when multiple IRB interfaces are present. PR1443507
Junos OS BFD sessions with authentication flap after a certain time. PR1448649
Loopback address exported into other VRF instances might not work on ACX Series, EX Series, and QFX Series. PR1449410
MPLS LDP might still use the stale MAC address of the neighbor even the LDP neighbor's MAC address changes. PR1451217
The other querier present interval timer cannot be changed in the IGMP/MLD snooping scenario. PR1461590
The MUX state in an LACP interface does not go to collecting and distributing and remains attached after enabling the aggregated Ethernet interface. PR1484523
The routing protocol process (rpd) crashes while processing a specific BGP update information. PR1448425
Receipt of certain genuine BGP packets from any BGP speaker causes rpd to crash. PR1497721
User Interface and Configuration
The switch might be unable to commit baseline configuration after zeroization. PR1426341
Problem with access to J-Web after update from Junos OS Release 18.2R2 to Junos OS Relesae 18.2R3. PR1454150
The umount: unmount of /.mount/var/val/chroot/packages/mnt/jweb-ex32-d2cf6f6b failed: Device busy message is seen when Junos OS is upgraded with the validate option. PR1478291
Virtual Chassis
The current MAC address might change when one of the multiple Layer 3 interfaces is being deleted. PR1449206
VPNs
MVPN using PIM dense mode does not prune the OIF when PIM prune is received. PR1425876
Resolved Issues: 19.2R1
Authentication and Access Control
Without configuring anything related to dot1x, the syslog dot1xd[2192]: task_connect: task PNACAUTH./var/run/authd_control addr /var/run/authd_control: Connection refused is generated repeatedly. PR1406965
EVPN
The device might proxy the ARP probe packets in an EVPN environment. PR1427109
ESI is configured on a single-homed 25G port might not work. PR1438227
General Routing
On EX4650 switches, convergence delay between PE1 and P router link is more than the expected delay value. PR1364244
OAM Ethernet connectivity-fault-management configured on aggregated Ethernet interfaces is not supported and no commit error is seen. PR1367588
IPv6 router advertisement (RA) messages potentially increase internal kernel memory usage. PR1369638
RIPv2 update packets might not be sent with IGMP snooping enabled. PR1375332
Input rate PPS does not increase on EX2300-MP uplink ports when the packet is a pure L2 packet like non-etherII or non-EtherSnap. PR1389908
EX3400VC - When an interface in a Virtual Chassis member switch that is not master, is flapped, IGMP query packets 224.0.0.1 are sent to all the ports of the members except the master FPC. PR1393405
PTP over Ethernet traffic might be dropped when IGMP and PTP TC are configured together. PR1395186
EX3400 might not learn 30,000 MAC addresses while sending MAC learning traffic. PR1399575
MAC-limit with persistent MAC is not working after reboot. PR1400507
After upgrading to Junos OS Release 18.1R3.3, adt7470_set_pwm output message is observed continuously. PR1401709
The DHCP discover packets are forwarded out of an interface incorrectly when DHCP snooping is configured on that interface. PR1403528
On EX4300-48MP devices, the packets drop when the traffic filter and the routing instance are configured. PR1407424
The l2cpd might crash if the vstp traceoptions and vstp vlan all commands are configured. PR1407469
MAC address movement might not happen in flexible Ethernet services mode when family inet/inet6 and vlan-bridge are configured on the same physical interface. PR1408230
EX3400 PSU status is still taking "check" status even though PSU module has been removed. PR1408675
On EX2300-24P switches, error message dc-pfe: BRCM_NH-,brcm_nh_resolve_get_nexthop(),346:Failed to find if family is seen. PR1410717
On EX Series devices, the PEM alarm for backup FPC remains on master FPC though the backup FPC is detached from Virtual Chassis. PR1412429
On EX4300-48MP devices, the chassis status LED shows yellow instead of amber. PR1413194
The chassisd output power budget is received continually per 5 seconds without any alarm after an upgrade to Junos OS Release 18.1R3. PR1414267
VXLAN encapsulation next hop (VENH) does not get installed during BGP flap or when routing is restarted. PR1415450
On EX3400 switches, the show chassis environment repeats OK and Failed at short intervals. PR1417839
The EX3400 VC status might be unstable during the boot-up of the Virtual Chassis or after the Virtual Chassis port flaps. PR1418490
Virtual Chassis might become unstable and FXPC crashes and generates a core file when there are a lot of configured filter entries. PR1422132
On EX3400 auto-negotiation status shows incomplete on ge-0/2/0 using SFP-SX. PR1423469
On EX4600 line of switches, MACsec might not connect when the interface disconnects while traffic is passing. PR1423597
I2C read errors are seen when an SFP-T is inserted into a disabled state port configured with set interface <*> disable command. PR1423858
Incorrect model information while polling through SNMP from Virtual Chassis. PR1431135
Infrastructure
IfSpeed and IfHighSpeed erroneously reported as zero on EX2300. PR1326902
Packet Forwarding Engine is flooded with messages // pkt rx on physical interface NULL unit 0. PR1381151
Interfaces and Chassis
Missing mandatory ICCP configuration statement redundancy-group-id-list produces misleading error message. PR1402606
EVPN aggregated Ethernet interface flaps followed by a commit. PR1425339
Junos Fusion for Enterprise
PoE over LLDP negotiation is not supported on Junos fusion for enterprise setup. PR1366106
New satellite device cannot be added to the Fusion scenario. PR1374982
Cascade port might go down after SD reboot in Junos fusion for enterprise environment. PR1382091
Cannot log in to SD cluster though it is recognized by AD properly. PR1395570
The l2ald might crash when clear ethernet-switching table persistent-learning command is issued. PR1409403
Extended ports in Junos fusion for enterprise do not adjust MTU when VoIP is enabled. PR1411179
The traffic might silently drop and get discarded in Junos fusion for enterprise scenario with dual-AD. PR1417139
Layer 2 Ethernet Services
The malfunction of core isolation feature in EVPN VXLAN scenarios might cause traffic to get silently dropped and discarded. PR1417729
Network Management and Monitoring
Over temperature trap is not sent out even when there is a temperature-hot-alarm. PR1412161
Platform and Infrastructure
Ping does not go through the device after WTR timer expires in Ethernet ring protection switching (ERPS) scenario. PR1132770
EX4300 upgrade fails during validation of SLAX script. PR1376750
Unicast DHCP request gets misforwarded to backup RTG link on EX4300 Virtual Chassis. PR1388211
EX4300 OAM LFM might not work on extended-vlan-bridge interface with native vlan configured. PR1399864
Traffic drop is seen on EX4300 when 10-Gigabit fiber port is using 1-Gigabit Ethernet SFP optics with auto-negotiation enabled. PR1405168
On EX4300, when power supply (PEM) is removed, alarm is not generated. PR1405262
The policer might not work when it is applied through the dynamic filter. PR1410973
The traffic to the NLB server might not be forwarded if the NLB cluster works on multicast mode. PR1411549
EX4300 QinQ - untagged UNI traffic egress as single-tagged on NNI interface. PR1413700
Runt counter never incremented. PR1419724
EX4300 does not send fragmentation needed message when MTU is exceeded with DF bit set. PR1419893
The pfex process might crash and core files might be generated when SFP is reinserted. PR1421257
Traffic might get silently dropped when one of logical interfaces on LAG is deactivated or deleted. PR1422920
Auditd crashes when accounting RADIUS server is not reachable. PR1424030
The native VLAN ID of packets might fail when leaving out. PR1424174
Interface flapping scenario might lead to ECMP next-hop install failure on EX4300 switches. PR1426760
VIP might not forward the traffic if VRRP is configured on an aggregated Ethernet interface. PR1428124
EX4300 does not drop FCS frames on XE interfaces. PR1429865
The ERPS failover does not work as expected on EX4300 device. PR1432397
Routing Protocols
Host-destined packets with filter log action might reach the Routing Engine. PR1379718
The rpd crashes on static route configuration for multicast source. PR1408443
Host-generated ICMPv6 RA packets might be dropped on the backup member of Virtual Chassis if igmp-snooping is configured. PR1413543
The EX Series switches might not install all IRB MAC addresses in the initialization. PR1416025
After restarting multicast-snooping process, igmp-snooping might not work. PR1420921
Software Installation and Upgrade
Configuration loss and traffic loss might be seen if backup Routing Engine is zeroized and is then switched over to master within a short time. PR1389268
Subscriber Access Management
authd reuses address quickly before jdhcpd completely cleans up the old subscriber that gives the following error log DH_SVC_DUPLICATE_IPADDR_ERR: Failed to add x.x.x.x as it is already used by xxx. PR1402653
On EX4300
/varshowing full/var/log/dfcd_encfile grows in size. PR1425000
Documentation Updates
This section lists the errata and changes in Junos OS Release 19.2R3 for the EX Series switches documentation.
Installation and Upgrade
Veriexec explained (EX Series)—Verified Exec (also known as veriexec) is a file-signing and verification scheme that protects the Junos operating system (OS) against unauthorized software and activity that might compromise the integrity of your device. Originally developed for the NetBSD OS, veriexec was adapted for Junos OS and enabled by default from Junos OS Release 7.5 onward.
[See Veriexec Overview.]
Migration, Upgrade, and Downgrade Instructions
This section contains the upgrade and downgrade support policy for Junos OS for the EX Series. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network. For information about software installation and upgrade, see the Installation and Upgrade Guide.
Upgrade and Downgrade Support Policy for Junos OS Releases
Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.
You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1, 17.2, and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.
You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.
For more information about EEOL releases and to review a list of EEOL releases, see https://support.juniper.net/support/eol/software/junos/.