Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for EX Series Switches


These release notes accompany Junos OS Release 19.3R3 for the EX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at

What's New

Learn about new features introduced in the Junos OS main and maintenance releases for EX Series switches.


The following EX Series switches are supported in Release 19.3R3: EX2300, EX2300-C, EX3400, EX4300, EX4600-40F, EX4650, EX9200, EX9204, EX9208, EX9214, EX9251, and EX9253.

What's New in 19.3R3

There are no new features or enhancements to existing features for EX Series switches in Junos OS Release 19.3R3.

What's New in 19.3R2

There are no new features or enhancements to existing features for EX Series switches in Junos OS Release 19.3R2.

What's New in 19.3R1


  • Support for two 100-Gigabit Ethernet QSFP28 transceivers on the 2-port QSFP+/QSFP28 uplink module (EX4300-48MP and EX4300-48MP-S switches)—Starting in Junos OS Release 19.3R1, you can install two 100-Gigabit Ethernet QSFP28 transceivers in the 2-port QSFP+/QSFP28 uplink module (model number: EX-UM-2QSFP-MR) for EX4300-48MP and EX4300-48MP-S switches. You can install two QSFP+ transceivers, two QSFP28 transceivers, or a combination of one QSFP+ transceiver and one QSFP28 transceiver in the uplink module.

    If you configure both the ports on the uplink module to operate at 100-Gbps speed, the four QSFP+ ports on the switch are disabled.

    [See EX4300 Switch Hardware Guide.]

Authentication, Authorization and Accounting (AAA) (RADIUS)

  • 802.1X trunk port and multidomain authentication (EX4300-48MP switches)—Starting with Junos OS Release 19.3R1, 802.1X trunk port and multidomain authentication is supported on EX4300-MP switches. Authentication on the trunk port supports only single supplicant and single-secure supplicant modes.

    Multidomain authentication is an extension of 802.1X authentication for multiple supplicants, which authenticates multiple clients individually on one authenticator port. Multidomain authentication allows one VoIP client and multiple data clients to authenticate to different VLANs while on the same port. The VoIP client is authenticated to the voice VLAN while the data clients are authenticated to the data VLAN.

    [See Understanding 802.1X and VoIP on EX Series Switches.]


  • Support for DHCP relay in an EVPN-MPLS network (EX9200 switches, MX Series, and vMX)—Starting in Junos OS Release 19.3R1, EX9200 switches, MX Series routers, and vMX virtual routers support DHCPv4 and DHCPv6 relay in an EVPN-MPLS network. We support this feature in a data center architecture that includes a layer of spine devices that perform EVPN Layer 2 and Layer 3 functions. These devices are connected to a layer of leaf devices that perform EVPN Layer 2 functions. In this architecture, DHCP clients are connected to leaf devices, and DHCP servers are connected to spine devices. The DHCP relay functions are centralized at the spine layer. As a result, this architecture is known as the centrally routed bridging architecture.

    [See DHCP Relay Agent in EVPN-MPLS Network.]

  • IGMP snooping support for EVPN-VXLAN (EX9200 switches, MX Series, vMX)—Starting in Junos OS Release 19.3R1, you can configure IGMP snooping on EX9200 switches, MX Series routers, and vMX virtual routers in an EVPN-VXLAN network. Enabling IGMP snooping helps to constrain multicast traffic to interested receivers in a broadcast domain.

    The listed devices support these IGMP snooping use cases in a centrally routed bridging overlay (an EVPN-VXLAN network with a two-layer IP fabric):

    • Forwarding multicast traffic within a VLAN (intra-VLAN)

    • Routing multicast traffic between VLANs (inter-VLAN) using one of the following methods:

      • IRB interfaces configured with Physical Interface Module (PIM) on an elected designated router (DR) device

      • A PIM gateway with Layer 2 or Layer 3 connectivity

      • An external multicast router

    The listed devices support these IGMP versions and membership report modes:

    • IGMPv2 with Any-Source Multicast (ASM) (*,G) mode only.

    • IGMPv3 in either of the following modes:

      • ASM (*,G)—the default behavior.

      • Single-Source Multicast (SSM) (S,G)—you must explicitly configure by including the evpn-ssm-reports-only configuration statement at the [edit protocols igmp-snooping] hierarchy level.

    [See Overview of IGMP Snooping in an EVPN-VXLAN Environment.]

Forwarding and Sampling

  • Customizing hashing parameters and shared-buffer alpha values for better load balancing (EX4650 and QFX5120 switches)—These switches achieve load balancing through use of a hashing algorithm, which determines how to forward traffic over LAG bundles or to next-hop devices when ECMP is enabled. The hashing algorithm makes hashing decisions based on values in various packet fields. Starting with Junos OS Release 19.3R1, you can explicitly configure some hashing parameters to make hashing more efficient. The shared-buffer pool is a global memory space that all ports on the switch share dynamically as they need buffers. The switch uses the shared-buffer pool to absorb traffic bursts after the dedicated-buffer pool is exhausted. The shared-buffer pool threshold is dynamically calculated based on a factor called alpha. Also starting with Junos OS Release 19.3R1, you can specify the alpha, or dynamic threshold, value to determine the change threshold of shared buffer pools for both ingress and egress buffer partitions.

    To specify hashing parameters:

    user@switch# set forwarding-options enhanced-hash-key hash-parameters (ecmp | lag)

    To specify a threshold value for a particular queue:

    user@switch# set class-of-service shared-buffer (ingress|egress) buffer-partition buffer dynamic-threshold value

    [See hash-parameters and buffer-partition.]

Interfaces and Chassis

  • Power over Ethernet IEEE 802.3bt (EX4300-48MP switches)—The IEEE 802.3bt standard for Power over Ethernet (PoE) is supported on EX4300-48MP switches. The IEEE 802.3bt standard enables delivery of up to 90 W over all four pairs of wire in a standard RJ-45 Ethernet cable.

    [See Understanding PoE on EX Series Switches.]

Junos Telemetry Interface

  • JTI support extended for Junos kernel GRES and RTSOCK (EX9200, EX9251, EX9253, MX240, MX480, MX960, MX2010, MX2020, vMX, PTX1000, PTX10008, PTX10016, PTX3000 with RE-PTX-X8-64G, and PTX5000 with RE-PTX-X8-64G)—Starting in Junos OS Release 19.3R1, Junos telemetry interface (JTI) extends support for streaming Junos kernel graceful Routing Engine switchover (GRES) and routing socket (RTSOCK) information using remote procedure call (gRPC) services. Junos kernel sensors can be used by device monitoring and network analytics applications to provide insight into the health status of the Junos kernel.

    You can use the following base resource paths for exporting kernel GRES and routing socket information:

    • /junos/chassis/gres/

    • /junos/kernel/rtsock/

    [See Understanding OpenConfig and gRPC on Junos Telemetry Interface and Guidelines for gRPC Sensors (Junos Telemetry Interface).]

  • JTI support extended for Junos kernel LAG, NSR, and TCP (EX9200, EX9251, EX9253, MX240, MX480, MX960, MX2010, MX2020, vMX, PTX1000, PTX10008, PTX10016, PTX3000 with RE-PTX-X8-64G, PTX5000 with RE-PTX-X8-64G)—Starting in Junos OS Release 19.3R1, Junos Telemetry Interface (JTI) extends support for streaming Junos kernel Link Aggregation Group (LAG), nonstop Routing (NSR) Junos socket replication (JSR), and Transport Control Protocol (TCP) information using remote procedure call (gRPC) services. Device monitoring and network analytics applications can use Junos kernel sensors to provide insight into the health status of the Junos kernel.

    You can use the following base resource paths for exporting kernel LAG, NSR, and TCP information:

    • /junos/chassis/aggregated-devices/

    • /junos/routing-options/nonstop-routing/

    • /junos/kernel/tcpip/tcp/

    [See Understanding OpenConfig and gRPC on Junos Telemetry Interface and Guidelines for gRPC Sensors (Junos Telemetry Interface).]

  • JTI support extended for Junos kernel IPv4 and IPv6 (EX9200, EX9251, EX9253, MX240, MX480, MX960, MX2010, MX2020, vMX, PTX1000, PTX10008, PTX10016, PTX3000 with RE-PTX-X8-64G, and PTX5000 with RE-PTX-X8-64G)—Starting in Junos OS Release 19.3R1, Junos telemetry interface (JTI) extends support for streaming Junos kernel IPv4 and IPv6 information using remote procedure call (gRPC) services. Device monitoring and network analytics applications can use Junos kernel sensors to provide insight into the health status of the Junos kernel.

    You can use the following base resource paths for exporting kernel IPv4 and IPv6 information:

    • /junos/kernel/tcpip/arp/ — Address Resolution Protocol cache

    • /junos/kernel/tcpip/ndp/ — Neighbor Discovery Protocol cache

    • /junos/kernel/tcpip/netisr/ — NETISR network queues

    • /junos/kernel/tcpip/nhdix/ — Next-hop index space exhaustion

    • /junos/kernel/tcpip/rtb/ — Route tables

    [See Understanding OpenConfig and gRPC on Junos Telemetry Interface and Guidelines for gRPC Sensors (Junos Telemetry Interface).]

  • JTI support extended for Junos kernel IP multicast, tunnels, TNP, and VPLS (EX9200, EX9251, EX9253, MX240, MX480, MX960, MX2010, MX2020, vMX, PTX1000, PTX10008, PTX10016, PTX3000 with RE-PTX-X8-64G, PTX5000 with RE-PTX-X8-64G)—Starting in Junos OS Release 19.3R1, Junos telemetry interface (JTI) extends support for streaming Junos kernel IP multicast, tunnels, Trivial Network Protocol (TNP), and virtual private LAN service (VPLS) information using remote procedure call (gRPC) services. Device monitoring and network analytics applications can use Junos kernel sensors to provide insight into the health status of the Junos kernel.

    You can use the following base resource paths for exporting kernel IP multicast, tunnels, TNP, and VPLS information:

    • /junos/kernel/multicast/

    • /junos/kernel/tunnel/

    • /junos/kernel/tnp/

    • /junos/kernel/vpls/

    [See Understanding OpenConfig and gRPC on Junos Telemetry Interface and Guidelines for gRPC Sensors (Junos Telemetry Interface).]

Layer 2 Features

  • Configuring Q-in-Q tagging behavior for the native VLAN (EX4300 and EX4300-MP switches and Virtual Chassis)—Starting in Junos OS Release 19.3R1, when Q-in-Q tunneling is configured and an untagged packet is received on a C-VLAN interface, you can configure these switches to add either one or two tags before sending the packet out of the S-VLAN interface. To send two tags, set the configuration statement input-native-vlan-push to “enable” and ensure that the input-vlan-map configuration is set to “push”.

    [See Configuring Q-in-Q Tunneling and VLAN Q-in-Q Tunneling and VLAN Translations.]


  • OpenConfig AAA data model support (ACX1100, ACX2100, ACX5448, ACX6360, EX4300, MX240, MX480, MX960, MX10003, PTX10008, PTX10016, QFX5110, and QFX10002)—Junos OS Release 19.3R1 supports the configuration leafs specified in the OpenConfig AAA data model. Mapping the OpenConfig AAA configuration to the Junos AAA configuration using the following YANG files in the data model makes this support possible:

    The configuration model supporting the OpenConfig data model includes:

    • A translation script (.py / .slax) that maps each config leaf in the OpenConfig Schema to one or more config leafs in the JUNOS Schema.

    • A deviation file (.yang) that specifies how much the implementation deviates from the vendor-neutral model.

    [See Mapping OpenConfig AAA Commands to Junos Configuration.]


  • MLDv1, MLDv2, and MLD snooping (EX4650 and QFX5120-48Y switches and Virtual Chassis)—Starting in Junos OS Release 19.3R1, you can configure Multicast Listener Discovery (MLD) version 1 (MLDv1), MLD version 2 (MLDv2), and MLD snooping on EX4650 and QFX5120-48Y switches and Virtual Chassis. With MLD snooping enabled, these switches or Virtual Chassis replicate and forward IPv6 traffic for a multicast group only to the interfaces in a VLAN with listeners who joined the group, rather than flooding to all interfaces in the VLAN.

    [See Examples: Configuring MLD and Understanding MLD Snooping.]

Routing Policy and Firewall Filters

  • Support for IPv6 filter-based forwarding (EX4650 and QFX5120 switches)—Starting with Junos OS Release 19.3R1, you can use stateless firewall filters in conjunction with filters and routing instances to control how IPv6 traffic travels in a network on EX4650 and QFX5120 switches. This is called IPv6 filter-based forwarding. To set up this feature, you define a filtering term that matches incoming packets based on the source or destination address and then specify the routing instance to send packets to. You can use filter-based forwarding to route specific types of traffic through a firewall or security device before the traffic continues on its path. You can also use it to give certain types of traffic preferential treatment or to improve load balancing of switch traffic.

    [See Firewall Filter Match Conditions for IPv6 Traffic and Filter-Based Forwarding Overview.]

Routing Protocols

  • RIPng routing protocol supported (EX4650 and QFX5120 switches)—Starting with Junos OS Release 19.3R1, EX4650 and QFX5120 switches support the RIPng routing protocol.

    [See Basic RIPng Configuration.]

Services Applications

  • Support for real-time performance monitoring or RPM (EX4650) —Starting in Junos OS Release 19.3R1, you can configure active probes to track and monitor traffic across the network and to investigate network problems on EX4650 switches.

    You can use RPM in the following ways:

    • Monitor time delays between devices.

    • Monitor time delays at the protocol level.

    • Set thresholds to trigger SNMP traps when values are exceeded.

      You can configure thresholds for round-trip time, ingress or egress delay, standard deviation, jitter, successive lost probes, and total lost probes per test.

    • Determine automatically whether a path exists between a host router or switch and its configured BGP neighbors. You can view the results of the discovery using an SNMP client.

    • Use the history of the most recent 50 probes to analyze trends in your network and predict future needs.

    [See Understanding Real-Time Performance Monitoring on Switches.]

Software Installation and Upgrade

  • Migration of Linux kernel version—Starting in Junos OS Release 19.3R1, the following devices support the Wind River Linux 9 (WRL9) kernel version:


    Routing Engine Supported



    MX240, MX480, and MX960


    MX2020 and MX2010









    RE X10


    RE X10






    RE-PTX-2X00x4/RE X10


    RE-PTX-2X00x4/RE X10





















    Starting in Junos OS Release 19.3R1, in order to install a VM host image based on Wind River Linux 9, you must upgrade the i40e NVM firmware on the following routers:

    • MX Series—MX240, MX480, MX960, MX2010, MX2020, MX2008, MX10016, and MX10008

    • PTX Series—PTX3000, PTX5000, PTX10016, PTX10008, and PTX10002-XX

    If you perform a software upgrade on a router with i40e NVM version earlier than 6.01, the upgrade fails and the following error message is displayed:

    ERROR: i40e NVM firmware is not compatible ,please upgrade i40e NVM before installing this package

    ERROR: Aborting the installation

    ERROR: Upgrade failed

    See []

Virtual Chassis

  • Virtual Chassis support (EX4650 and QFX5120-48Y switches)—Starting in Junos OS Release 19.3R1, you can interconnect two EX4650 or two QFX5120-48Y switches into a Virtual Chassis, which operates as one logical device managed as a single chassis.

    • Member switches must be two EX4650 or two QFX5120 switches (no mixed mode).

    • Both member switches take the Routing Engine role with one as master and one as backup.

    • You can use any of the 100-Gbps QSFP28 or 40-Gbps QSFP+ ports on the front panel (ports 48 through 55) as Virtual Chassis ports (VCPs) to connect the member switches.

    • You can run nonstop software upgrade (NSSU) to update the Junos OS release on both member switches with minimal traffic disruption during the upgrade.

    • EX4650 and QFX5120 Virtual Chassis support the same protocols and features as the standalone switches in Junos OS Release 19.3R1 except for the following:

      • IEEE 802.1X authentication

      • EVPN-VXLAN (QFX5120)

      • Layer 2 port security features, DHCP, and DHCP snooping

      • Junos telemetry interface (JTI)

      • MPLS

      • Multichassis link aggregation (MC-LAG)

      • Redundant trunk groups (RTG)

      • Priority-based flow control (PFC)

    Configuration parameters and operation are the same as for other non-mixed EX Series and QFX Series Virtual Chassis.

    [See Virtual Chassis Overview for Switches.]

What's Changed

Learn about what changed in Junos OS main and maintenance releases for EX Series.

What's Changed in 19.3R3

General Routing

  • Logical Interface is created along with physical Interface by default (EX Series switches, QFX Series switches, MX Series routers)—The logical interface is created on ge, et, xe interfaces along with the physical interface, by default. In earlier Junos OS Releases, by default, only physical interfaces were created. For example, for ge interfaces, earlier when you view the show interfaces command, by default, only the physical interface (ge-0/0/0), was displayed. Now, the logical interface (ge-0/0/0.16386) is also displayed.

  • Command to view summary information for resource monitor (MX Series routers and EX9200 line of switches)—You can use the show system resource-monitor command to view statistics about the use of memory resources for all line cards or for a specific line card in the device. The command also displays information about the status of load throttling, which manages how much memory is used before the device acts to reduce consumption.

    See [show system resource-monitor and ].

  • New commit check for MC-LAG (MX Series)— We've introduced a new commit check to check the values assigned to the redundancy group identification number on the MC-AE interface ( redundancy-group-id ) and ICCP peer (redundancy-group-id-list ) when you configure multichassis aggregation groups (MC-LAGs). If the values are different, the system reports a commit check error. In previous releases, if the configured values were different, the l2ald process would crash. See iccp and


  • Multicast Layer 2 transit traffic statistics by multicast source and group (EX4600, EX4650, and the QFX5000 line of switches)—Starting in Junos OS Release 19.3R3, we provide statistics on the packet count for each multicast group and source when passing multicast transit traffic at Layer 2 with IGMP snooping. Run the show multicast snooping route extensive CLI command to see this count in the Statistics: … n packets output field. The other statistics in that output field, kBps and pps, are not available (values displayed there are not valid statistics for multicast traffic at Layer 2). Before Junos OS Release 19.3R3, all three values in the Statistics output field for kBps, pps, and packets do not provide valid statistics for multicast traffic at Layer 2.

    [See show multicast snooping route.]

Routing Protocols

  • Advertising /32 secondary loopback addresses to traffic engineering database as prefixes (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—We've made changes to export multiple loopback addresses to the lsdist.0 and lsdist.1 routing tables as prefixes. This eliminates the issue of advertising secondary loopback addresses as router IDs instead of prefixes. In earlier releases, multiple secondary loopback addresses in the traffic engineering database were added to the lsdist.0 and lsdist.1 routing tables as part of node characteristics and advertised them as the router ID.

What's Changed in 19.3R2

There are no changes in behavior and syntax for EX Series in Junos OS Release 19.3R2.

What's Changed in 19.3R1

General Routing

  • Support for full inheritance paths of configuration groups to be built into the database by default (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting with Junos OS Release 19.3R1, the persist-groups-inheritance option at the [edit system commit] hierarchy level is enabled by default. To disable this option, use no-persist-groups-inheritance.

    [See commit (System).]

Interfaces and Chassis

  • Support for creating Layer 2 logical interfaces independently (ACX Series, EX Series, MX Series, PTX Series, and QFX Series)—In Junos OS Release 19.3R1 and later, EX Series switches support creating Layer 2 logical interfaces independent of the Layer 2 routing-instance type. That is, you can configure and commit the Layer 2 logical interfaces separately and add the interfaces to the bridge domain or Ethernet VPN (EVPN) routing instance separately. Note that the Layer 2 logical interfaces work fine only when they are added to the bridge domain or EVPN routing instance.

    In earlier Junos OS releases, when you use a Layer 2 logical interface configuration (units with encapsulation vlan-bridge configuration), then you must add the logical interface as part of a bridge domain or EVPN routing instance for the commit to succeed.

Junos OS XML API and Scripting

  • Range defined for confirm-timeout value in NETCONF and Junos XML protocol sessions (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 19.3R1, the value for the <confirm-timeout> element in the Junos XML protocol <commit-configuration> operation must be in the range 1 through 65,535 minutes, and the value for the <confirm-timeout> element in the NETCONF <commit> operation must be in the range 1 through 4,294,967,295 seconds. In earlier releases, the range is determined by the minimum and maximum value of its unsigned integer data type.

  • XML RPC equivalent included for the show bgp output-scheduler | display xml rpc CLI command (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 19.3R1, we have included an XML RPC equivalent for the show bgp output-scheduler | display xml rpc CLI command. In Junos OS releases before Release 19.3R1, the show bgp output-scheduler | display xml rpc CLI command does not have an XML RPC equivalent.

    [See show bgp output-scheduler.]

Layer 2 Features

  • input-native-vlan-push (EX2300, EX3400, EX4600, EX4650, and the QFX5000 line of switches)—From Junos OS Release 19.3R1, the configuration statement input-native-vlan-push at the [edit interfaces interface-name] hierarchy level is introduced. You can use this statement in a Q-in-Q tunneling configuration to enable or disable whether the switch inserts a native VLAN identifier in untagged frames received on the C-VLAN interface, when the configuration statement input-vlan-map with a push operation is configured.

    [See input-native-vlan-push.]

System Logging

  • Preventing system instability during core file generation (EX Series)—Starting with Release 19.3R1 onward, Junos OS checks for available storage space on the Routing Engine before generating core files either on request or because of an assertion condition. This check ensures that your device does not become unstable because of shortage of storage space on the Routing Engine. If the available space is not sufficient, core files are not generated. Instead, Junos OS either displays the Insufficient Disk space !!! Core generation skipped message as an output or issues the syslog message core generation is skipped due to disk full.

Known Limitations

Learn about known limitations in this release for EX Series. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.


  • When a VLAN uses an IRB interface as the routing interface, the VLAN-ID parameter must be set to none to ensure proper traffic routing. This issue is platform independent. PR1287557


  • On an EX4300 switch, the CLI configuration set chassis routing-engine on-disk-failure disk-failure-action (reboot | halt) is not supported. PR1450093

Platform and Infrastructure

  • With the 288,000 MAC scale, the Routing Engine command show ethernet-switching table summary output displays the learned scale entries after a delay of around 60 seconds. PR1367538

  • During software upgrade to a more recent 19.3 images image, the system hangs after the request system software add /var/tmp/<image.gz> command is issued. Device could be recovered by power cycling the device. PR1405629

  • When the box is loaded and unloaded with the MACsec configuration multiple times with operations made continuously, Layer 3 connectivity lost, the system stops, followed by a reboot to resume operation. PR1416499

  • On deactivating and activating POE, the POE interface draws more power (as per the display) for quite some time. PR1431647

  • Filters are installed only during route add if there is enough space. If the filter fails because of the non-availability of TCAM space, those routes might not be processed for filter add later when space becomes available. PR1419926

  • The set class-of-service shared-buffer ingress buffer-partition lossless-headroom percent 0 command is not supported when in Virtual Chassis (VC), as the VCP ports should have some heardroom to support PFC. Configuration will be rejected at the hardware layer with a log message. PR1448377

  • Even with the fix for PR1463015, the Failed to complete DFE tuning syslog might appear. This message has no functional impact and can be ignored. PR1473280

Open Issues

Learn about open issues in this release for EX Series. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Authentication and Access Control

  • Before running the "load ssl-certificate path PATHNAME" command, configure the path using the "set protocols dot1x ssl-certificate-path PATHNAME" command, if the default pathname is not "/var/tmp/". PR1431086


  • On EX Series switches, if you are configuring a large number of firewall filters on some interfaces, the FPC might crash and generate core files. PR1434927

  • EX 9251: "IFDE: Null uint32 set vector, ifd and IFFPC: 'IFD Ether uint32 set' (opcode 151) error message is observed continuously in AD with base configurations. PR1485038

Interfaces and Chassis

  • After GRES, the VSTP port cost on aggregated Ethernet interfaces might get changed, leading to a topology change. PR1174213

Layer 2 Features

  • GARPs were being sent whenever there is a MAC (FDB) operation (add or delete). This is now updated to send GARP when the interface is UP and the Layer3 interface is attached to the VLAN. PR1192520

Network Management and Monitoring

  • On EX Series switches except EX4300, EX4600, and EX9200, when RTG (Redundant Trunk Group) switchovers are done, the /var/log/shadow.log or /var/log/shadow_debug.log is rotated. This might cause the PFE process to crash. PR1233050

Platform and Infrastructure

  • ARP queue limit has been changed from 100 pps to 3000 pps. PR1165757

  • On an EX2300 switch, the output of the show chassis routing-engine command might display an incorrect value of "Router rebooted after a normal shutdown" for the last reboot reason field. PR1331264

  • When VLAN is added as an action for changing the VLAN in both ingress and egress filters, the filter is not installed. PR1362609

  • On an EX9208 switch, a few xe- interfaces go down with the error message "if_msg_ifd_cmd_tlv_decode ifd xe-0/0/0 #190 down with ASIC Error". PR1377840

  • There is a possibility of seeing multiple reconnect logs, JTASK_IO_CONNECT_FAILED, during the device initialization. There is no functionality impact because of these messages. These messages can be ignored. PR1408995

  • On QFX5110 and QFX5120 platforms, unicast RPF check in strict mode might not work properly. PR1417546

  • Minimal traffic loss of ~100 pps is seen on EX9208 when the packets are sent between FPCs. This is due to random drops happening in the fabric. Amount of drop varies on the line rate and occurs less frequently. router@host> show pfe statistics traffic |match dropSoftware input control plane drops : 0Software input high drops : 0Software input medium drops : 0Software input low drops : 0Software output drops : 0Hardware input drops : 179892Info cell drops : 0Fabric drops : 71.PR1429714

  • BUM traffic rate limiting is done after removing Ethernet headers. L1 Tx rate on ingress interface: 1G Tx rate with headers: 865 Mbps Rx rate on the egress interface:800M L1 Rx rate on egress interface: 925Mbps Storm control functionalities in MX-L card is achieved by poilcer and hence the below mentioned policer inaccuracy is applicable for storm control feature as well. Since XM sprays packets to 4 different LUs, each LU will be processing packets of varying sizes. XM does not do strict round-robin, so even if all the incoming packets were to be of exact same sizes (which is not a practical scenario), each LU will still be loaded differently, hence there will be some periods where some LUs policing limit may reach sooner than the others (either due to processing more packets or due to processing larger packets). Hence, it is possible that some LUs, which see the policing limit reached sooner may drop the packet or color them differently that might result into eventual drop while the other LUs could queue the packets for transmission, we could see this behavior within a single flow as well. Hence, the policer functionality can be unpredictable at times. In an extreme case, a packet flow might be sent to a single LU and the policer result is one-fourth of what is expected. Because the policer functionality, in general, may not work correctly, we will see the impact on all the policing features - for example, input-policer, three-color-policer (srTCM, trTCM), output-policer. PR1442842

  • On an EX9214 switch, if the MACsec-enabled link flaps after reboot, the error "errorlib_set_error_log(): err_id(-1718026239)" is observed. PR1448368

  • In overall commit time, the evaluation of mustd constraints is taking 2 seconds more than usual. This is because the persist-group-inheritance feature has been made a default feature in the latest Junos OS releases. Eventually, this feature helps improve the subsequent commit times for scaled configurations significantly. The persist-group-inheritance feature is useful in customer scenarios where groups and nested groups are used extensively. In those scenarios, the group inheritance paths are not built every time; thus, subsequent commits are faster. PR1457939

  • The image size grows over a period of time and subsequently storage might be insufficient to install images when upgrading EX2300 and EX3400 platforms. The upgrade might fail with the error message not enough space to unpack. PR1464808

Virtual Chassis

  • EX4650: kldload: an error occurred while loading the module is displayed during booting. PR1527170

Resolved Issues

Learn which issues were resolved in Junos OS main and maintenance releases for EX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 19.3R3

Authentication and Access Control

  • EX4600 and EX4300—MAC entry missing in Ethernet Switching table for MAC-RADIUS client in server_fail scenario when tagged is sent for the second client. PR1462479

  • Authentication failure might occur on the captive portal. PR1504818

  • The Junos OS event DOT1XD_AUTH_SESSION_DELETED might not be triggered when the 802.1X (dot1x) authentication session is terminated. PR1512724

  • The dot1x client will not be moved to the hold state when the authenticated PVLAN is deleted. PR1516341

Class of Service (CoS)

  • Shaping does not work after the reboot if shaping-rate is configured. PR1432078

  • The traffic is placed in the network control queue on the extended port even if it comes in with a different DSCP marking. PR1433252


  • rpd might crash after changing the EVPN-related configuration. PR1467309

  • The ESI of IRB interfaces does not update after autonomous-system number change if the interface is down. PR1482790

  • The l2ald memory leak might be observed in any EVPN scenario. PR1498023

  • The VXLAN function might be broken due to a timing issue after the change in PR1495098. PR1502357

  • Unable to create a new VTEP interface. PR1520078

Forwarding and Sampling

  • Type 1 ESI/AD route might not be generated locally on EVPN PE in the all-active mode. PR1464778


  • EX4300—CLI configuration on-disk-failure is not supported. PR1450093

  • l2ald and eventd are hogging 100% after the clear ethernet-switching table command is issued.PR1452738

  • EX Series switches might not come up properly upon reboot. PR1454950

  • Error messages related to soft reset of port due to queue buffers being stuck could be seen on an EX4600-EX4300 Virtual Chassis. PR1462106

  • Continuous dcpfe error messages and eventd process hogged might be seen in an EX2300 Virtual Chassis scenario. PR1474808

  • Kernel core file might be observed while deactivating the daemon on the EX2300 and EX3400 platforms. PR1483644

  • fxpc might crash when configuring scaled configuration with 4093 VLANs. PR1493121

Interfaces and Chassis

  • The syslog scchassisd[ ]: CHASSISD_IPC_WRITE_ERR_NULL_ARGS: FRU has no connection arguments fru_send_msg Global FPC x is observed after an MX Series Virtual Chassis local or global switchover. PR1428254

  • The MC-LAG configuration-consistency ICL-configuration might fail after committing some changes. PR1459201

  • Executing commit might result in hangup due to the stuck dcd process. PR1470622

Junos Fusion Enterprise

  • Observed error jnh_dot1br_ktree_entry_create(1098): Entry Already Exists. Observing duplicate ECID values for cluster/extended ports on member ports of same cluster. PR1408947

  • SDPD core file found @ vfpc_all_eports_deletion_complete vfpc_dampen_fpc_timer_expiry. PR1454335

  • Loop detection might not work on extended ports in Junos Fusion scenarios. PR1460209

Junos Fusion Satellite Software

  • Temperature sensor alarm is seen on an EX4300 switch in a Junos Fusion scenario. PR1466324

Layer 2 Features

  • The LLDP function might fail when a Juniper device connects to a non-Juniper one. PR1462171

  • fxpc.core might be seen when committing the configuration altogether, for example, after the reboot. PR1467763

  • Traffic might be affected if composite next hop is enabled. PR1474142

Layer 2 Ethernet Services

  • Member links state might be asynchronized on a connection between Provider Edge and Customer Edge devices in an EVPN active/active scenario. PR1463791

  • Issues with DHCPv6 Relay processing Confirm and Reply packets. PR1496220


  • BGP session might keep flapping between two directly connected BGP peers because of the incorrect TCP MSS (maximum segment size) in use. PR1493431

Platform and Infrastructure

  • EX3400-VC—unable to upgrade /usr/libexec/ui/package: /var/tmp/mchassis-install.tgz: no such file. PR1440122

  • The laser Tx might be enabled while the interface is disabled. PR1445626

  • NSSU causes a traffic loss again after the backup to master transitions. PR1448607

  • On certain MPC line cards, cm errors need to be reclassified. PR1449427

  • The IRB traffic might drop after mastership switchover. PR1453025

  • The OSPF neighbor might go down when the mDNS/PTP traffic is received at a rate greater than 1400 pps. PR1459210

  • Traffic loss may be observed for longer than 20 seconds when performing NSSU on an EX4300 VC. PR1461983

  • IGMP reports are dropped with mixed enterprise and SP configuration styles on an EX4300 switch. PR1466075

  • The switch might not be able to learn MAC address with dot1x and interface-mac-limit configured. PR1470424

  • EX4300: Input firewall filter attached to isolated or community VLANs does not match the dot1p bits on the VLAN header. PR1478240

  • MAC learning under bridge-domain stops after the MC-LAG interface flaps. PR1488251

  • The traffic destined to VRRP VIP might be dropped after the IRB interface is disabled on the initial VRRP master PR1491348

  • IPv6 neighbor solicitation packets might be dropped in a transit device PR1493212

  • Packets get dropped when next hop is IRB over the LT- interface. PR1494594

  • The NSSU upgrade might fail on EX4300 switches due to a storage issue in the /var/tmp directory PR1494963

  • Traffic loss might be seen with framing errors or runts if MACsec is configured on an EX4300 switch. PR1502726

  • VC split after network topology change. PR1427075

  • The l2cpd process might crash and generate a core file when interfaces are flapping PR1431355

  • IRB over VTEP unicast traffic might get dropped on EX9200 and MX platforms PR1436924

  • The MAC Pause frames will be incrementing on Receive direction if the half duplex mode on 10Mbps or 10 MBps speed is configured PR1452209

  • A firewall filter might not be able to be applied in a particular VC or VCF member as the TCAM space is running out PR1455177

  • Link up delay and traffic drop might be seen on mixed SP Layer 2 and Layer 3 and EP Layer 2 type configurations. PR1456336

  • MAC addresses learned on RTG may not be aged out after aging time PR1461293

  • RTG link faces nearly a 20-second down time during backup node rebooting PR1461554

  • The VC function may be broken after upgrading on EX2300/EX3400 platforms PR1463635

  • EX Series (ELS) / QFX Series—There are some commands to disable a MAC learning, and some of them were not working. PR1464797

  • jdhcpd might consume high CPU and no further subscribers can be brought up if more than 4000 dhcp-relay clients in the MAC-MOVE scenario. PR1465277

  • fxpc might crash after mastership election on on the EX2300 and EX3400 platforms. PR1465526

  • The broadcast and multicast traffic might be dropped over IRB or LAG interface in in a QFX Series or EX Series Virtual Chassis scenario. PR1466423

  • The MAC move message may have an incorrect "from" interface when the MAC moves rapidly. PR1467459

  • FPCs might get disconnected from an EX3400 VC briefly after reboot/upgrade. PR1467707

  • Optics measurements might not be streamed for interfaces of a PIC over JTI PR1468435

  • FPC may be down when configuring VXLAN routing. PR1468736

  • Traffic loss might be seen with framing errors or runts if MACsec is configured on the EX4600 and QFX5100 platforms. PR1469663

  • The SSH session closes while checking for the show configuration | display set command for both local and non-local users. PR1470695

  • An EX3400 switch is advertising only 100m when configured the speed 100m with autonegotiation enabled. PR1471931

  • The shaping of CoS does not work after reboot. PR1472223

  • CoS 802.1p bit rewrite might not happen in Q-in-Q mode. PR1472350

  • DSCP marking might not work as expected if the fixed classifiers are applied to interfaces on the QFX5000 and EX4600 platforms. PR1472771

  • The RIPv2 packets forwarded across a Layer 2 circuit connection might be dropped. PR1473685

  • The dhcpd process may crash in a Junos Fusion environment. PR1478375

  • MPCs might stop when there is bulk route update failure in a corner case. PR1478392

  • TFTP installation from loader prompt may not succeed on the EX Series devices PR1480348

  • ARP request packets for unknown host might get dropped in remote PE in an EVPN-VXLAN scenario. PR1480776

  • On an EX2300 switch, SNMP traps are not generated when MAC address limit threshold is reached. PR1482709

  • Incorrect “frame length” of 132 bytes might be captured in a packet header. PR1487876

  • DHCP binding might fail when the PVLAN is configured with a firewall to block or allow certain IPv4 packets. PR1490689

  • Traffic loss could be seen under the MC-LAG scenario on a QFX5120 or EX4650 switch. PR1494507

  • Outbound SSH connection flap or memory leak issue might be observed during pushing the configuration to the ephemeral DB with high rate. PR1497575

  • Traffic might get dropped if an AE member interface is deleted or added or if a SFP of the AE member interface is unplugged or plugged. PR1497993

  • The OSPF might be stuck in the "ExStart" state if it is configured across the master and the standby FPCs of the EX4300-48MP VC PR1498903

  • Continuous traffic loss might happen during GRES. PR1500783

  • LLDP neighborship might be unable to set up on QFX5000 platforms PR1504354

  • LLDP might not work when PVLAN is configured on EX Series switches or QFX Series Virtual Chassis. PR1511073

  • "dot1x" memory leak is observed. PR1515972

  • MPPE-Send/Recv-key attribute is not extracted correctly by dot1xd PR1522469

  • "Drops" and "Dropped packets" counters in the output by "show interface extensive" are double counting. PR1525373

Routing Protocols

  • Host-destined packets with filter log action might not reach the RE if log/syslog is enabled PR1379718

  • QFX5100—BGP v4/v6 convergence & RIB install/delete time degraded in Junos OS Release 19.1R1, 19.2R1, 19.3R1, and 19.4R1. PR1414121

  • The "other querier present interval" timer cannot be changed in an IGMP/MLD snooping scenario PR1461590

  • LACP interface might not go to "collecting and distributing" state if along with the knob of "force-up" PR1484523

  • FPC may go to the "NotPrsnt" state after upgrading with non-tvp image in VC/VCF setup PR1485612

  • The BGP route-target family might prevent the RR from reflecting Layer 2 VPN and Layer 3 VPN routes. PR1492743

  • The firewall filter could not work in certain conditions under a VC setup PR1497133

  • Packet loss is seen for stream bLock:irb_lacp_tr_ospf while verifying traffic from access to core network for IPv4 PR1520059

User Interface and Configuration

  • The umount: unmount of /.mount/var/val/chroot/packages/mnt/jweb-ex32-d2cf6f6b failed: Device busy message is seen when Junos OS is upgraded with the validate option. PR1478291

  • J-Web does not display the correct Flow-control status on EX Series devices. PR1520246

Virtual Chassis

  • Disabling one of the VCP ports might result in another VCP port flapping PR1469257

Resolved Issues: 19.3R2


  • ARP request or neighbor solicitation message might be sent back to the local segment by the designated forwarder (DF) router. PR1459830


  • Certain EX Series platforms might generate VM core files by panic and reboot. PR1456668

  • Traffic is dropped on EX4300-48MP device acting as a leaf device in a Layer 2 IP fabric EVPN VXLAN environment. PR1463318

Interfaces and Chassis

  • VRRP-V state is flapping with init and idle states after configuring vlan-tagging. PR1445370


  • Some error messages might be seen when using J-Web. PR1446081

Layer 2 Features

  • ERPS nodes do not converge to idle state after failure recovery or reboot. PR1431262

  • MAC or ARP learning might not work for copper base SFP-T transceiver on EX4600. PR1437577

Platform and Infrastructure

  • LACP DDoS policer is incorrectly triggered by other protocols traffic on all EX92XX/T4000 and MX platforms. PR1409626

  • The interface on a failed member FPC of EX2300 and EX3400 Virtual Chassis might stay up for 120 seconds. PR1422507

  • LED turns on even after the Virtual Chassis members are powered off. PR1438252

  • The rpd might generate core files during router bootup due to a file pointer issue as there are two code paths that can close the file. We are attempting to close the file without validating the file pointer. PR1438597

  • EX4600 Virtual Chassis does not come up after you replace the fiber connection on the Virtual Chassis port with a DAC cable. PR1440062

  • MAC addresses learned on RTG might not be aged out after a Virtual Chassis member is rebooted. PR1440574

  • On Ex4300-MP, the following log is generated continuously: rpd[6550]: task_connect: task AGENTD I/O.: Connection refused PR1445618

  • Traffic might be dropped when a firewall filter rule uses then vlan as the action in a Virtual Chassis scenario. PR1446844

  • Unicast ARP requests are not replied to with no-arp-trap option. PR1448071

  • Tunneling-encapsulated packets are dropped on the Layer 3 VPN MPLS PE-CE interface. PR1451032

  • DHCP snooping static binding does not take effect after deleting and re-adding the entries. PR1451688

  • Configuration change in VLAN all option might affect the per-VLAN configuration. PR1453505

  • Version compare in PHC might fail, making the PHC to download the same image. PR1453535

  • REST API process becomes nonresponsive when a number of requests come with a high rate. PR1449987

  • Packet drop might be seen after removing and reinserting the SFP transceiver of the 40G Uplink Module ports. PR1456039

  • The syslog timeout connecting to peer database-replication is generated when the show version detail command is issued. PR1457284

  • Overtemperature SNMP trap messages appear after an update even though the temperature is within the system thresholds. PR1457456

  • The correct VoIP VLAN information in LLDP-MED packets might not be sent after commit if dynamic VoIP VLAN assignment is used. PR1458559

  • Storage space limitation leads to image installation failure during Phone home on EX2300 and EX3400 platforms. PR1460087

  • ERP might not revert to idle state after reload or reboot of multiple switches. PR1461434

Routing Protocols

  • Junos BFD sessions with authentication flap after a certain time. PR1448649

User Interface and Configuration

  • EX4600 and QFX5100 are unable to commit baseline configuration after zeroization. PR1426341

  • Problem with access to J-Web after an update from Junos OS Release 18.2R2 to Release 18.2R3. PR1454150

Virtual Chassis

  • Current MAC address might change when deleting one of the multiple Layer 3 interfaces. PR1449206

Resolved Issues: 19.3R1


  • The device may proxy the ARP probe packets in an EVPN environment. PR1427109

  • Configuring ESI on a single-homed 25-Gbps port might not work. PR1438227

Forwarding and Sampling

  • Enable interface with input/output vlan-maps to be added to a routing-instance configured with a VLAN ID or VLAN tags (instance type virtual-switch/vpls). PR1433542


  • The traffic to the NLB server may not be forwarded if the NLB cluster works in multicast mode. PR1411549

  • The operations on the console might not work if the system ports console log-out-on-disconnect statement is configured. PR1433224

Interfaces and Chassis

  • Missing mandatory ICCP configuration statement redundancy-group-id-list produces misleading error message. PR1402606

  • The IFLs in EVPN routing instances might flap after committing configurations. PR1425339

  • EX9214 unexpected duplicate VLAN-ID commit error. PR1430966

Layer 2 Ethernet Services

  • DHCP request may get dropped in DHCP relay scenario. PR1435039

  • On EX9200 switches, DHCP Relay is stripping the 'GIADDR' field in messages toward the DHCP clients. PR1443516

Network Management and Monitoring

  • Overtemperature trap does not sent out even though there is the Temperature Hot alarm. PR1412161

Platform and Infrastructure

  • [SIRT]Certain QFX and EX Series devices are vulnerable to 'Etherleak' memory disclosure in Ethernet padding data (CVE-2017-2304). PR1063645

  • Transit OSPF traffic over Q-in-Q tunneling might be dropped if a firewall filter is applied to Lo0 interface. PR1355111

  • The l2ald process might crash and generate a core file on EX2300 Virtual Chassis when a trunk port is converted to dot1x access port with tagged traffic flowing. PR1362587

  • QFX5120 and EX4650 : Convergence delay between PE1 and P router link is more than expected delay value. PR1364244

  • IPv6 router advertisement (RA) messages might increase internal kernel memory usage. PR1369638

  • The DHCP discover packets are forwarded out of an interface incorrectly if DHCP snooping is configured on that interface. PR1403528

  • MAC address movement might not happen in Flexible Ethernet Services mode when family inet/inet6 and vlan-bridge are configured on the same IFD. PR1408230

  • EX9251, EX9253, and EX9208: DDoS violation for LLDP, MVRP, provider MVRP and dot1x is incorrectly reported as LACP DDoS violation. PR1409626

  • EX2300-24P, error message: dc-pfe: BRCM_NH-,brcm_nh_resolve_get_nexthop(),346:Failed to find if family. PR1410717

  • EX4300-48MP : Chassis Status LED glow yellow instead of amber. PR1413194

  • The upgrade of the PoE firmware might fail on EX3400. PR1413802

  • EX3400 : show chassis environment repeats "OK" and "Failed" at short intervals. PR1417839

  • The EX3400 Virtual Chassis status might be unstable during the bootup of the Virtual Chassis or after the Virtual Chassis port flaps. PR1418490

  • EX4300-48MP-18.3R1.9 //Over Temperature SNMP trap generated wrongly for LC (EX4300-48P) based on the master Routing Engine (EX4300-48MP) temperature threshold value. PR1419300

  • EX4300: Runt counter never incremented. PR1419724

  • The pfex process might crash and generates core files when you reinsert SFP. PR1421257

  • Commit of configurations involving interface-range defined over wildcard range such as ge-*/*/* not supported. PR1421446

  • Virtual Chassis may become unstable and FXPC core files may be generated when there are a lot of configured filter entries. PR1422132

  • Traffic loss when one of the logical interfaces on the LAG is deactivated or deleted. PR1422920

  • Ensure phone-home works in factory-default configuration. PR1423015

  • Adding the second IRB interface to an aggregated Ethernet interface and rolling it back might cause the first IRB interface to stop working. PR1423106

  • IPv6 multicast traffic received on one Virtual Chassis member might be dropped when egressing on other Virtual Chassis member if MLD snooping is enabled. PR1423310

  • EX3400 : Auto negotiation status shows incomplete on ge-0/2/0 using SFP-SX. PR1423469

  • Multicast traffic might be silently dropped on ingress port with igmp-snooping enabled. PR1423556

  • MACsec connection on EX4600 platforms might not come back up after interface disconnect/reconnect. PR1423597

  • On EX9251 optics "SFP-1GE-FE-E-T" I2C read errors are seen when an SFP-T is inserted into a disabled state port. PR1423858

  • The auditd crashed when Accounting RADIUS server was not reachable. PR1424030

  • The native VLAN ID of packets might fail to be removed when leaving out. PR1424174

  • MAC overlapping between different switches. PR1425123

  • SNMP (ifHighSpeed) value is not getting displayed appear properly only for VCP interfaces, it is getting displayed as zero. PR1425167

  • The jdhcpd might consume 100% CPU and crash if dhcp-security is configured. PR1425206

  • Interface flapping scenario might lead to ECMP next-hop installation failure on EX4300s. PR1426760

  • Virtual Chassis split after network topology changed. PR1427075

  • The fxpc/Packet Forwarding Engine might crash on EX2300 or EX3400 platforms. PR1427391

  • Rebooting or halting a Virtual Chassis member might cause 30 seconds down on RTG link. PR1427500

  • IPv6 traffic might be dropped when static /64 IPv6 routes are configured. PR1427866

  • VIP might not forward the traffic if VRRP is configured on an aggregated Ethernet interface. PR1428124

  • EX2300-24P : l2ald core files observed after removal and re-addition of multiple supplicant mode with PVLAN on interface. PR1428469

  • Data port LEDs are off even while interfaces are up. PR1428703

  • CI-PR: Verification of ND inspection with a dynamically bound client, moved to a different VLAN on the same port is failing. PR1428769

  • The delay in transmission of BPDUs after GRES might result in loss of traffic on EX2300/3400 Virtual Chassis. PR1428935

  • When forward-only is set within dhcp-reply, dhcp declines are not forwarded to server. PR1429456

  • EX4300 does not drop FCS frames with CRC error on xe- interfaces. PR1429865

  • Unicast ARP requests are not replied to with the no-arp-trap option. PR1429964

  • EX4300 without soft error recovery(parity check, correction and memscan) enable. PR1430079

  • The jdhcpd_era log files constantly consume 121M of space out of 170M, resulting into file system full and traffic impact. PR1431201

  • EX4300-48MP switch cannot learn MAC address through some access ports that are directly connected to a host when auto-negotiation is used. PR1430109

  • Disabling DAC QSFP port may not work on MX204, MX10003, or EX9251. PR1430921

  • Incorrect model Information while polling through SNMP from Virtual-Chassis. PR1431135

  • The ERPS failover does not work as expected on an EX4300 device. PR1432397

  • Native VLAN might not take into effect when it is enabled with flexible VLAN tagging on a Layer 3 subinterface. PR1434646

  • The device might not be accessible after the upgrade. PR1435173

  • The mc-ae interface may get stuck in waiting state in a dual mc-ae scenario. PR1435874

  • i40e NVM upgrade support for EX9200 platform. PR1436223

  • The FPC/pfex crash may be observed due to DMA buffer leaking. PR1436642

  • The /var/db/scripts directory might be deleted after executing request system zeroize. PR1436773

  • Commit check error for VSTP on EX9200s: xSTP:Trying to configure too many interfaces for given protocol. PR1438195

  • The DHCP Snooping table might be cleared for VLAN ID 1 after adding a new VLAN ID to it. PR1438351

  • The dot1x might not work when captive-port is also configured on the interface on backup/non-master FPC. PR1439200

  • DHCPv6 relay binding is not up while verifying the DHCP snooping along with DHCPv6 relay. PR1439844

  • The ports of the EX device might stay in up state even if the EX46XX/QFX51XX series device is rebooted. PR1441035

  • Clients in an isolated VLAN might not get IP addresses after completing authentication when both dhcp-security and dot1x are configured. PR1442078

  • EX3400 fan alarm (Fan X not spinning) appears and disappears repeatedly after the fan tray is removed (absent). PR1442134

  • DHCPv6 client might fail to get an IP address. PR1442867

  • Non-designated port is not moving to backup port role. PR1443489

  • /var/host/motd does not exist message is flooded every 5 seconds in chassisd logs. PR1444903

  • On EX4300-MP, log generated continuously: rpd[6550]: task_connect: task AGENTD I/O. addr Connection refused. PR1445618

  • CI-PR: On EX3400 - dot1xd core files found @ macsec_update_intf macsec_destroy_ca. PR1445764

  • Major alarm log messages for temperature conditions for EX4600 at 56 degrees Celsius. PR1446363

  • The traffic might be dropped when a firewall filter rule uses 'then vlan' as the action in a Virtual Chassis scenario. PR1446844

  • The PoE might not work after upgrading the PoE firmware on EX4300 platforms. PR1446915

  • The firewall filters might not be created with error logs after reboot. PR1447012

  • Phone home on EX3400 fails because sysctl cannot read the device serial number. PR1447291

  • Added CLI configuration on-disk-failure on EX3400. PR1447853

  • Unicast ARP requests are not replied with the no-arp-trap option. PR1448071

  • On EX3400, IPv6 routes received through BGP do not show the correct age time. PR1449305

  • Incoming Layer3-encapsulated packets are dropped on Layer 3VPN MPLS PE-CE interface. PR1451032

Routing Protocols

  • Host-destined packets with filter log action might not reach the Routing Engine if log/syslog is enabled. PR1379718

  • Sometimes, IGMP snooping may not work. PR1420921

  • The multicast traffic might be dropped when proxy mode is used for igmp-snooping. PR1425621

  • The error message RPD_DYN_CFG_GET_PROF_NAME_FAILED: Get profile name for session XXX failed: -7, may be seen in syslog after restarting routing daemon. PR1439514

  • The bandwidth value of the DDoS-protection might cause the packets loss after the device reboot. PR1440847

  • IPv6 connectivity between MC-LAG peers might fail when multiple IRB interfaces are present. PR1443507

  • Loopback address exported into other VRF instance might not work on EX Series, QFX Series, or ACX Series platforms. PR1449410

  • MPLS LDP may still use stale MAC of the neighbor even the LDP neighbor's MAC changes. PR1451217

Subscriber Access Management

  • EX4300 /var showing full /var/log/dfcd_enc file grows in size PR1425000

User Interface and Configuration

  • EX4600 and QFX5100 were unable to commit baseline configuration after zeroization. PR1426341

Virtual Chassis

  • Current MAC address might change when deleting one of the multiple Layer 3 interfaces. PR1449206


  • MVPN using PIM dense mode does not prune the OIF when PIM prune is received. PR1425876

Documentation Updates

There are no errata or changes in Junos OS Release 19.3R3 documentation for the EX Series switches.

Migration, Upgrade, and Downgrade Instructions

This section contains the upgrade and downgrade support policy for Junos OS for the EX Series. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network. For information about software installation and upgrade, see the Installation and Upgrade Guide.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1, 17.2, and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.

You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see