Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for EX Series Switches


These release notes accompany Junos OS Release 20.1R1 for the EX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at

What's New

Learn about new features introduced in the Junos OS main and maintenance releases for EX Series switches.


The following EX Series switches are supported in Release 20.1R1: EX2300, EX2300-C, EX3400, EX4300, EX4600-40F, EX4650, EX9200, EX9204, EX9208, EX9214, EX9251, and EX9253.


  • Routing traffic between a VXLAN and a Layer 3 logical interface (EX4650 and QFX5120)—Starting in Junos OS Release 20.1R1, EX4650 and QFX5120 switches support the routing of traffic between a Virtual Extensible LAN (VXLAN) and a Layer 3 logical interface. (You can configure the Layer 3 logical interface using the set interfaces interface-name unit logical-unit-number family inet address ip-address/prefix-length or the set interfaces interface-name unit logical-unit-number family inet6 address ipv6-address/prefix-length command.) This feature is enabled by default, so you do not need to take any action to enable it.


    By default, this feature is disabled on QFX5110 switches. To enable the feature on QFX5110 switches, you must perform the configuration described in Understanding How to Configure VXLANs and Layer 3 Logical Interfaces to Interoperate.

Interfaces and Chassis

  • Support for static link protection on aggregated interfaces (EX4650, QFX5120-32C, and QFX5120-48Y)—Starting in Junos OS Release 20.1R1, you can enable link protection on aggregated interfaces for a specified static label-switched path (LSP). You can designate a primary and a backup physical link to support link protection. Egress traffic passes only through the designated primary link. This traffic includes transit traffic and locally generated traffic on the router. When the primary link fails, traffic is routed through the backup link.

    [See link-protection.]

Junos OS XML, API, and Scripting

  • The jcs:load-configuration template supports loading the rescue configuration (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.1R1, the jcs:load-configuration template supports the rescue parameter to load and commit the rescue configuration on a device. SLAX and XSLT scripts can call the jcs:load-configuration template with the rescue parameter set to "rescue" to replace the active configuration with the rescue configuration.

    [See Changing the Configuration Using SLAX and XSLT Scripts and jcs:load-configuration Template.]

Junos Telemetry Interface

  • MPLS and local routing sensor streaming support on JTI (EX2300, EX3400, EX4300, EX4600, and EX9200)—Junos OS Release 20.1R1 provides MPLS constrained-path Label Switched Paths (LSPs), RSVP-Traffic Engineering (RSVP-TE) and local routing statistics using Junos telemetry interface (JTI) and remote procedure call (gRPC) services. Streaming statistics are sent to an outside collector at configurable intervals.

    The following resource paths are supported:

    • Local routing (resource path /local-routes/)

    • MPLS constrained-path LSPs and RSVP-TE (resource path /network-instances/network-instance/mpls/)

    To provision the sensor to export data through gRPC services, use the telemetrySubscribe RPC.

    Streaming telemetry data through gRPC or gNMI also requires the OpenConfig for Junos OS module.

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

  • JTI infrastructure support for (EX2300, EX2300-MP, and EX3400)—Junos OS Release 20.1R1 provides Junos telemetry interface (JTI) infrastructure support for EX2300, EX2300-MP, and EX3400 switches.

Layer 2 Features

  • Q-in-Q support on redundant trunk links using LAGs with link protection (EX4300-MP switches and Virtual Chassis)—Starting in Junos OS Release 20.1R1, Q-in-Q is supported on redundant trunk links (also called “RTGs”) using LAGs with link protection. Redundant trunk links provide a simple solution for network recovery when a trunk port on a switch goes down. In that case, traffic is routed to another trunk port, keeping network convergence time to a minimum.

    Q-in-Q support on redundant trunk links on a LAG with link protection also includes support for the following items:

    • Configuration of flexible VLAN tagging on the same LAG that supports the redundant links configurations

    • Multiple redundant links configurations on one physical interface

    • Multicast convergence

    [See Q-in-Q Support on Redundant Trunk Links Using LAGs with Link Protection.]


  • PIM with IPv6 multicast traffic (EX4650 and QFX5120-48Y)—Starting in Junos OS Release 20.1R1, EX4650 and QFX5120-48Y switches support Protocol Independent Multicast (PIM) with IPv6 multicast traffic as follows:

    • PIM sparse mode (PIM-SM), PIM dense mode (PIM-DM), and PIM sparse-dense mode (PIM-SDM)

    • PIM any-source multicast (PIM-ASM) and PIM source-specific multicast (PIM-SSM)

    • Static, embedded, and anycast rendezvous points (RPs)

    [See PIM Overview.]

Routing Policy and Firewall Filters

  • Support for flexible-match-mask match condition (EX4650 and QFX-Series)—Starting with Junos OS Release 20.1R1, for EX4650, QFX5120-32C, and QFX5120-48Y switches, the flexible-match-mask match condition in firewall filters is supported for the inet, inet6, and ethernet-switching families. With this feature, you can configure a filter by specifying the length of the match (4 bytes maximum) starting from a Layer 2 or Layer 3 packet offset.

    [See Firewall Filter Flexible Match Conditions.]

Storage and Fibre Channel

  • FIP snooping (EX4650-48Y and QFX5120-48Y)—Starting in Junos OS Release 20.1R1, EX4650-48Y and QFX5120-48Y switches support Fibre Channel over Ethernet (FCoE) Initialization Protocol (FIP) snooping. With FIP snooping enabled on these switches, you prevent unauthorized access and data transmission to a Fibre Channel (FC) network by permitting only those servers that have logged in to the FC network to access the network. You enable FIP snooping on FCoE VLANs when the switch is being used as an FCoE transit switch that connects FC initiators (servers) on the Ethernet network to FCoE forwarders at the FC storage area network (SAN) edge.

    [See Understanding FCoE Transit Switch Functionality and Understanding VN_Port to VN_Port FIP Snooping on an FCoE Transit Switch.]

System Management

  • Change status LED for network port to chassis beacon light (EX4300-48MP switch and EX4300-48MP Virtual Chassis)—By default, when a network port and its associated link are active, the status LED for that port blinks green 8 times per second. Starting in Junos OS Release 20.1R1, you can use the request chassis beacon command to slow down the current blinking rate to 2 blinks per second. The slower-blinking and steadier green light acts as a beacon that leads you to an EX4300-48MP switch or a particular port in a busy lab.

    Using options with the request chassis beacon command, you can do the following for one or all network port status LEDs on a specified FPC:

    • Turn on the beacon light for:

      • 5 minutes (default)

      • A specified number of minutes (1 through 120)

    • Turn off the beacon light:

      • Immediately

      • After a specified number of minutes (1 through 120)

    After the beacon light is turned off, the blinking rate for the network port’s status LED returns to 8 blinks per second.

    [See request chassis beacon.]

Virtual Chassis

  • Virtual Chassis support for up to four member switches (EX4650 switches)—Starting in Junos OS Release 20.1R1, you can interconnect up to four EX4650-48Y switches into a Virtual Chassis that operates as one logical device managed as a single chassis.

    • Member switches must be EX4650-48Y switches only (no mixed mode).

    • Two member switches take the Routing Engine role, with one as master and one as backup, and the remaining members operate in linecard role.

    • You can use any of the 40-Gigabit Ethernet or 100-Gigabit Ethernet QSFP28 ports on the front panel (ports 48 through 55) as Virtual Chassis ports (VCPs) to connect the member switches.

    • You can run nonstop software upgrade (NSSU) to update the Junos OS release on all member switches with minimal traffic disruption during the upgrade.

    • EX4650 Virtual Chassis support the same protocols and features as the standalone switches in Junos OS Release 20.1R1 except for the following:

      • IEEE 802.1X authentication

      • EVPN-VXLAN

      • Layer 2 port security features, DHCP, and DHCP snooping

      • VXLAN MPLS

      • Junos telemetry interface (JTI)

      • MPLS

      • Multichassis link aggregation (MC-LAG)

      • Redundant trunk groups (RTG)

      • Priority-based flow control (PFC)

    Configuration and operation are the same as for other non-mixed EX Series and QFX Series Virtual Chassis.

    [See Virtual Chassis Overview for Switches.]

What's Changed

Learn about what changed in Junos OS main and maintenance releases for EX Series.


  • Multicast Layer 2 transit traffic statistics by multicast source and group (EX4600, EX4650, and QFX5000 line of switches)—Starting in Junos OS Release 20.1R1, EX4600, EX4650, and the QFX5000 line of switches provide statistics on the packet count for each multicast group and source when passing multicast transit traffic at Layer 2 with IGMP snooping. Run the show multicast snooping route extensive CLI command to see this count in the Statistics: … n packets output field. The other statistics in that output field, kBps and pps, are not available (values displayed there are not valid statistics for multicast traffic at Layer 2). In earlier releases in this release train, all three values in the Statistics output field for kBps, pps, and packets did not provide valid statistics for multicast traffic at Layer 2.

    [See show multicast snooping route.]

Known Limitations

Learn about known limitations in this release for EX Series. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.


  • If Junos OS panics with a file-system-related panic, such as 'dup alloc', recovery through the OAM shell might be needed. From the OAM shell, run 'fsck' on the root volume until it is marked clean. Only at this point, it is safe to reboot to the normal volume. PR1444941

Platform and Infrastructure

  • The ge and mge ports have different color contrasts because of different vendors. PR1470312

Open Issues

Learn about open issues in Junos OS Release 20.1R1 for EX Series. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

General Routing

  • On an EX9208 switch, a few xe- interfaces are going down with the error if_msg_ifd_cmd_tlv_decode ifd xe-0/0/0 #190 down with ASIC Error. PR1377840

  • On EX2300 and EX4650 switches, unicast RPF check in strict mode might not work properly. PR1417546

  • The time taken to install IPv4 or IPv6 routes into the FIB or delete them from the FIB is slowed down in Junos OS Release 19.3. Analysis shows that rpd learning rates are not degraded but RIB-to-FIB download rate is degraded. PR1441737

  • On an EX9214 switch, if the MACsec-enabled link flaps after reboot, the error errorlib_set_error_log(): err_id(-1718026239) is observed. PR1448368

  • In overall commit time, the evaluation of mustd constraints is taking 2 seconds more than usual. This is because the persist-group-inheritance feature has been made a default feature in the latest Junos OS releases. Eventually, this feature helps improve the subsequent commit times for scaled configurations significantly. The persist-group-inheritance feature is useful in customer scenarios where groups and nested groups are used extensively. In those scenarios, the group inheritance paths are not built every time, thus subsequent commits are faster. PR1457939

  • On EX4300 switches, when packets entering a port exceed a size of 144 bytes, they might get dropped in very few cases. PR1464365

  • Under certain conditions, FXPC core files might be generated when the Virtual Chassis reboots. Subsequently, the FXPC process comes up again and the Virtual Chassis is formed. PR1470185

  • Memory issues are seen while you do NSSU from earlier Junos OS Release to Junos OS Release 20.1R1. Manually cleanup the space and run the request system storage cleanup command. PR1494963


  • On EX3400 and EX2300 switches, during zero-touch provisioning (ZTP) with configuration and image upgrade with file transfer through FTP, image upgrade is successful, but sometimes VM core files might be generated. PR1377721

Junos Fusion Satellite Software

  • In Junos fusion SP setup, EX4300 acting as satellite devices is generating temperature sensor alarm on multiple satellite devices modules connected to same aggregation device. PR1466324

Layer 2 Ethernet Services

  • If forward-only is set within dhcp-reply in a Juniper Networks device as a DHCP relay agent, the DHCP DECLINE packets that are broadcasted from the DHCP client are dropped and not forwarded to the DHCP server. PR1429456

Network Management and Monitoring

  • On a Junos fusion environment, intermediate traffic drop is seen between AD and SD when sFlow is enabled on an ingress interface. This issue is not seen always. When sFlow is enabled, the original packet gets corrupted for those packets that hit the sFlow filter. This is because a few packets transmitted from the egress interface of AD1 is short of FCS (4 bytes) + 2 bytes of data, due to which the drop occurs. It is seen that the normal data packets are of size 128 bytes (4 bytes FCS + 14 bytes Ethernet header + 20 bytes IP header + 90 bytes data), while the corrupted packet is 122 byte (14 bytes Ethernet header + 20 byte IP header + 88 bytes data). PR1450373

Platform and Infrastructure

  • On EX9208 switches, traffic loss is observed if ingress and egress ports are in different FPCs. PR1429714

  • On EX9208 switches, 33 percent degradation in MAC learning rate is seen in Junos OS Release 19.3R1 while comparing with Junos OS Release 18.4R1. PR1450729

Routing Protocols

  • MUX state of the LACP interface sometimes does not change when force-up is configured. PR1484523

Resolved Issues

Learn which issues were resolved in Junos OS main and maintenance releases for EX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Authentication and Access Control

  • On EX4600 and EX4300 switches, MAC entry is missing in the Ethernet switching table for Mac-radius client in server fail scenario when tagged is sent for two client. PR1462479

Class of Service (CoS)

  • Shaping does not work after the reboot if shaping-rate is configured. PR1432078

  • The traffic is placed in network-control queue on an extended port even if it comes in with different DSCP marking. PR1433252


  • The rpd might crash after the EVPN-related configuration is changed. PR1467309

Forwarding and Sampling

  • Type 1 ESI/AD route might not be generated locally on the EVPN PE device in the all-active mode. PR1464778

General Routing

  • The l2cpd process might crash and generate a core file when interfaces flap. PR1431355

  • MicroBFD flap is seen when a QSFP transceiver is inserted into other port. PR1435221

  • EX4600 Virtual Chassis does not come up after the Virtual Chassis port fiber connection is replaced with a DAC cable. PR1440062

  • MAC addresses learned on an RTG might not be aged out after a Virtual Chassis member reboots. PR1440574

  • Except one aggregated Ethernet member link, the other links do not send out sFlow sample packets for ingress traffic. PR1449568

  • On EX3400 switches with half-duplex mode on 10-Mbps or 100-Mbps speed at medium traffic egress, traffic flow might stop on the port and MAC pause frames will be incrementing in the receive direction. PR1452209

  • The l2ald and eventd processes are hogging 100 percent after the clear ethernet-switching table command is issued. PR1452738

  • A firewall filter might not be applied in a particular Virtual Chassis or Virtual Chassis Fabric member as TCAM is running out of space. PR1455177

  • Packet drop might be seen after removing and reinserting the SFP transceiver of the 40G uplink module ports. PR1456039

  • Link-up delay and traffic drop might be seen on mixed SP L2/L3 and EP L2 type configurations. PR1456336

  • The syslog timeout connecting to peer database-replication message is generated when the show version detail command is issued. PR1457284

  • Overtemperature SNMP trap messages appear after an update even though the temperature is within the system thresholds. PR1457456

  • The correct VoIP VLAN information in LLDP-MED packets might not be sent after commit if dynamic VoIP VLAN assignment is used. PR1458559

  • The FXPC process might crash due to several BGP IPv6 session flaps. PR1459759

  • On EX2300 and EX3400 switches, storage space limitation leads to image installation failure during phone home. PR1460087

  • MAC addresses learned on redundant trunk group (RTG) might not be aged out after the aging time if the source interface is configured as RTG. PR1461293

  • RTG link is down for nearly 20 seconds when the backup node is rebooting. PR1461554

  • Configuring any combination of VLANs and interfaces under VSTP/MSTP might cause the VSTP/MSTP-related configuration to fail. PR1463251

  • The Virtual Chassis function might be broken after an upgrade on EX2300 and EX3400 devices. PR1463635

  • A few command lines to disable MAC learning are not working. PR1464797

  • The jdhcpd might consume a high CPU and no further subscribers can be brought up if there are more than 4000 DHCP relay clients in the MAC move scenario. PR1465277

  • On EX2300 switches, an FXPC core file is seen after mastership election based on the user's priority. PR1465526

  • The broadcast and multicast traffic might be dropped over an IRB or a LAG interface in a Virtual Chassis scenario. PR1466423

  • The MAC move message might have an incorrect from interface when MAC moves rapidly. PR1467459

  • Optics measurements might not be streamed for interfaces of a PIC over JTI. PR1468435

  • EX3400 switch is advertising only 100 Mbps when a speed of 100 Mbps is configured with autonegotiation enabled. PR1471931

  • On EX4600 switches, the shaping of CoS does not work after reboot. PR1472223

  • On EX3400 switches, CoS 802.1p bits rewrite might not happen in Q-in-Q mode. PR1472350

  • The RIPv2 packets forwarded across a Layer 2 circuit connection might be dropped. PR1473685

  • The dhcpd process might crash in a Junos fusion environment. PR1478375

  • Trio based line-card might crash when there is a bulk route update failure in a corner case. PR1478392

  • TFTP installation from loader prompt might not succeed on EX Series devices. PR1480348

  • In an EVPN-VXLAN scenario, ARP request packets for an unknown host might be dropped in remote PE device. PR1480776


  • EX2300 switches might stop forwarding traffic or responding to the console. PR1442376

  • On EX4300 switches, the CLI configuration set chassis routing-engine on-disk-failure disk-failure-action (reboot | halt) is not supported. PR1450093

  • EX Series switches might not come up properly after reboot. PR1454950

  • On EX4600 and EX4300 Virtual Chassis, error messages related to soft reset of port due to queue buffers being stuck could be seen. PR1462106

  • Traffic is dropped on an EX4300-48MP device acting as a leaf device in a Layer 2 IP fabric EVPN-VXLAN environment. PR1463318

  • EX3400 switches might reboot because of lack of watchdog patting. PR1469400

  • In an EX2300 Virtual Chassis scenario, continuous dcpfe error messages and eventd process hog might be seen. PR1474808

Interfaces and Chassis

  • VRRPv6 state is flapping with init and idle states after configuring vlan-tagging. PR1445370

  • Traffic might be forwarded to incorrect interfaces in an MC-LAG scenario. PR1465077

  • Executing commit might become unresponsive due to stuck device control process. PR1470622

Junos Fusion Enterprise

  • Loop detection might not work on extended ports in Junos fusion scenarios. PR1460209

Junos Fusion Satellite Software

  • In Junos fusion for enterprise, the dpd crash might be observed on satellite devices running SNOS. PR1460607

Layer 2 Features

  • MAC or ARP learning might not work for copper base SFP-T transceivers on EX4600 switches. PR1437577

  • The Link Layer Discovery Protocol (LLDP) function might fail when a Juniper device connects to a non-Juniper device. PR1462171

  • After rebooting, an FXPC core file might be seen when committing the configuration. PR1467763

  • Traffic might be affected if composite next-hop is enabled. PR1474142

Layer 2 Ethernet Services

  • Member links state might be asynchronized on a connection between PE and CE devices in an EVPN A/A scenario. PR1463791

Platform and Infrastructure

  • NSSU causes traffic loss again after the backup to master transitions. PR1448607

  • In a Virtual Chassis scenario, the IRB traffic might get dropped after master switchover. PR1453025

  • The OSPF neighbor might go down when mDNS/PTP traffic is received at a rate higher than 1400 pps. PR1459210

  • ERP might not revert to IDLE state after reload or reboot of multiple switches. PR1461434

  • On EX4300 Virtual Chassis, traffic loss might be observed longer than 20 seconds when performing NSSU. PR1461983

  • On EX2300 and EX3400 switches, the upgrade might fail as there is not enough space. PR1464808

  • On EX4300 switches, IGMP reports are dropped when mixed enterprise and service provider configuration styles are used. PR1466075

  • On EX4300 switches, an input firewall filter attached to isolated or community VLANs fails to match dot1p bits on the VLAN header. PR1478240

  • Virtual Chassis VRRP peer drops packets destined to the VRRP VIP after IRB is disabled. PR1491348

Routing Protocols

  • Host-destined packets with the filter log action might not reach the Routing Engine if log or syslog is enabled. PR1379718

  • On EX9208 platforms, BGP IPv4 or IPv6 convergence and RIB install or delete time are degraded in Junos OS Releases 19.1R1, 19.2R1, 19.3R1, and 19.4R1. PR1414121

  • On EX4600 platforms, the traffic with destination UDP port 521 (RIPng) gets dropped. PR1429543

  • The other querier present interval timer cannot be changed in an IGMP/MLD snooping scenario. PR1461590

User Interface and Configuration

  • Problem with access to J-Web after updating from Junos OS Release 18.2R2 to Release 18.2R3. PR1454150

  • Error message umount: unmount of /.mount/var/val/chroot/packages/mnt/jweb-ex32-d2cf6f6b failed: Device busy is seen when Junos OS is upgraded with the validate option. PR1478291

Documentation Updates

There are no errata or changes in Junos OS Release 20.1R1 documentation for the EX Series switches.

Migration, Upgrade, and Downgrade Instructions

This section contains the upgrade and downgrade support policy for Junos OS for the EX Series. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network. For information about software installation and upgrade, see the Installation and Upgrade Guide.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1, 17.2, and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.

You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see