Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
[+] Expand All
[-] Collapse All

No index entries found.

Known Behavior

This section describes certain SRC software behaviors and related issues to emphasize how the system works.


  • ANCP update information from two routers might conflict.

    ACP uses the NasPortId as a unique identifier for ANCP update information stored in the remote update database. However, the NasPortId is unique only within a router so ANCP update information from two routers can conflict with each other and cause one update to overwrite the other.

    Reference: TIC 16592 / PR 902808

Aggregate Services

  • NIC does not map primary username to managing SAE in aggregate services.

    If you use aggregate services and specify a primary username for a subscriber reference expression, note that the configuration scenarios provided with the NIC do not provide a mapping from a primary username to the managing SAE. Consider using the login name instead. If you want to use the primary username as the subscriber reference expression for a fragment service, contact Juniper Networks Professional Services for assistance with setting up the NIC configuration to resolve the primary username to locate the managing SAE.

    Reference: None

Configuration Backups

  • Save configurations in XML format for proper loading.

    You must save configurations in XML format using the save command. Other formats, such as configurations saved in text format or the output of the display set command, may not load properly.

    Reference: TIC 16244

Configuration Updates

  • When you use the load merge, load override, or load replace command at any hierarchy level, the command loads all the configuration in the specified file.

    If you want to load the configuration for a specified hierarchy level:

    • Ensure that the file contains the sdx:current=true text to identify the level at which the configuration is to be loaded.
    • Run a load command with the relative option at the level at which you want to update the configuration.

    If a file contains configuration statements other than those at and below the level identified by sdx:current=true, the command disregards the other statements.

    If you enter a load command with the relative option and the file does not contain the text sdx:current=true, you receive a message indicating that the configuration cannot be loaded.

    Reference: None

Console Authentication

  • Logging in after entering the wrong password the first time.

    If you enter the wrong username/password combination when you log into the console, you are prompted for the LDAP password. This request is for the same password that you had entered on your first try.

    Reference: TIC 14193

C-Web Interface

  • After you configure the Auto Refresh Interval option using the C-Web Interface, the graph is not refreshed based on the customized from and to time interval values.

    Reference: PR 979445

Juniper Networks Database

  • Recommendations for use of multiple primary Juniper Networks databases.

    We recommend that you configure two to four Juniper Networks databases as primary databases in a community. If you plan to use more than two Juniper Networks databases in a primary role and expect to have frequent updates to the Juniper Networks database, we recommend that you test your application scenario with a projected traffic load. For assistance testing your application scenario, contact Juniper Networks Professional Services or JTAC.

    Reference: None

  • Deleting statements on platforms running a secondary Juniper Networks database.

    When you delete statements from the CLI for a Juniper Networks database assigned a secondary role, you can receive a message for ContextNotEmptyException such as:

    [edit]root@golem# commitjavax.naming.ContextNotEmptyException:ou=local,retailerName=ldapcommret1,o=users,o=UMC cannot be deletedcommit completed with the above exception(s). commit complete.

    Workaround: Enter the commands to delete the same statements from a Juniper Networks database assigned a primary role. Whenever you delete statements for a Juniper Networks database, do so from a Juniper Networks database assigned a primary role.

    Reference: TIC 13376



  • IPv4 policies are pushed to delegated DHCPv6 subscribers over the dual stack PPPv6 protocol.

    Workaround: Make sure that you configure only IPv6 policies for delegated DHCPv6 subscribers.

    Reference: PR 996681

  • Do not disable the Juniper Networks database (jdb component) while configuring policies with the Policies, Services, and Subscribers Editor.

    Workaround: Enable the Juniper Networks database and restart the CLI.

    Reference: TIC 15573

  • Deleting policies that are being used can cause problems.

    Do not delete policies, especially default policies that are in use.

    Reference: TIC 15153 / PR 1003053

Policy Management

  • Use care when modifying configurations with other policy management tools for interfaces on JunosE routers that are managed by the SRC software.

    When applying policies to interfaces on JunosE routers that are managed by the SRC software, carefully consider using other policy management tools, such as CLI, RADIUS, CoA, or Service Manager. Policies that are applied to the interface before SRC management begins, such as at access-accept time, are properly replaced. However, if other policy managers change existing policies while SRC management is active, problems can occur.

    • If you have a preconfigured policy through CLI or RADIUS as part of subscriber PVC/VLAN provisioning, the existing policy becomes inactive and the SAE manages the subscriber interface. When the SAE stops managing the interface, the preconfigured policy becomes active. However, if you change the policy on the interface using CLI or CoA, problems can occur.
    • If you have a policy in Access-Accept, the existing policy becomes inactive and the SAE manages the interface.


  • When you configure an interface classifier rule under the [edit shared classification-script interface classifier] hierarchy level, the changes do not take effect immediately on the SRC software.

    Workaround: Restart SAE for the changes to take effect.

    Reference: PR 973224

  • When using VPN ID to identify subscriber sessions for MX Series routers that support the packet-triggered subscribers and policy control (PTSP) feature, the NIC and Dynamic Service Activator are not supported.

    Reference: TIC 16565 / PR 902785

  • SAE shared properties cannot be created until local SAE properties are edited for the configuration group.

    If you want to use the configuration group for the SAE, edit the SAE shared properties at the [edit slot 0 sae] hierarchy level, then the group properties.

    Workaround: Configure a group within the SAE. To do so:

    1. At the [edit slot 0 sae] hierarchy level, specify a group name.
      [edit slot 0 sae]user@host# set shared /SAE/<group name>user@host# commitcommit complete.
    2. Review the local properties.
      user@host# showreal-portal-address;shared /SAE/<group name>
      initial {directory-connection {url ldap://;principal cn=ssp,ou=Components,o=Operators,<base>;credentials ********;blacklist;}directory-eventing {eventing;polling-interval 30;}}
      radius {local-address;local-nas-id SAE.myCseries;}
    3. Change properties as needed (you must change at least one value to create the group) and commit the configuration.
    4. Configure the group within a shared SAE configuration.
      [edit]user@host# edit shared sae group <group name>

    Reference: TIC 12487

  • Output for show sae slot 0 statistics process command.

    If you run the show sae slot 0 statistics process command shortly after you start the SAE, the CLI may become inoperative.

    Workaround: Wait for several minutes after you start the SAE before you run the show sae slot 0 statistics process command. If the CLI becomes inoperative, press Ctrl+c, wait a few seconds, and enter the command again.

    Reference: TIC 13387

  • During synchronization in COPS-PR mode, the JunosE router can send delete request state (DRQ) messages for interfaces for which a request (REQ) message has not been received. In this case, the SAE logs an error message similar to the following:
    11:30:33.140 EDT 26.08.2005 [CopsHandler-15/0xAC001FCE] [UnsolicitedMessage] [50] Unable to handle message for unknown context: {Message type: 3, ClientType: 24754, Handle: Handle(C-Num=1,C-Type=1,handle=0xAC001FCE)

    You can ignore messages similar to the one above.

    Reference: TIC 10927

  • During shutdown, the SAE sometimes logs the following stack trace to stderr. This message is harmless and can safely be ignored.
    2004-12-24 11:35:25| 11:35:29| at Method)2004-12-24 11:35:29| at ( 11:35:29| at ( 11:35:29| at org.mortbay.util.ByteArrayISO8859Writer.writeTo ( 11:35:29| at org.mortbay.util.OutputStreamLogSink.log ( 11:35:29| at org.mortbay.util.OutputStreamLogSink.log
    2004-12-24 11:35:29| at org.mortbay.util.Log.message( 11:35:29| at org.mortbay.util.Log.message( 11:35:29| at org.mortbay.util.Log.event( 11:35:29| at org.mortbay.util.ThreadedServer$ (

    Reference: TIC 9506


  • Service names are case-preserving.

    Do not mix cases in service names. Make sure you use the same names when specifying the service and subscription.

    Reference: TIC 14932

  • Runtime parameters are not resolved when activating sample AAA policies.

    Do not use the user_ipMask and user_ipAddress runtime parameters for activate-on-login services.

    Reference: TIC 15181


  • Previous releases of the SRC VTA provided a public Enterprise Java Bean (EJB)-based API. In the SRC 4.2.x software release, this API has been deprecated. It may be removed in a future release. In the SRC 4.2.0 software release, the EJB-based API has been replaced with a SOAP API that provides the same functionality.

Modified: 2015-07-23