Outstanding Issues

Platform and Infrastructure

• If you send a real-time performance monitoring (RPM) probe through an IPSec tunnel and the probe includes the hardware-timestamp statement at the [edit services rpm probe owner-name test test-name] hierarchy level, RPM ICMP ping type probes might not work. [PR/75927]
• On J4350 and J6350 Services Routers, if the MTU is set to more than 6 KB for a built-in Gigabit Ethernet port or a 1-port Gigabit Ethernet ePIM, packets might be discarded with a frame check sequence (FCS) error. [PR/82245]
• A user cannot log in to the J-Web client through RADIUS or TACACS+ authentication if the user profile already has authorization parameters specified on the server side. As a workaround, ensure that the user profile parameters are not specified or are set with empty values on the server. [PR/94445]

Interfaces and Chassis

• On channelized E1 interfaces, you might be able to configure clocking on ds-pim/0/port:n interfaces, where n is not unit 0. This is an invalid configuration and might cause a clocking selection problem on the other channels. [PR/24722]
• For ISDN dialer interfaces, when you configure the no-keepalives statement at the [edit interfaces dl0 unit logical-unit-number] hierarchy level and you issue the show interfaces dl0 command, the Link flags field might still show keepalives. [PR/58520]
• If you disable a services interface by including the disable statement at the [edit interfaces sp-pim/0/port] hierarchy level and then delete the disable statement from the configuration, IPSec service is not reset correctly. As a workaround, either issue the deactivate services command followed by the activate services command, or issue the request chassis pic offline fpc-slot pim-slot pic-slot 0 command followed by the request chassis pic online fpc-slot pim-slot pic-slot 0 command. [PR/58522]
• When you take an ISDN interface offline, the LEDs on the ISDN PIM might not turn off. [PR/59536]
• On ISDN interfaces, if you configure the vrf-table-label statement at the [edit routing-instances instance-name] hierarchy level, packets might be dropped from the connection. [PR/59718]
• On ISDN dialer interfaces, if you configure the minimum-links statement at the [edit interfaces dl0 unit logical-unit-number] hierarchy level and then deactivate the BRI interface associated with the dialer interface, the output packets counter displayed in the output of the show interfaces dl0 command might continue to increment. [PR/59986]
• On ISDN dialer interfaces, when you configure the load-threshold 100 statement at the [edit interfaces dl0 unit logical-unit-number dialer-options] hierarchy level and the 56-Kbps bandwidth threshold is exceeded, the interface does not support additional network traffic and might not activate another BRI interface. [PR/60045]
• J4350 and J6350 Services Routers might not have the requisite data buffers needed to meet expected delay-bandwidth requirements. Lack of data buffers might degrade CoS performance with smaller-sized (500 bytes or less) packets. [PR/73054]
• On J4350 and J6350 Services Routers, when an Avaya TGM550 PIM is in reset state, the Services Router might not respond to show chassis commands for up to 5 seconds. [PR/78695]
• If you ping a nonexistent IPv6 address that belongs to the same subnet as an existing point-to-point link, the packet loops between the two point-to-point interfaces until the time-to-live timer expires. [PR/94954]
• On J-series Services Routers running JUNOS Release 8.3 or later, a Channelized T1/E1/ISDN PRI PIM running firmware version 2.3 or earlier might not initialize or might have clocking problems. After an upgrade to JUNOS 8.3 or later, verify the firmware version of any Channelized T1/E1/ISDN PRI PIM by issuing the show system firmware command. If the firmware version is not 2.4 or later, contact Juniper Networks customer support. [PR/102638]

Services Applications

• When you configure intrusion detection services (IDS) on J-series platforms, including the threshold statement at the [edit services ids rule rule-name term term-name then logging] hierarchy level has no effect. [PR/46577]
• If you configure an IPSec-over-GRE tunnel, there might be fragmentation issues. As a workaround, delete the clear-dont-fragment statement and the mtu statement on the GRE interface, and include the tunnel-mtu 9192 statement at the [edit services ipsec-vpn rule rule-name term term-name then] hierarchy level on both sides of the connection. [PR/74377]