What’s Changed in Release 21.3R3

Changes to how command-line arguments are passed to Python action scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)—When a custom YANG RPC invokes a Python action script and passes command-line arguments to the script, the device prefixes a hyphen (-) to single-character argument names, and it prefixes two hyphens (--) to multi-character argument names. The prefix enables you to use standard command-line parsing libraries to handle the arguments. In earlier releases, the device passes the unmodified argument names to the script.

[See Creating Action Scripts for YANG RPCs on Devices Running Junos OS and Displaying Valid Command Option and Configuration Statement Values in the CLI for Custom YANG Modules.]

Refreshing scripts from an HTTPS server requires a certificate (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)—When you refresh a local commit, event, op, SNMP, or Juniper Extension Toolkit (JET) script from an HTTPS server, you must specify the certificate (Root CA or self-signed) that the device uses to validate the server's certificate, thus ensuring that the server is authentic. In earlier releases, when you refresh scripts from an HTTPS server, the device does not perform certificate validation. When you refresh a script using the <codeph>request system scripts refresh-from</codeph> operational mode command, include the <codeph> cert-file </codeph> option and specify the certificate path. Before you refresh a script using the <codeph>set refresh</codeph> or <codeph>set refresh-from </codeph> configuration mode command, first configure the <codeph> cert-file </codeph> statement under the hierarchy level where you configure the script. The certificate must be in Privacy-Enhanced Mail (PEM) format.

[See request system scripts refresh-from and cert-file.]

Enhancement to the snmp mib walk command (PTX Series, QFX Series, EX Series, MX Series, SRX Series)—The ipv6IfOperStatus field displays the current operational state of the interface. The noIfIdentifier(3) state indicates that no valid Interface Identifier is assigned to the interface. This state usually indicates that the link-local interface address failed Duplicate Address Detection. When you specify the 'Duplicate Address Detected' error flag on the interface, the new value (noIfIdentifier(3)) is displayed. Previously, the snmp mib walk command did not display the new value (noIfIdIdentifier(3)).

Changes in contextEngineID for SNMPv3 INFORMS (PTX Series, QFX Series, ACX Series, EX Series, MX Series, and SRX Series—Now the contextEngineID of SNMPv3 INFORMS is set to the local engine-id of Junos devices. In earlier releases, the contextEngineID of SNMPv3 INFORMS was set to remote engine-id.

[See SNMP MIBs and Traps Supported by Junos OS.]

Juniper Agile Licensing (EX2300-VC, EX3400-VC, EX4300-VC, EX4400-24MP, EX4400-48MP, PTX10003, PTX10016, QFX5130-32CD, QFX5110-32Q, QFX5110-48S, QFX5120-48T, QFX5210-64C, QFX5200, and QFX5220)—Starting from this release onwards, the Juniper Agile License Manager is deprecated. You can use the Juniper Agile Licensing Portal to activate, install, manage, and monitor licenses on Juniper Networks devices.

[Juniper Agile Licensing Guide]

When you configure max-cli-sessions at the [edit system] hierarchy level, it restricts the maximum number of CLI sessions that can coexist at any time. Once the maximum-cli-sessions number is reached, new CLI access is denied. The users who are configured to get the CLI upon login, are also denied new login.