Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

What’s Changed

Learn about what changed in this release for ACX Series.

Authentication and Access Control

  • SHA-1 password format deprecated (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX and vSRX)—We've removed the sha1 option at the [edit system login password format] hierarchy level because SHA-1 is no longer supported for plain-text password encryption.

General Routing

  • OpenConfig container names for Point-to-Multipoint per interface ingress and egress sensors are modified for consistency from signalling to signaling.

Network Management and Monitoring

  • Changes to the NETCONF <edit-config> RPC response (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)—When the <edit-config> operation returns an error, the NETCONF server does not emit a <load-error-count> element in the RPC response. In earlier releases, the <edit-config> RPC response includes the <load-error-count> element when the operation fails.

  • DES deprecation for SNMPv3-The Data Encryption Standard (DES) privacy protocol for SNMPv3 is deprecated due to weak security and vulnerability to cryptographic attacks. For enhanced security, configure the triple Data Encryption Standard (3DES) or the Advanced Encryption Standard (CFB128-AES-128 Privacy Protocol) as the encryption algorithm for SNMPv3 users.

    [See privacy-3des and privacy-aes128.]

  • Change in in unnumbered-address support for GRE tunnel—Starting in Junos OS Release 24.4R1, there is a behavioural change in unnumbered-address support for GRE tunnel with IPV6 family and display donor interface for both IPV4 and IPV6 families of GRE tunnel. You can view interface donor details under show interfaces hierarchy level.

    [See show interfaces.]

Routing Protocols

  • SSH TCP forwarding disabled by default—We've disabled the SSH TCP forwarding feature by default to enhance security. To enable the SSH TCP forwarding feature, you can configure the allow-tcp-forwarding statement at the [edit system services ssh] hierarchy level.

    In addition, we've deprecated the tcp-forwarding and no-tcp-forwarding statements at the [edit system services ssh] hierarchy level.

    [See services (System Services).]

VPNs

  • Changes to show mvpn c-multicast and show mvpn instance outputs—The FwdNh output field displays the multicast tunnel (mt) interface in the case of Protocol Independent Multicast (PIM) tunnels.

    [See show mvpn c-multicast.]