Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

What's Changed

Learn about what changed in this release for PTX Series routers.

General Routing

  • SSH key options for user account credentials. You can configure key-options key-options option at the set system login user user authentication [ssh-rsa|ssh-ecdsa|ssh-ed25519] ssh key hierarchy level.

    [See login.]

  • Displays the event log of learned MAC addresses. By default mac-learning-logs are stored in UTC timestamps. To view the logs in system timezone, use the show ethernet-switching mac-learning-log use-system-timezone command. The show ethernet-switching mac-learning-log use-system-timezone command also prints the time zone abbreviations [IST, UTC, etc] in the timestamp. To view the logs in system timezone by default by using the show ethernet-switching mac-learning-log command, you need to configure the system-timezone statement at the [edit protocols l2-learning mac-learning-log] hierarchy level.

  • [Change in CLI output (PTX Series)]?The CLI output for show system license bandwidth, show system license bandwidth fpc, and show system license fpc commands is updated.

    [See Monitor Junos Licenses.]

  • When you run the request vmhost zeroize command to zeroize a single Routing Engine on a dual Routing Engine device, the CLI incorrectly displays a message indicating that it will zeroize both Routing Engines.

  • Deprecated license trace (Junos OS Evolved)—We've deprecated the CLI option show system license liblicense-trace.

  • On the MPC7E-10G line card, when you configure the 10-Gigabit Ethernet ports to operate as 1-Gigabit Ethernet ports, use the speed statement at both the edit interfaces <interface name> gigether-options and edit interfaces interface <name hierarchy> levels.

  • SMAC accounting mismatch (PTX10002-36QDD, and PTX10008)—Source MAC (SMAC) accounting over accounts the byte counter by including the L2 overhead in an IP packet. Both ingress and egress accounting for a SMAC learnt on any interface is affected. The packet accounting and the number of SMAC addresses learnt is correct.

    [See MAC address accounting for L3 interfaces and aggregated Ethernet interfaces]

  • Control Maximum 802.1X Client Connections per Interface—By default, dot1x interfaces configured in multiple supplicant mode have a client limit of 100 authenticated connections per interface. Any additional connection attempts beyond this limit will be automatically blocked.

Forwarding and Sampling

  • IPv6 packets with link-local source address dropped per RFC 4291 (PTX12008,PTX10002-36QDD)-IPv6 packets that use a link-local source address and a global destination address won't be forwarded on a PTX12008 Router or PTX10002-36QDD. This behavior complies with RFC 4291 requirements. These IPv6 packets are dropped, and the system sends an "ICMPv6 destination unreachable with code 2" error message to the packet's source.

Interfaces and Chassis

  • Vlan Tagging 1. For PTX Junos OS Evolved platforms, if you have configured an Interface Device (IFD) with the family ethernet switching vlan members configuration, you cannot use both VLAN tagging and flexible VLAN tagging CLI commands on the IFD at the same time. This configuration is not supported, and a warning is issued if you try to commit this configuration. 2. For Junos OS Evolved platforms, if you have configured any Logical Interface (IFL) on an Interface Device (IFD) with the family ethernet-switching configuration, you cannot configure any other families on a different IFL unless you configure the IFD with the flexible-ethernet-services encapsulation type. This configuration is not supported, and a warning is issued if you try to commit this configuration.

Network Management and Monitoring

  • Ephemeral database default commit synchronize model changed to synchronous (PTX10001-36MR, PTX10002-36QDD, PTX10003, PTX10004, PTX10008, PTX10016, and PTX12008)—We've changed the default commit synchronize model for the ephemeral database from the asynchronous model to the synchronous model. With this change, we've deprecated the allow-commit-synchronize-with-gres statement and only the synchronous model supports synchronizing ephemeral data on devices that have graceful Routing Engine switchover (GRES) or nonstop active routing (NSR) enabled.

    [See Understanding Ephemeral Database Commit Synchronize Models.]

  • Deprecation of shell option—The shell option no longer requires a separate configuration and is now the default behavior. Deprecating the shell option enhances efficiency and simplifies management tasks.

Platform and Infrastructure

  • Tacacs authorisation support for local authentication without password—Starting in Junos OS Evolved Release 25.4R1, you need not configure password under edit system authentication-order to enable password-options.

  • Commit validation for unique user IDs—We have added support to validate the user configuration to ensure that each user is assigned a unique UID. A commit fails if duplicate UIDs are detected, ensuring stronger validation and preventing identity conflicts. Previously, a commit was successful even when multiple users shared the same UID, triggering only a warning and logging a syslog message.

User Interface and Configuration

  • Generate genstate YANG modules on Junos devices—You can use show system schema operational command or equivalent RPC to generate the genstate YANG modules in the specified output directory on a device.

    [See show system schema.]