Rate and give feedback:  Feedback Received. Thank You!

Rate and give feedback: 

X

This document helped resolve my issue

Yes No

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:  

E-mail: 

Enter a valid Email ID

Need product assistance? Contact Juniper Support

Submit

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply.

English  

English

Resolved Issues in Junos OS Release 12.3 for EX Series Switches

The following issues have been resolved in Junos OS Release 12.3 for EX Series switches. The identifier following the descriptions is the tracking number in our bug database.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Note: Other software issues that are common to both EX Series switches and M, MX, and T Series routers are listed in Outstanding Issues in Junos OS Release 12.3 for M Series, MX Series, and T Series Routers.

• Issues Resolved in Release 12.3R1
• Issues Resolved in Release 12.3R2
• Issues Resolved in Release 12.3R3
• Issues Resolved in Release 12.3R4
• Issues Resolved in Release 12.3R5
• Issues Resolved in Release 12.3R6
• Issues Resolved in Release 12.3R7
• Issues Resolved in Release 12.3R8
• Issues Resolved in Release 12.3R9
• Issues Resolved in Release 12.3R10
• Issues Resolved in Release 12.3R11
• Issues Resolved in Release 12.3R12

Issues Resolved in Release 12.3R1

The following issues have been resolved since Junos OS Release 12.2. The identifier following the description is the tracking number in our bug database.

Access Control and Port Security

• For LLDP, the values for the IEEE 802.3 - MAC/PHY Configuration/Status TLV might be incorrect. [PR/607533: This issue has been resolved.]
• If a Unified Access Control (UAC) infranet controller is unreachable, an 802.1X (dot1x) interface might not be able to access the server-fail VLAN. [PR/781586: This issue has been resolved.]
• If you enable 802.1X with MAC RADIUS authentication, that is, by including the mac-radius statement in the configuration, the authentication management process (authd) might reach a memory limit when there are approximately 250 users. As a workaround, reset the authd process when it reaches 85 percent of its RLIMIT_DATA value (that is, 85 percent of 130 MB). To check the amount of memory being used by the authd process, use the show system processes extensive operational mode command. [PR/783363: This issue has been resolved.]
• When access configuration is not required and the guest VLAN feature is configured, supplicants might not be able to authenticate using the guest VLAN and remain in the connecting state. [PR/783606: This issue has been resolved.]
• DHCP snooping might not allow DHCP Inform ACK packets to pass to the client. [PR/787161: This issue has been resolved.]
• If you configure a static MAC bypass for 802.1X (dot1x) and you add a new host to the exclusion list, the MAC addresses of existing hosts that have already been successfully authenticated using static MAC bypass might move to an incorrect VLAN. [PR/787679: This issue has been resolved.]
• Traffic leaks might occur for unknown unicast and broadcast traffic from multiple VLANs when a MAC-RADIUS-assigned VLAN is set on a switch interface through a server-initiated attribute change. If the 802.1X interface has VLAN 100 assigned and the RADIUS server sends a different VLAN attribute (for example, 200 rather than 100), after the interface is assigned in VLAN 200, it also sends egress unknown unicast and broadcast traffic that belongs to VLAN 100. [PR/829436: This issue has been resolved.]
• On EX6200 switches, LLDP stops working if you execute the set ethernet-switching-options voip interface access-ports vlan command. [PR/829898: This issue has been resolved.]

Class of Service

• When you are configuring class-of-service (CoS) drop profiles, the commit operation might fail and might display the message Missing mandatory statement: 'drop-probability'. [PR/807885: This issue has been resolved.]

Converged Networks (LAN and SAN)

• On EX4500 switches, the DCBX protocol does not work. [PR/795835: This issue has been resolved.]

Ethernet Switching and Spanning Trees

• When you enable Q-in-Q tunneling and MLD snooping, no snooping database is present on the switch. [PR/693224: This issue has been resolved.]
• If a VLAN change occurs quickly, the client might not be able to obtain an IP address. [PR/746479: This issue has been resolved.]
• When you add a new virtual routing and forwarding (VRF) instance, existing firewall filters might not be applied to the new VRF instance. [PR/786662: This issue has been resolved.]
• You cannot configure a VLAN whose name contains a hyphen (-). As a workaround, use an underscore (_) in the name instead. [PR/753090: This issue has been resolved.]
• Ethernet ring protection switching (ERPS; G.8032) does not block PVST BPDUs. [PR/793891: This issue has been resolved.]
• If you delete an IPv6 configuration on a routed VLAN interface (RVI), ARP requests might not be trapped to the CPU and are not resolved. As a workaround, delete the RVI and then reconfigure it, or reboot the switch after you delete the IPv6 configuration. [PR/826862: This issue has been resolved.]
• After a software upgrade on the switch, Spanning Tree Protocol (STP) might not be distributed on some aggregated Ethernet links. [PR/822673: This issue has been resolved.]

Firewall Filters

• On all EX Series switches except EX8200 switches, if you have configured several policer settings in the same filter, they might all be overwritten when you change one of the settings. As a workaround, delete the setting and then add it back again with the desired changes. [PR/750497: This issue has been resolved.]
• On EX8200 Virtual Chassis, if you add and delete a firewall filter for traffic that enters on one Virtual Chassis member and is transmitted out another member, IPv6 traffic might be dropped. If the ingress and egress interfaces are on the same member, the firewall filter works correctly. [PR/803845: This issue has been resolved.]
• On EX8200 Virtual Chassis, when both dscp and ieee-802.1 rewrite rules are applied on a routed VLAN interface (RVI), deleting the filters and binding again on the same RVI or clearing interface statistics might create a pfem core file. [PR/828661: This issue has been resolved.]

Hardware

• When you remove the hard drive from an XRE200 External Routing Engine, an SNMP trap and a system alarm might not be generated. [PR/710213: This issue has been resolved.]
• Non-Juniper Networks DAC cables do not work on EX Series switches. [PR/808139: This issue has been resolved.]
• On EX4200 switches, high CPU usage might be due to console cable noise. [PR/818157: This issue has been resolved.]
• On EX4550 switches, the backlight on the LCD panel does not turn on. [PR/820473: This issue has been resolved.]
• When an uplink module in the switch is operating in 1-gigabit mode, a chassism core file might be created if you remove an SFP transceiver from one of the module's interfaces. As the chassism process restarts, all traffic passing through the interface is dropped. This problem happens with both copper and fiber SFPs. [PR/828935: This issue has been resolved.]

High Availability

• On an XRE200 External Routing Engine, when you perform a nonstop software upgrade (NSSU) operation that includes the reboot option, the physical link might flap, which causes traffic loss and protocol flapping. [PR/718472: This issue has been resolved.]
• After you perform a nonstop software upgrade (NSSU), you might notice a traffic outage of 150 seconds while the line cards are restarting. [PR/800460: This issue has been resolved.]

Infrastructure

• If you enable gratuitous ARP by including the gratuitous-arp-reply, no-gratuitous-arp-reply, or no-gratuitous-arp-request statement in the configuration, the switch might process gratuitous ARP packets incorrectly. [PR/518948: This issue has been resolved.]
• The output of the show system users no-resolve command displays the resolved hostname. [PR/672599: This issue has been resolved.]
• Rate limiting for management traffic (namely, FTP, SSH, and Telnet) arriving on network ports causes file transfer speeds to be slow. [PR/691250: This issue has been resolved.]
• In some cases, broadcast traffic that is received on the management port (me0) is broadcast to other subnets on the switch. [PR/705584: This issue has been resolved.]
• The allow-configuration-regexps statement at the [edit system login class] hierarchy level does not work exactly the same way as the deprecated allow-configuration statement at the same hierarchy level. [PR/720013: This issue has been resolved.]
• When you delete the VLAN mapping for an aggregated Ethernet (ae) interface, the Ethernet switching process (eswd) might crash and display the error message No vlan matches vlan tag 116 for interface ae5.0. [PR/731731: This issue has been resolved.]
• The wildcard range unprotect configuration statement might not be synchronized with the backup Routing Engine. [PR/735221: This issue has been resolved.]
• After you successfully install Junos OS, if you uninstall AI scripts, an mgd core file might be created. [PR/740554: This issue has been resolved.]
• When there is a large amount of NetBIOS traffic on the network, the switch might exhibit high latency while pinging between VLANs. [PR/748707: This issue has been resolved.]
• On EX4200 switches, a Packet Forwarding Engine process (pfem) core file might be created while the switch is running the Packet Forwarding Engine internal support script and saving the output to a file. [PR/749974: This issue has been resolved.]
• You might see the following message in log files: Kernel/ (COMPOSITE NEXT HOP) failed, err 6 (No Memory). [PR/751985: This issue has been resolved.]
• On EX3300 switches, if you configure more than 20 BGPv6 neighbor sessions, the CLI might display the db> prompt. [PR/753261: This issue has been resolved.]
• On EX8200 switches, the master-only configuration for the management interface does not work. [PR/753765: This issue has been resolved.]
• The Junos OS kernel might crash because of a timing issue in the ttymodem() internal I/O processing routine. The crash can be triggered by simple remote access (such as Telnet or SSH) to the device. [PR/755448: This issue has been resolved.]
• On EX Series switches, after a flash memory initialization process for the /var or /var/tmp directory has been caused by severe corruption, SSH and HTTP access might not work correctly. As a workaround for SSH access, create a /var/empty folder. [PR/756272: This issue has been resolved.]
• On EX8200 switch line cards, a Packet Forwarding Engine process (pfem) core file might be created as the result of a memory segmentation fault. [PR/757108: This issue has been resolved.]
• EX4500 switches and EX8200-40XS line cards do not forward IP UDP packets when their destination port is 0x013f (PTP) or when the fragmented packet has the value 0x013f at the same offset (0x2c). [PR/775329: This issue has been resolved.]
• After you upgrade to Junos OS Release 11.4R3, EX Series switches might stop responding to SNMP ifIndex list queries. As a workaround, restart the switch. If restarting the switch is not an option, restart the shared-memory process (shm-rtsdbd). [PR/782231: This issue has been resolved.]
• When EX Series switches receive packets across a GRE tunnel, they might not generate and send ARP packets to the device at the other end of the tunnel. [PR/782323: This issue has been resolved.]
• On EX4550 switches, if you configure the management (me0) interface and a static route, the switch is unable to connect to a gateway. [PR/786184: This issue has been resolved.]
• After you remove an IPv6 interface configuration and then perform a rollback operation, the IPv4 label might change to explicit null. [PR/786537: This issue has been resolved.]
• When many packets are queued to have their next hop resolved, some packets might become corrupted. [PR/790201: This issue has been resolved.]
• If you configure IPv6 and VRRP, the IPv6 VRRP MAC address might be used incorrectly as the source MAC address when the switch routes traffic across VLANs. [PR/791586: This issue has been resolved.]
• The /var/log/messages file might fill up with the following message: caff_sf_rd_reg ret:00000 slot:1 chip:1 addr:02b45c data:0. [PR/792396. This issue has been resolved.]
• When you restart a line card, the BFD session might go down. [PR/793194: This issue has been resolved.]
• After the system has been up for days, EX8200 line cards might reach 100 percent CPU usage and then stay at 100 percent. [PR/752454: This issue has been resolved.]
• On an EX8200 Virtual Chassis, the dedicated Virtual Chassis port (VCP) link between the XRE200 External Routing Engine and the Routing Engine on a member switch might be down after an upgrade. As a workaround, manually disable and then enable the physical link. [PR/801507: This issue has been resolved.]
• After you upgrade Junos OS, a ppmd core file might be created, and protocols that use ppmd might not work correctly. [PR/802315: This issue has been resolved.]
• On EX3300 switches, when you are configuring BGP authentication, after you have configured the authentication key, BGP peering is never established. [PR/803929: This issue has been resolved.]
• An EX6200 switch might send 802.1Q tagged frames out of access ports when DHCP snooping is configured. This might prevent certain vendors’ end devices from receiving proper IP addresses from the DHCP server. [PR/804010: This issue has been resolved.]
• On EX Series switches that have Power over Ethernet (PoE) capability, chassisd (the chassis process) might crash when running SNMP requests (for example, SNMP get, get-next, and walk requests) on pethMainPse objects. This is caused by the system trying to free memory that is already freed. As a workaround, avoid running SNMP requests on pethMainPse objects. [PR/817311: This issue has been resolved.]
• If you reboot the switch with the routed VLAN interface (RVI) disabled, then even if you reenable the RVI, the RVI traffic is not routed in the Packet Forwarding Engine; the traffic is trapped to the CPU and is policed by the rate limit in the Packet Forwarding Engine. [PR/838581: This issue has been resolved.]

Interfaces

• EX4200 and EX4500 switches support 64 aggregated Ethernet interfaces even though the hardware can support 111 interfaces. [PR/746239: This issue has been resolved.]
• When VRRP is running between two EX8200 switches on a VLAN, after a master switchover, both switches might act as master. [PR/752868: This issue has been resolved.]
• After you change the physical speed on a Virtual Chassis member interface, an aggregated Ethernet (ae) interface might flap after you issue the next commit command to commit configuration changes. [PR/779404: This issue has been resolved.]
• On EX4500 switches, link-protection switchover or revert might not work as expected. [PR/781493: This issue has been resolved.]
• On aggregated Ethernet (ae) interfaces, the Link Layer Discovery Protocol (LLDP) might not work. [PR/781814: This issue has been resolved.]
• When you issue the show vrrp brief command, a VRRP process (vrrpd) core file might be created. [PR/782227: This issue has been resolved.]
• On EX8200 switches, when you issue the request system reboot other-routing-engine command, a timeout error might be displayed before the Routing Engine initiates its reboot operation. [PR/795884: This issue has been resolved.]
• On EX4550 switches, link autonegotiation does not work on 1-Gb SFP interfaces. [PR/795626: This issue has been resolved.]
• On EX Series switches, if you have configured a link aggregation group (LAG) with link protection, an interface on the backup member might drop ingress traffic. [PR/796348: This issue has been resolved.]
• If you apply a policer to an interface, the policer might not work, and messages similar to the following are logged: dfw_bind_policer_template_to_filter:205 Binding policer fails. [PR/802489: This issue has been resolved.]
• An interface on an EX4550-32F switch might go up and down randomly even when no cable is plugged in. [PR/803578: This issue has been resolved.]
• On EX3300 switches, when you configure VRRP with MD5 authentication with the preempt option on a routed VLAN interface (RVI), a vmcore file might be created. As a workaround, delete the preempt option and disable MD5 authentication for VRRP. [PR/808839: This issue has been resolved.]
• On EX4550 Virtual Chassis, the show chassis environment power-supply-unit operational mode command does not show the power supply status of all member interfaces. Use the show chassis hardware command instead. [PR/817397: This issue has been resolved.]

J-Web Interface

• In the J-Web interface, you cannot upload a software package using the HTTPS protocol. As a workaround, use either the HTTP protocol or the CLI. [PR/562560: This issue has been resolved.]
• In the J-Web interface, the link status might not be displayed correctly in the Port Configuration page or the LACP (Link Aggregation Control Protocol) Configuration page if the Commit Options preference is set to single commit (the Validate configuration changes option). [PR/566462: This issue has been resolved.]
• If you have created dynamic VLANs by enabling MVRP from the CLI, then in the J-Web interface, the following features do not work with dynamic VLANs or static VLANs:
  • In the Port Configuration page (Configure > Interface > Ports)—Port profile (select the interface, click Edit, and select Port Role) or the VLAN option (select the interface, click Edit, and select VLAN Options).
  • VLAN option in the LACP (Link Aggregation Control Protocol) Configuration page (Configure > Interface > Link Aggregation)—Select the aggregated interface, click Edit, and click VLAN.
  • In the 802.1X Configuration page (Configure > Security > 802.1x)—VLAN assignment in the exclusion list (click Exclusion List and select VLAN Assignment) or the move to guest VLAN option (select the port, click Edit, select 802.1X Configuration, and click the Authentication tab).
  • Port security configuration (Configure > Security > Port Security).
  • In the Port Mirroring Configuration page (Configure > Security > Port Mirroring)—Analyzer VLAN or ingress or egress VLAN (click Add or Edit and then add or edit the VLAN).

  [PR/669188: This issue has been resolved.]

• On EX4500 Virtual Chassis, if you use the CLI to switch from virtual-chassis mode to intraconnect mode, the J-Web interface dashboard might not list all the Virtual Chassis hardware components, and the image of the master and backup switch chassis might not be visible after an autorefresh occurs. The J-Web interface dashboard also might not list the vcp-0 and vcp-1 Virtual Chassis ports in the rear view of an EX4200 switch (in the linecard role) that is part of an EX4500 Virtual Chassis. [PR/702924: This issue has been resolved.]
• The J-Web interface is vulnerable to HTML cross-site scripting attacks, also called XST or cross-site tracing. [PR/752398: This issue has been resolved.]
• When you configure the no-tcp-reset statement, the J-Web interface might be slow or unresponsive. [PR/754175: This issue has been resolved.]
• In the J-Web interface, you cannot configure the TCP fragment flag for a firewall filter in the Filters Configuration page (Configure > Security > Filters). [PR/756241: This issue has been resolved.]
• In the J-Web interface, you cannot delete a term from a filter and simultaneously add a new term to that filter in the Filters configuration page (Configure > Security > Filters). [PR/769534: This issue has been resolved.]
• Some component names shown by the tooltip on the Temperature in the Health Status panel of the dashboard might be truncated. As a result, you might see many components that have the same name displayed. For example, the components GEPHY Front Left, GEPHY Front Middle, and GEPHY Front Right might all be displayed as GEPHYFront. [PR/778313: This issue has been resolved.]
• In the J-Web interface, the Help page for the Install package in the Software Maintenance page (Maintain > Software) might not appear. [PR/786654: This issue has been resolved.]
• If you issue the set protocols rstp interface logical-interface-name edge configuration command from the CLI, the J-Web interface might show that the configuration in the Configuration detail for Desktop and Phone window is not applicable for the port profile. However, no functionality for the Desktop and Phone port profile is affected. [PR/791323: This issue has been resolved.]
• In the J-Web interface, if you enable a spanning-tree protocol (STP, RSTP, or MSTP) and then exclude some ports from the spanning tree, you might not be able to include these ports as part of a redundant trunk group (RTG). [PR/791759: This issue has been resolved.]
• In the J-Web interface on EX4500 and EX4550 switches, you can configure temporal and exact-temporal buffers, which are not supported by Junos OS. [PR/796719: This issue has been resolved.]
• In a mixed Virtual Chassis in which an EX4550 switch is the master and at least one Virtual Chassis member supports Power over Ethernet (PoE), if you click Configure > POE and then click another tab, a javascript error might be displayed. [PR/797256; This issue has been resolved.]
• In the J-Web interface on EX4550 switches, if you are using in-band management and select EZSetup, the error message undefined configuration delivery failed is displayed even though the configuration has been successfully committed. [PR/800523: This issue has been resolved.]
• On EX2200 switches, in the dashboard in the J-Web interface, the flash memory utilization graph might show an incorrect value of 0%. As a workaround, to view utilization, click Monitor > System View > System Information and then click the Storage Media tab. [PR/823795: This issue has been resolved.]

Layer 2 and Layer 3 Protocols

• On EX8200 switches with OSPF configured, after a nonstop software upgrade (NSSU) to Junos OS Release 12.1R1, OSPF adjacency might not be established for some RVIs across link aggregation group (LAG) interfaces because the flooding entry is not programmed correctly. As a workaround, disable or enable the problematic interface by issuing the following commands:
  • user@switch# set interface interface-name disable
  • user@switch# delete interface interface-name disable

  [PR/811178: This issue has been resolved.]

• A BFD session might flap if there are stale BFD entries. [PR/744302: This issue has been resolved.]
• On XRE200 External Routing Engines on which PIM is configured, a nonstop software upgrade (NSSU) operation might fail when performed when an MSDP peer is not yet up. As a workaround, either disable nonstop active routing (NSR) for PIM using the set protocols pim nonstop-routing disable configuration command or ensure that MSDP has reached the Established state before starting an NSSU operation. [PR/799137: This issue has been resolved.]
• Multicast packets might be lost when the user switches from one IPTV channel to another. [PR/835538: This issue has been resolved.]

Management and RMON

• On EX8200 Virtual Chassis, when you perform an snmpwalk operation on the jnxPsuMIB, the output shows details only for the power supplies on a single line card member. [PR/689656: This issue has been resolved.]
• When you are using IS-IS for forwarding only IPv6 traffic and IPv4 routing is not configured, if you perform an SNMP get or walk operation on an IS-IS routing database table, the routing protocol process (rpd) might crash and restart, possibly causing a momentary traffic drop. [PR/753936: This issue has been resolved.]
• When an SNMP string is longer than 30 characters, it is not displayed in Junos OS command output. [PR/781521: This issue has been resolved.]
• The incorrect ifType might be displayed for counters on physical interfaces. [PR/784620: This issue has been resolved.]
• For sFlow monitoring technology traffic on the switches, incorrect information might be displayed for output ports. [PR/784623: This issue has been resolved.]
• After a Routing Engine switchover, LACP and MIB II process (mib2d) core files might be created. [PR/790966: This issue has been resolved.]
• An SNMP MIB walk might show unwanted data for newly added objects such as jnxVirtualChassisPortInPkts or jnxVirtualChassisPortInOctets. [PR/791848: This issue has been resolved.]
• On EX Series switches, sFlow monitoring technology packets might be dropped when the packet size exceeds 1500 bytes. [PR/813879: This issue has been resolved.]
• In EX3300 Virtual Chassis, if you perform an SNMP poll of jnxOperatingState for fan operation, the information for the last two members in the Virtual Chassis is incorrect. [PR/813881: This issue has been resolved.]
• On EX8200 switches, sFlow monitoring technology packets were being generated with an incorrect source MAC address of 20:0b:ca:fe:5f:10. This issue has been fixed, and the EX8200 switches now use the outbound port's MAC address as the source MAC address for sFlow monitoring technology traffic. [PR/815366: This issue has been resolved.]
• An SNMP poll might not return clear information for some field-replaceable units (FRUs), such as fans and power supplies. The FRU description might not indicate which physical switch contains the FRU. [PR/837322: This issue has been resolved.]

Multicast Protocols

• When an EX Series switch is routing multicast traffic, that traffic might not exit from the multicast router port in the source VLAN. [PR/773787: This issue has been resolved.]
• While multicast is resolving routes, the following SPF-related error might be displayed: SPF:spf_change_sre(),383: jt_change () returned error-code (Not found:4)! [PR/774675: This issue has been resolved.]
• On EX8200 switches, multicast MDNS packets with the destination address 224.0.0.251 are blocked if IGMP snooping is enabled. [PR/782981: This issue has been resolved.]
• In MPLS implementations on EX Series switches, EXP bits that are exiting the provider edge switch are copied to the three least-significant bits of DSCP—that is, to IP precedence—rather than to the most-significant bits. [PR/799775: This issue has been resolved.]

Power over Ethernet (PoE)

• Power over Ethernet (PoE) and Power over Ethernet Plus (PoE+) cannot be configured by using the EX8200 member switches in an EX8200 Virtual Chassis. [PR/773826: This issue has been resolved.]

Software Installation and Upgrade

• EX4550 switches might not load the configuration file after you perform an automatic image upgrade. [PR/808964: This issue has been resolved.]
• On EX8200 Virtual Chassis, nonstop software upgrade (NSSU) with the no-reboot option is not supported. [PR/821811: This issue has been resolved.]

Virtual Chassis

• On EX8200 Virtual Chassis, when you swap the members of a link aggregation group (LAG), a vmcore or ksyncd core file might be created on the backup Routing Engine. [PR/711679: This issue has been resolved.]
• On EX8200 Virtual Chassis, after you ungracefully remove the master Routing Engine from the member switch, traffic might be interrupted for up to 2 minutes. [PR/742363:This issue has been resolved.]
• On EX3300 switches, when a Virtual Chassis is formed, the Virtual Chassis backup member's console CLI is not automatically redirected to the Virtual Chassis master's console CLI. As a workaround, manually log out from the Virtual Chassis backup member. [PR/744241:This issue has been resolved.]
• On EX8200 Virtual Chassis, the request system snapshot command does not take a snapshot on the backup Routing Engine of both members. [PR/750724: This issue has been resolved.]
• On EX8200 Virtual Chassis, the switch might incorrectly send untagged packets. As a result, some hosts in the VLAN might experience connectivity issues. [PR/752021: This issue has been resolved.]
• On EX8200 Virtual Chassis, after one Virtual Chassis member is rebooted, the line card of the corresponding rebooted member switch is not brought down immediately, and hence the peer sees that the interfaces remain in the Up state. Additionally, the interface state is not cleared immediately in the switch card chassis kernel. The result is that the protocol session goes down, and traffic loss occurs even if you have configured nonstop active routing (NSR). [PR/754603: This issue has been resolved.]
• On XRE200 External Routing Engines, when you issue the show chassis hardware command and specify display xml, duplicate occurrences of the <name> and <serial-number> tags under the <chassis> tag might result in malformed XML output. [PR/772507: This issue has been resolved.]
• In a mixed EX4200 and EX4500 Virtual Chassis, the master chassis view might display the temperature indicator of the backup. [PR/783052: This issue has been resolved.]
• On XRE200 External Routing Engines, a chassism core file might be created. [PR/791959: This issue has been resolved.]
• On EX8200 Virtual Chassis, when you swap the members of a link aggregation group (LAG), a vmcore or ksyncd core file might be created on the backup Routing Engine. [PR/793778: This issue has been resolved.]
• On XRE200 External Routing Engines on which DHCP snooping and dynamic ARP inspection are enabled, when packets are transmitting out a different line card type from the ingress interface, an sfid core file might be created. [PR/794293: This issue has been resolved.]
• On EX8200 Virtual Chassis, the devbuf process might leak memory, eventually bringing the switch down to a halt. As a workaround, perform a hard shutdown by issuing the ifconfig em[0-8] down command on the em interfaces that are in the down state. [PR/823045: This issue has been resolved.]

Issues Resolved in Release 12.3R2

The following issues have been resolved since Junos OS Release 12.3R1. The identifier following the description is the tracking number in our bug database.

Access Control and Port Security

• On EX Series switches except EX9200, with 802.1X user-based dynamic firewall filters enabled, a stale firewall filter that is properly authenticated after a server timeout might not be purged from an interface even after that interface is disconnected. When this issue occurs, 802.1X authentication fails. [PR/833712: This issue has been resolved.]
• On EX Series switches, the LLDP-MED media endpoint class is shown as invalid. This problem is just a display issue—there is no functional impact. [PR/840915: This issue has been resolved.]

Class of Service

• On EX Series switches, EXP CoS classification does not occur if EXP CoS classifiers are deleted and then added. [PR/848273: This issue has been resolved.]

Ethernet Switching and Spanning Trees

• On an EX4200 switch configured for VLAN translation, Windows NetBIOS traffic might not be translated. [PR/791131: This issue has been resolved.]
• On EX Series switches, the Cisco Discovery Protocol (CDP) and the VLAN Trunking Protocol (VTP) do not work through Layer 2 protocol tunneling(L2PT). [PR/842852: This issue has been resolved.]
• On EX Series switches, the Q-BRIDGE-MIB OID 1.3.6.1.2.1.17.7 reports the VLAN internal index instead of the VLAN ID. [PR/850299: This issue has been resolved.]
• If an EX Series switch has a redundant trunk group (RTG) link, a MAC Refresh message might be sent on a new active link of the RTG when RTG failover occurs. The switch sends the RTG MAC Refresh message with a VLAN tag even though RTGs are configured on access ports. [PR/853911: This issue has been resolved.]

Firewall Filters

• In the case of a stateful proxy, SIP hairpinning does not function, because of which two SIP users behind the NAT device might be unable to connect through a phone call. [PR/832364: This issue has been resolved.]
• On EX2200, EX3200, EX3300, EX4200, EX4500, EX4550, and EX6210 switches, a firewall filter with family set to ethernet-switching and configured for IPv4 blocks specific transit IPv6 traffic if the ether_type match condition in the filter is not explicitly set to ipv4. As a workaround, set ether_type to ipv4 in the filter. [PR/843336: This issue has been resolved.]

Infrastructure

• The unlink option in the request system software add package-name unlink command does not work on EX Series switches. [PR/739795: This issue has been resolved.]
• On EX Series switches, if the sfid process receives dequeuing packets from various queues, the queue indexes do not increment properly, which might cause the sfid process to generate a core file. [PR/835535: This issue has been resolved]
• On EX8200 switches, multiple rpd process core files might be created on the backup Routing Engine after a nonstop software upgrade (NSSU) has been performed while multicast traffic is on the switch. [PR/841848: This issue has been resolved.]
• On EX8200 switches, the commit synchronize command might fail with the error message error: could not open configuration database (juniper.data+). [PR/844315: This issue has been resolved.]

Interfaces

• On EX Series switches, if you configure a physical interface's maximum transmission unit (MTU) with a large value and you do not reconfigure the family inet MTU, OSPF packets might be dropped when they reach the internal logical interface if the packet size exceeds 1900 bytes. All communications traffic between Routing Engines and between FPCs passes through the internal logical interface. The OSPF neighbor does not receive the OSPF transmissions and ends the OSPF session. The switch displays the error message bmeb_rx failed. [PR/843583: This issue has been resolved.]

Management and RMON

• On EX Series switches, a configured OAM threshold value might be reset when the chassis is rebooted. [PR/829649: This issue has been resolved.]
• An SNMP query or walk on ipNetToMediaPhysAddress does not match the show arp command output. [PR/850051: This issue has been resolved.]

Virtual Chassis

• On EX2200 Virtual Chassis, when there are multiple equal-cost paths, the show virtual-chassis vc-path source-interface interface-name destination-interface interface-name command displays the first discovered shortest path, even though traffic might be flowing in an alternate path. [PR/829752: This issue has been resolved.]
• In a mixed EX4200 and EX4500 Virtual Chassis, link aggregation might generate a PFEM core file in some member switches. [PR/846498: This issue has been resolved.]
• On EX4200 Virtual Chassis, CHASSISD_SNMP_TRAP6: SNMP trap generated: Fan/Blower Removed messages might be generated periodically, even when member switches cited in the messages are not present in the Virtual Chassis. [PR/858565: This issue has been resolved.]

Issues Resolved in Release 12.3R3

The following issues have been resolved since Junos OS Release 12.3R2. The identifier following the description is the tracking number in our bug database.

Access Control and Port Security

• On EX Series switches, DHCP snooping binding does not renew the lease time when IPv6 is configured on the client VLAN. When DHCP snooping is configured with ARP inspection and when a client renews the lease, the switch does not update the DHCP snooping table with the new lease time. The lease eventually times out from the DHCP snooping table, and the client still has a valid lease. The client's ARP request eventually times out of the switch, and the client loses connectivity because ARP inspection blocks the transmission because the client has no entry in the DHCP snooping table. As a workaround, disable and then reenable the client interface or remove IPv6 for the VLAN. [PR/864078: This issue has been resolved.]

Class of Service

• On EX Series switches, EXP CoS classification does not occur if EXP CoS classifiers are deleted and then added back. [PR/848273: This issue has been resolved.]
• On EX4500 switches and EX4500 Virtual Chassis, MPLS CoS classifications and rewrites might not work. [PR/869054: This issue has been resolved.]

Ethernet Switching and Spanning Trees

• On EX Series switches, when you issue the show spanning-tree interface vlan-id vlan-id detail command, the vlan-id parameter is ignored, and the output displays information for all interfaces instead of only for interfaces that are associated with the VLAN ID. [PR/853632: This issue has been resolved.]
• On EX Series switches, when a topology change is detected on an MSTP-enabled interface, there might be a delay of several seconds before a BPDU is sent out with a topology change flag to all the other interfaces. When such a change is detected on RSTP-enabled interfaces, a BPDU is sent out immediately with the topology change flag. [PR/860748: This issue has been resolved.]

Hardware

• EX2200 switches are intermittently not recognizing the Redundant Power System (RPS) after the configuration has been changed and a power supply has been reseated in the RPS. [PR/841785: This issue has been resolved.]
• On EX3200, EX4200, EX8200, EX4500, and EX4550 switches, the receiver signal average optical power is shown as 0.0000 in output for the show interfaces diagnostics optics command. [PR/854726: This issue has been resolved.]

High Availability

• On EX8200 Virtual Chassis, a nonstop software upgrade (NSSU) might fail. [PR/871288: This issue has been resolved.]

Infrastructure

• After you successfully install Junos OS, if you uninstall AI scripts, an mgd core file might be created. [PR/740554: This issue has been resolved.]
• Rate limiting for management traffic (namely, SSH and Telnet) arriving on network ports causes file transfer speeds to be slow. [PR/831545: This issue has been resolved.]
• On EX8200 Virtual Chassis, a disabled routed VLAN interface (RVI) might send gratuitous ARP requests. [PR/848852: This issue has been resolved.]
• On EX4200 Virtual Chassis, CHASSISD_SNMP_TRAP6: SNMP trap generated: Fan/Blower Removed messages might be generated periodically, even when member switches cited in the messages are not present in the Virtual Chassis. [PR/858565: This issue has been resolved.]
• On EX4500 Virtual Chassis, an SNMP trap generated for Power Supply Removed message might be sent for a nonexistent power supply in an active member of the Virtual Chassis. [PR/864635: This issue has been resolved.]
• On EX4200 Virtual Chassis, a /var partition is full alarm and a CHASSISD_RE_CONSOLE_ME_STORM log might occur, caused by a console error storm, even though the /var partition is not full. You can ignore this alarm; it has no effect on the system. [PR/866863: This issue has been resolved.]

Interfaces

• For EX4500 switches, queue counters are not updated for member interfaces of a LAG when the monitor interface aex command is running. As a workaround, use the monitor interfaces traffic command. [PR/846059: This issue has been resolved.]
• When you boot up an EX2200 or EX3300 switch with Junos OS Release 12.2R1 or later, the message ?dog: ERROR - reset of uninitialized watchdog appears. The message appears even if you reboot the switch by using the proper reboot procedure. The error does not cause a system reset; thus, you can ignore this message. [PR/847469: This issue has been resolved.]
• On EX3200 and EX4200 switches, high traffic on management Ethernet (me0) interfaces might affect switch control and management plane functions. [PR/876110: This issue has been resolved.]
• On a device that is in configuration private mode, when you attempt to deactivate a previously defined VLAN members list and then commit the change, the mgd process creates a core file. [PR/855990: This issue has been resolved.]

Layer 2 and Layer 3 Protocols

• If you have configured PIM nonstop active routing (NSR), a core file might be created on an upstream router because of high churn in unicast routes or a continuous clearing of PIM join-distribution in the downstream router. To prevent this possibility, disable NSR for PIM. [PR/707900: This issue has been resolved.]
• On a device that is running Protocol Independent Multicast (PIM) and with nonstop active routing (NSR) enabled on the device, if a PIM corresponding interface flaps continuously, a PIM thread might attempt to free a pointer that has already been freed. This attempt causes the routing protocol process (rpd) to crash and create a core file. [PR/801104: This issue has been resolved.]
• If an invalid PIM-SSM multicast group is configured on the routing device, then when you issue the commit or commit check command, a routing protocol process (rpd) core file is created. There is no traffic impact because the main rpd process spawns another rpd process to parse the corresponding configuration changes, and the new rpd process crashes and creates a core file. When this problem occurs, you might see the following messages:
  user@router#commit check

  error: Check-out pass for Routing protocols process (/usr/sbin/rpd) dumped core(0x86)

  error: configuration check-out failed
  user@router#commit

  error: Check-out pass for Routing protocols process (/usr/sbin/rpd) dumped core(0x86)

  error: configuration check-out failed

  [PR/856925: This issue has been resolved.]

• On EX2200 switches, the periodic packet management process (ppmd) might create a core file. [PR/859625: This issue has been resolved.]

Management and RMON

• When a graceful Routing Engine switchover (GRES) is executed on an EX Series Virtual Chassis, CHASSISD_SNMP_TRAP6: SNMP trap generated: Power Supply Removed traps are generated periodically for all possible members of the Virtual Chassis—that is, the power supply status is checked for the maximum number of members that the Virtual Chassis can contain, even though some of those members might not exist in the configured Virtual Chassis. [PR/842933: This issue has been resolved.]
• The sFlow monitoring technology feature is not supported on EX2200, EX2200-C, and EX3300 switches. [PR/872292: This issue has been resolved.]

Multicast

• On EX4500 switches, multicast packet fragments might be dropped. [PR/835855: This issue has been resolved.]

Power over Ethernet (PoE)

• On EX2200, EX3200, EX3300 and EX4200 switches, when PoE fails to initialize, the chassism process might cause a memory leak by repeatedly calling a file open without closing it. When this issue occurs, the chassism process, which is responsible for managing hardware inventory, might generate a core file periodically every 8-9 hours. This might cause interfaces to flap, and impact service performance. [PR/845809: This issue has been resolved]

Software Installation and Upgrade

• On an EX2200-24T-DC-4G switch model, autoinstallation is not activated during initial installation because this model is missing a configuration file.

  As a workaround, on the switch, starting with the shell prompt, execute these commands:

  root@:LC:0% cp /etc/config/ex2200-24t-4g-factory.conf /etc/config/ex2200-24t-dc-4g-factory.conf

  root@:LC:0% cli

  root>edit

  root#load factory-default

  {linecard:0}[edit]

  root#:set system root-authentication plain-text-password

  New password:

  Retype new password:

  [PR/873689: This issue has been resolved.]

Virtual Chassis

• On EX Series Virtual Chassis, if you configure a physical interface on the master switch as a member of an interface range, associate that interface with a VLAN, and then delete the interface from the interface range, the interface is not removed from the VLAN. [PR/811773: This issue has been resolved.]
• The request system scripts add command does not install the AI-Scripts bundle package on all nodes of an EX8200 Virtual Chassis. [PR/832975: This issue has been resolved.]
• On EX4200 Virtual Chassis, if the MAC persistence timer is configured for 0 minutes, the system MAC base address changes when a master switchover occurs and you issue the request chassis routing-engine master switch command. As a workaround, configure a value in the range of 1 through 60 for the mac-persistence-timer statement. [PR/858330: This issue has been resolved.]
• On EX8200 Virtual Chassis, NetBIOS traffic might be dropped when it crosses the non-dedicated Virtual Chassis port (that is, fiber-optic ports configured as VCPs) connections. The NetBIOS traffic is dropped because of a conflict on the Packet Forwarding Engine of the Virtual Chassis member with the VCPs. [PR/877503: This issue has been resolved.]

Issues Resolved in Release 12.3R4

The following issues have been resolved since Junos OS Release 12.3R3. The identifier following the description is the tracking number in our bug database.

Access Control and Port Security

• On an EX Series switch, when you configure LLDP-MED on a trunk interface and set that interface as a member of both a voice VLAN and another VLAN, and you then change the mode of that interface to port (access) mode, the switch might send two different voice VLAN TLVs in an LLDP advertisement, and a VoIP phone connected to that interface might randomly select a VLAN to join. Use the monitor traffic interface interface-name command to check this issue. [PR/884177: This issue has been resolved.]

Class of Service

• On EX4200 switches, if you configure and apply more than 32 CoS rewrite rules, the Packet Forwarding Engine manager (pfem) process creates core files continuously. [PR/893911: This issue has been resolved.]

High Availability

• On EX8200 Virtual Chassis, during an NSSU, BGP neighbors might flap during the master switchover. [PR/892219: This issue has been resolved.]
• On EX8200 Virtual Chassis, during NSSU, all interfaces, including LAGs, might go down during FRU upgrades, resulting in traffic loss. [PR/893440: This issue has been resolved.]

Infrastructure

• On EX4550 switches, high-temperature alarms are triggered not on the thresholds displayed in the output of the show chassis temperature-thresholds command, but on other internal thresholds. [PR/874506: This issue has been resolved.]
• On EX3200 switches, an SNMP trap for pethPsePortDetectionStatus is not sent when a VoIP phone is disconnected from a PoE port. [PR/877768: This issue has been resolved.]
• On EX2200 and EX3300 switches, storm control does not limit traffic to the set value when that traffic enters through uplink ports; instead, the traffic is limited to 10 times the set value. [PR/879798: This issue has been resolved.]
• On EX4550 switches, the log message PFC is supported only on 10G interfaces is generated over and over again in logs. [PR/880571: This issue has been resolved.]
• On EX2200 switches, the CPU is completely consumed by the swi7: clock and chassism processes when the Redundant Power System (RPS) is powered off but is connected to the switch. At the same time, link LEDs blink continuously. When the RPS is powered up, CPU utilization and switch function becomes normal. [PR/890194: This issue has been resolved.]
• On EX4500 switches, the TLV type 314 is sent as a notification of the DCBX state of a port. In a link flap scenario, the kernel sends a DCBX PFC state TLV to the Packet Forwarding Engine even if there is no change in the DCBX state. Also, the kernel synchronizes this state to the backup Routing Engine. On the backup Routing Engine, this message is not processed, and the system shows an Unknown TLV type 314 error. The message in itself is harmless, but it fills up the logs unnecessarily. [PR/893802: This issue has been resolved.]
• On EX4200 switches, if you issue the request system zeroize media command, the system boots from the backup partition and displays the following message: WARNING: THIS DEVICE HAS BOOTED FROM THE BACKUP JUNOS IMAGE. If the auto-snapshot feature is not enabled, reinstall Junos OS to recover the primary copy in case it has been corrupted. [PR/894782: This issue has been resolved.]
• On an EX3300 switch, when another vendor's access point is connected to one of the EX3300 interfaces, LLDP negotiation might fail and the access point is unable to boot. The system is storing the organization-specific TLV's OUI and subtype values in the parsed TLV-to-value buffer, and due to this, the offset for reading PoE power negotiation from the buffer has been changed. As a workaround:
  1. Unplug the access point.
  2. Wait until the interface power goes to 0, and verify that the physical interface is down.
  3. Issue the set protocol lldp interface AP-interface-name power-negotiation disable CLI command and commit the command. This disables power negotiation.
  4. Connect the access point.

  The access point powers on in IEEE class mode power (not negotiated power). [PR/898234: This issue has been resolved.]

• On EX Series switches, after you issue the request system zeroize media command, SSH access fails when the switches boot from the backup root partition. This issue does not affect the primary root partition. [PR/898268: This issue has been resolved.]

Interfaces

• On EX Series switches, if you have configured a link aggregation group (LAG) with link protection, ingress traffic does not pass through the backup port. [PR/886205: This issue has been resolved.]
• On EX4200 switches, an aggregated Ethernet interface is not supported as a match condition in a firewall filter. [PR/886476: This issue has been resolved.]
• On EX Series switches, configuration of a static LACP system ID is not supported. [PR/889318: This issue has been resolved.]
• EX4500 switches might reboot suddenly because they have accessed an invalid register value for a port; this problem might occur when you insert or remove SFPs, or exchange 10-gigabit and 1-gigabit SFPs in a specific port. [PR/891733: This issue has been resolved.]
• On EX Series switches, the request interface revert interface-name command might not work. If you issue the command on the switch, the following message appears: error: the redundancy-interface-process subsystem is not running. [PR/892976: This issue has been resolved.]

Management and RMON

• On EX Series switches, when the ARP table is cleared from the CLI, the SNMP MIB ipNetToMediaPhysAddress might have more entries than the ARP table. [PR/853536: This issue has been resolved.]

Virtual Chassis

• If you unplug the management cable from the master switch of an EX2200 Virtual Chassis, a remote session through the management port is lost even if the backup switch has a management cable. [PR/882135: This issue has been resolved.]

Issues Resolved in Release 12.3R5

The following issues have been resolved since Junos OS Release 12.3R4. The identifier following the description is the tracking number in our bug database.

Class of Service

• Class of service on EX2200 and EX3300 Virtual Chassis ports (VCPs) might not work properly. [PR/902224: This issue has been resolved.]

Firewall Filters

• On EX4200 switches, if you change a firewall filter term and commit or roll back the firewall filter configuration, policer counter restoration might occur. [PR/900078: This issue has been resolved.]
• On EX Series switches, when two interfaces share the same firewall filter, combining two nodes into one node, and then unbinding the filter from one bind point splits the combined nodes. If the node operation type is UNBIND or DESTROY, the operation wrongly destroys the filter associated with the other node and creates a pfem process core file. [PR/927063: This issue has been resolved.]

Hardware

• On EX2200 and EX3300 switches, for some types of SFP transceivers, the output of the show interfaces diagnostics optics CLI command contains an incorrect value of 0.0000 mW / - Inf dBm for the Receiver signal average optical power field. [PR/909334: This issue has been resolved.]
• On EX4550-32T switches, some ports might not link up correctly. [PR/901513: This issue has been resolved.]
• On EX6200 switches, if the LCD backlight is off and you then press the menu or enter buttons on the LCD panel, the LCD is reinitialized. During this reinitialization, the switch might drop some packets. [PR/929356: This issue has been resolved.]

High Availability (HA) and Resiliency

• On EX Series Virtual Chassis, an upgrade with NSSU might cause a mismatch in the physical interface index numbers between the master and backup Packet Forwarding Engines, causing result packets to be dropped as they pass through the Virtual Chassis. [PR/882512: This issue has been resolved.]

Infrastructure

• On EX Series switches, the messages CMLC: connection in progress for long and pfem: devrt_gencfg_rtsock_msg_handler Incorrect major_type 8 might be displayed, but the messages do not impact switch functionality. [PR/890633: This issue has been resolved.]
• On EX2200 switches, a primary file system corruption might not be detected and the system might not fail over to the backup partition. Some functional problems might occur. [PR/892089: This issue has been resolved.]
• On EX8200 switches, an NSSU might cause some hosts to become unreachable because the ARP index for the impacted host route is incorrectly programmed. The host route references the old ARP index and fails to update the new ARP index. [PR/894436: This issue has been resolved.]
• On EX8200 switches equipped with EX8200-40XS line cards, when a port on a 40XS line card connects to another device and the port is then disabled, the carrier transition count might increase continuously, which might cause high CPU utilization. The carrier transition count is displayed in the output of the show interfaces interface-name extensive command. [PR/898082: This issue has been resolved.]
• On EX4550 switches running Junos OS Release 12.2R5 or Release 12.3R3, commit operations might cause a spike in CPU utilization, resulting in a timeout of LACP, BFD, and other protocols. [PR/898097: This issue has been resolved.]
• On EX2200 switches, the system log (syslog) messages might show IP addresses in reverse. For example, an ICMP packet from 10.0.1.114 to 10.0.0.7 might be shown in the log as PFE_FW_SYSLOG_IP: FW: ge-0/0/0.0 R icmp 114.1.0.10 7.0.0.10 0 0 (1 packets) instead of PFE_FW_SYSLOG_IP: FW: ge-0/0/0.0 R icmp 10.0.1.114 10.0.0.7 0 0 (1 packets). [PR/898175: This issue has been resolved.]
• On EX Series switches, if the eventd process is not restarted gracefully, the process might crash or exit and the SYSTEM_ABNORMAL_SHUTDOWN: System abnormally shut down message might be generated. [PR/901924: This issue has been resolved.]
• On an EX6200 switch, if you disconnect the master Routing Engine (RE0) and reconnect it, the backup Routing Engine (RE1) becomes the master, and then when the original RE0 is rebooted, it becomes the backup; however, that new backup does not appear in show chassis routing-engine command output on RE0 (the new master). [PR/919242: This issue has been resolved.]
• On EX Series switches that are running Junos OS Release 12.1 and later releases, if you install AI-Scripts package releases earlier than 3.6R4 and 3.7R3 and then execute a reboot/commit sequence, the switch might generate a FIPS core file and might crash. [PR/920478: This issue has been resolved.]
• On EX Series switches with DHCP snooping enabled, the DHCP reply packets without any DHCP options (BOOTP reply packets) might be dropped. [PR/925506: This issue has been resolved.]
• Polling the OID mib-2.17.7.1.4.3.1.5...: dot1qPortVlan on an EX9200 switch might cause a memory leak on the l2ald process, and the process might create core files. [PR/935981: This issue has been resolved.]

Interfaces

• On EX6200 switches, an interface might not be able to come up after the interface flaps due to a discrepancy on the physical channel. [PR/876512: This issue has been resolved.]
• On EX9200 switches, Layer 3 unicast traffic losses might be seen for a few seconds during graceful Routing Engine switchover (GRES) for host prefixes learned over MC-LAG interfaces. [PR/880268: This issue has been resolved.]
• On an EX3300 switch, when another vendor's AP is connected to one of the EX3300 interfaces, LLDP negotiation might fail and the AP is unable to boot. The system is storing the organization-specific TLV's OUI and subtype values in the parsed TLV-to-value buffer, and due to this, the offset for reading PoE power negotiation from the buffer has been changed. As a workaround:
  1. Unplug the AP.
  2. Wait until the interface power goes to 0, and verify that the physical interface is down.
  3. Issue the set protocol lldp interface power-negotiation disable CLI command and commit the command. This will disable power negotiation.
  4. Connect the AP.

  The AP will power on in IEEE class mode power (not negotiated power). [PR/898234: This issue has been resolved.]

Layer 2 Protocols

• On EX8200 switches or EX8200 Virtual Chassis with nonstop bridging (NSB) enabled, continuously adding and deleting VLAN members along with continuously creating and deleting VLANs might cause the Ethernet switching process (eswd) to leak memory and create a core file. [PR/878016: This issue has been resolved.]

Multicast

• On EX Series switches, the multicast route cache timer might not be cleared in some situations. As a workaround, issue the show multicast route command several times. [PR/937695: This issue has been resolved.]

Network Management and Monitoring

• On an EX9200 switch, if you configure port mirroring, the feature might not work and the switch might not be able to mirror Layer 2 and Layer 3 traffic. [PR/920213: This issue has been resolved.]

Software Installation and Upgrade

• On EX8200 Virtual Chassis, the licensing policy specifies that you install the Advanced Feature Licenses (AFLs) on the master and backup XRE200 External Routing Engines. In Junos OS 12.3 releases, a warning message might appear at commit indicating that the AFLs have not been installed on the Routing Engines on the EX8200 member switches even though the AFLs have been installed on the external Routing Engines. [PR/919605: This issue has been resolved.]

Virtual Chassis

• On EX Series Virtual Chassis, if you convert a physically down Virtual Chassis port (VCP) to a network port, broadcast and multicast traffic might be dropped on the VCP interface. [PR/905185: This issue has been resolved.]

Issues Resolved in Release 12.3R6

The following issues have been resolved since Junos OS Release 12.3R5. The identifier following the description is the tracking number in our bug database.

Class of Service

• On EX4200-48PX switch models, configuring the traffic shaping rate on an interface using the set class-of-service interfaces interface-name shaping-rate command might return the error message shaping rate not allowed on interface interface-name. [PR/944172: This issue has been resolved.]

Hardware

• On EX Series switches, an SFP might stop working unexpectedly with i2c errors and the switch might not recognize the SFP in its existing port. [PR/939041: This issue has been resolved.]

High Availability

• On EX Series Virtual Chassis with a link aggregation group (LAG) interface configured, if one member link of the LAG is on the backup Routing Engine, traffic loss on the LAG interface might be observed during an NSSU. Traffic resumes after the graceful Routing Engine switchover (GRES) occurs in the last state of the NSSU. [PR/916352: This issue has been resolved.]

Infrastructure

• EX3200 and EX4200 switches might stop forwarding traffic when the traffic exits from interfaces. [PR/856655: This issue has been resolved.]
• On EX2200, EX2200-C, and EX3300 switches, if you configure more than one domain-search attribute under the [edit system services dhcp pool] hierarchy level, the dhcpd process might create a core file. [PR/900108: This issue has been resolved.]
• On EX4550 Virtual Chassis, SFPs might not be detected, causing continuous EEPROM read failed errors. [PR/911306: This issue has been resolved.]
• In EX4200 Virtual Chassis, a member of the Virtual Chassis might reboot and create a pfem core file. [PR/912889: This issue has been resolved.]
• On EX Series switches except EX9200, the network interfaces information about Receiver signal average optical power that is displayed in command output might be incorrect when you reconfigure a fiber network interface to a Virtual Chassis port (VCP). You can see this information display by issuing the show virtual-chassis vc-port diagnostics optics command. [PR/916444: This issue has been resolved.]
• On EX Series switches, when an RSTP-enabled interface that becomes active is a member of a VLAN that has a Layer 3 interface, if this interface does not receive any BPDUs, gratuitous ARP is not sent out. [PR/920197: This issue has been resolved.]
• On EX Series switches, when a packet is received that matches a firewall filter term with action syslog, configured to send the log to a remote syslog server, the switch might not send logs to the syslog server. [PR/926891: This issue has been resolved.]
• On EX Series switches with a router firewall filter configured, the filter might not work if it is applied to an IPv6 VRRP-enabled interface; also, features corresponding to the filter, such as policers, do not work. [PR/926901: This issue has been resolved.]
• On an EX Series switch with TACACS+ authentication and accounting enabled, when the TACACS+ server is in an unresponsive state and sends an erroneous response with an End of File (EOF) that indicates that no data can be read from a data source, this circumstance causes the client to fail to decrement the sequence number that it manages locally. During that time, any TACACS+ authentication might fail. [PR/929273: This issue has been resolved.]
• On EX6200 switches running Junos OS Release 11.3R1 or later, if the LCD backlight is off and then you press the buttons on the LCD panel, the LCD is reinitialized. During this reinitialization, the switch might drop some packets. [PR/929356: This issue has been resolved.]
• On an EX9200 switch configured for DHCP relay, if an IRB interface walks through a Layer 2 trunk interface and the corresponding DHCP relay is configured in a routing instance, and if you deactivate or activate (or delete or add) a hierarchy that contains a DHCP relay-related configuration, DHCP relay might not work as expected. As a workaround, restart DHCP services after you make any changes to DHCP configurations. [PR/935155: This issue has been resolved.]
• On EX3200 and EX4200 switches, if multicast traffic is bursty or cyclical with no traffic for continuous 30-second periods, then the multicast keepalive timer might age out, thus deleting that particular route and causing multicast traffic loss.

  As a workaround, use one of the following options:

  • Set a large timeout value for multicast forwarding cache entries using the set routing-options multicast forwarding-cache timeout command.
  • Using a script, issue the show multicast route command continuously every 25 seconds.

  [PR/937695: This issue has been resolved.]

• On EX9200 switches that are configured for DHCP relay, if you deactivate or activate an IRB interface, DHCP relay for that interface might stop working and might drop DHCP packets. [PR/937996: This issue has been resolved.]
• On EX Series switches with dual Routing Engines, with the switch configured with VRRP, if VRRP is configured under an interface subnet, the kernel might create a core file on the backup Routing Engine because states are out of sync on the master and backup Routing Engines. If this issue occurs on an EX Series Virtual Chassis, it will cause a service impact. [PR/939418: This issue has been resolved.]
• On EX4500 or EX4550 switches, if you apply a firewall filter to a loopback interface, transit packets that match Precise Time Protocol (PTP) errata might be dropped. [PR/949945: This issue has been resolved.]
• On an EX Series Virtual Chassis that is configured for DHCP services and configured with a DHCP server, when a client sends DHCP INFORM packets and then the same client sends the DHCP RELEASE packet, an IP address conflict might result because the same IP address has been assigned to two clients. As a workaround:
  • 1. Clear the binding table:
    user@switch> clear system services dhcp binding
  • 2. Restart the DHCP service:
    user@switch> restart dhcp

  [PR/953586: This issue has been resolved.]

• When the SNMP mib2d process polls system statistics from the kernel, the kernel might cause a memory leak (mbuf leak), which in turn might cause packets such as ARP packets to be dropped at the kernel. [PR/953664: This issue has been resolved.]

Interfaces

• On EX9200 switches that are equipped with EX9200-32XS or EX9200-2C-8XS line cards, 10-gigabit ports on these cards might stay offline after a link flaps or after an SFP+ is inserted. [PR/905589: This issue has been resolved.]
• On EX9200 switches, an inter-IRB route might not work if Q-in-Q tunneling is enabled, because the TPID (0x9100) is not set on egress dual-tagged packets, and other devices that receive these untagged packets might drop them. [PR/942124: This issue has been resolved.]
• On an EX9200 switch that is configured for DHCP relay, with the switch acting as the DHCP relay agent, the switch might not be able to relay broadcast DHCP inform packets, which are used by the client to get more information from the DHCP server. [PR/946038: This issue has been resolved.]
• On an EX Series switch, if you remove an SFP+ and then add it back or reboot the switch, and the corresponding disabled 10-gigabit interface is a member of a LAG, the link on that port might be activated. [PR/947683: This issue has been resolved.]

Layer 2 Features

• On EX Series switches, the following log message might appear after every commit operation for a configuration change: Aug 20 12:06:35.224 2013 UKLDNHASTST5B01 eswd[1309]: Bridge Address: add ffffffb0:ffffffc6:ffffff9a:69:ffffff9d:ffffff81 Aug 20 12:36:35.423 2013 UKLDNHASTST5B01 eswd[1309]: Bridge Address: add ffffffb0:ffffffc6:ffffff9a:69:ffffff9d:ffffff81. The MAC address is that of the chassis. This is an informational message and does not impact any service. [PR/916522: This issue has been resolved.]
• On EX Series switches that are configured with Ethernet Ring Protection Switching (ERPS), if the switch is configured as the RPS owner and is in a topology with other vendors' switches that are running ERPSv2 (ERPS version 2), when an indirect link failure occurs on the Ethernet ring, the ring protection link (RPL) end interface might not be able to get into the forwarding state. [PR/944831: This issue has been resolved.]
• On EX Series switches with RSTP enabled at the global level, when a VoIP-enabled interface is also enabled with VSTP, if you deactivate VSTP on this interface, the interface might stop forwarding traffic. [PR/952855: This issue has been resolved.]
• On EX Series switches (except EX9200) with VSTP configured, if a switch has two access ports looped back that connect to another switch over a trunk port, this might cause an incorrect STP state (BLK or DESG) in the same VLAN on the trunk port. When this issue occurs, service is impacted. [PR/930807: This issue has been resolved.]

Network Management and Monitoring

• An EX Series switch might send sFlow monitoring technology packets with source port 0. [PR/936565: This issue has been resolved.]

Port Security

• On EX Series switches with VoIP configured, if the switch receives an IP source guard (IPSG) or dynamic ARP inspection (DAI) route-delete message on an interface, voice VLAN traffic on these interfaces might be dropped. [PR/937992: This issue has been resolved.]

Software Installation and Upgrade

• On EX8200 Virtual Chassis, an NSSU from Junos OS Release 11.4R9 to Release 12.3R4 brings down LAGs and other interfaces during the member-switch upgrades, and thus large traffic losses occur. [PR/914048: This issue has been resolved.]

Virtual Chassis

• In a protocol-mastership transition, the ksyncd process might fail to clean up the kernel VPLS routing tables due to dependencies such as VLANs not being cleaned up first, leaving the tables in an inconsistent state. [PR/927214: This issue has been resolved.]

Issues Resolved in Release 12.3R7

The following issues have been resolved since Junos OS Release 12.3R6. The identifier following the description is the tracking number in our bug database.

Authentication and Access Control

• On an EX Series switch that has both 802.1X authentication (dot1x) and a dynamic firewall filter enabled, when the server-timeout value is set to a short time (for example, 3 seconds), if many clients try to authenticate at the same time, a delay success authentication success message might be received on the switch due to a RADIUS server timeout, the firewall filter might corrupt the interfaces on which the authentication attempts were made, and the subsequent client authentications might fail due to the stale firewall filter. As a workaround, configure a server-timeout value that is greater than 30 seconds. [PR/967922: This issue has been resolved.]

Class of Service (CoS)

• On an EX Series switch, when you configure both inet and inet6 on an interface and both dscp and dscp-ipv6 classifiers are configured on the switch, you might see this system log message: Jan 22 15:56:54.932 2014 EX4200 cosd[1306]: Classifier CLASSIFIER is not supported on ge-0/0/1.0 interface for inet6 family. Jan 22 15:56:54.932 2014 EX4200 cosd[1306]: Classifier CLASSIFIER6 is not supported on ge-0/0/1.0 interface for inet family. This message has no operational effect on the switch, as this function is supported. You can ignore the message. [PR/956708: This issue has been resolved.]

High Availability

• On EX Series switches with dual Routing Engines that are configured with IS-IS, if traceoptions is configured under [edit protocols isis], a Routing Engine switchover might cause IS-IS to flap or an rpd core file to be generated. [PR/954433: This issue has been resolved.]

Infrastructure

• On an EX Series Virtual Chassis that has a virtual management Ethernet (vme) interface, when the Virtual Chassis is initially formed, you might be unable to access the Virtual Chassis through the vme interface if the management cable is connected to a Virtual Chassis member other than the master. As a workaround, reboot the Virtual Chassis. [PR/934867: This issue has been resolved.]
• On EX8200 switches with Multicast Listener Discovery (MLD) snooping enabled, the number of MLD snooping entries might grow in the kernel, increasing the number of multicast groups to such an extent that eventually the forwarding table is filled, causing a service impact. [PR/940623: This issue has been resolved.]
• On EX Series switches with 802.1X enabled, when the RADIUS server is unreachable, 802.1X-enabled interfaces might stop forwarding traffic after you have deactivated the 802.1X protocol by deactivating [edit protocols dot1x]. As a workaround, deactivate 802.1X. [PR/947882: This issue has been resolved.]
• On EX2200, EX3200, EX3300, EX4200, EX4500, EX4550, and EX6200 switches, DHCPv6 unicast packets might be dropped after you enable a firewall filter on the loopback interface (lo0.0) to protect the Routing Engine. As a workaround, add a term to accept DHCPv6 packets in the loopback filter. [PR/960687: This issue has been resolved.]
• On EX9200 switches acting as DHCP relays, broadcast BOOTP reply messages that are received might be dropped. [PR/961520: This issue has been resolved.]
• On EX Series switches, starting in Junos OS Release 12.3, the file /var/log/wtmp is not rotated once a month or every 10 MB. As a workaround, manually rotate /var/log/wtmp by issuing the command set system syslog file wtmpl archive files 10 size 1M. [PR/964118: This issue has been resolved.]
• On EX Series switches except for EX9200, when an IPv6 firewall filter that has Layer 4 match conditions (for example, tcp-established) configured, is applied to routed VLAN interfaces (RVIs) in the egress direction, these match conditions might not work as expected. [PR/972405: This issue has been resolved.]
• On EX9200 switches, in a DHCP relay scenario, in cases where a binding entry already exists for a client, if the client sends a DHCP discover packet, the device might not relay DHCP offers from any server other than the server used to establish the existing binding. [PR/974963: This issue has been resolved.]

Interfaces and Chassis

• On EX9200 switches with DHCP relay configured and with permanent ARP entries for relay clients installed, if a client is reachable through a different preferred path due to STP topology changes, MC-LAG changes, and so on, the forwarding state is not refreshed, and traffic might be dropped until the relay binding is cleared. As a workaround, issue the following configuration command to suppress installation of destination routes (DHCPv4 only): set forwarding-options dhcp-relay route-suppression destination. [PR/961479: This issue has been resolved.]
• On EX Series switches with scaled ARP entries (for example, 48K entries), in a normal state, an ARP entry's current time is less than the expiry time. Some events might cause the current time to be greater than the expiry time, which prevents this ARP entry from being flushed, which causes a connectivity issue. One possible trigger event is an ICL flap in an MC-LAG scenario. [PR/963588: This issue has been resolved.]
• On EX9200 switches, the configuration statement mcae-mac-flush is not available in the CLI; it is missing from the [edit vlans] hierarchy level. [PR/984393: This issue has been resolved.]

Layer 3 Features

• On EX Series switches, EBGP neighborship might go down and an rpd core file might be created. [PR/960829: This issue has been resolved.]
• On EX8200 switches, when the MTU value on a Layer 3 interface is configured as 1518 and you execute the clear pim join command or reboot the switch, multicast traffic might be dropped when packet sizes are greater than 1500, because the multicast route might eventually point to a smaller MTU value and packets cannot pass, even though the packet size is smaller than the MTU-configured value. As a workaround, configure all the Layer 3 interface MTUs to 9192. [PR/966704: This issue has been resolved.]

Network Management and Monitoring

• On EX Series switches, an OAM CFM interface might not recover automatically if the action in [edit oam ethernet connectivity-fault-management action-profile link-down action action] is interface-down. As a workaround, do not use link-down in the action profile. [PR/948082: This issue has been resolved.]

Platform and Infrastructure

• On an EX9200 switch working as a DHCP server, when you delete an IRB interface or change the VLAN ID of a VLAN corresponding with an IRB interface, the DHCP process (jdhcpd) might create a core file after commit, because a stale interface entry in the jdhcpd database has been accessed. [PR/979565: This issue has been resolved.]

Port Security

• On EX Series switches that are configured for voice over IP (VoIP), if dynamic ARP inspection (DAI) is enabled with the voice VLAN, ARP packets might get dropped for this VLAN. [PR/946502: This issue has been resolved.]

Routing Protocols and Firewall Filters

• On EX Series switches that are configured for filter-based forwarding (FBF), if you configure a maximum transmission unit (MTU) on an egress interface, packets that are larger than the configured MTU size might be dropped. [PR/922581: This issue has been resolved.]
• On EX9200 switches with IGMP snooping enabled on an IRB interface, some transit TCP packets might be treated as IGMP packets, causing packets to be dropped. As a workaround, disable IGMP snooping. [PR/979671: This issue has been resolved.]

Spanning-Tree Protocols

• On EX Series switches except EX2200 and EX9200, when Rapid Spanning Tree Protocol (RSTP) and VLAN Spanning Tree Protocol (VSTP) are enabled at the same time, an RSTP topology change might delete MAC entries learned on VLANs managed by VSTP. [PR/900600:This issue has been resolved.]

Virtual Chassis

• On EX4550 Virtual Chassis and EX4550 mixed mode Virtual Chassis, the chassis manager process (chassism) might crash when the request support information is executed. [PR/977011: This issue has been resolved.]
• On EX Series switches except EX9200, the Ethernet switching process (eswd) might crash when receiving Link Layer Discovery Protocol (LLDP) packets on a member interface of a LAG. This is because the LAG fails to handle LLDP packets. [PR/983330: This issue has been resolved.]

Issues Resolved in Release 12.3R8

The following issues have been resolved since Junos OS Release 12.3R7. The identifier following the description is the tracking number in our bug database.

Authentication and Access Control

• On EX Series switches configured for accounting based on 802.1X RADIUS, if the RADIUS server is enabled with the User-Name attribute and a new username is used to send account information, the switches might ignore this attribute and not send accounting information with the authentication username. [PR/950562: This issue has been resolved.]
• On EX Series switches with 802.1X authentication enabled, if you associate an 802.1X-enabled interface in single-secure mode with a VLAN, when a client is authenticated on that VLAN and is later authenticated on a dynamic VLAN (a guest VLAN or a VLAN assigned by a RADIUS server), the client might still be associated with the interface-associated VLAN and receive broadcast and multicast traffic of the VLAN associated with the interface. [PR/955141: This issue has been resolved.]

Class of Service

• On EX2200 or EX3300 switches that are running Junos OS Release 12.3R5 or later releases, CoS settings might remain active on interfaces after you have removed the CoS-related configuration. [PR/992075: This issue has been resolved.]

Infrastructure

• On EX9200 switches, in a BOOTP relay agent scenario, DHCPACK messages that are sent in response to DHCPINFORM messages might not be forwarded to the DHCP client if these ACK messages are sent from a DHCP server other than the DHCP server that is in the DHCP relay agent's binding table. [PR/994735: This issue has been resolved.]
• On EX8200 switches with link aggregation groups (LAGs) configured, high CPU utilization might be observed on line cards (FPCs) after you change the configuration of the LAGs. [PR/976781: This issue has been resolved.]
• On EX Series switches with Protocol Independent Multicast (PIM) configured, when the upstream interface on a rendezvous point (RP) changes between a Layer 3 interface and the PIM de-encapsulation interface for the multicast route, the earlier route entry might be deleted twice, which causes a loss of multicast traffic on the RP. [PR/982883: This issue has been resolved.]
• On EX4200 switches, the system date and time might change after you reboot the switch. [PR/985819: This issue has been resolved.]
• On EX Series switches, the software forwarding infrastructure process (sfid) might create a core file while processing a packet for which the TTL has expired, because the packet pointer is freed twice. [PR/988640: This issue has been resolved.]
• After you reboot an EX Series switch, the interface initial sequence on an aggregated Ethernet member interface might not proceed properly and the interface might not come up. [PR/989300: This issue has been resolved.]
• On EX Series switches except EX9200 switches, ARP reply packets might get dropped when the switch receives a large amount of reverse-path forwarding (RPF) multicast failure packets (for example, 300 pps). As a workaround, create a static ARP entry for the next-hop device. [PR/1007438: This issue has been resolved.]
• On an EX2200 or EX3300 switch that is backed up by a Redundant Power System, if the configuration is committed on the switch side, the RPS might stop providing backup power, and the switch might be powered off. [PR/1011821: This issue has been resolved.]
• On EX Series switches that are configured for filter-based forwarding (FBF) and are running Junos OS 12.3R7 or a later release, configuring the accept action for a firewall filter to forward matched traffic to a specific routing instance might not work as expected, and all traffic is dropped. [PR/1014645: This issue has been resolved.]

Interfaces and Chassis

• On an EX4500 or EX4550 switch with an MPLS circuit cross-connect (CCC) interface configured, there might be high CPU utilization by the software forwarding infrastructure process (sfid) while large amounts of IPv6 neighbor solicitation packets (for example, 1000 pps) are received on the MPLS CCC interface. [PR/961807: This issue has been resolved.]
• On EX Series switches with Link Aggregation Control Protocol (LACP) enabled on a LAG interface, after the master Routing Engine is rebooted, if the first LACP packet is dropped during switchover, the LACP state might get stuck in the same state for a long time (about 10s), which causes the LAG interface to flap and traffic to drop on the interface. [PR/976213: This issue has been resolved.]
• On EX8200 Virtual Chassis running Junos OS Release 12.3R6 or later releases, multicast and broadcast traffic might be dropped on Virtual Chassis ports (VCPs) in the following scenarios:
  • When a few link aggregation group (LAG)member interfaces go up and down continuously.
  • When LAG member interfaces go up and down simultaneously.
  • After you delete a VCP that corresponds to a LAG member interface.

  [PR/993369: This issue has been resolved.]

• On EX8200 switches with a generic routing encapsulation (GRE) tunnel configured, packets might be dropped permanently on GRE interfaces when you create a logical GRE interface. The existing GRE interfaces are not affected by the addition of more GRE interfaces. [PR/995990: This issue has been resolved.]
• On EX9200 switches, if you configure an interface with the mac-rewrite statement, the Layer 2 address learning process (l2ald) might create a core file. [PR/997978: This issue has been resolved.]
• If you configure autoinstallation on an EX3300 switch, you might see the error message Unaligned memory access error. [PR/999982: This issue has been resolved.]
• On EX4200 switches, some interface diagnostic optical values might be inconsistent between Junos OS Releases 12.3R6.6 and 12.3R7.7. [PR/1007055: This issue has been resolved.]

Layer 2 Features

• On EX Series switches, on the backup Routing Engine, in the Ethernet-switching process (eswd), there might be a scenario that causes the backup Routing Engine to miss the sync update from kernel and get into an inconsistent state with respect to flood next-hop. An eswd core file is created on the backup Routing Engine. No outage occurs as the core file is on the backup Routing Engine. [PR/936567: This issue has been resolved.]
• On EX Series switches, after a switch reboot, a Q-in-Q tunneling interface might not function as expected. The problem occurs when the interface is a member of a PVLAN with mapping set to swap and is also a member of a non-private VLAN. The PVID of the access interface does not get set when the PVLAN is configured before the non-private VLAN. The problem does not occur when the non-private VLAN is configured before the PVLAN. [PR/937927: This issue has been resolved.]
• On EX Series switches with L2PT and Q-in-Q tunneling enabled, some of the MAC addresses might not be learned. The problem occurs when there is a high volume of L2PT packets. As a workaround, restart the eswd and sfid processes. [PR/996638: This issue has been resolved.]

MPLS

• On EX Series switches running Junos OS Release 12.1R1 or later releases, the MPLS TTL might change to 1 on a transit MPLS switch, causing packets to be dropped on the egress MPLS tunnel due to TTL expiration. As a workaround, enable the no-decrement-ttl statement in the [edit protocols mpls] hierarchy level. [PR/1005436: This issue has been resolved.]

Port Security

• On EX Series switches except EX9200, the port security allowed-mac feature might not work as expected. When this issue occurs, the traffic from an unauthorized host is unimpeded. [PR/1001124: This issue has been resolved.]

Routing Policy and Firewall Filters

• On EX3300 switches, when you use a wildcard mask in firewall filters, the error message Unaligned memory access by pid 87736 [dfwc] at 1000f5 PC[4adec] might be displayed at commit. [PR/996083: This issue has been resolved.]

Spanning-Tree Protocols

• On EX4550 Virtual Chassis switches with xSTP (RSTP, VSTP or MSTP) enabled, multiple xSTP-enabled interfaces might go into the STP Disabled state on the Packet Forwarding Engine because of the overlap of STP identifiers. Traffic is dropped on these problematic interfaces. [PR/980551: This issue has been resolved.]

Issues Resolved in Release 12.3R9

The following issues have been resolved since Junos OS Release 12.3R8. The identifier following the description is the tracking number in our bug database.

Authentication and Access Control

• On EX Series switches with 802.1X enabled, if the voice VLAN is authenticated using MAC-based authentication and the data VLAN is authenticated using 802.1X-based authentication, traffic loss might occur on the voice VLAN during re-authentication. [PR/1011985: This issue has been resolved.]
• On an EX Series Virtual Chassis with 802.1X enabled, if the Software Forwarding Infrastructure process (sfid) generates a core file, it causes the FPC to disconnect from the Routing Engine. The 802.1X process (dot1xd) receives a delete message for the physical interface (ifd) from the kernel, but does not clear the sessions associated with the interface. When those sessions expire and the corresponding timer attempts to access any interface data, then the dot1xd generates a core file. [PR/1016027: This issue has been resolved.]
• On EX Series switches, captive portal authentication is used to redirect Web browser requests to a login page. After the client is successfully authenticated, there might be a delay of 1-3 minutes before captive portal redirects the browser to the login page, and at times, the redirection might fail. [PR1026305: This issue has been resolved.]

Class of Service

• On EX4500 switches, if CoS is configured on an interface and MPLS is enabled on the same interface, the configured CoS mapping might disappear. [PR/1034599: This issue has been resolved.]

Dynamic Host Configuration Protocol

• On EX Series switches, DHCP option 125 cannot be configured for use as the byte-stream option. [PR/895055: This issue has been resolved.]

Firewall Filters

• On EX Series switches, a firewall filter configured on a loopback interface (lo0) containing a match condition for an IPv6 destination address with a prefix length longer than 8 leading bits might not work as expected. [PR/962009: This issue has been resolved.]

High Availability

• On EX4550 Virtual Chassis with LAG interfaces configured, the LAG interfaces might go down for approximately 30 seconds during an NSSU if two switches in the linecard role have consecutive member IDs and are members of a LAG interface with only two child members. LAG downtime will increase with the number of SFPs. [PR/1005024: This issue has been resolved.]
• On EX Series switches, after you change the VRRP advertise interval, the VRRP Master is Dead timer value might still be based on the previous advertise interval. As a workaround, reboot the switch. [PR/1017319: This issue has been resolved.]

Infrastructure

• On EX4500 or EX4550 switches, the software forwarding infrastructure process (sfid) might continuously create core files, causing interruptions in traffic, because packets are erroneously freed twice. A possible trigger is the handling of Layer 2 protocol tunneling packets. [PR/941482: This issue has been resolved.]
• On EX4500 switches with an uplink module installed, if the uplink module is removed and then installed in less than 10 seconds, the chassis manager (chassism) might create a core file. [PR/941499: This issue has been resolved.]
• On EX Series switches, if you use apply-groups in the configuration, the expansion of interfaces <*> apply-groups is done against all interfaces during the configuration validation process, even if apply-groups is configured only under a specific interface stanza. This does not affect the configuration; if the configuration validation passes, apply-groups is expanded correctly only on interfaces on which apply-groups is configured. [PR/967233: This issue has been resolved.]
• On EX8200 switches, a kernel memory leak might occur and core files might be created when a next-hop device is changed (for example, when MAC or ARP entries from Layer 3 interfaces that span multiple Packet Forwarding Engines are flushed). You can view the log files for the memory leak by issuing the show system virtual-memory | match temp command multiple times. [PR/977285: This issue has been resolved.]
• On EX2200 switches, if CoS is configured on the VCP and network ports, the log message devrt_ifd getting linkstate failed for dev 1 port 0 might appear continuously. These messages have no service impact. [PR/988063: This issue has been resolved.]
• On EX Series switches, GENCFG: op 8 (COS BLOB) failed; err error messages might appear in the log files. These messages have no service impact. [PR/997946: This issue has been resolved.]
• On EX Series Virtual Chassis, if the master switch is rebooted or halted while traffic is flowing through one of its interfaces, the FDB entry remains in an incomplete or discard state for about 30 seconds. During that time, traffic that uses the FDB entry is lost. [PR/1007672: This issue has been resolved.]
• On EX2200-C switches, the log-out-on-disconnect command might not work, causing the previous console session users to be seen on the switch. [PR/1012964: This issue has been resolved.]
• If the disable-logging option is the only configured option under the [edit system ddos-protection global] hierarchy level, and if this option is deleted, the kernel might generate a core file. [PR/1014219: This issue has been resolved.]
• On EX Series switches, hosts might lose connectivity to switches when the ARP entry ages out because of a programming error in the ARP entry for the Packet Forwarding Engine hardware. [PR/1025082: This issue has been resolved.]
• On EX Series switches, the ptopoConnLastVerify MIB returns a wrong value. [PR/1049860: This issue has been resolved.]
• On EX Series switches, the ptopoConnRemotePort MIB returns a wrong value. [PR/1052129: This issue has been resolved.]

Interfaces and Chassis

• On EX9200 switches that are configured in a multicast scenario with PIM enabled, an (S,G) discard route might stop programming if the switch receives resolve requests from an incorrect reverse-path-forwarding (RPF) interface. After this issue occurs, the (S,G) state might not be updated when the switch receives multicast traffic from the correct RPF interfaces, and multicast traffic might be dropped. [PR/1011098: This issue has been resolved.]
• On EX9200 switches, in an MC-LAG scenario, a MAC address might incorrectly point to an inter-chassis control link (ICL) after a MAC move from a single-home LAG to the MC-LAG. [PR/1034347: This issue has been resolved.]

J-Web Interface

• On EX Series switches, the J-Web service might become slow or unresponsive. [PR/1017811: This issue has been resolved.]

Layer 2 Features

• On EX Series switches, an Ethernet switching process (eswd) memory leak might occur if the following conditions are met:
  • If a VLAN has the VLAN index 0, and the VLAN is deleted, but the memory is not freed accordingly.
  • In a Multiple VLAN Registration Protocol (MVRP) scenario, when a VLAN map entry is deleted, but the memory is not freed accordingly.

  [PR/956754: This issue has been resolved.]

• On EX Series switches running Junos OS Release 12.1R1 or later with Layer 2 protocol tunneling (L2PT) configured, if the switch receives a burst of more than 10 L2PT packets, the excessive L2PT packets might be dropped. [PR/1008983: This issue has been resolved.]
• On EX Series switches with private VLAN (PVLAN) and DHCP snooping configured, if the interface configured with PVLAN flaps, the Ethernet switching process (eswd) might stop responding to management requests, and high eswd and Software Forwarding Infrastructure process (sfid) utilization might be observed. [PR/1022312: This issue has been resolved.]

Network Management and Monitoring

• On EX Series switches, the connectivity fault management process (cfmd) might generate a core file. This happens when the Ethernet switching process (eswd) sends information to the cfmd to update its VLAN database, but because of a timing issue, the VLAN ID that the cfmd has is no longer current. [PR/961662: This issue has been resolved.]
• On EX Series Virtual Chassis, if one member of the Virtual Chassis is rebooted or if there is a switch failover, the connectivity fault management process (cfmd) might continue to send next-hop add requests to the kernel, which results in traffic being dropped when the next-hop space index is exhausted. [PR/1016587: This issue has been resolved].

Port Security

• On EX Series switches, there might be traffic loss under any of the following conditions:
  • IP source guard is enabled and then disabled.
  • An interface belonging to a VLAN that has IP source guard enabled is changed to another VLAN that does not have IP source guard enabled.
  • 802.1X authentication is enabled or disabled on an interface belonging to a VLAN that has IP source guard enabled.

  [PR/1011279: This issue has been resolved.]

Routing Protocols

• On EX9200 Virtual Chassis, the chassisd on the protocol master RE and the protocol backup Routing Engine connect to the main SNMP process (snmpd) on the protocol master using the following methods:
  • Chassisd on the protocol master Routing Engine connects, using a local socket because snmpd is running locally.
  • Chassisd on the protocol backup Routing Engine connects, using a TNP socket because snmpd is not local.

  As a result, all processes that run on the protocol master (other than chassisd) attempt to connect to snmpd by using the TNP socket instead of a local socket. The snmpd does not accept these connections. [PR/986009: This issue has been resolved.]

• On EX Series switches with dual Routing Engines, in a multicast scenario, the routing protocol process (rpd) might generate a core file when the backup Routing Engine processes a multicast resolve request to add a multicast route entry that is already present. [PR/1018896: This issue has been resolved.]

Virtual Chassis

• On EX Series Virtual Chassis, if VLAN pruning is enabled on a VLAN, traffic on that VLAN might be dropped on the Virtual Chassis port (VCP) if the link is changed from trunk to access mode and then back to trunk mode. [PR/1012049: This issue has been resolved.]
• In an EX8200 Virtual Chassis with three members and link aggregation group interfaces configured, traffic might be dropped on the LAG interfaces after one member of the Virtual Chassis is rebooted. [PR/1016698: This issue has been resolved.]
• In an EX8200 Virtual Chassis with tunnel interfaces configured, for example, for GRE or a LAG, traffic might be dropped on tunnel interfaces after an upgrade using NSSU. [PR/1028549: This issue has been resolved.]

Issues Resolved in Release 12.3R10

The following issues have been resolved since Junos OS Release 12.3R9. The identifier following the description is the tracking number in our bug database.

Authentication and Access Control

• On EX4500 and EX8200 switches with LLDP enabled and Edge Virtual Bridging (EVB) configured, when a switch is connected to a virtual machine (VM) server using Virtual Ethernet Port Aggregator (VEPA) technology, the EVB TLV in LLDP packets might be sent to the incorrect multicast MAC address of 01:80:c2:00:00:0e instead of the correct address 01:80:c2:00:00:00. [PR/1022279: This issue has been resolved.]
• On EX Series switches, the output for the ptopoConnRemotePort MIB might display an incorrect value for portIDMacAddr. [PR/1061073: This issue has been resolved.]

Infrastructure

• On EX Series switches, when the auto-negotiation statement is configured at the [edit interfaces interface-name ether-options] hierarchy level, and the configured-flow-control statement is configured at the [edit interfaces interface-name aggregated-ether-options] hierarchy level, and both objects have the same attribute ID (aid), the CoS process (cosd) might generate a core file. [PR/837458: This issue has been resolved.]
• On EX Series switches, if multiple L3 and non-L2 sub-interfaces are enabled on a physical interface, and the family is deleted on a sub-interface or a sub-interface itself is deleted, traffic might be sent to the Routing Engine instead of the Packet Forwarding Engine, which can impact performance. [PR/1032503: This issue has been resolved.]
• On an EX8216 switch, if the Switch Interface Board (SIB) or the Switch Fabric (SF) module fails, there are no spare fabric planes available for switchover, which might cause a traffic outage. Depending on the nature of the SIB failure, the plane might need to be taken offline to resolve the issue. [PR/1037646: This issue has been resolved.]
• On EX4200 switches, high levels of traffic bound for the Routing Engine might cause the watchdog timer to expire, which in turn, causes the switch to reboot. This issue is seen with Protocol Independent Multicast (PIM) configurations when the multicast route is not present in the Packet Forwarding Engine for some amount of time, during which the multicast traffic for that route is routed to the CPU. [PR/1047142: This issue has been resolved.]
• On EX4200 and EX3200 switches, a high number of pause frames received on the switch interfaces might cause a soft reset of the switch. The following messages will be seen in /var/log when the switch undergoes a soft reset:

  /kernel: simulated intr
    chassism[1293]: cm_java_pfe_critical_error_check: Soft-resetting device 1

  If the pause frames are continuous and frequent, this might result in continuous soft reset of the Packet Forwarding Engine. The impact on traffic of a soft reset of the Packet Forwarding Engine is minor; however, if the switch is a member of a Virtual Chassis, continuous soft resets due to pause frames might cause the FPC to detach from the Virtual Chassis, leading to other traffic related issues. [PR/1056787: This issue has been resolved.]

• On EX9200 switches, a software upgrade might cause firewall filters to redirect packets to an incorrect routing instance. [PR/1057180: This issue has been resolved.]

Layer 2 Features

• On EX Series switches, SNMP MAC notification traps are not generated if an interface goes down after a cable has been removed or disconnected, though traps are generated after the interface comes back up for MAC address removal, and also when a MAC address has been learned. [PR/1070638: This issue has been resolved.]
• On EX Series switches except EX4600 and EX9200 switches, when MSTP is configured, the Ethernet switching process (eswd) might generate multiple types of core files in the large-scale VLANs that are associated with Multiple Spanning-Tree Instances (MSTIs). [PR/1083395: This issue has been resolved.]

MPLS

• On EX4500 and EX8200 switches, if the switch is configured as a P router for MPLS, MPLS labels might be seen on the P router where the packets transit the Routing Engine on both input and output MPLS interfaces. This might lead to high CPU usage and can impact performance. [PR/1038618: This issue has been resolved.]

Virtual Chassis

• On an EX4550 Virtual Chassis with VLAN pruning enabled, if the LACP child interfaces span different Virtual Chassis members, then changing the Routing Engine mastership and rebooting the backup Routing Engine might cause the LACP child interfaces to remain in detached or passive state. [PR/1021554: This issue has been resolved.]

Issues Resolved in Release 12.3R11

The following issues have been resolved since Junos OS Release 12.3R10. The identifier following the description is the tracking number in our bug database.

Infrastructure

• On EX4500 and EX4550 switches, if you disable an interface on an EX-SFP-10GE-LR uplink module by issuing the CLI command set interface interface-name disable, and then the interface through which a peer device is connected to the interface on the uplink module goes down, the CPU utilization of the chassis manager process (chassism) might spike, causing chassism to create a core file. [PR/1032818: This issue has been resolved.]
• On EX4200, EX4500, EX6200, and EX8200 switches that are configured with distributed periodic packet management (PPM) mode, if you configure the Bidirectional Forwarding Detection (BFD) minimum-receive-interval value to a custom interval, BFD packets might be sent to a remote neighbor at a rate that exceeds the remote minimum-receive-interval value. As a workaround, configure PPM in centralized mode. [PR/1055830: This issue has been resolved.]
• On EX Series switches except EX9200 switches, if you configure both family ethernet-switching and vlan-tagging on the same interface, traffic might be dropped. [PR/1059480: This issue has been resolved.]
• On an EX8200 Virtual Chassis, if you configure vlan-tagging on an interface without configuring a family for the interface, the Packet Forwarding Engine might program an improper MAC address (the local chassis MAC) instead of the router MAC, which is used for routing. As a workaround, configure family inet on the interface. [PR/1060148: This issue has been resolved.]
• On EX Series switches except EX9200, configuring more than 1000 IPv4 addresses might prevent gratuitous ARP packets from being sent to peers. [PR/1062460:This issue has been resolved.]
• On EX4200 switches, if CoS scheduler maps are configured on all interfaces with the loss-priority value set to high, traffic between different Packet Forwarding Engines might be dropped. [PR/1071361: This issue has been resolved.]
• On EX3200 and EX4200 switches, if you apply a firewall filter to or remove it from a large number of interfaces, the Packet Forwarding Engine manager process (pfem) might generate a core file. [PR/1073055: This issue has been resolved.]
• On EX4500 and EX4550 Virtual Chassis, NFS/UDP fragmented packets might be dropped if these packets ingress over an aggregated bundle and traverse VCP links. [PR/1074105: This issue has been resolved.]
• On EX3300 switches, the output for the show system license command displays invalid for connectivity-fault-management. You can ignore this output; CFM is included in the EFL license. [PR/1087581: This issue has been resolved.]
• On EX Series switches, if you change the PIM mode from sparse to dense or dense to sparse, a pfem core file might be generated. [PR/1087730: This issue has been resolved.]
• On EX Series switches, the Packet Forwarding Engine Manager process (pfem) might crash and generate a core file when the TCAM is full. [PR/1107305: This issue has been resolved.]
• On EX4500 or EX4550 Virtual Chassis, if an NFS/UDP fragmented packet enters the Virtual Chassis through a LAG and traverses a Virtual Chassis port (VCP) link, CPU utilization might become high, and the software forwarding infrastructure process (sfid) might generate a core file. [PR/1109312: This issue has been resolved.]

Layer 2 Features

• On an EX3300 switch, in a broadcast storm situation in which DHCP snooping is enabled and there are repeated DHCP requests and acknowledgements arriving on the switch as a result of IP addresses not being accepted by clients, the eswd process might create a core file. [PR/1109312: This issue has been resolved.]
• On EX4200 switches with DHCP snooping configured, when a host moves from one interface to another interface and then renews its DHCP lease, the DHCP snooping database might not get updated, and thus the host might not connect on the new interface. [PR/1112811: This issue has been resolved.]

Platform and Infrastructure

• On EX4300 and EX9200 switches, the show ethernet-switching table vlan-name vlan-name | display xml CLI command does not have the vlan-name attribute in the <l2ng-l2ald-rtb-macdb› xml tag. [PR/955910: This issue has been resolved.]

Issues Resolved in Release 12.3R12

The following issues have been resolved since Junos OS Release 12.3R11. The identifier following the description is the tracking number in our bug database.

Authentication and Access Control

• On an EX Series switch acting as a DHCPv6 server, the server does not send a Reply packet after receiving a Confirm packet from the client; the behavior is not compliant with the RFC3315 standard. [PR/1025019: This issue has been resolved.]
• On EX Series switches, if 802.1X authentication (dot1x) is configured on all interfaces, an 802.1X-enabled interface might get stuck in the Initialize state after the interface goes down and comes back up, and 802.1X authentication fails. Also, if 802.1X authentication (dot1x) is configured on all interfaces and the no-mac-table-binding configuration statement is configured under the [edit protocols dot1x authenticator] hierarchy level, the dot1x process (dot1xd) might generate core files after it is deactivated and then reactivated, and 802.1X authentication might be temporarily impacted until the process restarts automatically. [PR/1127566: This issue has been resolved.]

Infrastructure

• On an EX2200 or EX3300 switch on which Dynamic Host Configuration Protocol (DHCP) relay is enabled, when a client requests an IP address, the system might generate a harmless warning message such as: /kernel: Unaligned memory access by pid 19514 [jdhcpd] at 46c906 PC[104de0] . [PR/1076494: This issue has been resolved.]
• On EX3200 and EX4200 switches with multiple member interfaces on an aggregated Ethernet (AE) interface and with a large-scale CoS configuration enabled on the AE interface, a Packet Forwarding Engine limitation might be exceeded, because of which the PFE might return an invalid ID, and the Packet Forwarding Engine Manager (pfem) process might spike and crash frequently. [PR/1109022: This issue has been resolved.]
• On EX Series switches, an interface with an EX-SFP-1GE-LH transceiver might not come up and the transceiver might be detected as an SFP-EX transceiver. [PR/1109377: This issue has been resolved.]
• On EX4500 switches, if MPLS and CoS behavior aggregate (BA) classifiers are configured on the same interface, the BA classifiers might not work. As a workaround, use multifield (MF) classifiers instead of BA classifiers. [PR/1116462: This issue has been resolved.]

Interfaces and Chassis

• On a two-member EX8200 Virtual Chassis, if the Link Aggregation Control Protocol (LACP) child interfaces are configured across different Virtual Chassis members, the MUX state in some of the LAG member interfaces might remain in the attached/detached state after you disable and enable the aggregated Ethernet (AE) interface. [PR/1102866: This issue has been resolved.]

Network Management and Monitoring

• On EX Series switches, there are two issues regarding SNMP MIB walks: A private interface—for example, pime.32769—must have an ifIndex value of less than 500. If you do not add the private interface to a static list of rendezvous point (RP) addresses, the mib2d process assigns an ifIndex value from the public pool (with ifIndex values greater than 500) to the interface, which then will have an incorrect ifIndex allocation. A random Request failed: OID not increasing error might occur when you issue the show snmp mib walk command, because the kernel response for a 10-gigabit interface during an SNMP walk might take more than 1 second, and the mib2d process receives duplicate SNMP queries from the snmpd process. [PR/1121625: This issue has been resolved.]

Spanning-Tree Protocols

• On EX Series switches with bridge protocol data unit (BPDU) protection configured on all edge ports, edge ports might not work correctly and might revert to the unblocking state when the drop option is configured under the [edit ethernet-switching-options bpdu-block interface xstp-disabled] hierarchy level. [PR/1128258: This issue has been resolved.]

Related Documentation

• New Features in Junos OS Release 12.3 for EX Series Switches
• Changes in Default Behavior and Syntax in Junos OS Release 12.3 for EX Series Switches
• Limitations in Junos OS Release 12.3 for EX Series Switches
• Outstanding Issues in Junos OS Release 12.3 for EX Series Switches
• Changes to and Errata in Documentation for Junos OS Release 12.3 for EX Series Switches
• Upgrade and Downgrade Instructions for Junos OS Release 12.3 for EX Series Switches