• Download PDFs
• Outstanding and Resolved Issues in JUNOS Release 9.2 for EX-series Switches  

• Related Topics
• Features in JUNOS Software for EX-series Switches, Release 9.2

Outstanding and Resolved Issues in JUNOS Release 9.2 for EX-series Switches

Resolved Issues

The following issues have been resolved since JUNOS Release 9.2R3 for EX-series switches. The identifier following the description is the tracking number in our bug database.

Virtual Chassis

• When a Virtual Chassis is renumbered, packets might be duplicated on interfaces that are part of a port-mirroring (analyzer) configuration. [PR/405905: This issue has been resolved.]

Outstanding Issues

The following issues are outstanding in the JUNOS Release 9.2R4 software for EX-series switches. The identifier following the description is the tracking number in our bug database.

Access Control and Port Security

• If the VLAN associated with a client is not configured on the switch, users are authenticated and the port is placed in the default VLAN. [PR/263719]
• After you deactivate an interface on the switch, LLDP does not send a Type Length Value (TLV) with a TTL value of zero. Because of this, neighbor switches might not immediately flush the switch details from the LLDP database. The switch details are flushed after the TTL value expires. [PR/264368]
• If you simultaneously add or delete an interface to or from the family ethernet-switching and enable 802.1X on that interface, the show dot1x interface command will display no output. To have this configuration work properly, first add the interface to the family ethernet-switching and commit the configuration, then enable 802.1X on the interface and commit the configuration again. [PR/272364]
• DHCP snooping is not supported for the local DHCP server. [PR/280291]
• When you have a port with membership in a VoIP VLAN and a guest VLAN and configured for 802.1X authentication, traffic in the VoIP VLAN is forwarded even after authentication is failed for the port. [PR/292268]
• When you change the MTU set for an interface, the DHCP snooping database and the IP source guard database are reset. [PR/295588]
• EX-series switches allow enabling of loop control on interfaces that have root control enabled. [PR/297433]
• When you enable IP source guard on a LAG member interface configured with single-secure supplicant mode authentication, the DHCP snooping database and the IP source guard database might not be created. [PR/295554]
• The output of the show dot1x interface detail command shows static MAC bypass 802.1X clients even after the clients have timed out. [PR/302431]
• EX-series switches do not send the IPv4 prefix type, length, and value (TLV) required by Telecommunications Industry Association (TIA) network policy in the LLDP-MED packets, when an interface is configured under ethernet-switching-options voip interface access-ports vlan. [PR/396724

Bridging, VLANs, and Spanning Trees

• When you configure VRRP on EX-series switches without specifying accept-data in the configuration and a VRRP failover occurs, traffic might be lost for about 5 minutes. As a workaround, issue the clear ethernet-switching table command on the new VRRP master virtual routing platform. [PR/271012]
• In some cases, GVRP registers STP blocked state interfaces. [PR/273751]
• In some cases, if you delete and reassign the VoIP configuration for an interface, the Ethernet switching table might not contain static MAC entries for the voice VLAN. [PR/284250]
• In a Virtual Chassis configuration with BPDU control enabled, if the Virtual Chassis undergoes a graceful Routing Engine switchover (GRES), BPDU control functionality might not work properly. [PR/285726]
• When you configure an 802.1X static authenticator on a static VLAN, MAC learning might stop if the Ethernet switching table is cleared. [PR/294198]
• In an 802.1x configuration, if the interface specified under dot1x authenticator interface is not configured as belonging to the family ethernet-switching and if you try to commit the configuration, the commit will fail. [PR/295582]
• If you have configured a firewall filter, traffic loss is observed for approximately 5000 milliseconds during graceful Routing Engine switchover (GRES). [PR/302762]
• When you configure VRRP on EX-series switches, more than one switch might function as the VRRP master virtual routing platform. [PR/304371]
• After a graceful Routing Engine switchover (GRES), the Ethernet switching protocol process (eswd) might stop functioning and generate a core file. [PR/306998]

Class of Service

• The show interfaces queue command always shows the pps and bps counters as 0. [PR/263374]
• A LAG member interface configured with a custom classifier using the wildcard option is bound to a different classifier when the classifier type is applied to a single interface. [PR/293795]

Firewall Filters

• On EX-series switches, if you apply a firewall filter to a port configured as analyzer output port or a VLAN configured as a analyzer output VLAN, the firewall filter might not work as expected. [PR/263016]
• On EX-series switches, the match condition vlan might not work in a firewall filter configuration. As a workaround, use the match condition dot1q-tag. [PR/282435]
• Occasionally, the switch might not be able to retrieve counter statistics for firewall term filters. [PR/284637]
• In some cases, the firewall filters configured on loopback interfaces are applied to all traffic instead of all Layer 3 traffic. [PR/311549]
• On EX-series switches, if you configure a firewall filter with multiple terms matching different packet markings and if you are using the same policer under each term, the counters are shared among those policers. [PR/405345]

Hardware

• Although it is mandatory that autonegotiation be enabled when the interface speed is set to 1 Gbps, EX-series switches allow you to set interface speed to 1 Gbps without enabling autonegotiation. [PR/302977]

Infrastructure

• The speed/duplex LED on the management Ethernet interface sometimes blinks even when no cable is connected. [PR/257290]
• If you remove or delete system log (syslog) or traceoptions files and then need to use them again, you must delete and then reconfigure the system logging and traceoptions configuration for the logging to work. [PR/267706]
• When an SNMP walk or polling is done on jnxBoxAnatomy (jnx-chassis.mib), CPU usage remains at 95 to 100 percent until the SNMP walk completes. [PR/270552]
• On EX-series switches, if you modify the configuration to change the switch’s hostname, the name might not change when you commit the configuration. As a workaround, after you have activated the configuration, exit from the terminal session to the switch and log in again. [PR/272903]
• When you perform an SNMP walk on the switch, the message “unable to create internal request” might be displayed. [PR/274019]
• You cannot use the rollback rescue command to revert to a rescue configuration. As a workaround, save a known good configuration to a location from which you can reload it to your switch if needed. [PR/275480]
• If you press any key on the keyboard while the switch is rebooting, the switch enters uboot mode instead of rebooting and you see the uboot prompt (=>). If this occurs, issue the boot command at the => prompt to continue the reboot. [PR/280086]
• If you reboot an EX-series switch after you have configured the Power over Ethernet (PoE) guard-band value, two ports that had been shut down because of their low priority become active again. [PR/285262]
• After you upgrade or downgrade the software on an EX-series switch (by using either the CLI or the J-Web interface), the Juniper EX-Series Web Device Manager might not function properly until you clear the cache in your Web browser. [PR/286614]
• In the J-Web interface, the timestamp for Last Changed changes each time you view the rescue configuration. [PR/288442]
• The RADIUS request sent by an EX-series switch contains both Extensible Authentication Protocol (EAP) Identity Response and State attributes. [PR/300790]
• In the J-Web interface, the Add and Edit windows do not list those ports which are configured with speed settings in the Link Aggregation configuration page. [PR/301532]
• In a Virtual Chassis, if you disconnect the fiber-optic cable from the port on a member switch, and that port is a Virtual Chassis port (VCP) in an SFP uplink module, the chassis process (chassisd) might stop functioning and generate a core file. [PR/305271]

Interfaces

• On EX-series switches, when you issue the show interfaces extensive command, the queued packet counter is never updated; it always displays the count as 0. [PR/263527]

Layer 2 Protocols

• IGMP snooping can process approximately only 100 IGMP leaves per second. [PR/296545]
• When IGMP snooping is enabled, the initial multicast packets used in multicast route learning are flooded on the VLAN. [PR/296679]
• On VLANs and VLAN interfaces, in the presence of certain multicast Layer 3 routes, IGMP control packets are trapped to the CPU even if IGMP snooping is disabled. [PR/387480]

Layer 3 Protocols

• In some cases, if you issue the show igmp-snooping membership detail command after a membership timeout on a port, the command output shows –1 in the Receiver count field. [PR/267781]
• If you configure IGMP snooping with an invalid VLAN name, interface number, group number, or query interval, the switch does not display an error message. [PR/283519]
• After the switch receives 8,000 multicast group join messages, the switch might stop processing IGMP membership reports for some groups. [PR/284508]
• After you issue the clear igmp-snooping static command, the invalid counter and the timeout counter might not be cleared. [PR/286495]
• IGMP snooping does not function for IGMPv3 reports with the exclude filter mode. [PR/286600]
• IGMPv3 source filtering over a Layer 2 VLAN or a routed VLAN interface (RVI) does not function properly. [PR/286954]
• If the immediate-leave option is enabled for a VLAN, IGMP query packets from the routed VLAN interface (RVI) are not suppressed on receiving the IGMP leave packets. [PR/294461]
• When more than 50 percent of the multicast traffic is sent to the VRRP member switches, VRRP states might flap. [PR/296539]
• After BGP MTU discovery has been enabled, the show system connections extensive output displays incorrect maximum segment size (MSS) values. [PR/296873]

Virtual Chassis

• When the dates on the members of a Virtual Chassis are not synchronized, the forwarding process (pfem) on a linecard member or a backup member might not be able to connect to the master. [PR/278784]
• In a Virtual Chassis configuration with loop control enabled, if the Virtual Chassis undergoes a graceful Routing Engine switchover (GRES), the loop control functionality might not work properly. [PR/285775]
• When two EX 4200 switches are interconnected using the two 10-gigabit uplink ports configured as Virtual Chassis ports (VCPs) to form a Virtual Chassis, the show virtual-chassis status output shows only one of the VCPs. This problem does not affect the functioning of the Virtual Chassis. [PR/296511]