Outstanding Issues

Authentication

• During user authentication, the firewall authentication table in the output of the security firewall-authentication users command displays multiple failures even though the network table in the output of show network-access requests statistics shows successful authentications. [PR/250780]
• Your attempt to log in to the router from a management device through FTP or Telnet might fail if you type your username and password in quick succession before the prompt is displayed, in some operating systems. As a workaround, type your username and password after getting the prompts. [PR/255024]

Chassis Cluster

• In a chassis cluster, the show interface terse command on the secondary routing engine does not display the same details as that of the primary routing engine. [PR/237982]
• Because the clear security alg sip call command triggers a SIP RTO to synchronize sessions in a chassis cluster, use of the command on one node with the node-id, local, or primary option might result in a SIP call being removed from both nodes. [PR/263976]
• In a chassis cluster configuration, after redundancy group 1 fails over to the secondary node, the statistics for the TCP SYN-ACK-ACK proxy screen are still displayed for the primary node rather than the secondary. [PR/264790]
• When a new redundancy group is added to a chassis cluster, the node with lower priority might be elected as primary when the preempt option is not enabled for the nodes in the redundancy group. [PR/265340]
• In a chassis cluster, if you manually fail over redundancy groups to move the system from active-passive mode to active-active mode during an active call, a subsequent call transfer involving the endpoints of the existing call might fail. [PR/265598]
• When you commit a configuration for a node belonging to a chassis cluster, all the redundancy groups might fail over to node 0. If graceful protocol restart is not configured, the failover can destabilize routing protocol adjacencies and disrupt traffic forwarding. To allow the commit operation to take place without causing a failover, we recommend that you use the set chassis cluster heartbeat-threshold 5 command on the cluster. [PR/265801]
• In a chassis cluster, if a forwarding process restart or system reboot triggers a cold synchronization during an active SIP call, the call might stay in both routing nodes even after the endpoints hang up. As a workaround, use the clear security alg sip call command to clear the call. [PR/267696]
• In a chassis cluster, a high load of SIP ALG traffic might result in some call leaks in active resource manager groups and gates on the backup router. [PR/268613]
• In a chassis cluster, CA certificate enrollment from the secondary Routing Engine does not work. As a workaround, enroll the CA certificate from the primary Routing Engine. [PR/278420]
• In a chassis cluster, J-Web does not enable you to configure the address book. We recommend that you use the command-line interface (CLI) to configure the address book. [PR/281986]
• Chassis SNMP objects are not reporting correctly when a Services Router operates in JSRP cluster mode with JUNOS software. [PR/304082]
• You are not able to configure vlan-ids greater than 1023 on reth interfaces on all platforms supporting chassis cluster. [PR/314636]

Class of Service

• J4350 and J6350 Services Routers might not have the requisite data buffers needed to meet expected delay-bandwidth requirements. Lack of data buffers might degrade CoS performance with smaller-sized (500 bytes or less) packets. [PR/73054]
• With a CoS configuration, when you try to delete all the flow sessions using the clear security flow session command, the WX application acceleration platform may fail over with heavy traffic. [PR/273843]

Enhanced switching

• Traffic statistics are not updated on the ae interface. [PR/292749]
• When a native VLAN is removed from a port, it still accepts untagged traffic and untagged traffic is still transmitted out of it. Restarting chassisd corrects this behavior. [PR/299961]
• If the access port is tagged with the same VLAN that is configured at the port, the access port accepts tagged packets and determines the MAC. [PR/302635]
• VLAN output traffic statistics are not being updated. [PR/305845]

Flow

• OSPF over GRE over IPSec does not work. [PR/105279]
• In JUNOS software with enhanced services, the TTL value on the Internet control message protocol (ICMP) responses is set to 65. [PR/233844]
• Even when forwarding options are set to drop packets for the ISO protocol family, the router forms End System-to-Intermediate System (ES-IS) adjacencies and transmits packets because ES-IS packets are Layer 2 terminating packets. [PR/252957]
• When heartbeat signals are sent to an interface at the server side, the counter on that interface does not increment even after considerable wait time. [PR/273901]
• OSPF over a multipoint interface connected as a hub-and-spoke network does not restart when a new path is found to the same destination. [PR/280771]
• On J-series Services Routers, outbound filters will be applied twice for host-generated IPv4 traffic. [PR/301199]

Infrastructure

• You must remove the U3 support before using the device as a boot medium. For the U3 Titanium device, you can use the U3 Launchpad Removal Tool on a Windows-based system to remove the U3 features. The tool is available for download at http://www.sandisk.com/Retail/Default.aspx?CatID=1415. (To restore the U3 features, use the U3 Launchpad Installer Tool accessible at http://www.sandisk.com/Retail/Default.aspx?CatID=1411). [PR/102645]
• If the router does not have an ARP entry for an IP address, it drops the first packet from itself to that IP address. [PR/233867]
• On J2320, J2350, J4350, and J6350 Services Routers, when you press the F10 key to save and exit from BIOS configuration mode, the operation might not work as expected. As a workaround, use the Save and Exit option from the Exit menu. This issue can be seen on the J4350 and J6350 routers with BIOS Version 080011 and on the J2320 and J2350 routers with BIOS Version 080012. [PR/237721]
• On J2320, J2350, J4350, and J6350 Services Routers, the Clear NVRAM option in the BIOS configuration mode does not work as expected. This issue can be seen on the J4350 and J6350 routers with BIOS Version 080011 and on the J2320 and J2350 routers with BIOS Version 080012. To help mitigate this issue, note any changes you make to the BIOS configuration so that you can revert to the default BIOS configuration as needed. [PR/237722]
• If you enable security trace options, the log file might not be created in the default location at /var/log/security-trace. As a workaround, manually set the log file to the directory /var/log/security-trace. [PR/254563]

Interfaces and Chassis

• The link status of the onboard Gigabit Ethernet interfaces (ge-0/0/0 through ge-0/0/3) or the 1-port Gigabit Ethernet ePIM interface on J4350 and J6350 Services Routers fails when you configure these interfaces in loopback mode. [PR/72381]

Routing

• Asymmetric routing, such as tracing a route to a destination behind J-series routers running JUNOS software with enhanced services with Virtual Router Redundancy Protocol (VRRP), does not work. [PR/237589]

System

• The ping status of the generic routing interfaces (gr-x/y/x) connection established through the ISDN simulator fails. As a workaround, deactivate and reactivate the generic routing interfaces. [PR/282588]

VPN

• The proxy-identity statement is valid for route-based VPN configuration only. Policy-based VPN does not support the proxy-identity statement. [PR/296468]

WXC Integrated Services Module

• When two J-series routers with WXC Integrated Services Modules (WXC ISM 200s) installed are configured as peers, traceroute fails if redirect-wx is configured on both peers. [PR/227958]
• JUNOS software with enhanced services does not support policy-based VPN with WXC Integrated Services Modules (WXC ISM200s). [PR/281822]