Table of Contents
Advertisement
JunosE 11.3.0 Release Notes
IPSec
IS-IS
46
Known Problems and Limitations
When you change the demultiplexer type on a primary interface that has 1024
demultiplexer table entries, the ICC ping threshold times out due to the removal of
the old entries and the addition of the new ones. [Defect ID 182218]
After an SRP stateful switchover completes on an ERX1410 router configured with a
single VPN routing and forwarding instance (VRF) and Network Address Translation
(NAT), the SRP module that becomes active after the switchover resets. [Defect ID
180058]
If you enable detection of duplicate IPv6 prefixes using the aaa
duplicate-prefix-check command, and bring up a subscriber in a dual-stack network
(in which both IPv4 and IPv6 subscribers are present) over a static PPP interface for
which IPv6 prefix is configured for IPv6 Neighbor Discovery router advertisements
(using the ipv6 nd prefix-advertisement ipv6Prefix command), the subscriber
session is successfully brought up. When you attempt to bring up another subscriber
over a different interface on the same virtual router as the one used for the first
subscriber, and for which the Ipv6-NdRa-Prefix (VSA 26-129) returned from the
RADIUS server in the Access-Accept message is the same IPv6 prefix as the
statically configured value for the first subscriber, the second subscriber session is
also brought up and not disconnected as expected.
In such a scenario, the duplicate IPv6 prefix detection functionality does not cause
the second subscriber session, which uses the same IPv6 prefix as the first subscriber
session, to be rejected. Also, a new IPv6 route is installed for the second subscriber as
a duplicate access-internal route. [Defect ID 187264]
IPSec tunnels created over Fast Ethernet interfaces fail to come up. [Defect ID
179256]
Work-around: After you create the tunnel, bounce the tunnel interface by issuing the
shutdown/no shutdown command sequence. The tunnel comes up successfully.
In a network where you use the tunnel signalling command to specify that the
security parameters and keys are configured manually for IPSec tunnels between
VRs, the line modules reset when you delete and then re-create the IPSec tunnels. If
you attempt to configure the tunnels again after the modules come back up, the line
modules reset again.
Work-around: Configure the IPSec tunnels to use ISASKMP/IKE to negotiate SA and
establish keys. [Defect ID 178304]
On a router configured with IS-IS and BFD, using the redundancy force srp command
to force an SRP switchover sometimes brings down IS-IS and BFD. [Defect ID
179287]
IS-IS graceful restart (nonstop forwarding) does not work on the broadcast interface
when the restarting router is the designated intermediate system (DIS). Graceful
restart works properly when the restarting router is not the DIS. [Defect ID 61496]
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
