22 November 2010 These release notes accompany Release 10.3 of the Juniper Networks Junos operating system (Junos OS) for Dell PowerConnect J-SRX Series Services Gateways and J-EX Series Ethernet Switches. They describe device documentation and known problems with the software.
Page 2
Junos 10.3 OS Release Notes Configuration ..........12 Flow and Processing .
Page 3
Infrastructure ..........63 Dell Documentation and Release Notes ....... . . 64 Requesting Technical Support .
Junos 10.3 OS Release Notes Junos OS Release Notes for Dell PowerConnect J-SRX Series Services Gateways Powered by Junos OS, Dell PowerConnect J-SRX Series Services Gateways provide robust networking and security services. J-SRX Series Services Gateways range from lower-end devices designed to secure small distributed enterprise locations to high-end devices designed to secure enterprise infrastructure, data centers, and server farms.
VPN in Junos OS and Cisco's GET VPN are both based on RFC 3547, The Group Domain of Interpretation, there are some implementation differences that you need to be aware of when deploying GDOI in a networking environment that includes both Dell security devices and Cisco routers. This topic discusses important items to note when using Cisco routers with GET VPN and Dell security devices with group VPN.
An out-of-date key causes the remote peer to treat IPsec packets as bad SPIs. The Dell security device can recover from this situation by reregistering with the server to download the new key.
Changes in Default Behavior and Syntax in Junos OS Release 10.3 for J-SRX Series Services Gateways Application Layer Gateways (ALGs) CLI command has a chassis cluster node show security alg msrpc object-id-map option to permit the output to be restricted to a particular node or to query the entire cluster.
Junos 10.3 OS Release Notes Chassis Cluster Removing Control VLAN 4094 in Chassis Cluster— For J-SRX Series branch devices (J-SRX100, J-SRX210, and J-SRX240), the existing virtual LAN (VLAN) tag used for control-link traffic will be replaced with the use of experimental Ether type 0x88b5. However, backward compatibility is also supported for devices that have already deployed chassis cluster with VLAN tagging in place.
Changes in Default Behavior and Syntax in Junos OS Release 10.3 for J-SRX Series Services Gateways Command-Line Interface (CLI) On AX411 Access Points, the possible completions available for the CLI command wlan access-point < ap_name > radio < radio_num > radio-options channel number ? have changed from previous implementations.
Page 10
Junos 10.3 OS Release Notes 13 Channel 13 14 Channel 14 auto Automatically selected On AX411 Access Points, the possible completions available for the CLI command have changed from previous wlan access-point mav0 radio 1 radio-options mode? implementations. Now this CLI command displays the following possible completions: Example 1: user@host# set wlan access-point mav0 radio 1 radio-options mode ?
Changes in Default Behavior and Syntax in Junos OS Release 10.3 for J-SRX Series Services Gateways On J-SRX Series devices, the show system storage partitions command now displays the partitioning scheme details on J-SRX Series devices. Example 1: show system storage partitions (dual root partitioning) user@host# show system storage partitions Boot Media: internal (da0)
Junos 10.3 OS Release Notes On J-SRX100, J-SRX210, and J-SRX240 devices, support for Layer LAG is added in both standalone and cluster mode. In cluster mode, the following CLI is now enabled to specify the number of aggregated interfaces. set chassis aggregated-devices ethernet device-count xxx Support to add multiple links from each chassis to a reth interface is also available.
Changes in Default Behavior and Syntax in Junos OS Release 10.3 for J-SRX Series Services Gateways On J-SRX Series devices, when you configure identical IPs on a single interface, you no longer get a warning message; instead, a syslog message appears. Interfaces and Routing On J-SRX Series devices, to minimize the size of system logs, the default logging level in the factory configuration has been changed from...
Page 14
Junos 10.3 OS Release Notes session { session-limit 7; Disabling J-Web: Dynamic VPN must have the configured HTTPS certificate and the webserver to communicate with the client. Therefore, the configuration at the hierarchy level required to start the appweb [edit system services web-management] webserver cannot be deleted or deactivated.
Page 15
Changes in Default Behavior and Syntax in Junos OS Release 10.3 for J-SRX Series Services Gateways J-Web is not Navigates to the Page Navigates to the Page Navigates to the enabled, and Not Found page Not Found page Page Not Found page dynamic VPN is not configured.
Junos 10.3 OS Release Notes J-Web login page is updated with the new Juniper Networks logo and trademark. The options to configure the Custom Attacks, Custom Attack Groups, and Dynamic Attack Groups are disabled because they cannot be configured from J-Web. Multilink When data and LFI streams are present, we recommend the following configuration to get less latency for LFI traffic and to avoid out of order transmission of data traffic:...
Unsupported CLI Statements and Commands 1450 bytes, the excess length is trimmed and the user is directed to the destination URL that has been resized to 1450 bytes. WLAN While configuring the AX411 Access Point on your J-SRX Series devices, you must enter the WLAN admin password using the set wlan admin-authentication password command.
Junos 10.3 OS Release Notes Accounting-Options Hierarchy On J-SRX100, J-SRX210, and J-SRX240 devices, the , and accounting source-class statements in the hierarchy level are not destination-class [accounting-options] supported. AX411 Access Point Hierarchy On J-SRX100 devices, there are CLI commands for wireless LAN configurations related to the AX411 Access Point.
Unsupported CLI Statements and Commands set firewall family vpls filter set firewall family mpls dialer-filter d1 term Interfaces CLI Hierarchy On all J-SRX100, J-SRX210, and J-SRX240 devices, the following interface hierarchy CLI commands are not supported. However, if you enter these commands in the CLI editor, they appear to succeed and do not display an error message.
Page 20
Junos 10.3 OS Release Notes set interfaces at-1/0/0 unit 0 atm-l2circuit-mode set interfaces at-1/0/0 unit 0 atm-scheduler-map set interfaces at-1/0/0 unit 0 cell-bundle-size set interfaces at-1/0/0 unit 0 compression-device set interfaces at-1/0/0 unit 0 epd-threshold set interfaces at-1/0/0 unit 0 inverse-arp set interfaces at-1/0/0 unit 0 layer2-policer set interfaces at-1/0/0 unit 0 multicast-vci set interfaces at-1/0/0 unit 0 multipoint...
Page 21
Unsupported CLI Statements and Commands set interfaces fe-0/0/2 fastether-options source-address-filter set interfaces fe-0/0/2 fastether-options source-filtering set interfaces ge-0/0/1 passive-monitor-mode GRE Interface CLI The following CLI commands are not supported. However, if you enter these commands in the CLI editor, they appear to succeed and do not display an error message. set interfaces gr-0/0/0 unit 0 ppp-options set interfaces gr-0/0/0 unit 0 layer2-policer IP Interface CLI...
Page 22
Junos 10.3 OS Release Notes set interfaces pt-1/0/0 no-gratuitous-arp-request set interfaces pt-1/0/0 vlan-tagging set interfaces pt-1/0/0 unit 0 radio-router set interfaces pt-1/0/0 unit 0 vlan-id T1 Interface CLI The following CLI commands are not supported. However, if you enter these commands in the CLI editor, they appear to succeed and do not display an error message.
Unsupported CLI Statements and Commands set interfaces vlan unit 0 ppp-options set interfaces vlan unit 0 radio-router Protocols Hierarchy On J-SRX100, J-SRX210, and J-SRX240 devices, the following CLI commands are not supported. However, if you enter these commands in the CLI editor, they will appear to succeed and will not display an error message.
Junos 10.3 OS Release Notes set snmp logical-system-trap-filter set snmp trap-options logical-system set snmp trap-group d1 logical-system System Hierarchy On J-SRX100, J-SRX210, and J-SRX240 devices, the following system hierarchy CLI commands are not supported. However, if you enter these commands in the CLI editor, they appear to succeed and do not display an error message.
Known Limitations in Junos OS Release 10.3 for J-SRX Series Services Gateways PoE is not supported in chassis cluster mode. Group VPN is not supported. Sampling features like J-FLow, packet capture, and port mirror on the interface reth are not supported. Switching is not supported in chassis cluster mode.
Interfaces and Routing On J-SRX240 High Memory devices, traffic might stop between J-SRX240 device and CISCO switch due to link mode mismatch. As a workaround, Dell recommends setting auto-negotiation parameters on both ends to the same value. On J-SRX240 devices, the VLAN range from 3967 to 4094 falls under the reserved VLAN address range, and the user is not allowed any configured VLANs from this range.
Page 27
Known Limitations in Junos OS Release 10.3 for J-SRX Series Services Gateways NOTE: Other browser versions may work but are not supported. NOTE: Only English-version browsers are supported. NOTE: For both J-SRX and J-EX devices, the browser and the network must support receiving and processing HTTP 1.1 GZIP compressed data.
Junos 10.3 OS Release Notes NOTE: For J-SRX devices, to use the Chassis View, version 9 or later of Adobe Flash Player must be installed. Chassis View is displayed by default on the Dashboard page. You can enable or disable the Chassis View using options in the Dashboard Preference dialog box.
Issues in Junos OS Release 10.3 for J-SRX Series Services Gateways Encapsulations (Ether CCC, VLAN CCC, VPLS, PPPoE, and so on) on VLAN interfaces CLNS DVMRP VLAN interface MAC change Gratuitous ARP Change VLAN-Id for VLAN interface VLAN On J-SRX100, J-SRX210, and J-SRX240 devices, the IRB (VLAN) interface cannot be used as the underlying interface for Point-to-Point Protocol over Ethernet (PPPoE).
Junos 10.3 OS Release Notes Outstanding Issues In Junos OS Release 10.3 for J-SRX Series Services Gateways The following problems currently exist in J-SRX Series devices. The identifier following the description is the tracking number in our bug database. Application Layer Gateways (ALGs) On J-SRX210 devices, the SCCP call cannot be set up after disabling and enabling the SCCP ALG.
Page 31
Issues in Junos OS Release 10.3 for J-SRX Series Services Gateways Back-to-back redundancy group 0 failover Back-to-back primary node reboot [PR/414663] If a J-SRX210 device receives more traffic than it can handle, node 1 either disappears or gets disabled. [PR/416087] On J-SRX240 Low Memory and High Memory devices, binding the same IKE policy to a dynamic gateway and a site-to-site gateway is not allowed.
Page 32
Junos 10.3 OS Release Notes Class of Service (CoS) On J-SRX Series devices, class-of-service-based forwarding (CBF) does not work. [PR/304830] Dynamic Host Configuration Protocol (DHCP) On J-SRX210 and J-SRX240 devices, when autoinstallation is configured to run on a particular interface and the default static route is set with the options discard, retain, and no-advertise, the DHCP client running on the interface tries fetching the configuration files from the TFTP server.
Page 33
Issues in Junos OS Release 10.3 for J-SRX Series Services Gateways On J-SRX Series devices, the software upload and install package will not show a warning message when there are pending changes to be committed. [PR/514853] On J-SRX240 Low Memory devices, the LSQ interface transmitting both LLQ and non-LLQ traffic drops out-of-profile packets of the LLQ traffic faster than it was dropping them out earlier.
Page 34
Junos 10.3 OS Release Notes Add the NSR configuration. [PR/440743] On J-SRX210 Low Memory devices, the E1 interface will flap and traffic will not pass through the interface if you restart forwarding while traffic is passing through the interface. [PR/441312] On J-SRX240 Low Memory devices and J-SRX240 High Memory devices, the RPM Server operation does not work when the probe is configured with the option .
Page 35
Issues in Junos OS Release 10.3 for J-SRX Series Services Gateways As a workaround, configure radius-server outside the profile option under access option. [PR/503717] On J-SRX100, J-SRX210, and J-SRX240 devices, egress queues are not supported on VLAN or IRB interfaces.[PR/510568] On J-SRX240 devices, IGMP reports are flooded on all ports which are part of the same multicast group, instead of sending it just on router interface.
Page 36
Junos 10.3 OS Release Notes and the user cannot obtain or configure any value under these filter options. [PR/460244] On J-SRX100, J-SRX210, and J-SRX240 devices, when you have a large number of static routes configured, and if you have navigated to pages other than to page 1 in the Route Information table in the J-Web interface (Monitor>Routing>Route Information), changing the Route Table to query other routes refreshes the page but does not return you to page 1.
Page 37
Issues in Junos OS Release 10.3 for J-SRX Series Services Gateways ports to a maximum power of 12.4 watts. Use the following command to configure the ports: root# set poe interface all maximum-power 12.4 [PR/465307] On J-SRX100, J-SRX210, and J-SRX240 devices with factory default configurations, the device is not able to manage the AX411 Access Point.
Page 38
Junos 10.3 OS Release Notes On J-SRX210 and J-SRX240 devices, the Websense server stops taking new connections after HTTP stress. All new sessions get blocked. As a workaround, reboot the Websense server. [PR/435425] On J-SRX240 devices, if the device is under UTM stress traffic for several hours, users might get the following error while using a UTM command: the utmd subsystem is not responding to management requests As a workaround, restart the...
Issues in Junos OS Release 10.3 for J-SRX Series Services Gateways (LLDP) organization specific Type Length Value (TLV), medium attachment unit (MAU) information always propagates as "Unknown". [PR/480361] On J-SRX100 High Memory devices and J-SRX210 Low Memory devices, dot1x unauthenticated ports accept Link Layer Discovery Protocol (LLDP) Protocol Data Units (PDUs) from neighbors.
Page 40
Junos 10.3 OS Release Notes On J-SRX240 devices in chassis cluster active/active preempt mode, the RTSP session broke after a primary node reboot and preempt failover. The following common ALGs were broken: RSH, TALK, PPTP, MSRPC, RTSP, SUNRPC, and SQL. [PR/448870: This issue has been resolved.] Command-Line Interface (CLI) On J-SRX210 High Memory devices, the help description for the...
Page 41
Issues in Junos OS Release 10.3 for J-SRX Series Services Gateways J-Web On J-SRX Series devices, when the user tried to associate an interface to GVRP, a new window appeared. This new window showed multiple move-left and move-right buttons. [PR/305919: This issue has been resolved.] On J-SRX100, J-SRX210, and J-SRX240 devices, in J-Web configuration for the routing feature, if you entered double quotation marks in the text boxes that accepted characters (for example, protocol name, filename, and description), then you could...
Junos 10.3 OS Release Notes Virtual LANs (VLANs) On J-SRX240 devices, the Layer 3 traffic with VLAN ID 4093 was allowed but did not forward traffic over that interface. [PR/539580: This issue has been resolved.] VPNs On J-SRX Series devices, Remote Procedure Call (RPC) did not work with the policy VPN.
Errata and Changes in Documentation for Junos OS Release 10.3 for J-SRX Series Services Gateways If Commit Preference is Validate configuration changes , click OK to check your configuration and save it as a candidate configuration, then click Commit Options>Commit. J-Web Online Help Previously, J-Web online Help instructions were available both in the Help and in the administration and configuration guides.
Page 44
Junos 10.3 OS Release Notes J-SRX100, J-SRX210, and J-SRX240 support the Link aggregation in chassis cluster mode feature. The Feature Support Reference for SRX Series and J Series Devices on page 31, Table 27 for MPLS Support erroneously states that only J-SRX240 supports the Connectionless Network Service (CLNS) feature.
Errata and Changes in Documentation for Junos OS Release 10.3 for J-SRX Series Services Gateways procedure, however, is incorrect. This command would forward users to my-website.com before authentication, not after. To redirect users after authentication, the command must include: The IP address of the Infranet Controller to be used for authentication option and URL to distinguish a forwarding address to be used after ?target= authentication...
Page 46
Junos 10.3 OS Release Notes Quick Start Guides The following J-SRX Series Quick Start Guides erroneously provide an IP address of 192.168.1/24 in the “Part 4: Ensure That the Management Device Acquires an IP Address” section: J-SRX100 Services Gateway Quick Start Guide J-SRX210 Services Gateway Quick Start Guide J-SRX240 Services Gateway Quick Start Guide The correct IP address in this section is 192.168.1.0/24.
Page 47
Errata and Changes in Documentation for Junos OS Release 10.3 for J-SRX Series Services Gateways J-SRX210 Services Gateway Hardware Guide The output for the commands show chassis hardware show chassis hardware detail is incorrectly documented for the Routing Engine field. The following table provides details of the guide, section, incorrect output, and corrected output for these commands.
Page 48
Junos 10.3 OS Release Notes J-SRX240 Services Gateway Hardware Guide The output for the commands show chassis hardware show chassis hardware detail is incorrectly documented for the Routing Engine field. The following table provides details of the guide, section, incorrect output, and corrected output for these commands. Incorrect Value in the Correct Value Displayed Section...
Page 49
Errata and Changes in Documentation for Junos OS Release 10.3 for J-SRX Series Services Gateways Attention Utilisez uniquement des conducteurs en cuivre. Warnung Verwenden Sie ausschließlich Kupferleiter. Avvertenza Usate unicamente dei conduttori di rame. Advarsel Bruk bare kobberledninger. Aviso Utilize apenas fios condutores de cobre. ¡Atención! Emplee sólo conductores de cobre.
We recommend the use of transceivers compatible with the Junos OS. We cannot guarantee that the interface module will operate correctly if tranceivers are not compatible with the Junos OS. Please contact Dell for the correct transceiver part number for your device.
Not all J-EX Series software features are supported on all J-EX Series Ethernet switches in the current release. For a list of all J-EX Series software features and their platform support, see the software overview information in the Dell PowerConnect J-EX Series Ethernet Switch Complete Software Guide for Junos OS at http://www.support.dell.com/manuals...
New Features in Junos OS Release 10.3 for J-EX Series Ethernet Switches Captive portal authentication can now be configured on the same interface with both 802.1X and MAC RADIUS authentication. Authentication fallback is enabled on an interface on which more than one type of authentication is configured. Captive portal authentication is supported on J-EX4200 switches.
Junos 10.3 OS Release Notes Outstanding Issues in Junos OS Release 10.3 for J-EX Series Ethernet switches on page 57 Resolved Issues in Junos OS Release 10.3 for J-EX Series Ethernet switches on page 60 Errata in Documentation for Junos OS Release 10.3 for J-EX Series Ethernet switches on page 63 Changes in Default Behavior and Syntax in Junos OS Release 10.3 for J-EX Series Ethernet Switches...
Limitations in Junos OS Release 10.3 for J-EX Series Ethernet Switches bits. Rewriting of packets is determined by the forwarding-class and loss-priority values set in the DSCP classifier applied on the interface. On J-EX4200 switches, the traffic is shaped at rates above 500 Kbps, even when the shaping rate configured is less than 500 Kbps.
Physical interface the output. J-Web Browser Support J-Web Browser Support for Your Dell PowerConnect J-Series Devices—To access the J-Web interface for all platforms, your management device requires the following Windows operating system and browsers: Operating System: Microsoft Windows XP Service Pack 3 Browser: Microsoft Internet Explorer version 7.0 or Mozilla Firefox version 3.0...
Outstanding Issues in Junos OS Release 10.3 for J-EX Series Ethernet Switches NOTE: For both J-SRX and J-EX devices, the browser and the network must support receiving and processing HTTP 1.1 GZIP compressed data. Layer 2 and Layer 3 Protocols On J-EX8200 switches, ensure that the timers are set no lower bfd-liveness-detection...
Junos OS packages to the switch. For details, see “Installing Software on a J-EX8200 Switch with Redundant Routing Engines (CLI Procedure)” in the Dell PowerConnect J-Series Ethernet Switch Complete Software Guide for Junos OS Release 10.3. [PR/402109] If an SRE module, RE module, SF module, line card, or Virtual Chassis member is in offline mode, the J-Web interface might not update the dashboard image accordingly.
Page 59
Outstanding Issues in Junos OS Release 10.3 for J-EX Series Ethernet Switches In the J-Web interface, in the Port Security Configuration page, you are required to configure when you configure even though configuring an value action MAC limit action is not mandatory in the CLI. [PR/434836] In the J-Web interface, in the OSPF Global Settings table in the OSPF Configuration page, the Global Information table in the BGP Configuration page, or the Add Interface window in the LACP Configuration page, if you try to change the position of columns...
Junos 10.3 OS Release Notes If you have accessed the J-Web interface using Microsoft Internet Explorer, you might not be able to commit a configuration when an SSL certificate has been added to the switch using the CLI editor (Configure >CLI tools > CLI Editor). As a workaround, you can use Firefox to commit configurations.
Resolved Issues in Junos OS Release 10.3 for J-EX Series Ethernet Switches Bridging, VLANs, and Spanning Trees On J-EX Series Ethernet switches, when the VLAN with the lowest-numbered VLAN ID is down, the show ntp associations command output displays the following message: /usr/bin/ntpq: write to localhost failed: No route to host [PR/466595: This issue has been resolved.] On J-EX Series Ethernet switches, in a scaled environment with more than 4000 VLANs,...
Junos 10.3 OS Release Notes In the J-Web interface, in the OSPF Configuration page (Configuration > Routing > OSPF), the Traceoptions tab in the Edit Global Settings window does not display the available flags (tracing parameters). As a workaround, use the CLI to view the available flags.
Errata in Documentation for Junos OS Release 10.3 for J-EX Series Ethernet Switches Errata in Documentation for Junos OS Release 10.3 for J-EX Series Ethernet Switches This section lists outstanding issues with the documentation. Infrastructure Options for the command are not supported on J-EX show pfe statistics Series Ethernet switches.
Junos 10.3 OS Release Notes Dell Documentation and Release Notes To download the hardware documentation for your product and the Junos OS documentation for PowerConnect J-Series J-EX Series and J-SRX Series products , see the following Dell support website: http://www.support.dell.com/manuals If the information in the latest release notes differs from the information in the documentation, follow the release notes.
Information in this document is subject to change without notice. All rights reserved. Reproduction of these materials in any manner whatsoever without the written permission of Dell, Inc. is strictly forbidden. Trademarks used in this text: Dell™, the DELL™ logo, and PowerConnect™...