Switching

 View Only
last person joined: yesterday 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.

  • 1.  Checking mac table of a Juniper router

    Posted 01-16-2019 08:46

    Hi All,

     

    Could you please advise how can I check the mac address table of a Juniper router? For example SRX100,200 or 300 series.

     

    I am asking because the main article I find here is about checking mac on switches (and all commands bring no results or give errors) however I just want to see all mac entries learned on a router which doesn't perform switching funcions between multiple vlans and is used for example for internet access or VPN.

     

    > show ethernet-switching table

    warning: ethernet-switching subsystem not running - not needed by configuration.

     

    "sh arp" is useless because it works on layer 3 and I need to acquire layer 2 information.

     

    show bridge ... - all sub-commands return zero mac addresses even tho the service is working and having traffic!

     

    For comparison if it's a Cisco 'sh mac address-table' or 'sh mac-address-table' (depending on platform) always returns the needed information. 

     



  • 2.  RE: Checking mac table of a Juniper router

     
    Posted 01-16-2019 14:27

    MAC learning is a switching function. If your srx is not configured for ethernet switching you will not have a MAC table. You will have an ARP table that performs MAC<->IP mapping.

     

    Below is an example of an SRX in switching mode that does have a MAC table.

     

    test@test> show chassis hardware 
node0:
--------------------------------------------------------------------------
Hardware inventory:
Item             Version  Part number  Serial number     Description
Chassis                                xxxxxxxxxxx      SRX1500

{primary:node0}
test@test> show ethernet-switching table 
Ethernet switching table : 1 entries, 1 learned
Routing instance : default-switch
    Vlan                MAC                 MAC         Age    Logical                NH        RTR 
    name                address             flags              interface              Index     ID
    100                 00:0c:bd:01:81:1f   D             -   ge-0/0/8.0             0         0       

test@test> show configuration | snipped 
set protocols l2-learning global-mode switching
set interfaces ge-0/0/8 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/8 unit 0 family ethernet-switching vlan members 100
set vlans vlan100 vlan-id 100
set vlans vlan100 l3-interface irb.100

     



  • 3.  RE: Checking mac table of a Juniper router

    Posted 01-26-2019 14:57

    Thanks for the explanation however I am still confused about something.

     

    In order to troubleshoot a simple layer 2 issue on a Juniper do I always have to enable ether-channel on the interface? 

    For example if I want to prove that there is issue with my service provider I need to show them that I am not learning any mac addresses on the WAN interface so I will have to change it's configuration. 

     

    Since the Juniper is performing layer 3 functions I would expect it to also store the mac addresses in a table (not arp table!) somewhere in it's memory. 



  • 4.  RE: Checking mac table of a Juniper router

    Posted 01-26-2019 15:04

    For that situation you would just use the interface level command

    show arp interface ge-0/0/0.0

     

    This shows the arp entries associated with that layer 3 interface and update in real time as changes occur.  We use this all the time as a service provider to verify we see the connected mac addresses of client connected routers of firewalls.

     



  • 5.  RE: Checking mac table of a Juniper router

     
    Posted 01-26-2019 16:18

    If your interface is configured as layer 3, your device will not maintain a list of MAC addresses outside of your subnet and you will not populate an ethernet table, even if one exists. The only reason your router cares about MAC addresses in a layer 3 context is so it knows where to send either routed (to next-hop) or same-subnet packets to. These are stored in the ARP table.  If there is a ip mismatch between you and your carrier then their IP and MAC will not show up in your ARP table.

     

    Therefore: If you want to analyze traffic that you are receiving from your carrier in an effort to troubleshoot then you should either:

     

    1. Mirror that port and capture traffic with wireshark, or

    2. Configure interface-level packet-capturing (https://www.juniper.net/documentation/en_US/junos/topics/concept/security-packet-capture-overview.html) and look at the capture offline

    3. As you mentioned, configure your interface as layer 2 to see if your carrier's MAC address shows up. This requires that your device supports ethernet switching and that they are actively sending traffic. 

     

    Your Cisco router will also not have a mac table unless it has a switching module. Perhaps you are thinking of a layer 3 switch. It's certainly possible that Cisco will helpfully add ARP entries to the MAC table but Juniper does not do this.

     

     

    Router>show hardware 
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.0(1)M6, RELEASE SOFTWARE (fc1)

Router#sho interfaces gi0/0
GigabitEthernet0/0 is down, line protocol is up 
  Hardware is CN Gigabit Ethernet, address is 0007.1124.f200 (bia 0007.1124.f200)
  Internet address is 192.168.0.1/24

Router>show ?
...
  login           Display Secure Login Configurations and State
      management      Display the management applications
  mdf             Show the names of configured EMM menus
  memory          Memory statistics
  microcode       show configured microcode for downloadable hardware
  modemcap        Show Modem Capabilities database
  monitor         Monitoring different system events
  mtm             MTM
  network-clocks  Network clocks information
...

Router>show