Junos OS

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about Junos OS.
  • 1.  Internet browsing issue on some websites with VLAN

    Posted 03-11-2023 07:40

    Hello
    I'm new to Juniper switches and set up a basic home lab with an ex2200 (12.3R12.4) and a FortiGate firewall.  The switch was a factory reset, so nothing was configured except the management port.


    I created one vlan (100) on the switch and firewall, connected a laptop to one port, and configured a trunk on another port to the FortiGate. The laptop receives an ip address from the firewall and gets on the internet, so I know we have the trunk port and vlan working, but some websites don't work; they vary, for example, trying to run a speed test fails to complete. There is no packet loss between laptop and firewall, don't see any errors on switch either, I can ping the websites successfully so dns resolves, etc. 

    Thinking it might be the firewall, I set up a hp switch with the same setup vlan setup as Juniper and have no issues with any websites. Switch back to Juniper, and the same websites don't load. I also disabled port security on the switch. I know the Junos 15.x is not recommenced due to memory so i didn't attempt an upgrade.

    Has anyone seen anything like this before? Anything else I can check on the ex2200 side?

    Thank you



    ------------------------------
    JAMES
    ------------------------------


  • 2.  RE: Internet browsing issue on some websites with VLAN

    Posted 03-11-2023 12:24
    I have been using EX3300 switches (and still do) with either JunOS 12R
    and 15R firmwares. It's true that the 12R firmwares are more stable, but
    that's more about not crashing in some situations. Forwarding of
    ethernet packets is something that's done in hardware (by ASIC's) the
    influence of the firmware there is limited.

    You might want to inspect the interface statistics/errors (show
    interfaces extensive).

    Or I am thinking of a rate limiter, but you'd have to enable that
    explicitly.

    You just made one vlan with tag id 100 and set it on two interfaces, one
    untagged (client) and one tagged (trunk)? Looks like a very simple
    config, in that case I'd say please share the config.

    One thing may help: the factory default config is a lot of unused and
    not always useful stuff. I recommend going to edit mode and type
    "delete" (the switch will ask you if you really want to delete
    everything, confirm this). As changes only get active after a commit,
    this is perfectly safe. Then add a root password (this is obligatory)
    and type your configuration again, vlan + members, maybe a management
    interface + ip and then commit. Use commit confirmed so if you made a
    mistake, you won't loose access.