Routers / Re: Your IPV6 plans
« on: October 28, 2011, 03:27:02 am »
We're getting there.  We have some bigger problems to worry about at the moment, including where our market has gone, some restructuring etc.  We've already started down the road though, we've got the gear, we've got a numbering plan, we've got the space from APNIC.

It's mostly a matter of _doing_ it.

Switches / Re: VLAN Routing EX2200
« on: October 28, 2011, 03:25:40 am »
Are you able to do a simple diagram of what you're trying to achieve?

I'm sure it's possible - But I can't quite understand what you want from your words.

Switches / Re: Issues with Vlans in EX4200 Juniper switch
« on: August 16, 2011, 03:15:22 pm »
Why don't you extent your public gateway lan to your EX switch?

i.e. create a VLAN on your EX with on it for example, and then on the ex-series you can just do [system routing-options static route next-hop]

Switches / Re: Issues with Vlans in EX4200 Juniper switch
« on: August 16, 2011, 02:12:42 pm »
TO be clear: Is it HOSTS connected to your network that can't ping each other? Or are you running pings from the switch using different source addresses?

You don't specify where your public gateway is.  IS it on the same switch? IF so just add a default route to it.  If it's not, add a default route to the device that CAN connect to the public gateway.  It's just basic routing.

Switches / Re: Issues with Vlans in EX4200 Juniper switch
« on: August 16, 2011, 05:12:47 am »
I know this is going to sound rude, but you really need to grab some books and start reading.

What do you mean you "can't communicate?"  Are you talking from hosts connected to these VLANS?  Have your hosts set their default gateway properly?

You don't post any configs, so it's impossible to begin to guess what could be wrong.  If you want your tagged VLANs to talk to the Internet, create another VLAN, assign a /30 to that VLAN's L3 interface and then route to the other end of the /30 (your default GW)

But really - I don't mean to be rude, but step back and read a couple of books on the very basics of routing.

NetScreen and SSG/ISG Series Firewalls / Re: route ssg140
« on: August 02, 2011, 03:06:54 am »
Allow ICMP from untrust 1 to untrust 2 and from 2 to 1. That'd what I'd try.

NetScreen and SSG/ISG Series Firewalls / Re: route ssg140
« on: August 02, 2011, 02:42:23 am »
Probably the packet is coming in one interface (ISP2) but the return packet is going out ISP1 (the only route that's active for default traffic) and the firewall doesn't have a rule to accept that?

Or maybe the firewall is actually sending a reply with the source address is ISP2 which the requesting host doesn't expect.

You should do a debug flow to examine what's actually happening though, I don't know what the exact problem is.  I suspect it's option 1 above, you might need a rule.

NetScreen and SSG/ISG Series Firewalls / Re: route ssg140
« on: August 01, 2011, 03:51:32 pm »
You don't explain what you're actually trying to do here, you just say "What is wrong with my idea" but don't explain your idea!

Two default routes with equal cost won't work. - You get some packets going out one and some out the other - thus the "unstable"

The other option, ISP2 isn't used, all packets will go out ISP1.

What are you actually trying to do?

Switches / Re: HSRP through EX8208
« on: July 30, 2011, 02:45:14 am »
Also try turning off IGMP snooping and see if that helps.

You haven't really provided any details.

What's the problem when you set it up?  What does a debug of syslog show?

Quite quite normal, don't worry about it.  You'll always get ping scans, ssh scans, you name it you'll get it.  That's why you have a firewall.

Routers / Re: BGP suddenly failed without a reason
« on: July 18, 2011, 06:39:25 pm »
Have you enabled BGP MD5 authentication?  Unlikely but maybe you're being attacked.

Routers / Re: What do I need for a redundant route?
« on: June 06, 2011, 06:04:14 pm »
If you want to go to another ISP for complete redundancy, you DO need your own IP address space from APNIC.

Otherwise you could have two different /26's from two different ISPs and use NAT.  If one link goes down, you cut over to the other link.  You'd have to keep the TTL's on your web servers, email servers etc very low though, because you'd need to update DNS too on failover.


Routers / Re: Fraiming errors problem, why ?
« on: April 19, 2011, 07:23:32 pm »
I doubt it.

Framing errors sound like you're getting bad input (faulty cable etc)

Suggestions/Feedback / Thank You (for reporting spam)
« on: March 03, 2011, 03:36:10 pm »

I just want to take a minute to thank those people that report spam.

It makes moderating it so much easier, as we don't always remember to check the forum each day!

If you see a spam, please let us know by reporting the post.

Thanks very much to all those who do already.


Suggestions/Feedback / Re: Screening Spam
« on: November 21, 2010, 12:14:11 am »
This has been done.

Switches / Re: SRX HA on EX4200
« on: November 21, 2010, 12:12:59 am »
Hmmm no idea how to enable this on a EX-series.

Please let me know if you find out how to do this.

Switches / Re: SRX HA on EX4200
« on: November 20, 2010, 04:03:29 pm »
Are you sure both ports are coming up with the correct duplex?

Suggestions/Feedback / Re: SPAM HERE
« on: November 19, 2010, 03:43:42 pm »
Lots more spam has just been removed :-)

