Dell J-SRX210, J-SRX240 Owner's Manual
JUNOS®10.1 Software Release Notes for
Dell™ PowerConnect™ J-SRX Series
Services Gateways
Release 10.1R2
13 May 2010
These release notes accompany Release 10.1R2 of the JUNOS Software for Dell
PowerConnect J-SRX Series Services Gateways. They describe device documentation
and known problems with the software.
You can also find these release notes at http://www.support.dell.com/manuals.
Contents
JUNOS Software Release Notes for J-SRX Series Services Gateways . . . . . . . . . . . 3
New Features in JUNOS Release 10.1 for J-SRX Series Services
Gateways . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Software Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Changes In Default Behavior and Syntax in JUNOS Release 10.1 for J-SRX
Series Services Gateways . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Application Layer Gateways (ALGs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
AX411 Access Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Chassis Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Command-Line Interface (CLI) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Flow and Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Interfaces and Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
J-Web . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
WLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Known Limitations in JUNOS Release 10.1 for J-SRX Series Services
Gateways . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
[accounting-options] Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
AX411 Access Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Chassis Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Command-Line Interface (CLI) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Dynamic VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Flow and Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
1
JUNOS 10.1 Software Release Notes
Interfaces and Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
NetScreen-Remote . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Network Address Translation (NAT) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
WLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Issues in JUNOS Release 10.1 for J-SRX Series Services Gateways . . . . . . . . . 23
Outstanding Issues In JUNOS Release 10.1 for J-SRX Series Services
Gateways . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Resolved Issues in JUNOS Release 10.1 for J-SRX Series Services
Gateways . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Errata and Changes in Documentation for JUNOS Release 10.1 for J-SRX
Series Services Gateways . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Application Layer Gateways (ALGs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Attack Detection and Prevention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
CLI Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Command-Line Interface (CLI) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
CompactFlash Card Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Flow and Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Hardware Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Installing Software Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Integrated Convergence Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Interfaces and Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
J-Web . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Screens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Hardware Requirements for JUNOS Release 10.1 for J-SRX Series Services
Gateways . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Transceiver Compatibility for J-SRX Series . . . . . . . . . . . . . . . . . . . . . . . . 42
Dual-Root Partitioning Scheme Documentation for J-SRX Series Services
Gateways . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Dual-Root Partitioning Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Dell Documentation and Release Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Requesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Revision History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
2
JUNOS Software Release Notes for J-SRX Series Services Gateways
JUNOS Software Release Notes for J-SRX Series Services Gateways
Powered by JUNOS Software, J-SRX Series Services Gateways provide robust networking
and security services. J-SRX Series Services Gateways range from lower-end devices
designed to secure small distributed enterprise locations to high-end devices designed
to secure enterprise infrastructure, data centers, and server farms. The J-SRX Series
Services Gateways include the J-SRX100, J-SRX210, and J-SRX240 devices.
•
New Features in JUNOS Release 10.1 for J-SRX Series Services Gateways on page 3
•
Changes In Default Behavior and Syntax in JUNOS Release 10.1 for J-SRX Series Services
Gateways on page 15
•
Known Limitations in JUNOS Release10.1 for J-SRXSeriesServicesGateways on page 20
•
Issues in JUNOS Release 10.1 for J-SRX Series Services Gateways on page 23
•
Errataand Changes in Documentation for JUNOS Release10.1forJ-SRX Series Services
Gateways on page 37
•
Hardware Requirements for JUNOS Release 10.1 for J-SRX Series Services
Gateways on page 42
•
Dual-Root Partitioning Scheme Documentation for J-SRX Series Services
Gateways on page 43
New Features in JUNOS Release 10.1 for J-SRX Series Services Gateways
The followingfeatures have been addedtoJUNOS Release 10.1. Following the description
is the title of the manual or manuals to consult for further information.
•
Software Features on page 4
3
JUNOS 10.1 Software Release Notes
Software Features
Application Layer Gateways (ALGs)
•
DNS doctoring support—This feature is supported on all J-SRX Series devices.
Domain Name System (DNS) ALG functionality has been extended to support static
NAT. You should configure static NAT for the DNS server first. Then if the DNS ALG is
enabled, public-to-private and private-to-public static address translation can occur
for A-records in DNS replies.
The DNS ALG also now includes a maximum-message-length command option with
a value range of 512 to 8192 bytes and a default value of 512 bytes. The DNS ALG will
now drop traffic if the DNS message length exceeds the configured maximum, if the
domain name is more than 255 bytes, or if the label length is more than 63 bytes. The
ALGwill also decompress domain name compression pointers and retrieve their related
full domain names, and check for the existence of compressionpointer loops and drop
the traffic if one exists.
Note that the DNS ALG can translate the first 32 A-records in a single DNS reply.
A-records after the first 32 will not be handled. Also note that the DNS ALG supports
only IPv4 addresses and does not support VPN tunnels.
[JUNOS Software Security Configuration Guide]
Integrated Convergence Services
4
New Features in JUNOS Release 10.1 for J-SRX Series Services Gateways
•
DSCP marking for RTP packets generated by J-SRX Series Integrated Convergence
Services—This feature is supported on J-SRX210 and J-SRX240 devices that have high
memory, power over Ethernet capability, and media gateway capability.
Configure DSCP marking to set the desired DSCP bits for RTP packets generated by
J-SRX Series Integrated Convergence Services.
DSCP bits are the 6-bitbitmap in the IPheader used by devices to decide the forwarding
priority of packet routing. When the DSCP bits of RTP packets generated by Integrated
Convergence Services are configured, the downstream device can then classify the
RTP packets and direct them to a higher priority queue in order to achieve better voice
quality when packet traffic is congested. Devices running JUNOS Software provide
classification, priority queuing, and other kinds of CoS configuration under the
Class-of-Service configuration hierarchy.
Note that the Integrated Convergence Services DSCP marking feature marks only RTP
packets of calls that it terminates, which include calls to peer call servers and to peer
proxy servers that provide SIP trunks. If a call is not terminated by Integrated
Convergence Services, then DSCP marking does not apply.
To configure the DSCP marking bitmap for calls terminated by Integrated Convergence
Services and the address of the peer call server or peer proxy server to which these
calls are routed, use the media-policy statement in the [edit servicesconverged-services]
hierarchy level.
set services convergence-service service-class < name > dscp < bitmap >
set servicesconvergence-service service-classmedia-policy<name> term<term-name
> from peer-address [< addresses >]
set services convergence-service service-class media-policy < name > term then
service-class < name >
Interfaces and Routing
•
DOCSIS Mini-PIM interface—Data over Cable Service Interface Specification(DOCSIS)
defines the communications and operation support interface requirements for a
data-over-cable system. It is used by cable operators to provide Internet access over
their existing cable infrastructure for both residential and business customers. DOCSIS
3.0 is the latest Interface standard allowing channel bonding to deliver speeds higher
than 100 Mbps throughput in either direction, far surpassing other WAN technologies
such as T1/E1, ADSL2+, ISDN, and DS3.
DOCSIS network architecture includes a cable modem on J-SRX Series Services
Gateways with a DOCSIS Mini-Physical Interface Module (Mini-PIM) located at
customer premises, and a Cable Modem Termination System (CMTS) located at the
head-end or data center locations. Standards-based DOCSIS 3.0 Mini-PIM is
interoperable with CMTS equipment. The DOCSIS Mini-PIM provides backward
compatibility with CMTS equipment based on the following standards:
•
DOCSIS 2.0
•
DOCSIS 1.1
•
DOCSIS 1.0
The DOCSIS Mini-PIM is supported on the following J-SRX Series Services Gateways:
5
JUNOS 10.1 Software Release Notes
•
J-SRX210
•
J-SRX240
The DOCSIS Mini-PIM has the following key features:
•
Provides high data transfer rates of over 150 Mbps downstream
•
Supports four downstream and four upstream channel bonding
•
Supports quality of service (QoS)
•
Provides interoperability with any DOCSIS-compliant cable modem termination
system (CMTS)
•
Supports IPv6 and IPv4 for modem management interfaces
•
Supports Baseline Privacy Interface Plus (BPI+)
•
Supports Advanced Encryption Standard (AES)
[JUNOS Software Security Configuration Guide]
•
Very-high-bit-rate digital subscriber line (VDSL)—VDSL technology is part of the
xDSL family of modem technologies that provide faster data transmission over a single
flat untwisted or twisted pair of copper wires.
The VDSL lines connect service provider networks and customer sites to provide high
bandwidth applications (Triple Play services) such as high-speed Internet access,
telephone services like voice overIP (VoIP), high-definition TV (HDTV), and interactive
gaming services over a single connection. VDSL2 is an enhancement to VDSL and
permits the transmission of asymmetric and symmetric (full-duplex) aggregate data
rates up to 100 Mbps on short copper loops using a bandwidth up to 30 MHz. The
VDSL2 technology is based on the ITU-T G.993.2 standard.
The following J-SRX Series Services Gateways support the VDSL2 Mini-Physical
Interface Module (Mini-PIM) (Annex A):
•
J-SRX210 Services Gateway
•
J-SRX240 Services Gateway
The VDSL2 Mini-PIM carries the Ethernet backplane. When the Mini-PIM is plugged
into the chassis, the Mini-PIM connects to one of the ports of the baseboard switch.
The VDSL2 Mini-PIM supports following features:
•
ADSL/ADSL2/ADSL2+ backward compatibility with Annex-A, Annex-M Support
•
PTM or EFM [802.3ah] support
•
Operation,Administration, and Maintenance (OAM) support forADSL/ADSL/ADSL2+
ATM mode
•
ATM QoS (supported only when the VDSL2 Mini-PIM is operating in ADSL2 mode)
•
MLPPP (supported only when the VDSL2 Mini-PIM is operating in ADSL2 mode)
6
New Features in JUNOS Release 10.1 for J-SRX Series Services Gateways
•
MTU size of 1500 bytes (maximum)
•
Support for maximum of 10 PVCs (only in ADSL/ADSL2/ADSL2+ mode)
•
Dying gasp support (ADSL and VDSL2 mode)
•
Implement the PPPoE-based radio-to-router protocol—This feature is supported on
J-SRX Series.
JUNOS Release10.1 supports PPPoE-basedradio-to-router protocols. These protocols
include messages that define how an external device provides the router with timely
information about the quality of a link's connection. There is also a flow control
mechanism to indicate how much data the device can forward. The device can then
use the information provided in the PPPoEmessages to dynamically adjust the interface
speed of the PPP links. Use the radio-router statement from the [set interfaces<unit>]
hierarchy to indicate that metrics announcements received on the interface will be
processed by the device.
•
Layer 2 Q-in-Q tunneling—This feature is supported on J-SRX210, and J-SRX240
devices.
Q-in-Q tunneling, defined by the IEEE 802.1ad standard, allows service providers on
Ethernet access networks to extend a Layer 2 Ethernet connection between two
customer sites.
In Q-in-Q tunneling, as a packet travels from a customer VLAN (C-VLAN) to a service
provider's VLAN, a service provider-specific 802.1Q tag is added to the packet. This
additional tag is used to segregate traffic into service-provider-defined service VLANs
(S-VLANs). The original customer 802.1Q tag of the packet remains and is transmitted
transparently, passing through the service provider's network. As the packet leaves
the S-VLAN in the downstream direction, the extra 802.1Q tag is removed.
There are three ways to map C-VLANs to an S-VLAN:
•
All-in-one bundling—Use the dot1q-tunneling statement at the [edit vlans]hierarchy
to map without specifying customer VLANs. All packets from a specific access
interface are mapped to the S-VLAN.
•
Many-to-one bundling—Use the customer-vlans statement at the [edit vlans]
hierarchy to specify which C-VLANs are mapped to the S-VLAN.
•
Mapping C-VLAN on a specific interface—Use the mapping statement at the [edit
vlans] hierarchy to map a specific C-VLAN on a specified access interface to the
S-VLAN.
Table 1 on page 7 lists the C-VLAN to S-VLAN mapping supported on J-SRX Series.
Table 1: C-VLAN to S-VLAN Mapping Supported on J-SRX Series Devices
J-SRX240J-SRX210Mapping
YesYesAll-in-one bundling
NoNoMany-to-one bundling
7
JUNOS 10.1 Software Release Notes
Table 1: C-VLAN to S-VLAN Mapping Supported on J-SRX Series Devices (continued)
J-SRX240J-SRX210Mapping
NoNoMapping C-VLAN on a specific interface
Integrated bridging and routing (IRB) interfaces are supported on Q-in-Q VLANs for
J-SRX210, and J-SRX240 devices. Packets arriving on an IRB interface on a Q-in-Q
VLAN are routed regardless of whether the packet is single or double tagged. The
outgoing routed packets contain an S-VLAN tag only when exiting a trunk interface;
the packets exit the interface untagged when exiting an access interface.
In a Q-in-Q deployment, customer packets from downstream interfacesaretransported
without any changes to source and destination MAC addresses. You can disable MAC
address learning at both the interface level and the VLAN level. Disabling MAC address
learning on an interface disables learning for all the VLANs of which that interface is
a member. When you disable MAC address learning on a VLAN, MAC addresses that
have already been learned are flushed.
[JUNOS Software Interfaces and Routing Configuration Guide]
•
Layer 2 Link Layer Discovery Protocol (LLDP) and Link Layer Discovery
Protocol–Media Endpoint Discovery (LLDP-MED)—This feature is supported on
J-SRX100, J-SRX210, and J-SRX240 devices.
Devicesuse LLDP and LLDP-MED to learn and distribute device informationon network
links. The information allows the device to quickly identify a variety of systems, resulting
in a LAN that interoperates smoothly and efficiently.
LLDP-capable devices transmit information in Type Length Value (TLV) messages to
neighbor devices. Device information can include specifics, such as chassis and port
identification and system name and system capabilities. The TLVs leverage this
informationfrom parametersthathave already beenconfiguredinthe JUNOS Software.
LLDP-MED goes one step further, exchanging IP-telephony messages between the
device and the IP telephone. These TLV messages provide detailed information on
PoE policy. The PoE Management TLVs let the device ports advertise the power level
and power priority needed. For example, the device can compare the power needed
by an IP telephone running on a PoE interface with available resources. If the device
cannot meet the resources required by the IP telephone, the device could negotiate
with the telephone until a compromise on power is reached.
LLDP and LLDP-MED must be explicitly configured on base ports on J-SRX100,
J-SRX210, and J-SRX240 devices. To configure LLDP on all interfaces or on a specific
interface, use the lldp statement at the [set protocols] hierarchy. To configure
LLDP-MED on all interfaces or on a specific interface, use the lldp-med statement at
the [set protocols] hierarchy.
[JUNOS Software Interfaces and Routing Configuration Guide]
8
New Features in JUNOS Release 10.1 for J-SRX Series Services Gateways
Manual BIOS upgrade using JUNOS CLI
9
JUNOS 10.1 Software Release Notes
•
Table 2: Manual BIOS Upgrade components
This feature is supported on J-SRX100, J-SRX210, and J-SRX240 devices.
For branch J-SRX Series devices, BIOS is made up of U-boot and JUNOS loader. Apart
from this J-SRX240 also has U-shell binary as part of the BIOS.
On J-SRX100, J-SRX210 and J-SRX240, there is support of Backup BIOS which
constitutes a backup copy of U-boot in addition to the active copy from which the
system generally boots up.
Table 2 on page 10 provides details of BIOS components supported for different
platforms.
J-SRX240J-SRX210J-SRX100BIOS Components
YesYesYesU-bootActive
YesYesYesLoader
YesU-shell
YesYesYesU-bootBackup
Table 3 on page 10 provides you the CLI commands used for manual BIOS upgrade.
Table 3: CLI Commands for Manual BIOS Upgrade
Backup BIOSActive BIOS
request systemfirmwareupgraderebiosbackuprequest system firmware upgrade re bios
Procedure for BIOS upgrade
1. Installing a jloader-srxsme package
1. Copy the jloader-srxme signed package to the device.
NOTE: Note that this package should be of the same version asthatofthe corresponding
JUNOS, example, on a device with a 10.1 JUNOS package installed, the jloader-srxsme
package should also be of version 10.1.
2. Install the package using the request system software add <path to
jloader-srxsme package> no-copy no-validate command.
root> requestsystem software add /var/tmp/jloader-srxsme-10.1B3-signed.tgz no-copy
no-validate
Installing package '/var/tmp/jloader-srxsme-10.1B3-signed.tgz' ...
Verified jloader-srxsme-10.1B3.tgz signed by PackageProduction_10_1_0
Adding jloader-srxsme...
Available space: 427640 require: 2674
Mounted jloader-srxsme package on /dev/md5...
Saving state for rollback ...
10
New Features in JUNOS Release 10.1 for J-SRX Series Services Gateways
root> show version
Model: SRX240h
JUNOS Software Release [10.1B3]
JUNOS BIOS Software Suite [10.1B3]
NOTE: Installing the jloader-srxsme package puts the necessary images under
directory/boot.
11
JUNOS 10.1 Software Release Notes
2. Verifying that images for upgrade are installed
•
The show system firmware command can be used to get version of images
available for upgrade. The available version is printed under column Available
version. The user needs toverifythat the correct version of BIOS images available
for upgrade.
root> show system firmware
Part Type Tag Current Available Status
version version
Routing Engine 0 RE BIOS 0 1.5 1.7 OK
Routing Engine 0 RE BIOS Backup 1 1.5 1.7 OK
Routing Engine 0 RE FPGA 11 12.3.0 OK
12
New Features in JUNOS Release 10.1 for J-SRX Series Services Gateways
3. BIOS upgrade
Active BIOS:
1. Initiate the upgrade using the request system firmware upgade re bios
command.
root> request system firmware upgrade re bios
Part Type Tag Current Available Status
version version
Routing Engine 0 RE BIOS 0 1.5 1.7 OK
Routing Engine 0 RE BIOS Backup 1 1.5 1.7 OK
Perform indicated firmware upgrade ? [yes,no] (no) yes
Firmware upgrade initiated.
2. Monitor the status of upgrade using the show system firmware command.
root> show system firmware
Part Type Tag Current Available Status
version version
Routing Engine 0 RE BIOS 0 1.5 1.7 PROGRAMMING
Routing Engine 0 RE BIOS Backup 1 1.5 1.7 OK
Routing Engine 0 RE FPGA 11 12.3.0 OK
root> show system firmware
Part Type Tag Current Available Status
version version
Routing Engine 0 RE BIOS 0 1.5 1.7 UPGRADED
SUCCESSFULLY
Routing Engine 0 RE BIOS Backup 1 1.5 1.7 OK
Routing Engine 0 RE FPGA 11 12.3.0 OK
NOTE: The device must be rebooted for the upgraded active BIOS to take effect.
Backup BIOS:
1. Initiate the upgrade using the request system firmware upgade re bios backup
command.
root> request system firmware upgrade re bios backup
Part Type Tag Current Available Status
version version
Routing Engine 0 RE BIOS 0 1.5 1.7 OK
Routing Engine 0 RE BIOS Backup 1 1.5 1.7 OK
Perform indicated firmware upgrade ? [yes,no] (no) yes
Firmware upgrade initiated.
2. Monitor the status of upgrade using the show system firmware command.
13
JUNOS 10.1 Software Release Notes
Network Address Translation (NAT)
•
root> show system firmware
Part Type Tag Current Available Status
version version
Routing Engine 0 RE BIOS 0 1.5 1.7 OK
Routing Engine 0 RE BIOS Backup 1 1.5 1.7 PROGRAMMING
Routing Engine 0 RE FPGA 11 12.3.0 OK
root> show system firmware
Part Type Tag Current Available Status
version version
Routing Engine 0 RE BIOS 0 1.5 1.7 OK
Routing Engine 0 RE BIOS Backup 1 1.7 1.7 UPGRADED
SUCCESSFULLY
Routing Engine 0 RE FPGA 11 12.3.0 OK
Increasedmaximumnumberof sourceNAT rules supported—This feature is supported
on J-SRX Series devices.
JUNOS Release 10.1 increases the number of source NAT rules and rule sets that you
can configure on a device. In previous releases, the maximum number of source NAT
rule sets you could configure on a device was 32 and the maximum number of rules in
a source NAT rule set was 8.
JUNOS Release 10.1, the maximum number of source NAT rules that you can configure
on a device are:
•
512 for J-SRX100, and J-SRX210 devices
•
1024 for J-SRX240 devices
These are systemwide maximums for total numbers of source NAT rules. There is no
limitation on the number of rules that you can configure in a source NAT rule set as
long as the maximum number of source NAT rules allowed on the device is not
exceeded.
NOTE: This features does not change the maximum number of rules and rule sets you
can configure on a device for static and destination NAT. For static NAT, you can
configure up to 32 rule sets and up to 256 rules per rule set. For destination NAT, you
can configure up to 32 rule sets and up to 8 rules per rule set.
14
Changes In Default Behavior and Syntax in JUNOS Release 10.1 for J-SRX Series Services Gateways
Virtual LANs (VLANs)
•
Flexible Ethernet services—This feature is supported on J-SRX210, and J-SRX240
devices.
Use flexible Ethernet services encapsulation when you want to configure multiple
per-unit Ethernet encapsulations. This encapsulation type allows you to configure any
combination of route, TCC, CCC, and VPLS encapsulations on a single physical port.
Aggregated Ethernet bundles cannot use this encapsulation type.
For ports configured with flexible Ethernet services encapsulation, VLAN IDs from 1
through 511 are no longer reserved for normal VLANs.
Related Topics Known Limitations in JUNOS Release 10.1 for J-SRX Series Services Gateways on
•
page 20
• Issues in JUNOS Release 10.1 for J-SRX Series Services Gateways on page 23
• Errata and Changes in Documentation forJUNOSRelease 10.1 for J-SRX Series Services
Gateways on page 37
Changes In Default Behavior and Syntax in JUNOS Release 10.1 for J-SRX Series Services
Gateways
The following current system behavior, configuration statement usage, and operational
mode command usage might not yet be documented in the JUNOS Software
documentation:
Application Layer Gateways (ALGs)
•
The following CLI commands have been removed as part of RPC ALG data structure
cleanup:
•
clear security alg msrpc portmap
•
clear security alg sunrpc portmap
•
show security alg msrpc portmap
•
show security alg sunrpc portmap
•
The show security alg msrpc object-id-map CLI command has a chassis cluster node
option to permit the output to be restricted to a particular node or to query the entire
cluster. The show security alg msrpc object-id-map node CLI command options are
<node-id | all | local | primary>.
AX411 Access Point
•
On J-SRX240 devices managing an AX411Access Point, when youupgradefrom release
10.0x to Release 10.1R2 using the “validate” option, the upgrade might fail during
configuration validation. As a workaround, defer the upgrade until the service release
with a proper fix becomes available.
•
On J-SRX240 devices managing an AX411Access Point, when youupgradefrom release
10.0x to Release 10.1R2 using the “no-validate” option, the upgrade succeeds but the
15
Loading...