Monthly Archives: July 2014

Juniper and Cisco Wiring Examples for Virutal Chassis

Just a handy notes for Juniper EX Series Switches the cable layout for the virtual chassis link HERE. I can confirm for the EX4300 this method works as there is not documentation for the EX4300 option 1 and 2 is what I would stick with. Option 3 I would never use or could see not reason for it.

Option 1













Option 2













Cisco 3750 is commonly the switches I setup, HERE is the reference I use which I have applied to 2960x’s as well. Cisco Pretty much have simlar options to Juniper I for both I stick with the Port 1 SW01 to Port 2 SW02 Port 1 SW02 to Port 2 SW01

Stacking Guide



Stacking Guide




SSH Juniper EX series issue

So I recently experienced a switch which lost power and was not gracefully shut down.

After the switch came back up SSH stopped working. I had to console on to the switch to gain access.

Deleting SSH and re-adding it did not resolve any of the issues.

The following article HERE saved me when I discovered the following it the logs (below), researching this lead me to the article (4th line support Google)….

sshd 9299 – – fatal: Missing privilege separation directory: /var/empty

The following commands resolved the issue. Please note you will need to be logged in with root.

Start Shell
ls /var/empty
mkdir /var/empty
chown root:wheel /var/empty
chmod 555 /var/empty
ps aux sshd

If sshd is running already run ‘kill -HUP <PID of SSHD>’ without quotes where ‘PID’ is the process ID of sshd

Under shell you can do the following command to see the process and the PID of SSH.


If sshd is not running

do the following command to start it under shell.


Tagged , ,

SRX IPsec VPN poor throughput

I recently came against an issue of slow throughput on a IPsecVPN between two SRX220’s. The SRX220 is capable of around 100Mbps according the spec sheet, with an IPsec VPN.

The issue I was seeing was around 25Mbps over the VPN. The connection between the two SRX’s is just a L2VPN interconnect, so I wouldn’t have thought this to be the issue. If it was a 3rd party Ethernet or ADSL would of lead me more down the path of checking connectivity.

Further investigation lead me to find out that from the customer that on the end of the SRX’s are 2x SAN’s with MTU 9000. this lead me to finding out that the VPN on the SRX is capable of MTU 1350. So by this the packets are being fragmented causing the lower throughput of the VPN.

With the following article LINK

Setting the following two commands on both SRX’s resolved the issue it did take a while for it to take affect so I would suggest applying and checking the next day to see any improvement.

set security flow tcp-session no-sequence-check
set security flow tcp-mss ipsec-vpn mss 1350

Tagged , , , , ,