EasyManua.ls Logo

Juniper JUNOS OS 10.4 - RELEASE NOTES - Point-To-Point Protocol over Ethernet (Pppoe); Security; Snmp; Switching

Juniper JUNOS OS 10.4 - RELEASE NOTES
197 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Table 10: Number of Rules on SRX Series and J Series Devices (continued)
J Series
SRX5600
SRX5800
SRX3400
SRX3600SRX650SRX240SRX210SRX100
NAT Rule
Type
5128192819210241024512512Static NAT
rule
The restriction on the number of rules per rule set has been increased so that there is
only a device-wide limitation on how many rules a device can support. This restriction
is provided to help you better plan and configure the NAT rules for the device.
IKE negotiations involving NAT-T—On SRX1400, SRX3400, SRX3600, SRX5600,
and SRX5800 devices, IKE negotiations involving NAT-Traversal (NAT-T) traversal
do not work if the IKE peer is behind a NAT device that will change the source IP address
of the IKE packets during the negotiation. For example, if the NAT device is configured
with DIP, it changes the source IP because the IKE protocol switches the UDP port from
500 to 4500.
Point-to-Point Protocol over Ethernet (PPPoE)
On SRX100, SRX210, SRX220, SRX240, SRX650, and all J Series devices in a chassis
cluster, the reth interface cannot be used as the underlying interface for Point-to-Point
Protocol over Ethernet (PPPoE).
Security
J Series devices do not support the authentication order password radius or password
ldap in the edit access profile profile-name authentication-order command. Instead, use
order radius password or ldap password.
For all other limitations in security, see Addresses and Address Sets” in the Junos OS
Security Configuration Guide.
SNMP
On J Series devices, the SNMP NAT-related MIB is not supported in Junos OS Release
10.4.
Switching
On SRX100, SRX210, SRX240, and SRX650 devices, CoA is not supported with 802.1x.
On SRX100, SRX210, SRX240 and SRX650 devices, on the routed VLAN interface, the
following features are not supported:
IPv6 (family inet6)
ISIS (family ISO)
Class-of-service
Encapsulations (Ether CCC, VLAN CCC, VPLS, PPPOE etc) on VLAN interfaces
CLNS
141Copyright © 2010, Juniper Networks, Inc.
Known Limitations in Junos OS Release 10.4 for SRX Series Services Gateways and J Series Services Routers

Table of Contents

Related product manuals