[c-nsp] L2 Channel Errors

Ahsan Rasheed ahsanrasheed9 at gmail.com
Thu Feb 23 12:10:26 EST 2017 

Hi All,

First thanks for all replies.Below are the configs of customer side &
our(ISP) side interface. On our side, we are using bridge network(which is
broadcast domain), other customers are part of this broadcast domain.We do
not have control on their L2 frames(STP,CDP,LDP etc).

Do customer or we need to add any other configuration so we can get it stop
those L2 Channel errors.Current configurations are below.
Do customer need to use ACL on their side juniper srx firewall to
drop/block those L2 frames?If yes what config customer can use.

Customer side SRX Juniper Firewall:
set interfaces ge-0/0/0 gigether-options redundant-parent reth0
set interfaces ge-2/0/0 gigether-options redundant-parent reth0
set interfaces reth0 description ISP
set interfaces reth0 redundant-ether-options redundancy-group 2
set interfaces reth0 unit 0 family inet address 2.2.2.2/30


Cisco 6500 switch ISP side interface:
interface GigabitEthernet1/15
 description Customers(many other customer IP's are here as secondary on
this interface)
 mtu 1546
 ip address 2.2.2.1 255.255.255.252 secondary
 ip address 10.0.9.1 255.255.255.0
 no ip redirects
 no ip proxy-arp
 logging event link-status
 logging event spanning-tree status
 no cdp enable
 spanning-tree bpdufilter enable



Specifically, this counter increases when the Junos software cannot find a
valid logical interface for an incoming frame(As customer & ISP,both are
not using any vlan or logical interface on any side). Any config need to
add on juniper side?

Your replies & suggestions would be appreciated.

Thanks & Regards,
Ahsan Rasheed




Thanks & Regards,
Ahsan Rasheed

On Mon, Feb 20, 2017 at 4:49 PM, Ahsan Rasheed <ahsanrasheed9 at gmail.com>
wrote:

> Hi All,
>
>
> Our one customer is facing this issue. They are using Juniper firewall on
> their side connected to us. We are using on our side as ISP Cisco 6500
> switch. Our side we are using bridged network environment. Our side
> interface configured as L3 interface. On their side they are getting " L2
> Channel errors" & are increasing.
>
>
> I searched & found about that L2 Channel errors arise due to the following
> reasons:
>
>   *   An untagged interface on the SRX receiving VLAN tagged packets.
>   *   An interface on the SRX, which is tagged with the VLAN id (for
> example, 'x'), receives packets with some other VLAN id's or tags. This
> usually happens when the SRX interface is configured as an access port; but
> the interface of the switch connected to it, if any, is configured as a
> Trunk.
>   *   STP runs on the interface of the device connected to the interface
> of the SRX
>   *   layer 2 frames such as STP or CDP/LLDP.
>
> Specifically, this counter increases when the Junos software cannot find a
> valid logical interface (that is, something like ge-0/0/1.0) for an
> incoming frame. Conversely, the packet is dropped.
>
>
> Anyone encountered on this type of issue. What would be the solution? Need
> to use ACL on Juniper firewall etc.?
>
> Any help would be appreciated.
>
> Thanks & Regards,
> Ahsan Rasheed
>

More information about the cisco-nsp mailing list