[j-nsp] L2 Channel Errors

[Alexander Arseniev]

Hello,

By default, Cisco floods all VLANs to all trunk ports. SRX does not 
support VTP & VTP pruning so it cannot tell Cisco to stop sending 
useless frames to it.

On 6500 port facing SRX, configure "cdp disable", "spanning-tree 
portfast trunk" & "switchport trunk allowed vlan BLAH1 BLAH2" etc to 
include ONLY VLANs that actually are defined in SRX.

HTH
Thx
Alex

On 20/02/2017 22:24, Ahsan Rasheed wrote:
> Hi All,
>
>
> Our one customer is facing this issue. They are using Juniper firewall on their side connected to us. We are using on our side as ISP Cisco 6500 switch. Our side we are using bridged network environment. Our side interface configured as L3 interface. On their side they are getting " L2 Channel errors" & are increasing.
>
>
> I searched & found about that L2 Channel errors arise due to the following reasons:
>
>    *   An untagged interface on the SRX receiving VLAN tagged packets.
>    *   An interface on the SRX, which is tagged with the VLAN id (for example, 'x'), receives packets with some other VLAN id's or tags. This usually happens when the SRX interface is configured as an access port; but the interface of the switch connected to it, if any, is configured as a Trunk.
>    *   STP runs on the interface of the device connected to the interface of the SRX
>    *   layer 2 frames such as STP or CDP/LLDP.
>
> Specifically, this counter increases when the Junos software cannot find a valid logical interface (that is, something like ge-0/0/1.0) for an incoming frame. Conversely, the packet is dropped.
>
>
> Anyone encountered on this type of issue. What would be the solution?Need to use ACL on Juniper firewall etc?
>
> Any help would be appreciated.
>
> Thanks & Regards,
> Ahsan Rasheed
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp