[j-nsp] L2 Channel Errors

Ahsan Rasheed ahsanrashed at hotmail.com
Thu Feb 23 12:09:12 EST 2017


Hi All,

First thanks for all replies.Below are the configs of customer side & our(ISP) side interface. On our side, we are using bridge network(which is broadcast domain), other customers are part of this broadcast domain.We do not have control on their L2 frames(STP,CDP,LDP etc).

Do customer or we need to add any other configuration so we can get it stop those L2 Channel errors.Current configurations are below.
Do customer need to use ACL on their side juniper srx firewall to drop/block those L2 frames?If yes what config customer can use.

Customer side SRX Juniper Firewall:
set interfaces ge-0/0/0 gigether-options redundant-parent reth0
set interfaces ge-2/0/0 gigether-options redundant-parent reth0
set interfaces reth0 description ISP
set interfaces reth0 redundant-ether-options redundancy-group 2
set interfaces reth0 unit 0 family inet address 2.2.2.2/30


Cisco 6500 switch ISP side interface:
interface GigabitEthernet1/15
 description Customers(many other customer IP's are here as secondary on this interface)
 mtu 1546
 ip address 2.2.2.1 255.255.255.252 secondary
 ip address 10.0.9.1 255.255.255.0
 no ip redirects
 no ip proxy-arp
 logging event link-status
 logging event spanning-tree status
 no cdp enable
 spanning-tree bpdufilter enable



Specifically, this counter increases when the Junos software cannot find a valid logical interface for an incoming frame(As customer & ISP,both are not using any vlan or logical interface on any side). Any config need to add on juniper side?

Your replies & suggestions would be appreciated.

Thanks & Regards,
Ahsan Rasheed



________________________________
From: Ahsan Rasheed <ahsanrashed at hotmail.com>
Sent: Tuesday, February 21, 2017 3:24 AM
To: juniper-nsp at puck.nether.net
Subject: L2 Channel Errors


Hi All,


Our one customer is facing this issue. They are using Juniper firewall on their side connected to us. We are using on our side as ISP Cisco 6500 switch. Our side we are using bridged network environment. Our side interface configured as L3 interface. On their side they are getting " L2 Channel errors" & are increasing.


I searched & found about that L2 Channel errors arise due to the following reasons:

  *   An untagged interface on the SRX receiving VLAN tagged packets.
  *   An interface on the SRX, which is tagged with the VLAN id (for example, 'x'), receives packets with some other VLAN id's or tags. This usually happens when the SRX interface is configured as an access port; but the interface of the switch connected to it, if any, is configured as a Trunk.
  *   STP runs on the interface of the device connected to the interface of the SRX
  *   layer 2 frames such as STP or CDP/LLDP.

Specifically, this counter increases when the Junos software cannot find a valid logical interface (that is, something like ge-0/0/1.0) for an incoming frame. Conversely, the packet is dropped.


Anyone encountered on this type of issue. What would be the solution?Need to use ACL on Juniper firewall etc?

Any help would be appreciated.

Thanks & Regards,
Ahsan Rasheed



More information about the juniper-nsp mailing list