Hi All, First thanks for all replies.Below are the configs of customer side & our(ISP) side interface. On our side, we are using bridge network(which is broadcast domain), other customers are part of this broadcast domain.We do not have control on their L2 frames(STP,CDP,LDP etc).
Do customer or we need to add any other configuration so we can get it stop those L2 Channel errors.Current configurations are below. Do customer need to use ACL on their side juniper srx firewall to drop/block those L2 frames?If yes what config customer can use. Customer side SRX Juniper Firewall: set interfaces ge-0/0/0 gigether-options redundant-parent reth0 set interfaces ge-2/0/0 gigether-options redundant-parent reth0 set interfaces reth0 description ISP set interfaces reth0 redundant-ether-options redundancy-group 2 set interfaces reth0 unit 0 family inet address 2.2.2.2/30 Cisco 6500 switch ISP side interface: interface GigabitEthernet1/15 description Customers(many other customer IP's are here as secondary on this interface) mtu 1546 ip address 2.2.2.1 255.255.255.252 secondary ip address 10.0.9.1 255.255.255.0 no ip redirects no ip proxy-arp logging event link-status logging event spanning-tree status no cdp enable spanning-tree bpdufilter enable Specifically, this counter increases when the Junos software cannot find a valid logical interface for an incoming frame(As customer & ISP,both are not using any vlan or logical interface on any side). Any config need to add on juniper side? Your replies & suggestions would be appreciated. Thanks & Regards, Ahsan Rasheed ________________________________ From: Ahsan Rasheed <[email protected]> Sent: Tuesday, February 21, 2017 3:24 AM To: [email protected] Subject: L2 Channel Errors Hi All, Our one customer is facing this issue. They are using Juniper firewall on their side connected to us. We are using on our side as ISP Cisco 6500 switch. Our side we are using bridged network environment. Our side interface configured as L3 interface. On their side they are getting " L2 Channel errors" & are increasing. I searched & found about that L2 Channel errors arise due to the following reasons: * An untagged interface on the SRX receiving VLAN tagged packets. * An interface on the SRX, which is tagged with the VLAN id (for example, 'x'), receives packets with some other VLAN id's or tags. This usually happens when the SRX interface is configured as an access port; but the interface of the switch connected to it, if any, is configured as a Trunk. * STP runs on the interface of the device connected to the interface of the SRX * layer 2 frames such as STP or CDP/LLDP. Specifically, this counter increases when the Junos software cannot find a valid logical interface (that is, something like ge-0/0/1.0) for an incoming frame. Conversely, the packet is dropped. Anyone encountered on this type of issue. What would be the solution?Need to use ACL on Juniper firewall etc? Any help would be appreciated. Thanks & Regards, Ahsan Rasheed _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
