Switching

Hi and thanks in advance.

I have this issue.(both Juniper & Cisco stack or virtual chassis)

Juniper EX4200 CORE with Ge1/0/8 trunk port with Vlan1 added as native (in order to "talk" with Cisco)

Cisco Catalyst 2960X with Gi5/0/1 trunk Vlan1 native

Cisco 2960X Gi5/0/1 trunk -------------------------------------------------Ge1/0/8 Trunk Juniper EX4200

Trunk allowed Vlan1,100,114,120                                         Trunk allowed Vlan1,100,114,120

PVST enabled                                                                     VSTP enabled ALL Vlans

so I get this from Juniper side

Ethernet-switching table: 6 unicast entries

  VLAN              MAC address       Type         Age Interfaces

  VLAN-CORE         *                 Flood          - All-members

  VLAN-CORE         00:90:f5:e4:08:5f Learn          0 ge-1/0/8.0

  VLAN-CORE         38:20:56:11:24:01 Learn          0 ge-1/0/8.0

  VLAN-DGFE         *                 Flood          - All-members

  VLAN-DGFE         38:20:56:11:24:01 Learn          0 ge-1/0/8.0

  VLAN-USIP-TECNICOS *                Flood          - All-members

  VLAN-USIP-TECNICOS 38:20:56:11:24:01 Learn         0 ge-1/0/8.0

  VLAN1             *                 Flood          - All-members

  VLAN1             38:20:56:11:24:01 Learn          0 ge-1/0/8.0

  VLAN1             38:20:56:11:24:40 Learn         32 ge-1/0/8.0

{master:4}

aromay@AGC-IDF-CORE-PR> show ethernet-switching table interface ge-1/0/8

Ethernet-switching table: 0 unicast entries

{master:4}

aromay@AGC-IDF-CORE-PR> show ethernet-switching table interface ge-1/0/8

Ethernet-switching table: 0 unicast entries

  VLAN              MAC address       Type         Age Interfaces

  VLAN-CORE         *                 Flood          - All-members

  VLAN-DGFE         *                 Flood          - All-members

  VLAN-USIP-TECNICOS *                Flood          - All-members

  VLAN1             *                 Flood          - All-members

{master:4}

aromay@AGC-IDF-CORE-PR> show ethernet-switching table interface ge-1/0/8

Ethernet-switching table: 3 unicast entries

  VLAN              MAC address       Type         Age Interfaces

  VLAN-CORE         *                 Flood          - All-members

  VLAN-DGFE         *                 Flood          - All-members

  VLAN-DGFE         38:20:56:11:24:01 Learn          0 ge-1/0/8.0

  VLAN-USIP-TECNICOS *                Flood          - All-members

  VLAN-USIP-TECNICOS 38:20:56:11:24:01 Learn         0 ge-1/0/8.0

  VLAN1             *                 Flood          - All-members

  VLAN1             38:20:56:11:24:01 Learn          0 ge-1/0/8.0

as you can see everytime I refresh the command it connects, disconnects, and so

Same Cisco side

What seems to ne the problem?

before this I had RSTP on Juniper and ports blocked, NOW with VSTP I can see ports BUT get disconnected???

Hi,

U can use RSTP but u need to do firewall filter to filter BPDU mac address from cisco site.

Thanks

Thanks kronicklez

It was configured with RSTP, but I read that I would need VSTP in order to get cisco compatibility.

I added VSTP to Juniper, it stopped blocking ports BUT after a while started to block & unblock them over and over again

So, please tell me more how to get a firewall from juniper side.

Some link to read or some tip, I do not really get it

Thanks again

Hi, 

RSTP blocking the port probably suggests presence of a loop since RSTP has a single STP instance and would look at BPDUs from VLAN1 only and completely STP block the port [all VLANs inclusive] if a loop is detected.

With VSTP the mac-address table also indicates MAC addresses flapping with 38:20:56:11:24:01 probably being the facing 2960?

Is there any possibilities of having a loop in that topology? 

Below commands could provide a picture of the STP topology:

show spanning-tree
show spanning-tree bridge
show spanning-tree interface
show spanning-tree interface detail

A useful resouce below for STP Interop b/w Juniper & Cisco:

http://www.juniper.net/us/en/local/pdf/implementation-guides/8010002-en.pdf

One of the catching points with VSTP is:

With Cisco switches, VLAN 1 complies with the IEEE spanning-tree specification. Currently the EX Series switches
cannot process BPDUs on VLAN 1 with Cisco switches. If there is a trunk port configured between Cisco switches and
Juniper EX Series switches, then the VLAN that is configured as the native-vlan than that VLAN (native-vlan) will treat
the BPDUs as a regular multicast and flood the BPDU.

"Note: When you configure VSTP with the set protocol vstp vlan all command, VLAN ID 1 is not set; it is excluded so that the configuration is compatible with Cisco PVST+. If you want VLAN ID 1 to be included in the VSTP configuration on your switch, you must set it separately with theset protocol vstp vlan 1 command."

http://www.juniper.net/documentation/en_US/junos15.1/topics/concept/spanning-trees-ex-series-vstp-understanding.html

Hi AshvinO and thanks

Well, finally worked

I had to do 2 things.

1. disable DTP on Cisco interface Gi1/0/8
2. Disable PoE on the same port

now

{master:4}[edit] aromay@AGC-IDF-CORE-PR# run show ethernet-switching interfaces ge-1/0/8 Interface State VLAN members Tag Tagging Blocking ge-1/0/8.0 up VLAN1 1 untagged blocked by STP VLAN-CORE 100 tagged blocked by STP VLAN-DGFE 114 tagged blocked by STP VLAN-USIP-TECNICOS 120 tagged blocked by STP VLAN1 1 tagged blocked by STP {master:4}[edit] aromay@AGC-IDF-CORE-PR# run show ethernet-switching interfaces ge-1/0/8 Interface State VLAN members Tag Tagging Blocking ge-1/0/8.0 up VLAN1 1 untagged unblocked VLAN-CORE 100 tagged unblocked VLAN-DGFE 114 tagged unblocked VLAN-USIP-TECNICOS 120 tagged unblocked VLAN1 1 tagged unblocked aromay@AGC-IDF-CORE-PR> show ethernet-switching table interface ge-1/0/8 Ethernet-switching table: 2 unicast entries VLAN MAC address Type Age Interfaces VLAN-CORE * Flood - All-members VLAN-CORE 00:90:f5:e4:08:5f Learn 0 ge-1/0/8.0 VLAN-DGFE * Flood - All-members VLAN-USIP-TECNICOS * Flood - All-members VLAN1 * Flood - All-members VLAN1 38:20:56:11:24:01 Learn 0 ge-1/0/8.0 

Note: Vlan core "see" the notebook, vlan1 is the cisco

So i thinks it is done!

Next step I 'll to configure DHCP Helper in order to get IP from a Windows server connected to this juniper, hope it works!! thanks a lot error404

Well, it happened again, the error came back, it lasted a few minutes working ok so, now what'?

UTP changed PoE disabled DTP disabled no redundat link

??

Hi,

I would suggest investigating the STP blocked ports with following commands:

show spanning-tree bridge
show spanning-tree interface detail
show ethernet-switching interfaces x/x/x detail

Hi AshvinO

I managed to remove vlan1 from vlan members on trunk so I now have vlan1 Untagged (before I had vlan1 tagged and untagged??)

I run commands you say and get this

aromay@AGC-IDF-CORE-PR> ... interfaces ge-1/0/8 detail
Interface: ge-1/0/8.0, Index: 122, State: up, Port mode: Trunk
Native vlan: VLAN1
Ether type for the interface: 0x8100
VLAN membership:
VLAN1, 802.1Q Tag: 1, untagged, msti-id: 0, unblocked
VLAN-CORE, 802.1Q Tag: 100, tagged, msti-id: 9, unblocked
VLAN-DGFE, 802.1Q Tag: 114, tagged, msti-id: 11, unblocked
VLAN-USIP-TECNICOS, 802.1Q Tag: 120, tagged, msti-id: 23, unblocked
Number of MACs learned on IFL: 3

aromay@AGC-IDF-CORE-PR> show spanning-tree bridge

STP bridge parameters
Context ID : 0
Enabled protocol : RSTP
Root ID : 32768.00:21:59:cb:b6:41
Hello time : 2 seconds
Maximum age : 20 seconds
Forward delay : 15 seconds
Message age : 0
Number of topology changes : 12945
Time since last topology change : 3057 seconds
Topology change initiator : ge-1/0/8.0   ------>interfase juniper connected to Gi5/0/1 trunk on Cisco
Local parameters
Bridge ID : 32768.00:21:59:cb:b6:41
Extended system ID : 0
Internal instance ID : 0

STP bridge parameters
Context ID : 1
Enabled protocol : RSTP

STP bridge parameters for VLAN 120---->one of the vlans configured both sides of trunk cisco and juniper
Root ID : 32888.00:21:59:cb:b6:41
Hello time : 2 seconds
Maximum age : 20 seconds
Forward delay : 15 seconds
Message age : 0
Number of topology changes : 13762
Time since last topology change : 3165 seconds
Topology change initiator : ge-1/0/8.0------>interfase juniper connected to Gi5/0/1 trunk on Cisco
Topology change last recvd. from : 38:20:56:11:24:01
Local parameters
Bridge ID : 32888.00:21:59:cb:b6:41
Extended system ID : 23
Internal instance ID : 0

STP bridge parameters
Context ID : 24
Enabled protocol : RSTP

STP bridge parameters for VLAN 100---->one of the vlans configured both sides of trunk cisco and juniper
Root ID : 32868.00:21:59:c8:e6:41
Root cost : 22000
Root port : xe-5/1/1.0
Hello time : 2 seconds
Maximum age : 20 seconds
Forward delay : 15 seconds
Message age : 2
Number of topology changes : 30624
Time since last topology change : 3322 seconds
Topology change initiator : ge-1/0/8.0------>interfase juniper connected to Gi5/0/1 trunk on Cisco
Topology change last recvd. from : 38:20:56:11:24:01
Local parameters
Bridge ID : 32868.00:21:59:cb:b6:41
Extended system ID : 9
Internal instance ID : 0

STP bridge parameters
Context ID : 10
Enabled protocol : RSTP

STP bridge parameters for VLAN 114---->one of the vlans configured both sides of trunk cisco and juniper
Root ID : 32882.00:21:59:cb:b6:41
Hello time : 2 seconds
Maximum age : 20 seconds
Forward delay : 15 seconds
Message age : 0
Number of topology changes : 13855
Time since last topology change : 3393 seconds
Topology change initiator : ge-1/0/8.0------>interfase juniper connected to Gi5/0/1 trunk on Cisco
Topology change last recvd. from : 38:20:56:11:24:01
Local parameters
Bridge ID : 32882.00:21:59:cb:b6:41
Extended system ID : 11
Internal instance ID : 0

STP bridge parameters
Context ID : 12
Enabled protocol : RSTP

show spanning-tree interface detail

Interface name : ge-1/0/8.0
Port identifier : 128.585
Designated port ID : 128.585
Port cost : 20000
Port state : Forwarding
Designated bridge ID : 32768.00:21:59:cb:b6:41
Port role : Designated
Link type : Pt-Pt/NONEDGE
Boundary port : NA
Edge delay while expiry count : 20101
Rcvd info while expiry count : 0

then

aromay@AGC-IDF-CORE-PR> show ethernet-switching table interface ge-1/0/8
Ethernet-switching table: 2 unicast entries
VLAN MAC address Type Age Interfaces
VLAN-CORE * Flood - All-members
VLAN-CORE 00:90:f5:e4:08:5f Learn 0 ge-1/0/8.0
VLAN-DGFE * Flood - All-members
VLAN-USIP-TECNICOS * Flood - All-members
VLAN1 * Flood - All-members
VLAN1 38:20:56:11:24:01 Learn 0 ge-1/0/8.0

{master:4}

aromay@AGC-IDF-CORE-PR> configure
Entering configuration mode

{master:4}[edit]
aromay@AGC-IDF-CORE-PR# run show ethernet-switching interfaces ge-1/0/8
Interface State VLAN members Tag Tagging Blocking
ge-1/0/8.0 up VLAN1 1 untagged unblocked
VLAN-CORE 100 tagged unblocked
VLAN-DGFE 114 tagged unblocked
VLAN-USIP-TECNICOS 120 tagged unblocked

so it seems now is all ok?

I mean, Several minutes passed and I still get connected

do you see any problem?

thanks

Hi,

Some observations:

1. The EX is now root bridge for all the instances except vlan100 [Root ID and Bridge ID being same]. As a result, since the EX is now root bridge, all the ports will be in Forwarding/Unblocked state.

There has certainly been STP topology change in the network.

2. The EX seems to be connected to another switch on port xe-5/1/0 [Root port for vlan100].

Don't know what your config is like so can't really say what happened when you removed vlan1 from the trunk.

Did you configure vstp as "set protocol vstp vlan all"?

Hi Ashvin0

Yes, VSTP is configured as you mentioned

Finally I found that deleting VLAN1 from membership it solves the problem

delete interfaces ge-x//x/x unit 0 family ethernet-switching vlan Members VLAN1

Now from friday to right now it never disconnected

aromay@AGC-IDF-CORE-PR# ...hing table interface ge-1/0/8
Ethernet-switching table: 3 unicast entries
VLAN MAC address Type Age Interfaces
VLAN-CORE * Flood - All-members
VLAN-CORE 00:90:f5:e4:08:5f Learn 2:22 ge-1/0/8.0 --->notebook
VLAN-CORE 38:20:56:11:24:41 Learn 40 ge-1/0/8.0--->Cisco
VLAN-DGFE * Flood - All-members
VLAN-USIP-TECNICOS * Flood - All-members
VLAN1 * Flood - All-members
VLAN1 38:20:56:11:24:01 Learn 0 ge-1/0/8.0--->Cisco

{master:4}[edit]
aromay@AGC-IDF-CORE-PR# ...w ethernet-switching interface ge-1/0/8
Interface State VLAN members Tag Tagging Blocking
ge-1/0/8.0 up VLAN1 1 untagged unblocked
VLAN-CORE 100 tagged unblocked
VLAN-DGFE 114 tagged unblocked
VLAN-USIP-TECNICOS 120 tagged unblocked

I think this is it!

Thanks a lot for your time and tips, I am very thankful

Hi, 

Good to hear its finally resolved.

I wonder if applying "set protocol vstp vlan 1"  when vlan 1 is still present on the trunk would have resolved the issue.

Cheers,

Ashvin

mmm, that's a good idea.

Maybe when this all finish I could try it and give you feedback

Now I have to  set DHCP from behind this juniper to a cisco 2960 pointing to my virtual 10.72.0.30 and really don't have an idea how to get this done, once finished I'll give it a try to your idea

Thanks again