Ethernet Switching
Highlighted
Ethernet Switching

Event-policy for BPDU error detect

‎10-02-2019 07:30 AM

Hi,

 

I am trying to configure event-options policy that every time that specific port will be in status "BPDU Error:Detected" 

the switch will run automatic configuration and will disable another interface,

 

My problem is that i cant find any event or attributes-match this scenario

 

This the log i get when the port blocks himeself:

l2cpd[1131]: BPDU_PROTECT: Interface ge-0/0/47 is DOWN: BPDU error detected

 

And this the interface status:

Physical interface: ge-0/0/47, Enabled, Physical link is Down

  Interface index: 691, SNMP ifIndex: 589

  Link-level type: Ethernet, MTU: 1514, Speed: Auto, Duplex: Auto,

  BPDU Error: Detected, MAC-REWRITE Error: None, Loopback: Disabled,

  Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled,

  Remote fault: Online, Media type: Copper,

 

Any idea ?

 

Regards

Rafi

8 REPLIES 8
Highlighted
Ethernet Switching

Re: Event-policy for BPDU error detect

‎10-02-2019 08:56 AM

System should have cli configuration to shut down the link when BPDU error is seen. You should be able to find a lot from techPub and KB. However, I am trying to understand your requirement, you want to shut down port 2 when port 1 receives BPDU error? Can you help elaborate the motiv here? 

 

https://kb.juniper.net/InfoCenter/index?page=content&id=KB24166

https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/spanning-trees-interface...


Mengzhe Hu
JNCIE x 3 (SP DC ENT)
Highlighted
Ethernet Switching

Re: Event-policy for BPDU error detect

[ Edited ]
‎10-02-2019 10:54 AM

Hi,

Thank you for your replay 

 

i will explaine my self

I have pc farm with internet access, (interface irb is the farm  D.G ) there are cases that we need to disallow access to internet to these stations, the simple way to do it is to disable interface irb

So i thought to do it with event-option i used event-policy in past with "snmp_trap_link_up"

Please see example:

set event-options policy CS-DR-on-snmp-trap-link-up events SNMP_TRAP_LINK_UP

set event-options policy CS-DR-on-snmp-trap-link-up attributes-match snmp_trap_link_up.interface-name matches ae4

set event-options policy CS-DR-on-snmp-trap-link-up then change-configuration retry count 5

set event-options policy CS-DR-on-snmp-trap-link-up then change-configuration retry interval 4

set event-options policy CS-DR-on-snmp-trap-link-down then change-configuration commands "set interfaces ae4 unit 0 family inet address x.x.x.x/29"

set event-options policy CS-DR-on-snmp-trap-link-down then change-configuration commands "del interfaces ae4 disable"

 

The idea is that every time we need to diasable internet access  the farm adminstrator will connect looper to interface ge-0/0/47 this will cause interafce ge-0/0/47 to be in "bpdu error detect" (interface ge-0/0/47 is just for the trigger)

See logs:

l2cpd[1131]: BPDU_PROTECT: Interface ge-0/0/47 is DOWN: BPDU error detected

And according to this log i want to configure event-policy to disable the interface irb.x

The problem is that i didnt find any event or attributes-match to do this with "BPDU error detected"

 

I hope I was clear enough

 

Regards

Rafi

 

 

 

Highlighted
Ethernet Switching

Re: Event-policy for BPDU error detect

‎10-02-2019 02:04 PM

Thanks. This makes much more sense. You'd like to disable the L3 interface irb when L2 interface is receiving BPDU error. And I assume you have other L2 interface in the same VLAN thus irb is not shut down because of lack of L2 interface. Event option seems the best approach here. Will search what can be a matching term here


Mengzhe Hu
JNCIE x 3 (SP DC ENT)
Highlighted
Ethernet Switching

Re: Event-policy for BPDU error detect

‎10-03-2019 12:05 AM

Hi,

Thank you very much,

 

I am wating 🙂

 

Regards

Rafi

Highlighted
Ethernet Switching

Re: Event-policy for BPDU error detect

‎10-03-2019 07:57 AM

You may try to use attributes-match to match the regex for the logs you have seen 

 

https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/attribute...

 

Something like below. But you would need to tweak the regex a little bit 

 

#show event-options
policy test {
events system;
attributes-match {
system.message matches "^BPDU_PROTECT$";
}
then {
change-configuration {
commands {
"set interface irb.1 disable";
}
}
}
}


Mengzhe Hu
JNCIE x 3 (SP DC ENT)
Highlighted
Ethernet Switching

Re: Event-policy for BPDU error detect

‎10-03-2019 10:53 PM

Hi,

Thank you very much, i will try this, it will take few days (we are in holidays time)

I will update if it works

 

Regards

Rafi

Highlighted
Ethernet Switching

Re: Event-policy for BPDU error detect

[ Edited ]
‎10-06-2019 04:50 AM

Hi,

 

Are you sure that this is SYSTEM event ? beacuse its not working for me

 

please see, i configured simple regx which means if syntex finished with "detected" no matter what i have before

 

set event-options policy Disable-Internet events SYSTEM

set event-options policy Disable-Internet attributes-match SYSTEM.message matches "_detected$"

set event-options policy Disable-Internet then change-configuration commands "set interfaces irb.10 disable"

set event-options policy Disable-Internet then change-configuration user-name admin

set event-options policy Disable-Internet then change-configuration commit-options log "updating configuration from event policy Disable-Internet"

 

See logs:

Oct 18 00:33:32   l2cpd[1131]: BPDU_PROTECT: Interface ge-0/0/47 is DOWN: BPDU error detected

Oct 18 00:33:33   pfex: [EX-BCM PIC] ex_bcm_linkscan_handler: Link 48 DOWN

Oct 18 00:33:33   mib2d[1111]: SNMP_TRAP_LINK_DOWN: ifIndex 589, ifAdminStatus up(1), ifOperStatus down(2), ifName ge-0/0/47

 

Any help will be appreciated

 

Regards

Rafi

Highlighted
Ethernet Switching

Re: Event-policy for BPDU error detect

‎10-06-2019 10:42 PM

Hi,

 

For now i done this with SNMP_TRAP_LINK_UP/DOWN

 

This is the configuration:

 

set event-options policy Disable-Internet_link-up events SNMP_TRAP_LINK_UP

set event-options policy Disable-Internet_link-up attributes-match snmp_trap_link_up.interface-name matches ge-0/0/47

set event-options policy Disable-Internet_link-up then change-configuration retry count 5

set event-options policy Disable-Internet_link-up then change-configuration retry interval 4

set event-options policy Disable-Internet_link-up then change-configuration commands "set interfaces irb.10 disable"

set event-options policy Disable-Internet_link-up then change-configuration user-name admin

set event-options policy Disable-Internet_link-up then change-configuration commit-options log "updating configuration from event policy Disable-Internet_link-up"

 

set event-options policy Allow-Internet_link-down events SNMP_TRAP_LINK_DOWN

set event-options policy Allow-Internet_link-down attributes-match snmp_trap_link_down.interface-name matches ge-0/0/47

set event-options policy Allow-Internet_link-down then change-configuration retry count 5

set event-options policy Allow-Internet_link-down then change-configuration retry interval 4

set event-options policy Allow-Internet_link-down then change-configuration commands "del interfaces irb.10 disable"

set event-options policy Allow-Internet_link-down then change-configuration user-name admin

set event-options policy Allow-Internet_link-down then change-configuration commit-options log "updating configuration from event policy Allow-Internet_link-down"

 

 

Regards

Rafi

 

Feedback