Ethernet Switching
Highlighted
Ethernet Switching

LLDP_Multicast traffic doesn't flow throgh the EX2200

‎05-16-2018 07:12 AM

Hello

 

In order to communicate Siemens TIA Portal and a S-1200 PLC, i have to connect both to the same swicht, but i can't do that.

The S-1200 is generating LLDP traffic but it can't reach the PC whit Siemens software, the EX2200 is blocking it.

I configure a ge-0/0/12.0 as port mirror and monitor the ingress traffric from the PLC is connected. I can see the LLDP traffic. But it doesn't reach the PC.

I tried turning off the storm control  and doesn't work.

 

Thanks

6 REPLIES
Ethernet Switching

Re: LLDP_Multicast traffic doesn't flow throgh the EX2200

‎05-16-2018 07:56 AM

Is LLDP enabled on this interface?  If yes LLDP should go EX2200 RE not be passed as L2 multicast.  Same thing for interface connecting to Siemens device.

 

Yes?  LLDP is enabled on all interfaces of EX products by default.

Ethernet Switching

Re: LLDP_Multicast traffic doesn't flow throgh the EX2200

[ Edited ]
‎05-17-2018 11:15 PM

Yes, it was enabled.

I switch both interfaces off ( the one which uses PC and the one which uses the PLC) and it doesn't work.

juniperEX2200.png

 

This is what i see when i capture traffic in the mirrored port. The traffic reaches the swicht but it doesn't get out of it.

LLDP_siemens.png

 

Ethernet Switching

Re: LLDP_Multicast traffic doesn't flow throgh the EX2200

‎06-05-2018 11:50 PM

Hello

I'm still suffering with this issue. I configure as simple as i can. why  it doesn't work?

 

Configuration:

root@XXXXXXX# show 
## Last changed: 2015-05-02 12:57:49 CEST
version 12.3R9.4;
system {
    host-name XXXXXXX;
    time-zone Europe/Madrid;
    root-authentication {
        encrypted-password "XXXXXXX"; ## SECRET-DATA
    }
    services {
        ssh {
            protocol-version v2;
        }
        netconf {
            ssh;
        }
        web-management {
            http;
        }
        dhcp {
            traceoptions {
                file dhcp_logfile;
                level all;
                flag all;
            }
        }
    }
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any notice;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
}
chassis {
    alarm {
        management-ethernet {
            link-down ignore;
        }
    }
    auto-image-upgrade;
}
interfaces {
    ge-0/0/0 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/1 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/2 {
        unit 0 {                        
            family ethernet-switching;
        }
    }
    ge-0/0/3 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/4 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/5 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/6 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/7 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/8 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/9 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/10 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/11 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/12 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/13 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/14 {                         
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/15 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/16 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/17 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/18 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/19 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/20 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/21 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/22 {
        unit 0 {
            family ethernet-switching {
                port-mode trunk;
                vlan {
                    members ciberseguridad;
                }
            }
        }
    }
    ge-0/0/23 {
        unit 0 {
            family ethernet-switching {
                port-mode trunk;
                vlan {
                    members ciberseguridad;
                }
            }
        }
    }                                   
    ge-0/1/0 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/1/1 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/1/2 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/1/3 {
        unit 0 {
            family ethernet-switching;
        }
    }
    vlan {
        unit 1 {
            family inet {
                address 192.168.222.2/24;
            }
        }
    }
}
snmp {
    location XXXXX;
    contact "XXXXX";
    community XXXXX {
        authorization read-only;
    }
}
routing-options {
    static {
        route 0.0.0.0/0 next-hop x.x.x.x;
    }
}
protocols {
    rstp {
        bridge-priority 32k;
        interface ge-0/0/22.0 {
            cost 1000;
            mode point-to-point;
        }
        interface ge-0/0/23.0 {
            cost 1000;
            mode point-to-point;
        }
    }
    lldp {
        interface all;
    }
    lldp-med {
        interface all;
    }
}                                       
vlans {
    ciberseguridad {
        vlan-id 4094;
        interface {
            ge-0/0/1.0;
            ge-0/0/2.0;
            ge-0/0/3.0;
            ge-0/0/4.0;
            ge-0/0/5.0;
            ge-0/0/6.0;
            ge-0/0/7.0;
            ge-0/0/8.0;
            ge-0/0/9.0;
            ge-0/0/10.0;
            ge-0/0/11.0;
            ge-0/0/12.0;
            ge-0/0/13.0;
            ge-0/0/14.0;
            ge-0/0/15.0;
            ge-0/0/16.0;
            ge-0/0/17.0;
            ge-0/0/18.0;
            ge-0/0/19.0;
            ge-0/0/20.0;
            ge-0/0/21.0;
            ge-0/0/22.0;
            ge-0/0/23.0;
            ge-0/0/0.0;
        }
        l3-interface vlan.1;
    }
    default;
}

Ethernet Switching

Re: LLDP_Multicast traffic doesn't flow throgh the EX2200

‎06-06-2018 02:56 AM
In order to communicate Siemens TIA Portal and a S-1200 PLC, i have to 
connect both to the same swicht, but i can't do that.

The S-1200 is generating LLDP traffic but it can't reach the PC whit Siemens 
software, the EX2200 is blocking it.

I configure a ge-0/0/12.0 as port mirror and monitor the ingress traffric from the PLC is connected. I can see the LLDP traffic. But it doesn't reach the PC.

You need to remove the LLDP on the EX switch for the ports these devices are connected to. 

If LLDP is on for these interface the EX will consume and process the LLDP request itself and NOT flood the request.

 

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Ethernet Switching

Re: LLDP_Multicast traffic doesn't flow throgh the EX2200

‎06-06-2018 03:48 AM

Hello spuluka

 

It doesn't work. I've disabled lldp on all the interfaces and the only change I've noticed is that the switch before this it was sending lldp frames itself and now i can't see any lldp frames.

I've made this:

root@Ciberseguridad02# edit protocols                  

{master:0}[edit protocols]
root@Ciberseguridad02# set lldp disable 

{master:0}[edit protocols]
root@Ciberseguridad02# set lldp-med disable 

{master:0}[edit protocols]
root@Ciberseguridad02# show 
rstp {
    bridge-priority 32k;
    interface ge-0/0/22.0 {
        cost 1000;
        mode point-to-point;
    }
    interface ge-0/0/23.0 {
        cost 1000;
        mode point-to-point;
    }
}
lldp {
    disable;
}
lldp-med {
    disable;
}

Thanks for replying

Ethernet Switching

Re: LLDP_Multicast traffic doesn't flow throgh the EX2200

‎06-06-2018 03:59 AM

Hello,

LLD uses special dst MAC that is not forwarded by modern switches

https://en.wikipedia.org/wiki/Link_Layer_Discovery_Protocol#Frame_structure

The Ethernet frame used in LLDP has its destination MAC address typically set to a special multicast address that 802.1D-compliant bridges do not forward.

HTH

Thx

Alex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !