Ethernet Switching
Highlighted
Ethernet Switching

MAC entry

‎05-28-2020 05:24 AM

Hi,

Mx+EX9200 devices are at my side:

Mx==ae5_trunk===EX9200-==ae10==================ADSL_Whole_DSL_Saler(Telecom Company)

 

There are 5 new vlans (11,12,13,14,15) associated to the ae10. Each vlan carrying many DSL subscribers to me. These can be seeing on the bng Mx router by >show subscriber stacked vlan-id XX. No problem..... But vlan 13 is not bringing any subscriber at my either Mx or EX9200 switch... But tehnician from the Telecom company says there is a traffic on particularly vlan (13) that I am not receving any thing...

 

At my side I did the following:

Ex9200> show ethernet-switching table vlan-id 13 ========>no any MAC entry

Ex9200> >monitor traffic interface ae10.13 size 9999 no-resolve count 5====>Nothing coming.Because transit traffic.

Mx> monitor traffic interface ae10.13 size 9999 no-resolve count 5====>Nothing coming.

Mx> show subscriber stacked-vlan-id 13 ====>Nothing coming.

 

What else troubleshooting should be done? Any workaround?

 

 

2 REPLIES 2
Highlighted
Ethernet Switching

Re: MAC entry

‎05-28-2020 06:11 AM

Hi Arix,

 

Is the device dropping any packets on the link?

Can you create a firewall filter to count packets with vlan-id 13?

 

If the device is not dropping packets, and there are no packets with vlan-id 13, you should reach out to the Telecom again.

Highlighted
Ethernet Switching

Re: MAC entry

‎05-28-2020 06:18 AM

Hello Arix,

 

Two options

 

1) Firewall Filters

 

a) If the vlan has an IRB IP address

 

#set firewall family inet filter <filter name> term 1 then log

#set firewall family inet filter <filter name> term 2 then accept

 

and then apply the filter on the interface

 

#set interfaces irb unit 13 family inet filter input <filter name>

 

The filter is just to log all traffic passing through the VLAN.  You can add other term to filter the traffic

 

For example,

 

#set firewall family inet filter <filter name> term 1 from source-address 

#set firewall family inet filter <filter name> term 1 then log

#set firewall family inet filter <filter name> term 2 then accept

 

#set interfaces irb unit 13 family inet filter input <filter name>

 

 

b) If the VLAN is configured for layer 2 traffic only, then you need to apply the filter on the physical ports.

 

#set firewall family ethernet-switching filter <filter name> interface-specific

#set firewall family ethernet-switching filter <filter name> term 1 then log

#set firewall family ethernet-switching filter <filter name> term 2 then accept

 

and based on the traffic flow you apply the filter as input direction or output direction

 

#set interfaces ge-x/x/x unit 0 family inet filter input <filter name>

#set interfaces ge-x/x/x unit 0 family inet filter output <filter name>

 

 

c) To check the filter logs use this command

 

>show firewall log

 

d) You can use counters as well

 

#set firewall family ethernet-switching filter <filter name> term 1 then count <counter name>

 

and use this command to check the counters

 

>show firewall

 

 

e) The filter logs can also be sent to a file

 

#set firewall family ethernet-switching filter <filter name> term 1 then syslog

#set system syslog file <file name> firewall any

 

 

2) Packet captures on the ingress and egress ports.

 

 

Hope this helps

 

 

Randall,

 

Feedback