I have a client that has two layer-2 circuits from two separate providers. One Cox one AT&T. Recently it was discovered that one of the circuits was ordered incorrectly with a vlan tag and they wanted it untagged so we had them remove the tag but now that both layer 2 circuits are untagged we have created a layer 2 loop.
Before we got to telling the customer to simply create a LAG to stop the loop, I found that on the juniper switch I control into the Cox network that when both circuits were up that the access port facing his Dell switch would go into BPDU error detected and disable the port. I have to manually clear the error for the port to come back online and it will go back into a disabled state within about 5-10 seconds if the AT&T circuit is up. If we disable the AT&T circuit/path and clear the BPDU error the Cox circuit stays up just fine.
"If L2PT-encapsulated packets are received on an access interface, the switch reacts as it does when there is a loop between the service provider network and the customer network and shuts down (disables) the access interface. Once an interface is disabled, you must explicitly reenable it using the clear ethernet-switching layer2-protocol-tunneling error command or else the interface will remain disabled."
xxx@xxx> clear ethernet-switching layer2-protocol-tunneling error interface ge-0/0/8 {master:0} xxx@xxx> show ethernet-switching interfaces ge-0/0/8 Interface State VLAN members Tag Tagging Blocking ge-0/0/8.0 up vxxx xxx untagged unblocked {master:0} xxx@xxx> show ethernet-switching interfaces ge-0/0/8 Interface State VLAN members Tag Tagging Blocking ge-0/0/8.0 down vxxx xxx untagged Layer2 Protocol Tunneling - loop detected. When we looked at the interface on the Dell facing my switch and I look at the interface facing his Dell we see that both of us are sending BPDU's but we are both not getting any.
The vlan that we are L2PT across the Cox service network is set to tunnel all protocols so I don't quite get why we're not getting any BPDU's across the link.
Here is the configuration of the customer-facing interface and the service provider facing interface.
set groups xxxxx interfaces ge-0/0/8 mtu 9216 set groups xxxxx interfaces ge-0/0/8 unit 0 family ethernet-switching port-mode access set groups xxxxx interfaces ge-0/0/8 unit 0 family ethernet-switching vlan members v1011 set groups xxxxx interfaces ae48 unit 0 family ethernet-switching vlan members v1011 set groups xxxxx vlans v1011 vlan-id 1011 set groups xxxxx vlans v1011 interface ge-0/0/8.0 set groups xxxxx vlans v1011 interface ae48.0 set groups xxxxx vlans v1011 dot1q-tunneling layer2-protocol-tunneling all set interfaces ae48 mtu 9216 set interfaces ae48 aggregated-ether-options link-speed 10g set interfaces ae48 unit 0 family ethernet-switching port-mode trunk We like 1 of 2 things to work. Either setup a LAG and eliminate the need for STP basically. Or leave it with a loop in a properly blocking state so if one fails the other comes up and takes over like STP should do.
No comments:
Post a Comment