Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] How to troubleshoot incrementing L2 channel errors on the interface

0

0

Article ID: KB24550 KB Last Updated: 06 Oct 2020Version: 3.0
Summary:

This article provides information on how to troubleshoot incrementing L2 channel errors on a SRX interface.

 

Symptoms:

L2 channel errors are noticed on the SRX interface. It can be seen in the output of the following command:

show interface ge-0/0/1 extensive
Physical interface: ge-0/0/1, Enabled, Physical link is Up
  Interface index: 129, SNMP ifIndex: 23, Generation: 130
  Link-level type: Ethernet, MTU: 1514, Speed: 100mbps, Loopback: Disabled,
  Source filtering: Disabled, Flow control: Enabled
  Device flags   : Present Running
  Interface flags: SNMP-Traps Internal: 0x4000
  CoS queues     : 4 supported, 4 maximum usable queues
  Hold-times     : Up 0 ms, Down 0 ms
  Current address: 00:00:5E:00:53:00, Hardware address: 00:00:5E:00:53:00
  Last flapped   : 2006-04-16 23:00:41 PDT (02:08:05 ago)
  Statistics last cleared: 2006-04-16 21:42:00 PDT (03:26:46 ago)
  Traffic statistics:
   Input  bytes  :                17539                  152 bps
   Output bytes  :                92968                  224 bps
   Input  packets:                  348                    0 pps
   Output packets:                 1349                    0 pps
  Input errors:
    Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Policed discards: 0,
    L3 incompletes: 0, L2 channel errors: 150, L2 mismatch timeouts: 0, 
    FIFO errors: 0, Resource errors: 0
  Output errors:
    Carrier transitions: 3, Errors: 0, Drops: 0, Collisions: 0, Aged packets: 0,
    FIFO errors: 0, HS link CRC errors: 0, MTU errors: 0, Resource errors: 0

 Egress queues: 4 supported, 4 in use
  Queue counters:       Queued packets  Transmitted packets      Dropped packets
    0 best-effort                   66                   66                    0
    1 expedited-fo                   0                    0                    0
    2 assured-forw                   0                    0                    0
    3 network-cont                1283                 1283                    0
  Active alarms  : None
  Active defects : None
  MAC statistics:                      Receive         Transmit
    Total octets                         24721           105982
    Total packets                          348             1349
    Unicast packets                        347              430
    Broadcast packets                        1               37
    Multicast packets                        0              882
    CRC/Align errors                         0                0
    FIFO errors                              0                0
    MAC control frames                       0                0
    MAC pause frames                         0                0
    Oversized frames                         0
    Jabber frames                            0
    Fragment frames                          0
    VLAN tagged frames                       0
    Code violations                          0
  Filter statistics:
    Input packet count                     348
    Input packet rejects                     0
    Input DA rejects                         0
    Input SA rejects                         0
    Output packet count                                    1349
    Output packet pad count                                   0
    Output packet error count                                 0
    CAM destination filters: 3, CAM source filters: 0
  Autonegotiation information:
    Negotiation status: Complete
    Link partner:
        Link mode: Full-duplex, Flow control: None, Remote fault: OK

In the above output, the highlighted L2 Channel error field is shown as 150. This implies that 150 packets have been dropped on the ge-0/0/1 interface, due to L2 Channel errors. This might cause performance issues and hinder operations.

 

Cause:

This issue is due to Junos software not being able to find an entry for the layer 2 circuit identifier, which is receiving a frame with a given VLAN tag, when the VLAN is not configured on the corresponding interface. An external connected device has trunked VLANs, of which the interface on the SRX is unaware.

 

Solution:

L2 Channel errors arise due to the following reasons:

  • An untagged interface on the SRX device receives VLAN tagged packets.

  • An interface on the SRX device, which is tagged with the VLAN ID (for example, 'x'), receives packets with some other VLAN IDs or tags. This usually happens when the SRX device interface is configured as an access port; but the interface of the switch connected to it, if any, is configured as a Trunk.

  • STP runs on the interface of the device connected to the interface of the SRX device.

Specifically, this counter increases when the Junos software cannot find a valid logical interface (that is, something like ge-0/0/1.0) for an incoming frame. Conversely, the packet is dropped.

In such scenarios, it is recommended to obtain Wireshark packet captures on the device, which is connected to the SRX device. This will facilitate deep inspection of the packets being sent to the SRX device.  Any such packet will be isolated and can be removed from the flow.

For assistance with packet captures, refer to KB21833 - How to do port mirroring on J-series and SRX branch devices.

 

Modification History:

2020-10-06: Article checked for accuracy, and found to be valid and relevant; no changes made

 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search