This article provides information on how to troubleshoot incrementing L2 channel errors on a SRX interface.
L2 channel errors are noticed on the SRX interface. It can be seen in the output of the following command:
show interface ge-0/0/1 extensive
Physical interface: ge-0/0/1, Enabled, Physical link is Up
Interface index: 129, SNMP ifIndex: 23, Generation: 130
Link-level type: Ethernet, MTU: 1514, Speed: 100mbps, Loopback: Disabled,
Source filtering: Disabled, Flow control: Enabled
Device flags : Present Running
Interface flags: SNMP-Traps Internal: 0x4000
CoS queues : 4 supported, 4 maximum usable queues
Hold-times : Up 0 ms, Down 0 ms
Current address: 00:00:5E:00:53:00, Hardware address: 00:00:5E:00:53:00
Last flapped : 2006-04-16 23:00:41 PDT (02:08:05 ago)
Statistics last cleared: 2006-04-16 21:42:00 PDT (03:26:46 ago)
Traffic statistics:
Input bytes : 17539 152 bps
Output bytes : 92968 224 bps
Input packets: 348 0 pps
Output packets: 1349 0 pps
Input errors:
Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Policed discards: 0,
L3 incompletes: 0, L2 channel errors: 150, L2 mismatch timeouts: 0,
FIFO errors: 0, Resource errors: 0
Output errors:
Carrier transitions: 3, Errors: 0, Drops: 0, Collisions: 0, Aged packets: 0,
FIFO errors: 0, HS link CRC errors: 0, MTU errors: 0, Resource errors: 0
Egress queues: 4 supported, 4 in use
Queue counters: Queued packets Transmitted packets Dropped packets
0 best-effort 66 66 0
1 expedited-fo 0 0 0
2 assured-forw 0 0 0
3 network-cont 1283 1283 0
Active alarms : None
Active defects : None
MAC statistics: Receive Transmit
Total octets 24721 105982
Total packets 348 1349
Unicast packets 347 430
Broadcast packets 1 37
Multicast packets 0 882
CRC/Align errors 0 0
FIFO errors 0 0
MAC control frames 0 0
MAC pause frames 0 0
Oversized frames 0
Jabber frames 0
Fragment frames 0
VLAN tagged frames 0
Code violations 0
Filter statistics:
Input packet count 348
Input packet rejects 0
Input DA rejects 0
Input SA rejects 0
Output packet count 1349
Output packet pad count 0
Output packet error count 0
CAM destination filters: 3, CAM source filters: 0
Autonegotiation information:
Negotiation status: Complete
Link partner:
Link mode: Full-duplex, Flow control: None, Remote fault: OK
In the above output, the highlighted L2 Channel error field is shown as 150. This implies that 150 packets have been dropped on the ge-0/0/1 interface, due to L2 Channel errors. This might cause performance issues and hinder operations.
This issue is due to Junos software not being able to find an entry for the layer 2 circuit identifier, which is receiving a frame with a given VLAN tag, when the VLAN is not configured on the corresponding interface. An external connected device has trunked VLANs, of which the interface on the SRX is unaware.
L2 Channel errors arise due to the following reasons:
-
An untagged interface on the SRX device receives VLAN tagged packets.
-
An interface on the SRX device, which is tagged with the VLAN ID (for example, 'x'), receives packets with some other VLAN IDs or tags. This usually happens when the SRX device interface is configured as an access port; but the interface of the switch connected to it, if any, is configured as a Trunk.
-
STP runs on the interface of the device connected to the interface of the SRX device.
Specifically, this counter increases when the Junos software cannot find a valid logical interface (that is, something like ge-0/0/1.0) for an incoming frame. Conversely, the packet is dropped.
In such scenarios, it is recommended to obtain Wireshark packet captures on the device, which is connected to the SRX device. This will facilitate deep inspection of the packets being sent to the SRX device. Any such packet will be isolated and can be removed from the flow.
For assistance with packet captures, refer to KB21833 - How to do port mirroring on J-series and SRX branch devices.
2020-10-06: Article checked for accuracy, and found to be valid and relevant; no changes made