[MX] Troubleshooting Checklist - VLAN & Bridging

Use the following checklist to troubleshoot VLAN interfaces and bridging:

Verify the configuration of the VLAN.

For details on VLANs and bridging and its configuration on a MX router, refer to the technical documentation:

Ethernet Networking:
http://www.juniper.net/techpubs/en_US/junos/information-products/pathway-pages/mx-solutions/ethernet-networking.html

Junos MX Series Routers Layer 2:
http://www.juniper.net/techpubs/en_US/junos/information-products/pathway-pages/layer-2/

Below are some common configuration mistakes to check for:

Check that both ends of the link are configured for the same VLAN
Verify that the correct encapsulations types are configured on both ends
Make sure either a STP or L2 filter is not blocking the interface

Tips:

VLAN 0 and VLAN 4095 are not configurable in Junos software.
MX routers do not support private VLAN’s yet.

Make sure the physical and logical interfaces are in the UP UP condition, AND that the family is set as ‘bridge’ on the logical interface (for all the interested interfaces).

To do this, run the command ‘show interfaces terse ge-x/x/x‘ for the physical interface, and ‘show interfaces terse ge-x/x/x .yyy‘ for the logical interface.

For example:

Physical Interface output:

user@router> show interfaces terse | match ge-1/0/0     
Interface               Admin Link Proto    Local                 Remote
      ge-1/0/0                up    up

If physical interface is down, then refer to physical interface checklist, KB26486 - Troubleshooting Checklist - Ethernet Physical Interface.

Logical Interface output:

user@router> show interfaces terse ge-8/0/0.3122     
Interface               Admin Link Proto    Local                 Remote
ge-8/0/0.3122           up    up   bridge

If logical interface is admin down, then verify the configuration and see if it is disabled. If its link status is down, verify that the physical interface is UP.

Verify the logical interfaces associations with the VLAN & bridge-domains.

Next, check if the correct interfaces are associated with the correct VLANs and are in the correct bridge-domains.

To do this, run the command 'show bridge domain' and 'show bridge domain <vlan> detail'.

For example:

user@router> show bridge domain 
Routing instance        Bridge domain            VLAN ID     Interfaces
default-switch          vlan_100                 100         ge-1/0/0.0
                                                             ge-1/0/1.0     
                                                             ge-1/0/3.0
default-switch          vlan_200                 200      
                                                             ge-1/0/2.0
                                                             ge-1/0/3.0
                                                             ge-1/1/4.0 

user@router> show bridge domain vlan_100 detail
Routing instance: default-switch
  Bridge domain: vlan_100                       State: Active
  Bridge VLAN ID: 100 
  Interfaces:
    ge-1/0/0.0     ge-1/0/1.0     ge-1/0/3.0
  Total mac count: 2

In the above output, the vlan_100 bridge domain has three interfaces associated with it, which are all part of VLAN 100.

For more information on the above command output, refer to http://www.juniper.net/techpubs/en_US/junos/topics/reference/command-summary/show-bridge-domain-command.html.

View the MAC Address Table.

After verifying the correct interface associations for the VLAN/BRIDGE_DOMAIN (in Step 3), use the 'show bridge mac-table' command to view the MAC entries for the logical interfaces (for the interested bridge domain).

For example:

user@router> show bridge mac-table    

MAC flags (S -static MAC, D -dynamic MAC,
           SE -Statistics enabled, NM -Non configured MAC)

Routing instance : default-switch
 Bridging domain : vlan_100, VLAN : 100
   MAC                 MAC      Logical
   address             flags    interface 
   00:21:59:ab:8a:95   D        ge-1/0/0.0           
   00:21:59:ab:8a:96   D        ge-1/0/1.0

The show bridge mac-table command is used view all the entries within the MAC address table. It generates a list of learned MAC addresses along with the corresponding VLANs and interfaces. All entries are organized based on their associated VLANs. For more information on the above command output, refer to http://www.juniper.net/techpubs/en_US/junos/topics/reference/command-summary/show-bridge-mac-table-command.html.

If for any reason the table entries in the above output are not valid or you want to flush the MAC entries during troubleshooting, use the command ‘clear bridge mac-table’:

user@router> clear bridge mac-table ?
Possible completions:
  <[Enter]>            Execute this command
  <address>            MAC address
  bridge-domain        Name of bridging domain, or 'all'
  instance             Display information for a specified instance
  interface            Clear media access control table for specified interface
  logical-system       Name of logical system, or 'all'
  vlan-id              Clear MAC address learned on a specified VLAN (0..4095)
  |                    Pipe through a command

The clear bridge mac-table command clears all entries in the table or entries based on a specific property. Optionally, you can use the interface option to clear only those MAC table entries learned through the specified interface. For more information on the above command output, refer to http://www.juniper.net/techpubs/en_US/junos/topics/reference/command-summary/clear-bridge-mac-table-command.html

Monitor Bridge Statistics.

Now after verifying configuration’s and correct interface and MAC associations, check if the intended traffic types are hitting the bridge by using the command ‘show bridge statistics’:

user@router> show bridge statistics 
   Local interface: ge-1/0/0.111, Index: 81
     Broadcast packets:                    31
     Broadcast bytes  :                  1984
     Multicast packets:                     0
     Multicast bytes  :                     0
     Flooded packets  :                    31
     Flooded bytes    :                  2362
     Unicast packets  :                 24093
     Unicast bytes    :               2553438
     Current MAC count:                     1 (Limit 1024)
   Local interface: ge-1/0/0.112, Index: 80
     Broadcast packets:                     0
     Broadcast bytes  :                     0
     Multicast packets:                     0
     Multicast bytes  :                     0
     Flooded packets  :                     0
     Flooded bytes    :                     0
     Unicast packets  :                     0
     Unicast bytes    :                     0
     Current MAC count:                     0 (Limit 1024

The above output shows statistics for BUM traffic as well as for flooding for each logical interface of each bridge domain and for each routing instance. For more information on the above command output, refer to http://www.juniper.net/techpubs/en_US/junos/topics/reference/command-summary/show-bridge-statistics-command.html.

Knowledge Base