Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[QFX] VLAN seen and passing traffic after configuration is removed

0

0
Article ID: KB35507 KB Last Updated: 28 Feb 2020Version: 1.0 Summary:

Traffic forwarding continues even after VLAN is deleted. This is due to "family ethernet-switching" config being present under the interface unit. This scenario is specifically seen on QFX5110.

Symptoms:

On QFX5110 running Junos 17.3R2.10 with the following IFL config:

{master:0}
user@switch> show configuration groups CONFIG interfaces ae3000
description ServiceProvider4;
flexible-vlan-tagging;
mtu 9192;
encapsulation flexible-ethernet-services;
aggregated-ether-options {
    minimum-links 1;
    lacp {
        active;
        periodic fast;
    }
}
unit 802 {
    encapsulation vlan-bridge;
    vlan-id-list 100-4094;
    input-vlan-map push;
    output-vlan-map pop;
    family ethernet-switching;
}

And the IFL is part of the bridge domain:

{master:0}
user@switch> show vlans v802
 
Routing instance        VLAN name             Tag          Interfaces
default-switch          v802                  NA
                                                           ae3000.802*
                                                           ae90.2002*

user@switch> show vlans v802 detail
 
Routing instance: default-switch
VLAN Name: v802                           State: Active
Tag: NA
Internal index: 13, Generation Index: 14, Origin: Static
MAC aging time: 300 seconds
VXLAN Enabled : No
Interfaces:
    ae3000.802*,tagged
    ae90.2002*,tagged
Number of interfaces: Tagged 2    , Untagged 0
Total MAC count: 2

After removal of the bridge domain, it shows as Destroyed but the forwarding still continues:

user@switch# delete vlans v802
{master:0}
user@switch> show vlans v802 detail
 
Routing instance: default-switch
VLAN Name: v802                           State: Destroyed
Tag: NA
Internal index: 13, Generation Index: 14, Origin: Static
MAC aging time: 300 seconds
VXLAN Enabled : No
Interfaces:
    ae3000.802*,tagged
    ae90.2002*,tagged
Number of interfaces: Tagged 2    , Untagged 0
Total MAC count: 2


user@switch> show vlans v802
 
Routing instance        VLAN name             Tag          Interfaces
default-switch          v802                  NA
                                                           ae3000.802*
                                                           ae90.2002*
Solution:

The issue occurs due to 'family ethernet-switching' on the 'vlan-bridge' encapsulated IFL.

For example, a warning message appears when we commit the configuration. But the VLAN still passes traffic.

{master:0}[edit]
user@switch# commit check 
[edit interfaces]
  'ge-0/0/2'
    Configuration vlan-tagging is not supported with ifl family ethernet-switching
[edit interfaces]

The workaround is to remove 'family ethernet-switching' on the 'vlan-bridge' encapsulated IFL.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search