Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[MX] Troubleshooting Checklist - VLAN & Bridging



Article ID: KB26487 KB Last Updated: 31 Dec 2012Version: 1.0

A basic checklist for troubleshooting VLAN interfaces and bridging on MX Series devices.

To troubleshoot Physical interface or IRB interfaces, refer to KB26486: Troubleshooting Checklist - Ethernet Physical Interface or KB26488: Troubleshooting Checklist - IRB Interface.

  • Troubleshoot VLAN Interface on MX Series devices
  • VLAN interface is down

Use the following checklist to troubleshoot VLAN interfaces and bridging:

Step 1. Verify the configuration of the VLAN.

For details on VLANs and bridging and its configuration on a MX router, refer to the technical documentation:

Below are some common configuration mistakes to check for:

  • Check that both ends of the link are configured for the same VLAN
  • Verify that the correct encapsulations types are configured on both ends
  • Make sure either a STP or L2 filter is not blocking the interface

  1. VLAN 0 and VLAN 4095 are not configurable in Junos software.
  2. MX routers do not support private VLAN’s yet.

Step 2. Make sure the physical and logical interfaces are in the UP UP condition, AND that the family is set as ‘bridge’ on the logical interface (for all the interested interfaces).

To do this, run the command ‘show interfaces terse ge-x/x/x‘ for the physical interface, and ‘show interfaces terse ge-x/x/x .yyy‘ for the logical interface.

For example:

Physical Interface output:

user@router> show interfaces terse | match ge-1/0/0     
Interface               Admin Link Proto    Local                 Remote
      ge-1/0/0                up    up

If physical interface is down, then refer to physical interface checklist, KB26486 - Troubleshooting Checklist - Ethernet Physical Interface.

Logical Interface output:

user@router> show interfaces terse ge-8/0/0.3122     
Interface               Admin Link Proto    Local                 Remote
ge-8/0/0.3122           up    up   bridge  

If logical interface is admin down, then verify the configuration and see if it is disabled. If its link status is down, verify that the physical interface is UP.

Step 3. Verify the logical interfaces associations with the VLAN & bridge-domains.

Next, check if the correct interfaces are associated with the correct VLANs and are in the correct bridge-domains. 

To do this, run the command 'show bridge domain' and 'show bridge domain <vlan> detail'.

For example:

user@router> show bridge domain 
Routing instance        Bridge domain            VLAN ID     Interfaces
default-switch          vlan_100                 100         ge-1/0/0.0
default-switch          vlan_200                 200      

user@router> show bridge domain vlan_100 detail
Routing instance: default-switch
  Bridge domain: vlan_100                       State: Active
  Bridge VLAN ID: 100 
    ge-1/0/0.0     ge-1/0/1.0     ge-1/0/3.0
  Total mac count: 2

In the above output, the vlan_100 bridge domain has three interfaces associated with it, which are all part of VLAN 100.

For more information on the above command output, refer to

Step 4. View the MAC Address Table.

After verifying the correct interface associations for the VLAN/BRIDGE_DOMAIN (in Step 3), use the 'show bridge mac-table' command to view the MAC entries for the logical interfaces (for the interested bridge domain).

For example:

user@router> show bridge mac-table    

MAC flags (S -static MAC, D -dynamic MAC,
           SE -Statistics enabled, NM -Non configured MAC)

Routing instance : default-switch
 Bridging domain : vlan_100, VLAN : 100
   MAC                 MAC      Logical
   address             flags    interface 
   00:21:59:ab:8a:95   D        ge-1/0/0.0           
   00:21:59:ab:8a:96   D        ge-1/0/1.0      

The show bridge mac-table command is used view all the entries within the MAC address table.  It generates a list of learned MAC addresses along with the corresponding VLANs and interfaces. All entries are organized based on their associated VLANs. For more information on the above command output, refer to

If for any reason the table entries in the above output are not valid or you want to flush the MAC entries during troubleshooting, use the command ‘clear bridge mac-table’:

user@router> clear bridge mac-table ?
Possible completions:
  <[Enter]>            Execute this command
  <address>            MAC address
  bridge-domain        Name of bridging domain, or 'all'
  instance             Display information for a specified instance
  interface            Clear media access control table for specified interface
  logical-system       Name of logical system, or 'all'
  vlan-id              Clear MAC address learned on a specified VLAN (0..4095)
  |                    Pipe through a command

The clear bridge mac-table command clears all entries in the table or entries based on a specific property.  Optionally, you can use the interface option to clear only those MAC table entries learned through the specified interface. For more information on the above command output, refer to

Step 5. Monitor Bridge Statistics.

Now after verifying configuration’s and correct interface and MAC associations, check if the intended traffic types are hitting the bridge by using the command ‘show bridge statistics’:

user@router> show bridge statistics 
   Local interface: ge-1/0/0.111, Index: 81
     Broadcast packets:                    31
     Broadcast bytes  :                  1984
     Multicast packets:                     0
     Multicast bytes  :                     0
     Flooded packets  :                    31
     Flooded bytes    :                  2362
     Unicast packets  :                 24093
     Unicast bytes    :               2553438
     Current MAC count:                     1 (Limit 1024)
   Local interface: ge-1/0/0.112, Index: 80
     Broadcast packets:                     0
     Broadcast bytes  :                     0
     Multicast packets:                     0
     Multicast bytes  :                     0
     Flooded packets  :                     0
     Flooded bytes    :                     0
     Unicast packets  :                     0
     Unicast bytes    :                     0
     Current MAC count:                     0 (Limit 1024

The above output shows statistics for BUM traffic as well as for flooding for each logical interface of each bridge domain and for each routing instance. For more information on the above command output, refer to

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search