nanog mailing list archives

Re: Juniper Config Commit causes Cisco Etherchannels to go into err-disable state

From: Joseph Jenkins <joe () breathe-underwater com>
Date: Thu, 5 Apr 2018 14:16:12 -0700

No there isn't, but from what I am getting responses both onlist and off
list is to just run this on the Cisco switches:

no spanning-tree etherchannel guard misconfig

and that should resolve the issue.

Thanks Everyone.

On Thu, Apr 5, 2018 at 2:10 PM, Robert Webb <rwebb () ropeguru com> wrote:

I don't see any issue with the snippet of the config you provided for the
"Firewall Port". Is there a chance that the port ge-0/0/67 is referenced
somewhere else in the Juniper config that when applying your trunk setup is
causing issues?

Just throw that out off the top of my head and not really thinking it
through.

Robert

-----Original Message-----
From: NANOG <nanog-bounces () nanog org> On Behalf Of Joseph Jenkins
Sent: Thursday, April 5, 2018 4:58 PM
To: nanog () nanog org
Subject: Juniper Config Commit causes Cisco Etherchannels to go into
err-disable state

I have cases open with both Cisco and Juniper on this, but wanted to see
if anyone else had seen an issue like this because support has no idea.

I have a Juniper QFX 5100 Core running in Virtual Chassis mode with 4
switches. I have 4 separate stacks of Cisco 3750 switches with 2x1GB
uplinks bound into 4 different LACP trunks. I have had it happen twice now
where I apply a trunk port config(not an LACP trunk) to a port that isn't a
part of any of the LACP trunks and it causes all 4 of the Etherchannels on
the Cisco stacked switches to go into an err-disable state with these
messages:

Mar 14 07:11:33: %PM-4-ERR_DISABLE: channel-misconfig (STP) error detected
on Gi1/0/48, putting Gi1/0/48 in err-disable state

Mar 14 07:11:33: %PM-4-ERR_DISABLE: channel-misconfig (STP) error detected
on Po17, putting Gi1/0/48 in err-disable state

Mar 14 07:11:33: %PM-4-ERR_DISABLE: channel-misconfig (STP) error detected
on Po17, putting Po17 in err-disable state

Mar 14 07:11:34: %LINEPROTO-5-UPDOWN: Line protocol on Interface
GigabitEthernet1/0/48, changed state to down

Mar 14 07:11:33: %PM-4-ERR_DISABLE: channel-misconfig (STP) error detected
on Gi2/0/48, putting Gi2/0/48 in err-disable state (CA-TOR-1-7-2)

Mar 14 07:11:34: %LINEPROTO-5-UPDOWN: Line protocol on Interface
GigabitEthernet2/0/48, changed state to down

Mar 14 07:11:34: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Port-channel17, changed state to down

Here is the config I am applying to the port that has caused this issue to
happen twice now:

set interfaces ge-0/0/67 description "Firewall Port"
set interfaces ge-0/0/67 unit 0 family ethernet-switching interface-mode
trunk set interfaces ge-0/0/67 unit 0 family ethernet-switching vlan
members 9-10 set interfaces ge-0/0/67 unit 0 family ethernet-switching vlan
members 29 set interfaces ge-0/0/67 unit 0 family ethernet-switching vlan
members 31-32 set interfaces ge-0/0/67 unit 0 family ethernet-switching
vlan members 43 set interfaces ge-0/0/67 unit 0 family ethernet-switching
vlan members 50-51 set interfaces ge-0/0/67 unit 0 family
ethernet-switching vlan members 56 set interfaces ge-0/0/67 unit 0 family
ethernet-switching vlan members 58 set interfaces ge-0/0/67 unit 0 family
ethernet-switching vlan members 66 set interfaces ge-0/0/67 unit 0 family
ethernet-switching vlan members 68 set interfaces ge-0/0/67 unit 0 family
ethernet-switching vlan members 90 set interfaces ge-0/0/67 unit 0 family
ethernet-switching vlan members 143 set interfaces ge-0/0/67 unit 0 family
ethernet-switching vlan members 170

The issue happens within a couple of minutes of committing the config on
the Juniper side, there are no cables plugged into port 0/0/67 so
technically there shouldn't be any BPDU's sent out since there isn't a port
change.

Juniper Support wants me to turn on trace option and then run though a
bunch of scenarios, the issue is that testing this takes down my network.

Just wanted to put it out there to see if anyone else had run into a
situation similar to this.

TIA

Joe

Current thread:

Juniper Config Commit causes Cisco Etherchannels to go into err-disable state Joseph Jenkins (Apr 05)
- RE: Juniper Config Commit causes Cisco Etherchannels to go into err-disable state Robert Webb (Apr 05)
  - Re: Juniper Config Commit causes Cisco Etherchannels to go into err-disable state Joseph Jenkins (Apr 05)
    - RE: Juniper Config Commit causes Cisco Etherchannels to go into err-disable state Naslund, Steve (Apr 05)
    - Re: Juniper Config Commit causes Cisco Etherchannels to go into err-disable state Joseph Jenkins (Apr 05)
    - Re: Juniper Config Commit causes Cisco Etherchannels to go into err-disable state Joseph Jenkins (Apr 05)
    - Re: Juniper Config Commit causes Cisco Etherchannels to go into err-disable state Mark Milhollan (Apr 06)
    - Re: Juniper Config Commit causes Cisco Etherchannels to go into err-disable state Michel de Nostredame (Apr 19)
    - RE: Juniper Config Commit causes Cisco Etherchannels to go into err-disable state Naslund, Steve (Apr 05)
    - Re: Juniper Config Commit causes Cisco Etherchannels to go into err-disable state Keenan Tims (Apr 06)
    - Re: Juniper Config Commit causes Cisco Etherchannels to go into err-disable state Marian Ďurkovič (Apr 06)
- Re: Juniper Config Commit causes Cisco Etherchannels to go into err-disable state Hunter Fuller (Apr 05)
- RE: Juniper Config Commit causes Cisco Etherchannels to go into err-disable state Naslund, Steve (Apr 05)